User Controls
Thanked Posts by Sophie
-
2017-02-02 at 11:50 PM UTC in Berkley fucktards trash their own schoolIt's funny, for all Antifa's bluster about "fighting nazis" if they were actually fighting nazis they would have been rounded up and executed by now. In fact i hope that happens anyway, not a single thing of value will be lost. If shit like this ever breaks out in my neck of the woods i am going domestic terrorist on Antifa and Co.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-02 at 6:40 PM UTC in Options For Attacking A Web Server That Aren't Web Application RelatedThanks encryption!The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-02-01 at 1:16 AM UTC in Options For Attacking A Web Server That Aren't Web Application RelatedAttack the services running on the webserver. Like FTP, POP3, the mailserver. Sometimes the MySQL DB listens on port 3306. You could bruteforce the file server and upload malware. Or see if there is a flaw in the service you are targeting itself that can be exploited with a buffer overflow or what have you. This is why it is important to enumerate the type of service you are dealing with and the version. One such technique involves banner grabbing with the FTP service to get the version and such. Once you know the version you can look for vulnerabilities on exploit-db and similar sites. Or download the exact same thing run it locally and bang on it/reverse engineer until you find something.
Nexpose and Metasploit are really good at server side security testing. -
2017-02-01 at 7:21 PM UTC in Omg anyone here like sushi?
Originally posted by snab_snib sushi is not good. raw fish is not good.
Sushi isn't raw fish, idiot. That's Sashimi. Now you can have Sashimi at a Sushi restaurant but there is a clear difference.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-30 at 4:13 PM UTC in Here is a bash script purposed for sytem enumeration and more coming soon.
#!/bin/bash
function main()
{ printf "\nThis script enumerates system information and appends it to a textfile.\n"
printf "\nThese items will be enumerated:
1. User IDs and login history.
2. OS details and mounted disks.
3. Network status and information.
4. Running processes.\n\n"
read -p 'Continue? Y/n : ' choice2
if [[ $choice2 == 'y' ]]; then
enum
else
echo "Aborted"
exit 1
fi
}
function enum()
{ printf "\n\nPlease provide a path to which the output will be saved. I.e /tmp/output.txt\n"
read -p 'Path? : ' outfile
echo "+-+-+-+-+" | tee -a $outfile 1>&2
echo "|L|O|G|S|" | tee -a $outfile 1>&2
echo "+-+-+-+-+" | tee -a $outfile 1>&2
printf "\n\nUser IDs\n" | tee -a $outfile 1>&2
whoami | tee -a $outfile 1>&2
printf "\n\n" | tee -a $outfile 1>&2
id | tee -a $outfile 1>&2
printf "\n\n" | tee -a $outfile 1>&2
last | tee -a $outfile 1>&2
sleep 0.5 && clear
printf "\n\nOS details and mounted disks\n\n" | tee -a $outfile 1>&2
uname -a | tee -a $outfile 1>&2
printf "\n\n" | tee -a $outfile 1>&2
df -h | tee -a $outfile 1>&2
sleep 0.5 && clear
printf "\n\nNetwork status & info\n\n" | tee -a $outfile 1>&2
ifconfig -a | tee -a $outfile 1>&2
printf "\n\n" | tee -a $outfile 1>&2
arp -a | tee -a $outfile 1>&2
printf "\n\n" | tee -a $outfile 1>&2
netstat -atp | tee -a $outfile 1>&2
sleep 0.5 && clear
printf "\n\nProcess info\n\n" | tee -a $outfile 1>&2
ps -d -f | tee -a $outfile 1>&2
sleep 0.5 && clear
echo "Done, output saved to $outfile"
exit 1
}
if [[ "$EUID" -ne 0 ]]; then
echo "It is recommended that this script is run as root"
printf "\nRunning it without super user privilege will affect the results\n"
read -p 'Continue without root? Y/n : ' choice1
if [[ $choice1 == 'y' ]]; then
main
else
echo "Aborted"
exit 1
fi
else
main
fi
I am building a bash multi tool in effect. I will be combing features i have in some other bash scripts so that it will be useful, not only for sysadmin stuff but for OffSec purposes as well.
