Consumer key: IQKbtAYlXLripLGPWd0HUA
Consumer secret: GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU
Consumer key: 3nVuSoBZnx6U4vzUxf5w
Consumer secret: Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys
Consumer key: CjulERsDeqhhjSme66ECg
Jeff Jarmoc jjarmoc
jjarmoc
/ gist:6cd68710c479d990ee56d641d33c848c
Created
February 3, 2024 02:19
KMFDM song by ChatGPT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I asked ChatGPT to write lyrics to a KMFDM song. | |
| (Verse 1) | |
| In the neon city, where shadows collide, | |
| A pulse of distortion, in the chaos we hide. | |
| Machinery heartbeat, relentless and cold, | |
| Kaleidoscope chaos, the story unfolds. | |
| (Pre-Chorus) | |
| Metallic echoes in the streets we roam, |
jjarmoc
/ gist:88d12c7c98b307ed5e95
Created
May 7, 2014 22:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IN AMAZON EC2 SERVER # | |
| ######################## | |
| sudo su | |
| apt-get -y update && apt-get -y upgrade | |
| apt-get install vim git-core curl openssh-server openssh-client python-software-properties build-essential zlib1g-dev libssl-dev libreadline-gplv2-dev libcurl4-openssl-dev aptitude | |
| /usr/sbin/groupadd wheel | |
| /usr/sbin/visudo | |
| (paste bottom) | |
| %wheel ALL=(ALL) ALL |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ echo "@jjarmoc has your key" | openssl sha1 -sign server.key -sha1 | openssl enc -base64 | |
| kzhDRl4Br8KByqSYccdo4QfiVd82M1tkgELodYy5O7gFTOsKsrdl4VITI2LaJ2Fl | |
| A6OzUnTAXnsib/yWtYV+TzQ2auM+C93cHyTU/2ze4YXF2eGZaBr+mXmbkE5TKnAf | |
| sdIkJD1Rax9Rel+YGTQYWFI+tE2+WddHf9yDj787lOIw+GzoXQeAYP7eC0rQXath | |
| +i4g3Sngd1g0q+/g4X0tLLRCEtZqj9gTM6V1JGNvDqA+LAeGkEd4kMzx8p5SvFDM | |
| qChEx32ygA/Im57OQmFJiErhxic3oYG2iKvKBza6+/4madzRRqF2+Sb8Aipenyb0 | |
| hY68QU41LimjVtW/X1syRw== |
jjarmoc
/ gist:7938988
Created
December 13, 2013 02:26
Microsoft $100,000 bug bounty check easter egg..
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See https://twitter.com/k8em0/status/411247236610134016 for the check I found this on. | |
| 1.9.3p484 :001 > nums = [0b01001101, 0b01101001, 0b01100011, 0b01110010, 0b01101111, 0b01110011, 0b01101111, 0b01100110, 0b01110100] | |
| => [77, 105, 99, 114, 111, 115, 111, 102, 116] | |
| 1.9.3p484 :001 > nums.map{|x| x.chr }.join | |
| => "Microsoft" | |
jjarmoc
/ whatinzeus_solve.rb
Created
May 23, 2013 13:18
BSJTF CTF 'What in the name of Zeus?' solve
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'packetfu' | |
| require 'ipaddr' | |
| puts "-- Reading packets" | |
| packets = PacketFu::PcapFile.read_packets('./whatinzeus') | |
| output = packets.inject([]){|ret, pkt| | |
| ret.push(PacketFu::EthHeader.str2mac(pkt.eth_dst) =~ "01:00:5e" ? 1 : 0) | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'httpclient' | |
| cmds = [ | |
| { :method => "POST", :uri => "http://www.example.com/posthere", :body=>{ 'userid' => 'user', 'pw'=>'password'}, :response=>nil}, | |
| { :method => "GET", :uri =>"http://www.example.com/gethere", :body=>{}, :response=>nil} | |
| ] | |
| client = HTTPClient.new | |
| client.set_cookie_store('cookie.dat') | |
| cmds.each do |cmd| |
jjarmoc
/ gist:5111738
Created
March 7, 2013 20:57
jjarmoc
/ gist:5008251
Created
February 21, 2013 21:06
Overview of how ssltest.offenseindepth.com operated when it was alive.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - Apache configured to accept SSL on a number of ports, each with their own cert demonstrating an individual test case. | |
| - ELBs performing PAT so I had :443 on a number of IPs ending up hitting apache on it's various ports. | |
| - PHP on the webserver would parse the Host Header, and return a response setting a corresponding div to vulnerable | |
| - When the main domain name was accessed, it would instead return a bunch of DIV's each named to correspond to a given vuln, and including the CSS file (generated by PHP above) to test for cert validation. | |
| The end result of all this was a table that looked like the ones shown near the end of; | |
| http://www.secureworks.com/cyber-threat-intelligence/threats/transitive-trust/ | |
| Tested included; | |
| - Mismatched CN |
jjarmoc
/ gist:4661586
Last active
December 11, 2015 21:19
rails_json_yaml_code_exec Confirmed working on rails 3.0.19 and 2.3.15, both on ruby 1.9.3-p125
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MSF Module; | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_json_yaml_code_exec.rb | |
| See also; | |
| https://gist.github.com/4660248 | |
| https://github.com/ronin-ruby/ronin-ruby.github.com/blob/master/blog/_posts/2013-01-28-new-rails-poc.md |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # XOR an input file with a single byte, save as input.xor | |
| # xorfile(0xff, input) | |
| def xorfile(key, file) | |
| File.open("#{file}.xor", 'w') {|f| f.write(File.open("#{file}","rb") {|io| io.read}.unpack('C*').map{|x| x ^ key}.pack('C*')) } | |
| end | |
| # string pack/unpack w/ XOR | |
| "ABCD".unpack('C*').collect{|x| (x ^ 0xa2).chr}.join | |
| => "\xE3\xE0\xE1\xE6" | |
| "E3E0E1E6".scan(/../).collect{|x| (x.to_i(16) ^ 0xa2).chr}.join |
NewerOlder