scrapped from @x0rz,@etlow,@Dinosn,@hackerfantastic,@highmeh,@cyb3rops and others
- A quick analysis of the latest Shadow Brokers dump https://labs.nettitude.com/blog/a-quick-analysis-of-the-latest-shadow-brokers-dump/
- Timestamps
Giuseppe Bonfa Evilcry
Evilcry
/ scada_password_recovery_list.csv
Last active
March 21, 2024 14:59
SCADA Password Recovery List
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 1 column, instead of 8 in line 7.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Yokogawa;CENTUM CS 3000 DCS;CENTUM:CENTUM | |
| Yokogawa;EJX910A Multivariable Transmitter HART Communication Type;YOKOGAWA. (to release the Write Protect mode) | |
| Yokogawa;WT 3000 Driver;anonymous:blank (Ethernet access) | |
| Yokogawa;DX1000/DX1000N/DX2000 Advanced;Administrator 1:Admin1 etc./ User 1:User01 etc. | |
| Yokogawa;YFGW410 gateway;admin:!admin | |
| Wonderware;System Platform/Archestra;administrator:blank | |
| Wonderware;Intouch;Administrator:Wonderware | |
| Wonderware;Historian;SQL Server Login: aadbo:pwddbo, wwdbo:pwddbo, aaAdmin:pwAdmin, wwAdmin:wwAdmin, aaPower:pwPower, wwPower:wwPower, aaUser:pwUser, wwUser:wwUser | |
| Westermo;TDW 33;no password, just return, Hardcoded password: n3Y9kA6otYZu8, (?? TD-36) | |
| Westermo;MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455;admin:westermo |
Evilcry
/ resources.md
Created
May 20, 2017 16:35
— forked from iam1980/resources.md
Shadow Brokers EQGRP Lost in Translation resources
Evilcry
/ get-elevated-com.ps1
Last active
December 16, 2019 04:08
Eumerate COM objects with elevation ON
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $path = "REGISTRY::HKEY_CLASSES_ROOT\CLSID\" | |
| Get-ChildItem -Path $path -Recurse | foreach { | |
| $CurrentKey = Get-ItemProperty -Path $_.PsPath | |
| if ($CurrentKey.PSChildName -match "Elevation") { | |
| $details = Get-ItemProperty -Path $CurrentKey.PSParentPath | |
| Out-File -FilePath ".\elevation.txt" -InputObject $details -Append | |
| } | |
| } |
Evilcry
/ getsensorstemp.cmd
Last active
April 30, 2018 11:34
Get temperature for all motherboard sensors
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wmic /namespace:\\root\cimv2 PATH Win32_PerfFormattedData_Counters_ThermalZoneInformation get Temperature |
Hash List
:~/collected$ sha256sum *
efa4fe06e4949c0f7aedea61a79da92e379ea66b169cd1d99c47b9e93e814093 arm
1ff787d52bc9ec27d75b1a427c3e5dd16d6d5f082a79227c14edf8e908ab2 arm7
bab7e9f42df88902acb00fbdf3b4b5d8ffec2a1a7ad32eb5f2fb1dbf38f3167d mips
a79964ce5cf4b92f996bbc24230e102b94ef05fb072c0afdeabc88d28695cace mipsel
Arch List
Evilcry
/ mac-vendor.txt
Created
May 20, 2018 08:37
— forked from aallan/mac-vendor.txt
List of MAC addresses with vendors identities
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 000000 Officially Xerox | |
| 000001 SuperLAN-2U | |
| 000002 BBN (was internal usage only, no longer used) | |
| 000003 XEROX CORPORATION | |
| 000004 XEROX CORPORATION | |
| 000005 XEROX CORPORATION | |
| 000006 XEROX CORPORATION | |
| 000007 XEROX CORPORATION | |
| 000008 XEROX CORPORATION | |
| 000009 powerpipes? |
Evilcry
/ keybase.md
Created
May 24, 2018 17:06
I hereby claim:
- I am evilcry on github.
- I am evilcry (https://keybase.io/evilcry) on keybase.
- I have a public key whose fingerprint is AFDF D6C3 500E BB73 4035 F0AF 1732 42AE 255D E336
To claim this, I am signing this object:
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Ref. https://gist.github.com/mmcloughlin/17e3ca302785f0e525655191d3f9211d | |
| package main | |
| import ( | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "net/http" | |
| "golang.org/x/net/proxy" |
Evilcry
/ findautoelevate.ps1
Created
July 8, 2018 07:40
Enumerate executables with auto-elevation enabled
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Find Autoelevate executables | |
| Write-Host "System32 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black | |
| Select-String -Path C:\Windows\System32\*.exe -pattern "<AutoElevate>true" | |
| Write-Host "`nSysWOW64 Autoelevate Executables" -ForegroundColor Green -BackgroundColor Black | |
| Select-String -Path C:\Windows\SysWOW64\*.exe -pattern "<AutoElevate>true" |
Evilcry
/ lpe_svcs.ps1
Created
August 11, 2018 13:05
discover Unquoted Service Paths that can be abused to escalate privileges
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -RunAsAdministrator | |
| $services = Get-WmiObject win32_service | select Name, PathName | |
| Foreach ( $entry in $services ) { | |
| if ( $entry.PathName -match "Program" ) { | |
| if ( $entry.PathName -notmatch "\`"*\`"" -and $entry.PathName -match " ") { | |
| Write-Host "Potentially Vulnerable Service: $($entry.Name) with Path: $($entry.PathName)" -BackgroundColor DarkGreen | |
| } | |
| } |
OlderNewer