ropnop

#!/usr/bin/python

print 'Hello World'

ropnop

#!/usr/bin/env python

import sys
from hashlib import sha256

def checkPassword(encrypted, plaintext, iterations=100000, verbose=False):
    hexstring = encrypted.decode('base64').encode('hex') # i hate working with bytes
    salt = hexstring[:32]
    correct = hexstring[32:]
    if verbose:

ropnop

#!/usr/bin/env python2

# Author: @ropnop (Ronnie Flathers)
# Simple script to ingest a Python file (e.g. a shell) and return a oneliner command
# Useful with command injection vulns
# Based entirely off of Metasploit's "reverse_python.rb" payload
#   Credit to Brendan Coles <bcoles[at]gmail.com>
#
# Example:
#   $ python make_oneliner.py pty_shell.py

ropnop

#!/bin/bash

# Title: kinit_brute.sh
# Author: @ropnop
# Description: This is a PoC for bruteforcing passwords using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)
# Note: this *will* lock out accounts if a domain lockout policy is set. Be careful

ropnop

#!/bin/bash

# Title: kinit_user_brute.sh
# Author: @ropnop
# Description: This is a PoC for doing horiztonal password sprays using 'kinit' to try to check out a TGT from a Domain Controller
# The script configures the realm and KDC for you based on the domain provided and the domain controller
# Since this configuration is only temporary though, if you want to actually *use* the TGT you should actually edit /etc/krb5.conf
# Only tested with Heimdal kerberos (error messages might be different for MIT clients)

ropnop

#!/usr/bin/env python
#
# Title: lookupadmins.py
# Author: @ropnop
# Description: Python script using Impacket to query members of the builtin Administrators group through SAMR
# Similar in function to Get-NetLocalGroup from Powerview
# Won't work against Windows 10 Anniversary Edition unless you already have local admin
# See: http://www.securityweek.com/microsoft-experts-launch-anti-recon-tool-windows-10-server-2016
#
# Heavily based on original Impacket example scripts written by @agsolino and available here: https://github.com/CoreSecurity/impacket

ropnop

args = "-c" & " -l " & """DISPLAY=:0 terminator"""
WScript.CreateObject("Shell.Application").ShellExecute "bash", args, "", "open", 0

ropnop

#!/usr/bin/env python2

# load the infraction json data
import json
with open('infractions.json', 'r') as fp:
    data = json.loads(fp.read())
    infractions = data['infractions']

# get all the names and generate the naughty list from the CSV
names = []

ropnop

<html>
<script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
<h1>CORS Test PoC</h1>
<label for="target_url">Endpoint to test: </label><input type="url" id="target_url" size=100 placeholder="Target URL"><br/>
<input type="checkbox" id="with_creds_checkbox" value="with_creds"><label for="with_creds_checkbox">With Credentials?</label><br/>
<input type="submit" id="submit_btn" value="Make Request">
<hr>
<p>If the site is vulnerable to an overly permissive CORS policy, the response of the above request will appear in the box below</p>

<div id="test_data" style="border:1px solid darkred; color: red">

ropnop

ARG CENTOSIMAGE=astj/centos5-vault

FROM ${CENTOSIMAGE}
RUN yum install -y perl curl wget gcc c++ make glibc-devel glibc-devel.i386