bcoles
/ pchart_example_page_traversal.rb
Created
August 25, 2014 11:23
This module exploits a directory traversal bug in pChart version 2.1.3 or earlier. The module can only be used to retrieve files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: http//metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Auxiliary | |
| include Msf::Auxiliary::Scanner |
bcoles
/ shellinabox.rb
Created
August 25, 2014 11:05
This module uses valid credentials to log in to Shell In A Box and execute arbitrary operating system commands. Shell In A Box must be configured to use the system shell (default).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: http//metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote | |
| Rank = AverageRanking |
bcoles
/ brute-doom
Created
December 26, 2014 15:00
Throttled single-threaded remote dictionary attack tool for Doom multiplayer server connection password. Tested on Zandronum 1.2.42016.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Throttled single-threaded remote dictionary attack tool | |
| # for Doom multiplayer server connection password. | |
| # Tested on Zandronum 1.2.42016.1 | |
| # 2014-12-20 | |
| ## | |
| require 'socket' | |
| $debug = false |
bcoles
/ apache_modaccouting_postgresql_injection.rb
Created
August 23, 2015 09:32
This module exploits an SQL injection vulnerability in the mod_accounting module for Apache 1.3 when configured to use PostgreSQL. This module uses SQL injection in the HTTP 'Host' header to execute arbitrary commands as the database user. This module has been tested successfully on Apache 1.3.33 on Debian 3.1r8 Sarge with PostgreSQL 7.4.7.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: http://metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote | |
| Rank = ManualRanking |
bcoles
/ fast_clicks_poc.html
Created
January 19, 2011 11:22
This script is a Proof of Concept for a timing-attack variation of UI Redressing / click-jacking. It is designed to entice the user into clicking rapidly in a certain location.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html><head><script type="text/javascript"> | |
| /* This script is a Proof of Concept for a timing-attack variation of UI | |
| Redressing / click-jacking. It is designed to entice the user into clicking | |
| rapidly in a certain location. */ | |
| function fast_clicks() { | |
| var tStart; | |
| var tDate; | |
| var tDiff; |
bcoles
/ Windows Mail client DoS from browser PoC.html
Created
September 16, 2011 16:56
Windows Mail client DoS from browser PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript"> | |
| // Windows Mail client DoS from browser PoC (with nntp/snews/news url handlers) | |
| // 2011-09-16 // Brendan Coles <bcoles@gmail.com> | |
| // Should work with Safari/Firefox on Windows Vista | |
| // Some newsgroups are added. You can delete newsgroups here: | |
| // C:\Users\username\AppData\Local\Microsoft\Windows Mail | |
| function doit() { | |
| //window_spam(); |
bcoles
/ alexa-rank.rb
Created
September 19, 2011 04:16
Alexa Rank - Retrieves the Alexa rank for domain(s)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Alexa Rank | |
| # Retrieves the Alexa rank for domain(s) | |
| # 2011-09-19 # bcoles@gmail.com | |
| ## | |
| verbose = true | |
| version = "0.1" | |
| # Usage |
bcoles
/ http-3com-nbx-info.nse
Created
February 4, 2012 10:21
http-3com-nbx-info.nse - Attempts to retrieve device information from a 3COM NBX phone system using the web interface. The web interface (NBX NetSet utility) runs on port 80 by default.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| description = [[ | |
| Attempts to retrieve device information from a 3COM NBX phone system using the | |
| web interface. The web interface (NBX NetSet utility) runs on port 80 by | |
| default. | |
| ]] | |
| --- | |
| -- @usage | |
| -- nmap --script http-3com-nbx-info -p <port> <host> | |
| -- |
bcoles
/ nettemp_cmd_exec.rb
Created
October 13, 2013 16:01
This module exploits a command execution vulnerability in nettemp version 7.x which could be abused to allow unauthenticated users to execute arbitrary commands under the context of the web server user. The 'mail_test.php' file calls 'exec()' with user controlled data from the 'test_mail' parameter.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This file is part of the Metasploit Framework and may be subject to | |
| # redistribution and commercial restrictions. Please see the Metasploit | |
| # Framework web site for more information on licensing and terms of use. | |
| # http://metasploit.com/framework/ | |
| ## | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote |
bcoles
/ decaptcha.sh
Last active
February 13, 2016 16:26
Cracks rudimentary CAPTCHA. Requires tesseract.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # decaptcha.sh - Cracks rudimentary CAPTCHA. Requires tesseract. | |
| # --- | |
| image="$1" | |
| output=`mktemp` | |
| charset="ABCDEFGHIJKLMNOPQRSTUVWXYZ" | |
| command -v tesseract >/dev/null 2>&1 || { echo "Tesseract is not installed - (apt-get install tesseract-ocr) - Aborting." >&2; exit 1; } |
OlderNewer