Pinned toot

This is a really simple privilege escalation tool I made for MacOS and Linux a year or two ago. It's simple - it effectively replaces sudo with a fake and waits for the user to type the correct sudo password and then BAM! You're root. Do whatever you want. Ask me if you need help setting up. For pentesting and education only, please.

github.com/mgrube/privkit/

Pinned toot

I found a remote code execution bug in the command and control server for . The poisonfrog C2 server has a directory traveral bug when you upload files, so you can overwrite the C2 server code or drop a webshell in and do whatever you want.

This regex:
github.com/misterch0c/APT34/bl

Accepts unicode characters. Example: alert("\u002E\u002E\u2215index.js".replace(/^.*[\\\/]/, ''));

I shared my sudo password stealer, but how often does a normal Mac user type sudo, anyway?

Emulate a MacOS Lock Screen to get creds

github.com/BlacksunLabs/LockSc

Psssst! Hey! Hey kid! Wanna learn how to code self-replicating programs?

telepath.cc/vxheaven/

Working on my first blog post. In the meantime, I thought this was cool.

Use git to maintain an encrypted anonymous code repository on Freenet.

github.com/SeekingFor/gitocaly

To use, first you must install hg-infocalypse:
github.com/freenet/wiki/wiki/I

Blog server online. Now to populate it with something...

In 2016 I developed an algorithm that allows a massive swarm of computers organize without any central coordination. I tried to make people interested, but nobody seemed interested. So I told myself I would write malware because that is the world where my work would be best received. I've learned a lot since then, but I'm still no closer to making the network I had dreamed of.

Today I am reorienting myself to focus on my decentralized network work. I hope to have a functional POC in two months.

Getting rid of the distractions in your life is really refreshing and empowering. I highly recommend taking account of all of your goals and projects and killing off the hopeless ones if you haven't done so in a while.

This is a really simple privilege escalation tool I made for MacOS and Linux a year or two ago. It's simple - it effectively replaces sudo with a fake and waits for the user to type the correct sudo password and then BAM! You're root. Do whatever you want. Ask me if you need help setting up. For pentesting and education only, please.

github.com/mgrube/privkit/

Mentally exhausted. Taking on too many projects has a price.

Feeling a bit demoralized watching my local hackerspace fall apart and not getting anything specific work of my own completed.

I need to focus, but first I need rest.

I'll release a really simple toy that a lot of people have already seen today - a sudo password stealer. Then I will just chill out for a while.

I found a remote code execution bug in the command and control server for . The poisonfrog C2 server has a directory traveral bug when you upload files, so you can overwrite the C2 server code or drop a webshell in and do whatever you want.

This regex:
github.com/misterch0c/APT34/bl

Accepts unicode characters. Example: alert("\u002E\u002E\u2215index.js".replace(/^.*[\\\/]/, ''));

Getting ready to spend the next few days bug hunting and writing a really annoying persistence kit for Linux and MacOS. Who says you need an 0day for a rootkit? Gonna be a good weekend.

I'm sorry if anybody following me already saw my post about it before I started using Mastodon, but I am building an anonymous platform that be used to develop, discuss and share software(for free and in a market)

github.com/mgrube/Phage

A lot of people spend time thinking about code vulnerabilities, yet vulnerable software configs are a much bigger threat than exploitable bugs ever will be.

Idea to implement fast file transfer and streaming on Freenet: If data present in slashdot cache, create f2f tunnel, transfer data through tunnel and store in recipient's Slashdot cache. Make data available for other tunnels, repeat. Could be accomplished with I2P tunnels.

VirtualBox 6.0 seems more responsive and has a nicer UI. Seems like a good release.

Samples of malware from the state-sponsored PLATINUM threat group can be found on Freenet at the URI below. http://127.0.0.1:8888/SSK@NVb~bw2jfwj7EM2q5zFScV8LAy~KJrpMFvlDm3u3fkA,7hRZWn2VyAVuuHb12i94Ya-nuucMPBOUW2271y6ou4Y,AQACAAE/platnium_group.zip

The malware is for Windows and the zip file password is infected.

For more information about this very sophisticated group, please see:
fireeye.com/content/dam/fireey

Wishing I could stay home and watch John Wick while I drink coldbrew and code my silly ideas.

The Snark boosted

I knew it was bad, but hadn't seen a map yet about it.

European countries requiring registration of prepaid SIM cards : europe - reddit.com/r/europe/comments/9

#privacy

Here are 4 samples of ATM cash dispensing malware. These URIs only work if you have Freenet installed pastebin.com/raw/NVqe9rmY

I keep an archive of malware source and samples on Freenet. You can see the latest version of the archive by opening freenet and navigating to USK@ZvRB0dQhwktJc~f7a3YrWqedUE1c4PVZ3NEshNhcp3Q,pcfG4Xlw5mwTYQDbgC9api1jZEiXIfnKOFUk5Gv1VSA,AQACAAE/vxarchive/26

Show more
Hispagatos Mastodone Server

Hispagatos - Anarcho hacker collective a(A)a