Misc

Windows Packet Capture

Localhost

https://www.netresec.com/index.ashx?page=RawCap :

To File:

RawCap.exe 127.0.0.1 localhost_capture.pcap

To Wireshark:

RawCap.exe -q 127.0.0.1 - | "C:\Program Files\Wireshark\Wireshark.exe" -i - -k

Extract useful stuff from PCAP

https://github.com/lgandx/PCredz

Remove Obfuscation from .NET Binaries

  • confuserexstringdecryptor

  • confuserexswitchkiller

Esoteric Language / Other Decodings

Update all pip installed python packages

pip freeze --user | cut -d'=' -f1 | xargs -n1 pip install -U

Find what program listens on a port on linux

sudo lsof -i -P -n | grep LISTEN

Delete all docker container & images

docker rm -vf $(docker ps -a -q)
docker rmi -f $(docker images -a -q)

Json to NDJson

cat file.json | jq -c '.[]' > converted.json

Domain Fronting

Connect to a benign domain where you know it will be served by a big CDN (SNI is set to this domain). Change the host header to your malicious site which is hosted on the same CDN.

Screenshot from PowerShell

[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
function screenshot([Drawing.Rectangle]$bounds, $path) {
   $bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
   $graphics = [Drawing.Graphics]::FromImage($bmp)

   $graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)

   $bmp.Save($path)

   $graphics.Dispose()
   $bmp.Dispose()
}

$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, 1920, 1080)
screenshot $bounds "C:\programdata\screenshot.png"

Simple HTTP Server

This short snippet will print the request headers & allow graceful shutdown.

#!/usr/bin/env python3

import http.server as SimpleHTTPServer
import socketserver as SocketServer

class StoppableHTTPServer(SimpleHTTPServer.HTTPServer):
    def run(self):
        try:
            self.serve_forever()
        except KeyboardInterrupt:
            pass
        finally:
            self.server_close()

class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):

    def do_GET(self):
        print(self.headers)
        SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)

server = StoppableHTTPServer(("", 80), GetHandler)
server.run()

NetBSD useful commands

List ports

netstat -na -f inet

Setup p4wnp1_aloa

https://github.com/RoganDawes/P4wnP1_aloa

https://jamesachambers.com/kali-linux-p4wnp1-aloa-guide-setup-usage-examples/

Last updated