You can use the above script with parallel to speed up the process. You need to do some prep work first.
split -n 100 domains.txt domains_ls -l domains_* | awk '{ print $9 }' > dom_files.txtparallel -a dom_files.txt -j 10 ./strip.pycat *_strip.txt > domains_stripped.txt
| [-] root is allowed to execute all programs as any user. | |
| [-] %sudo is allowed to execute all programs as any user. | |
| [-] %admin is allowed to execute ALL with no password. | |
| [*] alan is allowed to execute /bin/ls, /bin/kill on ALL as root, bin : operator, system. |
| ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKsydz5gVrN3Ixi1qC2otXfjs1gs9CQFHKLE+C6RRClzCSxdb7midOkAtm7cY3WQXUxeuBzy+i7+GlLCm8rub8TSg5Mx3K1IiEW2WQe7i5fL+fQwCT1W8IKa7q5V5oYOALNvIcjs2tfdMQQjPQlWaeWl21p5wgdT8oeczpx+hGLR4ipTc/KFFnj3gDQ0BiYezoPG06oZG7f7skOlfDK9M9WbDEwmhtqR4KyRIYQbsyTMGKmVidXnoSVgA7YBH6zjJUSlbURlm0G21+U79KH5SY/k5jprsQ6WHmzz/0SieYpikH2n9bmbd8/oazRX7agduD3ky+WjP2S9CYK3asVr6l [email protected] |
| encrypt.py is the Python module that does the encryption and decryption using PySodium. You will need to install libsodium and PySodium before you can use this module. | |
| encrypt_file.py - This script uses the encrypt.py module to encrypt a configuration file and store a password hash in a password file. It will print out the salt value needed for the open_file.py script. | |
| open_file.py - This script uses the encrypt.py module to decrypt a configuration file if the password given matches. | |
| On first use do the following: | |
| 1. Run encrypt_file.py with the password you want to use. | |
| 2. Copy the salt value given to the open_file.py script. | |
| 3. Delete the plaintext configuration file. |
| Please feel free to offer critiques but first understand that the purpose of this service would be to help a company improve security by removing the low hanging fruit and convincing them of the necessity of more thorough penetration testing and possibly red teaming. | |
| 1. Network scanning of up to X external IP addresses to identify live hosts and common services. | |
| 2. Automated vulnerability scans of all live hosts and common services to identify vulnerabilities that could lead to the exploitation of the operating system or service including but not limited to: | |
| a. Nessus scans | |
| b. Metasploit Auxiliary scans | |
| c. Burp Suite Professional scans | |
| d. Scans with Custom tools | |
| e. Brute-force password attacks on common services | |
| 3. Attempted exploitation of promising vulnerabilities as deemed appropriate by ASG Consulting. |
| Below is a small assembly program that is supposed to create a file with the filename | |
| myfile.txt, which is stored in the file_name "variable." The problem is the program | |
| actually creates a file called "myfile.txtWelcome to Tutorials PointWritten to file\n". | |
| Any ideas why the filename is getting mangled. According to the create call, I need to | |
| provide the pointer to the name and the file mode. What I don't understand is why the | |
| pointer to the filename is picking up the other strings. | |
| ; Taken from http://www.tutorialspoint.com/assembly_programming/assembly_file_management.htm | |
| section .data | |
| file_name db 'myfile.txt' |
| The cache system in FF 46.0.1 appears to ignore meta tags with cache directives. Copy the meta.html and meta.php files below to a directory and start up a web server in that directory using php -S 127.0.0.1:8000. Then visit http://127.0.0.1:8000/meta.html and http://127.0.0.1:8000/meta.php. After visiting both pages open about:cache and look at the list of cached documents. You will see that meta.html is cached while meta.php is not. |
| $ ./resolver.py names.txt | |
| $ cat lookup_results.csv | |
| www.live.com,207.46.11.252|65.55.129.171 | |
| www.asgconsulting.com,185.53.179.7 | |
| www.google.com,74.205.129.15|74.205.129.38|74.205.129.29|74.205.129.44|74.205.129.27|74.205.129.42|74.205.129.23|74.205.129.49|74.205.129.59|74.205.129.57|74.205.129.53|74.205.129.34|74.205.129.45|74.205.129.30|74.205.129.19|2607:f8b0:4002:c06::6a | |
| www.outlook.com,132.245.75.194|132.245.78.146|132.245.9.226|132.245.3.210|132.245.23.146|132.245.29.242|132.245.71.18|132.245.60.2|132.245.44.226|40.96.8.2|2a01:111:f400:50aa::2|2a01:111:f400:5374::2|2a01:111:f400:516d::2|2a01:111:f400:52ef::2|2a01:111:f400:2ea1::2|2a01:111:f400:53eb::2|2a01:111:f400:f20d::2|2a01:111:f400:2a::2|2a01:111:f400:16::2|2a01:111:f400:4000::2 | |
| www.yahoo.com,98.139.180.149|98.139.183.24|2001:4998:58:c02::a9 |
I hereby claim:
To claim this, I am signing this object:
| Infosec Predictions for 2017: | |
| 1. We will continue to fail to do the basics. | |
| 2. We will continue to worry about 0-days. | |
| 3. We will continue to make dumb privacy/security tradeoffs for convenience. | |
| 4. We will continue to gripe about ignorant end users and managers. | |
| 5. We will continue to fight amongst ourselves. | |
| 6. We will continue to eat our young. | |
| 7. Attackers will continue to get better at automation. | |
| 8. Defenders will likely not get better at automation. |