Eddie Carswell AfroThundr3007730

## cve-2014-6287.py
#!/usr/bin/env python

# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
# Google Dork: intext:"httpfileserver 2.3"
# Date: 04-01-2016
# Remote: Yes
# Exploit Author: Avinash Kumar Thapa aka "-Acid"
# Vendor Homepage: http://rejetto.com/
# Software Link: http://sourceforge.net/projects/hfs/
# Version: 2.3.x

## ms14_058.py
#!/usr/bin/env python

# Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)
# CVE-2014-4113 Privilege Escalation
# http://www.offensive-security.com
# Thx to Moritz Jodeit for the beautiful writeup
# http://www.exploit-db.com/docs/35152.pdf
# Target OS Windows 8.0 - 8.1 x64
# Author: Matteo Memelli ryujin <at> offensive-security.com

## cve-2006-2184.py
#!/usr/bin/env python

import sys
import struct
import socket as so

print '#######################################################################'
print '#  CVE-2006-2184 - Allied Telesyn TFTP v1.9 Long Filename Overflow    #'
print '#  This is a modified version of Re4son\'s code                        #'
print '#    (https://github.com/Re4son/AT-TFTP_Long_Filename)                #'

## 00-genieacs.md

      
              13 files
            
          
              8 forks
            
          
              5 comments
            
          
              11 stars
            
          
                AfroThundr3007730
                / 00-genieacs.md
            
            
              Last active
              March 4, 2024 22:40
            
              
                My notes on setting up and configuring GenieACS.
              
          
    Config files to get GenieACS up and running on Debian Testing, complete with GUI, Nginx SSL proxy, and systemd services.
Following the documentation here for dependencies, here for initial setup, then the wiki here for Nginx and SSL, should get you most of the way there. After that, I had a lot of googling to do, the results of which you can find below.


Filename
Description


01-install.sh
The installation instructions and commands.


02-config.json
The genieacs services configuration.


03-openssl.cnf
The openssl certificate configuration.


04-.env
The environmental variables for genieacs-gui.


## cve-2010-4221.py
#!/usr/bin/env python
#
###################################################################################################
#                                                  #                                              #
#  Vulnerability: ProFTPD IAC Remote Root Exploit  #  Telnet IAC Buffer Overflow (Linux)          #
#                                                  #  ProFTPD 1.3.2rc3                            #
#  Vulnerable Application: ProFTPD 1.3.3a          #  This is a part of the Metasploit Module,    #
#  Tested on Linux 2.6.32-5-686                    #  exploit/linux/ftp/proftp_telnet_iac         #
#                                                  #                                              #
#  Author: Muhammad Haidari                        #  Spawns a reverse shell to 10.11.0.95:443    #

## StatusCodes.php
<?php

/**
 * StatusCodes provides named constants for
 * HTTP protocol status codes. Written for the
 * Recess Framework (http://www.recessframework.com/)
 *
 * @author Kris Jordan
 * @license MIT
 * @package recess.http

## AuthyToOtherAuthenticator.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                AfroThundr3007730
                / AuthyToOtherAuthenticator.md
            
            
              Last active
              May 23, 2018 03:17
                — forked from Ingramz/AuthyToOtherAuthenticator.md
            
              
                Extract Authy secrets using console. Updated with modifications from comments on the original.
              
          
    Generating Authy passwords on other authenticators

There is an increasing count of applications which use Authy for two-factor authentication. However many users who aren't using Authy, have their own authenticator setup up already and do not wish to use two applications for generating passwords.
Since I use 1Password for all of my password storing/generating needs, I was looking for a solution to use Authy passwords on that. I couldn't find any completely working solutions, however I stumbled upon a gist by Brian Hartvigsen. His post had a neat code with it to generate QR codes (beware, through Google) for you to use on your favorite authenticator.
His method is to extract the secret keys using Authy's Google Chrome app via Developer Tools. If this was not possible, I guess people would be reverse engineering the Android app or something like that. But when I tried that code, nothing appeared on the screen. My guess is that

  
## args.sh
#!/bin/sh
printf "%d args:" $#
printf " <%s>" "$@"
echo

## sysprep_linux.sh
#!/bin/bash
# Does the equivalent of sysprep for linux boxes to prepare them for cloning.
# Based on https://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
# For issues or updated versions of this script, browse to the following URL:
# https://gist.github.com/AfroThundr3007730/ff5229c5b1f9a018091b14ceac95aa55
# SPDX-License-Identifier: GPL-3.0-or-later

AUTHOR='AfroThundr'
BASENAME="${0##*/}"
MODIFIED='20240409'

## centos_hardening.sh
#!/bin/bash
# If you selected the STIG config during install, some of these will be configured already.
# All of these are mentioned in the STIG, but some of them must be done manually.

