Faiz Jazadi ttycelery

## jingle-family-mart.txt
// Transcribed manually from
// https://www.youtube.com/watch?v=GpUhmUVvD9Y
// Enjoy ;)

Hai kawan-kawan
Mari bekerja membangun bersama FamilyMart
Suka dan duka ada di FamilyMart
Semua keluarga kita

Mari menyapa pelanggan kita

## index.html
<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>colortable</title>
    <link
      rel="stylesheet"
      href="https://cdn.jsdelivr.net/npm/@exampledev/new.css@1/new.min.css"
    />

## ektp_image_reader.py
"""
Author: Faiz J <askmehere@lcat.dev>
Date: 2023-11-01

Another proof of concept of a CompactByte blog article
https://blog.compactbyte.com/2018/06/10/membedah-e-ktp/

To run this script successfully, you must connect a PN532 reader to the USB
port of your computer using a USB-to-TTL converter (I use CH340). Enjoy!
"""

## whatsapp.js
/*
Paste the following minified script to browser console (with WhatsApp Web open)
---------------
var phone_list=[];function get_list(e){var t=document.getElementsByClassName("O90ur")[0].innerText;t=t.split(", ");for(var l=0;l<t.length;l++)num=t[l].replace(/[^0-9]/g,""),"6"==num.charAt(0)&&(phone_list.includes(num)||phone_list.push(num));e&&alert(phone_list.join("\n"))}function doc_keyUp(e){e.ctrlKey&&57==e.keyCode?get_list(!0):e.ctrlKey&&56==e.keyCode?(get_list(!1),document.title="List successfully captured!"):e.ctrlKey&&55==e.keyCode?(phone_list=[],document.title="List successfully cleared!"):e.ctrlKey&&54==e.keyCode&&(document.title="Current list length: "+phone_list.length)}document.addEventListener("keyup",doc_keyUp,!1);
---------------
After entering above text, you can use these hotkeys:
- CTRL+9: capture current group chat phone numbers (unsaved numbers) and display an alert()
- CTRL+8: capture current group chat phone numbers and show notification in page title
- CTRL+7: clear captured phone_number

## idx_v3_modified.php
<?php
/*
* # IndoXploit v3 Web Shell (Stealth Version)
* # What was involved?
*   - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
*   - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
* # Important Bookmark
*   - Password configuration at line 27
*   - login_shell() function at line 40-52
*   - Login validation at line 57-64

## auto_edom.py
"""
auto-edom -- automatically fill your lecturer evaluation questionnaires
on SIMASTER UGM


        DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
                    Version 2, December 2004

 Copyright (C) 2023 Faiz Jazadi <me@lcat.dev>

## monerowin.py
# Test how profitable is monero.win

# it's not :/

import random
import time

balance = 0.1
bet_size = 0.01
profit_per_bet = 0.009

## pivoting.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              3 stars
            
          
                ttycelery
                / pivoting.md
            
            
              Last active
              January 19, 2023 10:19
            
              
                KULGRAM Surabaya Hacker Link tentang Pivoting
              
          
    Pivoting

Apa itu Pivoting?

Pivoting merupakan metode yang menggunakan "instance" yang biasa disebut "pivot host" atau "foothold" agar bisa "berpindah" dari suatu tempat ke tempat di dalam
jaringan yg sudah dihek. Simplenya, kita pakai asumsi dibawah untuk pivoting melakukan pivoting dengan OpenSSH.

