nops 0x9090

## gist:4d14a68afe6c8314f92e

<html>
<head>
  <title>sneaky copy-paste terminal example</title>
</head>
  <style>
    .codeblock {
      background-color: lightyellow;
      border: 1px dotted black;
      margin-left: 50px;

## gist:5444937462311cb5a075
These are some common Linux programs which can be used to execute other software. This demonstrates the risk of implicitly granting sudo privledges to non-suid programs. For example, if you lock down sudo to everything except for vim, then a local attacker could still open a full root shell with that limited sudo vim privledge.


tcpdump
$ tcpdump -n -i lo -G1 -w /dev/null -z ./program.sh

tar
$ tar c a.tar -I ./program.sh a

zip

## gist:2d2d632be2e7fe5eb0d5
1: Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, or direct or indirect recursion.

2: All loops must have a fixed upper bound. It must be trivially possible for a checking tool to statically prove that a preset upper bound on the number of iterations of a loop cannot be exceeded. If the loop-bound cannot be proven statically, the rule is considered violated.

3: Do not use dynamic memory allocation after initialization.

4: No function should be longer than what can be printed on a single sheet of paper (in a standard reference format with one line per statement and one line per declaration.) Typically, this means no more than about 60 lines of code per function.

5: The assertion density of the code should average a minimum of two assertions per function. Assertions must always be side effect-free and should be defined as Boolean tests.

## torrc.examples.txt
This file is part of Whonix
Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
See the file COPYING for copying conditions.

        **** Do NOT edit this file! ****

This file will show you examples you can copy and paste to /etc/tor/torrc

Additionally, you can read the official Tor Manual at:
https://www.torproject.org/docs/tor-manual.html.en

## mime.types
types {
    text/html                             html htm shtml;
    text/css                              css;
    text/xml                              xml;
    image/gif                             gif;
    image/jpeg                            jpeg jpg;
    application/javascript                js;
    application/atom+xml                  atom;
    application/rss+xml                   rss;

## Coordinating ADFS Token Lifetime
------------
This is a backup of a useful article on ADFS token lifetimes that was taken down. Original URL is = https://tristanwatkins.com/coordinating-adfs-2012-r2-token-lifetime-logon-prompt-enforce-revocation-session-duration-public-network/
------------


Coordinating AD FS 2012 R2 token lifetimes to reduce logon prompts, enforce revocation and limit session duration over public networks

Back in February, I posted a question on the Geneva forum about Adjusting token lifetimes at the Web Application Proxy (WAP) for external access:

## hacker_history.txt
-------------------------------------------------------------
--- Mirrored From http://quietlydreaming.wumpy.xyz/qd.txt ---
-------------------------------------------------------------

1961.01.02      Caltech hackers (Fiendish Fourteen) hacked the stunt cards at the Rose Bowl (U of Wash vs Minnesota)
                to say CALTECH instead of WASHINGTON and show a beaver instead of a husky
1969.10.29	The Internet is born as the first ARPANET link was established on October 29, 1969, between the IMP at UCLA and the IMP at SRI. By December, the entire 4-node network was connected.
1971.00.00      John Draper (Cap'n Crunch) uses whistle (blue box) to access Ma Bell
1971.00.00	First e-mail program written by Ray Tomlinson
1972.05.00      John Draper arrested for phone fraud

## gist:cb1e3b20f65c0919313d770d269f2486
- clear your browsers cache, delete everyting (this will log you out)
- visit the page with the fresh reseted browser and see what cookie you get when you visit page first time (without being logged in)
- save this cookie for later
- now browse the site while beeing NOT logged in, see if and how the cookie changes
- after collecting all data that not involves a session, go and log in
- save this cookie, now compare with the cookie you gathered at first visit
- check what fields have changed, those that stayed same will move down on the list as second choice for alter testing
- any value that has changed, or any parameter that was beeing added, is now to be investigated
- now try changing values, start with the IP and useragent field first
- see if it logs you out after changing your useragent

## listener.py
#!/usr/bin/env python
import socket, sys

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
port = 6675
server_address = ("0.0.0.0", port)
sock.bind(server_address)
sock.listen(1)

while True:

## bin_to_cstr.py
#!/usr/bin/env python
import os, binascii

# Converts the target binary file to a C formatted string. Useful for embedding binary files in C source code

target = "C:\\Windows\\System32\\cmd.exe"
output_file = "C:\\file.txt"
bytes_per_line = 16

