Chris darses
darses
/ CVE-2025-32433.py
Last active
April 18, 2025 10:29
Python exploit Proof-of-Concept CVE-2025-32433 Unauthenticated Remote Code Execution in Erlang/OTP SSH. The Suricata and Bro logs are in order based on a succesful Paramiko attack, OpenSSH regular connection (no attack) and two succesful attacks using https://github.com/ProDefense/CVE-2025-32433/blob/main/CVE-2025-32433.py (crafting cleartext pa…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Example server commands, copied from https://blog.differentpla.net/blog/2022/11/01/erlang-ssh/. | |
| ```sh | |
| mkdir /tmp/erlang-ssh-server/ | |
| ssh-keygen -q -N "" -t rsa -f /tmp/erlang-ssh-server/ssh_host_rsa_key | |
| erl | |
| ``` | |
| ```erl | |
| {ok, _} = application:ensure_all_started(ssh). | |
| Port = 2222. |
darses
/ ivanti-connect-secure-version.yaml
Last active
April 17, 2025 18:05
Nuclei template Ivanti Connect Secure Detect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: ivanti-connect-secure-detect | |
| info: | |
| name: Ivanti Connect Secure - Detect | |
| author: darses | |
| severity: info | |
| description: Detects the version of Ivanti Connect Secure (formerly Pulse Secure) installations | |
| reference: | |
| - https://github.com/BishopFox/CVE-2025-0282-check | |
| metadata: |
darses
/ erlang-otp-ssh-detect.yaml
Created
April 17, 2025 18:01
Nuclei template Erlang OTP SSH Detect
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: erlang-otp-ssh-detect | |
| info: | |
| name: Erlang/OTP SSH Server - Detect | |
| author: darses | |
| severity: info | |
| description: Detects Erlang/OTP SSH servers and parses the version number from the banner. | |
| tags: network,ssh,erlang,detect,detection,tcp | |
| metadata: | |
| shodan-query: 'SSH-2.0-Erlang' |
darses
/ paloalto-globalprotect-version-date.yaml
Last active
April 13, 2024 11:42
— forked from JstRelax/paloalto-globalprotect-version-date.yaml
Nuclei Template for version detection of PAN-OS based on favicon ETag. Inspired by https://github.com/noperator/panos-scanner/ and Bishop Fox Cosmos. Also checkout the updated version table by k4nfr3 on https://github.com/noperator/panos-scanner/blob/e1433dea1f99d0b5f01a33f21c923a0aab3cd2a7/version-table.txt.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: paloalto-globalprotect-version-date | |
| info: | |
| name: Palo Alto Networks GlobalProtect Version Release Date | |
| author: darses,justrelax | |
| severity: info | |
| description: | | |
| Detect PAN-OS version release date from the GlobalProtect Portal ETag on static resources. This template supports both older (~<10.1) and newer PAN-OS (<=11.2) versions. | |
| metadata: | |
| max-request: 3 |