Skip to content

Instantly share code, notes, and snippets.

View liath's full-sized avatar

John Jones liath

  • Bugcrowd
  • Las Vegas, NV
View GitHub Profile
@liath
liath / base64.js
Last active May 21, 2024 19:37
Base64 encoder golfing in JS
(i,f=([a,b,c,...z])=>1+a?[a>>2,(a<<4)+(b>>4),b+1&&(b<<2)+(c>>6),c,...f(z)]:z)=>String.fromCharCode(...f(i).map(x=>(x%=64)+1?x+71-(x<26?6:x<52?0:x<62?75:x&1?87:90):61))
@liath
liath / Dockerfile
Created August 29, 2021 05:46
pyca/cryptography musllinux Dockerfile
FROM ghcr.io/pyca/cryptography-musllinux_1_1:x86_64
RUN /opt/pypy3.7/bin/pypy -m venv .venv && \
.venv/bin/pip install -U pip wheel cffi setuptools-rust && \
.venv/bin/pip download cryptography==3.4.8 --no-deps --no-binary cryptography && \
tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse && \
cd cryptography* ; \
LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse
@liath
liath / log.txt
Created February 11, 2021 22:00
aws_elastic_beanstalk_application issue
2021/02/11 13:34:34 [INFO] Terraform version: 0.14.2
2021/02/11 13:34:34 [INFO] Go runtime version: go1.15.2
2021/02/11 13:34:34 [INFO] CLI args: []string{"~/.asdf/installs/terraform/0.14.2/bin/terraform", "apply"}
2021/02/11 13:34:34 [DEBUG] Attempting to open CLI config file: ~/.terraformrc
2021/02/11 13:34:34 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021/02/11 13:34:34 Loading CLI configuration from ~/.terraform.d/credentials.tfrc.json
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory ~/.terraform.d/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory ~/.local/share/terraform/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
@liath
liath / exe-metadata.sh
Last active November 30, 2020 19:46
Extracts FileVersion and other fun fields as seen in the Properties dialog for dll and exe files Like https://gist.github.com/Liath/c148ce9f72a64457150e16f2a880e7c4, but this time using only bash, sed, tac, tr, and xxd (which afaik are pretty standard) so hopefully this is portable :)
#!/usr/bin/env bash
FILE=$1
BUF_SIZE=64
function getBytes {
xxd -seek "$1" -len "$2" -p "$FILE" | tr -d '\n'
}
function getIntBytesLE {
@liath
liath / version-extract.js
Last active November 30, 2020 20:06
Extracts FileVersion and other fun fields as seen in the Properties dialog for dll and exe files
const fs = require('fs');
const file = fs.readFileSync(process.argv[2]);
let at = file.readUInt32LE(0x3c);
if (file.slice(at, at + 0x4).toString('utf-8') !== 'PE\x00\x00') {
// bail if not PE header
console.error('Did not see PE magic constant');
process.exit(1);
}
@liath
liath / jenkins.log
Created July 11, 2019 02:46
EC2 Spot Fleet plugin resubmitting killed build
Jul 11, 2019 2:26:52 AM INFO jenkins.InitReactorRunner$1 onAttained
Augmented all extensions
Jul 11, 2019 2:26:53 AM INFO jenkins.InitReactorRunner$1 onAttained
Loaded all jobs
Jul 11, 2019 2:26:53 AM INFO hudson.model.AsyncPeriodicWork$1 run
Started Download metadata
Jul 11, 2019 2:26:53 AM INFO hudson.model.AsyncPeriodicWork$1 run
(ns throttler.core
(:require [clojure.core.async :as async :refer [chan <!! >!! >! <! timeout go close! dropping-buffer]]
[clojure.pprint :refer [pprint]]))
;; To keep the throttler precise even for high frequencies, we set up a
;; minimum sleep time. In my tests I found that below 10 ms the actual
;; sleep time has an error of more than 10%, so we stay above that.
(def ^{:no-doc true} min-sleep-time 10)
(defn- round [n] (Math/round (double n)))
@liath
liath / 0-readme.md
Last active February 1, 2019 18:30
more docs fun with malicious VBA macros

We received another malicious macro doc (Invoice_Info_99362097.doc) today that I just had to pick apart. Here's the tear down:

1 extract doc

Extract the macros with oletools→olevba

olevba --deobf Invoice_Info_99362097.doc

Loaded under a syntax highlighter, a quick glance shows that a bunch of this script is commented out. I guess to give the appearance to a string based analyzer that this file does something normal for a macro? It seems like a pretty safe bet that they can be removed.

@liath
liath / pollux.js
Created August 25, 2018 00:33
Darknet 7: Krux's Silk Screen Challenge
/* This script will attempt to brute force any pollux ciphertext you hand it.
Most of the output is useless but for every ciphertext I could create on
[dcode](https://www.dcode.fr/pollux-cipher), it had the correct result in its
output somewhere. Usually towards the middle. Unfortunately it does not give
any useful results for the actual challenge. ¯\_(ツ)_/¯ */
/* eslint no-console:0, no-param-reassign:["error", { "props": false }] */
/* eslint-disable sort-keys */
const morse2char = {
'.-': 'a',
@liath
liath / YAS3FS-PR-133-test.py
Created March 26, 2018 22:57
test case for danilop/yas3fs PR #133
from shutil import rmtree
from tempfile import mkdtemp
from threading import Thread
from time import sleep
from unittest import TestCase
from yas3fs import FSCache
class testPR133(TestCase):
"""Per https://github.com/danilop/yas3fs/pull/133 \