jh00nbr

from PIL import Image
import sys

# Team RTFM - Red Team Freakin' Maniacs - rtfm-ctf.org
# Writeup - We also have memes!- 3DS-CTF

#playing another CTFs, our team discovered an awesome algorithm to hid messages in a PNG file.
#One member of the team told that is possible to improve the algorithm to make it impossible to retrieve the original message directly. So he hiden a message on this meme and gave to us to solve.
#Prove the he's wrong!

jh00nbr

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests,json,sys

# Script simples para consulta de dados na base dados nacional do SUS utilizando o CPF.
# Jhonathan Davi A.K.A jh00nbr / Insightl4b lab.insightsecurity.com.br
# jh00nbr: http://jhonathandavi.com.br
# Blog: lab.insightsecurity.com.br
# Github: github.com/jh00nbr
# Twitter @jh00nbr

jh00nbr

#!/usr/bin/env python
# -*- coding: utf-8 -*-

# Script de consulta simples no banco de dados da Banca de Direção do Detran DF / By Jhonathan Davi A.K.A jh00nbr 
# jdavi@insightsecurity.com.br
# jh00nbr: http://jhonathandavi.com.br
# Insightl4b - http://lab.insightsecurity.com.br 
# Blog: lab.insightsecurity.com.br
# Github: http://github.com/jh00nbr
# Twitter @jh00nbr

jh00nbr

[Unit]
Description=AutoSSH tunnel Check
After=network.target
[Service]
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -o "ServerAliveInterval 10" -o "ServerAliveCountMax 3" -N -R 6000:localhost:22 user@monitoring.com
[Install]
WantedBy=multi-user.target

jh00nbr

#Cloudflare ip addresses

# - IPv4
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;

jh00nbr

#!/usr/bin/python3
# -*- coding: utf-8 -*-

# Author: Jhonathan Davi @jh00nbr
# insightl4b.com
# github.com/jh00nbr
# Twitter: @jh00nbr

# CVE-2018-10933 - libSSH Authentication Bypass Server Version Check
# Reference: https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/master/checkversionofserver.py

jh00nbr

Keybase proof

I hereby claim:

• I am jh00nbr on github.
• I am jh00nbr (https://keybase.io/jh00nbr) on keybase.
• I have a public key ASCX7CWhk0rsyAb_W9nJAreibJvHOCcyEar5NBVog-2xoQo

To claim this, I am signing this object:

jh00nbr

#!/bin/bash
#==============================================================================
#TITLE:            mysql_backup.sh
#DESCRIPTION:      script for automating the daily mysql backups on development computer
#AUTHOR:           tleish
#DATE:             2013-12-20
#VERSION:          0.4
#USAGE:            ./mysql_backup.sh
#CRON:
  # example cron for daily db backup @ 9:15 am

jh00nbr

// XPath CheatSheet
// To test XPath in your Chrome Debugger: $x('/html/body')
// http://www.jittuu.com/2012/2/14/Testing-XPath-In-Chrome/


// 0. XPath Examples.
// More: http://xpath.alephzarro.com/content/cheatsheet.html


'//hr[@class="edge" and position()=1]'                // every first hr of 'edge' class

jh00nbr

  error_page 400 404 405 =200 @40*_json;

  location @40*_json {
    default_type application/json;
    return 200 '{"code":"1", "message": "Not Found"}';
  }

  error_page 500 502 503 504 =200 @50*_json;

  location @50*_json {