Skip to content

Instantly share code, notes, and snippets.

View jpluimers's full-sized avatar

Jeroen Wiert Pluimers jpluimers

  • wiert.me
  • Amsterdam, The Netherlands
View GitHub Profile
@jpluimers
jpluimers / bookmarklet.url.js
Created July 16, 2024 17:07
Prompt current blog post canonical URL
javascript:(function(){ var postID = document.getElementsByName("comment_post_ID")[0]?.value; var a = document.createElement("a"); if ((typeof HighlanderComments === 'undefined') || (HighlanderComments == null)) { a.href = document.querySelector('link[rel="EditURI"]').href; var searchParams = new URLSearchParams(window.location.search); } else { a.href=HighlanderComments.connectURL; }; a.pathname=''; a.search=`?p=${postID}`; a.hash=''; a.target="blank"; a.rel="noopener"; a.text=document.querySelector('meta[property="og:title"]')?.content; prompt("Anchor", a.outerHTML); } )();
@jpluimers
jpluimers / bookmarklet.url.js
Created July 16, 2024 15:30
Edit current current blog post in WordPress Classic Editor
javascript:(function(){ var postID = document.getElementsByName("comment_post_ID")[0]?.value; var a = document.createElement("a"); if ((typeof HighlanderComments === 'undefined') || (HighlanderComments == null)) { a.href = document.querySelector('link[rel="EditURI"]').href; var searchParams = new URLSearchParams(window.location.search); } else { a.href=HighlanderComments.connectURL; }; a.pathname='wp-admin/post.php'; a.search=`post=${postID}&action=edit&classic-editor`; a.hash=''; open(a.href); } )();
@jpluimers
jpluimers / log.txt
Created April 2, 2024 15:11
Screenshot https://pbs.twimg.com/media/GKEbYDjWcAA43cm.png from https://twitter.com/WhichbufferArda/status/1774729956834123876 Testing the XZ Utils backdoor kill switch (yolAbejyiejuvnup=Evjtgvsh5okmkAvj) this string stop the backdoor, so it won't hooking into RSA_public_decrypt() function.
detection@detection:~/Desktop$ time env -i LC_LANG=C LD_PRELOAD=/usr/lib/x86_64-linux-gnu/liblzma.so.5.6.1 /usr/sbin/sshd -h
option requires an argument -- h
OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
usage: sshd [-46DdeiqTt] [-C connection_spec] [c host_cert_file]
[-E log file] [-f config_file] [-g login_grace_time]
[-h host_key_file] [-o option] [-p port] [-u len]
real 0m0,162s
user 0m0,161s
sys 0m0,000s
detection@detection:~/Desktop$ time env -i LC_LANG=C yolAbejyiejuvnup=Evjtgvsh5okmkAvj LD_PRELOAD=/usr/lib/x86_64-linux-gnu/liblzma.so.5.6.1 /usr/sbin/sshd -h
@jpluimers
jpluimers / XZ Backdoor Analysis
Created March 31, 2024 20:24 — forked from smx-smx/XZ Backdoor Analysis
[WIP] XZ Backdoor Analysis and symbol mapping
XZ Backdoor symbol deobfuscation. Updated as i make progress
@jpluimers
jpluimers / broadcaster.py
Created March 20, 2024 12:14 — forked from simahawk/broadcaster.py
python icecast source streamer
# -*- coding: utf-8 -*-
# Inspired by https://github.com/turlando/airhead/blob/master/airhead/broadcaster.py
import click
import os
import shouty
import sys
import logging
logger = logging.getLogger('[broadcaster]')
@jpluimers
jpluimers / BOA.TXT
Created March 17, 2024 19:37
Root directory files from http://cd.textfiles.com/psl/pslv2nv06/PRGMMING/DOS/TOOLS1/BC4BOA.ZIP (MD5 hash of BC4BOA.ZIP: ef331d49370ebe508f7301d5916c40a6; SHA1 hash of BC4BOA.ZIP: 089a5fad1169ba5f815f6aaec0d052aa4eecfa97; SHA256 hash of BC4BOA.ZIP: f0035eb5932ea065eff1d36af7940dd7bf882e721c5b41318d4337fa8cd3ef31; SHA512 hash of BC4BOA.ZIP: c2f633…
@jpluimers
jpluimers / URLs.md
Last active March 15, 2024 15:02
URLs voor NPO radio sites, miniplayers, track API endpoints, mp3/aac streams en meer

URLs voor NPO

Er is een GraphQL API die vanuit elke mini-player wordt gebruikt: https://api.nporadio.nl/graphql

Elke track vanuit de mini-player geeft ook een call naar een player API url als deze: https://play-api.nporadio.nl/play/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6Im5wb3JhZGlvLWFwaSJ9.eyJpYXQiOjE3MTA1MDE3MTksIm1pZCI6IkxJX1JBNV84MTY3MzYwIn0.lJYb3PkxFbcyrfVJf0Eq-xpgad1kN2LBJF1I2ANfTzI

Het lijkt erop dat http gebaseerde icecast streams in Google Chrome vanzelf gaan afspelen, maar https gebaseerde streams niet:

Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
<!-- Copyright (C) Microsoft Corporation. All rights reserved. -->
<!DOCTYPE html>
<html dir="ltr" class="" lang="en">
<head>
<title>Sign in to your account</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">