boredhackerblog BoredHackerBlog

## proxy.py
#Python 3
#Args: LISTEN_PORT CONNECT_HOST CONNECT_PORT
#Example: python3 proxy.py 8000 192.168.1.100 9000
import socket
import binascii
import sys
import signal
from threading import Thread

#https://stackoverflow.com/a/1112350

## phishtank_opendir.go
//get phishtank json, find links verified in the past 8 hours, remove last part of the uri, check if open dir
//first golang project
package main

import (
	"crypto/tls"
	"encoding/json"
	"flag"
	"fmt"
	"io/ioutil"

## get_site_title.go
package main

import (
	"fmt"
	"io"
	"net/http"

	"golang.org/x/net/html"
)

## cape_install_notes
#source: https://medium.com/@soji256/build-a-cape-sandbox-to-analyze-emotet-3d507599dda6
#   https://medium.com/@soji256/build-a-malconfscan-with-cuckoo-environment-to-analyze-emotet-ff0c4c589afe

#download IE VM from https://gist.github.com/zmwangx/e728c56f428bc703c6f6#gistcomment-3196040
#   https://drive.google.com/a/pondurance.com/uc?export=download&id=0B76gNAvlBE7eSXp3ZDBSSWdUUjA

#for ubuntu 18.04 desktop
#   username must be research
sudo apt update
sudo apt upgrade -y

## inotify_copy_on_close_write.sh
# This is for monitoring a folder (recursive) and copying files that were saved into a new folder
# apt install inotify-tools
# https://linux.die.net/man/1/inotifywait includes events
# command below does copy after close_write event
inotifywait -q -m -r -e close_write --format '%w%f' myfiles/ | while read afile; do cp --parents -r $afile /tmp/; done

## FileSystemWatcher_copy_on_change.ps1
#copied from https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b

$folder = 'C:\Users\IEUser\Desktop\testfolder'
$filter = '*.*'
$savefolder = 'C:\temp\'

$fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property @{IncludeSubdirectories = $true;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
    $filepath = $Event.SourceEventArgs.FullPath

## Vagrantfile
#copied some things from https://github.com/jckhmr/adlab
Vagrant.configure("2") do |config|
  config.vm.guest = :windows
  config.vm.communicator = "winrm"
  config.vm.boot_timeout = 600
  config.vm.graceful_halt_timeout = 600
  config.winrm.retry_limit = 10
  config.winrm.retry_delay = 20

  config.vm.provider "virtualbox" do |v|

## dockerfirefox.sh
while true; do
docker stop firefox;
docker rm firefox;
docker run -d --name=firefox -p 5800:5800 -v /dev/shm:/dev/shm --privileged -e KEEP_APP_RUNNING=1 -e VNC_PASSWORD=passwd -e DISPLAY_WIDTH=1900 -e DISPLAY_HEIGHT=900 jlesage/firefox;
sleep 300;
done

## dfdiff.py
#source: https://kanoki.org/2019/07/04/pandas-difference-between-two-dataframes/

import pandas as pd
import sys

def compare(csv1, csv2):
    #might need to modify this to drop certain columns or read csv a certain way
    dfcsv1 = pd.read_csv(csv1)
    dfcsv2 = pd.read_csv(csv2)

## docker-compose.yml
version: '2'
services:
  elasticsearch:
    image: 'elasticsearch:7.11.1'
    environment:
      - http.host=0.0.0.0
      - discovery.type=single-node
      - script.allowed_types=inline
      - thread_pool.search.queue_size=100000
      - thread_pool.write.queue_size=10000
	#Python 3
	#Args: LISTEN_PORT CONNECT_HOST CONNECT_PORT
	#Example: python3 proxy.py 8000 192.168.1.100 9000
	import socket
	import binascii
	import sys
	import signal
	from threading import Thread

	#https://stackoverflow.com/a/1112350
	//get phishtank json, find links verified in the past 8 hours, remove last part of the uri, check if open dir
	//first golang project
	package main

	import (
	"crypto/tls"
	"encoding/json"
	"flag"
	"fmt"
	"io/ioutil"
	#source: https://medium.com/@soji256/build-a-cape-sandbox-to-analyze-emotet-3d507599dda6
	# https://medium.com/@soji256/build-a-malconfscan-with-cuckoo-environment-to-analyze-emotet-ff0c4c589afe

	#download IE VM from https://gist.github.com/zmwangx/e728c56f428bc703c6f6#gistcomment-3196040
	# https://drive.google.com/a/pondurance.com/uc?export=download&id=0B76gNAvlBE7eSXp3ZDBSSWdUUjA

	#for ubuntu 18.04 desktop
	# username must be research
	sudo apt update
	sudo apt upgrade -y
	# This is for monitoring a folder (recursive) and copying files that were saved into a new folder
	# apt install inotify-tools
	# https://linux.die.net/man/1/inotifywait includes events
	# command below does copy after close_write event
	inotifywait -q -m -r -e close_write --format '%w%f' myfiles/ \| while read afile; do cp --parents -r $afile /tmp/; done
	#copied from https://gallery.technet.microsoft.com/scriptcenter/Powershell-FileSystemWatche-dfd7084b

	$folder = 'C:\Users\IEUser\Desktop\testfolder'
	$filter = '.'
	$savefolder = 'C:\temp\'

	$fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property @{IncludeSubdirectories = $true;NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'}

	Register-ObjectEvent $fsw Changed -SourceIdentifier FileChanged -Action {
	$filepath = $Event.SourceEventArgs.FullPath
	#copied some things from https://github.com/jckhmr/adlab
	Vagrant.configure("2") do \|config\|
	config.vm.guest = :windows
	config.vm.communicator = "winrm"
	config.vm.boot_timeout = 600
	config.vm.graceful_halt_timeout = 600
	config.winrm.retry_limit = 10
	config.winrm.retry_delay = 20

	config.vm.provider "virtualbox" do \|v\|
	while true; do
	docker stop firefox;
	docker rm firefox;
	docker run -d --name=firefox -p 5800:5800 -v /dev/shm:/dev/shm --privileged -e KEEP_APP_RUNNING=1 -e VNC_PASSWORD=passwd -e DISPLAY_WIDTH=1900 -e DISPLAY_HEIGHT=900 jlesage/firefox;
	sleep 300;
	done
	#source: https://kanoki.org/2019/07/04/pandas-difference-between-two-dataframes/

	import pandas as pd
	import sys

	def compare(csv1, csv2):
	#might need to modify this to drop certain columns or read csv a certain way
	dfcsv1 = pd.read_csv(csv1)
	dfcsv2 = pd.read_csv(csv2)
	version: '2'
	services:
	elasticsearch:
	image: 'elasticsearch:7.11.1'
	environment:
	- http.host=0.0.0.0
	- discovery.type=single-node
	- script.allowed_types=inline
	- thread_pool.search.queue_size=100000
	- thread_pool.write.queue_size=10000