Skip to content

Instantly share code, notes, and snippets.

Dustin dustyfresh

Block or report user

Report or block dustyfresh

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@dustyfresh
dustyfresh / python-nameserver.py
Created Jun 7, 2019
DNS nameserver implemented in python
View python-nameserver.py
#!/usr/bin/env python3
import sys
from datetime import datetime
import time
from time import sleep
from dnslib import DNSLabel, QTYPE, RD, RR, RCODE
from dnslib import A, AAAA, CNAME, MX, NS, SOA, TXT
from dnslib.server import DNSServer
@dustyfresh
dustyfresh / miniboa_telnet_honeypot.py
Last active Mar 31, 2019
log brute force traffic on telnet easily with miniboa
View miniboa_telnet_honeypot.py
from miniboa import TelnetServer
import logging as logz
def on_connect(client):
logz.info('New connection from {}'.format(client.address))
clients.append(client)
# Fake login prompt
client.send('Login: ')
def on_disconnect(client):
View keybase.md

Keybase proof

I hereby claim:

  • I am dustyfresh on github.
  • I am dustyfresh (https://keybase.io/dustyfresh) on keybase.
  • I have a public key ASCCXpExvlJd32z0N3WdZ1Tw1ZoIi73S9_JuclQ0QQJEDgo

To claim this, I am signing this object:

View TAO_disclosed_projects.txt
ACRIDMINI - TAO computer hacking project
ADJUTANT VENTURE - Intrusion set?
ALOOFNESS - Cyber threat actor
ALTEREDCARBON - An IRATEMONK implant for Seagate drives
AMULETSTELLAR - Cyber threat actor sending malicious e-mails
ANGRYNEIGHBOR - Family of radar retro-reflector tools used by NSA's TAO division
APERTURESCIENCE - TAO computer hacking project
ARGYLEALIEN - Method to cause a loss of data by exploiting zeroization of hard-drives
ARKSTREAM - Implant used to reflash BIOS, installed by remote access or intercepted shipping
ARROWECLIPSE - Counter CNE tool
@dustyfresh
dustyfresh / kek_url_scraper.py
Created Jul 28, 2018
guess valid short links from kek.gg for research & educational purposes
View kek_url_scraper.py
#!/usr/bin/env python
import requests
import random
import string
from time import sleep
while True:
sleep(random.choice(range(5)))
lol = ''.join(random.choice(string.ascii_uppercase + string.digits + string.ascii_lowercase) for _ in range(4))
url = 'https://kek.gg/u/{}'.format(lol)
@dustyfresh
dustyfresh / tor_ssh_tunnel.md
Last active Jan 9, 2019
tunnel remote services to localhost with SSH & Tor
View tor_ssh_tunnel.md

Architecture

Sometimes you need to access a service that is behind a firewall that you do not have permissions to influence. You can get around your inability to modify the firewall policies by tunneling your service over a Tor hidden service with SSH.

Requirements

  • Tor must be installed on both the firewalled host, as well as the client server the tunnel will be initiated from.
  • Ncat is used to proxy SSH over SOCKS to Tor. The ncat binary ships with the nmap package.
  • client must have a public key in the authorized_keys SSH file for the hidden service

Setup hidden service

@dustyfresh
dustyfresh / rethinkdb_notes.md
Last active May 30, 2018
notes on setting up, securing, and using a RethinkDB server
View rethinkdb_notes.md

RethinkDB dev notes

Why use RethinkDB?

RethinkDB is the first open-source, scalable JSON database built from the ground up for the realtime web. It inverts the traditional database architecture by exposing an exciting new access model – instead of polling for changes, the developer can tell RethinkDB to continuously push updated query results to applications in realtime. RethinkDB’s realtime push architecture dramatically reduces the time and effort necessary to build scalable realtime apps.

The project I'm using RethinkDB for is storing data from various scrapers I'm working on.

rethinkdb installation

@dustyfresh
dustyfresh / workerWAF.js
Last active Aug 29, 2019
Simple & experimental Web Application Firewall using Cloudflare's edge workers
View workerWAF.js
/*
*
* Web Application Firewall built with Cloudflare workers
*
* Author: < https://twitter.com/dustyfresh >
*
* License: GPLv3 < https://www.gnu.org/licenses/gpl-3.0.en.html >
*
* Cloudflare worker documentation:
* < https://developers.cloudflare.com/workers/about/ >
@dustyfresh
dustyfresh / hax.php
Created Apr 25, 2018
simple php shell
View hax.php
<?php
// error handling
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
set_time_limit(100);
// This prevents us from being indexed by bots
if(isset($_SERVER['HTTP_USER_AGENT'])){
@dustyfresh
dustyfresh / shieldsurge_recruiting_CTF1_writeup.md
Last active Jun 18, 2018
writeup of the shieldsurge CTF challenge by dustyfresh
View shieldsurge_recruiting_CTF1_writeup.md
You can’t perform that action at this time.