I hereby claim:
- I am mcorybillington on github.
- I am th3y (https://keybase.io/th3y) on keybase.
- I have a public key ASC2nFUdxkdbrA6Ntrczt6VuKdgB4PUuRQNJhFsQpEbgBQo
To claim this, I am signing this object:
while :; do ping -c1 -w1 8.8.8.8 &>/dev/null && echo "UP: $(date -R)" && break || echo "DOWN: $(date -R)";sleep 1;done;(speaker-test -t sine -f 1000 > /dev/null)& pid=$!;sleep 3s;kill -9 $pid |
## Credits to the following projects for a lot of this powershell code and just general inspiration | |
## https://github.com/chvancooten/OSEP-Code-Snippets | |
## https://www.trustedsec.com/blog/native-powershell-x86-shellcode-injection-on-64-bit-platforms/ | |
from argparse import ArgumentParser | |
import subprocess | |
import base64 | |
import os | |
#!/bin/bash | |
TODAY="$(date '+%Y-%b-%d')" | |
curl -s "https://<domain>/some-list" \ | |
-o "/path/to/working/dir/${TODAY}-domains.txt" | |
function check_ports() | |
{ | |
echo "Checking $1" |
#!/bin/bash | |
VPN_INTERFACE="tun0" | |
LAN_INTERFACE="enp1s0" | |
UFW="/usr/sbin/ufw" | |
"${UFW}" enable | |
"${UFW}" --force reset | |
"${UFW}" default deny incoming | |
"${UFW}" default deny outgoing |
## Highly recommend testing this adequately. I threw it together and tested on a few local VM's. Not responsbile for bad things that happen due to negligence/failure to adequately test first. | |
--- | |
- name: Identify manually placed setuid binaries | |
gather_facts: true | |
hosts: all | |
tasks: | |
- name: Search for manually placed setuid binaries | |
shell: find / -xdev -user root -perm -4000 -printf '%M %TF %TT %p\n' 2>/dev/null | grep -v 0000000000 |
# Original credit: https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a | |
# pip3 install mmh3 | |
import requests | |
from codecs import encode | |
from argparse import ArgumentParser | |
import mmh3 | |
def main(): | |
parser = ArgumentParser(description="Shodan favicon hash generator") |
I hereby claim:
To claim this, I am signing this object:
# Credit for this: https://nickbloor.co.uk/2018/02/28/popping-wordpress/ | |
# I just made them print statements instead of logging... | |
<?php | |
if(!class_exists("UniversalPOPGadget")) { | |
class UniversalPOPGadget { | |
public function __construct() { echo "UniversalPOPGadget::__construct()\n"; } | |
public function __destruct() { echo "UniversalPOPGadget::__destruct()\n"; } | |
public function __call($name, $args) { | |
echo "UniversalPOPGadget::__call(" . $name . ", " . implode(",", $args) . ")\n"; | |
} |
#!/bin/bash | |
# Credit to Kevin Backhouse and GitHub Security Lab, I just scripted this... | |
# Original writeup: https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE | |
# CVE-2020-16125 | |
echo "[+] Creating symlink" | |
ln -s /dev/zero .pam_environment; | |
echo "[+] Changing region" |
from threading import Thread | |
from requests.exceptions import ConnectionError, ReadTimeout | |
from requests import head | |
from queue import Queue | |
from sys import argv, exit | |
concurrent = 200 | |
def do_work(): |