7h3rAm’s gists

7h3rAm / dga_ramnit.py

Last active August 29, 2015 14:21

DGA of Ramnit - http://johannesbader.ch/2014/12/the-dga-of-ramnit/

	import argparse

	class RandInt:

	def __init__(self, seed):
	self.seed = seed

	def rand_int_modulus(self, modulus):
	ix = self.seed
	ix = 16807(ix % 127773) - 2836(ix / 127773) & 0xFFFFFFFF

7h3rAm / dga_shiotob.py

Last active August 29, 2015 14:21 — forked from baderj/gist:a407613245f1c74022e8

DGA of Shiotob - http://johannesbader.ch/2015/01/the-dga-of-shiotob/

	import argparse
	"""
	Shiotob DGA

	Generates domains for the Shiotob malware

	- top level domains alternate between '.net' and '.com'
	- domains are between 14 and 19 characters long
	- domains consist of all letters and digits 123945

7h3rAm / dga_banjori.py

Created May 19, 2015 09:32

DGA of Banjori - http://johannesbader.ch/2015/02/the-dga-of-banjori/

	def map_to_lowercase_letter(s):
	return ord('a') + ((s - ord('a')) % 26)

	def next_domain(domain):
	dl = [ord(x) for x in list(domain)]
	dl[0] = map_to_lowercase_letter(dl[0] + dl[3])
	dl[1] = map_to_lowercase_letter(dl[0] + 2*dl[1])
	dl[2] = map_to_lowercase_letter(dl[0] + dl[2] - 1)
	dl[3] = map_to_lowercase_letter(dl[1] + dl[2] + dl[3])
	return ''.join([chr(x) for x in dl])

7h3rAm / dga_tinba.py

Created May 20, 2015 04:18

DGA of Tinba - http://garage4hackers.com/entry.php?b=3086

	'''
	Filename : TinBaDGA.py
	Developer : Garage4Hackers
	Greets : b0nd, FB1H2S, "vinnu", l0rdDeathStorm, nightrover and all g4h team

	'''

	import os, time

	utility = "TinBaDGA"

7h3rAm / dga_necurs.py

Created May 20, 2015 04:29

DGA of Necurs - http://johannesbader.ch/2015/02/the-dgas-of-necurs/

	import argparse
	from datetime import datetime

	def generate_necurs_domain(sequence_nr, magic_nr, date):
	def pseudo_random(value):
	loops = (value & 0x7F) + 21
	for index in range(loops):
	value += ((value7) ^ (value << 15)) + 8index - (value >> 5)
	value &= ((1 << 64) - 1)

7h3rAm / dga_dircrypt.py

Created May 20, 2015 10:19

DGA of DircCypt - http://johannesbader.ch/2015/03/the-dga-of-dircrypt/

	import argparse

	class RandInt:

	def __init__(self, seed):
	self.seed = seed

	def rand_int_modulus(self, modulus):
	ix = self.seed
	ix = 16807(ix % 127773) - 2836(ix / 127773) & 0xFFFFFFFF

7h3rAm / dga_pykspa.py

Created May 20, 2015 10:22

DGA of Pykspa - http://johannesbader.ch/2015/03/the-dga-of-pykspa/

	import json
	import argparse
	from datetime import datetime
	import time


	def get_sld(length, seed):
	sld = ""
	modulo = 541 * length + 4
	a = length * length

7h3rAm / bash.generate.random.alphanumeric.string.sh

Last active August 29, 2015 14:22 — forked from earthgecko/bash.generate.random.alphanumeric.string.sh

	#!/bin/bash
	# bash generate random alphanumeric string
	#

	# bash generate random 32 character alphanumeric string (upper and lowercase) and
	NEW_UUID=$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)

	# bash generate random 32 character alphanumeric string (lowercase only)
	cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1

7h3rAm / minips

Created August 27, 2015 05:15

	#!/usr/bin/env python

	import sys
	import re
	import datetime, time
	import argparse
	import nids

	end_states = (nids.NIDS_CLOSE, nids.NIDS_TIMEOUT, nids.NIDS_RESET)

7h3rAm / xor.py

Created August 27, 2015 05:19

	#!/usr//bin/env python

	import sys

	if len(sys.argv) != 3:
	print "USAGE: %s <KFFSE_XHKYOKXOHOFEDM^E_Y> <0x2a>" % (sys.argv[0])
	sys.exit(1)

	flag = sys.argv[1]
	key = int(sys.argv[2], 16)

Ankur Tyagi 7h3rAm