Sachin Kamath pwnfoo

## network_tunnel_manager.sh
#!/bin/bash
set -euo pipefail

# Check if running as root
if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root"
    exit 1
fi

readonly NETWORK_DEVICE=$(ip route show default | awk '/default/ {print $5; exit}')

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pwnfoo
                / keybase.md
            
            
              Created
              May 18, 2021 03:15
            
          
    Keybase proof

I hereby claim:

I am pwnfoo on github.
I am pwn_foo (https://keybase.io/pwn_foo) on keybase.
I have a public key ASCXi5BiiGlfwZ4alOo0TmdeM8TVAm2ypKd4kOogbmJA6go

To claim this, I am signing this object:

  
## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pwnfoo
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              August 17, 2020 06:11
                — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## ejs.sh
curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# debug mode and absolute/relative urls support (the best one):
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d

## extensions_temp_backup.txt
.0
.1
.2
.3
.tar
.tgz
.zip
.tar.gz
.rar
.cache

## azuread_decrypt_msol_v2.ps1
Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"

$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"

try {
    $client.Open()
} catch {
    Write-Host "[!] Could not connect to localdb..."
    return

## ssh.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJsPb490n5iP7XcwlLxYs6H6tavHour6xFwGa5kaOd5mNOkXLh8w/uSbJlzeSo7UeqTY/o7a+vxklwT/8xQ8woXnt3iRepvhWcZiBmazKLIljAPzstja6T4lUvdcbLJpzQB0UJQewmb4twzuPi8UpwDtGHCZyWBNePEczV/9YSUggtk1TRGz/Yd3x15t1212hd90Pwjz523NDpWOocGxJTnbyFBC5nLky4RPC88cy3z8Dr7CJEYKxtXit5pQsDxWoeTIoagmhwiWPM98ZCGBe0BWiegCPXL4C47u9hJRpRx08MDCbc6RM9yHpZZRG6SOFNq/EijhUxwYgUmEHEfYtL skamath@pwnbox

## fedora-welcome-kit.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pwnfoo
                / fedora-welcome-kit.md
            
            
              Last active
              May 9, 2017 06:04
            
          
    Google Summer of Code 2017

Fedora Project - Welcome Kit


Inspired by the Welcome kit created by Remy DeCauseMaker (decause) which can be found here. Contains content from the original post.

Welcome


## xiomara_stats.txt
------------------
Average Number of Problems Solved per Team (eligible, scoring): 4.036 +/- 3.824
Median Number of Problems Solved per Team (eligible, scoring): 3.000
------------------
Average Number of Problems Solved per User (eligible, user scoring): 3.318 +/- 3.084
Median Number of Problems Solved per User (eligible, user scoring): 2.000
------------------
Team participation averages:
	Team size: 0	0.000 submitted a correct answer	0.000 submitted some answer
	Team size: 1	0.670 submitted a correct answer	0.617 submitted some answer

## signup_params.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pwnfoo
                / signup_params.md
            
            
              Last active
              January 24, 2017 07:59
            
          
    Signs up a user and returns initial details, including the Anokha ID.

Make sure you save the Anokha ID as you might be needing it later.


Type: POST
Authorization Required : NO
Authorization Level : -NA-
Arguments required:

firstName - (1-50 characters long)
lastName - (1-50 characters long)


gender - enum('Male', 'Female')
	#!/bin/bash
	set -euo pipefail

	# Check if running as root
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root"
	exit 1
	fi

	readonly NETWORK_DEVICE=$(ip route show default \| awk '/default/ {print $5; exit}')
	curl -L -k -s https://www.example.com \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| awk -F '//' '{if(length($2))print "https://"$2}' \| sort -fu \| xargs -I '%' sh -c "curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" \| awk -F "['\"]" '{print $2}' \| sort -fu

	# debug mode and absolute/relative urls support (the best one):
	function ejs() {
	URL=$1;
	curl -Lks $URL \| tac \| sed "s#\\\/#\/#g" \| egrep -o "src['\"]?\s[=:]\s['\"]?[^'\"]+.js[^'\"> ]" \| sed -r "s/^src['\"]?[=:]['\"]//g" \| awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' \| sort -fu \| xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" \| sed \"s/[;}\)>]/\n/g\" \| grep -Po \"('#####.)\|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\|(\.(get\|post\|ajax\|load)\s\(\s['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" \| sort -fu" \| tr -d
	Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
	Write-Host "`t[ Updated to support new cryptokey storage method ]`n"

	$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"

	try {
	$client.Open()
	} catch {
	Write-Host "[!] Could not connect to localdb..."
	return
	------------------
	Average Number of Problems Solved per Team (eligible, scoring): 4.036 +/- 3.824
	Median Number of Problems Solved per Team (eligible, scoring): 3.000
	------------------
	Average Number of Problems Solved per User (eligible, user scoring): 3.318 +/- 3.084
	Median Number of Problems Solved per User (eligible, user scoring): 2.000
	------------------
	Team participation averages:
	Team size: 0 0.000 submitted a correct answer 0.000 submitted some answer
	Team size: 1 0.670 submitted a correct answer 0.617 submitted some answer