0xbadad aels

## get-firefox-history-top-subdomains.sh
# extract top subdomains from your firefox history
# by @nil0x42

grep -Pao "https://[a-zA-Z0-9.-]+" ~/.mozilla/firefox/*/places.sqlite \
  | sort -u | sed 's#.*://\([a-zA-Z0-9-]*\)\..*#\1#' | uniq -c | sort -rn

## payload_samples.md

      
        
          
            
              
              1 file
            
          
          
            
              
              1 fork
            
          
          
            
              
              0 comments
            
          
          
            
              
              13 stars
            
          
        
        
          
              
          
          
            
                nathanqthai
                / payload_samples.md
            
            
              Last active
              March 30, 2023 12:54
            
              
                Sample Log4Shell (CVE-2021-44228) payloads observed in the wild by GreyNoise Intelligence
              
          
        
      
        
  
      
    Samples

Enclosed are some sanitized samples of data GreyNoise has identified and collected related to the Log4J vulnerability exploitation in the wild. GreyNoise infrastructure IPs have been removed while preserving the data to the best of our ability. Please note that GreyNoise HAS NOT verified if any of these are effective. These examples are not a comprehensive coverage of all the payloads GreyNoise have observed.
These samples are intended to provide individuals with a clearer idea of some of the variation in the wild.
Examples

The follow section includes Log4Shell samples seen in the wild
URL Encoding and Failed argv Input (????)

What appears to be a failed attempt:
	# extract top subdomains from your firefox history
	# by @nil0x42

	grep -Pao "https://[a-zA-Z0-9.-]+" ~/.mozilla/firefox/*/places.sqlite \
	\| sort -u \| sed 's#.://\([a-zA-Z0-9-]\)\..*#\1#' \| uniq -c \| sort -rn