I hereby claim:
- I am 0x27 on github.
- I am infodox (https://keybase.io/infodox) on keybase.
- I have a public key whose fingerprint is 21E6 A50E FCC7 7A01 1714 F076 C455 F485 B5C3 969D
To claim this, I am signing this object:
#!/usr/bin/python2 | |
# coding: utf-8 | |
# Hash a file using a few algos. | |
# Written for a lab. | |
import hashlib | |
import sys | |
def hashfile(file, algo): | |
bs = 65536 | |
buffer = file.read(bs) |
-----BEGIN PGP PUBLIC KEY BLOCK----- | |
Version: GnuPG v2 | |
mQINBFY2S58BEADnvXq/U9CTgwGEpy5QMj0QGa/qihCuRrOemz3jGYxhZTPJbp4O | |
W2qXbI6aeKfwQLVl/1b+beX6J437RkHNb7hm4eiCsxOIab7QVY6QtroLNKwvcDtH | |
dfYmS/1toSfHPdN3+ZzHVceJ9VIAm4Tsd9d22aXJoC8as6rL6RvproA+Io6WSa4n | |
0e2b0Nozj+ayfwshEb0viRw7PpSszyMmZtOuYmmmgKjWXwkgq15193C4TUShRtbb | |
HB6/No9H/U7waGbGHtWLUCHN7vzebjPCXqhI+3QW04TOoAUrdRw4PXz3Xnbk8p8h | |
V2jdQSYEBcLinR3U4LTP5pmHRiLxPuzzVbhSyiAbhjIn1fSk+JkXyQu0f2dawr+E | |
DYieqXQ/YVaxypVMPfWhpKhU/cZup4ssJb1WIiDv2gjV61MsUwuXtXgVDejMrqdT |
#!/usr/bin/python | |
# coding: utf-8 | |
# ~ skyhighatrist | |
import svn.remote | |
import sys | |
def dump(plugin_base): | |
r = svn.remote.RemoteClient(plugin_base) | |
num_items = len(list(r.list())) | |
idx = 0 |
#!/usr/bin/python2 | |
# coding: utf-8 | |
# Example of how not to code PHP... Not a serious exploit, just one for fun as | |
# an example of how fucking badly people screw up. Picked an app while githubbin' | |
# and heres the ruinage. | |
# Exploits trivial command injection, followed by abusing the lolsudo implemented. | |
# Seriously, this dudes programming licence needs to be revoked. | |
# BONUS: Includes SCTP Backconnect for Great Justice reasons :D | |
# Screenshot: http://i.imgur.com/0CWDs8m.png | |
# Twitter: @dailydavedavids |
#!/usr/bin/python2 | |
# coding: utf-8 | |
# Script to troll anyone going through logs of your web history, | |
# or anyone running driftnet on a network you are on, or, well, | |
# anycunt who tries retain your data. | |
# @dailydavedavids // 0x27.me | |
import urllib2 | |
import random | |
import string | |
import sys |
If you're unsure what Impero is, it's essentially a corporate/educational RAT. Vendor site: https://www.imperosoftware.co.uk/ | |
They recently were in the news about how they implemented "anti-radicalisation" shit or something. | |
They had a booth at BETT back in January. They gave out donuts. Those were nice. Unfortunately, when I asked about their security, nobody answered me. | |
Some reversing later, looks like Impero is completely pwned amirite. | |
The proprietary Impero protocol on the wire is encrypted. With AES-128 CBC. And a hardcoded key and iv that are both derived from sha512(Imp3ro). ISO10126 padding is used. |
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/python2 | |
# coding: utf-8 | |
# compliments - a lovely SMS sending tool | |
# ~0x27 | |
# TODO: Write a reply handling thread to send | |
# further compliments. markov chains maybe? | |
import random | |
from time import sleep | |
from twilio.rest import TwilioRestClient | |
import sys |
#******************************************************************** | |
# CONFIGURAGION FILE FOR ADCD Z/OS 1.10 SUMMER * | |
#******************************************************************** | |
# FOR ALL THE LOADPARM OPTIONS VISIT: * | |
# http://dtsc.dfw.ibm.com/MVSDS/'HTTPD2.ADCD.GLOBAL.HTML(READ110S)' * | |
#******************************************************************** | |
# CUSTOM LOADPARM OPTIONS * | |
# SA - LOADS ALL LIBRARIES AND STARTS UP AUTOMATION (JES2) * | |
# J3 - LOADS ALL LIBRARIES AND STARTS UP BASIC z/OS SYSTEM (JES3) * | |
#******************************************************************** |