Skip to content

Instantly share code, notes, and snippets.

Avatar

Adnan Mohd Shukor xanda

31 followers · 4 following
View GitHub Profile
@xanda
xanda / gist:da7057aa36d24dad8b495ba43be29a93
Last active May 19, 2023 02:42
Nessus - Check for BPFdoor (2022/2023) runtime lock file
View gist:da7057aa36d24dad8b495ba43be29a93
<custom_item>
type: FILE_CHECK_NOT
system: "Linux"
description: "Check for BPFdoor (2022/2023) runtime lock file"
value_data: "/var/run/initd.lock"
</custom_item>
@xanda
xanda / Vulnerable_JndiLookup_class_hashes.csv
Created December 14, 2021 10:19
List of vulnerable JndiLookup.class hashes for the affected version of Log4j. You may use them to crawl your file system, or to add them to your antivirus custom indicator, for inventory purposes (audit mode) or to apply mitigation (deletion)
View Vulnerable_JndiLookup_class_hashes.csv
JndiLookup.class for Lib4J version md5sum sha1sum sha256sum
2.0-beta9 662118846c452c4973eca1057859ad61 9799470c2cca80f047f6b0d1588dacae9aae26fc 39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc1 662118846c452c4973eca1057859ad61 9799470c2cca80f047f6b0d1588dacae9aae26fc 39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc2 1daf21d95a208cfce994704824f46fae ec9326bae452f2d2e8a4852b24799d6458d11d46 a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2
2 62c82ad7c1ec273a683de928c93abbe9 e605ca8be62f8f26c43d906f392090231e96edfd fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29
2.0.1 2365c12b4a7c5fa5d7903dd90ca9e463 040c7583735f58988635563b0b6c0f009d5ae5c0 964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e
2.0.2 5c727238e74ffac28315c36df27ef7cc 7d403e7e7208e4d9ebaf2b32ddc90a04170580c5 9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c
2.1 8ededbb1646c1a4dd6cdb93d9a01f43c 1b0283f98e00f04be9b8cf655f881e767c8bb386 a768e5383990
@xanda
xanda / vulnerable_log4j-core_hashes.csv
Last active December 14, 2021 10:20
List of hashes for the vulnerable log4j-core JAR files. You may use them as inventory purposes or to delete JndiLookup.class from the JAR
View vulnerable_log4j-core_hashes.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 4 columns, instead of 2. in line 7.
version,md5,sha1,sha256
log4j-core-2.0-beta9.jar,152ecb3ce094ac5bc9ea39d6122e2814,678861ba1b2e1fccb594bb0ca03114bb05da9695,dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d
log4j-core-2.0-rc1.jar,088df113ad249ab72bf19b7f00b863d5,4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb,db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a
log4j-core-2.0-rc2.jar,de8d01cc15fd0c74fea8bbb668e289f5,2e8d52acfc8c2bbbaa7baf9f3678826c354f5405,ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0
log4j-core-2.0.jar,cd70a1888ecdd311c1990e784867ce1e,7621fe28ce0122d96006bdb56c8e2cfb2a3afb92,85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c
log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d
log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d
log4j-core-2.1.jar,8d331544b2e7b20
@xanda
xanda / gist:63ea8a53ef99fd37d67048c8ca24af39
Last active May 27, 2020 01:42
o365 brute forcer
View gist:63ea8a53ef99fd37d67048c8ca24af39
1.196.144.102
110.88.28.139
112.245.145.208
112.47.5.25
115.197.162.93
115.216.79.109
115.216.79.36
123.180.138.121
123.180.138.125
123.180.138.46
@xanda
xanda / gist:f80de067b81106c4d3054e6298c4cdbf
Created January 24, 2019 08:11
Malvertizing + Shlayer
View gist:f80de067b81106c4d3054e6298c4cdbf
www2.savegreatinstallliteflash.icu
www2.newgreatinstallliteflash.icu
www2.smallgreatinstallliteflash.icu
www2.fixinstallgreatliteflash.icu
www2.betterinstallgreatliteflash.icu
www2.mixgreatinstallliteflash.icu
www2.getinstallgreatliteflash.icu
www2.makegreatinstallliteflash.icu
www2.moregreatinstallliteflash.icu
www2.mediainstallgreatliteflash.icu
@xanda
xanda / gist:abbed2d9bc28a417f00ede975faaa182
Created August 25, 2016 06:36
View gist:abbed2d9bc28a417f00ede975faaa182
view-source:http://sushi-king.com/v2/ compromised
redirect user ke TDS most likely kemudian akan di redirect ke exploit kit
At the moment dia redirect ke hxxp://blmfgsquv.ddnsking[.]com/wordpress/?bf7N&utm_source=le
dan historically turut redirect ke:
qchdxdevcf.ddnsking[.]com
ortjotbik.hopto[.]org
qjcaer.hopto[.]org
@xanda
xanda / gist:748a62c1c9ad60d8723df763c9bc1c0d
Created August 8, 2016 02:53
BINs for Malaysia
View gist:748a62c1c9ad60d8723df763c9bc1c0d
BIN,Country,Vendor,Type,Level,Bank
374588,MY,AMEX,CREDIT,CENTURION,
376251,MY,AMEX,CREDIT,,
376252,MY,AMEX,CREDIT,,
376253,MY,AMEX,CREDIT,,
376254,MY,AMEX,CREDIT,,
376255,MY,AMEX,CREDIT,,
376256,MY,AMEX,CREDIT,,
376257,MY,AMEX,CREDIT,,
376258,MY,AMEX,CREDIT,,
@xanda
xanda / dga_score.rb
Created July 25, 2014 04:27 — forked from jedisct1/dga_score.rb
View dga_score.rb
#! /usr/bin/env ruby
require 'awesome_print'
require 'msgpack'
require 'public_suffix'
require 'singleton'
class DGAScore
include Singleton
@xanda
xanda / g01exploit-dga.rb
Created March 14, 2013 06:38 — forked from jedisct1/g01exploit-dga.rb
View g01exploit-dga.rb
#! /usr/bin/env ruby
DOMAINS = %w(.doesntexist.com .dnsalias.com .dynalias.com)
DICT = %w(as un si speed no r in me da a o c try to n h call us why q
k old j g how ri i net t ko tu host on ad portal na order b ask l s d
po cat for m off own e f p le is)
DICT_LEN = DICT.length
@xanda
xanda / dgascore.rb
Created January 11, 2013 07:23 — forked from anonymous/dgascore.rb
View dgascore.rb
#! /usr/bin/env ruby
require 'awesome_print'
require 'msgpack'
class DGAScore
include Singleton
NS = (1..4)
NGRAMS_FILE = '/tmp/ngrams'