Skip to content

Instantly share code, notes, and snippets.

View Marshall-Hallenbeck's full-sized avatar

Marshall Hallenbeck Marshall-Hallenbeck

View GitHub Profile
@Marshall-Hallenbeck
Marshall-Hallenbeck / opentrade_0.2.0_domxss_disclosure_1-10-2020
Last active January 13, 2020 14:37
OpenTrade Dom-Based XSS Disclosure
[Vulnerability Description]
OpenTrade through version 0.2.0 has a Dom-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains Javascript.
[Application Description]
OpenTrade is an open source crypto currency exchange that can support over a dozen cryptocurrencies. Its live version can be found at https://trade.multicoins.org.
[Affected Versions]
The following commit introduced the vulnerability, but OpenTrade did not have a package.json with applicable versioning: https://github.com/3s3s/opentrade/commit/731459452c8e476cb30fcf84ef0d05d153aba0ed#diff-910e51c56f379da78d78892e221e692aR417
Officially version 0.2.0 of OpenTrade is the only "vulnerable" version, as it is the first committed version number in package.json
#!/bin/bash
echo "Stopping sliver service (if it exists)"
sudo service sliver-server stop 2>/dev/null
echo "Removing old files (if they exist)"
[ ! -e file ] || rm sliver-client_linux.zip sliver-server_linux.zip
[ ! -e file ] || rm sliver-client sliver-server
echo "Downloading latest sliver linux releases"
wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-client_linux.zip"
wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_linux.zip"
@Marshall-Hallenbeck
Marshall-Hallenbeck / install_sliver_service.sh
Last active March 8, 2022 07:32
install sliver-server as a systemd service
#!/bin/bash
FILE=/etc/systemd/system/sliver-server.service
if [ ! -f "$FILE" ];then
sudo echo "[Unit]
Description=Sliver Server
[Service]
Type=simple
ExecStart=/usr/local/bin/sliver-server" > $FILE
@Marshall-Hallenbeck
Marshall-Hallenbeck / capture_http_request.sh
Created April 8, 2021 02:22
Capture HTTP Request to file
#!/bin/bash
curl -m 0.1 -s -I localhost:1337 & nc -l -p 1337 > /tmp/http_request.txt && cat /tmp/http_request.txt
@Marshall-Hallenbeck
Marshall-Hallenbeck / config
Last active August 24, 2021 02:16
Metasploit Prompt Config (~/.msf4/config)
[framework/core]
PROMPT=%whi[%T] %red(%L) %yel%J %grn%S%whi
TimestampOutput=true
ConsoleLogging=true
SessionLogging=true
[framework/features]
[framework/ui/console]
@Marshall-Hallenbeck
Marshall-Hallenbeck / StopEvaluationShutdown.ps1
Last active February 5, 2025 13:25
Prevent Automatic Shutdown for Expired Windows Evaluation VMs
# Create PS folder on C: drive
New-Item -ItemType Directory -Force -Path "C:\PS"
# Set TLS versions for download (it will error otherwise)
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
# Download PsTools
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip"
# Extract PsTools to the PS folder
Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS"
# Auto Accept EULA, can also run psexec with -accepteula
#reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f
@Marshall-Hallenbeck
Marshall-Hallenbeck / gist:6b03af2ff023c6b6227c48bd3d866dba
Created March 27, 2024 01:25
Print caller name, file, and line number in Pyhton
caller_name = inspect.stack()[1].function
file_name = inspect.stack()[1].filename
line_number = inspect.stack()[1].lineno
self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}")
@Marshall-Hallenbeck
Marshall-Hallenbeck / New-ScheduledTaskSession.ps1
Created August 24, 2024 00:02 — forked from jborean93/New-ScheduledTaskSession.ps1
Creates a PSSession that targets a scheduled task process
# Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]>
# MIT License (see LICENSE or https://opensource.org/licenses/MIT)
Function New-ScheduledTaskSession {
<#
.SYNOPSIS
Creates a PSSession for a process running as a scheduled task.
.DESCRIPTION
Creates a PSSession that can be used to run code inside a scheduled task
# Comet Python Panels BETA, full documentation available at:
# https://www.comet.com/docs/v2/guides/comet-ui/experiment-management/visualizations/python-panel/
from comet_ml import API, ui
import matplotlib.pyplot as plt
# Get available metrics
api = API()
metrics = api.get_panel_metrics_names()
@Marshall-Hallenbeck
Marshall-Hallenbeck / extend_lv.sh
Last active December 26, 2024 23:41
Extend running Linux/Ubuntu LV
#!/bin/bash
# extends default Ubuntu LV - update it to whatever LV you are trying to extend, or just write the commands manually
# of course before this you need to increase the capacity of the VM (I use ESXi and just update the size)
# just a reminder for ESXi, if you have any snapshots, the edit size dropdown/entry will be greyed out, so delete any existing snapshots
sudo cfdisk # expand your partition here
# sudo lsblk # do this if you dont know your partition #
sudo pvresize /dev/sda3 # like all of my vms default to sda3 but YMMV
sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv # extend the lv inside the pv (lsblk should be updated now)
# sudo xfs_growfs /dev/system/nsm # resize lvm if you made it an lvm (use this for security onion)
sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv # actually resize the ext partition (what you see via df -h)