shekkbuilder / sosreport.sh

Created May 22, 2017 22:51

old sosreport

shekkbuilder / nmap-cmdline

Created May 15, 2017 07:26 — forked from Neo23x0/nmap-cmdline

Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning

	# CVE-2017-0143 MS17-010 Scaning
	# The vulnerability that uses WannaCry Ransomware
	#
	# Use @calderpwn's script
	# http://seclists.org/nmap-dev/2017/q2/79
	#
	# Save it to Nmap NSE script directory
	# Linux
	# /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
	# OSX

shekkbuilder / Wannacrypt0r-FACTSHEET.md

Created May 14, 2017 18:38 — forked from rain-1/Wannacrypt0r-FACTSHEET.md

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
Kill switch: If the website www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

shekkbuilder / extract_sql.pl

Created May 13, 2017 20:48 — forked from leoromanovsky/extract_sql.pl

Extract SQL tables from database dump

	#!/usr/bin/perl -w
	##############################################################################
	##
	## Written by: Jared Cheney <[email protected]>
	##
	## Original Template written by:
	## Brandon Zehm <[email protected]> and Jared Cheney <[email protected]>
	##
	## License:
	##

shekkbuilder / extract_sql.pl

Created May 13, 2017 20:48 — forked from leoromanovsky/extract_sql.pl

Extract SQL tables from database dump

	#!/usr/bin/perl -w
	##############################################################################
	##
	## Written by: Jared Cheney <[email protected]>
	##
	## Original Template written by:
	## Brandon Zehm <[email protected]> and Jared Cheney <[email protected]>
	##
	## License:
	##

shekkbuilder / Hping3 Packet Grenade

Created May 12, 2017 17:22 — forked from Erreinion/Hping3 Packet Grenade

Firewall testing script using hping3

	# Packet Grenade
	# Feb 13, 2015

	# Lists of targets
	set pinglist [list www.google.com www.facebook.com]
	set httplist [list www.google.com www.facebook.com]
	set httpslist [list www.google.com www.facebook.com]
	set ftplist [list]
	set sshlist [list alt.org thebes.openshells.net]

shekkbuilder / fifo_logwatch.sh

Created May 6, 2017 17:05 — forked from jrelo/fifo_logwatch.sh

watch a log with tail -f and a fifo to run command when a grep match is made

shekkbuilder / iptables_tcpkill.sh

Last active May 6, 2017 17:13

iptables_killtcp.sh

	#!/bin/bash
	#more methods: http://rtomaszewski.blogspot.com/2012/11/how-to-forcibly-kill-established-tcp.html
	if [ $# -lt 1 ];
	then
	printf "Usage: $0 <IP>\n" $#
	exit 0
	fi
	raddr=$1
	printf "Killing TCP connections to/from ${raddr}...\n"
	iptables -I INPUT -s ${raddr} -p tcp -j REJECT --reject-with tcp-reset

shekkbuilder / latency_tc.txt

Created May 4, 2017 22:25

Network latency simulation

tc qdisc add dev eth0 root netem delay 80ms 15ms distribution normal

shekkbuilder / katz.js

Created April 29, 2017 02:31

Mimikatz in JS - Courtesy of James Forshaw - https://github.com/tyranid/DotNetToJScript ;-)

This file has been truncated, but you can view the full file.

shekk shekkbuilder