Skip to content

Instantly share code, notes, and snippets.

@adamyordan
adamyordan / jenkins-list-credentials.groovy
Last active July 29, 2019 09:28
List credentials in Jenkins console. Jenkins store its secrets in plaintext inside memory, therefore we can lookup the credential provider instance and list all the credentials.
import com.cloudbees.plugins.credentials.*
// list credentials
credentials = SystemCredentialsProvider.getInstance().getCredentials()
println credentials
// get credential value
println ''
println credentials[2].getPrivateKey()
@adamyordan
adamyordan / platelets.sh
Created June 20, 2019 10:07
Supply your daily platelets intake directly from terminal
function show_art_1() {
echo "
               
                  
                     
             
 [48;
#!/bin/sh
OUTPUT=''
BLUETOOTH_DEFAULTS=$(defaults read /Library/Preferences/com.apple.Bluetooth)
SYSTEM_PROFILER=$(system_profiler SPBluetoothDataType 2>/dev/null)
MAC_ADDR=$(grep -b2 "Minor Type: Headphones"<<<"${SYSTEM_PROFILER}"|awk '/Address/{print $3}')
CONNECTED=$(grep -ia6 "${MAC_ADDR}"<<<"${SYSTEM_PROFILER}"|awk '/Connected: Yes/{print 1}')
BLUETOOTH_DATA=$(grep -ia6 '"'"${MAC_ADDR}"'"'<<<"${BLUETOOTH_DEFAULTS}")
@adamyordan
adamyordan / log-method-frida.js
Created April 22, 2019 09:27
Simple Frida script to log (console output) targeted methods when called
Java.perform(function() {
const targetClass = Java.use('com.example.TargetClass');
targetClass.targetMethod.implementation = function() {
const argumentsJson = JSON.stringify(arguments, null, 2);
const returnValue = targetClass.targetMethod.apply(this, arguments);
console.log('TARGETED_METHOD_CALLED');
console.log('ARGUMENTS:', argumentsJson);
console.log('RETURN_VALUE:', returnValue);
@adamyordan
adamyordan / pajak.py
Created March 6, 2019 05:21
Indonesia income tax calculator, assuming PTKP single, no dependants.
import sys
MILLION = 10 ** 6
PTKP = 54 * MILLION
RATES = [
(0.05, 50 * MILLION),
(0.15, (250 - 50) * MILLION),
(0.25, (500 - 250) * MILLION),
(0.3, float('inf')),
]
@adamyordan
adamyordan / .gitlab-ci.yml
Created March 6, 2019 04:59
GitLab CI config file to build docker images
image: docker:git
services:
- docker:dind
variables:
DOCKER_DRIVER: overlay
before_script:
- docker login -u gitlab-ci-token -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
@adamyordan
adamyordan / CVE-2019-1003000-Jenkins-RCE-POC.py
Last active July 29, 2019 09:29
CVE-2019-1003000-Jenkins-RCE-POC
#!/usr/bin/python
# Author: Adam Jordan
# Date: 2019-02-15
# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
import argparse
import jenkins
@adamyordan
adamyordan / streamcheck.go
Created December 5, 2018 05:56
Check whether a file has alternative data stream in go
package checker
import (
"golang.org/x/sys/windows"
"syscall"
"unsafe"
)
var kernel32 = windows.NewLazyDLL("kernel32.dll")
package die
import (
"golang.org/x/sys/windows"
"syscall"
"unsafe"
)
const (
DIE_SHOWERRORS = 0x00000001
@adamyordan
adamyordan / dump.sh
Created October 22, 2018 03:36
TCP request dumper in oneliner shell command
while true; do echo -e "HTTP/1.1 200 OK" | nc -lvp 8000; done