bcoles
/ fast_clicks_poc.html
Created
January 19, 2011 11:22
This script is a Proof of Concept for a timing-attack variation of UI Redressing / click-jacking. It is designed to entice the user into clicking rapidly in a certain location.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html><head><script type="text/javascript"> | |
| /* This script is a Proof of Concept for a timing-attack variation of UI | |
| Redressing / click-jacking. It is designed to entice the user into clicking | |
| rapidly in a certain location. */ | |
| function fast_clicks() { | |
| var tStart; | |
| var tDate; | |
| var tDiff; |
bcoles
/ crack_ftpexplorer.rb
Created
February 6, 2011 07:01
Crack FTP-Explorer 1.0 Passwords # Exploit for CVE-2000-0214 ported to Ruby #
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| ################################################################################ | |
| # crack_ftpexplorer.rb # Crack FTP-Explorer 1.0 Passwords # | |
| # version 0.1r20110206 # Ported to Ruby by Brendan Coles <bcoles@gmail.com> # | |
| ################################################################################ | |
| # # | |
| # [x] CVE # CVE-2000-0214 # | |
| # [x] Bugtraq ID # 1003 # | |
| # [x] Original Advisory # Nelson Brito <stderr@unreal.sekure.org> # | |
| # [x] Original Exploit # http://downloads.securityfocus.com/vulnerabilities/ # |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################################################################ | |
| # bitmon | |
| # Description: monitors irc.lfnet.org:6667#bitcoin and extracts user details | |
| # Author: Brendan Coles <bcoles@gmail.com> | |
| # Version: 0.1-20110520 | |
| ################################################################################ | |
| import socket, string | |
| botname = 'u1rt6zQzvGpS1Zz' # change this | |
| channel = '#bitcoin' |
bcoles
/ Windows Mail client DoS from browser PoC.html
Created
September 16, 2011 16:56
Windows Mail client DoS from browser PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| // Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers) | |
| // 2011-09-16 // Brendan Coles <bcoles@gmail.com> | |
| // Should work with Safari/Firefox on Windows Vista | |
| // Some newsgroups are added. You can delete newsgroups here: | |
| // C:\Users\username\AppData\Local\Microsoft\Windows Mail | |
| function doit() { | |
| //window_spam(); |
bcoles
/ alexa-rank.rb
Created
September 19, 2011 04:16
Alexa Rank - Retrieves the Alexa rank for domain(s)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Alexa Rank | |
| # Retrieves the Alexa rank for domain(s) | |
| # 2011-09-19 # bcoles@gmail.com | |
| ## | |
| verbose = true | |
| version = "0.1" | |
| # Usage |
bcoles
/ nntp-options.nse
Last active
June 21, 2022 21:54
nntp-options.nse - Retrieves the available commands and banners from a listening NNTP daemon.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Retrieves the available commands and banners from a listening NNTP daemon. | |
| The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. | |
| For more information about NNTP, see: | |
| http://tools.ietf.org/html/rfc3977 | |
| http://tools.ietf.org/html/rfc6048 | |
| http://en.wikipedia.org/wiki/Network_News_Transfer_Protocol | |
| ]] |
bcoles
/ http-polycom-soundpoint-info.nse
Created
September 22, 2011 06:38
http-polycom-soundpoint-info.nse - Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP phone.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Attempts to retrieve the configuration settings from a Polycom SoundPoint VoIP | |
| phone. The information is retrieved from "/reg_1.htm" and "/reg_2.htm" which is | |
| only available when authentication is disabled. | |
| The web administration interface runs on port 80 by default. | |
| ]] | |
| --- | |
| -- @usage |
bcoles
/ http-vivotek-camera-info.nse
Created
November 11, 2011 07:02
http-vivotek-camera-info.nse - Attempts to retrieve the configuration settings from a Vivotek network camera.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Attempts to retrieve the configuration settings from a Vivotek network camera. | |
| The information is retrieved from "/cgi-bin/admin/getparamjs.cgi" which is not | |
| available on all models. | |
| The web administration interface runs on port 80 by default. | |
| ]] | |
| --- | |
| -- @usage |
bcoles
/ http-asus-wl500-info.nse
Created
January 24, 2012 11:51
http-asus-wl500-info.nse - Attempts to retrieve the configuration settings from an Asus WL500 series wireless router. The information is retrieved from "/Settings.CFG" which is only available when authentication is disabled.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Attempts to retrieve the configuration settings from an Asus WL500 series | |
| wireless router. The information is retrieved from "/Settings.CFG" which is only | |
| available when authentication is disabled. | |
| The web administration interface runs on port 80 by default. | |
| ]] | |
| --- | |
| -- @usage |
bcoles
/ gpsd-ng-info.nse
Created
January 24, 2012 12:41
gpsd-ng-info.nse - Retrieves device and version information from a listening GPSD-NG daemon.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Retrieves device and version information from a listening GPSD-NG daemon. | |
| gpsd is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer. | |
| For more information about GPSD-NG, see: | |
| http://gpsd.berlios.de/gpsd.html | |
| http://en.wikipedia.org/wiki/Gpsd | |
| http://gpsd.berlios.de/protocol-evolution.html | |
| ]] |
OlderNewer