Skip to content

Instantly share code, notes, and snippets.

View droberson's full-sized avatar

Daniel Roberson droberson

266 followers · 215 following
View GitHub Profile
@droberson
droberson / gist:f1283a8204aace067ae499ba38d053b6
Created November 3, 2021 12:37
ConnectBack shellcode configuration extractor
#!/usr/bin/env python3
# Extract IP address and port from "ConnectBack" shellcode used in Gitlab intrusions
# https://bazaar.abuse.ch/browse/tag/ConnectBack/
import sys
import struct
import socket
with open(sys.argv[1], "rb") as fp:
@droberson
droberson / verify_libs.sh
Created August 29, 2020 17:44
verify maps of libs loaded into a process
#!/bin/bash
PIDS=$(pidof sshd)
PACKAGES=""
for pid in $PIDS;
do
for lib in $(cat /proc/$pid/maps |awk {'print $6'} |grep ^/ |sort |uniq);
do
PACKAGES="$PACKAGES $(rpm -q --whatprovides $lib)"
@droberson
droberson / find_ld_preload.sh
Created August 29, 2020 17:43
#!/bin/bash
PIDS=$(pidof sshd)
for pid in $PIDS;
do
for lib in $(cat /proc/$pid/maps |awk {'print $6'} |grep ^/ |sort |uniq);
do
rpm -q --whatprovides $lib |grep " package"
done
@droberson
droberson / splunk_to_discord.py
Created April 25, 2020 18:57
very basic example to proxy splunk webhooks to discord channels
#!/usr/bin/env python3
import json
import requests
from twisted.web import server
from twisted.web.resource import Resource
from twisted.internet import reactor
def http_log(request):
@droberson
droberson / python_getattr.py
Created April 7, 2020 02:58
example to get attributes of files (lsattr) with python.
#!/usr/bin/env python3
import os
import fcntl
from array import array
# https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/fs.h
FS_IOC_GETFLAGS = 0x80086601
f = os.open("/bin/ls", os.O_RDONLY)
@droberson
droberson / masscan-favicon-grab.py
Created April 7, 2020 02:51
grab lots and lots of hashes of favicons. Used this for adding hashes to http-favicon.nse this script is really bad and doesnt work right.
#!/usr/bin/env python3
import os
import sys
import time
import fcntl
import errno
import socket
import hashlib
import requests
@droberson
droberson / masscan-ssh-banner-grab.py
Created April 7, 2020 02:46
Some wack garbage to grab lots of SSH banners
#!/usr/bin/env python3
import os
import sys
import time
import fcntl
import errno
import socket
from threading import Thread
from queue import Queue
@droberson
droberson / masscan-ftp-banner-grab.py
Created April 7, 2020 02:45
some horrible script i wrote to banner grab a ton of FTP servers
#!/usr/bin/env python3
import os
import sys
import time
import fcntl
import errno
import socket
from threading import Thread
from queue import Queue
@droberson
droberson / generate-lots-of-ssh-keypairs.sh
Created April 7, 2020 02:40
Generate lots of ssh keypairs. This is useful for creating ssh keys to deploy and assign to your teams for CTFs.
#!/bin/sh
# This will generate a keypair for each command line argument:
#
# Create keys named "daniel", "jacob", and "whitley"
# % generate-lots-of-ssh-keypairs.sh daniel jacob whitley
#
# Create 100 numbered keys
# % generate-logs-of-ssh-keypairs.sh $(seq 100)
@droberson
droberson / lolbins-group-permissions.sh
Created April 7, 2020 02:38
Create a lolbins group to make it very difficult for attackers on Linux machines if they get a low-privileged shell.
#!/bin/sh
# This changes permissions on lolbins to only be executable by the lolbins
# group members.
#
# Beware; if you use an X11/Xorg display manager, this may cause your system
# not to boot properly. Add lightdm, xdm, etc to "lolbins" group if you are
# using a GUI.
#
# Beware again; this breaks apt. If you get gpg errors when doing apt updates,