earthgecko

#!/bin/bash
# bash generate random alphanumeric string
#

# bash generate random 32 character alphanumeric string (upper and lowercase) and 
NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

# bash generate random 32 character alphanumeric string (lowercase only)
cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1

mattifestation

function Invoke-UACBypass {
<#
.SYNOPSIS

Bypasses UAC on Windows 10 by abusing the SilentCleanup task to win a race condition, allowing for a DLL hijack without a privileged file copy.

Author: Matthew Graeber (@mattifestation), Matt Nelson (@enigma0x3)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None

rain-1

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

• Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
• Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
• Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
• Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
• Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

pklaus

#!/usr/bin/env python
"""
LICENSE http://www.apache.org/licenses/LICENSE-2.0
"""

import argparse
import datetime
import sys
import time
import threading

wookiecooking

intitle:index.of .bash_history
intitle:index.of .sh_history
intitle:”Index of” index.html.bak
intitle:”Index of” index.php.bak
intitle:”Index of” index.jsp.bak
intitle:”Index of” “.htpasswd” htpasswd.bak
inurl:backup intitle:index.of inurl:admin
“Index of /backup”
intitle:”Index of” index.html~
intitle:”Index of” index.php~

endolith

from __future__ import division
from numpy.fft import rfft
from numpy import argmax, mean, diff, log, nonzero
from scipy.signal import blackmanharris, correlate
from time import time
import sys
try:
    import soundfile as sf
except ImportError:
    from scikits.audiolab import flacread

hasherezade

#include <stdio.h>
#include <Windows.h>

// based on: https://www.evilsocket.net/2014/02/11/on-windows-syscall-mechanism-and-syscall-numbers-extraction-methods/
// author: @evilsocket
// modified by: @hasherezade

#define IS_ADDRESS_BETWEEN( left, right, address ) ( (address) >= (left) && (address) < (right) )
PIMAGE_SECTION_HEADER SectionByRVA( PIMAGE_SECTION_HEADER pSections, DWORD dwSections, DWORD rva )
{

rmmh

[0-9a-zA-Z]{2}

30-39,41-5a,61-7a

a:61 z:7a A:41 Z:5a 0:30 9:39

MSP430 alphanumeric shellcode is hard. There's no way to write to memory, 
no word-sized reg-reg operations, and all we have is add/sub/mov and a few conditional jumps.

shuffle2

'''
Input MD5   : BB4E83D7A77AADD7F62728314EF09461
File Name   : C:\Program Files (x86)\Powersaves For AMIIBO\Powersaves For AMIIBO.exe

0x108fd0 : schannel_recv                    -> log buffer on end
0x1090d0 : schannel_recv end
0x108d10 : schannel_send                    -> log buffer on start

0xce61 : deals with https "Token"
0xceab : deals with https "Vuid"

zypeh

# !/usr/python 

# The FIN scan utilizes the FIN flag inside the TCP packet, 
# along with the port number to connect to on the server. 
# If there is no response from the server, then the port is open.

import logging
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
from scapy.all import *