{"id":25632919,"url":"https://github.com/migueltc13/koth-tools","last_synced_at":"2025-04-14T18:09:44.387Z","repository":{"id":212538955,"uuid":"696464085","full_name":"migueltc13/KoTH-Tools","owner":"migueltc13","description":"Personal \"King of The Hill\" toolkit.","archived":false,"fork":false,"pushed_at":"2024-11-05T19:06:06.000Z","size":5656,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-14T18:09:36.911Z","etag":null,"topics":["hacking-tools","kingofthehill","toolkit","tryhackme"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/migueltc13.png","metadata":{"files":{"readme":"README.md","changelog":"changeattr","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-25T19:47:26.000Z","updated_at":"2025-01-09T06:41:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"ca0e00a0-b397-42df-90eb-d7d95eaeaf2f","html_url":"https://github.com/migueltc13/KoTH-Tools","commit_stats":null,"previous_names":["migueltc13/koth-tools"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migueltc13%2FKoTH-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migueltc13%2FKoTH-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migueltc13%2FKoTH-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/migueltc13%2FKoTH-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/migueltc13","download_url":"https://codeload.github.com/migueltc13/KoTH-Tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248933340,"owners_count":21185460,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking-tools","kingofthehill","toolkit","tryhackme"],"created_at":"2025-02-22T21:19:16.405Z","updated_at":"2025-04-14T18:09:44.360Z","avatar_url":"https://github.com/migueltc13.png","language":"Shell","readme":"# KoTH-Tools\n\nWelcome to KoTH-Tools, a collection of custom tools used in TryHackMe's\n[King of the Hill](https://tryhackme.com/games/koth) competition.\n\nThese tools are designed for use on Linux machines.\n\n## Table of Contents\n\n- [CVEs Directory](#cves-directory)\n- [Static Directory](#static-directory)\n- [Monitor Directory](#monitor-directory)\n- [Animations Directory](#animations-directory)\n- [Scripts](#scripts)\n- [Reverse Shells](#reverse-shells)\n\n### CVEs Directory\n\nThis directory contains exploits for CVEs found in the machines.\n\n- [CVE-2019-18634-sudo-buffer-overflow ](CVEs/CVE-2019-18634-sudo-buffer-overflow/)\n- [CVE-2021-3156-dirtypipe             ](CVEs/CVE-2021-3156-dirtypipe/)\n- [CVE-2021-3493-overlayfs             ](CVEs/CVE-2021-3493-overlayfs/)\n- [CVE-2021-4034-pwnkit                ](CVEs/CVE-2021-4034-pwnkit/)\n\n### Static Directory\n\nThis directory contains static binaries that can be used in the machines.\nThese binaries are compiled statically to avoid problems with missing\ndependencies. Some of them are used in other tools.\n\n- [changeattr  ](static/changeattr)  - Change the attributes of a file.\n- [echo        ](static/echo)        - Print a string. **\\***\n- [inotifywait ](static/inotifywait) - Wait for changes to files using inotify.\n- [lsattr      ](static/lsattr)      - List file attributes. **\\***\n- [pspy64      ](static/pspy64)      - Monitor processes without root permissions.\n- [real_chattr ](static/real_chattr) - Change the attributes of a file.\n\n\u003e **\\*** Compiled with [Makefile](static/Makefile). Source code is available in the [static](static/) directory.\n\n### Monitor Directory\n\nIncludes a script to monitor file changes in the `/root/king.txt` file.\n\nWhen changes are detected, the script will attempt to overwrite the file with the player's username.\n\n\u003e Currently in development.\n\n### Animations Directory\n\n- [hello.sh    ](animations/hello.sh)    - Display a \"Hello\" message.\n- [nyan        ](animations/nyan)        - Display nyan cat animation.\n- [rickroll.sh ](animations/rickroll.sh) - Display rickroll lyrics animation.\n- [spin.sh     ](animations/spin.sh)     - Display animation of a spinning saturn.