I hereby claim:
- I am decidedlygray on github.
- I am decidedlygray (https://keybase.io/decidedlygray) on keybase.
- I have a public key ASAKcnLth9zmCU92kY2PjXhHT7zm4KfiY4wkr1N3p2Phego
To claim this, I am signing this object:
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
def initialize(info = {}) | |
super(update_info(info, | |
'Name' => 'NetGear UPnP CSRF', |
#!/usr/bin/python | |
import sys | |
import time | |
from sulley import * | |
####################################################################### | |
""" Receive banner when connecting to server. """ | |
def banner(sock): |
# Exploit Title: CesarFTP 0.99g Remote Resource Exhaustion Vulnerability v4260 | |
# Date: 10/16/2015 | |
# Exploit Author: @decidedlygray (independently discovered while learning Sulley fuzzing framework) | |
# Vendor Homepage: ACLogic.com [NO LONGER EXISTS] | |
# Software Link: http://download.cnet.com/CesarFTP/3000-2160_4-13481.html | |
# Version: 0.99g | |
# Tested on: Windows XP, Windows 7 | |
# | |
# Exploit for the issue already discovered in 2004: | |
# - CesarFTP Server Long Command Denial of Service Exploit - https://www.exploit-db.com/exploits/428/ |
""" | |
Break Simple Substitution Cipher (automated cryptanalysis) | |
--- | |
Use a hill climbing algo to maximize fitness score accross iterations of keys (mutate, check, rinse/repeat). | |
Fitness is determined by comparing quadgram statistics of decrypted text against the engilish quadgrams. | |
--- | |
REQUIREMENTS | |
Install pycipher for easily applying key to ciphertext: pip install pycipher | |
Also need ngram_score module: http://practicalcryptography.com/media/cryptanalysis/files/ngram_score_1.py | |
As well as english_quadgrams: http://practicalcryptography.com/media/cryptanalysis/files/english_quadgrams.txt.zip |
I hereby claim:
To claim this, I am signing this object:
This section is a boiled down version of everything above. It should serve as an easy reference. These steps assume you've identified and installed the correct JDK.
bapps\
directory is located at C:\Users\yourusername\AppData\Roaming\BurpSuite\bapps
jar cvf yourJarName.jar -C extractedContentsDirectory/ .
#!/usr/bin/env python | |
""" | |
Python2 snippet for taking a base64-encoded unicode string, decoding it | |
properly so there aren't trailing null bytes for ASCII characters | |
Leaving this here so I don't have to look it up again | |
@decidedlygray | |
""" |
#!/usr/bin/env python | |
# The py2 code below is an abomination that was slapped together in a matter of | |
# minutes to see if the internet was behaving as expected. It is utter garbage | |
# and should not be used by anyone. - @decidedlygray | |
import socket | |
import urllib2 | |
import zipfile | |
import csv |
Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.
#!/bin/bash | |
############################################################################## | |
# burp-rest-api Kali build script | |
# Builds: https://github.com/vmware/burp-rest-api | |
# | |
# Currently Kali ships using java 9 as its default version of Java. This | |
# causes building https://github.com/vmware/burp-rest-api to fail. This | |
# script is meant to help fix that and get the tool to build properly | |
# |