Skip to content

Instantly share code, notes, and snippets.

@xanda
xanda / Vulnerable_JndiLookup_class_hashes.csv
Created Dec 14, 2021
List of vulnerable JndiLookup.class hashes for the affected version of Log4j. You may use them to crawl your file system, or to add them to your antivirus custom indicator, for inventory purposes (audit mode) or to apply mitigation (deletion)
View Vulnerable_JndiLookup_class_hashes.csv
JndiLookup.class for Lib4J version md5sum sha1sum sha256sum
2.0-beta9 662118846c452c4973eca1057859ad61 9799470c2cca80f047f6b0d1588dacae9aae26fc 39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc1 662118846c452c4973eca1057859ad61 9799470c2cca80f047f6b0d1588dacae9aae26fc 39a495034d37c7934b64a9aa686ea06b61df21aa222044cc50a47d6903ba1ca8
2.0-rc2 1daf21d95a208cfce994704824f46fae ec9326bae452f2d2e8a4852b24799d6458d11d46 a03e538ed25eff6c4fe48aabc5514e5ee687542f29f2206256840e74ed59bcd2
2 62c82ad7c1ec273a683de928c93abbe9 e605ca8be62f8f26c43d906f392090231e96edfd fd6c63c11f7a6b52eff04be1de3477c9ddbbc925022f7216320e6db93f1b7d29
2.0.1 2365c12b4a7c5fa5d7903dd90ca9e463 040c7583735f58988635563b0b6c0f009d5ae5c0 964fa0bf8c045097247fa0c973e0c167df08720409fd9e44546e0ceda3925f3e
2.0.2 5c727238e74ffac28315c36df27ef7cc 7d403e7e7208e4d9ebaf2b32ddc90a04170580c5 9626798cce6abd0f2ffef89f1a3d0092a60d34a837a02bbe571dbe00236a2c8c
2.1 8ededbb1646c1a4dd6cdb93d9a01f43c 1b0283f98e00f04be9b8cf655f881e767c8bb386 a768e5383990
@xanda
xanda / vulnerable_log4j-core_hashes.csv
Last active Dec 14, 2021
List of hashes for the vulnerable log4j-core JAR files. You may use them as inventory purposes or to delete JndiLookup.class from the JAR
View vulnerable_log4j-core_hashes.csv
We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 4 columns, instead of 2. in line 7.
version,md5,sha1,sha256
log4j-core-2.0-beta9.jar,152ecb3ce094ac5bc9ea39d6122e2814,678861ba1b2e1fccb594bb0ca03114bb05da9695,dcde6033b205433d6e9855c93740f798951fa3a3f252035a768d9f356fde806d
log4j-core-2.0-rc1.jar,088df113ad249ab72bf19b7f00b863d5,4363cdf913a584fe8fa72cf4c0eaae181ef7d1eb,db3906edad6009d1886ec1e2a198249b6d99820a3575f8ec80c6ce57f08d521a
log4j-core-2.0-rc2.jar,de8d01cc15fd0c74fea8bbb668e289f5,2e8d52acfc8c2bbbaa7baf9f3678826c354f5405,ec411a34fee49692f196e4dc0a905b25d0667825904862fdba153df5e53183e0
log4j-core-2.0.jar,cd70a1888ecdd311c1990e784867ce1e,7621fe28ce0122d96006bdb56c8e2cfb2a3afb92,85338f694c844c8b66d8a1b981bcf38627f95579209b2662182a009d849e1a4c
log4j-core-2.0.1.jar,fbfa5f33ab4b29a6fdd52473ee7b834d,895130076efaf6dcafb741ed7e97f2d346903708,a00a54e3fb8cb83fab38f8714f240ecc13ab9c492584aa571aec5fc71b48732d
log4j-core-2.0.2.jar,8c0cf3eb047154a4f8e16daf5a209319,13521c5364501478e28c77a7f86b90b6ed5dbb77,c584d1000591efa391386264e0d43ec35f4dbb146cad9390f73358d9c84ee78d
log4j-core-2.1.jar,8d331544b2e7b20
View gist:63ea8a53ef99fd37d67048c8ca24af39
1.196.144.102
110.88.28.139
112.245.145.208
112.47.5.25
115.197.162.93
115.216.79.109
115.216.79.36
123.180.138.121
123.180.138.125
123.180.138.46
View gist:f80de067b81106c4d3054e6298c4cdbf
www2.savegreatinstallliteflash.icu
www2.newgreatinstallliteflash.icu
www2.smallgreatinstallliteflash.icu
www2.fixinstallgreatliteflash.icu
www2.betterinstallgreatliteflash.icu
www2.mixgreatinstallliteflash.icu
www2.getinstallgreatliteflash.icu
www2.makegreatinstallliteflash.icu
www2.moregreatinstallliteflash.icu
www2.mediainstallgreatliteflash.icu
View gist:abbed2d9bc28a417f00ede975faaa182
view-source:http://sushi-king.com/v2/ compromised
redirect user ke TDS most likely kemudian akan di redirect ke exploit kit
At the moment dia redirect ke hxxp://blmfgsquv.ddnsking[.]com/wordpress/?bf7N&utm_source=le
dan historically turut redirect ke:
qchdxdevcf.ddnsking[.]com
ortjotbik.hopto[.]org
qjcaer.hopto[.]org
View gist:748a62c1c9ad60d8723df763c9bc1c0d
BIN,Country,Vendor,Type,Level,Bank
374588,MY,AMEX,CREDIT,CENTURION,
376251,MY,AMEX,CREDIT,,
376252,MY,AMEX,CREDIT,,
376253,MY,AMEX,CREDIT,,
376254,MY,AMEX,CREDIT,,
376255,MY,AMEX,CREDIT,,
376256,MY,AMEX,CREDIT,,
376257,MY,AMEX,CREDIT,,
376258,MY,AMEX,CREDIT,,
View dga_score.rb
#! /usr/bin/env ruby
require 'awesome_print'
require 'msgpack'
require 'public_suffix'
require 'singleton'
class DGAScore
include Singleton
View g01exploit-dga.rb
#! /usr/bin/env ruby
DOMAINS = %w(.doesntexist.com .dnsalias.com .dynalias.com)
DICT = %w(as un si speed no r in me da a o c try to n h call us why q
k old j g how ri i net t ko tu host on ad portal na order b ask l s d
po cat for m off own e f p le is)
DICT_LEN = DICT.length
View dgascore.rb
#! /usr/bin/env ruby
require 'awesome_print'
require 'msgpack'
class DGAScore
include Singleton
NS = (1..4)
NGRAMS_FILE = '/tmp/ngrams'