Note
Hi, everyone. I've been putting in a lot of work on this over the last few weeks months (sob) and i'm currently underemployed! If you'd like to hire me to do CMS-based work (i focus on Craft and ExpressionEngine but i do some WordPress work as well), please reach out! Alternatively, if you'd like to chip in toward bills & groceries, that's a big help right now!
| XZ Backdoor symbol deobfuscation. Updated as i make progress |
| 0810 b' from ' | |
| 0678 b' ssh2' | |
| 00d8 b'%.48s:%.48s():%d (pid=%ld)\x00' | |
| 0708 b'%s' | |
| 0108 b'/usr/sbin/sshd\x00' | |
| 0870 b'Accepted password for ' | |
| 01a0 b'Accepted publickey for ' | |
| 0c40 b'BN_bin2bn\x00' | |
| 06d0 b'BN_bn2bin\x00' | |
| 0958 b'BN_dup\x00' |
| #!/bin/bash | |
| # Remove existing "nameserver" lines from /etc/resolv.conf | |
| sed -i '/nameserver/d' /etc/resolv.conf | |
| # Run the PowerShell command to generate "nameserver" lines and append to /etc/resolv.conf | |
| # we use full path here to support boot command with root user | |
| /mnt/c/Windows/System32/WindowsPowerShell/v1.0/powershell.exe -Command '(Get-DnsClientServerAddress -AddressFamily IPv4).ServerAddresses | ForEach-Object { "nameserver $_" }' | tr -d '\r'| tee -a /etc/resolv.conf > /dev/null |
| #!/usr/bin/env python | |
| import re | |
| import sys, os | |
| sys.path.append('/usr/lib/python3/dist-packages') | |
| import apt | |
| import apt_pkg | |
| import argparse | |
| def urljoin(*args): |
On October 2nd 2020, CVE-2020-15808 was publicly announced, detailing an out-of-bounds memory read/write vulnerability in STM's microcontroller firmware. Any chip containing STM's USB CDC driver library contains the bugged code, which represents a large amount of products on the market. While bugged STM libraries may be bad enough, this problem is much more widespread. Several companies manufacture "clones" of STM chips which, due to mostly identical MMIO (Memory Mapped Input/Output) addresses, fully support the affected STM vendor code. Most clone manufacturers don't offer their own libraries, so developers must either write their own from scratch, or they can use the STM's existing libraries, and most clone manufacturers encourage this.
Armed with this information, I became interested in exploiting and dumping the flash on the "Team Xecuter" SX Core modchip for the Nintendo Switch. The MCU used on the ch
Full documentation: https://ffmpeg.org/ffmpeg.html
ffmpeg -i input.mkv
track indexes are zero-based.
| More recent resolution: | |
| 1. cd ~/../../etc (go to etc folder in WSL). | |
| 2. echo "[network]" | sudo tee wsl.conf (Create wsl.conf file and add the first line). | |
| 3. echo "generateResolvConf = false" | sudo tee -a wsl.conf (Append wsl.conf the next line). | |
| 4. wsl --terminate Debian (Terminate WSL in Windows cmd, in case is Ubuntu not Debian). | |
| 5. cd ~/../../etc (go to etc folder in WSL). | |
| 6. sudo rm -Rf resolv.conf (Delete the resolv.conf file). | |
| 7. In windows cmd, ps or terminal with the vpn connected do: Get-NetIPInterface or ipconfig /all for get the dns primary and | |
| secondary. |
| # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/ | |
| # generate server.pem with the following command: | |
| # openssl req -new -x509 -keyout key.pem -out server.pem -days 365 -nodes | |
| # run as follows: | |
| # python simple-https-server.py | |
| # then in your browser, visit: | |
| # https://localhost:4443 | |
| import http.server |