Check for Fibonacci Like Sequence (Python)

Takes 3 values, and calculates whether they appear to be part of a Fibonacci integer sequence (i.e. g(n + 2) = g(n) + g(n + 1))

We only check if the sequence is Fibonacci like, not that the values are part of the Fibonacci sequence (for example, they may instead be a series of Lucas Numbers)

Values should be passed to the function in the order that they were observed

Return value is a list with two entries

  • Boolean - are the numbers part of a sequence?
  • Mixed - If part of a sequence, is the sequence running ascending (asc) or descending (desc). If not part of a sequence this values will be False

Used as part of the solution to my May 2016 Puzzle

Read more…

Find Prime Numbers in Range (Javascript)

Will find and identify any prime numbers between the given start and end values. Primes are identified using a factorial.

Originally written as part of a solution for my May 2016 puzzle. The original solution was written in Python, this snippet is part of a (successful) attempt to rewrite that in javascript so that the solution can simply be dropped into the Developer Tools console to solve the puzzle in browser.

Read more…

Make ASCII Table (Python)

An adapted version of a similar stack-overflow answer.

The primary tweaks made are to ensure the columns actually take the width of values into account

Accepts two lists

  • columns - List of column names to print
  • data - list of dicts, with the keys in the dicts corresponding to the column names specified in columns

Any keys present in data which haven't been specified in columns are ignored

Read more…

Blocking Tor2Web (NGinx)

Tor2Web (and Web2Tor) are reverse proxies giving access to Tor Hidden Services (or oinions) via the public internet. The problem with this, is that they act as a trusted middleman, potentially putting unwitting user's privacy and security at risk

For sites that are multi-homed onto both the WWW and Tor Hidden Services, there's also the risk of a duplicate content penalty in search engine indexes (because Google will still index the Tor2Web sites).

Note that this implementation will only block those Tor2Web nodes that announce themselves, others won't trigger the block - in order to catch those, you need to run some javascript client side (see below) though client-side defences can easily be stripped

Read more…

Simple Buffer Overflow Example (C)

This is here primarily as a useful place to point to as an example

We're deliberately allowing the character buffer mybuff to overflow. When called from bash, anything after the 5th input character will end up being executed as a BASH command

Read more…

Finding Joomla Installs and Checking Version (BASH)

A small BASH script, suitable to be run as a cron job, to find Joomla installs and get the version from version.php. Can be piped into mail to generate an alert if needed

You can override the default variables by setting them within the environment. Available variables are

  • PHP - The PHP binary to call (default php5-cli)
  • VERSION_FILE - The Joomla version file to look for (default version.php)
  • WEBDIR - The directory to search within (default /home)
  • DEBUG - Enables debug mode (default n)
WEBDIR="/var/www/html"
export WEBDIR
./check_joomla_versions.sh

Read more…

Simple Reverse Shell (BASH)

The below is an example of a simple reverse shell to a C&C server (which we assume is myserver.com)

On the C&C server you simply need something listening on the relevant port:

nc -l 4444

Back when Shellshock was at it's highest levels, you could simply inject this into a HTTP header to have the server connect back to you

Read more…

Password Generator (BASH)

A password generator in BASH. It uses /dev/urandom to help generate a random alphanumeric password

By default it will generate a 16 character password with special characters, but accepts various options to control what the password is comprised of

gen_passwd [Length] [nc (No special chars) | lc (lower case no specials) | pin (numeric only) | mixed (default)

Based upon the encryption key generator in my backup encryption scripts

Read more…