captainGeech42

#!/usr/bin/env python

import sys

def main(argv):
    if len(argv) == 1:
        print(f"usage: {argv[0]} [path to bin file]")
        return 1

    with open(argv[1], "rb") as f:

captainGeech42

from Crypto.Cipher import ARC4
import sys

# read in malware
with open(sys.argv[1], "rb") as f:
    data = f.read()

# get data
config_block = data[0x51a0:0x5394]
key_len = 32

captainGeech42

server {
        listen 127.0.0.1:8080;

        # Update this for your actual webroot
        root /var/www/html;

        index index.html

        server_name _;

captainGeech42

Host jump
  HostName jumphost
  User lowpriv
  Port 31337
  IdentityFile ~/.ssh/id_ed25519
  LocalForward 127.0.0.1:8080 myhost.com:80

captainGeech42

Host jump
  HostName jumphost
  User lowpriv
  Port 31337
  IdentityFile ~/.ssh/id_ed25519

Host secret
  HostName secretserver
  User root
  IdentityFile ~/.ssh/id_ed25519

captainGeech42

[sshd]
enabled = true
port = 31337
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 60
bantime = 1800

captainGeech42

Port 31337

LogLevel VERBOSE

PermitRootLogin no
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
HostbasedAuthentication no
IgnoreRhosts yes
PasswordAuthentication no

captainGeech42

Keybase proof

I hereby claim:

• I am captainGeech42 on github.
• I am zzzanderw (https://keybase.io/zzzanderw) on keybase.
• I have a public key whose fingerprint is 2DD6 3FD0 943E 9D13 796C 3FFB DA9D 904D 4F7C 7C53

To claim this, I am signing this object:

captainGeech42

#include <stdio.h>
#include <stdlib.h>

void read_in(const char *filename, char **data) {
	*data = malloc(sizeof(char) * 203);
	FILE *f = fopen(filename, "rb");
	fgets(*data, 203, f);
	fclose(f);
}

captainGeech42

#!/usr/bin/env python

import sys
from pwn import *

REMOTE = "remote" in sys.argv

def get_proc():
    if REMOTE:
        return remote("ctf.osusec.org", 10100)