Skip to content

Instantly share code, notes, and snippets.

Jeff Jarmoc jjarmoc

Block or report user

Report or block jjarmoc

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:88d12c7c98b307ed5e95
sudo su
apt-get -y update && apt-get -y upgrade
apt-get install vim git-core curl openssh-server openssh-client python-software-properties build-essential zlib1g-dev libssl-dev libreadline-gplv2-dev libcurl4-openssl-dev aptitude
/usr/sbin/groupadd wheel
(paste bottom)
%wheel ALL=(ALL) ALL
jjarmoc / gist:10890697
Created Apr 16, 2014
cloudflare challenge proof
View gist:10890697
$ echo "@jjarmoc has your key" | openssl sha1 -sign server.key -sha1 | openssl enc -base64
jjarmoc / gist:7938988
Created Dec 13, 2013
Microsoft $100,000 bug bounty check easter egg..
View gist:7938988
# See for the check I found this on.
1.9.3p484 :001 > nums = [0b01001101, 0b01101001, 0b01100011, 0b01110010, 0b01101111, 0b01110011, 0b01101111, 0b01100110, 0b01110100]
=> [77, 105, 99, 114, 111, 115, 111, 102, 116]
1.9.3p484 :001 >{|x| x.chr }.join
=> "Microsoft"
jjarmoc / whatinzeus_solve.rb
Created May 23, 2013
BSJTF CTF 'What in the name of Zeus?' solve
View whatinzeus_solve.rb
require 'packetfu'
require 'ipaddr'
puts "-- Reading packets"
packets = PacketFu::PcapFile.read_packets('./whatinzeus')
output = packets.inject([]){|ret, pkt|
ret.push(PacketFu::EthHeader.str2mac(pkt.eth_dst) =~ "01:00:5e" ? 1 : 0)
jjarmoc / gist:5367196
Last active Dec 16, 2015
Start of ruby HTTP automation...
View gist:5367196
require 'httpclient'
cmds = [
{ :method => "POST", :uri => "", :body=>{ 'userid' => 'user', 'pw'=>'password'}, :response=>nil},
{ :method => "GET", :uri =>"", :body=>{}, :response=>nil}
client =
cmds.each do |cmd|
View gist:5111738


Twitter for iPhone

Consumer key: IQKbtAYlXLripLGPWd0HUA
Consumer secret: GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

Twitter for Android

Consumer key: 3nVuSoBZnx6U4vzUxf5w
Consumer secret: Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys

Twitter for iPad

Consumer key: CjulERsDeqhhjSme66ECg
jjarmoc / gist:5008251
Created Feb 21, 2013
Overview of how operated when it was alive.
View gist:5008251
- Apache configured to accept SSL on a number of ports, each with their own cert demonstrating an individual test case.
- ELBs performing PAT so I had :443 on a number of IPs ending up hitting apache on it's various ports.
- PHP on the webserver would parse the Host Header, and return a response setting a corresponding div to vulnerable
- When the main domain name was accessed, it would instead return a bunch of DIV's each named to correspond to a given vuln, and including the CSS file (generated by PHP above) to test for cert validation.
The end result of all this was a table that looked like the ones shown near the end of;
Tested included;
- Mismatched CN
jjarmoc / gist:4661586
Last active Dec 11, 2015
rails_json_yaml_code_exec Confirmed working on rails 3.0.19 and 2.3.15, both on ruby 1.9.3-p125
View gist:4661586
MSF Module;
See also;
jjarmoc / xorfile.rb
Created May 31, 2012
XOR a file with a single byte key, save as file.xor
View xorfile.rb
# XOR an input file with a single byte, save as input.xor
# xorfile(0xff, input)
def xorfile(key, file)"#{file}.xor", 'w') {|f| f.write("#{file}","rb") {|io|}.unpack('C*').map{|x| x ^ key}.pack('C*')) }
# string pack/unpack w/ XOR
"ABCD".unpack('C*').collect{|x| (x ^ 0xa2).chr}.join
=> "\xE3\xE0\xE1\xE6"
"E3E0E1E6".scan(/../).collect{|x| (x.to_i(16) ^ 0xa2).chr}.join
jjarmoc / gist:1571540
Created Jan 6, 2012
Quoted Printable encode/decode bash aliases - suitable for pipelining
View gist:1571540
# To decode:
# qp -d string
# To encode:
# qp string
alias qpd='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::decode($_);'\'''
alias qpe='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::encode($_);'\'''
function qp {
if [[ "$1" = "-d" ]]
You can’t perform that action at this time.