Skip to content

Instantly share code, notes, and snippets.

@adamyordan
adamyordan / jenkins-list-credentials.groovy
Last active Jul 29, 2019
List credentials in Jenkins console. Jenkins store its secrets in plaintext inside memory, therefore we can lookup the credential provider instance and list all the credentials.
View jenkins-list-credentials.groovy
import com.cloudbees.plugins.credentials.*
// list credentials
credentials = SystemCredentialsProvider.getInstance().getCredentials()
println credentials
// get credential value
println ''
println credentials[2].getPrivateKey()
@adamyordan
adamyordan / platelets.sh
Created Jun 20, 2019
Supply your daily platelets intake directly from terminal
View platelets.sh
function show_art_1() {
echo "
               
                  
                     
             
 [48;
View airpods-notification.sh
#!/bin/sh
OUTPUT=''
BLUETOOTH_DEFAULTS=$(defaults read /Library/Preferences/com.apple.Bluetooth)
SYSTEM_PROFILER=$(system_profiler SPBluetoothDataType 2>/dev/null)
MAC_ADDR=$(grep -b2 "Minor Type: Headphones"<<<"${SYSTEM_PROFILER}"|awk '/Address/{print $3}')
CONNECTED=$(grep -ia6 "${MAC_ADDR}"<<<"${SYSTEM_PROFILER}"|awk '/Connected: Yes/{print 1}')
BLUETOOTH_DATA=$(grep -ia6 '"'"${MAC_ADDR}"'"'<<<"${BLUETOOTH_DEFAULTS}")
@adamyordan
adamyordan / log-method-frida.js
Created Apr 22, 2019
Simple Frida script to log (console output) targeted methods when called
View log-method-frida.js
Java.perform(function() {
const targetClass = Java.use('com.example.TargetClass');
targetClass.targetMethod.implementation = function() {
const argumentsJson = JSON.stringify(arguments, null, 2);
const returnValue = targetClass.targetMethod.apply(this, arguments);
console.log('TARGETED_METHOD_CALLED');
console.log('ARGUMENTS:', argumentsJson);
console.log('RETURN_VALUE:', returnValue);
@adamyordan
adamyordan / pajak.py
Created Mar 6, 2019
Indonesia income tax calculator, assuming PTKP single, no dependants.
View pajak.py
import sys
MILLION = 10 ** 6
PTKP = 54 * MILLION
RATES = [
(0.05, 50 * MILLION),
(0.15, (250 - 50) * MILLION),
(0.25, (500 - 250) * MILLION),
(0.3, float('inf')),
]
@adamyordan
adamyordan / .gitlab-ci.yml
Created Mar 6, 2019
GitLab CI config file to build docker images
View .gitlab-ci.yml
image: docker:git
services:
- docker:dind
variables:
DOCKER_DRIVER: overlay
before_script:
- docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
@adamyordan
adamyordan / CVE-2019-1003000-Jenkins-RCE-POC.py
Last active Jul 29, 2019
CVE-2019-1003000-Jenkins-RCE-POC
View CVE-2019-1003000-Jenkins-RCE-POC.py
#!/usr/bin/python
# Author: Adam Jordan
# Date: 2019-02-15
# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
import argparse
import jenkins
@adamyordan
adamyordan / streamcheck.go
Created Dec 5, 2018
Check whether a file has alternative data stream in go
View streamcheck.go
package checker
import (
"golang.org/x/sys/windows"
"syscall"
"unsafe"
)
var kernel32 = windows.NewLazyDLL("kernel32.dll")
View go-die.go
package die
import (
"golang.org/x/sys/windows"
"syscall"
"unsafe"
)
const (
DIE_SHOWERRORS = 0x00000001
@adamyordan
adamyordan / dump.sh
Created Oct 22, 2018
TCP request dumper in oneliner shell command
View dump.sh
while true; do echo -e "HTTP/1.1 200 OK" | nc -lvp 8000; done