Skip to content

Instantly share code, notes, and snippets.

View decidedlygray's full-sized avatar

Decidedly Gray decidedlygray

View GitHub Profile
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'NetGear UPnP CSRF',
#!/usr/bin/python
import sys
import time
from sulley import *
#######################################################################
""" Receive banner when connecting to server. """
def banner(sock):
# Exploit Title: CesarFTP 0.99g Remote Resource Exhaustion Vulnerability v4260
# Date: 10/16/2015
# Exploit Author: @decidedlygray (independently discovered while learning Sulley fuzzing framework)
# Vendor Homepage: ACLogic.com [NO LONGER EXISTS]
# Software Link: http://download.cnet.com/CesarFTP/3000-2160_4-13481.html
# Version: 0.99g
# Tested on: Windows XP, Windows 7
#
# Exploit for the issue already discovered in 2004:
# - CesarFTP Server Long Command Denial of Service Exploit - https://www.exploit-db.com/exploits/428/
@decidedlygray
decidedlygray / crypto_challenge_20161101.py
Last active March 3, 2022 00:19
Short script to do automated cryptanalysis (really just finding best fit key) against substitution ciphers. Uses hill climbing algorithm to find best fit key.
"""
Break Simple Substitution Cipher (automated cryptanalysis)
---
Use a hill climbing algo to maximize fitness score accross iterations of keys (mutate, check, rinse/repeat).
Fitness is determined by comparing quadgram statistics of decrypted text against the engilish quadgrams.
---
REQUIREMENTS
Install pycipher for easily applying key to ciphertext: pip install pycipher
Also need ngram_score module: http://practicalcryptography.com/media/cryptanalysis/files/ngram_score_1.py
As well as english_quadgrams: http://practicalcryptography.com/media/cryptanalysis/files/english_quadgrams.txt.zip
@decidedlygray
decidedlygray / keybase.md
Last active November 10, 2016 17:55
Keybase.io proof file for https://keybase.io/decidedlygray

Keybase proof

I hereby claim:

  • I am decidedlygray on github.
  • I am decidedlygray (https://keybase.io/decidedlygray) on keybase.
  • I have a public key ASAKcnLth9zmCU92kY2PjXhHT7zm4KfiY4wkr1N3p2Phego

To claim this, I am signing this object:

@decidedlygray
decidedlygray / ModifyAndBuildingBurpExtensions.md
Created August 10, 2017 00:58
Modifying and Building Burp Extensions Quick Reference

Quick Reference

This section is a boiled down version of everything above. It should serve as an easy reference. These steps assume you've identified and installed the correct JDK.

Modify and Re-Jar Extension

  1. Locate the jar file: Extender > Extensions > Select extension > Details. bapps\ directory is located at C:\Users\yourusername\AppData\Roaming\BurpSuite\bapps
  2. Backup the original jar file to a different folder, outside of bapps.
  3. Change extension from .jar to .zip, extract contents, delete .zip file
  4. Make your modifications
  5. Re-jar: jar cvf yourJarName.jar -C extractedContentsDirectory/ .
@decidedlygray
decidedlygray / py_b64unicode_decode.py
Created December 14, 2017 15:26
Python2 snippet for taking a base64-encoded unicode string, and decoding it properly so there aren't trailing null bytes on ASCII characters
#!/usr/bin/env python
"""
Python2 snippet for taking a base64-encoded unicode string, decoding it
properly so there aren't trailing null bytes for ASCII characters
Leaving this here so I don't have to look it up again
@decidedlygray
"""
@decidedlygray
decidedlygray / hmmm_dns_stuff_1m.py
Last active July 26, 2018 16:20
Check domains for records and stuff
#!/usr/bin/env python
# The py2 code below is an abomination that was slapped together in a matter of
# minutes to see if the internet was behaving as expected. It is utter garbage
# and should not be used by anyone. - @decidedlygray
import socket
import urllib2
import zipfile
import csv
@decidedlygray
decidedlygray / Reversing Aruba Instant.md
Created May 15, 2018 16:06
Reversing Aruba Instant Firmware

Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.

@decidedlygray
decidedlygray / build_burp-rest-api.sh
Last active May 20, 2020 15:08
BurpSuite Pro burp-rest-api Kali Rolling build script
#!/bin/bash
##############################################################################
# burp-rest-api Kali build script
# Builds: https://github.com/vmware/burp-rest-api
#
# Currently Kali ships using java 9 as its default version of Java. This
# causes building https://github.com/vmware/burp-rest-api to fail. This
# script is meant to help fix that and get the tool to build properly
#