2XXE (SRA) 2XXE-SRA

## init.sh
#!/bin/bash

#bashrc config
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> $HOME/.bashrc
echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> sudo tee -a /root/.bashrc
echo "export PATH=~/.local/bin:$PATH" >> $HOME/.bashrc
echo "export PATH=~/.local/bin:$PATH" >> /root/.bashrc

#apt general
sudo apt-get update -y

## kali-docker.sh
#!/bin/bash

apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list
apt update
apt-get install -y docker-ce docker-ce-cli containerd.io

## burp_encode.json
{
    "user_options":{
        "misc":{
            "hotkeys":[
                {
                    "action":"editor_url_decode",
                    "hotkey":"Ctrl+Shift+U"
                },
                {
                    "action":"editor_url_encode_all_characters",

## bucket-region.py
import boto3
from botocore import UNSIGNED
from botocore.client import Config

s3 = boto3.client('s3', config=Config(signature_version=UNSIGNED))
s3.head_bucket(Bucket="bucketname")
print(s3.head_bucket(Bucket="flaws.cloud")["ResponseMetadata"]["HTTPHeaders"]["x-amz-bucket-region"]) # output: us-west-2

## sddl.py
"""A module for translating and manipulating SDDL strings.


  SDDL strings are used by Microsoft to describe ACLs as described in
  http://msdn.microsoft.com/en-us/library/aa379567.aspx.

  Example: D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)
  """

__author__ = 'tojo2000@tojo2000.com (Tim Johnson)'

## README.md

      
              3 files
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                2XXE-SRA
                / README.md
            
            
              Last active
              May 20, 2020 21:02
            
              
                Convert Evtx to JSON for Mordor
              
          
    Convert .evtx file to Mordor

Setup

Download Winlogbeat and place in same directory as script or in $PATH
Usage

PS&gt;


## row.py
from pyspark.sql import Row

# mydict is something like {"abc":"def", "ghi":"jkl"}
computer = Row(*mydict.keys())
rows = [computer(*mydict.values())]
display(spark.createDataFrame(row))

## 2.exe
.

## coolcryptor.ps1
function Invoke-AESEncryptDirectory
{
    param(
        [string]$directory,
        [string]$extension
    )

    $csharp = @"
    //https://stackoverflow.com/questions/27645527/aes-encryption-on-large-files
    using System;

## spn.ps1
# adapted from https://stackoverflow.com/a/6291111
#
# TargetObject = account with SPN
#   $TargeObject = "LDAP://CN=foo,CN=Users,DC=contoso,DC=local"
# Identity = identity to be put in ACE
#   $Identity = [security.principal.ntaccount]"contoso\user"
#   $Identity = [security.principal.securityidentified]"S-1-1-0"
# Deny = deny or allow access
Function Set-SpnPermission {
    param(
	#!/bin/bash

	#bashrc config
	echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> $HOME/.bashrc
	echo "PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\][\u⛾ \h]\[\033[00m\] \[\033[01;33m\][\w]\[\033[00m\]\n└─ '" >> sudo tee -a /root/.bashrc
	echo "export PATH=~/.local/bin:$PATH" >> $HOME/.bashrc
	echo "export PATH=~/.local/bin:$PATH" >> /root/.bashrc

	#apt general
	sudo apt-get update -y
	#!/bin/bash

	apt-get install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common
	curl -fsSL https://download.docker.com/linux/debian/gpg \| sudo apt-key add -
	echo "deb [arch=amd64] https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list
	apt update
	apt-get install -y docker-ce docker-ce-cli containerd.io
	{
	"user_options":{
	"misc":{
	"hotkeys":[
	{
	"action":"editor_url_decode",
	"hotkey":"Ctrl+Shift+U"
	},
	{
	"action":"editor_url_encode_all_characters",
	import boto3
	from botocore import UNSIGNED
	from botocore.client import Config

	s3 = boto3.client('s3', config=Config(signature_version=UNSIGNED))
	s3.head_bucket(Bucket="bucketname")
	print(s3.head_bucket(Bucket="flaws.cloud")["ResponseMetadata"]["HTTPHeaders"]["x-amz-bucket-region"]) # output: us-west-2
	"""A module for translating and manipulating SDDL strings.


	SDDL strings are used by Microsoft to describe ACLs as described in
	http://msdn.microsoft.com/en-us/library/aa379567.aspx.

	Example: D:(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPLOCRRC;;;PU)
	"""

	__author__ = 'tojo2000@tojo2000.com (Tim Johnson)'
	from pyspark.sql import Row

	# mydict is something like {"abc":"def", "ghi":"jkl"}
	computer = Row(*mydict.keys())
	rows = [computer(*mydict.values())]
	display(spark.createDataFrame(row))
	function Invoke-AESEncryptDirectory
	{
	param(
	[string]$directory,
	[string]$extension
	)

	$csharp = @"
	//https://stackoverflow.com/questions/27645527/aes-encryption-on-large-files
	using System;
	# adapted from https://stackoverflow.com/a/6291111
	#
	# TargetObject = account with SPN
	# $TargeObject = "LDAP://CN=foo,CN=Users,DC=contoso,DC=local"
	# Identity = identity to be put in ACE
	# $Identity = [security.principal.ntaccount]"contoso\user"
	# $Identity = [security.principal.securityidentified]"S-1-1-0"
	# Deny = deny or allow access
	Function Set-SpnPermission {
	param(