Skip to content

Instantly share code, notes, and snippets.

Florian Roth Neo23x0

Block or report user

Report or block Neo23x0

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Neo23x0
Neo23x0 / keybase.md
Created Oct 8, 2014
Keybase declaration
View keybase.md

Keybase proof

I hereby claim:

  • I am neo23x0 on github.
  • I am johngalt (https://keybase.io/johngalt) on keybase.
  • I have a public key whose fingerprint is 55CB FD26 19E9 BF9E 78C1 D582 FE04 247D 50D1 ACC8

To claim this, I am signing this object:

@Neo23x0
Neo23x0 / detect-dirtycow.sh
Last active Mar 29, 2017
One-Liner to Detect DirtyCOW Code
View detect-dirtycow.sh
#!/bin/bash
# - Matches on source and compiled code
# - Searches in user home directories by default
# - Detects certain strings in files smaller 300 kbyte
# - Does not print anything if nothing was found
# - Appends the file's time stamp of the files in question > good indicator to spot false positives
# - Should work on most Linux systems with bash
# Old version
# for f in $(find /home/ -type f -size -300 2> /dev/null); do if [[ $(strings -a "$f" 2> /dev/null | egrep "/proc/(self|%d)/(mem|maps)") != "" ]];then m=$(stat -c %y $f); echo "Contains DirtyCOW string: $f MOD_DATE: $m"; fi; done;
for f in $(find /home/ -type f -size -300 2> /dev/null); do if [[ $(egrep "/proc/(self|%d)/(mem|maps)" "$f") != "" ]];then m=$(stat -c %y "$f"); echo "Contains DirtyCOW string: $f MOD_DATE: $m"; fi; done;
@Neo23x0
Neo23x0 / crime_petya_jun17.yar
Last active Jul 1, 2017
YARA Rule for Petya Ransomware - June 2017
View crime_petya_jun17.yar
I just pushed the rule to "signature-base"
https://github.com/Neo23x0/signature-base/blob/master/yara/crime_nopetya_jun17.yar
Some of the other rules are running in QS right now.
I'll update the 'crime_nopetya_jun17.yar' file frequently.
@Neo23x0
Neo23x0 / pulggable.patch
Last active Jul 11, 2017
Wordpress CVE-2017-8295 WordPress Core <= 4.7.4 Potential Unauthorized Password Reset (0day) Patch
View pulggable.patch
--- pluggable.php 2017-05-04 09:37:27.000000000 +0200
+++ pluggable_patched.php 2017-05-04 09:40:39.000000000 +0200
@@ -323,10 +323,7 @@
if ( !isset( $from_email ) ) {
// Get the site domain and get rid of www.
- $sitename = strtolower( $_SERVER['SERVER_NAME'] );
- if ( substr( $sitename, 0, 4 ) == 'www.' ) {
- $sitename = substr( $sitename, 4 );
- }
@Neo23x0
Neo23x0 / OSX
Created Dec 12, 2017
Start Browsers Without Elliptic Curve Cipher Suites
View OSX
open /Applications/Google\ Chrome.app --args --cipher-suite-blacklist=0x000a,0xc013,0xc014,0xc02b,0xc02c,0xc02f,0xc030,0xcca8,0xcca9
@Neo23x0
Neo23x0 / send-logon-to-slack.sh
Last active Jan 9, 2018
Report user logons to a slack channel
View send-logon-to-slack.sh
#!/bin/bash
#
# Uses slack web hooks to report logons on SSH servers
# Webhooks: https://yourslack.slack.com/apps/A0F7XDUAZ-incoming-webhooks
# Add this script to /etc/profile or create a ~/.profile for a certain user
WEB_HOOK=your_slack_web_hook
hostname=$(hostname)
source=$(echo "$SSH_CONNECTION" | cut -d' ' -f 1)
geo=$(geoiplookup "$source")
@Neo23x0
Neo23x0 / get_fs_type.go
Created Jun 14, 2018
Get File System Type
View get_fs_type.go
package main
import (
"fmt"
"os"
"syscall"
)
func main() {
if len(os.Args) != 2 {
@Neo23x0
Neo23x0 / thor-ts-converter.py
Created Oct 31, 2018
THOR Timestamp Injector (adds year to old SYSLOG format and create RFC3339 timestamp)
View thor-ts-converter.py
#!/bin/python3
import os
import sys
import argparse
import logging
import re
import platform
MONTHS = {
@Neo23x0
Neo23x0 / nmap-cmdline
Last active Apr 23, 2019
Nmap Scan Params for CVE-2017-0143 MS17-010 Scanning
View nmap-cmdline
# Scan for CVE-2017-0143 MS17-010
# The vulnerability used by WannaCry Ransomware
#
# 1. Use @calderpwn's script
# http://seclists.org/nmap-dev/2017/q2/79
#
# 2. Save it to Nmap NSE script directory
# Linux - /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
# OSX - /opt/local/share/nmap/scripts/
#
You can’t perform that action at this time.