joshterrill’s gists

joshterrill / index.js

Created September 17, 2018 06:50

a simple Express/NodeJS REST API for verifying medical marijuana patients using the Greenlife verification system.

	const express = require('express');
	const request = require('request');
	const app = express();
	const port = process.env.PORT \|\| 3000;

	app.get('/:patientId', (req, res) => {
	const options = { method: 'GET',
	url: 'https://verify.greenlifemedical.com/recommendations',
	qs: { utf8: '%E2%9C%93', rec_id: req.params.patientId }
	};

joshterrill / Fast.ai install script

Created October 19, 2018 17:51 — forked from gilrosenthal/Fast.ai install script

Fast.ai Install on Google Colab

	!pip install fastai
	!apt-get -qq install -y libsm6 libxext6 && pip install -q -U opencv-python
	import cv2
	from os import path
	from wheel.pep425tags import get_abbr_impl, get_impl_ver, get_abi_tag
	platform = '{}{}-{}'.format(get_abbr_impl(), get_impl_ver(), get_abi_tag())

	accelerator = 'cu80' if path.exists('/opt/bin/nvidia-smi') else 'cpu'

	!pip install -q http://download.pytorch.org/whl/{accelerator}/torch-0.3.0.post4-{platform}-linux_x86_64.whl torchvision

joshterrill / data.csv

Created July 19, 2022 18:19

a list of all USA zip codes with corresponding cities, latitude, and longitudes

We can't make this file beautiful and searchable because it's too large.

	ZIP,CITY,LAT,LNG
	601,ADJUNTAS,18.180555,-66.749961
	602,AGUADA,18.361945,-67.175597
	603,AGUADILLA,18.455183,-67.119887
	606,MARICAO,18.158345,-66.932911
	610,ANASCO,18.295366,-67.125135
	612,ARECIBO,18.402253,-66.711397
	616,BAJADERO,18.420412,-66.671979
	617,BARCELONETA,18.445147,-66.559696
	622,BOQUERON,17.991245,-67.153993

joshterrill / #Wordpress December 2022 Malware Infected Files

Last active January 17, 2023 05:28

These are sample files from malware that infected PHP Wordpress sites in December 2022. Full writeup can be found here: https://hacked.codes/2022/december-2022-php-wordpress-malware-analysis/ and a full reverse engineering of all infected files can be found here: https://github.com/joshterrill/wordpress-malware-december-2022

These are sample files from malware that infected PHP Wordpress sites in December 2022. A full writeup can be found here: https://hacked.codes/2022/december-2022-php-wordpress-malware-analysis/ and a full reverse engineering of all infected files can be found here: https://github.com/joshterrill/wordpress-malware-december-2022

joshterrill / entropy.sh

Created December 28, 2022 07:37

A shell script that checks files for entropy then orders files by highest entropy and saves the paths to a file called `entropy.txt`

	echo "Getting entropy readings from all .php files"
	rm -rf entropy.txt entropy.tmp.txt
	for entry in $(find . -type f -name "*.php" -maxdepth 4); do
	entropy=$(ent $entry \| sed -n 's/.Serial correlation coefficient is //p' \| sed "s/ .//")
	echo "$entry $entropy" >> entropy.tmp.txt
	done
	sort -k2 -n entropy.tmp.txt > entropy.txt
	rm -rf entropy.tmp.txt
	echo "Entropy readings saved to entropy.txt"

joshterrill / #Wordpress December 2022 Malware Reverse Engineered Files

Last active November 24, 2023 08:44

These are sample files from malware that has been reverse engineered from previously infected PHP Wordpress sites in December 2022. A full writeup can be found here: https://hacked.codes/2022/december-2022-php-wordpress-malware-analysis/ and a full reverse engineering of all infected files can be found here: https://github.com/joshterrill/wordpr…

These are sample files from malware that has been reverse engineered from previously infected PHP Wordpress sites in December 2022. A full writeup can be found here: https://hacked.codes/2022/december-2022-php-wordpress-malware-analysis/ and a full reverse engineering of all infected files can be found here: https://github.com/joshterrill/wordpress-malware-december-2022

joshterrill / foscam-serial-startup.txt

Last active January 4, 2023 09:00




	UU LLL
	JJJ TTTTTTT AAAAA GGGGGGGGGGG UUUU LLL AAAAA TTTTTTTT OOOOOOO RRRRRRRRR
	JJJJ TTTTTTT AAAAAA GGGGGGG UUUU LLL AAAAAA TTTTTTTT OOOOOOO RRRRRRRR
	JJJJ TTTT AAAAAAA GGG UUU UUUU LLL AAA AAA TTT OOOO OOO RRR RRR
	JJJJ TTTT AAA AAA GGG GGG UUUU UUUU LLL AAA AAA TTT OOO OOO RRRRRRR
	JJJJ TTTT AAA AA GGGGGGGGG UUUUUUUU LLLLLLLL AAAA TTT OOOOOOOOO RRR RRR
	JJJ TTTT AAA AA GGGGGGGGG UUUUUUUU LLLLLLLLL AAA TTT OOOOOOOOO RRR RRR

joshterrill / reformstring.py

Created January 17, 2023 03:03

a python script that decrypts foscam firmware encryption given args found in FirmwareUpgrade (see post for more details: https://hacked.codes/2023/extracting-firmware-reverse-engineering-encryption-keys-foscam/

	"""
	Psuedo C code from Ghidra:
	ReformString(char, char const, unsigned int, ...)

	char * ReformString(char param_1,char param_2,uint param_3,...) {
	char *pcVar1;
	int in_r3;
	uint uVar2;
	int local_4;

joshterrill / domain-verification.js

Last active May 9, 2023 01:01

supporting files for blog post on https://hacked.codes called Introduction to finding malware in the wild

	const axios = require('axios');
	const fs = require('fs');

	const args = process.argv;

	if (args.length < 3) {
	throw new Error('Please provide a file to read from i.e.: node domain-verification.js lastpass-domains.txt');
	}

	(async () => {

joshterrill / wordpress-malware-removal.sh

Created January 24, 2024 16:31

wordpress malware removal scripts from https://hacked.codes/2022/december-2022-php-wordpress-malware-analysis/

	echo "Renaming all plugins to temporarily disable them"
	for d in ./wp-content/plugins/*; do
	if [ -d "$d" ]; then
	mv -- "$d" "${d}_bak"
	fi
	done

	echo "Removing radio.php and fox.php malware files"
	find . -type f -name "radio.php" -delete
	find . -type f -name "fox.php" -delete

Josh Terrill joshterrill