dustyfresh

#!/usr/bin/env node
/*
    howdyneighbor.js - playing with the libnmap NodeJS module. This identifies
    neighboring machines on the same network and tells you if they are 
    leaving any interesting ports open. It's really good for finding routers :)
    
    @dustyfresh, license for this gist is WTFPL [ http://www.wtfpl.net/ ]
  
  OSX INSTALL INSTRUCTIONS:
        $ npm i requests

dustyfresh

Keybase proof

I hereby claim:

• I am dustyfresh on github.
• I am derp (https://keybase.io/derp) on keybase.
• I have a public key whose fingerprint is 69C5 ABC4 2885 6A65 DC2B ADD8 C815 5E72 9837 5525

To claim this, I am signing this object:

dustyfresh

Toolbox

Tools I use on a daily basis:

• dnsmap - DNS record enumeration using dictionary brute forcing. I have a host list. Find all kinds of infrastructure with this tool. Opensource.

• Spiderfoot - Full intelligence gathering suite. Open source. Nice UI.

• Arachni - Web application scanner. Has a nice web interface and can run distributely.

• WPScan - WordPress specific attack tool

dustyfresh

#
# Spiderfoot Dockerfile
#
# http://www.spiderfoot.net
#
# Originally written by: Michael Pellon <[email protected]>
#
# https://github.com/smicallef/spiderfoot/blob/master/Dockerfile
#
# This Dockerfile has been updated to download the latest version

dustyfresh

 ___________
|
| just say no 
| to weakened
|+ backdoored
| crypto 🔑
|___________
(\__/) || 
(•ㅅ•) || 

dustyfresh

Shady shells

I was in need of some web shells for some security research I was conducting. I found w0rms.com which has a nice selection of shells that can be downloaded to accomodate my need to test some malicious PHP code in my application.

Backdoor

As expected every shell on w0rms.com is backdoored (backdoor the backdoors eh?).

$ curl -s http://w0rms.com/indir/AnonGhost2015.txt | grep -i w0rms
<SCRIPT SRC=http://w0rms.com/sayac.js></SCRIPT>

dustyfresh

Dockerfile:

FROM debian:jessie
MAINTAINER dustyfresh, https://github.com/dustyfresh

RUN apt-get update && \
	apt-get install --yes curl build-essential && \
	curl -sL https://deb.nodesource.com/setup_5.x | bash - && \
	apt-get install --yes nodejs

dustyfresh

I hereby claim:

• I am dustyfresh on github.
• I am derp (https://keybase.io/derp) on keybase.
• I have a public key ASCCdFILYZ1h6aehRyCkCQxy7fzK4RZnTDtqNd5HLTb4GAo

To claim this, I am signing this object:

{

dustyfresh

#!/bin/bash
#
# @dustyfresh
# 
# March 2016
#

if [[ ! -e "/Applications/Transmission.app/Contents/Resources/General.rtf" || ! -e "/Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf" ]]; then
	echo "Yay. This machine is not infected."
else

dustyfresh

FROM debian:jessie
MAINTAINER dustyfresh, https://github.com/dustyfresh
RUN apt-get update && apt-get install --yes vim git build-essential wget libpcre3 libpcre3-dev libssl-dev python-setuptools python-pip supervisor curl sudo

# Add your .vimrc to the container
ADD ./vimrc /root/.vimrc

RUN wget https://static.rust-lang.org/rustup.sh; chmod +x rustup.sh; ./rustup.sh -y
RUN mkdir -pv /opt/code