Instantly share code, notes, and snippets.

View gist:88d12c7c98b307ed5e95
# IN AMAZON EC2 SERVER #
########################
sudo su
apt-get -y update && apt-get -y upgrade
apt-get install vim git-core curl openssh-server openssh-client python-software-properties build-essential zlib1g-dev libssl-dev libreadline-gplv2-dev libcurl4-openssl-dev aptitude
/usr/sbin/groupadd wheel
/usr/sbin/visudo
(paste bottom)
%wheel ALL=(ALL) ALL
View gist:10890697
$ echo "@jjarmoc has your key" | openssl sha1 -sign server.key -sha1 | openssl enc -base64
kzhDRl4Br8KByqSYccdo4QfiVd82M1tkgELodYy5O7gFTOsKsrdl4VITI2LaJ2Fl
A6OzUnTAXnsib/yWtYV+TzQ2auM+C93cHyTU/2ze4YXF2eGZaBr+mXmbkE5TKnAf
sdIkJD1Rax9Rel+YGTQYWFI+tE2+WddHf9yDj787lOIw+GzoXQeAYP7eC0rQXath
+i4g3Sngd1g0q+/g4X0tLLRCEtZqj9gTM6V1JGNvDqA+LAeGkEd4kMzx8p5SvFDM
qChEx32ygA/Im57OQmFJiErhxic3oYG2iKvKBza6+/4madzRRqF2+Sb8Aipenyb0
hY68QU41LimjVtW/X1syRw==
View gist:7938988
# See https://twitter.com/k8em0/status/411247236610134016 for the check I found this on.
1.9.3p484 :001 > nums = [0b01001101, 0b01101001, 0b01100011, 0b01110010, 0b01101111, 0b01110011, 0b01101111, 0b01100110, 0b01110100]
=> [77, 105, 99, 114, 111, 115, 111, 102, 116]
1.9.3p484 :001 > nums.map{|x| x.chr }.join
=> "Microsoft"
View whatinzeus_solve.rb
require 'packetfu'
require 'ipaddr'
puts "-- Reading packets"
packets = PacketFu::PcapFile.read_packets('./whatinzeus')
output = packets.inject([]){|ret, pkt|
ret.push(PacketFu::EthHeader.str2mac(pkt.eth_dst) =~ "01:00:5e" ? 1 : 0)
}
View gist:5367196
require 'httpclient'
cmds = [
{ :method => "POST", :uri => "http://www.example.com/posthere", :body=>{ 'userid' => 'user', 'pw'=>'password'}, :response=>nil},
{ :method => "GET", :uri =>"http://www.example.com/gethere", :body=>{}, :response=>nil}
]
client = HTTPClient.new
client.set_cookie_store('cookie.dat')
cmds.each do |cmd|
View gist:5111738

Twitter公式クライアントのコンシューマキー

Twitter for iPhone

Consumer key: IQKbtAYlXLripLGPWd0HUA
Consumer secret: GgDYlkSvaPxGxC4X8liwpUoqKwwr3lCADbz8A7ADU

Twitter for Android

Consumer key: 3nVuSoBZnx6U4vzUxf5w
Consumer secret: Bcs59EFbbsdF6Sl9Ng71smgStWEGwXXKSjYvPVt7qys

Twitter for iPad

Consumer key: CjulERsDeqhhjSme66ECg
View gist:5008251
- Apache configured to accept SSL on a number of ports, each with their own cert demonstrating an individual test case.
- ELBs performing PAT so I had :443 on a number of IPs ending up hitting apache on it's various ports.
- PHP on the webserver would parse the Host Header, and return a response setting a corresponding div to vulnerable
- When the main domain name was accessed, it would instead return a bunch of DIV's each named to correspond to a given vuln, and including the CSS file (generated by PHP above) to test for cert validation.
The end result of all this was a table that looked like the ones shown near the end of;
http://www.secureworks.com/cyber-threat-intelligence/threats/transitive-trust/
Tested included;
- Mismatched CN
View gist:4661586
MSF Module;
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rails_json_yaml_code_exec.rb
See also;
https://gist.github.com/4660248
https://github.com/ronin-ruby/ronin-ruby.github.com/blob/master/blog/_posts/2013-01-28-new-rails-poc.md
View xorfile.rb
# XOR an input file with a single byte, save as input.xor
# xorfile(0xff, input)
def xorfile(key, file)
File.open("#{file}.xor", 'w') {|f| f.write(File.open("#{file}","rb") {|io| io.read}.unpack('C*').map{|x| x ^ key}.pack('C*')) }
end
# string pack/unpack w/ XOR
"ABCD".unpack('C*').collect{|x| (x ^ 0xa2).chr}.join
=> "\xE3\xE0\xE1\xE6"
"E3E0E1E6".scan(/../).collect{|x| (x.to_i(16) ^ 0xa2).chr}.join
View gist:1571540
# To decode:
# qp -d string
# To encode:
# qp string
alias qpd='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::decode($_);'\'''
alias qpe='perl -MMIME::QuotedPrint -pe '\''$_=MIME::QuotedPrint::encode($_);'\'''
function qp {
if [[ "$1" = "-d" ]]
then