Image: https://nahamsec.net/Nahamsec_CTF_Giveaway.jpg
No usefull metadata:
date:create: 2020-01-12T11:09:18+00:00
date:modify: 2020-01-07T00:53:58+00:00
Domain nahamsec.net
Techbrunch
/ naham-ctf.md
Last active
March 30, 2020 09:16
https://www.nahamsec.com/posts/shall-we-play-a-game
Techbrunch
/ favicon-shodan.rb
Created
December 2, 2019 15:22
Calculate Murmur3 hash of a favicon to be used in Shodan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Initial code by Matt Harzewski | |
| # https://gist.github.com/mattvh/6692349 | |
| # Read more: http://www.webmaster-source.com/2013/09/25/finding-a-websites-favicon-with-ruby/ | |
| # https://github.com/hajimes/mmh3 | |
| require "httparty" | |
| require "nokogiri" | |
| require "base64" | |
| require "murmurhash3" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 18f.gov | |
| acorns.com | |
| airbnb.com | |
| airtable.com | |
| algolia.com | |
| alienvault.com | |
| amazonaws.com | |
| ambo.io | |
| amitree.com | |
| appspot.com |
Techbrunch
/ app_proxy.rb
Created
June 27, 2019 08:59
— forked from RaVbaker/app_proxy.rb
Simple HTTP app Proxy using sinatra
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ENDPOINT="host.com" ruby app_proxy.rb | |
| # curl -i localhost:4567/capture # => "<TIMEOUT>" or regular response every 2 calls | |
| require 'sinatra' | |
| require 'net/http' | |
| $request_settings = { host: ENV["ENDPOINT"] } | |
| $headers = { "Content-Type" => "application/json" } | |
| $counter = 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'sinatra' | |
| require 'openssl' | |
| require 'base64' | |
| require 'httparty' | |
| require 'json' | |
| require 'sinatra/custom_logger' | |
| require 'logger' | |
| require 'active_support/all' | |
| set :logger, Logger.new(STDOUT) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'httparty' | |
| require 'colorize' | |
| File.readlines(ARGV[0]).each do |ip| | |
| ip.strip! | |
| begin | |
| print "ip: #{ip} - " | |
| response = HTTParty.get("http://#{ip}/plugins/servlet/oauth/users/icon-uri?consumerUri=http://remote", | |
| {timeout: 5, verify: false, headers: { "User-Agent" => "POC" }}) | |
| if response.code != 200 && response.code != 404 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'chunky_png' | |
| i = ChunkyPNG::Image.from_file(ARGV[0]) | |
| p = ChunkyPNG::Canvas.from_io(StringIO.new(i.to_blob)) | |
| p.crop(452,1600,61,63).save('test.png') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| arr = [238,140,120,0,112,154,194,172,72,32,24,240,160,232,26,52] | |
| def decode(pos = 0, array) | |
| array.map { |x| | |
| pos = (256 + pos - x) % 256 | |
| pos.to_s(2) | |
| .rjust(8, '0') | |
| .reverse | |
| .to_i(2) | |
| .chr | |
| }.join |
Techbrunch
/ gist:d2e1a0539be4a561d9d6a62a31a04027
Created
February 9, 2017 13:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am techbrunch on github. | |
| * I am techbrunch (https://keybase.io/techbrunch) on keybase. | |
| * I have a public key ASDcuKPV4Qvr8MkodHAlIjpCzi3vd6kZhspB_K5IgZTjrwo | |
| To claim this, I am signing this object: |
Techbrunch
/ s3_downloader.py
Created
January 3, 2017 17:14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import boto3 | |
| prefix = "" | |
| bucket = "" | |
| client = boto3.client('s3') | |
| paginator = client.get_paginator('list_objects') | |
| operation_parameters = {'Bucket': bucket, | |
| 'Prefix': prefix} | |
| page_iterator = paginator.paginate(**operation_parameters) |