Skip to content

Instantly share code, notes, and snippets.

Jeff Jarmoc jjarmoc

Block or report user

Report or block jjarmoc

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:88d12c7c98b307ed5e95
# IN AMAZON EC2 SERVER #
########################
sudo su
apt-get -y update && apt-get -y upgrade
apt-get install vim git-core curl openssh-server openssh-client python-software-properties build-essential zlib1g-dev libssl-dev libreadline-gplv2-dev libcurl4-openssl-dev aptitude
/usr/sbin/groupadd wheel
/usr/sbin/visudo
(paste bottom)
%wheel ALL=(ALL) ALL
@jjarmoc
jjarmoc / gist:10890697
Created Apr 16, 2014
cloudflare challenge proof
View gist:10890697
$ echo "@jjarmoc has your key" | openssl sha1 -sign server.key -sha1 | openssl enc -base64
kzhDRl4Br8KByqSYccdo4QfiVd82M1tkgELodYy5O7gFTOsKsrdl4VITI2LaJ2Fl
A6OzUnTAXnsib/yWtYV+TzQ2auM+C93cHyTU/2ze4YXF2eGZaBr+mXmbkE5TKnAf
sdIkJD1Rax9Rel+YGTQYWFI+tE2+WddHf9yDj787lOIw+GzoXQeAYP7eC0rQXath
+i4g3Sngd1g0q+/g4X0tLLRCEtZqj9gTM6V1JGNvDqA+LAeGkEd4kMzx8p5SvFDM
qChEx32ygA/Im57OQmFJiErhxic3oYG2iKvKBza6+/4madzRRqF2+Sb8Aipenyb0
hY68QU41LimjVtW/X1syRw==
@jjarmoc
jjarmoc / gist:7938988
Created Dec 13, 2013
Microsoft $100,000 bug bounty check easter egg..
View gist:7938988
# See https://twitter.com/k8em0/status/411247236610134016 for the check I found this on.
1.9.3p484 :001 > nums = [0b01001101, 0b01101001, 0b01100011, 0b01110010, 0b01101111, 0b01110011, 0b01101111, 0b01100110, 0b01110100]
=> [77, 105, 99, 114, 111, 115, 111, 102, 116]
1.9.3p484 :001 > nums.map{|x| x.chr }.join
=> "Microsoft"
@jjarmoc
jjarmoc / whatinzeus_solve.rb
Created May 23, 2013
BSJTF CTF 'What in the name of Zeus?' solve
View whatinzeus_solve.rb
require 'packetfu'
require 'ipaddr'
puts "-- Reading packets"
packets = PacketFu::PcapFile.read_packets('./whatinzeus')
output = packets.inject([]){|ret, pkt|
ret.push(PacketFu::EthHeader.str2mac(pkt.eth_dst) =~ "01:00:5e" ? 1 : 0)
}
@jjarmoc
jjarmoc / gist:5367196
Last active Dec 16, 2015
Start of ruby HTTP automation...
View gist:5367196
require 'httpclient'
cmds = [
{ :method => "POST", :uri => "http://www.example.com/posthere", :body=>{ 'userid' => 'user', 'pw'=>'password'}, :response=>nil},
{ :method => "GET", :uri =>"http://www.example.com/gethere", :body=>{}, :response=>nil}
]
client = HTTPClient.new
client.set_cookie_store('cookie.dat')
cmds.each do |cmd|
View gist:5111738

Twitter公式クライアントのコンシューマキー

Twitter for iPhone

Consumer key: IQKbtAYlXLripLGPWd0HUA
Consumer secret: GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

Twitter for Android

Consumer key: 3nVuSoBZnx6U4vzUxf5w
Consumer secret: Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys

Twitter for iPad

Consumer key: CjulERsDeqhhjSme66ECg
@jjarmoc
jjarmoc / gist:5008251
Created Feb 21, 2013
Overview of how ssltest.offenseindepth.com operated when it was alive.
View gist:5008251
- Apache configured to accept SSL on a number of ports, each with their own cert demonstrating an individual test case.
- ELBs performing PAT so I had :443 on a number of IPs ending up hitting apache on it's various ports.
- PHP on the webserver would parse the Host Header, and return a response setting a corresponding div to vulnerable
- When the main domain name was accessed, it would instead return a bunch of DIV's each named to correspond to a given vuln, and including the CSS file (generated by PHP above) to test for cert validation.
The end result of all this was a table that looked like the ones shown near the end of;
http://www.secureworks.com/cyber-threat-intelligence/threats/transitive-trust/
Tested included;
- Mismatched CN
@jjarmoc
jjarmoc / gist:4661586
Last active Dec 11, 2015
rails_json_yaml_code_exec Confirmed working on rails 3.0.19 and 2.3.15, both on ruby 1.9.3-p125
View gist:4661586
MSF Module;
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_json_yaml_code_exec.rb
See also;
https://gist.github.com/4660248
https://github.com/ronin-ruby/ronin-ruby.github.com/blob/master/blog/_posts/2013-01-28-new-rails-poc.md
@jjarmoc
jjarmoc / xorfile.rb
Created May 31, 2012
XOR a file with a single byte key, save as file.xor
View xorfile.rb
# XOR an input file with a single byte, save as input.xor
# xorfile(0xff, input)
def xorfile(key, file)
File.open("#{file}.xor", 'w') {|f| f.write(File.open("#{file}","rb") {|io| io.read}.unpack('C*').map{|x| x ^ key}.pack('C*')) }
end
# string pack/unpack w/ XOR
"ABCD".unpack('C*').collect{|x| (x ^ 0xa2).chr}.join
=> "\xE3\xE0\xE1\xE6"
"E3E0E1E6".scan(/../).collect{|x| (x.to_i(16) ^ 0xa2).chr}.join
@jjarmoc
jjarmoc / gist:1571540
Created Jan 6, 2012
Quoted Printable encode/decode bash aliases - suitable for pipelining
View gist:1571540
# To decode:
# qp -d string
# To encode:
# qp string
alias qpd='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::decode($_);'\'''
alias qpe='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::encode($_);'\'''
function qp {
if [[ "$1" = "-d" ]]
then
You can’t perform that action at this time.