View docker_aliases.sh
| function dockershell() { | |
| docker run --rm -i -t --entrypoint=/bin/bash "$@" | |
| } | |
| function dockershellsh() { | |
| docker run --rm -i -t --entrypoint=/bin/sh "$@" | |
| } | |
| function dockershellhere() { | |
| dirname=${PWD##*/} |
View Dockerfile
| FROM python:alpine | |
| RUN pip install wsgidav cheroot | |
| RUN mkdir -p /webdav/share && mkdir -p /srv/data/share | |
| COPY run.sh /webdav/ | |
| WORKDIR /webdav/ | |
| ENTRYPOINT "/webdav/run.sh" |
View Dockerfile
| FROM nginx:stable | |
| RUN apt-get update && apt-get install -y openssl | |
| RUN mkdir -p /etc/nginx/ssl && mkdir -p /srv/data | |
| COPY default.conf /etc/nginx/conf.d/ | |
| COPY start.sh / | |
| ENTRYPOINT [ "/start.sh" ] |
View Dockerfile
| FROM python:2.7-alpine | |
| RUN apk --update --no-cache add \ | |
| zlib-dev \ | |
| musl-dev \ | |
| libc-dev \ | |
| gcc \ | |
| libffi-dev \ | |
| openssl-dev && \ | |
| rm -rf /var/cache/apk/* | |
| RUN mkdir -p /opt/impacket |
View Dockerfile
| ARG CENTOSIMAGE=astj/centos5-vault | |
| FROM ${CENTOSIMAGE} | |
| RUN yum install -y perl curl wget gcc c++ make glibc-devel glibc-devel.i386 |
View cors_poc_test.html
| <html> | |
| <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script> | |
| <h1>CORS Test PoC</h1> | |
| <label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/> | |
| <input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/> | |
| <input type="submit" id="submit_btn" value="Make Request"> | |
| <hr> | |
| <p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p> | |
| <div id="test_data" style="border:1px solid darkred; color: red"> |
View find_moles.py
| #!/usr/bin/env python2 | |
| # load the infraction json data | |
| import json | |
| with open('infractions.json', 'r') as fp: | |
| data = json.loads(fp.read()) | |
| infractions = data['infractions'] | |
| # get all the names and generate the naughty list from the CSV | |
| names = [] |
View startTerminator.vbs
| args = "-c" & " -l " & """DISPLAY=:0 terminator""" | |
| WScript.CreateObject("Shell.Application").ShellExecute "bash", args, "", "open", 0 |
ropnop
/ lookupadmins.py
Last active May 15, 2019
Python script using Impacket to enumerate local administrators over SAMR
View lookupadmins.py
| #!/usr/bin/env python | |
| # | |
| # Title: lookupadmins.py | |
| # Author: @ropnop | |
| # Description: Python script using Impacket to query members of the builtin Administrators group through SAMR | |
| # Similar in function to Get-NetLocalGroup from Powerview | |
| # Won't work against Windows 10 Anniversary Edition unless you already have local admin | |
| # See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016 | |
| # | |
| # Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket |
ropnop
/ kinit_user_brute.sh
Created Jul 28, 2017
A quick script to perform horizontal password spraying against a user list by requesting TGTs from the DC with kinit
View kinit_user_brute.sh
| #!/bin/bash | |
| # Title: kinit_user_brute.sh | |
| # Author: @ropnop | |
| # Description: This is a PoC for doing horiztonal password sprays using 'kinit' to try to check out a TGT from a Domain Controller | |
| # The script configures the realm and KDC for you based on the domain provided and the domain controller | |
| # Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf | |
| # Only tested with Heimdal kerberos (error messages might be different for MIT clients) | |
NewerOlder