cinno
/ http-vuln-cve2015-1427.nse
Created
December 15, 2015 16:01
— forked from dmiller-nmap/http-vuln-cve2015-1427.nse
WIP NSE script to detect cve-2015-1427
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local http = require "http" | |
| local shortport = require "shortport" | |
| local stdnse = require "stdnse" | |
| local string = require "string" | |
| local vulns = require "vulns" | |
| local json = require "json" | |
| local base64 = require "base64" | |
| description = [[ | |
| A simple script based on the exploit mentioned here : |
cinno
/ AttackerGraphs.py
Last active
August 29, 2015 14:21
— forked from lksnyder0/AttackerGraphs.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| This is a program to link attackers together. I have designed it to create a graph from a CSV file | |
| containing information from kippo honeypots. The fields in the CSV can be customized but mine are: | |
| "src_ip","client_country","client_city",username,password,url,filehost,filename,shasum,session,"_time" | |
| These are all available from the version of Kippo available at https://github.com/micheloosterhof/kippo. | |
| I am using splunk to create this CSV but anything will do. |
cinno
/ cve-2015-0240_samba_exploit.py
Last active
August 29, 2015 14:21
— forked from worawit/cve-2015-0240_samba_exploit.py
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |