ChristianBagley

Tools

• Metaspoit: Penetration testing software
• BeEF: The Browser Exploitation Framework
• PTF: Penetration Testers Framework
• Bettercap: MITM framework
• Nessus: Vulnerability scanner
• AutoNessus: Auto Nessus
• BDFProxy: Patch Binaries via MITM (BackdoorFactory)
• Xplico: Network Forensic Analysis Tool (eg. parse pcap file)

ChristianBagley

from itertools import permutations

def nextBiggest():
inputNumber = str(input('Enter number: '))
for i in sorted(permutations(str(inputNumber))):
    nextNumber = int(''.join(i))
    if nextNumber > int(inputNumber):
        print(nextNumber)

ChristianBagley

####################################################################
#Python program to convert temperature from either Fahrenheit to   #
#Celsius or vise-versa. This is a very simple function example.    #
#                                                                  #
####################################################################
 
 
def convert(temp, unit):
    unit = unit.lower()
    if unit == "c":

ChristianBagley

#!/bin/bash
#
# CloudyGamerLauncher by Larry Gadea
# Easily start/stop Paperspace and Parsec instances
#
# Make sure to fill out the variables below. For the machine name, use the
# 8-letter identifier for the machine on Paperspace (ex. PS8RGDUY)

PAPERSPACE_EMAIL=''
PAPERSPACE_PASSWORD=''

ChristianBagley

function transfer
    if test (count $argv) -eq 0
        echo "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"
        return 1
    end

    ## get temporarily filename, output is written to this file show progress can be showed
    set tmpfile ( mktemp -t transferXXX )

    ## upload stdin or file

ChristianBagley

#!/bin/zsh

# Defines transfer alias and provides easy command line file.
#
# Authors:
#   Remco Verhoef <[email protected]>
#   Prajjwal Singh <[email protected]>
#
# Dependencies:
# * curl

ChristianBagley

filename:.npmrc _auth
filename:.dockercfg auth
extension:pem private
extension:ppk private
filename:id_rsa or filename:id_dsa
extension:sql mysql dump
extension:sql mysql dump password
filename:credentials aws_access_key_id
filename:.s3cfg
filename:wp-config.php

ChristianBagley

import requests
import re
from glob import glob  # Google this. It's really good!
from os.path import basename, join  # Basename removes the path part of a file, returning only the filename. Can also handle urls.
from concurrent.futures import ThreadPoolExecutor  # For our concurrent downloads in download_many.

def get_urls(data, pattern):
    urls = pattern.findall(data.text)
    endings = ['.pdf', '.mobi', '.epub']

ChristianBagley

"Give Me CRX" (https://chrome.google.com/webstore/detail/give-me-crx/acpimoebmfjpfnbhjgdgiacjfebmmmci) contains a virus hidden in the source code.

Hidden Virus

Reviewer "Adam Carbonell" (link) first discovered existence of the malware. He mentioned that icon2.png contains malicious code.

bg.js (last modified 11/11/2016) extracts the code by reading icon2.png (last modified 11/10/2016) as text, extracting data between init> and <end strings (I assume a PNG comment), and xor-ing it with char ^ 77.

The resulting text is then run as Javascript. I think around 24 hours after extension installation, every tab will have <script src='hXXp//s3.eu-central-1.amazonaws.com/forton/give_me_crx.js'> injected whenever "chrome.tabs.onUpdated".

ChristianBagley

#!/bin/bash

if [ "$1" = "-h" -o "$1" = "--help" -o -z "$1" ]; then cat <<EOF
appify v3.0.1 for Mac OS X - http://mths.be/appify
Creates the simplest possible Mac app from a shell script.

Appify takes a shell script as its first argument:

    `basename "$0"` my-script.sh