Merge pull request #1 from colerobbinstech/main

Adding my scripts and writeups to the folder

Crimson_Defense/Scripts/combine/README.md

@@ -0,0 +1,4 @@
+Pretty handy wordlist generation tool. Takes a wordlist with individual words on each line and creates the full list of permutations of that list. Works well when you have a limited set of custom words but need more customization
+
+
+Typically paired with john --wordlist --rules=(single/jumbo) --stdout > betterWordlist

Crimson_Defense/Scripts/combine/combine.py

@@ -0,0 +1,18 @@
+#Takes a file containing separate words and returns all permutations to further generate a wordlist from
+
+from itertools import permutations
+
+#Begin with list of words and append results to original list
+infile = "words" 
+outfile = "wordlist"
+
+#Create list L that contains each word
+with open(infile) as wordlist:
+    L = [line.rstrip() for line in wordlist]
+
+#Permutate words at every length from 1 through len(words)
+with open(outfile, "w") as wordlist:
+    for n in range(len(L)+1):
+        for perm in permutations(L, n):
+            wordlist.write(''.join(perm))
+            wordlist.write('\n')

Crimson_Defense/Scripts/dirby/README.md

@@ -0,0 +1,3 @@
+Pretty simple enumeration script for sites that don't differentiate return codes on hits/non-hits. Intended to be a slightly more customizable version of gobuster/dirbuster
+
+Customize with any text that allows you to differentiate and the script will check each response from the site and print non-expected matches

Crimson_Defense/Scripts/dirby/dirby.py

@@ -0,0 +1,24 @@
+#Dirbuster-like script for sites that always return 301
+
+import requests
+
+###CUSTOM VALUES HERE###
+host = "http://134.122.109.161:31071/"
+error = "Error 404" #String to blacklist in result
+outfile = "dirby.out"
+#Can also change wordlist if desired
+wordlist = open("/usr/share/wordlists/raft-small-directories.txt")
+
+session = requests.Session()
+
+output = open(outfile, "a")
+
+for line in wordlist:
+    r = session.get(host+line)
+    if error not in r.text:
+        print(line)
+        output.write(line)
+
+
+output.close()
+wordlist.close()

Crimson_Defense/Scripts/patch/README.md

@@ -0,0 +1,5 @@
+First script using subprocess instead of os to do system level commands. Was happy with how simple it was. 
+
+The script brute forces each permutation of command arguments for when a specific order is needed but unkown
+
+Given example was fragments of a binary that I simply brute forced each permutation as arguments to cat and then attempted to run each output

Crimson_Defense/Scripts/patch/patch.py

@@ -0,0 +1,30 @@
+#Goal of program is to run a bash command with every permutation of arguments
+#This is useful for a file that has been split up as you can cat each permutation
+#until you arrive at a file that passes some sort of validity check
+
+import subprocess
+from itertools import permutations
+L = ["frag_1", "frag_2", "frag_3", "frag_5", "frag_6", "frag_7"]
+
+for perm in permutations(L):
+    temp = open("temp", "w")
+    args = list(perm)
+    args.insert(0, "frag_4") #Starting fragment to reduce possibilities
+    args.insert(0, "cat") # Argument should now read 'cat file1 file2...'
+
+    #Cat fragments together and write to temp
+    subprocess.run(args, stdout=temp) 
+    #Close file so we can work on it
+    temp.close()
+    #Make executable
+    subprocess.run(['chmod', '+x', 'temp'])
+    #Run it and write decoded result to variable
+    result = subprocess.run(['./temp'], stdout=subprocess.PIPE).stdout.decode('utf-8')
+
+    #winner's pov
+    if "FLAG" in result:
+        print(result)
+        quit()
+
+    #clean up for next run
+    subprocess.run(['rm', 'temp'])

Crimson_Defense/Scripts/rotten/README.md

@@ -0,0 +1,3 @@
+Customizable Caesar cipher solver. Intended for when more than one alphabet is utilized (i.e. lowercase + nums). Will act as one large Caesar cipher is the given alphabets appended together.
+
+Of note, order of included alphabets will matter when alphabet count >= 3

Crimson_Defense/Scripts/rotten/rotten.py

@@ -0,0 +1,27 @@
+#Custom caesar/rotation cipher solver with custom alphabet
+
+#Built-in sets to build from
+lower = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
+upper = ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z']
+nums = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9']
+
+###DEFINE VALUES HERE###
+alphabet = lower+nums #define sets you wish to use and what order
+ciphertext = "28x3j18zb91pg41jne80n2zelcun" 
+known_term = "flag" #term to find in plaintext
+
+
+def inc(char, alphabet, num): #char incrementer
+    index = alphabet.index(char)
+    return alphabet[(index+num)%len(alphabet)]
+
+cipher = ciphertext #using separate variable so we can check for no solution
+while known_term not in cipher:
+    cipher = list(cipher) #setting to list for mutability
+    for index in range(0,len(cipher)):
+        cipher[index] = inc(cipher[index], alphabet, 1)
+    cipher = "".join(cipher) #joining back to list for checking/printing
+    if cipher == ciphertext: #rotated back to original
+        print("No match")
+        exit()
+    print(cipher) #progress and solution