Skip to content

Instantly share code, notes, and snippets.

@joswr1ght
joswr1ght / iptables-connect-logging.sh
Created May 10, 2021
Linux server-side connection logging
View iptables-connect-logging.sh
# Create a chain that logs new connections:
iptables -N LOGNEW
iptables -A LOGNEW -j LOG --log-prefix ' INBOUND TCP ' --log-level 4
iptables -A LOGNEW -j ACCEPT
# Accept packets on existing connections without any fuss:
iptables -A INPUT -p tcp -m state \! --state NEW -j ACCEPT
# Log incoming packets on new connections:
iptables -A INPUT -p tcp -j LOGNEW -m limit --limit 100/sec
# Examine logs
@joswr1ght
joswr1ght / check-privesc-writable-dirs.sh
Created Mar 31, 2021
Check PATH for Writable Directories for Privesc Opportunity
View check-privesc-writable-dirs.sh
IFS=:; set -o noglob; for dir in $PATH""; do ls -ld $dir; done
@joswr1ght
joswr1ght / heinous-shell-sqli-scanner.sh
Created Mar 16, 2021
SQL Injection Vulnerable Code Scanning Shell Command
View heinous-shell-sqli-scanner.sh
# This heinous command searches for SQL injection vulnerable code:
# 1. Use awk to convert multiline strings into a single line
# 2. Fix things up with sed to make line endings normal again
# 3. Search for SQL-related statements
# 4. Search for lines where there are two or more $ variable indicators
#
# This is a hack. Please don't let this be my legacy.
#
awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' *.php | sed 's/;/;\n/g;s/}/}\n/g' | grep -iE "select|insert|update|delete" | grep -E "\\$.*\\$"
@joswr1ght
joswr1ght / extract-tlsscan-hostnames.py
Last active Apr 23, 2021
Extract TLS-Scan Hostnames from Certificate Records
View extract-tlsscan-hostnames.py
#!/usr/bin/env python3
# Mark Baggett @MarkBaggett graciously wrote this script.
# Minor changes by Joshua Wright @joswr1ght.
# Use it to retrieve host name information from the JSON output of tls-scan
# (https://github.com/prbinu/tls-scan) in the subjectCN and subjectAltName
# fields.
import json
import re
import sys
@joswr1ght
joswr1ght / countips.py
Last active Feb 18, 2021
Read a file of network + CIDR masks, one per line; count the number of IP addresses it represents
View countips.py
#!/usr/bin/env python
import sys
def countips(netblock):
cidr = int(netblock.split('/')[1])
return 2**(32 - cidr)
if (len(sys.argv) != 2):
print(f"Usage: {sys.argv[0]} <file with CIDR masks>")
sys.exit(0)
@joswr1ght
joswr1ght / targetnetworks.txt
Created Feb 18, 2021
A list of netblocks with CIDR masks (the AWS us-east-1 range as of 2/17/2021)
View targetnetworks.txt
15.230.56.104/31
52.93.127.163/32
3.2.0.0/24
15.230.137.0/24
52.4.0.0/14
50.16.0.0/15
52.95.208.0/22
52.93.127.169/32
52.94.244.0/22
64.252.69.0/24
@joswr1ght
joswr1ght / aws-us-east-1-iplist.sh
Created Feb 16, 2021
Get AWS IP Addresses for a Specified Area
View aws-us-east-1-iplist.sh
wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r | head -3
@joswr1ght
joswr1ght / aws-iplist-filter-byregion.sh
Created Dec 22, 2020
Get AWS IP list, filtered by region
View aws-iplist-filter-byregion.sh
# This isn't so much of a script as it is a placeholder for something I don't want to forget
wget -qO- https://ip-ranges.amazonaws.com/ip-ranges.json | jq '.prefixes[] | if .region == "us-east-1" then .ip_prefix else empty end' -r
View hid-proxmark-cheat-sheet.md

HID/ProxCard Cheat Sheet

Joshua Wright | josh@willhackforsushi.com | DRAFT/Work-in-Progress

Proxmark3 Iceman Edition Command Function
lf hid read Read from a nearby HID/ProxCard card
wiegand list Display a list of supported Wiegand data formats used by HID cards
lf hid sim -r 2006ec0c86 Simulate a HID/ProxCard with the Wiegand value 2006ec0c86; supply the appropriate Wiegand value for the card you wish to impersonate
lf hid sim -w H10301 --fc 118 --cn 16612 Simulate the card number 16612 with facility code 118 using the H10301 (26-bit HID) format (same as the command above but specifying the FC and CN explicitly)
@joswr1ght
joswr1ght / checkhiddensvc.ps1
Last active Oct 27, 2020
Identify Hidden Windows Services
View checkhiddensvc.ps1
Compare-Object -ReferenceObject (Get-Service | Select-Object -ExpandProperty Name | % { $_ -replace "_[0-9a-f]{2,8}$" } ) -DifferenceObject (gci -path hklm:\system\currentcontrolset\services | % { $_.Name -Replace "HKEY_LOCAL_MACHINE\\","HKLM:\" } | ? { Get-ItemProperty -Path "$_" -name objectname -erroraction 'ignore' } | % { $_.substring(40) }) -PassThru | ?{$_.sideIndicator -eq "=>"}