# FIPS all the things.
yum install -y dracut-fips
# Regenerate ramdisk (current kernel)
dracut -f "/boot/initramfs-$(uname -r).img" "$(uname -r)"
# Append 'fips=1' to GRUB_CMDLINE_LINUX
grep 'fips=1' /proc/cmdline ||
	#!/usr/bin/env python

	# Exploit Title: HttpFileServer 2.3.x Remote Command Execution
	# Google Dork: intext:"httpfileserver 2.3"
	# Date: 04-01-2016
	# Remote: Yes
	# Exploit Author: Avinash Kumar Thapa aka "-Acid"
	# Vendor Homepage: http://rejetto.com/
	# Software Link: http://sourceforge.net/projects/hfs/
	# Version: 2.3.x
	#!/usr/bin/env python

	# Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058)
	# CVE-2014-4113 Privilege Escalation
	# http://www.offensive-security.com
	# Thx to Moritz Jodeit for the beautiful writeup
	# http://www.exploit-db.com/docs/35152.pdf
	# Target OS Windows 8.0 - 8.1 x64
	# Author: Matteo Memelli ryujin <at> offensive-security.com
	#!/usr/bin/env python

	import sys
	import struct
	import socket as so

	print '#######################################################################'
	print '# CVE-2006-2184 - Allied Telesyn TFTP v1.9 Long Filename Overflow #'
	print '# This is a modified version of Re4son\'s code #'
	print '# (https://github.com/Re4son/AT-TFTP_Long_Filename) #'
Filename	Description
`01-install.sh`	The installation instructions and commands.
`02-config.json`	The genieacs services configuration.
`03-openssl.cnf`	The openssl certificate configuration.
`04-.env`	The environmental variables for `genieacs-gui`.
	#!/usr/bin/env python
	#
	###################################################################################################
	# # #
	# Vulnerability: ProFTPD IAC Remote Root Exploit # Telnet IAC Buffer Overflow (Linux) #
	# # ProFTPD 1.3.2rc3 #
	# Vulnerable Application: ProFTPD 1.3.3a # This is a part of the Metasploit Module, #
	# Tested on Linux 2.6.32-5-686 # exploit/linux/ftp/proftp_telnet_iac #
	# # #
	# Author: Muhammad Haidari # Spawns a reverse shell to 10.11.0.95:443 #
	<?php

	/**
	* StatusCodes provides named constants for
	* HTTP protocol status codes. Written for the
	* Recess Framework (http://www.recessframework.com/)
	*
	* @author Kris Jordan
	* @license MIT
	* @package recess.http
	#!/bin/bash
	# Does the equivalent of sysprep for linux boxes to prepare them for cloning.
	# Based on https://lonesysadmin.net/2013/03/26/preparing-linux-template-vms/
	# For issues or updated versions of this script, browse to the following URL:
	# https://gist.github.com/AfroThundr3007730/ff5229c5b1f9a018091b14ceac95aa55
	# SPDX-License-Identifier: GPL-3.0-or-later

	AUTHOR='AfroThundr'
	BASENAME="${0##*/}"
	MODIFIED='20240409'
	#!/bin/bash
	# If you selected the STIG config during install, some of these will be configured already.
	# All of these are mentioned in the STIG, but some of them must be done manually.

	# FIPS all the things.
	yum install -y dracut-fips
	# Regenerate ramdisk (current kernel)
	dracut -f "/boot/initramfs-$(uname -r).img" "$(uname -r)"
	# Append 'fips=1' to GRUB_CMDLINE_LINUX
	grep 'fips=1' /proc/cmdline \|\|