Search the Community

How to use Greenline.exe <path> [--config-only] Greenline will by default unpack Redline Stealers string obfuscation, if you only want the config use the --config-only argument after the path to your binary. Features String deobfuscation Greenline will unpack string obfuscation like this back to a readable form like this. Config extraction Greenline also automatically extracts the config of RedLine Stealer Release v1.1 fixed Latest Fixing Replace call patcher not checking pattern value for null [Hidden Content]

Deobfuscate Log4Shell payloads with ease. Since the release of the Log4Shell vulnerability (CVE-2021-44228), many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shell payloads. [hide][Hidden Content]]

[Hidden Content] [Hidden Content]

LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly. The reverse shell payloads that LAZYPARIAH supports include (but are not limited to): C binary payloads (compiled on the fly): c_binary Ruby payloads: ruby, ruby_b64, ruby_hex, ruby_c Powershell payloads: powershell_c, powershell_b64 Base64-encoded Python payloads: python_b64 Rust binary payloads (compiled on the fly): rust_binary PHP scripts containing base64-encoded Python payloads called via the system() function: php_system_python_b64 Java classes (compiled on the fly): java_class Perl payloads: perl, perl_b64, perl_hex, perl_c Simple PHP payloads (targeting specific file descriptors): php_fd, php_fd_c, php_fd_tags Dependencies Ruby >= 2.7.1 (LAZYPARIAH has not been tested on previous versions of Ruby) OpenJDK (Optional: Only required for java_class payloads.) GCC (Optional: Only required for c_binary payloads.) Rust (Optional: Only required for rust_binary payloads.) [hide][Hidden Content]]

Use Case You have a web application that runs a jpeg image through PHP's GD graphics library. Description This script injects PHP code into a specified jpeg image. The web application will execute the payload if it interprets the image. Make sure your input jpeg is uncompressed! The new infected jpeg is run through PHP's gd-library. PHP interprets the payload injected in the jpeg and executes it. [hide][Hidden Content]]

[hide][Hidden Content]]

xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory Changelog v0.3 ETW and Script Block Logging bypass added to all payloads. The bypasses can be disabled with –disable-etw and –disable-script-logging. [hide][Hidden Content]]

xeca xeca is a project that creates encrypted PowerShell payloads for offensive purposes. Creating position independent shellcode from DLL files is also possible. How It Works Identify and encrypt the payload. Load encrypted payload into a powershell script and save to a file named “launch.txt” The key to decrypt the payload is saved to a file named “safe.txt” Execute “launch.txt” on a remote host The script will call back to the attacker defined web server to retrieve the decryption key “safe.txt” Decrypt the payload in memory Execute the intended payload in memory [hide][Hidden Content]]

Generating fully undetectable meterpreter custom payloads using msfvenom and custom loader template. It bypasses the latest Windows Defender running on Windows 10 Pro 1903 ( Build 18363.693 ) with all updates available till 16th of March, 2020. Features There are 2 modules in this tool: Undetectable Reverse Shell Doesn't requires Admin Priviledges to run Bypassess all antiviruses including Windows Defender Just an undetectable meterpreter reverse_shell Migrates automatically to explorer.exe just after running Limitations : Triggers Windows Defender if 'getsystem' is executed using meterpreter, however the meterpreter session is not lost and the payload exe file is not detected Persistent Advanced Reverse Shell Requires Admin Priviledges to run Bypassess all antiviruses including Windows Defender Disables Windows Defender permanently using registry ( Can't be turned on without changing registry ) Adds all the disk and drives to Defender exclusion list Runs the meterpreter shell as SYSTEM and add it to startup Can execute your custom commands before launching payload ( see main.py ) All features and limitataion of the 1st module [hide][Hidden Content]]

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques. I pull requests 🙂 Every section contains the following files, you can use the _template_vuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intruder - a set of files to give to Burp Intruder Images - pictures for the README.md Files - some files referenced in the README.md You might also like the Methodology and Resources folder : Methodology and Resources Active Directory Attack.md Cloud - AWS Pentest.md Cloud - Azure Pentest.md Cobalt Strike - Cheatsheet.md Linux - Persistence.md Linux - Privilege Escalation.md Metasploit - Cheatsheet.md Methodology and enumeration.md Network Pivoting Techniques.md Network Discovery.md Reverse Shell Cheatsheet.md Subdomains Enumeration.md Windows - Download and Execute.md Windows - Mimikatz.md Windows - Persistence.md Windows - Post Exploitation Koadic.md Windows - Privilege Escalation.md Windows - Using credentials.md CVE Exploits [HIDE][Hidden Content]]