	<html>
	<head>
	<title>sneaky copy-paste terminal example</title>
	</head>
	<style>
	.codeblock {
	background-color: lightyellow;
	border: 1px dotted black;
	margin-left: 50px;
	These are some common Linux programs which can be used to execute other software. This demonstrates the risk of implicitly granting sudo privledges to non-suid programs. For example, if you lock down sudo to everything except for vim, then a local attacker could still open a full root shell with that limited sudo vim privledge.


	tcpdump
	$ tcpdump -n -i lo -G1 -w /dev/null -z ./program.sh

	tar
	$ tar c a.tar -I ./program.sh a

	zip
	1: Restrict all code to very simple control flow constructs. Do not use GOTO statements, setjmp or longjmp constructs, or direct or indirect recursion.

	2: All loops must have a fixed upper bound. It must be trivially possible for a checking tool to statically prove that a preset upper bound on the number of iterations of a loop cannot be exceeded. If the loop-bound cannot be proven statically, the rule is considered violated.

	3: Do not use dynamic memory allocation after initialization.

	4: No function should be longer than what can be printed on a single sheet of paper (in a standard reference format with one line per statement and one line per declaration.) Typically, this means no more than about 60 lines of code per function.

	5: The assertion density of the code should average a minimum of two assertions per function. Assertions must always be side effect-free and should be defined as Boolean tests.
	This file is part of Whonix
	Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
	See the file COPYING for copying conditions.

	** Do NOT edit this file! **

	This file will show you examples you can copy and paste to /etc/tor/torrc

	Additionally, you can read the official Tor Manual at:
	https://www.torproject.org/docs/tor-manual.html.en
	types {
	text/html html htm shtml;
	text/css css;
	text/xml xml;
	image/gif gif;
	image/jpeg jpeg jpg;
	application/javascript js;
	application/atom+xml atom;
	application/rss+xml rss;
	------------
	This is a backup of a useful article on ADFS token lifetimes that was taken down. Original URL is = https://tristanwatkins.com/coordinating-adfs-2012-r2-token-lifetime-logon-prompt-enforce-revocation-session-duration-public-network/
	------------



	Coordinating AD FS 2012 R2 token lifetimes to reduce logon prompts, enforce revocation and limit session duration over public networks

	Back in February, I posted a question on the Geneva forum about Adjusting token lifetimes at the Web Application Proxy (WAP) for external access:
	-------------------------------------------------------------
	--- Mirrored From http://quietlydreaming.wumpy.xyz/qd.txt ---
	-------------------------------------------------------------

	1961.01.02 Caltech hackers (Fiendish Fourteen) hacked the stunt cards at the Rose Bowl (U of Wash vs Minnesota)
	to say CALTECH instead of WASHINGTON and show a beaver instead of a husky
	1969.10.29 The Internet is born as the first ARPANET link was established on October 29, 1969, between the IMP at UCLA and the IMP at SRI. By December, the entire 4-node network was connected.
	1971.00.00 John Draper (Cap'n Crunch) uses whistle (blue box) to access Ma Bell
	1971.00.00 First e-mail program written by Ray Tomlinson
	1972.05.00 John Draper arrested for phone fraud
	- clear your browsers cache, delete everyting (this will log you out)
	- visit the page with the fresh reseted browser and see what cookie you get when you visit page first time (without being logged in)
	- save this cookie for later
	- now browse the site while beeing NOT logged in, see if and how the cookie changes
	- after collecting all data that not involves a session, go and log in
	- save this cookie, now compare with the cookie you gathered at first visit
	- check what fields have changed, those that stayed same will move down on the list as second choice for alter testing
	- any value that has changed, or any parameter that was beeing added, is now to be investigated
	- now try changing values, start with the IP and useragent field first
	- see if it logs you out after changing your useragent
	#!/usr/bin/env python
	import socket, sys

	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	port = 6675
	server_address = ("0.0.0.0", port)
	sock.bind(server_address)
	sock.listen(1)

	while True:
	#!/usr/bin/env python
	import os, binascii

	# Converts the target binary file to a C formatted string. Useful for embedding binary files in C source code

	target = "C:\\Windows\\System32\\cmd.exe"
	output_file = "C:\\file.txt"
	bytes_per_line = 16