I hereby claim:
- I am chrismaddalena on github.
- I am cmaddalena (https://keybase.io/cmaddalena) on keybase.
- I have a public key whose fingerprint is 800F B00B 11E2 188E F282 CF85 9DE9 9873 F1A0 5629
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
import sys | |
import os | |
fileOne = sys.argv[1] | |
fileTwo = sys.argv[2] | |
with open(fileOne, 'r') as one, open(fileTwo, 'r') as two, open('combined.txt', 'w') as output: |
<?XML version="1.0"?> | |
<scriptlet> | |
<registration | |
description="Bandit" | |
progid="Bandit" | |
version="1.00" | |
classid="{AAAA1111-0000-0000-0000-0000FEEDACDC}" | |
> |
Service | Description | Command | |
---|---|---|---|
IAM | Create a profile with a set of keys | aws configure --profile PROFILE_NAME | |
IAM | Get account information | aws --profile PROFILE_NAME iam get-user | |
IAM | Get attached policies for user | aws --profile PROFILE_NAME iam list-attached-user-policies --user-name USERNAME | |
IAM | Get a policy's version information | aws --profile flaws iam get-policy - policy-arn POLICY_ARN_STRING | |
IAM | Get policy details | aws --profile PROFILE_NAME iam get-policy-version --policy-arn POLICY_ARN_STRING --version-id VERSION_NUMBER | |
S3 | List contents of an S3 bucket (without creds) | aws s3 ls s3://BUCKET_NAME --no-sign-request | |
S3 | List contents of an S3 bucket (with creds) | aws s3 ls s3://BUCKET_NAME --profile PROFILE_NAME | |
S3 | Download contents of an S3 bucket | aws s3 sync s3://BUCKET_NAME/ . --no-sign-request |
Service | Description | Command | |
---|---|---|---|
User | List logged-in users | gcloud auth list | |
User | Switch active user | gcloud config set account 'ACCOUNT' | |
User | Logout an account | gcloud auth revoke --all or gcloud auth revoke 'ACCOUNT' | |
Storage | List buckets | gsutil ls | |
Storage | Copy object from bucket | gsutil cp gs://BUCKET_NAME/FILENAME . | |
VM | List virtual machine instances | gcloud compute instances list | |
VM | List virtual machine snapshots | gcloud compute snapshots list |
Service | Description | Command | |
---|---|---|---|
CLI | Search for a command | az find -q KEYWORD | |
CLI | List all subcommands | az --help and az SUBGROUP --help | |
Account | List authenticated accounts | az account list --output table | |
Account | Set the active subscription | az account set --subscription 'SUBSCRIPTION NAME' | |
File Share | List file storage accounts | az storage account list | |
VM | List virtual machines | az vm list --output table | |
VM | List machine snapshots | az snapshot list --output table |
def compare_dumps(first_hashdump, second_hashdump): | |
"""Compare the two password dumps and return a dictionary of the results. JSON output: | |
{ | |
"accounts": { | |
"CHRISM": { | |
"enabled": true, | |
"pwdlastset": "2019-04-14 22:53:08", | |
"domain": "DOMAIN.COM" | |
}, | |
"matching_accounts": {} |
def process_hashes(hash_file): | |
"""Process the hashes in the provided file and return a dictionary.""" | |
# Create hashes of the hashes, lol | |
with open(hash_file, 'r') as hash_dump: | |
hashes = {} | |
for line in hash_dump: | |
# Ignore machine accounts | |
if not '$' in line: | |
# Separate DOMAIN\USER from NTLM and USER from DOMAIN | |
array = line.split(':::') |
def process_potfile(hashcat_potfile): | |
"""Process the provided Hashcat potfile to return a dictionary of hash values and plaintext values.""" | |
with open(hashcat_potfile, 'r') as potfile: | |
potfile_hashes = {} | |
for line in potfile: | |
# This doesn't account for potfile entries for NTLMv2, etc. | |
array = line.split(':') | |
if len(array) > 2: | |
pass | |
else: |
def sanitize(string): | |
"""Sanitize the provided string by replacing chunks with asterisks.""" | |
sanitized_string = string | |
length = len(string) | |
if length == 32: | |
sanitized_string = string[0:4] + "*"*(length-8) + string[length-5:length-1] | |
elif length > 2: | |
sanitized_string = string[0] + "*"*(length-2) + string[length-1] | |
return sanitized_string |