Skip to content

Instantly share code, notes, and snippets.

Avatar
🦬

Jonathan Claudius claudijd

🦬
View GitHub Profile
@claudijd
claudijd / gist:2625441
Created May 7, 2012
Suggestions for Metasploit Dev Setup Environment Wiki
View gist:2625441
##Current Wiki Content
$ curl -L get.rvm.io | bash -s stable
$ source ~/.rvm/scripts/rvm
$ rvm install 1.9.3-p125
##Suggestions for Wiki Content
#Set default manually
@claudijd
claudijd / gist:2641442
Created May 9, 2012
PHP CGI Emerging Threat Snort Rule
View gist:2641442
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS PHP-CGI query string parameter vulnerability"; flow:to_server,established; content:"?"; http_uri; content:"-"; http_uri; distance:0; content:!"="; http_raw_uri; pcre:"/(\.php|\/)\?[\s\+]*\-[A-Za-z]/Ui"; reference:cve,2012-1823; reference:url,eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/; reference:url,varanoid.com/research-alerts/us-cert/vu520827-php-cgi-query-string-parameter-vulnerability/; classtype:web-application-attack; sid:2014704; rev:4;)
@claudijd
claudijd / German Translator
Created Jul 20, 2012
Ruby-based German Translator
View German Translator
def translate_2_german(string)
string.upcase
end
@claudijd
claudijd / DEFCON 20 Slides, Demo Video and Whitepaper Links
Created Jul 29, 2012
DEFCON 20 Slides, Demo Video and Whitepaper Links
View DEFCON 20 Slides, Demo Video and Whitepaper Links
@claudijd
claudijd / sync_fork_with_r7.rb
Created Sep 10, 2012
Syncing my metasploit-framework fork with upstream-master
View sync_fork_with_r7.rb
#Just a simple script to sync master with upstream-master
#Set rapid7 as remote upstream
puts "[+] Setting Rapid7 as upstream remote"
`git remote add upstream git://github.com/rapid7/metasploit-framework.git`
#Get all the upstream changes
puts "[+] Grabbing upstream remote changes"
`git fetch upstream`
View rails_rce.rb
#!/usr/bin/env ruby
#
# Proof-of-Concept exploit for Rails Remote Code Execution (CVE-2013-0156)
#
# ## Advisory
#
# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
#
# ## Caveats
#
@claudijd
claudijd / gist:5006429
Created Feb 21, 2013
Investigating why Aloha Ruby Conf website 404's all the time for me
View gist:5006429
#Testing Code
require 'resolv'
require 'set'
def lookup
p Resolv.getaddress "www.aloharubyconf.com"
end
ips = Set.new
@claudijd
claudijd / ssh_bruteforcer.rb
Created Mar 29, 2013
Quick and Dirty Threaded SSH Bruteforcer
View ssh_bruteforcer.rb
require 'net/ssh'
require 'thread'
require 'timeout'
ips = [
"192.168.1.80",
"192.168.1.81",
"192.168.1.82",
"192.168.1.83",
]
@claudijd
claudijd / export_msf_exploits_to_xml.rb
Last active Dec 18, 2015
Export MSF Exploits to XML
View export_msf_exploits_to_xml.rb
#!/usr/bin/env ruby
# This code melds together some boiler plate documentation code
# from MSF (1), darkoperator's export to XML resource script (2)
# and a little Nokogiri fun to allow you to export the MSF exploit
# data to XML from outside of MSF console.
#
# References:
# (1) https://github.com/rapid7/metasploit-framework/blob/a731efa5ce43763cb4ee0873bc40140b61f3928a/documentation/samples/framework/dump_module_info.rb
# (2) https://github.com/darkoperator/Meterpreter-Scripts/blob/a38e001c2d50eaaddc82f4397b8074e29621bf83/scripts/resource/exploit_info.rc
#
@claudijd
claudijd / barry_dns.rb
Last active Dec 19, 2015
A quick and dirty DNS/HTTP/HTTPS Bruterforcer for my home boy Barry
View barry_dns.rb
# Low-down DNS/HTTP/HTTPS Bruteforcing Script for Barry
require 'resolv'
require 'rest_client'
# SETUP ##############
#
# You need two gems 'resolv' and 'rest_client'
#
# gem install resolv (may be a default in ruby, can't remember)