This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Modified from - http://www.cis.syr.edu/~wedu/seed/Labs_16.04/Networking/DNS_Local/DNS_Local.pdf | |
# If you suspect your victim doesn't have DNSSEC enabled, send them a link to www.example.net, | |
# and run this script on the IP that is the authoritative name server for that domain. The script will reply | |
# back with the original answer plus also state it's authoritative the high jacked domains and send an A | |
# record pointing back to itself. | |
from scapy.all import * | |
def spoof_dns(pkt): | |
if (DNS in pkt and 'www.example.net' in pkt[DNS].qd.qname): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import random | |
import argparse | |
import ssl | |
import time | |
import sys | |
# Some customizations on a fuzzer from SANS660 | |
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import random | |
import argparse | |
import ssl | |
import time | |
# Some customizations on a fuzzer from SANS660 | |
# Original SANS script is here - https://gist.github.com/joenorton8014/f6ac55d7f26023b8d5169edae6e8218a | |
def main(): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Not my work, from SANS660 | |
import socket | |
import random | |
def randstring(): | |
s = "" | |
for i in xrange(random.randint(1,64)): | |
s += chr(random.randint(0x30,0x7a)) | |
return s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
echo "IP forwarding state:" | |
sysctl net.ipv4.ip_forward | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
echo "Current IP forwarding state is:" | |
sysctl net.ipv4.ip_forward | |
echo "Enabling nat: " | |
iptables -A FORWARD -o eth0 -i eth1 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT | |
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
iptables -t nat -F POSTROUTING |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$users = Get-ChildItem "c:\users" | Select-Object name | |
$users | ForEach-Object { | |
$user = $($_.Name) | |
$iocfile = "C:\Users\$($_.Name)\AppData\Roaming\somemalwarefile.tmp" | |
if (Test-Path $iocfile){ | |
$filehash = get-filehash $iocfile | Select-Object -ExpandProperty hash | |
$searchresults = "File found!" | |
} | |
else { | |
$filehash = "No file to hash" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import hashlib,binascii | |
print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest()) | |
# python -c 'import hashlib,binascii; print binascii.hexlify(hashlib.new("md4", "Strong,hardtocrackpassword1".encode("utf-16le")).digest())' | |
# From - https://labs.mwrinfosecurity.com/blog/pth-attacks-against-ntlm-authenticated-web-applications/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
joe@DESKTOP-OSSID31:~/recordedfuture/final$ cat intel.log | |
#separator \x09 | |
#set_separator , | |
#empty_field (empty) | |
#unset_field - | |
#path intel | |
#open 2018-07-15-14-37-37 | |
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc | |
#types time string addr port addr port string enum enum string set[enum] set[string] string string string | |
1531663865.844578 CVrPZ72bEBI5x8A5bl 10.0.0.38 34154 5.79.71.225 9999 5.79.71.225 Intel::ADDR Conn::IN_RESP bro Intel::ADDR rec-future - - - |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import json | |
import time | |
def main(): | |
base_url = "https://api.recordedfuture.com/v2" | |
token = "" | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import digitalocean | |
from digitalocean import SSHKey | |
from Crypto.PublicKey import RSA | |
from datetime import datetime | |
import time | |
import smtplib | |
from email.MIMEMultipart import MIMEMultipart | |
from email.MIMEText import MIMEText | |
import os | |
from digitalocean import SSHKey |