I will be including features from RootHelper and KernMan, see below for those scripts.
#!/bin/bash
function usage()
{ printf "%b \a\n\nRoothelper will aid in the process of privilege escalation on a Linux system you compromised by fetching a number of enumeration
and exploit suggestion scripts. Below is a quick overview of the available options.
The 'Help' option displays this informational message.
The 'Download' option fetches the relevant files and places them in the /tmp/ directory.
The option 'Download and unzip' downloads all files and extracts the contents of zip archives to their individual subdirectories respectively, please
note; if the 'mkdir' command is unavailable however, the operation will not succeed and the 'Download' option should be used instead
The 'Clean up' option removes all downloaded files and 'Quit' exits roothelper.\n "
}
# Download and unzip
function dzip()
{ echo "Downloading and extracting scripts..."
`wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
`wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`
`wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
`wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
`wget -O /tmp/firmwalker.zip https://github.com/craigz28/firmwalker/archive/master.zip`
for zip in *.zip
do
dirname=`echo $zip | sed 's/\.zip$//'`
if mkdir $dirname
then
if cd $dirname
then
unzip ../$zip
cd ..
rm -f $zip
else
echo "Could not unpack $zip - cd failed"
fi
else
echo "Could not unpack $zip - mkdir failed"
fi
done
}
dir="/tmp/"
usage
printf "%b" "\a\n\nTo use roothelper please select an option below.:\n"
PS3='Please enter your choice: '
options=("Help" "Download" "Download and unzip" "Clean up" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Help")
usage
printf "%b \n"
;;
"Download")
echo "Downloading scripts to /tmp/"
`wget -O /tmp/ExploitSuggest.py http://www.securitysift.com/download/linuxprivchecker.py`
`wget -O /tmp/LinEnum.zip https://github.com/rebootuser/LinEnum/archive/master.zip`
`wget -O /tmp/ExploitSuggest_perl.zip https://github.com/PenturaLabs/Linux_Exploit_Suggester/archive/master.zip`
`wget -O /tmp/unixprivesc.zip https://github.com/pentestmonkey/unix-privesc-check/archive/1_x.zip`
`wget -O /tmp/firmwalker.zip https://github.com/craigz28/firmwalker/archive/master.zip`
printf "%b \n"
;;
"Download and unzip")
dzip
printf "%b \n"
;;
"Clean up")
echo "Removing downloaded files"
find $dir/* -exec rm {} \;
printf "%b \n"
;;
"Quit")
break
;;
*) echo invalid option;;
esac
done
#!/bin/bash
if [[ "$EUID" -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
function logo()
{ echo " _____ _____ "
echo "| | |___ ___ ___| |___ ___ "
echo "| -| -_| _| | | | | .'| |"
echo "|__|__|___|_| |_|_|_|_|_|__,|_|_|"
printf "\nKernMan - Kernel Management Assistant.\n"
}
logo
function usage()
{ printf "\nKernMan is a script written for the purpuse of simplyfying Kernel Managenemt.
Select the option 'List' to display all installed kernels. Select the option 'Purge' to display
all kernels that can be removed and subsequently do so\n\n"
}
PS3='Please enter your choice: '
options=("Usage" "List" "Purge" "Quit")
select opt in "${options[@]}"
do
case $opt in
"Usage")
usage
;;
"List")
dpkg -l linux-image-\* | grep ^ii
;;
"Purge")
kernelver=$(uname -r | sed -r 's/-[a-z]+//')
dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve $kernelver
printf "\nThese items will be deleted.\n"
read -p 'Continue? Y/n ' choice
if [[ $choice == "y" ]]; then
sudo apt-get purge $(dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve "$(uname -r | sed -r 's/-[a-z]+//')")
else
echo "Aborted"
break
exit 1
fi
;;
"Quit")
break
;;
*) echo invalid option;;
esac
done
The scripts are up on my github as well. https://github.com/NullArray
Post last edited by Sophie at 2017-01-31T15:01:25.800871+00:00The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-28 at 6:58 AM UTC in I have a confessionYeah i figured you might have you liberal piece of shit.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-29 at 8:30 PM UTC in What should I do with $140
Originally posted by greenplastic What are you getting at? They're pretty popular. They're usually private but opening to new customers for a couple days.
