Skip to content

Instantly share code, notes, and snippets.

Avatar

Graph-X

  • "You can find me in the club"
View GitHub Profile
@Graph-X
Graph-X / AIX_FTP_root.py
Created Jan 24, 2016
rewrite of Kingcopes AIX FTP root hash disclosure vuln
View AIX_FTP_root.py
#!/usr/bin/python
###################
#
#
#
# Rewrite of Kingcopes AIX FTP root hash disclosure vuln
# Conversion by GraphX
# Because fuck Perl
#
#######################################################
@Graph-X
Graph-X / searchsploit
Last active Jul 18, 2016
searchsploit msf module exclusion
View searchsploit
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.3 (Release date: 2016-04-02)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
#
## NOTE:
# Exit code '0' means finished normally
# Exit code '1' means something went wrong
# Exit code '2' means finished help screen
@Graph-X
Graph-X / instructions.txt
Created Jul 19, 2016
How to setup a layer 3 tunnel over SSH because sometimes a SOCKS proxy is just plain shit.
View instructions.txt
#Pivotbox changes:
openvpn --mktun --dev tun0
ifconfig tun0 1.1.1.2 netmask 255.255.255.252 up
#IP Forwarding and PermitTunnel yes only need to be done once
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
service sshd reload
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
View packer.py
#!/usr/bin/env python
import binascii
from struct import *
import os, sys
#import ctypes
import zlib
import struct
import array
import argparse
#################################################################
View Teleopti WFM Advisory
#############################################################
# Advisory Title: Teleopti WFM (Multiple Vulnerabilities)
# Date: 2/4/2017
# Researcher: Graph-X ((email: graphx@sigaint.org))
# Vendor Homepage: http://www.teleopti.com
# Version: <= 7.1.0
# CVE: is dead
#############################################################
Disclosure Timeline
############################################################################################
View deobfuscate.py
#!/usr/bin/python
from string import maketrans
import urllib
import binascii
import re
import base64
lpp = dict()
View keybase.md

Keybase proof

I hereby claim:

  • I am graph-x on github.
  • I am graphx (https://keybase.io/graphx) on keybase.
  • I have a public key ASDjDEWpDUf7b91K4LK5bHcthokRT6MiuEANveNHLh0rhQo

To claim this, I am signing this object:

@Graph-X
Graph-X / hueylewis.py
Last active Sep 25, 2019
Philips HueyLewis And The Red Green and Blues
View hueylewis.py
#!/usr/bin/python
#######################################################################
# Philips Hue Automation Script #
# Uses DHCP log forwarding from DHCP server to figure out if the #
# device is on network (home) or off (away). Also uses a hold down #
# timer to pervent the lights being triggered every fucking time #
# the phone gets a new DHCP lease. Like always, I'm putting this #
# shit code out there for public consumption and ridicule under #
# the YPL. Maybe you'll find it useful or maybe not. no matter. #
# zero fux given #
@Graph-X
Graph-X / index.php
Last active May 31, 2020
poc server
View index.php
<?php
session_start(['cookie_secure' => true, 'cookie_path' => '/', 'cookie_httponly' => true]);
if ($_SERVER['HTTP_REQUEST'] === "POST"){
if (isset($_POST['user']) && isset($_POST['pass'])){
//for this POC we assume successful login and regenerate the session id
session_regenerate_id();
$_SESSION['user'] = $_POST['user'];
$_SESSION['authorized'] = true;
echo("Session is now authorized");
@Graph-X
Graph-X / index.html
Last active May 31, 2020
POC Attacker code
View index.html
<html>
<head>
<title>This is the attacker page</title>
</head>
<body>
<p> This is the attacker's page</p>
<!-- This button is only here for the POC. You can just execute the script without further interaction from the end user by just calling the function. --!>
<button type="button" onclick="csrf()">I double dare you</button>
<br>
<textarea id='demo'></textarea>