- Get ASN of target
- Get IP ranges
- Masscan all the ranges (common web ports)
- Double check to verify hosts alive
- Generate URL list
- Bruteforce all the URLs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import urllib2 | |
import re | |
import ssl | |
import sys | |
# # find generic mirrors | |
mirrors = urllib2.urlopen('https://www.debian.org/mirror/list') | |
https = [] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Scan for CVE-2017-0143 MS17-010 | |
# The vulnerability used by WannaCry Ransomware | |
# | |
# 1. Use @calderpwn's script | |
# http://seclists.org/nmap-dev/2017/q2/79 | |
# | |
# 2. Save it to Nmap NSE script directory | |
# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/ | |
# OSX - /opt/local/share/nmap/scripts/ | |
# |
(see YouTube channel for individual videos)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import subprocess | |
import ctypes | |
# See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
svcinfo = {} | |
nonadmin = ['AU', 'AN', 'BG', 'BU', 'DG', 'WD', 'IU', 'LG'] | |
FNULL = open(os.devnull, 'w') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /usr/bin/env python3 | |
import hashlib | |
import threading | |
def hash_buf(buf): | |
return hashlib.sha256(buf).hexdigest() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# -*- coding: utf-8 -*- | |
# Gunicorn(v19.3) Configuration File | |
# Reference - http://docs.gunicorn.org/en/19.3/settings.html | |
# | |
# To run gunicorn by using this config, run gunicorn by passing | |
# config file path, ex: | |
# | |
# $ gunicorn --config=gunicorn.py MODULE_NAME:VARIABLE_NAME | |
# |
Easily deploy a secure containerized pastebin on a VPS.
This project runs and configures two containers:
- PrivateBin: A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted and decrypted in the browser.
- SWAG: An Nginx webserver and reverse proxy with PHP support and a built-in Certbot client that automates free SSL server certificate generation and renewal processes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
# RITSEC CTF 2022 - Crypto - Bad AES | |
## Custom AES implementation where Mix Columns and Shift Rows steps switch places | |
A secret government agency uses a 16-letter passphrase that is encrypted | |
to create their passwords for their computers. An insider within the agency | |
told me that everyday employees input their passphrase into this secret | |
encryption scheme to receive their password for the day & the key used to | |
encrypt their passphrase is changed by the agency daily. | |
(This is so their passwords change every day without the employee having |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"encoding/base32" | |
"fmt" | |
"strings" | |
) | |
func main() { | |
data := "2246b2egzcc3ktvvoklo5cvzh4" |
OlderNewer