uname -a ; pwd ; ip a s ; w ; who ; pinky ; lspci ; cat /proc/cpuinfo ; ss -ltp | cat ; pstree -p ; ls /var/cache/apt/archives/ -rthl | tail
lol no.
ls -rtlh --time-style="+%Y"
total 23M
-rw-r--r-- 1 username username 15M 2016 catacombes.jpg
-rw-r--r-- 1 username username 473K 2016 vim.7z
-rw-r--r-- 1 username username 17K 2016 favicon.ico
-rw-r--r-- 1 username username 5.0M 2016 unicode.txt
-r--r--r-- 1 username username 2.2K 2016 ca.pem
-rw-r--r-- 1 username username 1.6K 2016 ca.cer
-rw-r--r-- 1 username username 2016 unicode.php
-rw-r--r-- 1 username username 2016 blog.php
drwxrwx--x 2 username username 4.0K 2016 pixels
-rw-r--r-- 1 username username 35 2016 robots.txt
-rw-r--r-- 1 username username 35K 2016 escape.html
drwxr-xr-x 2 username username 4.0K 2016 blog
-rw-r--r-- 1 username username 5.9K 2016 hyperlinks.html
-rw-r--r-- 1 username username 2016 y.php
-rw-r--r-- 1 username username 2016 x.php
drwxr-xr-x 3 username username 4.0K 2016 upload
-rw-r--r-- 1 username username 2017 http.php
drwxr-xr-x 53 username username 4.0K 2017 projects
drwxr-xr-x 2 username username 4.0K 2017 thsfxx
-rw-r--r-- 1 username username 17K 2017 oneliners.txt
-rw-r--r-- 1 username username 5.7K 2017 runtimes.html
drwxr-xr-x 3 username username 4.0K 2017 pocorgtfo
-rw-r--r-- 1 username username 7.5K 2017 index.html
show stuff
1. HTML-ES experiments :
escape.html browser escape HTML page
player.html standalone XHR auto-indexing audio player
webcam.html standalone webcam mirror
4-nibbles standalone unicode data packing
4-nibbles unicode data packing
5-nibbles unicode data packing
homograph.html unicode homograph creation
reader.html standalone live IRC log viewer (XHR + ii)
2. Things I want to do some day :
Learn the IRC protocol and perform a security benchmark of IRC servers
Script the extraction of configuration decryption keys from known malwares
Redact some binary exploitation documentation
runtimes.html
Write a HTTP server lol
3. Protips :
oneliners.txt
4. HTTP-related stuff :
/upload/ upload web page
full.txt 10 random unicode characters
http.php http data, User-Agent collection, etc
x.php informations of a HTTP request
y.php?data=x text/plain $_GET['data']
ca.pem HTTPS CA
5. HTML Hyperlinks :
http://sandwichpuissant.net/
http://www.isalline.fr/
http://mylittlepony.hasbro.com/en-us/ponies/rarity
hyperlinks.html : more hyperlinks.
/pocorgtfo/ : a neighbourly mirror of sympathetic byte arrays
6. Things I am waiting for :
TLS client certificate authentication : automated, scalable, native
7. Binary experiments
brokenthorn.com / OSDevIndex.html
doc.html (404) debian virtual interfaces and vms management scripts
Reversing experiments around Symantec Whole Disk Encryption solution. (WIP 20170319) (TODO URGENTLY FOR THE THSF LOL)
8. Twitter accounts :
https://twitter.com/582a1cb9
https://twitter.com/a804046a
9. Old productions, will be added to the index one day
blog.php
blog-A some old blog entries from 2013
blog-B some old blog entries from 2014
10. Very old code which comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law
/projects/
11. Abandoned ideas
Write hashcat module for WEP40/104
Learn the fax protocol (T.38?) and fuzz devices. Who wouldn't want a RCE over PSTN ?
ngx_http_autoindex_module.c where an integer underflow caused by timestamp 0 and timezones could cause sprintf to write more than 4 bytes of year in the page. Processes have segfaulted
Some program identifying the GPS coordinates from a picture containing a line of sight with mountains / skylines
Low latency screen sharing on LAN
A lot of powershell one-liners. This language is not fun
A PoC highlighting the two-way nature of TCP in order to prove that firewalling inbound/outbound traffic has no incidence on pwnage spreading
De-pixelating pictures posted on twitter by anonymous accounts