WJDigby

#!/bin/bash
#The War Room Blog
#http://warroom.securestate.com/index.php/cya-cover-your-alfa-part-ii/
x=1                                                                                 # set the variables
HIGH_QUAL=$(cat /proc/net/wireless | awk 'END { print $3 }' | sed 's/\.$//')        # parse the output of /proc/net/wireless to get integers only
LOW_QUAL=$(cat /proc/net/wireless | awk 'END { print $3 }' | sed 's/\.$//')
AVG_QUAL=$(cat /proc/net/wireless | awk 'END { print $3 }' | sed 's/\.$//')
HIGH_LVL=$(cat /proc/net/wireless | awk 'END { print $4 }'| sed 's/\.$//')
LOW_LVL=$(cat /proc/net/wireless | awk 'END { print $4 }'| sed 's/\.$//')
AVG_LVL=$(cat /proc/net/wireless | awk 'END { print $4 }'| sed 's/\.$//')

WJDigby

<!DOCTYPE html>
<html>
<head>
  <title>PHP OS Command Injection</title>
  <!-- Adapted from the SecureState 2015 High School CTF  http://www.mountunion.edu/information-security-challenge-slated-for-saturday  -->
  <!-- Originally hosted at http://warroom.securestate.com -->
</head>
<body>
  <h1>MD5 Hashing</h1>
  <br />

WJDigby

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  def initialize

WJDigby

use post/windows/gather/enum_ad_computers
set FIELDS distinguishedName,dNSHostname,description,operatingSystem,operatingSystemServicePack
set FILTER (&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))
run
set FILTER (&(objectCategory=computer)(operatingSystem=*server*)(!(userAccountControl:1.2.840.113556.1.4.803:=8192)))
run
set FILTER (&(objectCategory=computer)(!(operatingSystem=*server*)))
run
set FIELDS distinguishedName,name,mail,description
set FILTER (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

WJDigby

import argparse
from subprocess import call

# Useful for Bluetooth device discovery when Bluetooth device addresses may be one off from wireless MAC addresses
# See, for example, "Hacking Exposed: Wireless", 3rd edition, by Joshua Wright and Johnny Cache, pages 211-214.

# To generate the list of addresses and test using hcitool (or another command line tool):
# python3 off-by-one.py -l macs.lst | while read -r line; do hcitool name "$line"; done

def off_by_one(mac_list, flag):

WJDigby

import requests
import argparse

def lengthen(url):
	if not url.lower().startswith(("http://", "https://")):
		url = "http://" + url
	http_req = requests.get(url)
	return http_req.url

def main():

WJDigby

#!/usr/bin/python

'''Pipe output of host command into this script when performing reverse lookups to get a more friendly output:
   while read i; do host $i | ./friendly-reverse.py; done < list.txt '''

import sys

for lookup in sys.stdin:
        ip = lookup.split('.', 4)[:4]
        domain = lookup.rsplit(' ', 1)[1]

WJDigby

# reconcile.py
"""Given an all-capital password (from a cracked LM hash) and an NTLM hash,
   identify the correct capitalization."""

import argparse
import hashlib
import itertools


def all_cases(password):

WJDigby

apt-get update

apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

WJDigby

while read user; do curl --ntlm -u '"$user":PASSWORD' URI -w 'size: %{size_download}\n' -o /dev/null; done < userlist.txt