Skip to content

Instantly share code, notes, and snippets.

:octocat:
"Use the source luke"

Omar Mochtar iomarmochtar

:octocat:
"Use the source luke"
Block or report user

Report or block iomarmochtar

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@iomarmochtar
iomarmochtar / config_to_dict.py
Last active Dec 31, 2019
Simple way to convert .ini file to dict
View config_to_dict.py
from configparser import ConfigParser
from pprint import pprint
def as_dict(ini_file):
config = ConfigParser()
config.read_file(open(ini_file, 'r'))
return { x: dict(config[x]) for x in config.sections() }
pprint( as_dict('main.ini') )
@iomarmochtar
iomarmochtar / ZimbraHelpers.php
Created Nov 17, 2019
A Simple of using zimbra api in yii2 webapp
View ZimbraHelpers.php
<?php
// Author: Imam Omar Mochtar (iomarmochtar@gmail.com)
namespace app\models;
use Yii;
use Zimbra\Admin\AdminFactory;
use Zimbra\Admin\Request\CreateAccount;
use Zimbra\Struct\KeyValuePair;
use Zimbra\Struct\AccountSelector;
use Zimbra\Enum\AccountBy;
@iomarmochtar
iomarmochtar / pgadmin4.sh
Created Nov 16, 2019
Simple script to start & stop pgadmin4 container
View pgadmin4.sh
#!/bin/bash
## Author: Imam Omar Mochtar (iomarmochtar@gmail.com)
## Func: Simple script to start and stop pgadmin4 container
USERNAME=admin@mail.com
PASSWORD=kacangitem
PORT=8787
IMAGE="dpage/pgadmin4"
CONTAINER="omr_pgadmin4"
@iomarmochtar
iomarmochtar / batchMoveSambaOU.sh
Created Nov 8, 2019
Move user's OU by sAMAccountName for samba4
View batchMoveSambaOU.sh
#!/bin/bash
# Author: Imam Omar Mochtar (iomarmochtar@gmail.com)
# Move user's OU by sAMAccountName for samba4
# arg1 = param name, arg2 = value, arg3 = default value
getParam(){
if [ "$2"x == "x" ] && [ "$3"x == "x" ]; then
echo "$1 dimasukan diset"
exit 1
fi
View mc_reproduce.py
import smtplib
import random
fromaddr = 'user@whatever.com'
toaddrs = 'auser@gmail.com'
subject = 'This can be a fraud'
message_id = '%032x@randommail'%random.getrandbits(128)
username = 'mcuser'
password = 'mcpassword'
@iomarmochtar
iomarmochtar / dark_ozpy.py
Created Jul 17, 2019
Utilizing ozpy for doing SSRF
View dark_ozpy.py
__author__ = 'Imam Omar Mochtar (iomarmochtar@gmail.com)'
"""
WARNING : For learning purpose only !!!
This is example of utilizing ozpy for gaining zimbra admin rights through SSRF vulnerability
"""
import sys
import requests
@iomarmochtar
iomarmochtar / simpletag.py
Created Jul 4, 2019
a python library to generating xml tag
View simpletag.py
__author__ = ('Imam Omar Mochar', ('iomarmochtar@gmail.com',))
"""
Simple XML builder, i create it for generating HTML tag(s)
"""
# alternative of xml attribute that also become keyword in python side
ALTERNATE_MAP = {
'klass': 'class'
}
@iomarmochtar
iomarmochtar / zimbra_after_xxe.txt
Last active Apr 13, 2019
My Zimbra Got Hacked by XXE bug What Should I do ?
View zimbra_after_xxe.txt
Note:
- i suggest you for not delete any script or program that intruder put into your server, you can backup it and see how it's works.
so you can learn how it operated and can determine impact in your server.
- before or in parallel you do backup please make sure that your server is clean first by any backdoor !!!.
- you may considering reinstall your OS if the damaged from intruder was quite heavy,
eg: they are replacing some coreutils or some crucial daemon (SSH for instance).
in general you may see by detail any folder that zimbra user has write access to it.
but these are the common way you may check:
@iomarmochtar
iomarmochtar / gfonts_offline.py
Created Jan 15, 2019
Python script to download google fonts
View gfonts_offline.py
__author__ = ('Imam Omar Mochtar', 'iomarmochtar@gmail.com')
import urllib2
import sys
import os
import re
FONTS_DIR = 'fonts'
CSS_FILE = 'offline.css'
site = sys.argv[1]
@iomarmochtar
iomarmochtar / listAllCosWithMembers.py
Created Sep 22, 2018
Get all COS (Class Of Service) including user assigned to it. #zimbra
View listAllCosWithMembers.py
#!/opt/zimbra/bin/zmpython
__author__ = ('Imam Omar Mochtar', ('iomarmochtar@gmail.com', 'imam.omar@jabetto.com'))
"""
Get all COS including user assigned to it. you may run this script inside zimbra's server (LDAP server is recommended)
"""
from com.zimbra.cs.account import Provisioning
You can’t perform that action at this time.