-
run
./setup.sh
-
change directory to
/srv/pxe
-
create
./dnsmasq.conf
-
create
./pxelinux.cfg/default
-
bring up interface
sudo ip addr add 172.30.30.1/24 dev enp0s31f6
#!/usr/bin/env bash | |
set -euo pipefail | |
xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \ | |
jq -r 'select(.ip!=null)|[.ip,(.hostnames|join(",")),(.ports|join(",")),(.cpes|join(",")),(.tags|join(","))]|@tsv' | \ | |
sort -Vu | \ | |
column -ts $'\t' |
#!/usr/bin/env bash | |
set -euo pipefail | |
xargs -I {} -n 1 -P 16 -r -- curl -sS https://internetdb.shodan.io/{} | \ | |
jq -r 'select(.hostnames!=null)|.hostnames[]' | \ | |
sort -Vu |
#!/usr/bin/env python3 | |
import sys | |
import urllib.parse | |
import tldextract | |
# pip3 install --user tldextract | |
def main() -> None: | |
for line in sys.stdin: |
#!/usr/bin/env python3 | |
from argparse import ArgumentParser | |
from typing import Any, Iterator | |
import ipaddress | |
import json | |
import requests | |
def main() -> None: |
#include <stdio.h> | |
# gcc ./embed.c -o ./embed && ./embed | |
asm(R"( | |
.pushsection .rodata | |
.global flag | |
.type flag, @object | |
.balign 1 |
#!/usr/bin/env bash | |
set -euo pipefail | |
# usage: ldeep-trust-discover child.corp.com -u user -p passw0rd | |
discover() { | |
if [[ ! -e "./trust-$1.json" ]]; then | |
echo "discovering $1" >&2 | |
ldeep ldap -s ldaps://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || \ | |
ldeep ldap -s ldap://"$1" "${@:2}" trusts -v > "./trust-$1.json" 2> /dev/null || { |
#!/usr/bin/python3 | |
import requests | |
import sys | |
# usage: cat ./gathered-emails.txt | ./o365-user-enum.py | tee -a ./valid-emails.txt | |
url = 'https://login.microsoftonline.com/common/GetCredentialType' | |
user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5359.178 Safari/537.36 Edg/106.0.1266.51' | |
with requests.session() as session: |
#!/usr/bin/env python3 | |
from argparse import ArgumentParser | |
import json | |
import sys | |
import requests | |
# Retrieve an access token via the device code flow: | |
# roadtx auth --tokenfile ~/.cache/azmail.json --resource https://outlook.office.com --client d3590ed6-52b3-4102-aeff-aad2292ab01c --tenant contoso.com --device-code |
#include <windows.h> | |
#include <stdio.h> | |
// compilation: x86_64-w64-mingw32-g++ -m64 -Wall -Wextra -std=c++20 -lstdc++ -static -Os -s -o ./ArcserveDecrypter.exe ./ArcserveDecrypter.cpp | |
// usage: ./ArcserveDecrypter.exe HEXBLOB | |
// based on https://github.com/mdsecactivebreach/CVE-2023-26258-ArcServe/blob/main/ArcServeDecrypter.c | |
constexpr unsigned char key[] = { 0x50, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x61, 0x00, 0x73, 0x00, 0x65, 0x00, 0x20, 0x00, 0x69, 0x00, 0x6E, 0x00, 0x70, 0x00, 0x75, 0x00, 0x74, 0x00, 0x20, 0x00, 0x61, 0x00, 0x20, 0x00, 0x76, 0x00, 0x61, 0x00, 0x6C, 0x00, 0x69, 0x00, 0x64, 0x00, 0x20, 0x00, 0x70, 0x00, 0x61, 0x00, 0x73, 0x00, 0x73, 0x00, 0x77, 0x00, 0x6F, 0x00, 0x72, 0x00, 0x64, 0x00 }; | |
constexpr auto key_len = sizeof(key); |