jose nazario paralax
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "D-Link router Command Execution", | |
| "description": """This module exploits a vulnerability in D-Link router httpd server. An authenticated attacker may execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.""", | |
| "authors": ( |
paralax
/ spelling-bee-generator.fsx
Last active
September 20, 2018 18:16
Spelling bee puzzle (e.g. https://www.nytimes.com/puzzles/spelling-bee) generator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| open System | |
| open System.IO | |
| (* | |
| how it works | |
| - computes the Zipfs law letter distribution | |
| - finds all words with 7 distinct letters | |
| - from those it can then generate puzzles by placing the least likely letter in the center | |
| *) |
paralax
/ qcenter_rce.py
Last active
August 17, 2018 15:03
routersploit module - routersploit/modules/exploits/quap/qcenter_rce.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import json | |
| import re | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "QNAP Q'Center change_passwd Command Execution", |
paralax
/ zentrale_ccu2_rce.py
Created
August 16, 2018 20:53
routersploit module exploits/misc/homematic/zentrale_ccu2_rce.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import re | |
| import string | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "HomeMatic Zentrale CCU2 - RCE", |
paralax
/ network_camera_rce.py
Last active
March 14, 2023 19:56
routersploit module exploits/cameras/axis/network_camera_rce.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import re | |
| import string | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "Axis Network Camera RCE", |
paralax
/ 3g_4g_cellular_ethernet_serial_gateway_default_creds.py
Last active
August 12, 2019 23:26
routersploit module - Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Creds
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from routersploit.core.exploit import * | |
| from routersploit.modules.creds.generic.http_basic_digest_default import Exploit as HTTPBasicDigestDefault | |
| class Exploit(HTTPBasicDigestDefault): | |
| __info__ = { | |
| "name": "Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Creds - HTTP Auth", | |
| "description": "Module performs dictionary attack against Microhard Systems " | |
| "3G/4G Cellular Ethernet and Serial Gateway web interface. " | |
| "If valid credentials are found, they are displayed to the user.", |
paralax
/ dsl_ac_password_reset.py
Created
August 14, 2018 18:22
ASUS Router Password Reset - Routersploit module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import string | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "ASUS Router Password Reset", | |
| "description": "Module exploits remote flaw in ASUS devices to reset the " |
paralax
/ aicloud_xxe.py
Created
August 14, 2018 18:22
ASUS Router AiCloud XXE - Routersploit module
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import random | |
| import string | |
| from routersploit.core.exploit import * | |
| from routersploit.core.http.http_client import HTTPClient | |
| class Exploit(HTTPClient): | |
| __info__ = { | |
| "name": "ASUS Router AiCloud XXE", | |
| "description": "Module exploits remote XXE flaw in ASUS device AiCloud service. " |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vagrant.configure("2") do |config| | |
| config.vm.box = "ubuntu/xenial64" | |
| # progressbar via https://askubuntu.com/questions/445245/how-do-i-enable-fancy-apt-colours-and-progress-bars | |
| # from https://dev.gravwell.io/docs/#!quickstart/quickstart.md | |
| $script = <<SCRIPT | |
| mkdir -p /etc/apt/apt.conf.d | |
| echo 'Dpkg::Progress-Fancy "1";' > /etc/apt/apt.conf.d/99progressbar | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # routersploit/modules/payloads/php/bind_tcp.py | |
| from base64 import b64encode | |
| from routersploit.core.exploit import * | |
| from routersploit.core.exploit.payloads import BindTCPPayloadMixin, GenericPayload | |
| class Exploit(BindTCPPayloadMixin, GenericPayload): | |
| __info__ = { | |
| "name": "PHP Bind TCP", |