danzek

// Get list of indices from Elasticsearch and delete any with filebeat as prefix
// this is ugly and there should be more functions instead of all this crap in main but it's a one-off script

/*
Public Domain. Use this however you wish!

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

danzek

// Get list of indices from Elasticsearch.

// Yes, I know this boils down to `curl http://localhost:9200/_cat/indices` and shows less information.
// I did this as a personal exercise while learning Go.

/*
Public Domain. Use this however you wish!

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR

danzek

/*
 * LsaRetrievePrivateData User Credential Theft on Windows XP-7
 * ============================================================
 *
 * Requires admin privileges to run effectively (use privilege escalation 
 * exploit first then use this to get password so you are no longer dependent 
 * on the exploit)
 *
 * Seen on reddit: https://www.reddit.com/r/Malware/comments/779v21/til_you_can_maintain_administrative_access/
 * Code from pastebin dump: https://pastebin.com/u992uP5e

danzek

Important articles about Windows/NTFS

This also contains quotes from the articles in case they are moved/deleted/etc.

• File Times: https://msdn.microsoft.com/en-us/library/windows/desktop/ms724290

A file time is a 64-bit value that represents the number of 100-nanosecond intervals that have elapsed since 12:00 A.M. January 1, 1601 Coordinated Universal Time (UTC). The system records file times when applications create, access, and write to files.

The NTFS file system stores time values in UTC format, so they are not affected by changes in time zone or daylight saving time. The FAT file system stores time values based on the local time of the computer. For example, a file that is saved at 3:00pm PST in Washington is seen as 6:00pm EST in New York on an NTFS volume, but it is seen as 3:00pm EST in New York on a FAT volume.

danzek

# use shell::: with CLSID to launch location from run dialog
# e.g., shell:::{21EC2020-3AEA-1069-A2DD-08002B30309D}
#
# retrieved 20170719 from http://krypsec.com/all-clsid-for-windows-to-used-in-ethical-hacking-and-batch-programming/
#
# see also:
# https://www.sysnative.com/forums/windows-8-windows-rt-tutorials/12157-shells-shortcuts-clsid-listing-windows-10-8-1-8-7-a.html
# http://www.geoffchappell.com/studies/windows/shell/explorer/cmdline.htm

CLSID_ControlPanel                {21EC2020-3AEA-1069-A2DD-08002B30309D}

danzek

<# Public Domain. Use this however you wish!

   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
   COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
   OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#>

$files = Get-Content "file_path_on_each_line.txt"
Write-Output "File Path,MD5 Hash"

danzek

// GoogleAnalyticsDomainHashCalculator.cpp
//
// NOTE: I turned this into a robust CLI tool: https://github.com/danzek/gadhash
//
// Calculates Google Analytics Domain Hash given domain name
// =========================================================
// This corresponds to the first value after "utma=" up until the first dot ('.')
// e.g. in "utma=173272373.nnnnnnn", the domain hash is 173272373 ("google.com")
// do not include the protocol in url (e.g., "http://")
//

danzek

/* Retrieved from http://stackoverflow.com/a/18374698/ on April 13, 2017
 * Posted by user [dk123](https://stackoverflow.com/users/1709725/dk123) on Aug 22 '13 at 7:57
 * Credit given in post to user ArmanSchwarz who posted a comment with this information
 */

#include <codecvt>

// string to wstring
wstring s2ws(const std::string& str)
{

danzek

StackOverflow Answer

• Retrieved from http://stackoverflow.com/a/9371717/ on April 13, 2017
• Posted by user Vaughn Cato on Feb 21 '12 at 3:24

---

By default, cin is synchronized with stdio, which causes it to avoid any input buffering. If you add this to the top of your main, you should see much better performance:

std::ios_base::sync_with_stdio(false);

danzek

/* From http://blog.nuclex-games.com/2012/06/how-to-create-directories-recursively-with-win32/
 * Retrieved April 12, 2017
 * Posted by user Cygon (http://blog.nuclex-games.com/author/cygon/)
 *
 * This code is free for the taking and you can use it however you want.
 * 
 * THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 
 * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
 * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE