commit f3b8d793a77d376fd1b653958253377e2f7373f7 Author: PrincessPi3 Date: Sat Aug 2 12:42:31 2025 -0600 initial commit via gitinitshit diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..d7f264e --- /dev/null +++ b/.gitattributes @@ -0,0 +1,9 @@ +* text eol=lf +*.txt text eol=lf +*.sh text eol=lf +*.ini text eol=lf +*.yml text eol=lf +*.md text eol= +.env text eol=lf +*.ps1 text eol=crlf +*.bat text eol=crlf \ No newline at end of file diff --git a/Ansible/ansible-playbook.yml b/Ansible/ansible-playbook.yml new file mode 100644 index 0000000..d4911f9 --- /dev/null +++ b/Ansible/ansible-playbook.yml @@ -0,0 +1,218 @@ +--- +- name: 'Configure Remote Servers' + hosts: remoteservers + vars_files: + - './variables.yml' + tasks: +# packages + - name: 'Updating apt cache' + apt: + force_apt_get: True + update_cache: True + - name: 'Upgrading all apt packages' + apt: + force_apt_get: True + upgrade: full + become: yes + - name: 'Selected packages to install:' + debug: + msg: "{{ item }}" + loop: "{{ list_of_packages }}" + - name: "Installing packages" + apt: + force_apt_get: True + name: "{{ list_of_packages }}" + state: present + - name: 'Remove useless packages from the cache' + apt: + force_apt_get: True + autoclean: yes + - name: 'Run the equivalent of apt-get clean' + apt: + force_apt_get: True + clean: yes +# add and configure the user + - name: "Add the user {{ new_username }}" + user: + name: "{{ new_username }}" + shell: "{{ login_shell }}" + # password: "{{ user_password }}" + groups: 'sudo,www-data' + append: yes + - name: "Set authorized key for {{ new_username }}" + ansible.posix.authorized_key: + user: "{{ new_username }}" + key: "{{ ssh_key_auth }}" + state: present +# zsh + - name: 'Setting up zsh' + blockinfile: + path: "/home/{{ new_username }}/.zshrc" + block: | + # Set up the prompt + autoload -Uz promptinit + promptinit + prompt adam1 + setopt histignorealldups sharehistory + # Use emacs keybindings even if our EDITOR is set to vi + bindkey -e + # Keep 1000 lines of history within the shell and save it to ~/.zsh_history: + HISTSIZE=1000 + SAVEHIST=1000 + HISTFILE=~/.zsh_history + # Use modern completion system + autoload -Uz compinit + compinit + zstyle ':completion:*' auto-description 'specify: %d' + zstyle ':completion:*' completer _expand _complete _correct _approximate + zstyle ':completion:*' format 'Completing %d' + zstyle ':completion:*' group-name '' + zstyle ':completion:*' menu select=2 + eval "$(dircolors -b)" + zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS} + zstyle ':completion:*' list-colors '' + zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s + zstyle ':completion:*' matcher-list '' 'm:{a-z}={A-Z}' 'm:{a-zA-Z}={A-Za-z}' 'r:|[._-]=* r:|=* l:|=*' + zstyle ':completion:*' menu select=long + zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s + zstyle ':completion:*' use-compctl false + zstyle ':completion:*' verbose true + zstyle ':completion:*:*:kill:*:processes' list-colors '=(#b) #([0-9]#)*=0=01;31' + zstyle ':completion:*:kill:*' command 'ps -u $USER -o pid,%cpu,tty,cputime,cmd' + eval $(thefuck --alias fuck) + PATH=~/.local/bin/:$PATH + mode: '0744' + owner: "{{ new_username }}" + group: "{{ new_username }}" + state: present + create: True +# ufw + - name: 'UFW default allow everything outgoing' + community.general.ufw: + default: allow + direction: 'outgoing' + - name: 'UFW default deny everything incoming' + community.general.ufw: + default: deny # reject to throw error instead of drop quietly + direction: 'incoming' + - name: 'UFW enable logging' + community.general.ufw: + logging: 'on' + - name: 'UFW selected rules:' + debug: + msg: "{{item.name}}/{{item.proto}}" + loop: "{{ open_services }}" + - name: 'UFW setting rules' + community.general.ufw: + rule: allow + port: "{{ item.name }}" + proto: "{{ item.proto }}" + loop: "{{ open_services }}" + - name: 'UFW enable' + community.general.ufw: + state: enabled + become: yes +# unattended upgrades + - name: 'Unattended upgrades initial dpkg reconfigure' + command: + cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades' + become: yes + - name: 'Unattended upgrades configure 20auto-upgrades' + blockinfile: + dest: '/etc/apt/apt.conf.d/20auto-upgrades' + block: | + APT::Periodic::Update-Package-Lists "1"; + APT::Periodic::Unattended-Upgrade "1"; + mode: '0644' + owner: 'root' + group: 'root' + state: present + insertafter: EOF + become: yes + - name: 'Unattended upgrades configure 50unattended-upgrades' + blockinfile: + dest: '/etc/apt/apt.conf.d/50unattended-upgrades' + block: | + Unattended-Upgrade::Automatic-Reboot "true"; + Unattended-Upgrade::Automatic-Reboot-Time "{{ reboot_time }}"; + create: True + insertafter: EOF + mode: '0644' + owner: 'root' + group: 'root' + become: yes + - name: 'Unattended upgrades configure daily timer' + lineinfile: + path: '/lib/systemd/system/apt-daily-upgrade.timer' + regexp: '^OnCalendar' + line: "OnCalendar=*-*-* {{ install_time }}" + state: present + become: yes + - name: 'Unattended upgrades configure reboot offset' + lineinfile: + path: '/lib/systemd/system/apt-daily-upgrade.timer' + regexp: '^RandomizedDelaySec' + line: "RandomizedDelaySec={{ reboot_offset }}" + state: present + become: yes + - name: 'Unattended upgrades last dpkg reconfigure' + command: + cmd: 'dpkg-reconfigure -f noninteractive unattended-upgrades' + become: yes +# customscripts + - name: 'Customscripts download' + git: + repo: "{{ custom_scripts_repo }}" + dest: '/tmp/cscripts' + - name: "Create directory {{ custom_scripts_dir }}" + file: + path: "{{ custom_scripts_dir }}" + state: directory + mode: '0755' + owner: 'root' + group: 'root' + become: yes + - name: 'Customscripts installing' + command: + cmd: "cp /tmp/cscripts/customscripts/{{ item }} {{ custom_scripts_dir }}" + loop: "{{ custom_scripts }}" + become: yes + - name: 'Customscripts activating' + command: + cmd: "chmod 755 {{ custom_scripts_dir }}/{{ item }}" + loop: "{{ custom_scripts }}" + become: yes +# crontabs + - name: 'Crontab chkrootkit' + cron: + name: 'chkrootkit' + minute: '0' + hour: '8' + user: 'root' + job: 'chkrootkit -q' + state: present + become: yes + - name: 'Crontab lynis' + cron: + name: 'lynis' + minute: '0' + hour: '11' + user: 'root' + job: 'lynis -q' + state: present + become: yes +# enable services + - name: 'enable/restart nginx' + service: + name: 'nginx' + enabled: True + state: 'restarted' + become: yes + - name: 'enable/restart ssh' + service: + name: 'ssh' + enabled: True + state: 'restarted' + become: yes + + \ No newline at end of file diff --git a/Ansible/inventory.ini b/Ansible/inventory.ini new file mode 100644 index 0000000..ea6d777 --- /dev/null +++ b/Ansible/inventory.ini @@ -0,0 +1,2 @@ +[remoteservers] +someserver ansible_user=root ansible_host=1.1.1.1 \ No newline at end of file diff --git a/Ansible/notes.txt b/Ansible/notes.txt new file mode 100644 index 0000000..76c21bb --- /dev/null +++ b/Ansible/notes.txt @@ -0,0 +1,10 @@ +cd ~ && mkdir ansible-playbook && cd ansible-playbook +ansible-playbook ansible-playbook.yml -i inventory.ini +ansible remoteservers -m ping + +# errata +ssh root@ip + passwd princesspi +sudo nano /etc/ssh/sshd_config +sudo ufw allow 8888 +sudo bash /usr/share/customscripts/crowdsec.sh \ No newline at end of file diff --git a/Ansible/scratch.txt b/Ansible/scratch.txt new file mode 100644 index 0000000..46cf8b7 --- /dev/null +++ b/Ansible/scratch.txt @@ -0,0 +1,230 @@ + - name: "Install python3" + apt: + name: python3 + state: present + - name: "Install python3-pip" + apt: + name: python3-pip + state: present + - name: "Install python3-virtualenv" + apt: + name: python3-virtualenv + state: present + - name: "Install thefuck" + apt: + name: thefuck + state: present + - name: "Install python3-setuptools" + apt: + name: python3-setuptools + state: present + - name: "Install nginx" + apt: + name: nginx + state: present + - name: "Install wget" + apt: + name: wget + state: present + - name: "Install htop" + apt: + name: htop + state: present + - name: "Install btop" + apt: + name: btop + state: present + - name: "Install lynx" + apt: + name: lynx + state: present + - name: "Install neovim" + apt: + name: neovim + state: present + - name: "Install docker.io" + apt: + name: docker.io + state: present + - name: "Install docker-compose" + apt: + name: docker-compose + state: present + - name: "Install screen" + apt: + name: screen + state: present + - name: "Install byobu" + apt: + name: byobu + state: present + - name: "Install zsh" + apt: + name: zsh + state: present + - name: "Install nmap" + apt: + name: nmap + state: present + - name: "Install iptraf" + apt: + name: iptraf + state: present + - name: "Install iotop" + apt: + name: iotop + state: present + - name: "Install zip" + apt: + name: zip + state: present + - name: "Install unzip" + apt: + name: unzip + state: present + - name: "Install net-tools" + apt: + name: net-tools + state: present + - name: "Install git" + apt: + name: git + state: present + - name: "Install chkrootkit" + apt: + name: chkrootkit + state: present + - name: "Install fail2ban" + apt: + name: fail2ban + state: present + - name: "Install lynis" + apt: + name: lynis + state: present + + +# thefuck + - name: "thefuck append to .zshrc" + lineinfile: + path: "/home/{{ username }}/.zshrc" + line: 'eval $(thefuck --alias fuck)' + insertafter: EOF + mode: '0744' + owner: "{{ username }}" + group: "{{ username }}" + state: present + create: True + +# PATH + - name: ".zshrc PATH adding ~/.local/bin" + lineinfile: + path: "/home/{{ username }}/.zshrc" + line: 'PATH=~/.local/bin/:$PATH' + state: present + insertafter: EOF + mode: "0744" + owner: "{{ username }}" + group: "{{ username }}" + create: True + become: True + become_method: su + become_user: "{{ username }}" + + +# ssh + - name: "SSH allow {{ username }} only" + lineinfile: + path: '/etc/ssh/sshd_config' + line: "AllowUsers {{ username }}" + state: present + insertafter: EOF + mode: "0644" + owner: root + group: root + - name: 'SSH disable password auth' + lineinfile: + path: '/etc/ssh/sshd_config' + regexp: '^PermitRootLogin' + line: 'PermitRootLogin no' + state: present + insertafter: EOF + mode: "0644" + owner: root + group: root + + + - name: "UFW allow ssh" + community.general.ufw: + rule: allow + port: ssh + proto: tcp + delete: true + - name: "UFW allow http" + community.general.ufw: + rule: allow + port: http + proto: any + delete: true + - name: "UFW allow https" + community.general.ufw: + rule: allow + port: https + proto: any + delete: true + + + - name: 'Customscripts download' + command: + cmd: 'git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git /tmp/cscripts' + become: yes + + + + - name: "Create directory {{ custom_scripts_dir }}" + file: + path: "{{ custom_scripts_dir }}" + state: directory + mode: '0755' + owner: 'root' + group: 'root' + become: yes + - name: 'Customscripts copy add_user_ssh.sh' + copy: + remote_src: False + src: '/tmp/cscripts/customscripts/add_user_ssh.sh' + dest: "{{ custom_scripts_dir }}/add_user_ssh.sh" + mode: '0744' + owner: 'root' + group: 'root' + become: yes + - name: "Customscripts copy crowdsec.sh" + copy: + remote_src: False + src: '/tmp/cscripts/customscripts/crowdsec.sh' + dest: "{{ custom_scripts_dir }}/crowdsec.sh" + mode: '0744' + owner: 'root' + group: 'root' + become: yes + - name: "Customscripts copy fix_permissions.sh" + copy: + remote_src: False + src: '/tmp/cscripts/customscripts/fix_permissions.sh' + dest: "{{ custom_scripts_dir }}/fix_permissions.sh" + mode: '0744' + owner: 'root' + group: 'root' + become: yes + +# crowdsec + - name: 'Crowdsec' + command: + cmd: "bash {{ custom_scripts_dir }}/crowdsec.sh" + become: yes + + - name: 'enable/restart crowdsec' + service: + name: 'crowdsec' + enabled: True + state: 'restarted' diff --git a/Ansible/variables.yml b/Ansible/variables.yml new file mode 100644 index 0000000..d854e94 --- /dev/null +++ b/Ansible/variables.yml @@ -0,0 +1,48 @@ +new_username: 'princesspi' +install_time: '02:00' +reboot_time: '03:00' +reboot_offset: '20m' +login_shell: '/usr/bin/zsh' # which zsh +custom_scripts_dir: '/usr/share/customscripts' +custom_scripts_repo: 'https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git' +# password is precalculated hash +# mkpasswd --method=sha-512 +# defaultpassword### +# user_password: '$6$n3ybB6uVX.BwKiR4$vjENClERci2hmAkn9d9a8EUFAfnUlsH.R6/8EIXx1bu.k.bC7l/aE//s9ONw/PcbSQ2.hRdUgjxFrJ54/NhBm0' +ssh_key_auth: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72' +list_of_packages: + - 'unattended-upgrades' + - 'python3' + - 'python3-pip' + - 'python3-virtualenv' + - 'python3-setuptools' + - 'thefuck' + - 'nginx' + - 'wget' + - 'htop' + - 'btop' + - 'lynx' + - 'neovim' + - 'docker.io' + - 