\n\nThis directory contains animations that can be displayed in other player's terminals. Like so:\n\n```bash\n# Get your tty number\ntty\n# Enumerate the tty numbers of other players\nls -l /dev/pts/\n# Display the animation in the other player's terminal\n./animations/nyan \u003e /dev/pts/\u003ctty_number\u003e\n```\n\nGetting your terminal flooded with animations is a significant setback toward winning the game.\n\nHere's a simple way you can prevent that from happening when using ssh:\n\n```bash\nssh -T \u003cusername\u003e@\u003cip\u003e\ntty\n# No tty number will be displayed\n```\n\n\u003e From ssh manual:\n\u003e\n\u003e ```\n\u003e -T      Disable pseudo-terminal allocation.\n\u003e ```\n\n\u003c!-- TODO: Add more no tty examples --\u003e\n\n### Scripts\n\n- [autodownloader.sh  ](autodownloader.sh)  - Automatically download scripts from attacker machine.\n- [chattr             ](chattr)             - Malicious version of chattr. **\\***\n- [check.sh           ](check.sh)           - Check `king.txt` file and overwrite it if necessary.\n- [flag-finder.sh     ](flag-finder.sh)     - Automatically find flags in the machine.\n- [kingster.sh        ](kingster.sh)        - Write and protect `king.txt` file.\n- [systemd.sh         ](systemd.sh)         - Create a backdoor service for persistence.\n- [stable-shell.sh    ](stable-shell.sh)    - Stable reverse shell.\n- [LinEnum.sh         ](LinEnum.sh)         - Linux enumeration script. ([source](https://github.com/rebootuser/LinEnum))\n- [linpeas.sh         ](linpeas.sh)         - Linux Privilege Escalation Awesome Script. ([source](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS))\n- [PwnKit             ](PwnKit)             - Privilege escalation toolkit CVE-2021-4034. ([source](https://github.com/ly4k/PwnKit))\n- [mount-trick.txt    ](mount-trick.txt)    - Mount trick to bypass chattr protection.\n- [tricks.html        ](tricks.html)        - King of the Hill tricks. (generated from [tricks.md](tricks.md))\n- [trollrc            ](trollrc)            - Troll .bashrc file.\n- [port-scanner-nc.sh ](port-scanner-nc.sh) - Port enumeration using netcat. Run with multiple threads for better performance.\n- [url-path-finder.sh ](url-path-finder.sh) - Find paths in a website by scanning source code.\n\n\u003e **\\*** According to KoTH rules **\"chattr\"** is the only binary that can be replaced in the machine.\n\n### Reverse Shells\n\nUsed to get a reverse shell in the machine.\n\n- [reverse-shell-bash.sh   ](reverse-shell-bash.sh)\n- [reverse-shell-nc.sh     ](reverse-shell-nc.sh)\n- [reverse-shell-php.php   ](reverse-shell-php.php)\n- [reverse-shell-python.py ](reverse-shell-python.py)\n\n### VPN\n\n- [thm](vpn/thm) - Connect to TryHackMe VPN.\n\nYou will need to install openvpn to use this script.\n\nNext you will need to edit the `thm` to replace your username, vpn file path and other variables.\n\n```sh\n# Define variable for THM username\nusername=\"z0d1ac\"\n\n# Define directory were $username.ovpn is located\nvpn_dir=\"$HOME/.vpn\"\n\n# Session logfile\nsession_log=$vpn_dir/session.log\n\n# Optional: Location of profile to update (.zshrc, .bashrc, .bash_profile, etc)\nprofile_file=\"$HOME/.bash/custom.sh\"\n```\n\nUsage:\n\n```sh\n# Connect to THM VPN\nthm\n\n# In alternative add the machine ip wich will be saved in your .profile as VMIP environment variable\nthm \u003cmachine_ip\u003e\n\n# Disconnect from THM VPN\nthm kill\n\n# Show OpenVPN connection log\nthm log\n```\n\n#### Special Thanks\n\nSpecial thanks to the following contributors for their valuable contributions:\n\n- [@MatheuZSecurity](https://github.com/MatheuZSecurity)\n  - for his `tricks.md` file.\n  - for inspiring me with his `systemd.sh` script.\n- [@f11snipe](https://github.com/f11snipe)\n  - for his `trollrc` file.\n  - for his `thm` script for vpn connection and utilities.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmigueltc13%2Fkoth-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmigueltc13%2Fkoth-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmigueltc13%2Fkoth-tools/lists"}