Skip to content

Instantly share code, notes, and snippets.

View crypt0b0y's full-sized avatar
🎯
Focusing

crypt0b0y crypt0b0y

🎯
Focusing
101 followers · 49 following
View GitHub Profile
@crypt0b0y
crypt0b0y / ftpserver.py
Created December 10, 2018 09:56 — forked from scturtle/ftpserver.py
simple ftp server by python
#!/usr/bin/env python2
# coding: utf-8
import os,socket,threading,time
#import traceback
allow_delete = False
local_ip = socket.gethostbyname(socket.gethostname())
local_port = 8888
currdir=os.path.abspath('.')
@crypt0b0y
crypt0b0y / grab_all_pages.sh
Created September 15, 2017 21:11 — forked from rjshade/grab_all_pages.sh
wget with https and cookie login
#!/bin/bash
# first login and store the cookie
wget --post-data='name=USERNAME&pass=PASSWORD&op=Log%20in' --save-cookies=my-cookies.txt --keep-session-cookies "https://private.site.com" > /dev/null 2>&1
# now we can scrape the site (353 pages)
for i in {0..353}
do
echo "grabbing page $i..."
wget --cookies=on --keep-session-cookies --load-cookies=my-cookies.txt "https://private.site.com/people?page=$i" > /dev/null 2>&1
@crypt0b0y
crypt0b0y / httpshell.md
Created August 31, 2017 19:24
gistblog-blogpost:httpShell whitepaper

This article can also be found in Hack in the Box Magazine

##0x00 Abstract## Discretion is a necessity when performing a penetration test. The job is to test a network's defenses as well as the security team's ability to detect and respond to an incident, while being as discrete as possible. Neohapsis Labs looked into the obstacles and solutions for developing a communication channel with a device residing in a protected and monitored network. This paper will discuss these findings. A new tool demonstrating some of these techniques will also be discussed. This paper will also speculate as to defensive solutions for such threats.

##Table of Contents##

  • 0x01 -- Introduction
  • 0x02 -- Attacks and Defenses
  • 0x02.01 -- Network Address Translation / Port Address Translation (NAT/PAT)
  • 0x02.02 -- Ingress Port Filtering
@crypt0b0y
crypt0b0y / linuxprivchecker.py
Created July 5, 2017 17:55 — forked from sh1n0b1/linuxprivchecker.py
linuxprivchecker.py -- a Linux Privilege Escalation Check Script
#!/usr/env python
###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.
@crypt0b0y
crypt0b0y / opening-and-closing-an-ssh-tunnel-in-a-shell-script-the-smart-way.md
Created May 16, 2017 21:00 — forked from scy/opening-and-closing-an-ssh-tunnel-in-a-shell-script-the-smart-way.md
Opening and closing an SSH tunnel in a shell script the smart way

Opening and closing an SSH tunnel in a shell script the smart way

I recently had the following problem:

  • From an unattended shell script (called by Jenkins), run a command-line tool that accesses the MySQL database on another host.
  • That tool doesn't know that the database is on another host, plus the MySQL port on that host is firewalled and not accessible from other machines.

We didn't want to open the MySQL port to the network, but it's possible to SSH from the Jenkins machine to the MySQL machine. So, basically you would do something like

ssh -L 3306:localhost:3306 remotehost