'docker-compose' + - 'screen' + - 'byobu' + - 'zsh' + - 'nmap' + - 'iptraf' + - 'iotop' + - 'zip' + - 'unzip' + - 'net-tools' + - 'git' + - 'chkrootkit' + - 'fail2ban' + - 'lynis' +open_services: + - { name: 'ssh', proto: 'tcp' } + - { name: 'http', proto: 'tcp' } + - { name: 'https', proto: 'tcp' } +custom_scripts: + - 'crowdsec.sh' + - 'add_user_ssh.sh' + - 'fix_permissions.sh' \ No newline at end of file diff --git a/Dark Web Hosting/deep_web_init.txt b/Dark Web Hosting/deep_web_init.txt new file mode 100644 index 0000000..9fa62b9 --- /dev/null +++ b/Dark Web Hosting/deep_web_init.txt @@ -0,0 +1,87 @@ +0) Anything inside < and > for example is a bit of text you provide so if I say "" you would replace with something like "password123" +1) acquire btc + spot app + coinmama +2) tumble btc deep web +3) put btc in deep web wallet +4) launch host on bithost + https://bithost.io + // Ubuntu 20.04 LTS with minimum 1gb RAM +5) lock down bitohst jump box to VPN IP +6) generate keys on bithost +5) get key from sporehost and launch server + http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/ +6) log in from bithost on VPN +sudo -i +apt update +apt upgrade +ufw allow ssh +ufw enable +apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap +a2enmod ssl +systemctl restart apache2 +mysql_secure_installation + password validation: 2 + // update phpmyadmin repo/install from git pull + // this is a workaround for an old phpmyadmin repo on the 20.04 LTS + // mysql -h localhost -u root -p + // UNINSTALL COMPONENT 'file://component_validate_password'; + // CREATE USER 'rootuser'@'localhost' IDENTIFIED BY ''; // REMEMBER THIS PASSWORD + // GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost'; + // FLUSH PRIVILEGES; + // quit; +apt install phpmyadmin //change to git pull OR updated manual repo + [x] apache2 + [x] YES + [Secure Password] // REMEMBER THIS PASSWORD +cd /var/www/html +ln -s /usr/share/phpmyadmin +mv phpmyadmin pma +//to access phpmyadmin, go to http:///pma //log in with user rootuser and your password from before +systemctl enable tor +systemctl start tor +mkdir /var/www/ +nano /etc/tor/torrc + Ctrl+W "hidden" + >uncomment hidden service 127.0.0.1:80 + >uncomment hidden service dir, name /var/lib/tor/ + Ctrl+X + Y +systemctl restart tor + comment out logging +nano /etc/apache2/sites-available/.conf + + + DocumentRoot /var/www/ + + Ctrl+X + Y +a2ensite +systemctl restart apache2 +cat /var/lib/tor//hostname + save onion address, its your hostname! +// scallion + + +mkdir /usr/share/scripts +nano /usr/share/scripts/perms.sh +``` +#!/bin/bash +chown -R www-data:www-data /var/www/* +find /var/www/* -type d -exec chmod g=rwx "{}" \; +find /var/www/* -type f -exec chmod g=rw "{}" \; +``` + Ctrl+X + Y +chmod +x /usr/share/scripts/perms.sh +sh /usr/share/scripts/perms.sh +crontab -e + 1 +at bottom add +``` +0 8 * * * chkrootkit -q +0 11 * * 0 lynis -q +0 */6 * * * apt update; apt -y upgrade; +``` + Ctrl+X + Y diff --git a/Dark Web Hosting/deep_web_init2.txt b/Dark Web Hosting/deep_web_init2.txt new file mode 100644 index 0000000..89898dc --- /dev/null +++ b/Dark Web Hosting/deep_web_init2.txt @@ -0,0 +1,84 @@ +1) acquire btc + spot app + coinmama +2) tumble btc deep web +3) put btc in deep web wallet +4) launch host on bithost + https://bithost.io + // Ubuntu 20.04 LTS with minimum 1gb RAM +5) lock down bitohst jump box to VPN IP +6) generate keys on bithost +5) get key from sporehost and launch server + http://spore64i5sofqlfz5gq2ju4msgzojjwifls7rok2cti624zyq3fcelad.onion/ +6) log in from bithost on VPN +sudo -i +apt update +apt upgrade +ufw allow ssh +ufw enable +apt install apache2 tor mysql-server php libapache2-mod-php php-mysql php-curl php-gd screen iotop zip unzip lynx htop chkrootkit lynis certbot fail2ban python3 python3-pip curl nmap +a2enmod sslsystemctl restart apache2 +mysql_secure_installation + password validation: 2 + // this is a workaround for an old phpmyadmin repo on the 20.04 LTS + // mysql -h localhost -u root -p + // UNINSTALL COMPONENT 'file://component_validate_password'; + // CREATE USER 'rootuser'@'localhost' IDENTIFIED BY ''; // REMEMBER THIS PASSWORD + // GRANT ALL PRIVILEGES ON *.* TO 'rootuser'@'localhost'; + // FLUSH PRIVILEGES; + // quit; +apt install phpmyadmin //change to git pull OR updated manual repo + [x] apache2 + [x] YES + [Secure Password] // REMEMBER THIS PASSWORD +cd /var/www/html +ln -s /usr/share/phpmyadmin +mv phpmyadmin pma +//to access phpmyadmin, go to http:///pma //log in with user rootuser and your password from before +systemctl enable tor +systemctl start tor +mkdir /var/www/ +nano /etc/tor/torrc + Ctrl+W "hidden" + >uncomment hidden service 127.0.0.1:80 + >uncomment hidden service dir, name /var/lib/tor/ + Ctrl+X + Y +systemctl restart tor + comment out logging +nano /etc/apache2/sites-available/.conf + + + DocumentRoot /var/www/ + + Ctrl+X + Y +a2ensite +systemctl restart apache2 +cat /var/lib/tor//hostname + save onion address, its your hostname! +// scallion + + +mkdir /usr/share/scripts +nano /usr/share/scripts/perms.sh +``` +#!/bin/bash +chown -R www-data:www-data /var/www/* +find /var/www/* -type d -exec chmod g=rwx "{}" \; +find /var/www/* -type f -exec chmod g=rw "{}" \; +``` + Ctrl+X + Y +chmod +x /usr/share/scripts/perms.sh +sh /usr/share/scripts/perms.sh +crontab -e + 1 +at bottom add +``` +0 8 * * * chkrootkit -q +0 11 * * 0 lynis -q +0 */6 * * * apt update; apt -y upgrade; +``` + Ctrl+X + Y diff --git a/How to Secure Your Life (old)/How to Secure Your Life.docx b/How to Secure Your Life (old)/How to Secure Your Life.docx new file mode 100644 index 0000000..0b64da1 Binary files /dev/null and b/How to Secure Your Life (old)/How to Secure Your Life.docx differ diff --git a/How to Secure Your Life (old)/How to Secure Your Life.pdf b/How to Secure Your Life (old)/How to Secure Your Life.pdf new file mode 100644 index 0000000..49c86ff Binary files /dev/null and b/How to Secure Your Life (old)/How to Secure Your Life.pdf differ diff --git a/How to Secure Your Life (old)/How-to-Secure-Your-Life-Wiki.docx b/How to Secure Your Life (old)/How-to-Secure-Your-Life-Wiki.docx new file mode 100644 index 0000000..caa0050 Binary files /dev/null and b/How to Secure Your Life (old)/How-to-Secure-Your-Life-Wiki.docx differ diff --git a/Linux Servers/anti-ddos-rules.txt b/Linux Servers/anti-ddos-rules.txt new file