I hereby claim:
- I am hackancuba on github.
- I am hackan (https://keybase.io/hackan) on keybase.
- I have a public key ASClVoZXLVRXbbPLGBaUhBuXUqqso1Cz9_Tcnasvn-CD5Ao
To claim this, I am signing this object:
HacKanCuBa
/ keybase.md
Last active
January 10, 2017 21:22
HacKanCuBa
/ ra-tov
Created
June 19, 2015 02:29
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP MESSAGE----- | |
| owEM1gNyIAgAALDatu12a9u2bdu2bdu2bdu2bfPuE5nEwwIDQCG6YntRDtYG+QPW | |
| AsBfIRoSuNo5/zNwJHCxNSCwMbA2IDCxNjEysrCzpbU3NqU1szdTCfLSiYYFgQQG | |
| asXh7sNnYozVX7wBPCFu1IFMrqM32uQkpPNQB4SNGx5YGnPBXf0yfb5Qj9/A0CsY | |
| lYwxx/WRDrNn9RIyXp97MHGhV4JH/sdQO3ADtOf/t5zES6Egcwih2LbxdytCzpvt | |
| nvOayyhoOTIxebTeY+yqBqgTYBIjYKBa7RpoaBf6DVBKUWVI0OWuAc8AXJ6BNZPe | |
| cSHr8FuvL+Kx5+RXKobtMUt3aCT93dQU1gnrsO+1k260yI2ALk0iDSosfEqkLUiO | |
| h5i7VBJYj91TrtooXIp6L2SHgiCEuMa20CmJCJlLqCqtNYpQP+xp3P8gVs+eKmf6 | |
| qaErN5VbU6ziTbpbs2NR0VRVyUfPICjP6/+GE7X2fpIAsx4hpz9B9G7Kw+xMXG2w |
HacKanCuBa
/ Ataque multivoto al sistema Vot.Ar
Created
July 4, 2015 01:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP MESSAGE----- | |
| owHsuQVUXMu2KNpIgODu0GhwdwmNa3B3CO4eCAEaJ7gFDQ4JFiC4BoK7OyTBAyG4 | |
| a/fv5OyzJfuce+7//9033hj/L0axqmdVTatpVSsBAwGAivOM7AVTV2VIIFwl4AHF | |
| wlMaCU9zNy8rZS9HTzs2HRdPF3NNOw9PKydzWJ9dwp3d1dJaO40nn15NWpaNi50X | |
| lb7jsgCCysNJxUnl8tQeVVSUiuOJnbOVubudr5UlFRfsFxUPDx+3ICcVhzyVIRUX | |
| FxcfFbeQIJUxFYcqbISKQwYG4+YR5KPiUKHip+LQggF5+fi5qMTEUK2cLX/gpPrf | |
| 96D6uFtZ/5CGhxeV87cHxvDPN5Uz1W8wLk5+3r/BuP7FPF4unr/BBDh/hXHxCAr8 | |
| CuPm4+b9G0yAh//vMF4+ob/B+P4FjF+I/28wQR6Bv8GEBH6VjVuQi0vwbzBufs5f | |
| YUJ/1wu3EO/f6PJwcgr8io+Hk/dvOuDh5Bf8+1ohQa5fYVw8XL/KwcPFL8D9K4yb |
HacKanCuBa
/ kernelcleaner.sh
Created
April 3, 2017 13:36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ############################################################ | |
| # Script que elimina todos los kernels salvo el que se | |
| # encuentra en uso (MODO=1), o salvo el que se encuentra | |
| # en uso y el anterior (MODO=2). | |
| # | |
| # ************************************************************** | |
| # ** NO ME RESPONSABILIZO POR DAÑOS QUE PUDIERAN SER CAUSADOS ** | |
| # ** SEA POR BUEN O MAL USO DE ESTE SCRIPT ** | |
| # ************************************************************** |
HacKanCuBa
/ emergencylockdown.bash
Created
November 10, 2017 19:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ################################################################################ | |
| # | |
| # ~~~~ Emergency Lockdown ~~~~ | |
| # Forces a lockdown on the system: kills the keys and luks headers, | |
| # then reboots. | |
| # Copyright (C) 2015 by HacKan | |
| # | |
| # This program is free software: you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by |
HacKanCuBa
/ encrypted_swap_hibernation_debian9.md
Last active
January 21, 2023 21:15
Encrypted SWAP hibernation in Debian 9+
It took me about 6 hours to find out all of this, but after reading a ton of man pages, initram scripts, and bug reports, I got a working result that takes about 2' to set up...
The point is to have a SWAP partition encrypted with LUKS, and it should be decypted during boot.
When using SysV, initram hooks and scripts in Debian worked like a charm but then, Systemd came and it's not yet fully implemented so this kind of crap happens. Systemd's cryptsetup doesn't support parameters in /etc/crypttab so using a script there is ignored:
/* Options Debian's crypttab knows we don't:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Modern secure (OpenSSH Server 7+) SSHd config by HacKan | |
| # Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5) | |
| # Server fingerprint | |
| # Regenerate with: ssh-keygen -o -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096 | |
| HostKey /etc/ssh/ssh_host_rsa_key | |
| # Regerate with: ssh-keygen -o -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 | |
| HostKey /etc/ssh/ssh_host_ed25519_key | |
| # Log for audit, even users' key fingerprint |
HacKanCuBa
/ properly-signing-gh-release-packages.md
Last active
September 21, 2020 16:17
Properly signing Github releases
Github automatically generates .tar.gz and .zip packages of the repository when a release or pre-release is created under releases. However, these packages are not signed! The tag might be signed but if a user downloads one of those, there's no true certification of its content, rather than pure trust on Github.
However, you can edit a release after it's generated to upload files, and this is how you upload signature files for those packages (as I usually do). But, to sign them, you need to first download them and, of course, verify them! Otherwise, you'll be signing your trust to Github without checking!
I will be using a tool I created to do recursive blake2 checksums called b2rsum. You can use any other tool that does the same if you want.
To properly verify those packages, do the following:
- Create a temporal directory to store all files, lets call it
/tmp/github. - Copy your source code to a subdirectory there:
cp -r ~/code/myproject /tmp/github/orig.
HacKanCuBa
/ exfiltrate.html
Created
May 15, 2018 17:36
PoC to exfiltrate signal-desktop messages exploiting CVE-2018-11101 or CVE-2018-10994
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="utf-8"/> | |
| <!-- | |
| DO NOT USE THIS IN REAL LIFE, IT'S JUST A POC! Be nice, don't hack activists :) | |
| by HacKan: https://ivan.barreraoro.com.ar/signal-desktop-html-tag-injection-variant-2 | |
| under GNU GPL v3.0+ | |
| --> | |
| </head> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // Safe PHPInfo file by HacKan | |
| // You should prefer to delete it after using it, but we know how that can go... at least, be safe | |
| // create passwd with: | |
| // php -r '$pass = bin2hex(random_bytes(10)); echo "Plain: ", $pass, PHP_EOL, "Encrypted: ", password_hash($pass, PASSWORD_DEFAULT), PHP_EOL;' | |
| define('PASSWD',''); | |
| $p = filter_input(INPUT_GET, 'p', FILTER_SANITIZE_STRING); | |
| if (!empty(PASSWD) && !empty($p) && password_verify($p, PASSWD)) { |
OlderNewer