joenorton8014

#!/usr/bin/python
# Modified from - http://www.cis.syr.edu/~wedu/seed/Labs_16.04/Networking/DNS_Local/DNS_Local.pdf
# If you suspect your victim doesn't have DNSSEC enabled, send them a link to www.example.net, 
# and run this script on the IP that is the authoritative name server for that domain. The script will reply
# back with the original answer plus also state it's authoritative the high jacked domains and send an A 
# record pointing back to itself. 

from scapy.all import *
def spoof_dns(pkt):
    if (DNS in pkt and 'www.example.net' in pkt[DNS].qd.qname):

joenorton8014

import socket
import random
import argparse
import ssl
import time
import sys


# Some customizations on a fuzzer from SANS660
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a

joenorton8014

import socket
import random
import argparse
import ssl
import time

# Some customizations on a fuzzer from SANS660
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a

def main():

joenorton8014

# Not my work, from SANS660
import socket
import random


def randstring():
    s = ""
    for i in xrange(random.randint(1,64)):
        s += chr(random.randint(0x30,0x7a))
    return s

joenorton8014

echo "IP forwarding state:"
sysctl net.ipv4.ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Current IP forwarding state is:"
sysctl net.ipv4.ip_forward

echo "Enabling nat: " 
iptables -A FORWARD -o eth0 -i eth1 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -F POSTROUTING

joenorton8014

$users = Get-ChildItem "c:\users" | Select-Object name
$users | ForEach-Object {
  $user = $($_.Name)
  $iocfile = "C:\Users\$($_.Name)\AppData\Roaming\somemalwarefile.tmp"
  if (Test-Path $iocfile){
      $filehash = get-filehash $iocfile | Select-Object -ExpandProperty hash
      $searchresults = "File found!"
         }
  else {
      $filehash = "No file to hash"

joenorton8014

import hashlib,binascii 
print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest())


# python -c 'import hashlib,binascii; print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest())'
# From - https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/

joenorton8014

joe@DESKTOP-OSSID31:~/recordedfuture/final$ cat intel.log
#separator \x09
#set_separator	,
#empty_field	(empty)
#unset_field	-
#path	intel
#open	2018-07-15-14-37-37
#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	seen.indicator	seen.indicator_type	seen.where	seen.node	matched	sources	fuid	file_mime_type	file_desc
#types	time	string	addr	port	addr	port	string	enum	enum	string	set[enum]	set[string]	string	string	string
1531663865.844578	CVrPZ72bEBI5x8A5bl	10.0.0.38	34154	5.79.71.225	9999	5.79.71.225	Intel::ADDR	Conn::IN_RESP	bro	Intel::ADDR	rec-future	-	-	-

joenorton8014

import requests
import json 
import time


def main():
    base_url = "https://api.recordedfuture.com/v2"
    
    token = ""
    

joenorton8014

import digitalocean
from digitalocean import SSHKey
from Crypto.PublicKey import RSA
from datetime import datetime 
import time
import smtplib
from email.MIMEMultipart import MIMEMultipart
from email.MIMEText import MIMEText
import os
from digitalocean import SSHKey