mode 100644 index 0000000..c01a0b8 --- /dev/null +++ b/Linux Servers/anti-ddos-rules.txt @@ -0,0 +1,123 @@ +#IPTABLES RULES +iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT +iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP +iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags SYN,RST SYN,RST -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,RST FIN,RST -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags FIN,ACK FIN -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,URG URG -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,FIN FIN -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ACK,PSH PSH -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP +iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP +iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP +iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP +iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP +iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP +iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP +iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP +iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP +iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP +iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP +iptables -t mangle -A PREROUTING -p icmp -j DROP +iptables -A INPUT -p tcp -m connlimit --connlimit-above 80 -j REJECT --reject-with tcp-reset +iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j ACCEPT +iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP +iptables -t mangle -A PREROUTING -f -j DROP +iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j ACCEPT +iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP +iptables -t raw -A PREROUTING -p tcp -m tcp --syn -j CT --notrack +iptables -A INPUT -p tcp -m tcp -m conntrack --ctstate INVALID,UNTRACKED -j SYNPROXY --sack-perm --timestamp --wscale 7 --mss 1460 +iptables -A INPUT -m conntrack --ctstate INVALID -j DROP +iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set +iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP +iptables -N port-scanning +iptables -A port-scanning -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s --limit-burst 2 -j RETURN +iptables -A port-scanning -j DROP +iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:" +iptables -A INPUT -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP +iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j LOG --log-prefix "portscan:" +iptables -A FORWARD -p tcp -m tcp --dport 139 -m recent --name portscan --set -j DROP +iptables -A INPUT -m recent --name portscan --remove +iptables -A FORWARD -m recent --name portscan --remove +iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP +iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP + +#KERNEL RULES +kernel.printk = 4 4 1 7 +kernel.panic = 10 +kernel.sysrq = 0 +kernel.shmmax = 4294967296 +kernel.shmall = 4194304 +kernel.core_uses_pid = 1 +kernel.msgmnb = 65536 +kernel.msgmax = 65536 +vm.swappiness = 20 +vm.dirty_ratio = 80 +vm.dirty_background_ratio = 5 +fs.file-max = 2097152 +net.core.netdev_max_backlog = 262144 +net.core.rmem_default = 31457280 +net.core.rmem_max = 67108864 +net.core.wmem_default = 31457280 +net.core.wmem_max = 67108864 +net.core.somaxconn = 65535 +net.core.optmem_max = 25165824 +net.ipv4.neigh.default.gc_thresh1 = 4096 +net.ipv4.neigh.default.gc_thresh2 = 8192 +net.ipv4.neigh.default.gc_thresh3 = 16384 +net.ipv4.neigh.default.gc_interval = 5 +net.ipv4.neigh.default.gc_stale_time = 120 +net.netfilter.nf_conntrack_max = 10000000 +net.netfilter.nf_conntrack_tcp_loose = 0 +net.netfilter.nf_conntrack_tcp_timeout_established = 1800 +net.netfilter.nf_conntrack_tcp_timeout_close = 10 +net.netfilter.nf_conntrack_tcp_timeout_close_wait = 10 +net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 20 +net.netfilter.nf_conntrack_tcp_timeout_last_ack = 20 +net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 20 +net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 20 +net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10 +net.ipv4.tcp_slow_start_after_idle = 0 +net.ipv4.ip_local_port_range = 1024 65000 +net.ipv4.ip_no_pmtu_disc = 1 +net.ipv4.route.flush = 1 +net.ipv4.route.max_size = 8048576 +net.ipv4.icmp_echo_ignore_broadcasts = 1 +net.ipv4.icmp_ignore_bogus_error_responses = 1 +net.ipv4.tcp_congestion_control = htcp +net.ipv4.tcp_mem = 65536 131072 262144 +net.ipv4.udp_mem = 65536 131072 262144 +net.ipv4.tcp_rmem = 4096 87380 33554432 +net.ipv4.udp_rmem_min = 16384 +net.ipv4.tcp_wmem = 4096 87380 33554432 +net.ipv4.udp_wmem_min = 16384 +net.ipv4.tcp_max_tw_buckets = 1440000 +net.ipv4.tcp_tw_recycle = 0 +net.ipv4.tcp_tw_reuse = 1 +net.ipv4.tcp_max_orphans = 400000 +net.ipv4.tcp_window_scaling = 1 +net.ipv4.tcp_rfc1337 = 1 +net.ipv4.tcp_syncookies = 1 +net.ipv4.tcp_synack_retries = 1 +net.ipv4.tcp_syn_retries = 2 +net.ipv4.tcp_max_syn_backlog = 16384 +net.ipv4.tcp_timestamps = 1 +net.ipv4.tcp_sack = 1 +net.ipv4.tcp_fack = 1 +net.ipv4.tcp_ecn = 2 +net.ipv4.tcp_fin_timeout = 10 +net.ipv4.tcp_keepalive_time = 600 +net.ipv4.tcp_keepalive_intvl = 60 +net.ipv4.tcp_keepalive_probes = 10 +net.ipv4.tcp_no_metrics_save = 1 +net.ipv4.ip_forward = 1 +net.ipv4.conf.all.accept_redirects = 0 +net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.all.accept_source_route = 0 +net.ipv4.conf.all.rp_filter = 1 \ No newline at end of file diff --git a/Linux Servers/apache_site_template.conf.txt b/Linux Servers/apache_site_template.conf.txt new file mode 100644 index 0000000..0dcc77f --- /dev/null +++ b/Linux Servers/apache_site_template.conf.txt @@ -0,0 +1,16 @@ + +DocumentRoot /var/www/$DOMAIN +ServerName $DOMAIN +SSLEngine on +SSLCertificateFile /etc/letsencrypt/live/$DOMAIN/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN/privkey.pem +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128" +SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + + + +ServerName $DOMAIN +Redirect permanent / https://$DOMAIN/ + diff --git a/Linux Servers/crontab.txt b/Linux Servers/crontab.txt new file mode 100644 index 0000000..9ed947e --- /dev/null +++ b/Linux Servers/crontab.txt @@ -0,0 +1,3 @@ +0 8 * * * chkrootkit -q +0 11 * * 0 lynis -q +0 0 * * * apt update; apt upgrade -y \ No newline at end of file diff --git a/Linux Servers/init.txt b/Linux Servers/init.txt new file mode 100644 index 0000000..bbfed32 --- /dev/null +++ b/Linux Servers/init.txt @@ -0,0 +1,148 @@ +Ubuntu 24.04.3LTS +PHP-default +Apache2 +MySQL+phpmyadmin + +# Step 1 +sudo -i +apt update +apt -y upgrade +reboot + +# Step 2 +nano /etc/ssh/sshd_config +Change `#PasswordAuthentication yes` to `PasswordAuthentication no` +Add line + `AllowUsers ` + +# Step 3 +ON WINDOWS: +Via PowerShell + enable OpenSSH in PowerShell: https://docs.