singe

services:
  socat:
    image: alpine/socat
    # Connects to a service running on port 1337 on the host machine and creates a unix socket listener
    command: UNIX-LISTEN:/sockets/shared.sock,unlink-early,unlink-close,fork TCP-CONNECT:host.docker.internal:1337,reuseaddr
    # unlink-* deletes the socket file before start up and when the connection is closed
    restart: unless-stopped
    volumes:
      - sockets:/sockets
    # It needs access to the host, hence the default network

singe

macOS Seatbelt/Sandbox Trace Script

macOS sandbox profiles used to be able to include a trace command that would write all the denied operations to a sandbox profile, allowing a profile to be iterativley built up. Apple removed that functionality for reasons explained below.

trace.sh examines the kernel log for the denied operations and creates the relevant allow rules in a sandbox profile, just like the sandbox profile trace command used to.

shrink.sh tries to reduce a sandbox profile to the minimum lines necessary.

It's very rough and ready at the moment (check the sed regex'es in the script to see what I mean) and needs more testing with a wider set of use cases.

singe

# By Dominic White ( @singe@chaos.social / @singe@twitter.com )
#
# I've been rolling this font for nearly two decades. I can't remember who wrote
# it originally, but I stole enough of it to not take any credit. I've just
# updated it here and there. The latest for Oh-My-Zsh

prompt_setup_singe() {
  colour1="%{$fg[blue]%}" #line
  colour2="%{$fg[green]%}" #directory
  colour3="%{$fg[magenta]%}" #time, user, host

singe

singe

#!/bin/sh

# A quick 'n dirty website mirror script
# by @singe
# Ideally, wget -r should mirror a site, but modern websites are complex, this
# tries to fix the gaps of what is typically mixed.
# It's been tested on 3 or 4 sites, and likely needs more tricks added.

sourcedomain="$1"
depth="$2"

singe

Using OSC7 to trigger a canary token in text files

macOS' Terminal.app supports the OSC7 escape code for notifying the terminal of the current working directory. It also supports the file:// URL scheme. This means you can embed a hostname in the instruction, and the host will perform a DNS lookup against it. It also won't visibly render in the terminal.

You can create the escape code like this: printf '\033]7;file://<hostname>\033\\'

I tested Terminal.app, Microsoft command shell, Windows Terminal and Alacritty and it only worked on Terminal.app. OSC7 support is contentious across other terminals according to various pull request discussions.

This was discussed in @stokfredrik's BlackHat/Defcon 2023 talk https://i.blackhat.com/BH-US-23/Presentations/US-23-stok-weponizing-plain-text-ansi-escape-sequences-as-a-forensic-nightmare-appendix.pdf

singe

import datetime
import ui

v = ui.load_view()
width, height = ui.get_screen_size()
v.frame = (0, 0, width, height)
v.present('sheet')

first = datetime.datetime(2023, 1, 1, 0, 0, 0, 0)

singe

#!/bin/bash

# hashcat mask generator
# by @singe

infile="$1"
outfile="$1.freq.masks"
outfile2="$1.length.masks"
tmp=$(mktemp)

singe

#!/bin/sh
file="$1"
tmp=$(mktemp)

# change specials & digits to hashcat format
sed -e "s/[[:punct:]]/?s/g" \
    -e "s/[[:digit:]]/?d/g" \
    $file \
    > $tmp \
&& \

singe

#!/bin/bash
# Convert hashcat.pot to john.pot and merge them
# Usage: hc-to-john.sh <hashcat pot> <john pot>
# NB: Make sure the hashcat pot only contains 16
# and 32 character hashes that are LM and NT hashes

tmp1=$(mktemp -t pot-port)
tmp2=$(mktemp -t pot-port)
hashpot=$1
LC_ALL=UTF-8 sed 's/^\([a-f0-9]\{32\}:[^:]*\)$/$NT$\1/' $hashpot | grep '^\$NT\$' > $tmp1