milo2012

from libnmap.parser import NmapParser
import requests, optparse, os, sys, glob, multiprocessing
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings()
timeout=1.0
numOfThreads=2

#This script parses nmap XML file and extract HTTP/HTTPs servers.
#The problem with Nmap scanning is that it doesn't correctly identify all hosts running HTTP/HTTPS services.

milo2012

$  sudo python msfHelper1.py  nmap__190723_132536.xml  
[*] Launching Metasploit msfrpcd
[*] Reading from msfHelper.db
[*] Loaded 474 URI paths from msfHelper.db

[*] Loaded 2982 modules from Metasploit

[List of Unique Service Banners]
--------  ----------------------------------------------------------------------------
21/tcp    vsftpd version: 2.3.4 ostype: Unix

milo2012

import paramiko, sys, logging, optparse, os
sys.tracebacklimit = 0
logging.raiseExceptions=False
acceptedCipherList=[]
acceptedMacList=[]
acceptedKeyList=[]
acceptedKexList=[]
cipherList = (
    "aes128-ctr",

milo2012

#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
import sys, glob, optparse
reload(sys);
from netaddr import IPNetwork
from libnmap.parser import NmapParser
ipDict={}
scopeDict={}

accessibleList=[]

milo2012

Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002

#Install vulnerable docker version of Jenkins
$ docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.121.2
- Go to http://127.0.0.1:8080
- Install suggested plugins
- Create a user account (admin|admin)
- Click "New Item"
- Under Item Name, enter 'Helloworld', choose 'Pipeline' and click 'OK'
- Under 'Pipeline', untick 'Use Groovy Sandbox' and click 'Save'

milo2012

#!/usr/bin/python
'''
$ python sniffCert.py -h
Usage: sniffCert.py [options]

Options:
  -h, --help      show this help message and exit
  -i INTERFACENO  Interface to sniff
  
$ python sniffCert.py -i en0

milo2012

#Burp SSL Certificate on IOS 11
On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it.
You can do this by:
Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert
----------------------------------------------------------------------------------------------------------------
#GDB on IOS 11
Source: https://shmoo419.github.io/
gdb
ps -ax | grep -i appName
attach [processNo]

milo2012

#Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187
Notes:
Include 1) 1Password 7.app (Gatekeeper Approved) 2) StuffIt Expander.app/Backdoor (Not Approved) in /tmp/apps. You will be allowed to run both 1) and 2) (Gatekeeper bypass)

Alternative one liner: 
$ pkgbuild --root /tmp/apps --identifier com.microsoft --install-location /Applications mypackage.pkg 

milo2012

Yokogawa;CENTUM CS 3000 DCS;CENTUM:CENTUM
Yokogawa;EJX910A Multivariable Transmitter HART Communication Type;YOKOGAWA. (to release the Write Protect mode)
Yokogawa;WT 3000 Driver;anonymous:blank (Ethernet access)
Yokogawa;DX1000/DX1000N/DX2000 Advanced;Administrator 1:Admin1 etc./ User 1:User01 etc.
Yokogawa;YFGW410 gateway;admin:!admin
Wonderware;System Platform/Archestra;administrator:blank
Wonderware;Intouch;Administrator:Wonderware
Wonderware;Historian;SQL Server Login: aadbo:pwddbo, wwdbo:pwddbo, aaAdmin:pwAdmin, wwAdmin:wwAdmin, aaPower:pwPower, wwPower:wwPower, aaUser:pwUser, wwUser:wwUser
Westermo;TDW 33;no password, just return, Hardcoded password: n3Y9kA6otYZu8, (?? TD-36)
Westermo;MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455;admin:westermo

milo2012

package main

import (
	"sync"
	//"strconv"
	"io"
	"net/http"
        "archive/zip"
        "path/filepath"
	"bufio"