Skip to content

Instantly share code, notes, and snippets.

@miketweaver
miketweaver / passgen.pl
Created May 27, 2016
/dev/urandom Perl password Generator
View passgen.pl
#!/usr/bin/perl;
my $Matchlist = "abcdefghijklmnopqrstuvwxyz0123456789";
my $Length = 14;
my $RandomDevice = "/dev/urandom";
my $password = "";
open RANDOMDEVICE, $RandomDevice
or die "Can't open random device $RandomDevice: $!\n";
View ducky_instructions.md

Empire with a Ducky

by bashNinja (Mike Weaver)

Goals

In this lab, you will work with a rather simple device, a RubberDucky. It acts as a Keyboard HID which will be automatically detected and accepted by most modern operating systems. This allows you to exploit the trust of a local user on a keyboard and run commands at speeds beyond 1000 words per minute bypassing traditional countermeasures. We will start by writing a simple attack on a Windows Machine, and then we will move onto more complex payloads.

Background Information

USB RubberDucky details The RubberDucky comes in two parts. The Ducky itself and a MicroSD card. The MicroSD card needs to be formatted to FAT or FAT32. The Ducky reads a file from /inject.bin which is an encoded version of our payload.

View display.lua
-- Really random test code for the MAx7219.
-- Chain 7 segment display off dev board
-- Chain 8x8 matix off of 7 segment display.
-- run this code to get 87654321. Assuming the L to R digit layout is just the
-- dev boards we picked up.
-- Functions:
--
-- DISPLAY.text(str)
-- Displays the text, takes a string.
View pgp.md

GPG Practical Exercise

Create your master keys

  • Create gnupg folder

    $ mkdir -p ~/.gnupg/
    
@miketweaver
miketweaver / install-nightshade.md
Created Jul 7, 2017
NightShade Install Instructions
View install-nightshade.md

Install NightShade

Get NightShade Files

git clone https://github.com/UnrealAkama/NightShade
cd NightShade

Setup Pip and Postgres

sudo apt update
@miketweaver
miketweaver / upload.sh
Last active Sep 15, 2017
UploadX Upload via Bash Script
View upload.sh
#!/bin/bash
#Copyright 2017 Mike Weaver
#Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
#The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
View API.md

Command:

curl -X POST   https://api.passwordctf.com/hashes   -d '{
"data": {
"user_name": "USERNAME GOES HERE",
"api_key": "API KEY GOES HERE",
"hashes": [
"a2477e96493f08578eac08f015ec74ead449cd04:73f1e0a2254a21f094652b8b82b2f586"
]
}
View validate.py
#!/usr/bin/env python
import hashlib
score = 0
plaintext = "plaintext.txt"
hashes = "hashes.txt"
plainfile = open(plaintext)
hashfile = open(hashes)
View NewValidator.py
#!/usr/bin/env python
import hashlib
import binascii
score = 0
hashfile = "newformat.txt"
# Notes:
# Chars 0-39 are the first 40 chars of the hash
View SecondValidationMethod.md

So, for validation, here is my suggestion. Works for however people want to submit (separate hashes.txt, password.txt or combined "hash:pass" file).

  • grab a copy of mdxfind/mdsplit from http://hashes.org . Ensure you have the contest-orginal pcrack.master.hashed.txt file (it will be read-only).

  • If separate files:

     mdxfind -f pcrack.master.hashed.txt -h ^sha1$ plaintext.txt >result
     mdsplit -f result hashes.txt

You will be left with hashes.txt and hashes.SHA1x01. The hashes.SHA1x01 are the validated number of cracks (wc -l to get number), and any invalid hash submissions will be in hashes.txt. If this file is empty, all hashes validated.

You can’t perform that action at this time.