Marshall Hallenbeck Marshall-Hallenbeck
Marshall-Hallenbeck
/ opentrade_0.2.0_domxss_disclosure_1-10-2020
Last active
January 13, 2020 14:37
OpenTrade Dom-Based XSS Disclosure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Vulnerability Description] | |
| OpenTrade through version 0.2.0 has a Dom-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains Javascript. | |
| [Application Description] | |
| OpenTrade is an open source crypto currency exchange that can support over a dozen cryptocurrencies. Its live version can be found at https://trade.multicoins.org. | |
| [Affected Versions] | |
| The following commit introduced the vulnerability, but OpenTrade did not have a package.json with applicable versioning: https://github.com/3s3s/opentrade/commit/731459452c8e476cb30fcf84ef0d05d153aba0ed#diff-910e51c56f379da78d78892e221e692aR417 | |
| Officially version 0.2.0 of OpenTrade is the only "vulnerable" version, as it is the first committed version number in package.json |
Marshall-Hallenbeck
/ update_sliver.sh
Last active
July 1, 2021 15:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "Stopping sliver service (if it exists)" | |
| sudo service sliver-server stop 2>/dev/null | |
| echo "Removing old files (if they exist)" | |
| [ ! -e file ] || rm sliver-client_linux.zip sliver-server_linux.zip | |
| [ ! -e file ] || rm sliver-client sliver-server | |
| echo "Downloading latest sliver linux releases" | |
| wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-client_linux.zip" | |
| wget -q "https://github.com/BishopFox/sliver/releases/latest/download/sliver-server_linux.zip" |
Marshall-Hallenbeck
/ install_sliver_service.sh
Last active
March 8, 2022 07:32
install sliver-server as a systemd service
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| FILE=/etc/systemd/system/sliver-server.service | |
| if [ ! -f "$FILE" ];then | |
| sudo echo "[Unit] | |
| Description=Sliver Server | |
| [Service] | |
| Type=simple | |
| ExecStart=/usr/local/bin/sliver-server" > $FILE |
Marshall-Hallenbeck
/ capture_http_request.sh
Created
April 8, 2021 02:22
Capture HTTP Request to file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| curl -m 0.1 -s -I localhost:1337 & nc -l -p 1337 > /tmp/http_request.txt && cat /tmp/http_request.txt |
Marshall-Hallenbeck
/ config
Last active
August 24, 2021 02:16
Metasploit Prompt Config (~/.msf4/config)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [framework/core] | |
| PROMPT=%whi[%T] %red(%L) %yel%J %grn%S%whi | |
| TimestampOutput=true | |
| ConsoleLogging=true | |
| SessionLogging=true | |
| [framework/features] | |
| [framework/ui/console] |
Marshall-Hallenbeck
/ StopEvaluationShutdown.ps1
Last active
February 5, 2025 13:25
Prevent Automatic Shutdown for Expired Windows Evaluation VMs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create PS folder on C: drive | |
| New-Item -ItemType Directory -Force -Path "C:\PS" | |
| # Set TLS versions for download (it will error otherwise) | |
| [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" | |
| # Download PsTools | |
| Invoke-WebRequest -Uri "https://download.sysinternals.com/files/PSTools.zip" -OutFile "C:\PS\PSTools.zip" | |
| # Extract PsTools to the PS folder | |
| Expand-Archive -Path "C:\PS\PSTools.zip" -DestinationPath "C:\PS" | |
| # Auto Accept EULA, can also run psexec with -accepteula | |
| #reg ADD HKCU\Software\Sysinternals\PSexec /v EulaAccepted /t REG_DWORD /d 1 /f |
Marshall-Hallenbeck
/ gist:6b03af2ff023c6b6227c48bd3d866dba
Created
March 27, 2024 01:25
Print caller name, file, and line number in Pyhton
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| caller_name = inspect.stack()[1].function | |
| file_name = inspect.stack()[1].filename | |
| line_number = inspect.stack()[1].lineno | |
| self.logger.debug(f"Called from function: {caller_name} in file {file_name} at line {line_number}") |
Marshall-Hallenbeck
/ New-ScheduledTaskSession.ps1
Created
August 24, 2024 00:02
— forked from jborean93/New-ScheduledTaskSession.ps1
Creates a PSSession that targets a scheduled task process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright: (c) 2024, Jordan Borean (@jborean93) <[email protected]> | |
| # MIT License (see LICENSE or https://opensource.org/licenses/MIT) | |
| Function New-ScheduledTaskSession { | |
| <# | |
| .SYNOPSIS | |
| Creates a PSSession for a process running as a scheduled task. | |
| .DESCRIPTION | |
| Creates a PSSession that can be used to run code inside a scheduled task |
Marshall-Hallenbeck
/ comet_ml_display_f1.py
Created
August 27, 2024 13:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Comet Python Panels BETA, full documentation available at: | |
| # https://www.comet.com/docs/v2/guides/comet-ui/experiment-management/visualizations/python-panel/ | |
| from comet_ml import API, ui | |
| import matplotlib.pyplot as plt | |
| # Get available metrics | |
| api = API() | |
| metrics = api.get_panel_metrics_names() |
Marshall-Hallenbeck
/ extend_lv.sh
Last active
December 26, 2024 23:41
Extend running Linux/Ubuntu LV
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # extends default Ubuntu LV - update it to whatever LV you are trying to extend, or just write the commands manually | |
| # of course before this you need to increase the capacity of the VM (I use ESXi and just update the size) | |
| # just a reminder for ESXi, if you have any snapshots, the edit size dropdown/entry will be greyed out, so delete any existing snapshots | |
| sudo cfdisk # expand your partition here | |
| # sudo lsblk # do this if you dont know your partition # | |
| sudo pvresize /dev/sda3 # like all of my vms default to sda3 but YMMV | |
| sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv # extend the lv inside the pv (lsblk should be updated now) | |
| # sudo xfs_growfs /dev/system/nsm # resize lvm if you made it an lvm (use this for security onion) | |
| sudo resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv # actually resize the ext partition (what you see via df -h) |
OlderNewer