Skip to content

Instantly share code, notes, and snippets.

View scuderiaf1's full-sized avatar

Tony Romeo scuderiaf1

8 followers · 33 following
View GitHub Profile
@scuderiaf1
scuderiaf1 / poodle-detector
Created October 15, 2014 19:54
curl -L https://gist.githubusercontent.com/scuderiaf1/c5be0e6745d8b9834b12/raw/5043edcfa903ce36f3c88995e68b2143bea0cccd/poodle-detector|bash
#!/bin/bash
ret=$(echo Q | timeout 5 openssl s_client -connect "${1-`hostname`}:${2-443}" -ssl3 2> /dev/null)
if echo "${ret}" | grep -q 'Protocol.*SSLv3'; then
if echo "${ret}" | grep -q 'Cipher.*0000'; then
echo "SSL 3.0 disabled"
else
echo "SSL 3.0 enabled"
fi
else
echo "SSL disabled or other error"
@scuderiaf1
scuderiaf1 / ruby-enterprise-1.8.7-2012.02-openssl-el65.patch
Created September 29, 2014 19:28
copy of https://gist.githubusercontent.com/spkane/8059362/raw/b17ee05e8d6b16a27339ce950b025a7c5ec0cd68/ruby-enterprise-1.8.7-2012.02-openssl-el65.patch
diff -ur ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c
--- ruby-enterprise-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c 2012-02-19 06:09:11.000000000 -0800
+++ ruby-enterprise-openssl-1.8.7-2012.02/source/ext/openssl/ossl_pkey_ec.c 2014-01-03 16:37:11.077561351 -0800
@@ -757,8 +757,10 @@
method = EC_GFp_mont_method();
} else if (id == s_GFp_nist) {
method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m_simple) {
method = EC_GF2m_simple_method();
@scuderiaf1
scuderiaf1 / shellshock-test.sh
Last active August 29, 2015 14:07
#!/bin/bash
# shellshock-test.sh
# this will run it
# curl -L https://gist.githubusercontent.com/scuderiaf1/2a49271cdd2e5a022a54/raw/33ba8308f71819ee9e4d741e44f02724e8f40dc4/shellshock-test.sh|bash
VUNERABLE=false;
CVE20146271="$(env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" 2>&1 )"
CVE20147169=$(cd /tmp 2>&1; rm -f /tmp/echo 2>&1; env 'x=() { (a)=>\' bash -c "echo uname" 2>&1; cat /tmp/echo 2>&1; rm -f /tmp/echo 2>&1 )
if [[ "$CVE20146271" =~ "vulnerable" ]]
@scuderiaf1
scuderiaf1 / ruby193.spec
Last active August 29, 2015 14:05
.spec file for build your own ruby rpm 1.9.3 p484 with skaes rails express patch
%define rubyver 1.9.3
%define rubyminorver p484
Name: ruby
Version: %{rubyver}%{rubyminorver}
Release: 2%{?dist}
License: Ruby License/GPL - see COPYING
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gcc
@scuderiaf1
scuderiaf1 / 0_reuse_code.js
Created October 12, 2013 00:14
Here are some things you can do with Gists in GistBox.
// Use Gists to store code you would like to remember later on
console.log(window); // log the "window" object to the console
@scuderiaf1
scuderiaf1 / hubot
Last active December 20, 2015 10:09
hubot campfire init.d example script. set it with something like 'chkconfig --level 345 hubot on'
#!/bin/bash
# myapp daemon
# chkconfig: 345 20 80
# description: myapp daemon
# processname: myapp
DAEMON_PATH="/home/webdv/hubot-master"
DAEMON=bin/hubot
DAEMONOPTS="-a campfire -n webdv-hubot -l hubot"
@scuderiaf1
scuderiaf1 / dump_cdorked_config.py
Created April 29, 2013 18:31
Linux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole http://www.welivesecurity.com/2013/04/26/linuxcdorked-new-apache-backdoor-in-the-wild-serves-blackhole/
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# This script dumps the content of a shared memory block
# used by Linux/Cdorked.A into a file named httpd_cdorked_config.bin
# when the machine is infected.
#
# Some of the data is encrypted. If your server is infected and you
# would like to help, please send the httpd_cdorked_config.bin
# to our lab for analysis. Thanks!
@scuderiaf1
scuderiaf1 / file1.txt
Created March 25, 2013 17:49
Created via API
Demo - api is looking good