Aaron Meriwether p120ph37

## discover_assumable_roles.py
import boto3
import botocore

stsc = boto3.client('sts')
iamc = boto3.client('iam')
iamr = boto3.resource('iam')
iam_paginator = iamc.get_paginator('list_roles')
iam_page_iterator = iam_paginator.paginate()

iam_user_arn = 'arn:aws:iam::369786485381:user/ameriwether' # iam_user.arn

## perl_inject.pl
#!/usr/bin/perl
use warnings;
use strict;
use threads;
use File::Temp;
use POSIX qw/mkfifo/;

my $pid = shift @ARGV;
my $eval = shift @ARGV || 'require Carp; local $Carp::CarpLevel = 1; Carp::cluck(\'Currently\');';
my $thread = $ENV{'GDB_THREAD'} || 'all';

## VIPAccess.exp
#!/usr/bin/expect -f
#
# VIPAccess.exp
#
# Command-line emulation of Symantec's VIP Access software token.
# Usage:
#  ./VIPAccess.exp [v]
# If the "v" argument (or any argument) is specified, verbose output
# will be produced on stderr.  The OTP value will be output on stdout.
#

## curl_file_exists.sh
url='http://example.com/index.html'
# "HEAD" request
#  (most servers support "HEAD", but some don't)
if curl -sfILo/dev/null "$url"; then
  echo "URL exists"
else
  echo "URL does not exist"
fi

## csd-wrapper.sh
#!/bin/bash

unset URL TICKET STUB GROUP CERTHASH LANGSELEN
shift
while [ "$1" ]; do
    if [ "$1" == "-ticket" ];    then shift; TICKET=$1; fi
    if [ "$1" == "-stub" ];      then shift; STUB=$1; fi
    if [ "$1" == "-group" ];     then shift; GROUP=$1; fi
    if [ "$1" == "-certhash" ];  then shift; CERTHASH=$1; fi
    if [ "$1" == "-url" ];       then shift; URL=$1; fi

## ip-up
#!/bin/sh
####################################################
##                                                ##
## PPP VPN split-network/split-DNS script for OSX ##
## by Aaron Meriwether                            ##
##                                                ##
## installation:                                  ##
## sudo cp thisfile /etc/ppp/ip-up                ##
## sudo chmod 755 /etc/ppp/ip-up                  ##
##                                                ##

## basicauthpost.c
/*
 * HTTP POST with authentiction using "basic" method.
 * Hybrid of anyauthput.c and postinmemory.c
 *
 * Usage:
 * cc basicauthpost.c -lcurl -o basicauthpost
 * ./basicauthpost
 *
 */
#include <stdio.h>

## d64
#!/bin/sh

((V=N=0))
while :; do
    ((V<<=6,++N))
    IFS= read -n1 C && {
        printf -vC '%d' "'$C"
        ((C=C>64&&C<91?C-65:C>96&&C<123?C-71:C>47&&C<58?C+4:C==43?62:C==47?63:(V>>=6,--N,0),V|=C))
    }
    ((N==4)) && {

## minio-client.sh
# Using AWS instance IAM role to provide credentials to minio-client cli.
# Works in Alpine 3.18+ (the minio-client package is not available in 3.17)
# Should also work anywhere else minio, curl, and jq can run.
# Provides a very-lightweight way to access S3 from Alpine

apk add minio-client curl jq

export MC_HOST_s3=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ | head -1) | jq -r '"https://\(.AccessKeyId):\(.SecretAccessKey):\(.Token)@s3.amazonaws.com"')

mcli ls s3/mybucket

## dualfactor_anyconnect.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
            
              
                
                3 comments
              
            
          
            
              
              3 stars
            
          
        
        
          
              
          
          
            
                p120ph37
                / dualfactor_anyconnect.md
            
            
              Last active
              September 29, 2022 03:39
            
              
                How to connect to a Cisco AnyConnect VPN server from the OSX (or Linux) command-line without using the AnyConnect client. Specifically, one which uses VeriSign/Symantec VIP Access dual-factor tokens.
              
