When run on a box, outputs a single row of JSON for every proc on the box that loads a jar/war that contains any files with 'log4j' in them, including precisely what triggered the match. For example (pretty printed here for clarity; note that this one is happily a false positive):
{
"node": "HW0000001",
"time": 1632617610.3860812,
"pid": 78676,
"cmd": "/usr/local/opt/openjdk/libexec/openjdk.jdk/Contents/Home/bin/java",
"args": [
"-Xms128M",
Cryptopals is a set of cryptographic challenges, originally published here: https://cryptopals.com
Set 8 of the challenges was never published publicly, until late March 2018. However the cryptopals website was not updated to include the challenges. This gist compiles the 8th set of the Cryptopals challenges.
| title | link |
|---|---|
| 57. Diffie-Hellman Revisited: Small Subgroup Confinement | https://toadstyle.org/cryptopals/513b590b41d19eff3a0aa028023349fd.txt |
| 58. Pollard's Method for Catching Kangaroos | https://toadstyle.org/cryptopals/3e17c7b35fcf491d08c989081ed18c9a.txt |
| 59. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks | https://toadstyle.org/cryptopals/a0833e607878a80fdc0808f889c721b1.txt |
| Constant | Code |
|---|---|
| errSecSuccess | 0 |
| errSecUnimplemented | -4 |
| I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
| 10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
| that I too could do it. | |
| First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
| believed that it would be highly improbable under normal conditions to obtain the private key | |
| through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
| challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
| extract private keys. So I wanted to see first-hand if it was possible or not. |
| # -*- coding: utf-8 -*- | |
| """ | |
| Created on Thu Jan 10 08:20:14 2013 | |
| @author: Nick Coblentz | |
| """ | |
| from burp import IBurpExtender | |
| from burp import IScannerInsertionPointProvider | |
| from burp import IScannerInsertionPoint |
| # -*- coding: utf-8 -*- | |
| """ | |
| Created on Fri Dec 28 14:16:12 2012 | |
| @author: Nick Coblentz | |
| Some of this code is borrowed from Brian Holyfield's Burp plugin located here: https://github.com/GDSSecurity/WCF-Binary-SOAP-Plug-In | |
| It is also fully dependent on having NBFS.exe from his plugin in the same directory as Burp. | |
| """ | |
| from burp import IBurpExtender |
| 0 = Success | |
| 1 = Operation not permitted | |
| 2 = No such file or directory | |
| 3 = No such process | |
| 4 = Interrupted system call | |
| 5 = Input/output error | |
| 6 = No such device or address | |
| 7 = Argument list too long | |
| 8 = Exec format error |
| # Mac OS X Lion introduced a new, iOS-like context menu when you press and hold a key | |
| # that enables you to choose a character from a menu of options. If you are on Lion | |
| # try it by pressing and holding down 'e' in any app that uses the default NSTextField | |
| # for input. | |
| # | |
| # It's a nice feature and continues the blending of Mac OS X and iOS features. However, | |
| # it's a nightmare to deal with in Sublime Text if you're running Vintage (Vim) mode, | |
| # as it means you cannot press and hold h/j/k/l to move through your file. You have | |
| # to repeatedly press the keys to navigate. |