sbehrens

Keybase proof

I hereby claim:

• I am sbehrens on github.
• I am arbit (https://keybase.io/arbit) on keybase.
• I have a public key whose fingerprint is 3BCB 4364 EF4A 3F6A C890 A755 18B8 EFD6 D8EE 14EA

To claim this, I am signing this object:

sbehrens

server {
    listen 443 ssl;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

sbehrens

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs

    # modern configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

sbehrens

import itertools
from sys import exit

any_digits = [1.67, 1.98, 1.98, 4.41, 4.41, 4.41, 4.41, 4.41, 5.44, 36, 36, 36, 36, 36, 36, 36, 36, 100, 100]

for L in range(0, len(any_digits)+1):
  for subset in itertools.combinations(any_digits, L):
    print '%.2f' % sum(subset)
    if '%.2f' % sum(subset) == 241.40:
        print 'found it!'

sbehrens

// PhantomJS script
// Takes screeshot of a given page. This correctly handles pages which
// dynamically load content making AJAX requests.

// Instead of waiting fixed amount of time before rendering, we give a short
// time for the page to make additional requests.

var _ = require('./lodash.js');

sbehrens

#!/usr/bin/python

# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (mike.philip.davis@gmail.com)

# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)

# The author disclaims copyright to this source code.

import select

sbehrens

import array
import base64
import copy

# Found X0R cipher on an app assessment?  Got the ciphertext and know the plaintext?  Use this to get the key.  

cipher_text = array.array('B', base64.b64decode("Some Blob of base64 encoded ciphertext remove decoder if not base64"))

plain_text = array.array('B', "some known plaintext value")

sbehrens

def decode_string(x, f):
    colon = x.index(':', f)
    try:
        n = int(x[f:colon])
    except (OverflowError, ValueError):
        n = long(x[f:colon])
    if x[f] == '0' and colon != f+1:
        raise ValueError
    colon += 1

sbehrens

CON
   
  _clkmode = xtal1 + pll16x
  _xinfreq = 5_000_000
  
  
VAR
  long foodude
  long datatown
  byte hello

sbehrens

# File:  fakedns.py
# Name:  Interactive CLI DNS Spoofer
# by:    @mastahyeti 
#
# based off of http://code.activestate.com/recipes/491264/

from __future__ import print_function
from gevent.event import Event
from gevent.pool import Pool
from gevent import socket