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse + ssh-keygen -t ed25519 -C "" + use a STRONG PASSPHRASE + Hit [Enter] to save keys at DEFAULT location + to get your rsa PUBLIC key, do: + Press [Windows Logo Key/Start]+R + Put in `notepad %USERPROFILE%/.ssh/id_ed25519.pub` + hit Enter + copy all the text in that file + # Technical details: it saves private key at %USERPROFILE%/.ssh/id_ed25519 + # private key example: C:\Users\potatouser\.ssh\id_ed25519 + # public key example: C:\Users\potatouser\.ssh\id_ed25519.pub + + +ON UBUNTU + mkdir ~/.ssh + chmod 700 ~/.ssh + nano ~/.ssh/authorized_keys + + chmod 600 ~/.ssh/authorized_keys + sudo systemctl reload sshd + +TO CONNECT +SSH with Windows PowerShell + Powershell is installed by default on Windows 10/11 + ssh @ + +Manage Files with WinSCP: + install winscp https://winscp.net/eng/download.php + install puttygen https://www.puttygen.com/download.php?val=4 + run puttygen + Click Load + Select private key at %USERPROFILE%/.ssh/id_ed25519 + copy and paste the string of text beginning in ssh-ed25519 and paste + save public and private key to %USERPROFILE%/.ssh/ under a %USERPROFILE%/.ssh/id_ed25519.ppk (private) + and %USERPROFILE%/.ssh/id_ed25519.ppk.pub (public) + run winscp + click new site + protocol: SFTP + host name: + username: + port number: 22 + click Advanced + on left panel under SSH click Authentication + Browse for private key at %USERPROFILE%/.ssh/id_ed25519.ppk + ok + save + +# Step 4 +sudo apt install -y git +# download and install scripts and tools +cd ~ +git clone https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup.git +sudo -i +apt install -y apache2 snapd mysql-server byobu nmap screen iotop zip unzip lynx htop php php-cli php-fpm php-json php-common php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath unattended-upgrades net-tools python3 python3-pip unison +snap install btop +# secure mysql +mysql_secure_installation + # follow directions, defaults are fine just remember what you set as the root password +# install and config phpmyadmin +apt install -y phpmyadmin +ln -s /usr/share/phpmyadmin /var/www/html/pma + # phpmyadmin will be accessable from the public internet at http:///pma + # ensure your passwords are up to snuff + // TODO: prolly should do some other security shit to protect phpmyadmin +systemctl restart apache2 +systemctl restart mysql +# add user to web server group +usermod -a -G www-data +# unattended upgrades +dpkg-reconfigure unattended-upgrades +nano /etc/apt/apt.conf.d/50unattended-upgrades + change `//Unattended-Upgrade::Automatic-Reboot "false";` to `Unattended-Upgrade::Automatic-Reboot "true";` + change `//Unattended-Upgrade::Remove-Unused-Dependencies "false";` to `Unattended-Upgrade::Remove-Unused-Dependencies "true";` + change `//Unattended-Upgrade::Mail "root@localhost";` to Unattended-Upgrade::Mail "";` +systemctl start unattended-upgrades && systemctl enable unattended-upgrades +unattended-upgrade -d -v //test unattended upgrades +# uncomplicated firewall setup +ufw allow http +ufw allow https +ufw allow ssh +ufw enable +reboot + + +// TODO: backups setup needs more work, not working at current +// make unison script pls +// SKIP backups section for now +# backups +sudo -i +mkdir -p /backups/log +mkdir /backups/backups +ln -s /var/backups /backups/system +cp -r /home//general-scripts-and-system-ssssssetup/customscripts /usr/share +chmod +x /usr/share/customscripts/*sh +nano /usr/share/customscripts/backup.sh //edit to add dirs to back up +sh /usr/share/customscripts/crowdsec.sh +screen -R backups + sh /usr/share/customscripts/backup.sh + Ctrl+A+D +sh /usr/share/customscripts/fix_permissions.sh + +# Step 5 +# install some cool securiy tools +apt install -y chkrootkit lynis certbot fail2ban +crontab -e //instal crons from /home//general-scripts-and-system-ssssssetup/crontab.txt +apt install -y tripwire + Follow directions and utilize secure passphrase DO NOT LOSE PASSPHRASE +# as primary user (NOT root or sudo, run `exit` if in doubt) +pip3 install thefuck +echo "# user addons" >> ~/.bashrc +echo "PATH=~/.local/bin/:$PATH" >> ~/.bashrc +echo 'eval "$(thefuck --alias)"' >> ~/.bashrc +echo 'HISTTIMEFORMAT="%Y-%m-%d %T "' >> ~/.bashrc +source ~/.bashrc + +Step 6: # optional +IF you want to use sudo without password check: +sudo visudo + for ONE user: + select editor of your choice + add ` ALL=(ALL) NOPASSWD: ALL` + + OR for all users in the sudo group + comment out the line beginning with %sudo soi it looks like #%sudo + add `%sudo ALL=(ALL) NOPASSWD: ALL` on any new line + save and exit +sudo reboot \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..c301710 --- /dev/null +++ b/README.md @@ -0,0 +1,67 @@ +* General Guides and Scripts for: +* Ubuntu Server LAMP (20.04 LTS) +* Dark Web Hosting (LAMP on 20.04 LTS) +* General Windows 10 and mobile security guide + +Install customscripts on linux with +`curl -s https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup/-/raw/master/customscripts/install_script.sh?nocache=$RANDOM | sudo "$SHELL"` + +## Usage +### Linux +#### git helpers +* `gitinitshit` +* `gitshit` +* `gitsync` +* `syncstatus` +* `waypoint` +* +#### security helpers +* `backup.sh` +* `binwalk-tool` +* `configuree_webhook.sh` +* `connect-wifi` +* `crowdsec.sh` +* `find_bytes` +* `fix-wifi` +* `add_user_ssh` +* `wifi-monitor-airX` +* `recursive-analysis` +* `large_file_search_for_hash` + +#### monitoring +* `mon-watch` +* `monitor_pid` +* `webhook` + +#### setup and general scripts +* `ifnet` +* `install_script.sh` +* `pyenv_setup` +* `xrdp-start` +* `add_apache2_site` + +### Windowwz +#### git helpers +* `gitshit.ps1` +* `gitsync.ps1` +* `syncstatus.ps1` +* `waypoint.ps1` +#### linux-like hashing helpers +* `winhash.ps1` +* `md5sum.ps1` +* `sha256sum.ps1` +* `sha384sum.ps1` +* `sha512sum.ps1` +#### remote host tools +* `ssh-wait-loop.ps1` +* `wait-on-host.ps1` +* `testtime.ps1` +#### Windows system +* `redundant-backup.ps1` +* `windows-repair.bat` + +todo: +1. windwows gitinitshit +2. convert windows-repair.bat to powershell and add more features and checks + 1. automatic elevation request + 2. update and improve security scan via windows defender \ No newline at end of file diff --git a/Windows-Scripts/a_very_normal_test_file.txt b/Windows-Scripts/a_very_normal_test_file.txt new file mode 100644 index 0000000..6f2d3a4 --- /dev/null +++ b/Windows-Scripts/a_very_normal_test_file.txt @@ -0,0 +1 @@ +donkeydicks:pope: diff --git a/Windows-Scripts/gitshit.ps1 b/Windows-Scripts/gitshit.ps1 new file mode 100644 index 0000000..62a863e --- /dev/null +++ b/Windows-Scripts/gitshit.ps1 @@ -0,0 +1,17 @@ +if ($args) { + $message=$args -join ' ' +} else { + if(test-path './version.txt') { + $message = $(get-content './version.txt') + } else { + $message = $(Get-Date -uformat "%s") + } +} + +echo "git commit message: '$message'" + +git add . +git commit -m "$message" +git push + +echo "Done :3" \ No newline at end of file diff --git a/Windows-Scripts/gitsync.ps1 b/Windows-Scripts/gitsync.ps1 new file mode 100644 index 0000000..8c7adb8 --- /dev/null +++ b/Windows-Scripts/gitsync.ps1 @@ -0,0 +1,20 @@ +# todo, param and defaults these up +$remote_dir = "/var/www/html/Media-Viewer" +$remote_host = "pi3" +$remote_cmd = "echo REMOTE pull $remote_dir; git -C $remote_dir pull; echo REMOTE add $remote_diradding; git -C $remote_dir add .; echo REMOTE commit $remote_dir; git -C $remote_dir commit -m `$(date +%s); echo REMOTE push $remote_dir; git -C $remote_dir push; echo -e `"\nREMOTE status $remote_dir\n`"; git -C $remote_dir status;" + +echo "`nLOCAL pulling`n" +git pull + +echo "`nLOCAL adding, comitting and pushing`n" +gitshit # usin gitshit here lmfao maybe make message a param + +echo "`nLOCAL status`n" +git status + +# run da REMOTE +echo "`nREMOTE running sync" +ssh $remote_host "/bin/bash -c $remote_cmd" + +echo "`nLOCAL status`n" +git status \ No newline at end of file diff --git a/Windows-Scripts/md5sum.ps1 b/Windows-Scripts/md5sum.ps1 new file mode 100644 index 0000000..ada169a --- /dev/null +++ b/Windows-Scripts/md5sum.ps1 @@ -0,0 +1,6 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$infile +) + +Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile MD5" \ No newline at end of file diff --git a/Windows-Scripts/monitor-copy.txt b/Windows-Scripts/monitor-copy.txt new file mode 100644 index 0000000..77800e3 --- /dev/null +++ b/Windows-Scripts/monitor-copy.txt @@ -0,0 +1,25 @@ +$counter = 1; +$paths_file = ".\paths.txt" +$destination_dir = "" +$sleep_seconds = 90 + +# infinite loop to run through to and loop every $sleep_seconds seconeds +while($true) { + Write-Host "`n`nNew Rotation!`n`tRotation $counter `n`tCopying...`n`n" + # loop through paths in $paths_file + foreach($line in Get-Content "$paths_file") { + Clear-Host + Write-Host "Handling $line on rotation $counter" + # copy the path + $path = $line + # split $line by \ and return last element + $dirname = $line -split "\\" | Select-Object -Last 1 + # do the copy + robocopy /e /z $path $destination_dir\$dirname + } + Clear-Host + Write-Host "`n`nFinished Rotation $counter`n`tSleeping 90 Seconds...`n`n" + # sleep wont start until robopy loop is finished + Start-Sleep -Seconds $sleep_seconds # sleep $sleep_seconds seconds + $counter++; +} \ No newline at end of file diff --git a/Windows-Scripts/redundant-backup.ps1 b/Windows-Scripts/redundant-backup.ps1 new file mode 100644 index 0000000..1b31472 --- /dev/null +++ b/Windows-Scripts/redundant-backup.ps1 @@ -0,0 +1,74 @@ +# `pwsh.exe -c "`"C:\path\to\redundant-backup.ps1`" -logFile `"`" -simpleLogFile `"`""` +# `Start-Process -filepath "C:\path\to\redundant-backup.ps1" -logFile "" -simpleLogFile ""` +# `redundant-backup -logFile "" -simpleLogFile ""` +param([string] $logFile, + [string] $simpleLogFile +) + +$startUnixSeconds = get-date -uformat "%s" # unix epoch seconds for duration +$startDateHuman = get-date # human readable begin date +$startDateFilename = get-date -format 'yyyy-MM-dd-hhmm' # filename friendly date format + + +$warningFile = "C:\Users\human\OneDrive\Desktop\backup_error_$startDateFilename.log" # file to create to notify of a failure + +$jobName = "Weekly-Backup-$startDateFilename" # name for job in case wanna restart an interrupted one +$resticRunning = "E:\restic_backups_rolling" # from dir (restic) + +$redundantLocal = "D:\restic_backups_redundancy_rolling" # to dir (local drive) +$redundantLocalNetwork = "R:\restics_backups_redundancy_rolling" # to dir (network mapped drive location) +$redundantAirGap = "S:\restic_backups_redundancy_rolling" # set backup usb to use S + +$logGuideString = "Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status" + +function appendToLog { + param([string]$verb="INFO", [string]$exitCode="NONE", [string]$log="$logFile", [string]$fromDir="NONE", [string]$toDir="NONE") + + $timeCalc = $(Get-Date -uformat "%s")-$startUnixSeconds + + # Verb | Current Date and Time (Current Time Unix Seconds) | Start Date and Time (Start Time Unix Seconds) | Time Elapsed in Seconds | From Directory | To Directory | Job Name | Exit Status + $logString = "$verb | $(Get-Date) ($(Get-Date -uformat "%s")) | $startDateHuman ($startUnixSeconds) | $timeCalc | $fromDir | $toDir | $jobName | $exitCode" + + echo "$logString" + echo "$logString" >> "$log" +} + +function appendToErrorLog { + param ( $exceptionMessage, $part ) + $errorString = "`nFAIL on $part`nException: $exceptionMessage`nVars:`n`tstartDateHuman: $startDateHuman`n`tstart: $startUnixSecondsUnixSecons`n`tappendToErrorLog: $appendToErrorLog`n`tlogFile: $logFile`n`twarningFile: $warningFile`n`tresticRunning: $resticRunning`n`tredundantLocal: $redundantLocal`n`tredundantLocalNetwork: $redundantLocalNetwork`n`tjobName: $jobName" + + echo "$errorString" + try { echo "$errorString" > "$warningFile" } catch { echo "Error: $warningFile Not Found" } +} + +function doBackup { + param ( [string]$fromDir="NONE", [string]$toDir="NONE", [string]$tagString="INFO" ) + + echo "`n$tagString" + echo "`tFollow log with:`n`t`tGet-Content `"$logFile`" -Wait -Tail 10`n" + + appendToLog -verb "START-$tagString" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir" + robocopy "$fromDir" "$toDir" /E /Z /FP /NP /R:2 /W:1 /SAVE:"$jobString" /LOG+:"$logFile" + appendToLog -verb "FINISH-$tagString" -exitCode "$?" -log "$logFile" -toDir "$toDir" -fromDir "$fromDir" +} + +echo "Initializing Logs" + +touch "$runningFile" + +echo "$logGuideString" > "$logFile" +appendToLog -verb "INITIALIZE-LOG-FILES" -exitCode "$?" -log "$logFile" + +echo "`n$logGuideString`n" + +# run da backupssss +doBackup -fromDir "$resticRunning" -toDir "$redundantLocal" -tagString "COPY-LOCAL" -jobString "$jobName" # local +appendToLog -verb "COPY-LOCAL" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocal" + +doBackup -fromDir "$resticRunning" -toDir "$redundantLocalNetwork" -tagString "COPY-LOCAL-NETWORK" -jobString "$jobName" # network +appendToLog -verb "COPY-LOCAL-NETWORK" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantLocalNetwork" + +doBackup -fromDir "$resticRunning" -toDir "$redundantAirGap" -tagString "COPY-AIRGAP" -jobString "$jobName" # airgap +appendToLog -verb "COPY-AIRGAP" -exitCode "$?" -log "$logFile" -fromDir "$resticRunning" -toDir "$redundantAirGap" + +appendToLog -verb "DONE" -log "$logFile" \ No newline at end of file diff --git a/Windows-Scripts/sha1sum.ps1 b/Windows-Scripts/sha1sum.ps1 new file mode 100644 index 0000000..b7079ef --- /dev/null +++ b/Windows-Scripts/sha1sum.ps1 @@ -0,0 +1,6 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$infile +) + +Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA1" \ No newline at end of file diff --git a/Windows-Scripts/sha256sum.ps1 b/Windows-Scripts/sha256sum.ps1 new file mode 100644 index 0000000..71c8012 --- /dev/null +++ b/Windows-Scripts/sha256sum.ps1 @@ -0,0 +1,6 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$infile +) + +Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA256" \ No newline at end of file diff --git a/Windows-Scripts/sha384sum.ps1 b/Windows-Scripts/sha384sum.ps1 new file mode 100644 index 0000000..4306bac --- /dev/null +++ b/Windows-Scripts/sha384sum.ps1 @@ -0,0 +1,6 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$infile +) + +Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA384" \ No newline at end of file diff --git a/Windows-Scripts/sha512sum.ps1 b/Windows-Scripts/sha512sum.ps1 new file mode 100644 index 0000000..59b7759 --- /dev/null +++ b/Windows-Scripts/sha512sum.ps1 @@ -0,0 +1,6 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$infile +) + +Invoke-Expression "$PSScriptRoot\winhash.ps1 $infile SHA512" diff --git a/Windows-Scripts/ssh-wait-loop.ps1 b/Windows-Scripts/ssh-wait-loop.ps1 new file mode 100644 index 0000000..7a109b2 --- /dev/null +++ b/Windows-Scripts/ssh-wait-loop.ps1 @@ -0,0 +1,11 @@ +param( + [string] + $session = 'pi3' +) + +while($True) { + ssh $session + echo "Waiting 5 Seconds..." + sleep 5 + wait-on-host -hostname $session +} \ No newline at end of file diff --git a/Windows-Scripts/syncstatus.ps1 b/Windows-Scripts/syncstatus.ps1 new file mode 100644 index 0000000..5e94aca --- /dev/null +++ b/Windows-Scripts/syncstatus.ps1 @@ -0,0 +1,10 @@ +$remote_host = "pi3" +$remote_dir = "/var/www/html/Media-Viewer" + +echo "LOCAL: pulling" +git pull + +echo "LOCAL: status" +git status + +ssh $remote_host "echo 'REMOTE: pulling'; git -C $remote_dir pull; echo 'REMOTE: status'; git -C $remote_dir status" \ No newline at end of file diff --git a/Windows-Scripts/testtime.ps1 b/Windows-Scripts/testtime.ps1 new file mode 100644 index 0000000..a66cd6d --- /dev/null +++ b/Windows-Scripts/testtime.ps1 @@ -0,0 +1,7 @@ +# usage: +# testtime "some powershell command string" +param([string] $cmd) +$start=$(get-date -uformat "%s") +invoke-expression "$cmd" +$end=$(get-date -uformat "%s") +echo "`n`ntime: $($end - $start)`n`n" \ No newline at end of file diff --git a/Windows-Scripts/wait-on-host.ps1 b/Windows-Scripts/wait-on-host.ps1 new file mode 100644 index 0000000..997f1e1 --- /dev/null +++ b/Windows-Scripts/wait-on-host.ps1 @@ -0,0 +1,85 @@ +# usage: +# `.\wait-on-host.ps1 -hostname -sleep -pingcount -max -hold ` +# +# defaults: +# hostname: cable-wind.local +# sleep: 25 +# pingcount: 1 +# max: 500 +# hold: 30 +# ex. `.\wait-on-host.ps1 -hostname google.com -sleep 10 -pingcount 5` + + + +param( + [string] + $hostname = "cable-wind.local", + + [int] + $sleep = 25, + + [int] + $pingcount = 1, + + [int] + $max = 500, + + [bool] + $loop = 0, # 1 to loop + + [int] + $hold = 30 +) + +if($hostname -eq 'help') { + echo "usage:`n`twait-on-host [help] -hostname -sleep -pingcount -max -hold `n`twait-on-host help`n`t`tthis help message`n`twait-on-host 8.8.8.8`n`t`twait on 8.8.8.8 with defaults`n`tdefaults:`n`t`thostname: cable-wind.local`n`t`tsleep: 25`n`t`tpingcount: 1`n`t`tmax: 500`n`t`thold: 30`n`tex. wait-on-host -hostname google.com -sleep 10 -pingcount 5`n"; + + exit; +} + +$iterations = 0; + +while(1 -eq 1) { # infinite loop + echo "`nHost: $hostname" # Iterations: $iterations Count: $pingcount Sleep: $sleep Max: $max`n`tFlushing dns..." + echo "`tFlushing DNS" + ipconfig /flushdns >NUL 2>&1 # redirects output nowhere + if($?) { + echo "`t`tDone." + } else { + echo "`t`tFAILED TO FLUSH DNS! EXITING!" + exit + } + + echo "`tPinging..." + # $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant + $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" 2>&1 + + if($pingObj.Status -eq "Success") { # if return status of abopve (ping -n 1...) is True + # $pingObj = Test-Connection -Count $pingcount -TargetName "$hostname" # powershell Test-Connection -Ping is default and redundant + $ip = $pingObj.Address.IPAddressToString # get the bare ip out + + echo "`t`tSuccess!`n`t`tIP: $ip`n`t`tHost: $hostname`n`t`tURL (host): http://$hostname`n`t`tURL (IP): http://$ip" + if($loop) { + echo "Sleeping $sleep Seconds..." + sleep $sleep # sleepy time + } else { + echo "`nWaiting $hold Seconds to Make Sure..." + sleep $hold + echo "`nReady!`n" + break + } + } else { + echo "`t`tNOT FOUND YET" + echo "`nSleeping $sleep Seconds..." + sleep $sleep # sleepy time + } + + + if($iterations -gt $max) { + echo "`nMAX ITERATIONS OF $max REACHED! EXITINTG`n" + exit + } + + $iterations++ + +} \ No newline at end of file diff --git a/Windows-Scripts/waypoint.ps1 b/Windows-Scripts/waypoint.ps1 new file mode 100644 index 0000000..6c522cd --- /dev/null +++ b/Windows-Scripts/waypoint.ps1 @@ -0,0 +1,2 @@ +git add . +git commit -m "waypoint" \ No newline at end of file diff --git a/Windows-Scripts/windows-repair.bat b/Windows-Scripts/windows-repair.bat new file mode 100644 index 0000000..9c8d8ee --- /dev/null +++ b/Windows-Scripts/windows-repair.bat @@ -0,0 +1,5 @@ +@ECHO OFF +mrt +sfc /scannow +DISM /Online /Cleanup-Image /RestoreHealth +chkdsk /r C: \ No newline at end of file diff --git a/Windows-Scripts/winhash.ps1 b/Windows-Scripts/winhash.ps1 new file mode 100644 index 0000000..6ed1a2a --- /dev/null +++ b/Windows-Scripts/winhash.ps1 @@ -0,0 +1,38 @@ +# Usage: +## .