Skip to content

Instantly share code, notes, and snippets.

View ztgrace's full-sized avatar

Zach Grace ztgrace

217 followers · 0 following
View GitHub Profile
@ztgrace
ztgrace / jboss-cli-client-brute.bash
Created June 4, 2020 15:38
#!/bin/bash
# Wrapper for the jboss-cli-client.jar to brute creds
# Usage: ./jboss-cli-client-brute.bash 10.10.10.10 4447 ./users.txt ./passwords.txt
#
# Default port: 4447
# Nmap service description: JBoss Remoting (JBoss management interface)
host=$1
port=$2
user_file=$3
@ztgrace
ztgrace / ios-uri-scheme-fuzzing.js
Created April 3, 2020 13:14
Fuzz Universal Links on iOS 12
/*
* iOS URI Scheme Fuzzing
* forked from: https://codeshare.frida.re/@dki/ios-url-scheme-fuzzing/
* Usage: frida -U -l ios-uri-scheme-fuzzing.js -n SpringBoard
*
* Open the specified URL
* openURL("somescheme://test");
*
* Find the executable name for a particular scheme
* bundleExecutableForScheme("somescheme");
@ztgrace
ztgrace / .htaccess
Created July 2, 2018 15:44 — forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
RewriteEngine On
# Uncomment the below line for verbose logging, including seeing which rule matched.
#LogLevel alert rewrite:trace5
# BURN AV BURN
# AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device
RewriteCond expr "-R '54.0.0.0/8'" [OR]
RewriteCond expr "-R '52.0.0.0/8'" [OR]
@ztgrace
ztgrace / rekall_install.sh
Created July 21, 2017 15:23
Install Rekall on Kali Linux
#!/bin/bash
apt-get install libncurses-dev
pip install virtualenv
virtualenv ~/.rekall_env
source ~/.rekall_env/bin/activate
pip install --upgrade setuptools pip wheel
pip install rekall
echo 'alias rekal="source ~/.rekall_env/bin/activate; rekall"' >> ~/.bash_aliases
@ztgrace
ztgrace / jwt_brute.py
Last active March 10, 2021 05:25
#!/usr/bin/env python
import sys
import jwt
import json
import multiprocessing as mp
from multiprocessing import current_process
import argparse
import Queue
from time import sleep
@ztgrace
ztgrace / fhfs_rce.rb
Created October 10, 2015 21:40
PoC exploit used by the Cult of the Glowing Rectangle at the 2015 DerbyCon CTF
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
@ztgrace
ztgrace / ecb_oracle.py
Created April 18, 2015 02:30
AES ECB chosen plaintext attack example
#!/usr/bin/env python
from Crypto.Cipher import AES
import sys
def split_len(seq, length):
return [seq[i:i+length] for i in range(0, len(seq), length)]
def oracle(chosen):
secret = "foobarbaz1234567890%sSecret42" % chosen # target to decrypt