New Scripts in Webroot Paths
Get "Trace File Operations[unlimited, 1488479715768|1488483314768, 1, 0, 0, 10, .*\\wwwroot\\.*\.(asp|aspx|cfm|jsp|php), CreateNewFile, , , ]" from all machines
#!/usr/bin/env python2 | |
import base64, struct, sys | |
if len(sys.argv) > 1: | |
try: | |
binary = base64.decodestring(sys.argv[1]) | |
#File header | |
sys.stdout.write(struct.pack("IHHIIII", | |
0xa1b2c3d4, # Magic |
# Enable syn flood protection | |
net.ipv4.tcp_syncookies = 1 | |
# Ignore source-routed packets | |
net.ipv4.conf.all.accept_source_route = 0 | |
# Ignore source-routed packets | |
net.ipv4.conf.default.accept_source_route = 0 | |
# Ignore ICMP redirects |
<?php | |
$compressed = array( | |
".0" => "Hacha Split Archive File", | |
".000" => "DoubleSpace Compressed File", | |
".7z" => "7-Zip Compressed File", | |
".7z.001" => "7-Zip Split Archive Part 1 File", | |
".7z.002" => "7-Zip Split Archive Part 2 File", | |
".a00" => "ALZip Second Split Archive File", | |
".a01" => "ALZip Third Split Archive File", |
#!/usr/bin/env bash | |
# Install SIFT Workstation Tools - tested to work on Ubuntu 16.04 | |
# j3rmbadger | |
# Snag the binaries - https://github.com/sans-dfir/sift-cli | |
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux | |
wget https://github.com/sans-dfir/sift-cli/releases/download/v1.5.1/sift-cli-linux.sha256.asc1 | |
# Validate signature file | |
gpg --keyserver pgp.mit.edu --recv-keys 22598A94 |
version: '2' | |
volumes: | |
nextcloud: | |
db: | |
services: | |
db: | |
image: mariadb | |
restart: always |
{ | |
"checkers": [{ | |
"type": "http", | |
"endpoint_name": "Website", | |
"endpoint_url": "http://www.example.com", | |
"attempts": 5 | |
}], | |
"storage": { | |
"provider": "s3", | |
"access_key_id": "<yours>", |
Invoke-WebRequest | |
-UseBasicParsing | |
-Method GET | |
-Uri "https://master.dockerproject.org/windows/x86_64/docker.zip" | |
-OutFile "$env:TEMP\docker.zip" | |
Expand-Archive -Path "$env:TEMP\docker.zip" | |
-DestinationPath $env:ProgramFiles | |
$env:path += ";c:\program files\docker" | |
[Environment]::SetEnvironmentVariable("Path", $env:Path + "; | |
C:\Program Files\Docker", [EnvironmentVariableTarget]::Machine) |
# Join AD Domain Powershell Script | |
# j3rmbadger | |
Add-computer –domainname lab.local -Credential LAB1\netsecadmin -restart –force |
cat > /etc/systemd/network/10-static-en.network << "EOF" | |
[Match] | |
Name=eth0 | |
[Network] | |
Address=192.168.1.12/24 | |
Gateway=192.168.1.1 | |
DNS=192.168.1.5 | |
EOF |