Matt Korostoff MKorostoff
MKorostoff
/ request.json
Created
December 23, 2014 17:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "start_datetime": "2014-12-23T17:31:30.000000Z", | |
| "name": "Heavy Kettle: Basics", | |
| "privacy": "\/v7.0\/privacy_option\/1\/", | |
| "aggregates": { | |
| "active_time_total": 1593, | |
| "elapsed_time_total": 1593, | |
| "metabolic_energy_total": 757304 | |
| }, | |
| "start_locale_timezone": "America\/New_York", |
MKorostoff
/ request.json
Created
December 23, 2014 17:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "start_datetime": "2014-12-23T17:30:45Z", | |
| "name": "Heavy Kettle: Basics", | |
| "privacy": "\/v7.0\/privacy_option\/1\/", | |
| "aggregates": { | |
| "active_time_total": 1593, | |
| "elapsed_time_total": 1593, | |
| "metabolic_energy_total": 757304 | |
| }, | |
| "start_locale_timezone": "America\/New_York", |
MKorostoff
/ request.json
Created
December 23, 2014 17:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "start_datetime": "2014-12-23T17:38:42+00:00", | |
| "name": "Heavy Kettle: Basics", | |
| "privacy": "\/v7.0\/privacy_option\/1\/", | |
| "aggregates": { | |
| "active_time_total": 1593, | |
| "elapsed_time_total": 1593, | |
| "metabolic_energy_total": 757304 | |
| }, | |
| "start_locale_timezone": "Asia\/Tokyo", |
MKorostoff
/ request.json
Last active
August 29, 2015 14:12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /v7.0/workout/ HTTP/1.0 | |
| Api-Key: qvrhd9ep4hhbm66tsasjr9bcuv85ewhc | |
| Authorization: Bearer 4e31f69206ec927f811bffbd21d23cf85f373fa7 | |
| Content-Type: application/json | |
| User-Agent: Drupal (+http://drupal.org/) | |
| Connection: close | |
| Host: oauth2-api.mapmyapi.com | |
| Content-Length: 298 | |
| { |
MKorostoff
/ gist:1bdd84656849f842667d
Created
December 22, 2014 22:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HTTP/1.1 201 Created | |
| Content-Type: application/json | |
| Date: Mon, 22 Dec 2014 22:19:22 GMT | |
| Location: https://oauth2-api.mapmyapi.com/v7.0/workout/823384959/ | |
| Server: nginx | |
| Set-Cookie: multidb_pin_writes=y; expires=Mon, 22-Dec-2014 22:19:32 GMT; Max-Age=10; Path=/ | |
| X-Mashery-Responder: prod-j-worker-us-east-1b-52.mashery.com | |
| X-Plan-QPS-Allotted: 60 | |
| X-Plan-QPS-Current: 1 | |
| X-Plan-Quota-Allotted: 25000 |
MKorostoff
/ gist:5ba32ae0d0de2edfc9c4
Created
December 22, 2014 22:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /v7.0/workout/ HTTP/1.0 | |
| Api-Key: qvrhd9ep4hhbm66tsasjr9bcuv85ewhc | |
| Authorization: Bearer 4e31f69206ec927f811bffbd21d23cf85f373fa7 | |
| Content-Type: application/json | |
| User-Agent: Drupal (+http://drupal.org/) | |
| Connection: close | |
| Host: oauth2-api.mapmyapi.com | |
| Content-Length: 315 | |
| { |
MKorostoff
/ gist:c16c45f66aabaf9bc361
Created
December 10, 2014 23:50
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2014-12-10 23:25:41 Varnish request 127.0.0.1 - admin "GET http://stage.radiusgym.com/user/registrationpassword/1726/1418253896/hCMO4ozsxdu8rBodLOD1fU1lyH64P6eI0Gkek8F1wWk HTTP/1.0" 503 555 "https://www.guerrillamail.com/inbox?mail_id=19664260" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36" 0.270001173 miss pass request_id="-" "-" | |
| 2014-12-10 23:25:41 Apache request 71.172.38.122 - - "GET /user/registrationpassword/1726/1418253896/hCMO4ozsxdu8rBodLOD1fU1lyH64P6eI0Gkek8F1wWk HTTP/1.0" 403 22688 "https://www.guerrillamail.com/inbox?mail_id=19664260" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36" vhost=nbcupowertest.prod.acquia-sites.com host=stage.radiusgym.com hosting_site=nbcupowertest pid=4769 request_time=274229 request_id="v-db44e3c2-80c3-11e4-89d4-12313d1bf92a" |
MKorostoff
/ gist:24ad125bf06e3984869c
Created
December 5, 2014 01:21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Access control list. | |
| # The goal of this ACL is to refuse direct apache acces to everyone other than | |
| # Varnish and a list of trusted admins. IP addresses on this list may access | |
| # apache directly by navigating to example.com:8000. Apache will allow POST | |
| # traffic, but Varnish will not, so your site will be largely immune to SQL | |
| # injection attacks that require POST access | |
| ################################################# | |
| Deny from all | |
| Allow from 127.0.0.1 | |
| Allow from 123.123.123.123 |
MKorostoff
/ varnish_config.vcl
Created
December 5, 2014 01:16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # An example varnish configuration file which will refuse all POST traffic. | |
| # When used in conjunction with the htaccess file in this same directory, this | |
| # will ensure that 1) no one can POST to Varnish and 2) only a specific group of | |
| # users can POST to apache. | |
| # | |
| # This VCL file doesn't really stand on it's own. For a more complete tutorial | |
| # on Varnish for Drupal see https://www.digitalocean.com/community/tutorials/how-to-configure-varnish-for-drupal-with-apache-on-debian-and-ubuntu | |
| /** | |
| * The location of the apache web server. |
MKorostoff
/ deobfuscated.php
Created
December 3, 2014 05:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * @file | |
| * A de-obfuscated version of the file used by some attackers to install | |
| * backdoors on drupal sites, using the Drupal SA-CORE-2014-005 vulnerabilty. | |
| * | |
| * @usage | |
| * Runs any php code supplied by the user as a base64_encoded string in a | |
| * cookie. | |
| * |