PAYMENT MUST BE MADE WITHIN 20 MINUTES OF RECEIVING OUR BTC ADRESS!
I got better shit to do than wait on an email with a BTC adress all day. So they can go fuck themselves.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-29 at 8:39 PM UTC in yogurt shop murders
Originally posted by Bill Krozby ^sammy d gettin bizzed on the crock, when they pull tha trigger it makes the bitch drop
Clearly, since all the victims were female.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-29 at 5:48 PM UTC in The retarded thread: Fuck, §m£ÂgØL made one first editionEveryone crying and bitching about this recent "immigrant ban" by President Trump should read the executive order. The Obama administration did THE EXACT SAME THING in 2016. But when Trump does it. OMFG HITLER!The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-28 at 5:13 PM UTC in Helter Skelter 2017In the industry we call this social engineering.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-28 at 2:32 PM UTC in Found a job for you fuckers
Originally posted by greenplastic I mean just in general for that site.
Only if the feds are pissed at you for some reason.
Really, you shouldn't worry. But if you still are worried do exactly as i say. Here is Sophie's emergency hotline measure.
Install this www.bleachbit.org, close your browser. Check all the browser related marks and temporary file marks and run it as administrator.
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-28 at 7:09 AM UTC in We can write enter off as dead now
Originally posted by Hash Slinging Slasher He's gay lol
He probably died of aids already
I think he turned gay out of spite tbh.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-27 at 9:46 AM UTC in picture of me if I was a girl"The image you requested does not exist or is no longer available."The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-25 at 3:42 PM UTC in Rioting next week
Originally posted by aldra
Haha, antifa got rekt. Serves them right.The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-24 at 12:38 PM UTC in who is the edgiest person on this site? (edgy contest)More importantly, you should ask yourself why being or being perceived as edgy matters to.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-09 at 5:32 AM UTC in List some clearnet/deepweb OffSec forums.
Originally posted by 0Death Hell forums reloaded got shutdown a while ago, they got hacked. You can find the dump circulating around private communities. I doubt the current page is even legitimate, probably a scammer is my guess. But yes I can agree with you on that, pay to join is bad.
Can't say if they are good or not, but saw some forums being mentioned around /baphomet/ being mentioned the other day, maybe worth checking out.
criminal.cat
dumpbase.org
Maybe you're right about the new Hell forums. Is the new one where you have to pay BTC for an admittance fee or some shit? Anyway, yeah baph was pretty good way back when, it's meh these days. I'll check out criminal.cat though, thanks. -
2017-01-19 at 9 AM UTC in anybody here like nu metal >?Also, Lifelover is dope breh. Has hysteric yelling as well.
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-19 at 5:28 AM UTC in Does FB keylog?
Originally posted by thelittlestnigger What do you mean by this? Should I type in some shit and look at what ads and suggested pages I get? And even if that is the case it does not point to how long the log is kept.
Assume they keep everything forever. And what i meant was you could put it to the test by using certain keywords and taking note of the adds. Anyway, you should just assume FB is an adversary, assume they log everything, and assume they mean you harm.
The following users say it would be alright if the author of this post didn't die in a fire! -
2017-01-06 at 3:47 AM UTC in Why not niggersin.space?Because Lanny is a OGbloodcomptonnigga not a nigger, there is a distinct difference.The following users say it would be alright if the author of this post didn't die in a fire!
-
2017-01-19 at 10:07 AM UTC in Having all the oxycodone on the planet
Originally posted by the holy ghost Billionaires don't give their shit away. Same thing
They actually do, it's called philanthropy.The following users say it would be alright if the author of this post didn't die in a fire!
