I hereby claim:
- I am decidedlygray on github.
- I am decidedlygray (https://keybase.io/decidedlygray) on keybase.
- I have a public key ASAKcnLth9zmCU92kY2PjXhHT7zm4KfiY4wkr1N3p2Phego
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
""" | |
Break Simple Substitution Cipher (automated cryptanalysis) | |
--- | |
Use a hill climbing algo to maximize fitness score accross iterations of keys (mutate, check, rinse/repeat). | |
Fitness is determined by comparing quadgram statistics of decrypted text against the engilish quadgrams. | |
--- | |
REQUIREMENTS | |
Install pycipher for easily applying key to ciphertext: pip install pycipher | |
Also need ngram_score module: http://practicalcryptography.com/media/cryptanalysis/files/ngram_score_1.py | |
As well as english_quadgrams: http://practicalcryptography.com/media/cryptanalysis/files/english_quadgrams.txt.zip |
# Exploit Title: CesarFTP 0.99g Remote Resource Exhaustion Vulnerability v4260 | |
# Date: 10/16/2015 | |
# Exploit Author: @decidedlygray (independently discovered while learning Sulley fuzzing framework) | |
# Vendor Homepage: ACLogic.com [NO LONGER EXISTS] | |
# Software Link: http://download.cnet.com/CesarFTP/3000-2160_4-13481.html | |
# Version: 0.99g | |
# Tested on: Windows XP, Windows 7 | |
# | |
# Exploit for the issue already discovered in 2004: | |
# - CesarFTP Server Long Command Denial of Service Exploit - https://www.exploit-db.com/exploits/428/ |
#!/usr/bin/python | |
import sys | |
import time | |
from sulley import * | |
####################################################################### | |
""" Receive banner when connecting to server. """ | |
def banner(sock): |
require 'msf/core' | |
class Metasploit3 < Msf::Exploit::Remote | |
Rank = ExcellentRanking | |
include Msf::Exploit::Remote::HttpServer::HTML | |
def initialize(info = {}) | |
super(update_info(info, | |
'Name' => 'NetGear UPnP CSRF', |