\winhash.ps1 +## Algos Supported: +### MD5 +### SHA1 +### SHA256 +### SHA384 +### SHA512 +## Example: +### .\winhash.ps1 sillyfilly.bin SHA256 +## Outputs to terminal and to a text file +### Text file name format ...txt + +param ( + [Parameter(Mandatory=$true)] # prompt for input if not specified via cli + [string]$infile, + + [Parameter(Mandatory=$true)] # this 1 2 :pope: + [string]$algo +) + +function Get-UnixMicroseconds { + $unixEpoch = [DateTimeOffset]'1970-01-01T00:00:00Z' # unix epoch constant + $currentTime = [DateTimeOffset]::UtcNow # current utc time + $timeDifferenceTicks = $currentTime.Ticks - $unixEpoch.Ticks # subtract current time from unix epoch constant in ticks + $microseconds = [Int64]($timeDifferenceTicks / 10) # use 64bit int, divide ticks by 10 to give microseconds + + # I am literally using Unix microseconds because they are more fun than Unix seconds :pinkie: + return $microseconds +} + +# jesus fuckin analbeads the selection of hash algos in powershell is weird and limited +# probably because Bill Gates and Satya Nadella get together with the other C-suite executives +# and hypergoon to leagelese in clickwrap agreements that absolves them of liability and +# lets them sell our private data and other assorted dickpics or sumtin idk man lmao +$hash = $(Get-FileHash -Path $infile -Algorithm $algo | Format-List) # do da fookin hashin right dafucc here +echo $hash # show user +echo $hash > "$infile.$(Get-UnixMicroseconds).$algo.txt" # make the txt file \ No newline at end of file diff --git a/append_to_zshrc.txt b/append_to_zshrc.txt new file mode 100644 index 0000000..63e7b29 --- /dev/null +++ b/append_to_zshrc.txt @@ -0,0 +1,18 @@ +# CUSTOM STUFFS +# custom scripts https://gitlab.com/princesspi/general-scripts-and-system-ssssssetup +PATH="$PATH:/usr/share/customscripts" + +# pico SDK https://github.com/raspberrypi/pico-sdk +export PICO_SDK_PATH='/home/kali/pico-sdk' + +# esp-install-custom https://github.com/PrincessPi3/esp-install-custom +alias get_idf='. /home/princesspi/esp/esp-idf/export.sh' +alias run_esp_reinstall='git -C /home/princesspi/esp/esp-install-custom pull;echo -e "\nOld Version:";tail -1 /home/princesspi/esp/version-data.log;echo -e "\n";bash /home/princesspi/esp/esp-install-custom/reinstall-esp-idf.sh' +alias esp_monitor='tail -n 75 -f /home/princesspi/esp/install.log' +alias esp_logs='less /home/princesspi/esp/version-data.log;less /home/princesspi/esp/install.log' +export ESPIDF_INSTALLDIR="/home/princesspi/esp" + +# pyenv https://github.com/pyenv/pyenv +export PYENV_ROOT="$HOME/.pyenv" +[[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH" +eval "$(pyenv init - zsh)" \ No newline at end of file diff --git a/customscripts/.gitkeep b/customscripts/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/customscripts/add_apache2_site b/customscripts/add_apache2_site new file mode 100644 index 0000000..486b630 --- /dev/null +++ b/customscripts/add_apache2_site @@ -0,0 +1,42 @@ +#!/bin/bash +[ "root" != "$USER" ] && exec sudo $0 "$@" +#usage sudo sh add_site_apache2.sh 192.168.1.1 example.com +#note: the web server will go down for the duration this script is running +#set needed A records to domain DNS before beginning +#bind IP desired before beginning + +IP=$1 +DOMAIN=$2 + +#stop apache +systemctl stop apache2 + +#cert get interface +certbot certonly + +mkdir /var/www/$DOMAIN +echo "

its live

" > /var/www/$DOMAIN/index.html + +#make and place config file +cat << EOF | echo > /etc/apache2/sites-available/{$DOMAIN}.config + +DocumentRoot /var/www/{$DOMAIN} +ServerName $DOMAIN +SSLEngine on +SSLCertificateFile /etc/letsencrypt/live/{$DOMAIN}/fullchain.pem +SSLCertificateKeyFile /etc/letsencrypt/live/{$DOMAIN}/privkey.pem +SSLProtocol all -SSLv2 -SSLv3 +SSLHonorCipherOrder on +SSLCipherSuite "HIGH:!aNULL:!MD5:!3DES:!CAMELLIA:!AES128" +SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 + + + +ServerName $DOMAIN +Redirect permanent / https://{$DOMAIN}/ + +EOF + +a2ensite $DOMAIN +sh fix_permissions.sh +systemctl start apache2 \ No newline at end of file diff --git a/customscripts/add_user_ssh b/customscripts/add_user_ssh new file mode 100644 index 0000000..2f0d879 --- /dev/null +++ b/customscripts/add_user_ssh @@ -0,0 +1,11 @@ +#!/bin/bash +# usage: +# add_user_ssh.sh "$USER" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2D+9oYQlTnu1zeVi2gHfTKE7+DDWiu1EibXNwB9g72 princesspi@proton.me" + +[ "root" != "$USER" ] && exec sudo $0 "$@" +KEY="$2" +mkdir /home/$1/.ssh +echo $KEY >> /home/$1/.ssh/authorized_keys +chmod 700 /home/$1/.ssh +chmod 600 /home/$1/.ssh/authorized_keys +chown -R $1:$1 /home/$1/.ssh diff --git a/customscripts/backup.sh b/customscripts/backup.sh new file mode 100644 index 0000000..b348faf --- /dev/null +++ b/customscripts/backup.sh @@ -0,0 +1,8 @@ +#!/bin/bash +[ "root" != "$USER" ] && exec sudo $0 "$@" +LOCK=/var/lock/backups.lock +if [ ! -f $LOCK ]; then +echo "lock" > $LOCK +rsync -rzvvb --backup-dir=_old_ --suffix=$(date+_%F-%T) --update --times -e ssh /home/ @:~/backups/home +rm -f $LOCK +fi \ No newline at end of file diff --git a/customscripts/binwalk-tool b/customscripts/binwalk-tool new file mode 100644 index 0000000..78e5f0c --- /dev/null +++ b/customscripts/binwalk-tool @@ -0,0 +1,57 @@ +#!/bin/bash +# usage +# binwalk.sh filename [default/opcodes/basicextract/compressionextract/opcodeextract +set -e +filename="$2" +unix_seconds=$(date +%s) +dir="binwalk-exracted-$filename-$unix_seconds" +log="binwalk-log-$filename-$unix_seconds.txt" + +basic="Bf" +basicextract="Bef" +compressionextract="BeMXZCf" +opcodecompressextract="ABeMXZCf" +opcodeextract="ABeCf" +opcode="ABf" + +basic_cmd="--signature" +basicextract_cmd="--signature --extract --directory=$dir" +compressionextract_cmd="--signature --extract --matryoshka --deflate --lzma --directory=$dir" +opcodecompressextract_cmd="--opcodes --signature --extract --matryoshka --deflate -lzma --directory=$dir" +opcodeextract_cmd="--opcodes --signature --extract --directory=$dir" +opcode_cmd="--opcodes --signature" + +usage_string="Usage:\n\tbinwalk.sh