intrd

## tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
  Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
  and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
  Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing

## vpn_intrd.sh
#!/bin/bash

## Openvpn safe kill switch / isolate vpn connection using linux routing table (no iptables needed)
# Author: intrd@dann.com.br

# flush the entire routing table (incl cache)
sudo ip route flush table main
sudo ip route flush cache

# route the wan network but not a gateway

## dropbear_howto.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                intrd
                / dropbear_howto.md
            
            
              Last active
              January 23, 2025 19:31
            
              
                Remotely Boot and Unlock a Linux Full Disk Encrypted machine (LUKS) with Dropbear
              
          
    Installing dropbear to initramfs

sudo apt update
sudo apt install dropbear-initramfs
sudo -i
cd /etc/dropbear/initramfs/
nano dropbear.conf
DROPBEAR_OPTIONS="-I 239 -j -k -p 8008 -s"
nano /etc/initramfs-tools/initramfs.conf
IP=192.168.1.11::192.168.1.1:255.255.255.0:YOURHOSTNAME


## Xwitter_createFirstToken.py
## X/Twitter - Simple Python3 OAuth 2.0 Authorization (PKCE), Refresh Token and Tweet Action without Tweepy or any 3rd-party libs.
# Author: intrd@dann.com.br

# Action: Create Refresh Token

import os
import secrets
import string
import requests
from urllib.parse import urlencode

## gh_issues2md.py
## Python3 Convert all your Github issues into Obsidian markdown format.
# Author: intrd@dann.com.br

import os
import requests
import re

# Replace with your repository and username
GITHUB_API = "https://api.github.com"
USERNAME = "intrd"

## hackvertor-tags.json
[
   {
      "argument1Default":"0x100",
      "code":"output = ''.join(unichr(mask + ord(c)) for c in input)",
      "argument1Type":"Number",
      "numberOfArgs":1,
      "argument1":"mask",
      "language":"Python",
      "tagName":"__unicode_overflow_py"
   },

## xwitter.py
## Python3 OAuth 2.0 PKCE with Tweepy: Upload and Tweet an Image using Twitter API v1 w/ X API v2.
# This script uploads an image using the old Twitter API v1, retrieves the media URL, and then tweets it using the new X API v2. (Yes, currently, this is the easiest way to accomplish this).
# Author: intrd@dann.com.br
import tweepy, sys

if len(sys.argv) < 3:
    print("Usage: python3 script.py <file_path> <long_text>")
    sys.exit(1)

file_path = sys.argv[2]

## base3200.py
## base64x50 decoder used in misc100-base3200 @ 3dsctf-2k16
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

import base64

# 3200/64 = 50
pontfile='msg.txt'
for x in range(0, 50):
	with open(pontfile, 'r') as f:

## tutorial_kali_autologin_afterupdate.txt
## Kali light xfce4 root autologin (works after lightdm update)
# @author intrd - http://dann.com.br/
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

Root autologin is broken after lighdtdm update, fix by doing this:
nano /etc/lightdm/lightdm.conf
  at [Seat:*] group uncomment/edit:
  autologin-user=root
  autologin-user-timeout=0

## many_time_pad_attack.py
#!/usr/bin/python
## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
# @author intrd - http://dann.com.br/
# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

import string
import collections
import sets, sys

# 11 unknown ciphertexts (in hex format), all encrpyted with the same key
	## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
	# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	## Burp csrf-rewritting macro
	- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
	Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
	and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
	Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
	- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
	#!/bin/bash

	## Openvpn safe kill switch / isolate vpn connection using linux routing table (no iptables needed)
	# Author: intrd@dann.com.br

	# flush the entire routing table (incl cache)
	sudo ip route flush table main
	sudo ip route flush cache

	# route the wan network but not a gateway
	## X/Twitter - Simple Python3 OAuth 2.0 Authorization (PKCE), Refresh Token and Tweet Action without Tweepy or any 3rd-party libs.
	# Author: intrd@dann.com.br

	# Action: Create Refresh Token

	import os
	import secrets
	import string
	import requests
	from urllib.parse import urlencode
	## Python3 Convert all your Github issues into Obsidian markdown format.
	# Author: intrd@dann.com.br

	import os
	import requests
	import re

	# Replace with your repository and username
	GITHUB_API = "https://api.github.com"
	USERNAME = "intrd"
	[
	{
	"argument1Default":"0x100",
	"code":"output = ''.join(unichr(mask + ord(c)) for c in input)",
	"argument1Type":"Number",
	"numberOfArgs":1,
	"argument1":"mask",
	"language":"Python",
	"tagName":"__unicode_overflow_py"
	},
	## Python3 OAuth 2.0 PKCE with Tweepy: Upload and Tweet an Image using Twitter API v1 w/ X API v2.
	# This script uploads an image using the old Twitter API v1, retrieves the media URL, and then tweets it using the new X API v2. (Yes, currently, this is the easiest way to accomplish this).
	# Author: intrd@dann.com.br
	import tweepy, sys

	if len(sys.argv) < 3:
	print("Usage: python3 script.py <file_path> <long_text>")
	sys.exit(1)

	file_path = sys.argv[2]
	## base64x50 decoder used in misc100-base3200 @ 3dsctf-2k16
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	import base64

	# 3200/64 = 50
	pontfile='msg.txt'
	for x in range(0, 50):
	with open(pontfile, 'r') as f:
	## Kali light xfce4 root autologin (works after lightdm update)
	# @author intrd - http://dann.com.br/
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	Root autologin is broken after lighdtdm update, fix by doing this:
	nano /etc/lightdm/lightdm.conf
	at [Seat:*] group uncomment/edit:
	autologin-user=root
	autologin-user-timeout=0
	#!/usr/bin/python
	## OTP - Recovering the private key from a set of messages that were encrypted w/ the same private key (Many time pad attack) - crypto100-many_time_secret @ alexctf 2017
	# @author intrd - http://dann.com.br/
	# Original code by jwomers: https://github.com/Jwomers/many-time-pad-attack/blob/master/attack.py)

	import string
	import collections
	import sets, sys

	# 11 unknown ciphertexts (in hex format), all encrpyted with the same key