Skip to content

Instantly share code, notes, and snippets.

💭
:cheeeeeese:

Royce Williams roycewilliams

💭
:cheeeeeese:
Block or report user

Report or block roycewilliams

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@roycewilliams
roycewilliams / internet-alaska_spleen_unknown-date_71d9da015e67eed357c537f5308142d617ff7420e4d68a76d0a843ea915cffd9.txt
Created Dec 28, 2019
internet-alaska_spleen_unknown-date_71d9da015e67eed357c537f5308142d617ff7420e4d68a76d0a843ea915cffd9.txt
View internet-alaska_spleen_unknown-date_71d9da015e67eed357c537f5308142d617ff7420e4d68a76d0a843ea915cffd9.txt
hello one and all,
In the spirit of the Communications Decency Act, this newsletter has been
* "approved" by all self-appointed authorities
* "dumbed down" to third grade reading level
* "cleared" for transmission by government decrypters and
* "broadcast" by your local Cable/IXC/LEC Converg-opolis
Still, lots of interesting news, I wouldn't skip a word if I were you.
@roycewilliams
roycewilliams / benchmark_hashcat-v5.1.0-1524-g4d286d5d_irongiant_2019-12-24.txt
Last active Dec 24, 2019
benchmark_hashcat-v5.1.0-1524-g4d286d5d_irongiant_2019-12-24.txt
View benchmark_hashcat-v5.1.0-1524-g4d286d5d_irongiant_2019-12-24.txt
# Just prior to release of hashcat 6.0.0
# Power throttled from 180W down to 150W
# Table format, sorted by hashrate, is here: https://gist.github.com/roycewilliams/41f09d1b01b14eb5b672b56572f3cf10
$ nvidia-smi
Tue Dec 24 11:34:46 2019
+-----------------------------------------------------------------------------+
| NVIDIA-SMI 418.87.01 Driver Version: 418.87.01 CUDA Version: 10.1 |
|-------------------------------+----------------------+----------------------+
| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC |
@roycewilliams
roycewilliams / postmates-unsolicited-email_2019-11-22.txt
Last active Nov 23, 2019
postmates-unsolicited-email_2019-11-22.txt
View postmates-unsolicited-email_2019-11-22.txt
#-----------------------------------------------------------------------------
# Received lines of final SMTP header:
Received: by 2002:adf:df12:0:0:0:0:0 with SMTP id y18csp74468wrl;
X-Received: by 2002:adf:f504:: with SMTP id q4mr20722381wro.160.1574482060415;
Received-SPF: pass (google.com: domain of bounces+17978-ab6a-royce=tycho.org@post.postmates.com designates 192.254.120.132 as permitted sender) client-ip=192.254.120.132;
Received: by 2002:a5d:494e:: with POP3 id r14mf6021056wrs.6;
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
Received: from mx5 ([10.202.2.204])
Received: from mx5.messagingengine.com (localhost [127.0.0.1]) by mailmx.nyi.internal (Postfix) with ESMTP id 4B5593C0136 for <royce@tycho.org>; Fri, 22 Nov 2019 23:06:29 -0500 (EST)
@roycewilliams
roycewilliams / real-world-initialism-passwords.txt
Last active Sep 29, 2019
real-world-initialism-passwords.txt
View real-world-initialism-passwords.txt
# Simple sample of real-word passwords that are initialisms of known phrases.
# Inspired by discussion at https://twitter.com/TychoTithonus/status/1170724414431715329
# Base "words" (can you tell what quotes / songs they're from?)
1mp&1c11wt
1mp@1c11wt
1mpa1c11wt
Batmf,tsite
Batmftsite
Batp,ftsbccog
View Android-10--add-user-from-lock-screen-issue.md

Android 10 "add users from lock screen" issue

Issue

On my Pixel 3 XL with new Android 10, even with "add users from lock screen" disabled, I discovered that I could reliably create a new user from the lock screen (swipe down the top menu, select blue user icon, and the "Add user" plus-sign icon is available).

I've posted this publicly - at first because I thought I must be mistaken, but then expanded later because the issue is not exploitable remotely, can only be carried out after authorized-equivalent access to the device has been achieved, is trivial to recreate with normal UI interaction, and would very likely have been disclosed by others in the very short term.

Status

  • This issue was discovered on September 3, 2019
  • This issue was assigned CVE-2019-2233 (NVD, CVE)
@roycewilliams
roycewilliams / babe-ruth-passwords.txt
Last active Aug 31, 2019
babe-ruth-passwords.txt
View babe-ruth-passwords.txt
# All case-insensitive 'babe.*ruth' founds from hashes.org (through August 2019)
# As part of this tweet thread: https://twitter.com/TychoTithonus/status/1167820683541282819
# Sorted in length order (the longer passwords are the ones more supportive of my argument)
# Under almost no circumstances should a passwords "formula" like the one described be used.
BABERUTH
BaBeRuTh
BabeRuth
Baberuth
bAbErUtH
baberuth
@roycewilliams
roycewilliams / netmux-survivor-masks.txt
Last active Aug 29, 2019
netmux-survivor-masks.txt
View netmux-survivor-masks.txt
# As noted in https://www.netmux.com/blog/survivor-password-hashes
# and https://twitter.com/netmux/status/1166688841111150597
# as of 2019-08-28
#
# (UPDATE: should be unnecessary - use https://github.com/netmux/survivor-hashes instead)
#
llllldddddddddd
llllllllddddd
lllllllllll
ddddddddddllllll
@roycewilliams
roycewilliams / benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
Last active Aug 18, 2019
benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
View benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
# benchmark_hashcat-v5.1.0-1387-gec987e68_irongiant_2019-08-18.txt
# https://gist.github.com/roycewilliams/702e5cdce0a506eb5c5a8e9cd7ebb6d8
$ hashcat -b -w 4 -O
hashcat (v5.1.0-1387-gec987e68) starting in benchmark mode...
CUDA API (CUDA 10.1)
====================
* Device #1: GeForce GTX 1080, 8119 MB, 20MCU
@roycewilliams
roycewilliams / hexify.pl
Created Jul 6, 2019
HEX-ify plains that need it
View hexify.pl
#!/usr/bin/env perl
#-----------------------------------------------------------------------
# Created: 2017-11-21
# $Id: hexify,v 1.2 2017/11/22 06:29:35 root Exp root $
#-----------------------------------------------------------------------
# FIXME - special cases:
# - Single \x0a is valid utf8, but should be hexed
#-----------------------------------------------------------------------
while (<>) {
@roycewilliams
roycewilliams / hashcat-markov-ends.txt
Last active Nov 20, 2019
A survey of the last string tried by hashcat's Markov for standard masks
View hashcat-markov-ends.txt
$ cat hashcat-markov-ends.sh
#!/bin/bash
# Ref: https://github.com/hashcat/hashcat/issues/1058
echo "# A survey of the last string tried by hashcat's Markov for standard masks"
echo -n '# hashcat version: '
hashcat --version
[ -f hashcat-markov-ends.list ] && rm hashcat-markov-ends.list
You can’t perform that action at this time.