Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View roycewilliams's full-sized avatar

Royce Williams roycewilliams

View GitHub Profile
JburkeRSAC / urxvt_notes.txt
Created October 18, 2015 23:06
Gentoo URXVT clipboard buffer notes
!**ctrl+alt+cmd for urxvt buffer ==> normal text buffer
!copy from urxvt:
!paste into urxvt:
!Add to ~/.Xdefaults:
XTerm*transparent: true
FauxFaux /
Created December 30, 2015 00:18
Capture CAs from Chrome history
locate -r '/History$' | fgrep chrom | while read x; do echo select url from urls\; | sqlite3 "$x"; done > hist
cut -d/ -f 3 hist | sort -u | xargs -P200 -I{} -n1 -- sh -c ': | openssl s_client -connect {}:443 2> {}.path > {}.handshake'
for f in *.path; do if ! fgrep 'verify erro' $f >/dev/null; then grep -m1 '^depth' $f; fi; done | cut -d' ' -f 2- | sort | uniq -c | sort -n
for f in *.path; do if ! fgrep 'verify erro' $f >/dev/null; then grep -m1 '^depth' $f; fi; done | cut -d' ' -f 2- | sed 's/.*O = //;s/, OU =.*//;s/, CN = //;s/The //;s/[",.]//g;s/ Inc//' | sort | uniq -c | sort -n
syzdek / locky-dga.c
Last active February 25, 2016 07:24
Locky Ransomware Domain Generation Algorithm
* Locky Ransomware Domain Generation Algorithm
* Original code from Forcepoint Security Labs:
* Code updated by David M. Syzdek <ten . kedzys @ divad> on 2016/02/24
* Compile with:
* gcc -W -Wall -Werror -o locky-dga locky-dga.c
if [ -z "$1" ]; then
echo "Keyspace: $keyspace"

Via Twitter

Authors consider SQLi as main attack vector. Hashed token mitigate r/o SQLi, encrypted mitigate r/w SQLi

That actually doesn't buy you anything. Consider the following table schema:

CREATE TABLE reset_tokens (
 selector TEXT,
evilmog /
Last active April 25, 2017 16:27
netntlmv1 prototype
import platform
import subprocess
import os
hash_input = raw_input("Please enter hash: ")
if not hash_input:
h_user, h_blank, h_domain, h_hash1, h_hash2, h_challenge = hash_input.split(':')
miketweaver /
Created October 13, 2017 16:15
Second Validation Method

So, for validation, here is my suggestion. Works for however people want to submit (separate hashes.txt, password.txt or combined "hash:pass" file).

  • grab a copy of mdxfind/mdsplit from . Ensure you have the contest-orginal pcrack.master.hashed.txt file (it will be read-only).

  • If separate files:

     mdxfind -f pcrack.master.hashed.txt -h ^sha1$ plaintext.txt >result
     mdsplit -f result hashes.txt

You will be left with hashes.txt and hashes.SHA1x01. The hashes.SHA1x01 are the validated number of cracks (wc -l to get number), and any invalid hash submissions will be in hashes.txt. If this file is empty, all hashes validated.

miketweaver /
Created October 16, 2017 21:53 Mangler
import random
import os
import sys
import hashlib
import thread
leetrandomness = 1;
temppassword = ""
use = False
lakiw / gist:64d1a93106fd501d4d680fffad076e12
Created November 2, 2017 20:22
Proposed approach to multi word detection in password cracking
The main challenge for detecting multi-words for passwords for me has been the lack of good wordlists/dictionaries.
Based on previous experience, my rule of thumb is that a "decent" dictionary will have about a 60% coverage rate for the training set. That number is based on very out of date experiments which quite honestly I need to update, (if you are curious I can look up where in my dissertation I documented them), which is why I consider it more a rule of thumb vs an accurate statement. You can get a higher coverage by increasing the size of your dictionary but at that point the amount of junk in your wordlist starts to make Markov based brute-force sound more attractive. Still, while some people might quible with that 60% coverage statement, (rightfully so), I think it highlights the wordlist issue. If I look for multi-words but the "golden list" I use in training only has 60% coverage then this becomes a harder problem to solve.
In general it seems like a better approach is to build custom dictionarie
Hydraze / gist:372e221ef52ce8ddc6b5ba2108f2251f
Created December 12, 2017 18:25
PACK run on the 1.4 billion passwords ("BreachCompilation")
StatsGen 0.0.3 | |
_ __ __ _ ___| | _
| '_ \ / _` |/ __| |/ /
| |_) | (_| | (__| <
| .__/ \__,_|\___|_|\_\
| |