Skip to content

Instantly share code, notes, and snippets.

Avatar

Graph-X

  • "You can find me in the club"
View GitHub Profile
@Graph-X
Graph-X / AIX_FTP_root.py
Created Jan 24, 2016
rewrite of Kingcopes AIX FTP root hash disclosure vuln
View AIX_FTP_root.py
#!/usr/bin/python
###################
#
#
#
# Rewrite of Kingcopes AIX FTP root hash disclosure vuln
# Conversion by GraphX
# Because fuck Perl
#
#######################################################
@Graph-X
Graph-X / searchsploit
Last active Jul 18, 2016
searchsploit msf module exclusion
View searchsploit
#!/bin/bash
# Name: SearchSploit - Exploit-DB's CLI search tool
# Version: 3.3 (Release date: 2016-04-02)
# Written by: Offensive Security, Unix-Ninja & g0tmi1k
# Homepage: https://github.com/offensive-security/exploit-database
#
## NOTE:
# Exit code '0' means finished normally
# Exit code '1' means something went wrong
# Exit code '2' means finished help screen
@Graph-X
Graph-X / instructions.txt
Created Jul 19, 2016
How to setup a layer 3 tunnel over SSH because sometimes a SOCKS proxy is just plain shit.
View instructions.txt
#Pivotbox changes:
openvpn --mktun --dev tun0
ifconfig tun0 1.1.1.2 netmask 255.255.255.252 up
#IP Forwarding and PermitTunnel yes only need to be done once
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "PermitTunnel yes" >> /etc/ssh/sshd_config
service sshd reload
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
View packer.py
#!/usr/bin/env python
import binascii
from struct import *
import os, sys
#import ctypes
import zlib
import struct
import array
import argparse
#################################################################
View Teleopti WFM Advisory
#############################################################
# Advisory Title: Teleopti WFM (Multiple Vulnerabilities)
# Date: 2/4/2017
# Researcher: Graph-X ((email: graphx@sigaint.org))
# Vendor Homepage: http://www.teleopti.com
# Version: <= 7.1.0
# CVE: is dead
#############################################################
Disclosure Timeline
############################################################################################
View deobfuscate.py
#!/usr/bin/python
from string import maketrans
import urllib
import binascii
import re
import base64
lpp = dict()
View keybase.md

Keybase proof

I hereby claim:

  • I am graph-x on github.
  • I am graphx (https://keybase.io/graphx) on keybase.
  • I have a public key ASDjDEWpDUf7b91K4LK5bHcthokRT6MiuEANveNHLh0rhQo

To claim this, I am signing this object:

@Graph-X
Graph-X / hueylewis.py
Last active Sep 25, 2019
Philips HueyLewis And The Red Green and Blues
View hueylewis.py
#!/usr/bin/python
#######################################################################
# Philips Hue Automation Script #
# Uses DHCP log forwarding from DHCP server to figure out if the #
# device is on network (home) or off (away). Also uses a hold down #
# timer to pervent the lights being triggered every fucking time #
# the phone gets a new DHCP lease. Like always, I'm putting this #
# shit code out there for public consumption and ridicule under #
# the YPL. Maybe you'll find it useful or maybe not. no matter. #
# zero fux given #
@Graph-X
Graph-X / ironregistry.py
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
View ironregistry.py
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey.Close()
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
@Graph-X
Graph-X / index.php
Last active May 31, 2020
poc server
View index.php
<?php
session_start(['cookie_secure' => true, 'cookie_path' => '/', 'cookie_httponly' => true]);
if ($_SERVER['HTTP_REQUEST'] === "POST"){
if (isset($_POST['user']) && isset($_POST['pass'])){
//for this POC we assume successful login and regenerate the session id
session_regenerate_id();
$_SESSION['user'] = $_POST['user'];
$_SESSION['authorized'] = true;
echo("Session is now authorized");