Attacker punya "akses shell" ke sebuah komputer (dalam hal ini, osnya linux, nanti sesuain aja)
Komputer tadi selanjutnya disebut "Pivot host"
Di komputer itu sudah terinstall client OpenSSH dengan setting GatewayPorts menyala (di /etc/ssh/sshd_config) untuk memungkinkan reverse ssh port forwarding (baca: https://blog.devolutions.net/2017/3/what-is-reverse-ssh-port-forwarding)
Di komputer attacker, server OpenSSH berjalan di port 22
Port 22 di komputer attacker sudah diforward atau diekspose ke internet (sehingga bisa diakses oleh pivot host)


## revip.py
#!/usr/bin/python
# - RevIP
#   | Date: 10/03/2018
#   | Author: P4kL0nc4t
#   | Description: simple reverse IP lookup tool that combines multiple API to achieve effective result.

import requests
import sys
requests.packages.urllib3.disable_warnings()
from socket import gethostbyname

## main.py
import re
import logging
import sys
import time

import requests

from simaster import get_simaster_session

KHS_URL = 'https://simaster.ugm.ac.id/akademik/mhs_khs/view'
	// Transcribed manually from
	// https://www.youtube.com/watch?v=GpUhmUVvD9Y
	// Enjoy ;)

	Hai kawan-kawan
	Mari bekerja membangun bersama FamilyMart
	Suka dan duka ada di FamilyMart
	Semua keluarga kita

	Mari menyapa pelanggan kita
	<!DOCTYPE html>
	<html lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<title>colortable</title>
	<link
	rel="stylesheet"
	href="https://cdn.jsdelivr.net/npm/@exampledev/new.css@1/new.min.css"
	/>
	"""
	Author: Faiz J <askmehere@lcat.dev>
	Date: 2023-11-01

	Another proof of concept of a CompactByte blog article
	https://blog.compactbyte.com/2018/06/10/membedah-e-ktp/

	To run this script successfully, you must connect a PN532 reader to the USB
	port of your computer using a USB-to-TTL converter (I use CH340). Enjoy!
	"""
	/*
	Paste the following minified script to browser console (with WhatsApp Web open)
	---------------
	var phone_list=[];function get_list(e){var t=document.getElementsByClassName("O90ur")[0].innerText;t=t.split(", ");for(var l=0;l<t.length;l++)num=t[l].replace(/[^0-9]/g,""),"6"==num.charAt(0)&&(phone_list.includes(num)\|\|phone_list.push(num));e&&alert(phone_list.join("\n"))}function doc_keyUp(e){e.ctrlKey&&57==e.keyCode?get_list(!0):e.ctrlKey&&56==e.keyCode?(get_list(!1),document.title="List successfully captured!"):e.ctrlKey&&55==e.keyCode?(phone_list=[],document.title="List successfully cleared!"):e.ctrlKey&&54==e.keyCode&&(document.title="Current list length: "+phone_list.length)}document.addEventListener("keyup",doc_keyUp,!1);
	---------------
	After entering above text, you can use these hotkeys:
	- CTRL+9: capture current group chat phone numbers (unsaved numbers) and display an alert()
	- CTRL+8: capture current group chat phone numbers and show notification in page title
	- CTRL+7: clear captured phone_number
	<?php
	/*
	* # IndoXploit v3 Web Shell (Stealth Version)
	* # What was involved?
	* - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
	* - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
	* # Important Bookmark
	* - Password configuration at line 27
	* - login_shell() function at line 40-52
	* - Login validation at line 57-64
	"""
	auto-edom -- automatically fill your lecturer evaluation questionnaires
	on SIMASTER UGM


	DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
	Version 2, December 2004

	Copyright (C) 2023 Faiz Jazadi <me@lcat.dev>
	# Test how profitable is monero.win

	# it's not :/

	import random
	import time

	balance = 0.1
	bet_size = 0.01
	profit_per_bet = 0.009
	#!/usr/bin/python
	# - RevIP
	# \| Date: 10/03/2018
	# \| Author: P4kL0nc4t
	# \| Description: simple reverse IP lookup tool that combines multiple API to achieve effective result.

	import requests
	import sys
	requests.packages.urllib3.disable_warnings()
	from socket import gethostbyname
	import re
	import logging
	import sys
	import time

	import requests

	from simaster import get_simaster_session

	KHS_URL = 'https://simaster.ugm.ac.id/akademik/mhs_khs/view'