Teddy Reed theopolis
theopolis
/ ssltest.py
Created
April 9, 2014 23:39
— forked from ixs/ssltest.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
| # The author disclaims copyright to this source code. | |
| # | |
| # Modified slightly by Andreas Thienemann <athienemann@schubergphilis.com> for clearer exploit code | |
| # and 64k reads | |
| # | |
| # This version of the exploit does write received data to a file called "dump" in the local directory | |
| # for analysis. |
theopolis
/ crtp_bind.cpp
Last active
August 29, 2015 14:11
C++ Non-static member binding and pseudo CRTP idioms
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <string> | |
| #include <typeinfo> | |
| #include <memory> | |
| #include <functional> | |
| using std::placeholders::_1; | |
| typedef std::function<int(int)> CallbackFunc; | |
| // Helper stdout callback usage. |
theopolis
/ registry_tests.cpp
Last active
August 29, 2015 14:14
Plugin routable registry (via thrift)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Copyright (c) 2014, Facebook, Inc. | |
| * All rights reserved. | |
| * | |
| * This source code is licensed under the BSD-style license found in the | |
| * LICENSE file in the root directory of this source tree. An additional grant | |
| * of patent rights can be found in the PATENTS file in the same directory. | |
| * | |
| */ | |
theopolis
/ keychain_leaks.cpp
Created
February 25, 2015 17:54
Small program to demo SecCertificateCopyValues leaks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // This is a leaky program! | |
| // Line 40 will leak a few bytes in the SecurityFramework | |
| // %I in xcode, profile. | |
| #include <CoreFoundation/CoreFoundation.h> | |
| #include <CoreFoundation/CFData.h> | |
| #include <Security/Security.h> | |
| void CreateAuthorities() { | |
| CFMutableDictionaryRef query; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/Makefile.am b/Makefile.am | |
| index 4b5d1d8..a225237 100644 | |
| --- a/Makefile.am | |
| +++ b/Makefile.am | |
| @@ -18,7 +18,7 @@ endif | |
| if WITH_LUA | |
| SUBDIRS += luaext | |
| endif | |
| -SUBDIRS += rpmio lib sign build scripts fileattrs doc . | |
| +SUBDIRS += rpmio lib . |
theopolis
/ gist:580bcc94084831f331a0b83c5fef40ca
Created
October 1, 2016 19:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/osquery/core/windows/wmi.cpp b/osquery/core/windows/wmi.cpp | |
| index 43e8d1f..d336118 100644 | |
| --- a/osquery/core/windows/wmi.cpp | |
| +++ b/osquery/core/windows/wmi.cpp | |
| @@ -197,8 +197,6 @@ WmiRequest::WmiRequest(const std::string& query, BSTR nspace) { | |
| std::wstring wql = stringToWstring(query); | |
| HRESULT hr = E_FAIL; | |
| - | |
| - hr = ::CoInitializeEx(0, COINIT_MULTITHREADED); |
theopolis
/ unset_passwords.sql
Created
November 29, 2017 01:54
Find enabled accounts on macOS with unset passwords
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| select os_version.version, case when from_base64(p2.value) like '%passwordLastSet%' then 1 else 0 end as password_set, case when p1.value = '*' then 0 else 1 end as account_enabled, u.shell, u.username as account_username from plist p1, plist p2, os_version, (select * from users where directory != '/var/empty') u where (p1.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p1.key = 'passwd') and (p2.path = '/var/db/dslocal/nodes/Default/users/' || username || '.plist' and p2.key = 'accountPolicyData'); |