Adam Swanda deadbits
🪴
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is a preview of an ArcReactor interactive console session. I used the 'launch' utility to start an interactive | |
| # session, configured some settings to setup some manual collections, launch some modules and then later on i check on the | |
| # status of those tasks. | |
| # Any thoughts or comments? Remember this is just a quick preview of a small aspect. | |
| adam [/opt/arcreactor] » ./launch --interactive --debug | |
| [*] core - checking for background sessions | |
| [~] core - initializing new session | |
| [~] core - loading configuration files |
deadbits
/ dropper_strings.txt
Created
November 23, 2012 04:27
malware strings with (most) junk removed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET *(&*^TGH*JIHG^&*(&^%*(*)OK)(*&^%$EDRGF%&^.htmlGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^*%%RTG*(&^%FTGYHJIJ%^&*()*&*^&%RDFG(JKJH.aspGET ^&&%$%$^%$#^&**(*((&*^%$##$%^&*(*& |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # part of the MinusOne project. | |
| # methods from minus/lib/environment.rb | |
| # traverse a given directory tree to determine | |
| # if a path is a file or a directory. | |
| # if the file extension of any file matches the | |
| # specified language, add that file to the scan queue. | |
| def determine_extension | |
| puts "[~] determining file extension..." | |
| case $options[:language].downcase |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os,sys | |
| import socket | |
| import time | |
| HOST = '' | |
| PORT = 4444 | |
| activePID = [] | |
| conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| conn.bind((HOST, PORT)) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import marshal | |
| script = """ | |
| print 'hello' | |
| """ | |
| code = compile(script, "<script>", "exec") | |
| data = marshal.dumps(code) |
deadbits
/ gist:2069269
Created
March 18, 2012 05:58
— forked from codian/gist:2069206
current git branch name on prompt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export PS1="\[\033[34m\]\w\[\033[35m\]\`ruby -e \"print (%x{git branch 2> /dev/null}.split(/\n/).grep(/^\*/).first || '').gsub(/^\* (.+)$/, '(\1)')\"\`\[\033[00m\]> " |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| from scapy.all import * | |
| localIP = [x[4] for x in scapy.all.conf.route.routes if x[2] != '0.0.0.0'][0] | |
| splitIP = localIP.split('.') | |
| splitIP[3:] = (['0/24']) | |
| IPRange = ".".join(splitIP) | |
| print IPRange |
NewerOlder