Skip to content

Instantly share code, notes, and snippets.

View liath's full-sized avatar

John Jones liath

11 followers · 13 following
  • Bugcrowd
  • Las Vegas, NV
View GitHub Profile
@liath
liath / fedtax.js
Created November 23, 2015 23:24
US Federal Income Tax calculator in javascript
// Weekly Employee Income Withholding Calculator by GitHub#Liath
// Based on IRS Circular E - http://www.irs.gov/pub/irs-pdf/p15.pdf
// Per the "Percentage Method"
var w = {
s : { // Single
0 : { p : 0, s : 0 },
44 : { p: 0.1, s: 0 },
222 : { p: 0.15, s: 17.8 },
764 : { p: 0.25, s: 99.1 },
1789 : { p: 0.28, s: 355.35 },
@liath
liath / pollux.js
Created August 25, 2018 00:33
Darknet 7: Krux's Silk Screen Challenge
/* This script will attempt to brute force any pollux ciphertext you hand it.
Most of the output is useless but for every ciphertext I could create on
[dcode](https://www.dcode.fr/pollux-cipher), it had the correct result in its
output somewhere. Usually towards the middle. Unfortunately it does not give
any useful results for the actual challenge. ¯\_(ツ)_/¯ */
/* eslint no-console:0, no-param-reassign:["error", { "props": false }] */
/* eslint-disable sort-keys */
const morse2char = {
'.-': 'a',
@liath
liath / Dockerfile
Created August 29, 2021 05:46
pyca/cryptography musllinux Dockerfile
FROM ghcr.io/pyca/cryptography-musllinux_1_1:x86_64
RUN /opt/pypy3.7/bin/pypy -m venv .venv && \
.venv/bin/pip install -U pip wheel cffi setuptools-rust && \
.venv/bin/pip download cryptography==3.4.8 --no-deps --no-binary cryptography && \
tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse && \
cd cryptography* ; \
LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse
@liath
liath / log.txt
Created February 11, 2021 22:00
aws_elastic_beanstalk_application issue
2021/02/11 13:34:34 [INFO] Terraform version: 0.14.2
2021/02/11 13:34:34 [INFO] Go runtime version: go1.15.2
2021/02/11 13:34:34 [INFO] CLI args: []string{"~/.asdf/installs/terraform/0.14.2/bin/terraform", "apply"}
2021/02/11 13:34:34 [DEBUG] Attempting to open CLI config file: ~/.terraformrc
2021/02/11 13:34:34 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2021/02/11 13:34:34 Loading CLI configuration from ~/.terraform.d/credentials.tfrc.json
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory ~/.terraform.d/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory ~/.local/share/terraform/plugins
2021/02/11 13:34:34 [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
@liath
liath / version-extract.js
Last active November 30, 2020 20:06
Extracts FileVersion and other fun fields as seen in the Properties dialog for dll and exe files
const fs = require('fs');
const file = fs.readFileSync(process.argv[2]);
let at = file.readUInt32LE(0x3c);
if (file.slice(at, at + 0x4).toString('utf-8') !== 'PE\x00\x00') {
// bail if not PE header
console.error('Did not see PE magic constant');
process.exit(1);
}
@liath
liath / exe-metadata.sh
Last active November 30, 2020 19:46
Extracts FileVersion and other fun fields as seen in the Properties dialog for dll and exe files Like https://gist.github.com/Liath/c148ce9f72a64457150e16f2a880e7c4, but this time using only bash, sed, tac, tr, and xxd (which afaik are pretty standard) so hopefully this is portable :)
#!/usr/bin/env bash
FILE=$1
BUF_SIZE=64
function getBytes {
xxd -seek "$1" -len "$2" -p "$FILE" | tr -d '\n'
}
function getIntBytesLE {
@liath
liath / ICG-algo.js
Last active March 20, 2020 23:47
Emulating C-style integer maths in javascript
/* eslint no-console:0, func-names:0 */
// JS ints are signed, which isn't useful here. Unfortunately,
// this means << can flip the sign bit and give a negative
// number which throws everything off. Luckily, we know how to
// handle this. The below is an unsigned leftshift implementation.
const ls = (input, shift) => ((input << shift) >>> 1) * 2;
// Integer casts that drop overflowing data (Just like grandma used to make)
const u8 = i => (i << 24) >>> 24;
@liath
liath / jenkins.log
Created July 11, 2019 02:46
EC2 Spot Fleet plugin resubmitting killed build
Jul 11, 2019 2:26:52 AM INFO jenkins.InitReactorRunner$1 onAttained
Augmented all extensions
Jul 11, 2019 2:26:53 AM INFO jenkins.InitReactorRunner$1 onAttained
Loaded all jobs
Jul 11, 2019 2:26:53 AM INFO hudson.model.AsyncPeriodicWork$1 run
Started Download metadata
Jul 11, 2019 2:26:53 AM INFO hudson.model.AsyncPeriodicWork$1 run
@liath
liath / brunoV_throttler_core.clj
Created April 25, 2019 23:43
Debug output for brunoV/throttler#6
(ns throttler.core
(:require [clojure.core.async :as async :refer [chan <!! >!! >! <! timeout go close! dropping-buffer]]
[clojure.pprint :refer [pprint]]))
;; To keep the throttler precise even for high frequencies, we set up a
;; minimum sleep time. In my tests I found that below 10 ms the actual
;; sleep time has an error of more than 10%, so we stay above that.
(def ^{:no-doc true} min-sleep-time 10)
(defn- round [n] (Math/round (double n)))
@liath
liath / 0-readme.md
Last active February 1, 2019 18:30
more docs fun with malicious VBA macros

We received another malicious macro doc (Invoice_Info_99362097.doc) today that I just had to pick apart. Here's the tear down:

1 extract doc

Extract the macros with oletools→olevba

olevba --deobf Invoice_Info_99362097.doc

Loaded under a syntax highlighter, a quick glance shows that a bunch of this script is commented out. I guess to give the appearance to a string based analyzer that this file does something normal for a macro? It seems like a pretty safe bet that they can be removed.