I hereby claim:
- I am decidedlygray on github.
- I am decidedlygray (https://keybase.io/decidedlygray) on keybase.
- I have a public key ASAKcnLth9zmCU92kY2PjXhHT7zm4KfiY4wkr1N3p2Phego
To claim this, I am signing this object:
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
def initialize(info = {}) | |
super(update_info(info, | |
'Name' => 'NetGear UPnP CSRF', |
# Exploit Title: CesarFTP 0.99g Remote Resource Exhaustion Vulnerability v4260 | |
# Date: 10/16/2015 | |
# Exploit Author: @decidedlygray (independently discovered while learning Sulley fuzzing framework) | |
# Vendor Homepage: ACLogic.com [NO LONGER EXISTS] | |
# Software Link: http://download.cnet.com/CesarFTP/3000-2160_4-13481.html | |
# Version: 0.99g | |
# Tested on: Windows XP, Windows 7 | |
# | |
# Exploit for the issue already discovered in 2004: | |
# - CesarFTP Server Long Command Denial of Service Exploit - https://www.exploit-db.com/exploits/428/ |
I hereby claim:
To claim this, I am signing this object:
#!/usr/bin/python | |
import sys | |
import time | |
from sulley import * | |
####################################################################### | |
""" Receive banner when connecting to server. """ | |
def banner(sock): |
Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.
# ### | |
# install_letsencrypt_ca_certificates_for_jvm_windows.ps1 | |
# Based on the linux script here: https://www.nuharborsecurity.com/creating-a-private-burp-collaborator-in-amazon-aws-with-a-letsencrypt-wildcard-certificate/ | |
# Written by @decidedlygray, 20180626 | |
# | |
# NOTE: Not working at the moment. Comments welcome. | |
# ### | |
# BurpSuitePro Install Location | |
$BurpInstallLocation="C:\Program Files\BurpSuitePro\" |
#!/usr/bin/env python | |
# The py2 code below is an abomination that was slapped together in a matter of | |
# minutes to see if the internet was behaving as expected. It is utter garbage | |
# and should not be used by anyone. - @decidedlygray | |
import socket | |
import urllib2 | |
import zipfile | |
import csv |
using System; | |
using System.IO; | |
using System.Text; | |
using System.IO.Compression; | |
using System.EnterpriseServices; | |
using System.Collections.Generic; | |
using System.Runtime.InteropServices; | |
using System.Security.Cryptography; | |
/* |
# For when you decompile an Android APK and some of the strings are static integer arrays instead of strings, | |
# this snippet will print them out as strings. I've re-written this a few times so I figured I'd just | |
# post it here so I can find it when I need it. | |
strArray = [] | |
# Drop your "private static final short[] a = { 65, 66, 67, 68, 69, 70, 71, 72, 73 ... }"" here, but replace [] w/ {} | |
strArray.append( | |
[65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57] |
# | |
# Project Homepage: https://github.com/avast-tl/retdec#linux | |
# This file is based on the Dockerfile from the repo above | |
# | |
apt update -y | |
apt install -y build-essential cmake git perl python3 doxygen graphviz upx flex bison zlib1g-dev libtinfo-dev autoconf automake pkg-config m4 libtool | |
cd /opt | |
git clone https://github.com/avast-tl/retdec | |
cd retdec && mkdir build && cd build | |
cmake .. -DCMAKE_INSTALL_PREFIX=/home/retdec/retdec-install |