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads. XSS Fuzzer is a generic tool that can be useful for multiple purposes, including: Finding new XSS vectors, for any browser Testing XSS payloads on GET and POST parameters Bypassing XSS Auditors in the browser Bypassing web application firewalls Exploiting HTML whitelist features [HIDE][Hidden Content]]

Insanity-Framework THIS PROJECT ARE CLOSED NOW - FEEL FREE TO CONTINUE IT Copyright 2017 Insanity Framework (IF) 2.0 END Written by: * Alisson Moretto - 4w4k3 Special Thanks to Thomas Perkins - Ekultek Insanity Payload consists of encrypting your code and decrypting it in memory, thus avoiding a possible av signature, also has the ability to wait long enough to bypass a running sandbox. **NOTE: Insanity payloads may experience a 1 minute delay while connecting, this is necessary in order to bypass most avs and sandboxes. ** Twitter: @4w4k3Official DISCLAIMER: "DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." Taken from LICENSE. INSTALLATION OF DEPENDENT LIBRARIES cd Insanity-Framework chmod +x install.sh ./install.sh That's it Features Bypass most AV and Sandboxes. Remote Control. Payload Generation. Some Phishing methods are included on payloads generated. Detect Virtual Machines. Multiple Session disabled. Persistence and others features can be enabled. Bypass UAC. Memory Injection. Needed dependencies apt wine wget Linux sudo access python2.7 python 2.7 on Wine Machine pywin32 on Wine Machine VCForPython27 on Wine Machine Tested on: Kali Linux - SANA Kali Linux - ROLLING Ubuntu 14.04-16.04 LTS Debian 8.5 Linux Mint 18.1 Black Arch Linux Cloning: git clone [Hidden Content] Running: sudo python insanity.py If you have another version of Python: sudo python2.7 insanity.py Screenshot: More in Screens Contribute: Send me more features if you want it 😄 I need your help for Insanity to become better! Things needed to be improved and future updates: File Transfer (FTP) Webcam Snaps and Streaming Keylogging Print Screens Download: [HIDE][Hidden Content]]

. hhh hhhhhhh hhhhhhhh hhhhhhhh+ hhhhhhhh' hhhhhhhh. hhhhhhhhh ..-- hhhhhhhhh -sh/.. +. hhhhhhhhh: /+/:-/+ss-` hhhhhhhhhh: /MMM`ss:``.` hhhhhhhhhh: .MMMMM: hhhhhhhhhhhhhhhhh: MMMMMMM: hhhhhhhhhhhhhhhh: MMMMMMMMMMMMM: hhhhhhhhhhhhhhhh` :NNm:odh/oMMMNs. hhhhhhhhhhhhhhhh` ./:`smdo+oos++- `++sNMMMMMNmh+ .-y-` ` :. / -dmddhhhhh- o/- `//o/ /M/ `+hhhhhhhh` /o :yosmy +y .`.hhhhhhhho +` /../.: `.y::hhhhhs:` ` `+yys` .sy` /oohhy: `/:s/-`` `.hh` ..` ` y+ .hNNmmNdymmmmds` :- hs. ``.. :y- ` -hhmNmddm+ . `NMMMMMMm ` `oMMy `. /Md- :o MMMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMMM: MMMMMMMMMMMMMMMMM MMMMMMMMMMMMMMM. `MMMMMMMMMMMMM. :sNMMMNMdo: ``+m:/- ` GodOfWar - Malicious Java WAR builder. A command-line tool to generate war payloads for penetration testing / red teaming purposes, written in ruby. Features Preexisting payloads. (try -l/--list) cmd_get filebrowser bind_shell reverse_shell reverse_shell_ui Configurable backdoor. (try --host/-port) Control over payload name. To avoid malicious name after deployment to bypass URL name signatures. [HIDE][Hidden Content]]