Skip to content

Instantly share code, notes, and snippets.

View austinsonger's full-sized avatar
🙃
Localhost

Austin Songer, CISSP austinsonger

🙃
Localhost
560 followers · 1.8k following
View GitHub Profile
@austinsonger
austinsonger / wikijs.sh
Last active February 20, 2020 15:52
WikiJS - ubuntu 18.04
#!/bin/bash
#
# Wikijs Install With Docker on Ubuntu 18.04
#
###############################################
sudo apt -qqy update
# Install all updates automatically
echo "[1/1] Installing all updates automatically..."
@austinsonger
austinsonger / av-api.ps1
Last active February 24, 2020 14:34
Alienvault PowerShell
new-module -name install_agent -scriptblock {
function AgentDoStart() {
$kServiceName = "osqueryd"
$osquerydService = Get-WmiObject -Class Win32_Service -Filter "Name='$kServiceName'"
if ($osquerydService) {
Start-Service $kServiceName
Write-Host "'$kServiceName' system service is started." -foregroundcolor Cyan
return 1
} else {
@austinsonger
austinsonger / open.sh
Created February 25, 2020 00:13
OpenNetAdmin 18.1.1 - Remote Code Execution
# Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution
# Date: 2019-11-19
# Exploit Author: mattpascoe
# Vendor Homepage: http://opennetadmin.com/
# Software Link: https://github.com/opennetadmin/ona
# Version: v18.1.1
# Tested on: Linux
# Exploit Title: OpenNetAdmin v18.1.1 RCE
# Date: 2019-11-19
@austinsonger
austinsonger / dbps.sh
Last active June 18, 2020 20:38
Debian-Based Post Install
sudo -n true
sudo apt update -y
sudo apt list --upgradable -a
sudo apt upgrade -y
sudo dpkg --configure -a
sudo apt install -f
sudo apt update --fix-missing
sudo apt --fix-broken install -y
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
sudo apt install ubuntu-restricted-extras -y
@austinsonger
austinsonger / SMBGhost.rules
Created March 12, 2020 16:11
SMBGhost - Snort Rule (CVE-2020-0796)
###############
# Rules by Claroty
# This rules will detect SMB compressed communication by the SMB protocol identifier.
# The use of the offset and depth parameter is designed to prevent false positives and to allow the NetBios Layer
###############
alert tcp any any -> any 445 (msg:"Claroty Signature: SMBv3 Used with compression - Client to server"; content:"|fc 53 4d 42|"; offset: 0; depth: 10; sid:1000001; rev:1; reference:url,//blog.claroty.com/advisory-new-wormable-vulnerability-in-microsoft-smbv3;)
alert tcp any 445 -> any any (msg:"Claroty Signature: SMBv3 Used with compression - Server to client"; content:"|fc 53 4d 42|"; offset: 0; depth: 10; sid:1000002; rev:1; reference:url,//blog.claroty.com/advisory-new-wormable-vulnerability-in-microsoft-smbv3;)
@austinsonger
austinsonger / README.md
Last active March 12, 2020 17:03
SMBGhost (CVE-2020-0796) Suricata Rule (Created This as quickly as possible, it has not been tested)

Overview

Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

Rule

Make sure that firewall rules on the border firewall and on endpoints prevent (block) inbound and outbound connections to the vulnerable service (445 TCP) if applicable.

Please leave comment if this needs to be edited to make it work better.

@austinsonger
austinsonger / raw-format.xml
Created May 24, 2020 20:09
Event Log Raw Format
Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
<EventID>1</EventID>
<Version>5</Version>
<Level>4</Level>
<Task>1</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2019-06-12T00:48:53.300422700Z" />
@austinsonger
austinsonger / install_docker.sh
Last active August 19, 2020 17:33 — forked from vasuadari/install_docker.sh
install_docker_on_ubuntu_18_04
#! /bin/bash
apt-get update -y
apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
@austinsonger
austinsonger / installPS.bash
Created June 18, 2020 23:21
Install Parrot Security
#! /bin/bash
-------------
#### PREP ###
sudo apt-get update
sudo apt-get install -y \
apt-transport-https \
ca-certificates \
curl \
software-properties-common
@austinsonger
austinsonger / post-install.sh
Created June 19, 2020 12:31
Post-Install Ubuntu
sudo -n true
sudo apt update -y
sudo apt list --upgradable -a
sudo apt upgrade -y
sudo dpkg --configure -a
sudo apt install -f
sudo apt update --fix-missing
sudo apt --fix-broken install -y
sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
sudo apt install ubuntu-restricted-extras -y