Skip to content

Instantly share code, notes, and snippets.

@hackers-terabit
hackers-terabit / rdpbruter.cs
Created May 2, 2021 02:18
part of .net malware posted in ##hackers , decompiled with dnspy
using System;
using System.Collections;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Reflection.Emit;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
undefined4 main(int param_1,int param_2)
{
size_t local_aac0;
char *_Source;
int local_cb5c;
undefined4 uVar1;
function force-mkdir($path) {
if (!(Test-Path $path)) {
New-Item -ItemType Directory -Force -Path $path
}
}
# copied from https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Get-Keystrokes.ps1
Function Get-ProcAddress
{
Param
@hackers-terabit
hackers-terabit / imahelper.sh
Last active May 31, 2017 06:09
Help measure/appraise(sign) system for immutability
#!/bin/bash
whitelist="./whitelist"
verbose=1
#generate unencrypted openssl pub/private rsa keypair
echo "generating signing key"
openssl genrsa -out /etc/rsa_private.pem 4096
openssl rsa -pubout -in /etc/rsa_private.pem -out /etc/rsa_public.pem
#import public signing key
ima_id=`keyctl newring _ima @u`
import sys,socket, ssl
import time,os,getopt
from threading import Thread,Event
from Queue import Queue
class SimpleClient:
def __init__(self):
self.server="chat.freenode.net" #default server
self.port=6697 #default port
# cat rootshell.c
#include <stdio.h>
int main(int argc,char **argv){
unsigned char rootshell[]= "\x31\xd2\xb2\x0a\xb9\x6f\x75\x21\x0a\x51\xb9
\x63\x6b"
"\x20\x79\x51\x66\xb9\x66\x75\x66\x51\x31\xc9\x89\xe1"
"\x31\xdb\xb3\x01\x31\xc0\xb0\x04\xcd\x80\x31\xc0\x31"
"\xdb\x40\xcd\x80";
printf(rootshell);
[![Google chrome](https://i.imgur.com/sjJJGDu.png)](data:text/html;;base64,PGh0bWw+PGJvZHk+PHNjcmlwdD4gYWxlcnQoInlvdSBnb3QgcHduZWQhISIpOzwvc2NyaXB0PjwvYm9keT48L2h0bWw+Cg==)
@hackers-terabit
hackers-terabit / lynis.sh
Created October 23, 2016 16:40
Lynis - Download verify and audit system
#!/bin/bash
LYNIS_DOWNLOAD="https://cisofy.com/files/lynis-2.3.4.tar.gz"
LYNIS_DOWNLOAD_SIG="https://cisofy.com/files/lynis-2.3.4.tar.gz.asc"
function die {
if [ "$1" -ge 1 ]
then
echo "$2"
exit "$1"
fi
}