Skip to content

Instantly share code, notes, and snippets.


Teddy Reed theopolis

View GitHub Profile
theopolis / unset_passwords.sql
Created Nov 29, 2017
Find enabled accounts on macOS with unset passwords
View unset_passwords.sql
select os_version.version, case when from_base64(p2.value) like '%passwordLastSet%' then 1 else 0 end as password_set, case when p1.value = '*' then 0 else 1 end as account_enabled,, u.username as account_username from plist p1, plist p2, os_version, (select * from users where directory != '/var/empty') u where (p1.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p1.key = 'passwd') and (p2.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p2.key = 'accountPolicyData');
View gist:580bcc94084831f331a0b83c5fef40ca
diff --git a/osquery/core/windows/wmi.cpp b/osquery/core/windows/wmi.cpp
index 43e8d1f..d336118 100644
--- a/osquery/core/windows/wmi.cpp
+++ b/osquery/core/windows/wmi.cpp
@@ -197,8 +197,6 @@ WmiRequest::WmiRequest(const std::string& query, BSTR nspace) {
std::wstring wql = stringToWstring(query);
- hr = ::CoInitializeEx(0, COINIT_MULTITHREADED);
View rpm-4.13.0-rc1-lite.diff
diff --git a/ b/
index 4b5d1d8..a225237 100644
--- a/
+++ b/
@@ -18,7 +18,7 @@ endif
SUBDIRS += luaext
-SUBDIRS += rpmio lib sign build scripts fileattrs doc .
+SUBDIRS += rpmio lib .
theopolis / keychain_leaks.cpp
Created Feb 25, 2015
Small program to demo SecCertificateCopyValues leaks
View keychain_leaks.cpp
// This is a leaky program!
// Line 40 will leak a few bytes in the SecurityFramework
// %I in xcode, profile.
#include <CoreFoundation/CoreFoundation.h>
#include <CoreFoundation/CFData.h>
#include <Security/Security.h>
void CreateAuthorities() {
CFMutableDictionaryRef query;
theopolis / registry_tests.cpp
Last active Aug 29, 2015
Plugin routable registry (via thrift)
View registry_tests.cpp
* Copyright (c) 2014, Facebook, Inc.
* All rights reserved.
* This source code is licensed under the BSD-style license found in the
* LICENSE file in the root directory of this source tree. An additional grant
* of patent rights can be found in the PATENTS file in the same directory.
theopolis / crtp_bind.cpp
Last active Aug 29, 2015
C++ Non-static member binding and pseudo CRTP idioms
View crtp_bind.cpp
#include <string>
#include <typeinfo>
#include <memory>
#include <functional>
using std::placeholders::_1;
typedef std::function<int(int)> CallbackFunc;
// Helper stdout callback usage.
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (
# The author disclaims copyright to this source code.
# Modified slightly by Andreas Thienemann <> for clearer exploit code
# and 64k reads
# This version of the exploit does write received data to a file called "dump" in the local directory
# for analysis.