Skip to content

Instantly share code, notes, and snippets.

DiabloHorn DiabloHorn

View GitHub Profile
@DiabloHorn
DiabloHorn / deserlab_exploit.py
Created Sep 9, 2017
Exploit for the DeserLab vulnerable implementation
View deserlab_exploit.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
References
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
http://gursevkalra.blogspot.nl/2016/01/ysoserial-commonscollections1-exploit.html
https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
https://www.slideshare.net/codewhitesec/exploiting-deserialization-vulnerabilities-in-java-54707478
View xprotect-brute-js.user.js
// ==UserScript==
// @name xprotect-brute-js
// @namespace ns-xprotect-brute-js
// @description Brute force Milestone XProtect Web Client
// @include http://localhost:8081/index.html
// @version 1
// @grant none
// ==/UserScript==
//DiabloHorn - https://diablohorn.com
var foundcreds = 0;
View xprotect-brute.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
Brute force the Milestone XProtect Web Client interface
python xprotect-brute.py http://127.0.0.1:8081/XProtectMobile/Communication --userlist u.txt --pwdlist p.txt --httpproxy http://127.0.0.1:9090
"""
import sys
import base64
import argparse
@DiabloHorn
DiabloHorn / poc_server.py
Created Apr 9, 2017
Server part of IP whitelist bypass POC
View poc_server.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC server to inject packets towards 'infected' machine
intended to bypass IP whitelisting
"""
import time
import socket
from scapy.all import *
@DiabloHorn
DiabloHorn / poc_client.py
Created Apr 9, 2017
Client part of IP whitelist bypass POC
View poc_client.py
#!/usr/bin/env python
"""
DiabloHorn - https://diablohorn.com
POC client on 'infected' machines to receive injected packets
intended to bypass IP whitelisting
"""
import sys
import time
import socket
from threading import Thread
@DiabloHorn
DiabloHorn / pyrawcap.py
Created Mar 9, 2017
Python sniffer using only raw sockets
View pyrawcap.py
#!/usr/bin/env python
#DiabloHorn https://diablohorn.com
#raw python pcap creater
#based on
# http://askldjd.com/2014/01/15/a-reasonably-fast-python-ip-sniffer/
#additional references
# http://www.kanadas.com/program-e/2014/08/raw_socket_communication_on_li.html
import sys
import time
You can’t perform that action at this time.