Skip to content

Instantly share code, notes, and snippets.

Decidedly Gray decidedlygray

Block or report user

Report or block decidedlygray

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View netgear_upnp_csrf.rb
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpServer::HTML
def initialize(info = {})
super(update_info(info,
'Name' => 'NetGear UPnP CSRF',
View cesar_remoteDOS.py
# Exploit Title: CesarFTP 0.99g Remote Resource Exhaustion Vulnerability v4260
# Date: 10/16/2015
# Exploit Author: @decidedlygray (independently discovered while learning Sulley fuzzing framework)
# Vendor Homepage: ACLogic.com [NO LONGER EXISTS]
# Software Link: http://download.cnet.com/CesarFTP/3000-2160_4-13481.html
# Version: 0.99g
# Tested on: Windows XP, Windows 7
#
# Exploit for the issue already discovered in 2004:
# - CesarFTP Server Long Command Denial of Service Exploit - https://www.exploit-db.com/exploits/428/
View keybase.md

Keybase proof

I hereby claim:

  • I am decidedlygray on github.
  • I am decidedlygray (https://keybase.io/decidedlygray) on keybase.
  • I have a public key ASAKcnLth9zmCU92kY2PjXhHT7zm4KfiY4wkr1N3p2Phego

To claim this, I am signing this object:

View cesar_ftp.py
#!/usr/bin/python
import sys
import time
from sulley import *
#######################################################################
""" Receive banner when connecting to server. """
def banner(sock):
@decidedlygray
decidedlygray / py_b64unicode_decode.py
Created Dec 14, 2017
Python2 snippet for taking a base64-encoded unicode string, and decoding it properly so there aren't trailing null bytes on ASCII characters
View py_b64unicode_decode.py
#!/usr/bin/env python
"""
Python2 snippet for taking a base64-encoded unicode string, decoding it
properly so there aren't trailing null bytes for ASCII characters
Leaving this here so I don't have to look it up again
@decidedlygray
"""
View Reversing Aruba Instant.md

Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.

@decidedlygray
decidedlygray / crypto_challenge_20161101.py
Last active Jun 7, 2018
Short script to do automated cryptanalysis (really just finding best fit key) against substitution ciphers. Uses hill climbing algorithm to find best fit key.
View crypto_challenge_20161101.py
"""
Break Simple Substitution Cipher (automated cryptanalysis)
---
Use a hill climbing algo to maximize fitness score accross iterations of keys (mutate, check, rinse/repeat).
Fitness is determined by comparing quadgram statistics of decrypted text against the engilish quadgrams.
---
REQUIREMENTS
Install pycipher for easily applying key to ciphertext: pip install pycipher
Also need ngram_score module: http://practicalcryptography.com/media/cryptanalysis/files/ngram_score_1.py
As well as english_quadgrams: http://practicalcryptography.com/media/cryptanalysis/files/english_quadgrams.txt.zip
@decidedlygray
decidedlygray / build_burp-rest-api.sh
Last active Jun 9, 2018
BurpSuite Pro burp-rest-api Kali Rolling build script
View build_burp-rest-api.sh
#!/bin/bash
##############################################################################
# burp-rest-api Kali build script
# Builds: https://github.com/vmware/burp-rest-api
#
# Currently Kali ships using java 9 as its default version of Java. This
# causes building https://github.com/vmware/burp-rest-api to fail. This
# script is meant to help fix that and get the tool to build properly
#
@decidedlygray
decidedlygray / install_letsencrypt_ca_certificates_for_jvm_windows.ps1
Last active Jun 26, 2018
Install LetsEncrypt CA Certs on Windows Host into Burp's Java TrustStore
View install_letsencrypt_ca_certificates_for_jvm_windows.ps1
# ###
# install_letsencrypt_ca_certificates_for_jvm_windows.ps1
# Based on the linux script here: https://www.nuharborsecurity.com/creating-a-private-burp-collaborator-in-amazon-aws-with-a-letsencrypt-wildcard-certificate/
# Written by @decidedlygray, 20180626
#
# NOTE: Not working at the moment. Comments welcome.
# ###
# BurpSuitePro Install Location
$BurpInstallLocation="C:\Program Files\BurpSuitePro\"
@decidedlygray
decidedlygray / hmmm_dns_stuff_1m.py
Last active Jul 26, 2018
Check domains for records and stuff
View hmmm_dns_stuff_1m.py
#!/usr/bin/env python
# The py2 code below is an abomination that was slapped together in a matter of
# minutes to see if the internet was behaving as expected. It is utter garbage
# and should not be used by anyone. - @decidedlygray
import socket
import urllib2
import zipfile
import csv
You can’t perform that action at this time.