|
Overview Pupy is a Remote Access/Post Exploitation tool. Here are some of my favorite features: All-in-memory execution A windows payload that can load the entire Python interpreter from memory using a reflective DLL Execute non-interactive commands on multiple hosts at once. Reflectively migrate into other processes. Interactive shells (cmd.exe, /bin/bash, etc) can be opened . . . → Read More: Howto Install the Pupy Post Exploitation Kit on Kali Linux Gathering all EC2 Public IPs Recently I needed to automate pulling all public IP addresses across all of the EC2 accounts I have access to. I wrote the following script to deal with that problem. Note: Thank you to Daniel Miessler for the script to pull the IPs. My Script makes that work across . . . → Read More: List all Public IP Addresses Across All of your AWS Accounts If you have ever gotten a webshell and wanted an interactive terminal this post is for you!. With Python python -c ‘import pty;pty.spawn(“/bin/bash”)’ Without Python script -qc /bin/bash /dev/null (inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export TERM=xterm-256color export SHELL=bash Creating a Windows Bind Shell Using C I’m studying for the OSCP and needed to replace the exe file of a Windows service with a new .exe file. On reboot my goal is to have a shell as NT Authority/System Source Code Filename: winshell.c This file will: Using the native “certuil.exe”, download nc.exe.txt from the . . . → Read More: Creating a Windows Bind Shell Using C After many failed attempts to import Okta logs in to Graylog (using some PowerShell scripts I found online) I decided to take a different approach. Here is what my final Dashboard and view ended up looking like: Prerequisites To ingest Okta logs in to Graylog you will need the following: . . . → Read More: Ingesting Okta logs in to Graylog Problem Kali Linux keeps locking the screen when not used for a short period of time Solution You need to configure “Light Locker” to stop automatically locking the session. Steps Click the icon at the top left of the screen (Kali Linux Logo) From the popup menu, click “Settings” From the next popup menu, click . . . → Read More: Disable Screen Lock on Kali Linux 2020 If you have ever wanted to scan the top 100 ports with masscan here are the instructions: masscan -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 10.11.1.0/24 –rate=1000 -e tun0 –router-ip 10.11.0.1 You will need to replace the following: tun0 with your interface router-ip with the router of the subnet you are scanning 10.11.1.0/24 with the subnet you are scanning I obtain . . . → Read More: How to scan top 100 ports with masscan I ran in to a situation where i needed to parse all fully qualified domain names (FQDN) from bunch of files in the same directory. Here is how to do that: grep -R -h -Eo ‘(http|https)://[^/”]+’ . | awk -F’/’ ‘{ print $3 }’ | sort | uniq I couldn’t find a good set of Grok rules for the CrowdStrike SIEM connector so I wrote my own. You need two rule sets. Set1: %{IPV4:source_collector_ip} CEF: 0\|CrowdStrike\|FalconHost\|1.0\|%{WORD:event_type}\|%{GREEDYDATA:event_subtype}\|%{INT:event_tactic}\|externalId=%{HOSTNAME:externalID} cn2Label=%{WORD:cn2Label} cn2=%{WORD:cn2} cn1Label=%{WORD:cn1Label} cn1=%{WORD:cn1} dhost=%{HOSTNAME:dhost} duser=%{DATA:duser} msg=%{GREEDYDATA:msg} fname=%{DATA:fname} filePath=%{GREEDYDATA:filepath} cs5Label=%{DATA:cs5Label} cs5=%{GREEDYDATA:cs5} fileHash=%{DATA:fileHash} dntdom=%{DATA:dntdom} cs6Label=%{DATA: cs6Label} cs6=%{GREEDYDATA:cs6} cn3Label=%{DATA: cs3Label} cn3=%{DATA:cn3} rt=%{DATA:rt} src=%{IP:src} smac=%{MAC:smac} cat=%{GREEDYDATA:cat} act=%{GREEDYDATA:act} reason=%{GREEDYDATA:reason} outcome=%{DATA:outcome} CSMTRPatternDisposition=%{GREEDYDATA:CSMTRPatternDisposition} . . . → Read More: CrowdStrike SIEM Connector Grok Rules I recently had to set up quite a few AWS Connectors in Tenable.io for various AWS accounts. This can become quite a cumbersome task so I decided to automate it. Prerequisites ~/.aws/config with multiple profiles trustpolicy.json (shown below) trustpolicy.json This will be used by our script for the initial role creation. The account # referenced . . . → Read More: Automating Setting up Tenable.io AWS Connector Role |
Blogroll
Content Management System (CMS)Document Management SystemExploitsFreeBSD
fun stuffLinuxSecurity
SourceforgeVirtual Machines |
