This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################################## | |
# | |
# Thinkst Canary user module | |
# to turn into a high interactive honeypot | |
# https://canary.tools/ | |
# | |
# Ingrediants used: | |
# - WSL | |
# - Developer documentation - https://canary.tools/help/user-modules | |
# - Opencanary for development - https://github.com/thinkst/opencanary/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
######################################################################## | |
# | |
# Thinkst Canary user module | |
# to turn into a high interactive honeypot | |
# https://canary.tools/ | |
# | |
# Ingrediants used: | |
# - WSL | |
# - Developer documentation - https://canary.tools/help/user-modules | |
# - Opencanary for development - https://github.com/thinkst/opencanary/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
REM °² Calc file hashes and check they are present ²° | |
REM °² in a file ²° | |
REM °² ²° | |
REM °² twitter: @ollieatnccgroup ²° | |
REM °²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²²° | |
REM example usage |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# First we need to register a beacon with a directory traversal in the ip address field | |
ip_address = "../../../../../../%s" % os.path.split(args.filepath)[0] | |
# Generate symmetric keys (used later) | |
raw_aes_keys = os.urandom(16) | |
aes_key, hmac_key = generate_keys(raw_aes_keys) | |
m = Metadata(public_key=args.public_key, cs_version=3) | |
m.public_key = args.public_key | |
m.bid = args.bid |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
VEH using process enumerator for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:16.04 | |
RUN apt-get update && apt-get install -y openssh-server | |
RUN mkdir /var/run/sshd | |
RUN echo 'root:toor' | chpasswd | |
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config | |
# SSH login fix. Otherwise user is kicked off after login | |
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:16.04 | |
RUN apt-get update && apt-get install -y openssh-server | |
RUN mkdir /var/run/sshd | |
RUN echo 'root:toor' | chpasswd | |
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config | |
# SSH login fix. Otherwise user is kicked off after login | |
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
Thread Start Address Enumerator for Microsoft Windows | |
Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
Released under AGPL see LICENSE for more information | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// MEMGUARD.cpp : Simulate a process we want to dump | |
// | |
// Dump early with MEMGUARDDump then | |
// - strings.exe memguard.dmp | findstr HiLo | |
// HiLo - %d | |
// | |
// Dump later with MEMGUARDDump then | |
// - | |
// HiLo - %d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// based on https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/ | |
// Licensed under the terms of GPLv3 (or any later version) at your choice | |
// | |
// works for daemons which can be run in the foreground | |
// | |
// gcc nccsslpasswdlog.c -shared -o nccsslpasswdlog.so -fPIC -ldl | |
// | |
// | |