Jon Borgonia theRemix

## big-waves.js
const { Router } = require('express')
const fetch = require('node-fetch')

const app = Router()

const noaaUrl = sid => `https://www.ndbc.noaa.gov/data/realtime2/${sid}.txt`

const units = 'm'

const omitComments = waveRow => !waveRow.startsWith('#')

## Box.hx
package entities;

import h2d.Scene;
import h2d.Graphics;
import h2d.Interactive;
import hxd.Event;

class Box extends Graphics{

  var int:Interactive;

## starter.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                theRemix
                / starter.md
            
            
              Last active
              April 5, 2020 21:36
            
              
                Pentest CTF starter template
              
          
    BOX_NAME

export TARGET_IP=10.10.10.xxx
Footprinting

nmap -A $TARGET_IP > full-nmap
#nmap -sV --script banner $TARGET_IP > nmap-banner
#nmap -Pn --script vuln $TARGET_IP &gt; nmap-vuln

  
## test.svg

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                theRemix
                / test.svg
            
            
              Created
              March 17, 2020 02:29
            
              
                test color
              
          
      Sorry, something went wrong. Reload?
      Sorry, we cannot display this file.
      Sorry, this file is invalid so it cannot be displayed.
      
          Viewer requires iframe.
      
    
## mango.py
#! /usr/bin/env Python3

import requests
import string

url = "http://staging-order.mango.htb/"
headers = {"Host": "staging-order.mango.htb"}
cookies = {"PHPSESSID": "cupd9o9o0sk0k2jppnsjj09fns"}
possible_chars = list(string.ascii_letters) + list(string.digits) + ["\\"+c for c in string.punctuation+string.whitespace ]
def get_password(username):

## kali-setup.md

      
              4 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                theRemix
                / kali-setup.md
            
            
              Last active
              April 6, 2020 00:21
            
              
                VirtualBox for pentesting
              
          
    Install Kali on VM

attack box

download and install VirtualBox from https://www.virtualbox.org/wiki/Downloads
download "Kali Linux 64-bit (Installer)" ISO from https://www.kali.org/downloads/

for version 2020.1a sha256sum is 26d032c1f473a8430ed6894a519b6a64b7836d63e3ea1c9e9d44a172eb9cb7e2


go to Downloads directory and verify the hash

shasum -a 256 kali-linux-2020.1a-installer-amd64.iso


you should see a matching hash


## ansi-term.sh
#!/bin/sh

# settings based off of https://github.com/jcs/ansiterm/blob/master/ansiterm.sh
# get "Px437 IBM VGA9" from http://int10h.org/oldschool-pc-fonts/

env LANG= xterm \
	-g 80x24 \
	-tn ansi \
	-fa "Px437 IBM VGA9" \
	-fs 24 \

## bcrypt-example.js
const bcrypt = require('bcrypt');
const saltRounds = 10;
const myPlaintextPassword = 'a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_';

console.log('password length', myPlaintextPassword.length)

// auto generate salt and hash
bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => {
  // Store hash in your password DB.
  console.log('bcrypt salted hash:', hash)

## input1.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                theRemix
                / input1.md
            
            
              Created
              October 24, 2019 18:57
            
              
                Ghostbusters - City input (for cnp)
              
          
    Sample Input:
                        +
    @                   |
                   +---------+                @
                  +  @  @     +             +------+
          @        +---------+         @    |     -+    @
      @             @  | |                  |     @|
+-----------+  +-----+ | |    @             |      |
|           |  |     | | |                  |   ---+


## openssl-encryption.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                theRemix
                / openssl-encryption.md
            
            
              Last active
              February 17, 2021 15:19
            
              
                Openssl Encryption
              
          
    Encryption to external

This guide will help you NEVER send secrets / keys / highly sensitive information in plaintext
This method is meant to send secrets to other moderately technical people, they just need to have some familiarity with the CLI
Send the encrypted message, and instructions, to the receiver. Then send the password to decrypt via almost any other channel, slack, sms, verbally, etc. see below for example of an email with instructions.
All internal encryption uses Keybase
	const { Router } = require('express')
	const fetch = require('node-fetch')

	const app = Router()

	const noaaUrl = sid => `https://www.ndbc.noaa.gov/data/realtime2/${sid}.txt`

	const units = 'm'

	const omitComments = waveRow => !waveRow.startsWith('#')
	package entities;

	import h2d.Scene;
	import h2d.Graphics;
	import h2d.Interactive;
	import hxd.Event;

	class Box extends Graphics{

	var int:Interactive;
	#! /usr/bin/env Python3

	import requests
	import string

	url = "http://staging-order.mango.htb/"
	headers = {"Host": "staging-order.mango.htb"}
	cookies = {"PHPSESSID": "cupd9o9o0sk0k2jppnsjj09fns"}
	possible_chars = list(string.ascii_letters) + list(string.digits) + ["\\"+c for c in string.punctuation+string.whitespace ]
	def get_password(username):
	#!/bin/sh

	# settings based off of https://github.com/jcs/ansiterm/blob/master/ansiterm.sh
	# get "Px437 IBM VGA9" from http://int10h.org/oldschool-pc-fonts/

	env LANG= xterm \
	-g 80x24 \
	-tn ansi \
	-fa "Px437 IBM VGA9" \
	-fs 24 \
	const bcrypt = require('bcrypt');
	const saltRounds = 10;
	const myPlaintextPassword = 'a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_a_really_long_passphrase_';

	console.log('password length', myPlaintextPassword.length)

	// auto generate salt and hash
	bcrypt.hash(myPlaintextPassword, saltRounds, (err, hash) => {
	// Store hash in your password DB.
	console.log('bcrypt salted hash:', hash)