Skip to content

Instantly share code, notes, and snippets.

Gerry Eisenhaur gerry

Block or report user

Report or block gerry

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@gerry
gerry / cracking_rig.md
Created Aug 26, 2016
My current cracking rig (4x GTX980ti's)
View cracking_rig.md
@gerry
gerry / hashcat_benchmark.txt
Created Aug 26, 2016
A hashcat benchmark of my current cracking rig (4x GTX980Ti's)
View hashcat_benchmark.txt
hashcat (v3.10-3-g13cbe42) starting in benchmark-mode...
OpenCL Platform #1: NVIDIA Corporation
======================================
- Device #1: GeForce GTX 980 Ti, 1519/6077 MB allocatable, 22MCU
- Device #2: GeForce GTX 980 Ti, 1519/6077 MB allocatable, 22MCU
- Device #3: GeForce GTX 980 Ti, 1519/6077 MB allocatable, 22MCU
- Device #4: GeForce GTX 980 Ti, 1519/6077 MB allocatable, 22MCU
Hashtype: MD4
@gerry
gerry / weathermap_editor_exec.rb
Created Aug 23, 2016
Weathermap Editor (cacti plugin) Arbitrary Code Execution
View weathermap_editor_exec.rb
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
View teampass_notes.md

Arbitrary file data write (leading to RCE)

./sources/export.queries.php:471: $outstream = fopen($_POST['file'], "a"); (place php in item description) ./sources/admin.queries.php:1110: $fh = fopen($tmp_skfile, 'w'); (admin required)

SQLi

./sources/views.queries.php:437: ORDER BY ".$_POST['order']." ".$_POST['direction']." (admin required)

No Authz on file download:

./sources/downloadFile.php:47: $fp = fopen($_SESSION['settings']['path_to_upload_folder'].'/'.$result['file'], 'rb');

View kill-switch.sh
#!/bin/sh -e
DEFAULT_IFACE=enp0s3
LOCAL_NET=$(ip -o -f inet addr show $DEFAULT_IFACE | awk '{print $4}')
HOST_IPS=198.8.80.220,198.8.80.223,198.8.80.33,198.8.80.149,198.8.80.180,198.8.80.221,198.8.80.50,198.8.80.203,198.8.80.162,198.8.80.176,107.152.98.168,198.8.80.222,107.152.98.159
ufw --force reset
ufw default deny outgoing
ufw default deny incoming
ufw allow out on tun0 from any to any
ufw allow in on tun0 from any to any
View update-pia-hosts.sh
#!/bin/sh -e
HOSTNAME=us-california.privateinternetaccess.com
# host us-california.privateinternetaccess.com|cut -d' ' -f4|tr \\n ,
HOST_IPS=198.8.80.220,198.8.80.223,198.8.80.33,198.8.80.149,198.8.80.180,198.8.80.221,198.8.80.50,198.8.80.203,198.8.80.162,198.8.80.176,107.152.98.168,198.8.80.222,107.152.98.159
IP=$(echo $HOST_IPS | tr , \\n | shuf - | head -n 1)
if grep -q $HOSTNAME /etc/hosts; then
sed -i "s/.*$HOSTNAME/$IP $HOSTNAME/" /etc/hosts
else
echo $IP $HOSTNAME >> /etc/hosts
@gerry
gerry / dns_logger.py
Created Apr 29, 2015
Respond to and record dns lookups.
View dns_logger.py
#!/usr/bin/env python
import sys
import random
import string
import datetime
import itertools
import threading
import traceback
import SocketServer
import operator as op
View keybase.md

Keybase proof

I hereby claim:

  • I am gerry on github.
  • I am gerry (https://keybase.io/gerry) on keybase.
  • I have a public key whose fingerprint is F120 587B A599 B6B6 1ED6 1A37 DD61 36D6 59E5 4DEF

To claim this, I am signing this object:

@gerry
gerry / decrypt_dbvis.py
Last active Apr 20, 2018
A quick hack to extract and decrypt credentials from DbVisualizer config files.
View decrypt_dbvis.py
#!/usr/bin/env python
# decrypt_dbvis.py ~ gerry@twitter.com
# DbVisualizer uses PBEWithMD5AndDES with a static key to store passwords.
# This is a quick hack to extract and decrypt credentials from DbVisualizer config files.
# Tested against DbVisualizer Free 9.0.9 and 9.1.6
"""
[2014-03-25 02:05:30][not-the-sea workspace]$ security/p/gerry/misc/decrypt_dbvis.py
[+] DbVisualizer Password Extractor and Decryptor (@gerryeisenhaur)
[+] Additional Usage Options:
[+] security/p/gerry/misc/decrypt_dbvis.py <config filename>
@gerry
gerry / import_nessus_nbe.diff
Created Feb 27, 2013
Quick fix for importing Nessus NBE files
View import_nessus_nbe.diff
diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
index 7e0bc73..9b5c8d8 100644
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@@ -5163,11 +5163,11 @@ class DBManager
# There is no place the NBE actually stores the plugin name used to
# scan. You get "Security Note" or "Security Warning," and that's it.
def import_nessus_nbe(args={}, &block)
- data = args[:data]
+ nbe_data = args[:data]
You can’t perform that action at this time.