Instantly share code, notes, and snippets.

View phpinfo.php
<?php
// Safe PHPInfo file by HacKan
// You should prefer to delete it after using it, but we know how that can go... at least, be safe
// create passwd with:
// php -r '$pass = bin2hex(random_bytes(10)); echo "Plain: ", $pass, PHP_EOL, "Encrypted: ", password_hash($pass, PASSWORD_DEFAULT), PHP_EOL;'
define('PASSWD','');
$p = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING);
if (!empty(PASSWD) && !empty($p) && password_verify($p, PASSWD)) {
View properly-signing-gh-release-packages.md

Github automatically generates .tar.gz and .zip packages of the repository when a release or pre-release is created under releases. However, these packages are not signed! The tag might be signed but if a user downloads one of those, there's no true certification of its content, rather than pure trust on Github.

However, you can edit a release after it's generated to upload files, and this is how you upload signature files for those packages (as I usually do). But, to sign them, you need to first download them and, of course, verify them! Otherwise, you'll be signing your trust to Github without checking!

I will be using a tool I created to do recursive blake2 checksums called b2rsum. You can use any other tool that does the same if you want.

To properly verify those packages, do the following:

  1. Create a temporal directory to store all files, lets call it /tmp/github.
  2. Copy your source code to a subdirectory there: cp -r ~/code/myproject /tmp/github/orig.
View sshd_config
# Modern secure (OpenSSH Server 7+) SSHd config by HacKan
# Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)
# Server fingerprint
# Regenerate with: ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
HostKey /etc/ssh/ssh_host_rsa_key
# Regerate with: ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
HostKey /etc/ssh/ssh_host_ed25519_key
# Log for audit, even users' key fingerprint
View encrypted_swap_hibernation_debian9.md

Encrypted SWAP hibernation in Debian 9+

It took me about 6 hours to find out all of this, but after reading a ton of man pages, initram scripts, and bug reports, I got a working result that takes about 2' to set up...

The point is to have a SWAP partition encrypted with LUKS, and it should be decypted during boot.

When using SysV, initram hooks and scripts in Debian worked like a charm but then, Systemd came and it's not yet fully implemented so this kind of crap happens. Systemd's cryptsetup doesn't support parameters in /etc/crypttab so using a script there is ignored:

/* Options Debian's crypttab knows we don't:
View emergencylockdown.bash
#!/bin/bash
################################################################################
#
# ~~~~ Emergency Lockdown ~~~~
# Forces a lockdown on the system: kills the keys and luks headers,
# then reboots.
# Copyright (C) 2015 by HacKan
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
View kernelcleaner.sh
#!/bin/bash
############################################################
# Script que elimina todos los kernels salvo el que se
# encuentra en uso (MODO=1), o salvo el que se encuentra
# en uso y el anterior (MODO=2).
#
# **************************************************************
# ** NO ME RESPONSABILIZO POR DAÑOS QUE PUDIERAN SER CAUSADOS **
# ** SEA POR BUEN O MAL USO DE ESTE SCRIPT **
# **************************************************************
View Ataque multivoto al sistema Vot.Ar
-----BEGIN PGP MESSAGE-----
owHsuQVUXMu2KNpIgODu0GhwdwmNa3B3CO4eCAEaJ7gFDQ4JFiC4BoK7OyTBAyG4
a/fv5OyzJfuce+7//9033hj/L0axqmdVTatpVSsBAwGAivOM7AVTV2VIIFwl4AHF
wlMaCU9zNy8rZS9HTzs2HRdPF3NNOw9PKydzWJ9dwp3d1dJaO40nn15NWpaNi50X
lb7jsgCCysNJxUnl8tQeVVSUiuOJnbOVubudr5UlFRfsFxUPDx+3ICcVhzyVIRUX
FxcfFbeQIJUxFYcqbISKQwYG4+YR5KPiUKHip+LQggF5+fi5qMTEUK2cLX/gpPrf
96D6uFtZ/5CGhxeV87cHxvDPN5Uz1W8wLk5+3r/BuP7FPF4unr/BBDh/hXHxCAr8
CuPm4+b9G0yAh//vMF4+ob/B+P4FjF+I/28wQR6Bv8GEBH6VjVuQi0vwbzBufs5f
YUJ/1wu3EO/f6PJwcgr8io+Hk/dvOuDh5Bf8+1ohQa5fYVw8XL/KwcPFL8D9K4yb
View ra-tov
This file has been truncated, but you can view the full file.
-----BEGIN PGP MESSAGE-----
owEM1gNyIAgAALDatu12a9u2bdu2bdu2bdu2bfPuE5nEwwIDQCG6YntRDtYG+QPW
AsBfIRoSuNo5/zNwJHCxNSCwMbA2IDCxNjEysrCzpbU3NqU1szdTCfLSiYYFgQQG
asXh7sNnYozVX7wBPCFu1IFMrqM32uQkpPNQB4SNGx5YGnPBXf0yfb5Qj9/A0CsY
lYwxx/WRDrNn9RIyXp97MHGhV4JH/sdQO3ADtOf/t5zES6Egcwih2LbxdytCzpvt
nvOayyhoOTIxebTeY+yqBqgTYBIjYKBa7RpoaBf6DVBKUWVI0OWuAc8AXJ6BNZPe
cSHr8FuvL+Kx5+RXKobtMUt3aCT93dQU1gnrsO+1k260yI2ALk0iDSosfEqkLUiO
h5i7VBJYj91TrtooXIp6L2SHgiCEuMa20CmJCJlLqCqtNYpQP+xp3P8gVs+eKmf6
View keybase.md

Keybase proof

I hereby claim:

  • I am hackancuba on github.
  • I am hackan (https://keybase.io/hackan) on keybase.
  • I have a public key ASClVoZXLVRXbbPLGBaUhBuXUqqso1Cz9_Tcnasvn-CD5Ao

To claim this, I am signing this object: