Now using ansible roles. also removed linpeass

10 files changed, 276 insertions, 0 deletions

diff --git a/roles/custom-config/README.md b/roles/custom-config/README.md
new file mode 100644
index 0000000..225dd44
--- /dev/null
+++ b/roles/custom-config/README.md
@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).
diff --git a/roles/custom-config/defaults/main.yml b/roles/custom-config/defaults/main.yml
new file mode 100644
index 0000000..ccefed4
--- /dev/null
+++ b/roles/custom-config/defaults/main.yml
@@ -0,0 +1,2 @@
+---
+# defaults file for custom-config
diff --git a/roles/custom-config/files/tmux_conf b/roles/custom-config/files/tmux_conf
new file mode 100644
index 0000000..55cf067
--- /dev/null
+++ b/roles/custom-config/files/tmux_conf
@@ -0,0 +1,14 @@
+# remap CTRL-b to CTRL-a because it's better
+unbind C-b
+set-option -g prefix C-a
+bind-key C-a send-prefix
+
+# vi master race
+set -g mode-keys vi
+set -sg escape-time 0
+
+# I <3 history
+set -g history-limit 500000
+
+# colors!
+set -g default-terminal "screen-256color"
diff --git a/roles/custom-config/files/zsh_functions.zsh b/roles/custom-config/files/zsh_functions.zsh
new file mode 100644
index 0000000..e6df6e0
--- /dev/null
+++ b/roles/custom-config/files/zsh_functions.zsh
@@ -0,0 +1,26 @@
+# This is a handy list of functions I use
+
+scan() {
+	SCANDIR="${PWD}/nmap_scans"
+	if [ -z $1 ];
+	then
+		read "TARGET?Enter a target: "
+	else
+		TARGET=$1
+	fi
+
+	echo "Scanning ${TARGET}..."
+	mkdir -p $SCANDIR
+	sudo nmap -sS -sV -sC -oN $SCANDIR/initial-scan -v $TARGET
+	sudo nmap -sS -p- -oN $SCANDIR/allports -v0 $TARGET &disown
+	sudo nmap -sU -oN $SCANDIR/udpports -v0 $TARGET &disown
+}
+
+# Get latest version of linpeas and download to current directory
+alias getlinpeas='curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh > linpeas.sh'
+
+# I use this a ton
+alias webserver='python -m http.server'
+
+# hey why not, change this number to your preferred revshell port.
+alias revshell='ncat -lvnp 9090'
\ No newline at end of file
diff --git a/roles/custom-config/handlers/main.yml b/roles/custom-config/handlers/main.yml
new file mode 100644
index 0000000..2fee87f
--- /dev/null
+++ b/roles/custom-config/handlers/main.yml
@@ -0,0 +1,2 @@
+---
+# handlers file for custom-config
diff --git a/roles/custom-config/meta/main.yml b/roles/custom-config/meta/main.yml
new file mode 100644
index 0000000..c572acc
--- /dev/null
+++ b/roles/custom-config/meta/main.yml
@@ -0,0 +1,52 @@
+galaxy_info:
+  author: your name
+  description: your role description
+  company: your company (optional)
+
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+
+  # Choose a valid license ID from https://spdx.org - some suggested licenses:
+  # - BSD-3-Clause (default)
+  # - MIT
+  # - GPL-2.0-or-later
+  # - GPL-3.0-only
+  # - Apache-2.0
+  # - CC-BY-4.0
+  license: license (GPL-2.0-or-later, MIT, etc)
+
+  min_ansible_version: 2.1
+
+  # If this a Container Enabled role, provide the minimum Ansible Container version.
+  # min_ansible_container_version:
+
+  #
+  # Provide a list of supported platforms, and for each platform a list of versions.
+  # If you don't wish to enumerate all versions for a particular platform, use 'all'.
+  # To view available platforms and versions (or releases), visit:
+  # https://galaxy.ansible.com/api/v1/platforms/
+  #
+  # platforms:
+  # - name: Fedora
+  #   versions:
+  #   - all
+  #   - 25
+  # - name: SomePlatform
+  #   versions:
+  #   - all
+  #   - 1.0
+  #   - 7
+  #   - 99.99
+
+  galaxy_tags: []
+    # List tags for your role here, one per line. A tag is a keyword that describes
+    # and categorizes the role. Users find roles by searching for tags. Be sure to
+    # remove the '[]' above, if you add tags to this list.
+    #
+    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
+    #       Maximum 20 tags per role.
+
+dependencies: []
+  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
+  # if you add dependencies to this list.
diff --git a/roles/custom-config/tasks/main.yml b/roles/custom-config/tasks/main.yml
new file mode 100644
index 0000000..1a7de05
--- /dev/null
+++ b/roles/custom-config/tasks/main.yml
@@ -0,0 +1,132 @@
+---
+# tasks file for custom-config
+- name: Getting all interactive users
+  #ansible.builtin.shell "awk -F: '{ if (($3 >= 1000 && $3 != 65534) || $3 == 0) print $1)' /etc/passwd"
+  ansible.builtin.shell: "grep -E '(ba|da|k|c|z|tc|b|a|sc|sh)$' /etc/passwd"
+  register: users
+
+- name: Install Kitty Terminal Emulator 🐱
+  ansible.builtin.shell:
+    cmd: "/usr/bin/curl -sL {{ kitty_installer }} | sh /dev/stdin dest=/opt launch=n"
+
+- name: Create Desktop Icon for Kitty 🐱
+  ansible.builtin.copy:
+    dest: "/usr/share/applications/kitty.desktop"
+    content: |
+      [Desktop Entry]
+      Version=0.26.2
+      Type=Application
+      Name=Kitty Terminal Emulator
+      Exec=/opt/kitty.app/bin/kitty
+      Icon=/opt/kitty.app/share/icons/hicolor/256x256/apps/kitty.png
+      Categories=Utility
+
+- name: Prepare kitty.conf files for all interactive users 🐱
+  loop: "{{ users.stdout_lines }}"
+  ansible.builtin.file:
+    dest: "~{{ item }}/.config/kitty/"
+    state: directory
+    recurse: yes
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: 0755
+
+- name: Prepare personalized configs for Kitty 🐱
+  loop: "{{ users.stdout_lines }}"
+  ansible.builtin.blockinfile:
+    path: "~{{ item }}/.config/kitty/kitty.conf"
+    insertafter: EOF
+    create: yes
+    state: present
+    block: |
+      # New windows open in current directory
+      map ctrl+shift+enter launch --cwd=current
+
+      # New tabs open in current directory
+      map ctrl+t new_tab --cwd=current
+
+      # The coveted "zoom" function
+      map ctrl+shift+z toggle_layout stack
+      
+      # disable mouse-click a link to open in a browser
+      mouse_map left click ungrabbed no_op
+
+- name: Disable mouse interactivity in vim (╯°□°)╯︵ ┻━┻
+  ansible.builtin.blockinfile:
+    path: /etc/vim/vimrc
+    marker: "\" {mark} ANSIBLE MANAGED BLOCK"
+    insertafter: EOF
+    state: present
+    block: |
+      set mouse=
+      set ttymouse=
+
+- name: Add sudo-NOPASSWD to users
+  loop: "{{ users.stdout_lines }}"
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers
+    state: present
+    insertafter: EOF
+    line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
+    validate: /usr/sbin/visudo -cf %s
+
+- name: Initialize Gef for all users
+  ansible.builtin.script: /opt/gef/scripts/gef.sh
+  become_user: "{{ item }}"
+  loop: "{{ users.stdout_lines }}"
+
+- name: Copying over zsh functions file for all users
+  ansible.builtin.copy:
+    src: zsh_functions.zsh
+    dest: "{{ item }}/.zsh_functions"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: '0640'
+  loop: "{{ users.stdout_lines }}"
+
+- name: Enabling zsh functions
+  loop: "{{ users.stdout_lines }}"
+  ansible.builtin.blockinfile:
+    path: "~{{ item }}/.zshrc"
+    state: present
+    insertafter: EOF
+    owner: "{{ item }}"
+    block: |
+      if [ -f ~/.zsh_functions]; then
+        source ~/.zsh_functions
+      fi
+
+- name: Copying over tmux config to all users
+  ansible.builtin.copy:
+    src: tmux_conf
+    dest: "~{{ item }}/.tmux.conf"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: '0640'
+  loop: "{{ users.stdout_lines }}"
+
+- name: Create /srv/smb/ directory for payload population
+  ansible.builtin.file:
+    path: /srv/smb
+    state: directory
+    mode: '0755'
+
+- name: Creating IWR share in samba config
+  ansible.builtin.blockinfile:
+    path: /etc/samba/smb.conf
+    insertafter: EOF
+    state: present
+    block: |
+      [iwr]
+        comment = Invoke-WebReq'd em? Damn near killed em!
+        path = /srv/smb
+        guest ok = yes
+        browseable = yes
+        create mask = 0600
+        directory mask = 0755
+
+- name: Ensure that samba doesn't start on boot
+  ansible.builtin.systemd:
+    name: smbd
+    enabled: no
+    state: stopped
diff --git a/roles/custom-config/tests/inventory b/roles/custom-config/tests/inventory
new file mode 100644
index 0000000..878877b
--- /dev/null
+++ b/roles/custom-config/tests/inventory
@@ -0,0 +1,2 @@
+localhost
+
diff --git a/roles/custom-config/tests/test.yml b/roles/custom-config/tests/test.yml
new file mode 100644
index 0000000..181d731
--- /dev/null
+++ b/roles/custom-config/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  remote_user: root
+  roles:
+    - custom-config
diff --git a/roles/custom-config/vars/main.yml b/roles/custom-config/vars/main.yml
new file mode 100644
index 0000000..60c28e5
--- /dev/null
+++ b/roles/custom-config/vars/main.yml
@@ -0,0 +1,3 @@
+---
+# vars file for custom-config
+kitty_installer: "https://sw.kovidgoyal.net/kitty/installer.sh"