Ollie olliencc

## canaryproxy0.1.py
########################################################################
#
#                    Thinkst Canary user module
#               to turn into a high interactive honeypot
#                      https://canary.tools/
#
# Ingrediants used:
#    - WSL
#    - Developer documentation - https://canary.tools/help/user-modules
#    - Opencanary for development - https://github.com/thinkst/opencanary/

## canaryproxy0.2.py
########################################################################
#
#                    Thinkst Canary user module
#               to turn into a high interactive honeypot
#                      https://canary.tools/
#
# Ingrediants used:
#    - WSL
#    - Developer documentation - https://canary.tools/help/user-modules
#    - Opencanary for development - https://github.com/thinkst/opencanary/

## md5check.bat
@echo off

REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
REM °² Calc file hashes and check they are present      ²°
REM °² in a file                                        ²°
REM °²                                                  ²°
REM °² twitter: @ollieatnccgroup                        ²°
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°

REM example usage

## exploit.py
# First we need to register a beacon with a directory traversal in the ip address field
    ip_address = "../../../../../../%s" % os.path.split(args.filepath)[0]

    # Generate symmetric keys (used later)
    raw_aes_keys = os.urandom(16)
    aes_key, hmac_key = generate_keys(raw_aes_keys)

    m = Metadata(public_key=args.public_key, cs_version=3)
    m.public_key = args.public_key
    m.bid = args.bid

## WindowsVEHusingProcEnum.cpp
/*
VEH using process enumerator for Microsoft Windows

Released as open source by NCC Group Plc - http://www.nccgroup.com/

Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com

Released under AGPL see LICENSE for more information
*/

## Dockerfile
FROM ubuntu:16.04

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

## Dockerfile
FROM ubuntu:16.04

RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd

## WindowsThreadStartModule.cpp
/*
Thread Start Address Enumerator for Microsoft Windows

Released as open source by NCC Group Plc - http://www.nccgroup.com/

Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com

Released under AGPL see LICENSE for more information
*/

## MEMGUARD.cpp
//
// MEMGUARD.cpp : Simulate a process we want to dump
//
// Dump early with MEMGUARDDump then
//    - strings.exe memguard.dmp | findstr HiLo
//      HiLo - %d
//
// Dump later with MEMGUARDDump then
//    -
//     HiLo - %d

## dumpprivatekeypassword.c
//
// based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/
// Licensed under the terms of GPLv3 (or any later version) at your choice
//
// works for daemons which can be run in the foreground
//
// gcc nccsslpasswdlog.c -shared -o nccsslpasswdlog.so -fPIC -ldl
//
//
	########################################################################
	#
	# Thinkst Canary user module
	# to turn into a high interactive honeypot
	# https://canary.tools/
	#
	# Ingrediants used:
	# - WSL
	# - Developer documentation - https://canary.tools/help/user-modules
	# - Opencanary for development - https://github.com/thinkst/opencanary/
	@echo off

	REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°
	REM °² Calc file hashes and check they are present ²°
	REM °² in a file ²°
	REM °² ²°
	REM °² twitter: @ollieatnccgroup ²°
	REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²°

	REM example usage
	# First we need to register a beacon with a directory traversal in the ip address field
	ip_address = "../../../../../../%s" % os.path.split(args.filepath)[0]

	# Generate symmetric keys (used later)
	raw_aes_keys = os.urandom(16)
	aes_key, hmac_key = generate_keys(raw_aes_keys)

	m = Metadata(public_key=args.public_key, cs_version=3)
	m.public_key = args.public_key
	m.bid = args.bid
	/*
	VEH using process enumerator for Microsoft Windows

	Released as open source by NCC Group Plc - http://www.nccgroup.com/

	Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com

	Released under AGPL see LICENSE for more information
	*/
	FROM ubuntu:16.04

	RUN apt-get update && apt-get install -y openssh-server
	RUN mkdir /var/run/sshd
	RUN echo 'root:toor' \| chpasswd
	RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config

	# SSH login fix. Otherwise user is kicked off after login
	RUN sed 's@session\srequired\spam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
	/*
	Thread Start Address Enumerator for Microsoft Windows

	Released as open source by NCC Group Plc - http://www.nccgroup.com/

	Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com

	Released under AGPL see LICENSE for more information
	*/
	//
	// MEMGUARD.cpp : Simulate a process we want to dump
	//
	// Dump early with MEMGUARDDump then
	// - strings.exe memguard.dmp \| findstr HiLo
	// HiLo - %d
	//
	// Dump later with MEMGUARDDump then
	// -
	// HiLo - %d
	//
	// based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/
	// Licensed under the terms of GPLv3 (or any later version) at your choice
	//
	// works for daemons which can be run in the foreground
	//
	// gcc nccsslpasswdlog.c -shared -o nccsslpasswdlog.so -fPIC -ldl
	//
	//