          
        
      
        
  
      
    (For Linux users, make sure you have oathtool and openconnect, then start from Step 6.  If you don't have a token secret key, have a friend generate one for you on OSX via steps 3-5)
Step 1

Get homebrew and install oath-toolkit, openconnect, and tuntap.

And follow the additional tuntap installation instructions!
Step 2

After the tuntap module is installed, reboot or use kextload to activate it.
	import boto3
	import botocore

	stsc = boto3.client('sts')
	iamc = boto3.client('iam')
	iamr = boto3.resource('iam')
	iam_paginator = iamc.get_paginator('list_roles')
	iam_page_iterator = iam_paginator.paginate()

	iam_user_arn = 'arn:aws:iam::369786485381:user/ameriwether' # iam_user.arn
	#!/usr/bin/perl
	use warnings;
	use strict;
	use threads;
	use File::Temp;
	use POSIX qw/mkfifo/;

	my $pid = shift @ARGV;
	my $eval = shift @ARGV \|\| 'require Carp; local $Carp::CarpLevel = 1; Carp::cluck(\'Currently\');';
	my $thread = $ENV{'GDB_THREAD'} \|\| 'all';
	#!/usr/bin/expect -f
	#
	# VIPAccess.exp
	#
	# Command-line emulation of Symantec's VIP Access software token.
	# Usage:
	# ./VIPAccess.exp [v]
	# If the "v" argument (or any argument) is specified, verbose output
	# will be produced on stderr. The OTP value will be output on stdout.
	#
	url='http://example.com/index.html'
	# "HEAD" request
	# (most servers support "HEAD", but some don't)
	if curl -sfILo/dev/null "$url"; then
	echo "URL exists"
	else
	echo "URL does not exist"
	fi
	#!/bin/bash

	unset URL TICKET STUB GROUP CERTHASH LANGSELEN
	shift
	while [ "$1" ]; do
	if [ "$1" == "-ticket" ]; then shift; TICKET=$1; fi
	if [ "$1" == "-stub" ]; then shift; STUB=$1; fi
	if [ "$1" == "-group" ]; then shift; GROUP=$1; fi
	if [ "$1" == "-certhash" ]; then shift; CERTHASH=$1; fi
	if [ "$1" == "-url" ]; then shift; URL=$1; fi
	#!/bin/sh
	####################################################
	## ##
	## PPP VPN split-network/split-DNS script for OSX ##
	## by Aaron Meriwether ##
	## ##
	## installation: ##
	## sudo cp thisfile /etc/ppp/ip-up ##
	## sudo chmod 755 /etc/ppp/ip-up ##
	## ##
	/*
	* HTTP POST with authentiction using "basic" method.
	* Hybrid of anyauthput.c and postinmemory.c
	*
	* Usage:
	* cc basicauthpost.c -lcurl -o basicauthpost
	* ./basicauthpost
	*
	*/
	#include <stdio.h>
	#!/bin/sh

	((V=N=0))
	while :; do
	((V<<=6,++N))
	IFS= read -n1 C && {
	printf -vC '%d' "'$C"
	((C=C>64&&C<91?C-65:C>96&&C<123?C-71:C>47&&C<58?C+4:C==43?62:C==47?63:(V>>=6,--N,0),V\|=C))
	}
	((N==4)) && {
	# Using AWS instance IAM role to provide credentials to minio-client cli.
	# Works in Alpine 3.18+ (the minio-client package is not available in 3.17)
	# Should also work anywhere else minio, curl, and jq can run.
	# Provides a very-lightweight way to access S3 from Alpine

	apk add minio-client curl jq

	export MC_HOST_s3=$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$(curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/ \| head -1) \| jq -r '"https://\(.AccessKeyId):\(.SecretAccessKey):\(.Token)@s3.amazonaws.com"')

	mcli ls s3/mybucket