Skip to content

Instantly share code, notes, and snippets.

View gquere's full-sized avatar

Guillaume Quéré gquere

244 followers · 2 following
View GitHub Profile
@gquere
gquere / bitbucket_clone_all.py
Created July 15, 2020 09:26
#!/usr/bin/env python3
import argparse
import requests
import json
import urllib3
from urllib.parse import urlparse
import os
import re
from getpass import getpass
@gquere
gquere / shiro1.c
Created August 19, 2019 11:19
shiro1 Nexus hash cracking password breaking
/**
* gcc shiro1.c -lcrypto -lssl -fopenmp
*
* Crack salted iterated SHA512 hashes.
* Just wanted to check how much faster it was rather in C than in Java:
* https://gist.github.com/gquere/365cfcceef9ac8d145cc59bbf2c27648
*
* Here are the results I got using rockyou, 1024 iterations, so about 15 billion hashes:
* time ./a.out ../rockyou.txt
* 8130,86s user 1,05s system 787% cpu 17:12,07 total
@gquere
gquere / openldap2hashcat.py
Last active April 17, 2022 14:06
Convert OpenLDAP hashes to a format Hashcat can understand
#!/usr/bin/env python3
# Convert OpenLDAP hashes to a format Hashcat can understand
import sys
import base64
with open(sys.argv[1], 'r') as f:
lines = f.readlines()
for line in lines:
line = line.rstrip("\n")
@gquere
gquere / spring_actuator_explorer.py
Created April 12, 2022 16:03
#!/usr/bin/env python3
import requests
import sys
import urllib3
# https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt
actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actu
@gquere
gquere / artifactory_downloader.py
Last active April 4, 2022 12:00
Artifactory downloader
#!/usr/bin/env python3
import sys
import requests
import re
from packaging import version
# IGNORE SSL WARNING ###########################################################
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
@gquere
gquere / shitmantec.md
Last active February 21, 2022 09:38

Kill it!

As admin launch SymCorpUi.exe and unprotect SEP in options.

for /L %n in (1,0,10) do taskkill /F /IM ccSvcHst.exe & timeout 1

Privesc

@gquere
gquere / shitmantec.py
Created February 12, 2021 11:56
#!/usr/bin/env python3
import sys
import re
import random
import base64
with open(sys.argv[1], "rb") as f:
lines = f.readlines()
obfuscated_lines = b""
@gquere
gquere / barebox_advisory.md
Last active August 30, 2021 15:47

BareBox security advisory

Barebox security features

The security features of Barebox are:

  • Signed images
  • Signed "state variables" (shared with the kernel)
@gquere
gquere / dump_i2c_eeprom.c
Created August 17, 2020 13:44
dump I2C EEPROM memory from Linux device ioctl
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#include <fcntl.h>
#include <linux/i2c-dev.h>
#define READ_SIZE (256)
#define NB_PAGES (256)
@gquere
gquere / ports.txt
Last active November 27, 2020 11:06
Network
=======
DNS 53
DHCP server 67
DHCP client 68
NTP 123
Auth
====
TACACS 49