Michael Gillespie Demonslay335
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Spora Encryption Checker | |
| Author: @demonslay335 | |
| """ | |
| import sys | |
| import zlib | |
| import struct | |
| import os |
Demonslay335
/ btcware_config.py
Last active
January 17, 2018 17:33
Extract BTCWare ransomware config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Extract BTCWare Ransomware Config | |
| Author: @demonslay335 | |
| """ | |
| import sys | |
| import string | |
| import re | |
| import os | |
| import argparse |
Demonslay335
/ globeimposter_config.py
Last active
January 16, 2023 14:49
Extract GlobeImposter ransomware config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Extract GlobeImposter 2.0 Ransomware Config | |
| Author: @demonslay335 | |
| """ | |
| import os | |
| import sys | |
| import binascii | |
| import re | |
| import hashlib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Credit: https://twitter.com/Lee_Holmes/status/964576204425580544 | |
| param([string]$a) | |
| 0..25 | % { [PSCustomObject] @{ | |
| Offset = $_ | |
| Value = & { | |
| param($v, $o) -join ($v.ToCharArray() | % { | |
| [char](((([int][char]$_) - ([int][char]'a') + $o) % 26) + ([int][char]'a')) | |
| }) | |
| } $a $_ |
Demonslay335
/ rapid_config.py
Created
August 17, 2018 15:23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| Extract Rapid 2.0 ransomware config from encrypter or decrypter | |
| Author: @demonslay335 | |
| """ | |
| import os, sys, string, re, binascii, base64, argparse | |
| # https://stackoverflow.com/a/17197027/1301139 | |
| def strings(filename, min=4, max=10000): | |
| with open(filename, "rb") as f: # Python 2.x |
Demonslay335
/ QueryQNAPUpdate.ps1
Created
September 20, 2018 21:33
Query a QNAP for any available updates using the API (PowerShell 5)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ignore self-certs | |
| if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) | |
| { | |
| $certCallback = @" | |
| using System; | |
| using System.Net; | |
| using System.Net.Security; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class ServerCertificateValidationCallback | |
| { |
Demonslay335
/ QueryQNAPUpdate-PS2.ps1
Created
September 20, 2018 21:33
Query a QNAP for any available updates using the API (PowerShell 2)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ignore self-certs | |
| if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) | |
| { | |
| $certCallback = @" | |
| using System; | |
| using System.Net; | |
| using System.Net.Security; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class ServerCertificateValidationCallback | |
| { |
Demonslay335
/ peplink_ipsec.py
Created
October 17, 2018 17:01
Get status of IPsec VPN tunnels on Peplink Balance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests, time | |
| from urllib3.exceptions import InsecureRequestWarning | |
| from xml.etree import ElementTree | |
| # Ignore self-signed SSL | |
| requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) | |
| # Build login payload | |
| payload = { | |
| 'username': 'admin', |
Demonslay335
/ calculate_rsa.cs
Last active
December 17, 2018 18:49
Generate private RSA key from factored primes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using Org.BouncyCastle.Math; | |
| public BigInteger CalculateRSA(BigInteger p, BigInteger q, BigInteger e) | |
| { | |
| // n = p*q - for illustration | |
| BigInteger n = p.Multiply(q); | |
| // phi / r = (p-1)*(q-1) | |
| BigInteger phi = p.Subtract(BigInteger.One).Multiply(q.Subtract(BigInteger.One)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os, sys, argparse | |
| # Charset used by Jemd ransomware | |
| charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' | |
| # https://en.wikipedia.org/wiki/Linear_congruential_generator | |
| def lcg(modulus, a, c, seed): | |
| while True: | |
| seed = (a * seed + c) % modulus | |
| yield seed |
OlderNewer