diff options
| author | Dan Fedele <dan.fedele@gmail.com> | 2022-11-06 17:14:38 -0500 |
|---|---|---|
| committer | Dan Fedele <dan.fedele@gmail.com> | 2022-11-06 17:14:38 -0500 |
| commit | d35bf7f3c52f5719558f73b77ed1fc34e6997e89 (patch) | |
| tree | 808ce3eabe1ee04d642bd7fcc5085867cff09c0f | |
| parent | c1c81a728173638abf84ad21df34d398fa956240 (diff) | |
Post CFC version test
| -rw-r--r-- | kali.yml | 119 | ||||
| -rw-r--r-- | master-bashrc | 116 | ||||
| -rw-r--r-- | parrot.yml | 265 | ||||
| -rw-r--r-- | setup-kali.sh | 63 | ||||
| -rw-r--r-- | setup-parrot.sh | 69 | ||||
| -rw-r--r-- | setup.sh | 40 | ||||
| -rw-r--r-- | tmux_conf (renamed from master-tmux_conf) | 0 | ||||
| -rw-r--r-- | zsh_functions.zsh | 17 |
8 files changed, 128 insertions, 561 deletions
@@ -9,6 +9,10 @@ ysoserial_jar: "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" kitty_installer: "https://sw.kovidgoyal.net/kitty/installer.sh" tasks: + - ansible.builtin.fail: + msg: "This playbook must be run properly! Execute sudo bash setup.sh" + when: tmux is not defined or zsh_func is not defined + - name: Add Docker repo key ansible.builtin.shell: curl -fsSL {{ docker_repo_key }} | gpg --dearmor --batch --yes -o /etc/apt/trusted.gpg.d/docker-ce-keyring.gpg @@ -33,53 +37,60 @@ - name: Installing one-off packages from package manager ansible.builtin.package: name: - - gawk - - terminator - - jxplorer - - seclists - - gobuster - - python3 - - python3-dev - - python3-pip + - bloodhound + - build-essential + - bytecode-viewer + - clang + - cmake - crackmapexec - - neo4j + - curl - default-jdk - default-jre - - rlwrap - - eog - - xclip - - steghide - - git - - ltrace - - strace - - gdb - - gdbserver - docker - docker-compose + - eog + - feroxbuster + - flex - forensics-extra - - ncat + - gawk + - gdb + - gdbserver + - ghidra + - git + - gobuster + - golang-go - jq - - powershell - - samba - - tmux - - libssl-dev + - jxplorer - libffi-dev - - build-essential + - liblzma-dev + - libssl-dev + - libxml2-dev + - ltrace + - ncat + - neo4j + - ntpdate + - mingw-w64 + - patch + - powershell + - python3 + - python3-dev + - python3-pip + - p7zip-full - remmina + - rlwrap + - samba + - seclists + - steghide + - strace - sublime-text - - golang-go - - ghidra - - bytecode-viewer - - ntpdate - - bloodhound + - terminator + - tmux + - xclip + - xfce4-terminal - zaproxy + - zlib1g-dev state: latest - - name: Install ShellUp! - ansible.builtin.git: - repo: 'https://github.com/AgroDan/shellup.git' - dest: /opt/shellup - - name: Install pwntools ansible.builtin.pip: name: git+https://github.com/Gallopsled/pwntools.git@dev @@ -207,36 +218,48 @@ set mouse= set ttymouse= - - name: Getting all interactive users <<hack hack hack>> + - name: Getting all interactive users ansible.builtin.shell: "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1}' /etc/passwd" register: users - + + - name: Add sudo-NOPASSWD to users + loop: "{{ users.stdout_lines }}" + ansible.builtin.lineinfile: + path: /etc/sudoers + state: present + insertafter: EOF + line: "{{ item }} ALL=(ALL) NOPASSWD: ALL" + validate: /usr/sbin/visudo -cf %s + - name: Initialize Gef for all users ansible.builtin.script: /opt/gef/scripts/gef.sh become_user: "{{ item }}" loop: "{{ users.stdout_lines }}" - - name: Copying over bashrc file to all users + - name: Copying over zsh functions file for all users ansible.builtin.copy: - src: /tmp/master-bashrc - dest: "~{{ item }}/.bashrc" + src: "{{ zsh_func }}" + dest: "~{{ item }}/.zsh_functions" owner: "{{ item }}" group: "{{ item }}" mode: '0640' loop: "{{ users.stdout_lines }}" - - name: Copying over bash functions file for all users - ansible.builtin.copy: - src: /tmp/master-bash_functions - dest: "~{{ item }}/.bash_functions" + - name: Enabling zsh functions + loop: "{{ users.stdout_lins }}" + ansible.builtin.blockinfile: + path: "~{{ item }}/.zshrc" + state: present + insertafter: EOF owner: "{{ item }}" - group: "{{ item }}" - mode: '0640' - loop: "{{ users.stdout_lines }}" - + block: | + if [ -f ~/.zsh_functions ]; then + source ~/.zsh_functions + fi + - name: Copying over tmux config to all users ansible.builtin.copy: - src: /tmp/master-tmux_conf + src: "{{ tmux }}" dest: "~{{ item }}/.tmux.conf" owner: "{{ item }}" group: "{{ item }}" diff --git a/master-bashrc b/master-bashrc deleted file mode 100644 index d509df6..0000000 --- a/master-bashrc +++ /dev/null @@ -1,116 +0,0 @@ -# ~/.bashrc: executed by bash(1) for non-login shells. - -# You may uncomment the following lines if you want `ls' to be colorized: -# export LS_OPTIONS='--color=auto' -# eval "`dircolors`" -# alias ls='ls $LS_OPTIONS' -# alias ll='ls $LS_OPTIONS -l' -# alias l='ls $LS_OPTIONS -lA' -# -# Some more alias to avoid making mistakes: -# alias rm='rm -i' -# alias cp='cp -i' -# alias mv='mv -i' -# ~/.bashrc: executed by bash(1) for non-login shells. -# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) -# for examples - -# don't put duplicate lines or lines starting with space in the history. -# See bash(1) for more options -HISTCONTROL=ignoreboth - -# append to the history file, don't overwrite it -shopt -s histappend - -# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) -HISTSIZE=1000 -HISTFILESIZE=2000 - -# check the window size after each command and, if necessary, -# update the values of LINES and COLUMNS. -shopt -s checkwinsize - -# If set, the pattern "**" used in a pathname expansion context will -# match all files and zero or more directories and subdirectories. -#shopt -s globstar - -# make less more friendly for non-text input files, see lesspipe(1) -#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" - -# set variable identifying the chroot you work in (used in the prompt below) -if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then - debian_chroot=$(cat /etc/debian_chroot) -fi - -# set a fancy prompt (non-color, unless we know we "want" color) -case "$TERM" in - xterm-color) color_prompt=yes;; -esac - -# uncomment for a colored prompt, if the terminal has the capability; turned -# off by default to not distract the user: the focus in a terminal window -# should be on the output of commands, not on the prompt -force_color_prompt=yes - -if [ -n "$force_color_prompt" ]; then - if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then - # We have color support; assume it's compliant with Ecma-48 - # (ISO/IEC-6429). (Lack of such support is extremely rare, and such - # a case would tend to support setf rather than setaf.) - color_prompt=yes - else - color_prompt= - fi -fi - -# This is just a better prompt -if [ "$color_prompt" = yes ]; then - PS1="\[\033[0;31m\]\342\224\214\342\224\200\$([[ \$? != 0 ]] && echo \"[\[\033[0;31m\]\342\234\227\[\033[0;37m\]]\342\224\200\")[$(if [[ ${EUID} == 0 ]]; then echo '\[\033[01;31m\]root\[\033[01;33m\]@\[\033[01;96m\]\h'; else echo '\[\033[0;39m\]\u\[\033[01;33m\]@\[\033[01;96m\]\h'; fi)\[\033[0;31m\]]\342\224\200[\[\033[0;32m\]\w\[\033[0;31m\]]\n\[\033[0;31m\]\342\224\224\342\224\200\342\224\200\342\225\274 \[\033[0m\]\[\e[01;33m\]\\$\[\e[0m\] " -else - PS1='┌──[\u@\h]─[\w]\n└──╼ \$ ' -fi - -# enable color support of ls and also add handy aliases -if [ -x /usr/bin/dircolors ]; then - test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" - alias ls='ls --color=auto' - #alias dir='dir --color=auto' - #alias vdir='vdir --color=auto' - - alias grep='grep --color=auto' - alias fgrep='fgrep --color=auto' - alias egrep='egrep --color=auto' -fi - -# some more ls aliases -#alias ll='ls -l' -#alias la='ls -A' -#alias l='ls -CF' - -# Alias definitions. -# You may want to put all your additions into a separate file like -# ~/.bash_aliases, instead of adding them here directly. -# See /usr/share/doc/bash-doc/examples in the bash-doc package. - -if [ -f ~/.bash_aliases ]; then - . ~/.bash_aliases -fi - -# I like my own functions file -if [ -f ~/.bash_functions ]; then - . ~/.bash_functions -fi - -# enable programmable completion features (you don't need to enable -# this, if it's already enabled in /etc/bash.bashrc and /etc/profile -# sources /etc/bash.bashrc). -if ! shopt -oq posix; then - if [ -f /usr/share/bash-completion/bash_completion ]; then - . /usr/share/bash-completion/bash_completion - elif [ -f /etc/bash_completion ]; then - . /etc/bash_completion - fi -fi - -# My classic opener, props to liveoverflow -echo "Knock knock, Agr0." diff --git a/parrot.yml b/parrot.yml deleted file mode 100644 index c599d63..0000000 --- a/parrot.yml +++ /dev/null @@ -1,265 +0,0 @@ ---- - - hosts: localhost - become: yes - vars: - docker_repo_key: "https://download.docker.com/linux/debian/gpg" - docker_repo: "deb [arch=amd64] https://download.docker.com/linux/debian buster stable" - sublime_repo_key: "https://download.sublimetext.com/sublimehq-pub.gpg" - sublime_repo: "deb https://download.sublimetext.com/ apt/stable/" - ysoserial_jar: "https://github.com/frohoff/ysoserial/releases/latest/download/ysoserial-all.jar" - # good_repo: - # - "deb https://mirror.clarkson.edu/parrot/ rolling main contrib non-free" - # - "deb-src https://mirror.clarkson.edu/parrot/ rolling main contrib non-free" - # bad_repo: - # - "deb https://deb.parrot.sh/parrot/ rolling main contrib non-free" - # - "deb-src https://deb.parrot.sh/parrot/ rolling main contrib non-free" - tasks: - - name: Add Docker Repo Key - ansible.builtin.apt_key: - url: "{{ docker_repo_key }}" - state: present - - - name: Add Docker Repo - ansible.builtin.apt_repository: - repo: "{{ docker_repo }}" - state: present - - - name: Add Sublime Text Repo Key - ansible.builtin.apt_key: - url: "{{ sublime_repo_key }}" - state: present - - - name: Add Sublime Text Repo - ansible.builtin.apt_repository: - repo: "{{ sublime_repo }}" - state: present - - # - name: Not using auto-repo (this may work for you, but not for me) - # apt_repository: - # repo: "{{ item }}" - # state: absent - # loop: "{{ bad_repo }}" - - # - name: Specifying a better repo - # apt_repository: - # repo: "{{ item }}" - # state: present - # loop: "{{ good_repo }}" - - - name: Ensuring all packages are up to date - ansible.builtin.apt: - update_cache: yes - upgrade: dist - - - name: Get this neovim crap outta here (╯°□°)╯︵ ┻━┻ - ansible.builtin.apt: - name: neovim - state: absent - - - name: Installing one-off packages from package manager - ansible.builtin.apt: - update_cache: yes - name: - - vim - - gawk - - terminator - - gobuster - - python3-dev - - python3-pip - - pipx - - neo4j - - rlwrap - - eog - - xclip - - steghide - - git - - ltrace - - strace - - gdb - - gdbserver - - docker - - docker-compose - - forensics-extra - - ncat - - jq - - powershell - - samba - - tmux - - libssl-dev - - libffi-dev - - build-essential - - open-vm-tools - - open-vm-tools-desktop - - remmina - - sublime-text - state: latest - force_apt_get: yes - - - name: Install CrackMapExec - community.general.pipx: - name: crackmapexec - - - name: Install ShellUp! - ansible.builtin.git: - repo: 'https://github.com/AgroDan/shellup.git' - dest: /opt/shellup - - - name: Install Seclists (Kali has this in the repos) - ansible.builtin.git: - repo: 'https://github.com/danielmiessler/SecLists.git' - dest: /opt/seclists - - - name: Install pwntools - ansible.builtin.pip: - name: git+https://github.com/Gallopsled/pwntools.git@dev - - - name: Clone Invoke-Obfuscation (•_•) ( •_•)>⌐■-■ (⌐■_■) - ansible.builtin.git: - repo: 'https://github.com/danielbohannon/Invoke-Obfuscation' - dest: /opt/Invoke-Obfuscation - - - name: Clone JumboJohn - ansible.builtin.git: - repo: 'https://github.com/magnumripper/JohnTheRipper' - dest: /opt/JohnTheRipper - - - name: Compiling JumboJohn, hold onto yer butts... - ansible.builtin.command: chdir=/opt/JohnTheRipper/src {{ item }} - with_items: - - ./configure - - make - - make install - - - name: Clone Nishang - ansible.builtin.git: - repo: 'https://github.com/samratashok/nishang' - dest: /opt/nishang - - - name: Clone Chisel - ansible.builtin.git: - repo: 'https://github.com/jpillora/chisel' - dest: /opt/chisel - - - name: Clone LinEnum - ansible.builtin.git: - repo: 'https://github.com/rebootuser/LinEnum' - dest: /opt/LinEnum - - - name: Clone PEASS - ansible.builtin.git: - repo: 'https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite' - dest: /opt/privilege-escalation-awesome-scripts-suite - - - name: Clone PowerSploit - ansible.builtin.git: - repo: 'https://github.com/PowerShellMafia/PowerSploit' - dest: /opt/PowerSploit - - - name: Clone Impacket - ansible.builtin.git: - repo: 'https://github.com/SecureAuthCorp/impacket' - dest: /opt/impacket - - - name: Clone Bloodhound - ansible.builtin.git: - repo: 'https://github.com/BloodHoundAD/BloodHound' - dest: /opt/BloodHound - - - name: Clone Gef - ansible.builtin.git: - repo: 'https://github.com/hugsy/gef.git' - dest: /opt/gef - - - name: Clone Static Binaries - ansible.builtin.git: - repo: 'https://github.com/andrew-d/static-binaries' - dest: /opt/static-binaries - - - name: Clone Ysoserial - ansible.builtin.git: - repo: 'https://github.com/frohoff/ysoserial' - dest: /opt/ysoserial - - - name: Downloading Ysoserial JAR file - ansible.builtin.get_url: - url: "{{ ysoserial_jar }}" - dest: /opt/ysoserial/ysoserial-all.jar - mode: '0644' - - - name: Get Evil-WinRM via gem installer - ansible.builtin.gem: - name: evil-winrm - state: latest - user_install: no - - - name: Disable mouse interactivity in vim (╯°□°)╯︵ ┻━┻ - ansible.builtin.blockinfile: - path: /etc/vim/vimrc - marker: "\" {mark} ANSIBLE MANAGED BLOCK" - insertafter: EOF - state: present - block: | - set mouse= - set ttymouse= - - - name: Getting all interactive users <<hack hack hack>> - ansible.builtin.shell: "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1}' /etc/passwd" - register: users - - - name: Initialize Gef for all users - ansible.builtin.script: /opt/gef/scripts/gef.sh - become_user: "{{ item }}" - loop: "{{ users.stdout_lines }}" - - - name: Copying over bashrc file to all users - ansible.builtin.copy: - src: /tmp/master-bashrc - dest: "~{{ item }}/.bashrc" - owner: "{{ item }}" - group: "{{ item }}" - mode: '0640' - loop: "{{ users.stdout_lines }}" - - - name: Copying over bash functions file for all users - ansible.builtin.copy: - src: /tmp/master-bash_functions - dest: "~{{ item }}/.bash_functions" - owner: "{{ item }}" - group: "{{ item }}" - mode: '0640' - loop: "{{ users.stdout_lines }}" - - - name: Copying over tmux config to all users - ansible.builtin.copy: - src: /tmp/master-tmux_conf - dest: "~{{ item }}/.tmux.conf" - owner: "{{ item }}" - group: "{{ item }}" - mode: '0640' - loop: "{{ users.stdout_lines }}" - - - name: Create /srv/smb/ directory for payload population - ansible.builtin.file: - path: /srv/smb - state: directory - mode: '0755' - - - name: Creating IWR share in samba config - ansible.builtin.blockinfile: - path: /etc/samba/smb.conf - insertafter: EOF - state: present - block: | - [iwr] - comment = Invoke-WebReq'd em? Damn near killed em! - path = /srv/smb - guest ok = yes - browseable = yes - create mask = 0600 - directory mask = 0755 - - - name: Ensure that samba doesn't start on boot - ansible.builtin.systemd: - name: smbd - enabled: no - state: stopped diff --git a/setup-kali.sh b/setup-kali.sh deleted file mode 100644 index d8f2471..0000000 --- a/setup-kali.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as sudo or root." - exit 1 -fi - -# Generate psuedo-random string to fool servers into not giving you -# cached crap, mostly for debugging purposes. This is kinda neato -RANDO=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n1) - -echo "***********************************" -echo "* Installing pip *" -echo "***********************************" - -curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py -python3 /tmp/get-pip.py --user --no-warn-script-location - -export PATH=$PATH:/root/.local/bin - -echo "***********************************" -echo "* Installing ansible *" -echo "***********************************" - -pip install ansible - -echo "***********************************" -echo "* Pulling master bashrc *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-bashrc?nocache=$RANDO" -o /tmp/master-bashrc - -echo "***********************************" -echo "* Pulling bash_functions *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-bash_functions?nocache=$RANDO" -o /tmp/master-bash_functions - -echo "***********************************" -echo "* Pulling .tmux.conf *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-tmux_conf?nocache=$RANDO" -o /tmp/master-tmux_conf - -echo "***********************************" -echo "* Running Kali playbook *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/kali.yml?nocache=$RANDO" -o /tmp/kali.yml - -ansible-playbook /tmp/kali.yml - -echo "***********************************" -echo "* Cleaning up *" -echo "***********************************" - -rm -f /tmp/master-bashrc /tmp/master-bash_functions /tmp/master-tmux_conf /tmp/get-pip.py /tmp/kali.yml - -echo "***********************************" -echo "* Done! *" -echo "***********************************" - -echo "You should be set up. Check above for any errors." diff --git a/setup-parrot.sh b/setup-parrot.sh deleted file mode 100644 index 314719e..0000000 --- a/setup-parrot.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash - -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as sudo or root." - exit 1 -fi - -# Generate psuedo-random string to fool servers into not giving you -# cached crap, mostly for debugging purposes. This is kinda neato -RANDO=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n1) - -echo "***********************************" -echo "* Installing pip *" -echo "***********************************" - -curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py -python3 /tmp/get-pip.py --user --no-warn-script-location - -export PATH=$PATH:/root/.local/bin - -echo "***********************************" -echo "* Installing ansible *" -echo "***********************************" - -pip install ansible - -echo "***********************************" -echo "* Installing Ansible Collection *" -echo "***********************************" - -ansible-galaxy collection install community.general - -echo "***********************************" -echo "* Pulling master bashrc *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-bashrc?nocache=$RANDO" -o /tmp/master-bashrc - -echo "***********************************" -echo "* Pulling bash_functions *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-bash_functions?nocache=$RANDO" -o /tmp/master-bash_functions - -echo "***********************************" -echo "* Pulling .tmux.conf *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/master-tmux_conf?nocache=$RANDO" -o /tmp/master-tmux_conf - -echo "***********************************" -echo "* Running ParrotOS playbook *" -echo "***********************************" - -curl -sL "http://raw.github.com/AgroDan/FreshInstall/master/parrot.yml?nocache=$RANDO" -o /tmp/parrot.yml - -ansible-playbook /tmp/parrot.yml - -echo "***********************************" -echo "* Cleaning up *" -echo "***********************************" - -rm -f /tmp/master-bashrc /tmp/master-bash_functions /tmp/master-tmux_conf /tmp/get-pip.py /tmp/parrot.yml - -echo "***********************************" -echo "* Done! *" -echo "***********************************" - -echo "You should be set up. Check above for any errors." diff --git a/setup.sh b/setup.sh new file mode 100644 index 0000000..50a7f46 --- /dev/null +++ b/setup.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Exit immediately on failure +set -eu + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as sudo or root." + exit 1 +fi + +PATH_TO_SCRIPT=$(dirname $0) +ZSH_FUNC_FILE="zsh_functions.zsh" +TMUX_FILE="tmux_conf" + +echo "***********************************" +echo "* Installing pip *" +echo "***********************************" + +curl -s https://bootstrap.pypa.io/get-pip.py -o /tmp/get-pip.py +python3 /tmp/get-pip.py --user --no-warn-script-location + +export PATH=$PATH:/root/.local/bin + +echo "***********************************" +echo "* Installing ansible *" +echo "***********************************" + +pip install ansible + +echo "***********************************" +echo "* Running Kali playbook *" +echo "***********************************" + +ansible-playbook ${PATH_TO_SCRIPT}/kali.yml --extra-vars "tmux=${PATH_TO_SCRIPT}/${TMUX_FILE} zsh_func=${PATH_TO_SCRIPT}/${ZSH_FUNC_FILE}" + +echo "***********************************" +echo "* Done! *" +echo "***********************************" + +echo "You should be set up. Check above for any errors." diff --git a/master-tmux_conf b/tmux_conf index 55cf067..55cf067 100644 --- a/master-tmux_conf +++ b/tmux_conf diff --git a/zsh_functions.zsh b/zsh_functions.zsh new file mode 100644 index 0000000..5dd56f6 --- /dev/null +++ b/zsh_functions.zsh @@ -0,0 +1,17 @@ +# This is a handy list of functions I use + +scan() { + SCANDIR="${PWD}/nmap_scans" + if [ -z $1 ]; + then + read "TARGET?Enter a target: " + else + TARGET=$1 + fi + + echo "Scanning ${TARGET}..." + mkdir -p $SCANDIR + sudo nmap -sS -sV -sC -oN $SCANDIR/initial-scan -v $TARGET + sudo nmap -sS -p- -oN $SCANDIR/allports -v0 $TARGET &disown + sudo nmap -sU -oN $SCANDIR/udpports -v0 $TARGET &disown +}
\ No newline at end of file |