richardcurteis

url - https://aws.amazon.com/blogs/security/a-safer-way-to-distribute-aws-credentials-to-ec2/

Finding hard-coded credentials in your code
Hopefully you’re excited about deploying credentials to EC2 that are automatically rotated.  Now that you’re using Roles, a good security practice would be to go through your code and remove any references to AKID/Secret.  We suggest running the following regular expressions against your code base:

Search for access key IDs: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9]).  In English, this regular expression says: Find me 20-character, uppercase, alphanumeric strings that don’t have any uppercase, alphanumeric characters immediately before or after.
Search for secret access keys: (?<![A-Za-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=]).  In English, this regular expression says: Find me 40-character, base-64 strings that don’t have any base 64 characters immediately before or after.
If grep is your preferred tool, run a recursive, Perl-compatible search using the following commands

richardcurteis

'wget.vbs - similar to wget but written in vbscript
'based on a script by Chrissy LeMaire

' Usage
if WScript.Arguments.Count < 1 then
  MsgBox "Usage: wget.vbs <url> (file)"
  WScript.Quit
end if

' Arguments

richardcurteis

$socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413);

if($socket -eq $null){
	exit 1
}

$socket.start()
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"

richardcurteis

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

richardcurteis

.
..
........
@
*
*.*
*.*.*
🐎

richardcurteis

#!/usr/bin/env python
import sys
if __name__ == "__main__":
	if len(sys.argv) < 2:
		print "usage: %s file.bin\n" % (sys.argv[0],)
		sys.exit(0)

	shellcode = "\""
	ctr = 1
	maxlen = 15

richardcurteis

Import a script from the repository using a name-based path: 

<import resource="/Company Home/Data Dictionary/Scripts/library.js">

Import a script from the repository using a NodeRef reference: 

<import resource="workspace://SpacesStore/6f73de1b-d3b4-11db-80cb-112e6c2ea048">

Import a script from a Java classpath location: 

richardcurteis

#!/usr/bin/python3

import requests
import base64

target = f"http://127.0.0.1:3000/"

cmd = "/bin/sh"

attackerIp = "127.0.0.1"

richardcurteis

#!/usr/bin/python3

import ipaddress
import sys
import re

VALID_HOSTS = []
INFILE = []

def enum_cidr(host):

richardcurteis

# generate server.pem with the following command:
#    openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes
# run as follows:
#    python3 simple-https-server.py
# then in your browser, visit:
#    https://localhost:8443

#!/usr/bin/env python3
from http import server
import ssl