Skip to content

Instantly share code, notes, and snippets.

View kevthehermit's full-sized avatar

TheHermit kevthehermit

900 followers · 2 following
View GitHub Profile
@kevthehermit
kevthehermit / CVE-2023-49103-tags.csv
Last active December 2, 2023 14:08
CVE-2023-49103 Docker Tags
Docker Tag Version PHP Info Response
owncloud/server:10.13.3 10.13.3 False
owncloud/server:10 10 False
owncloud/server:10.13 10.13 False
owncloud/server:10.12.2 10.12.2 False
owncloud/server:10.12 10.12 False
owncloud/server:10.13.3-rc.2 10.13.3-rc.2 False
owncloud/server:10.13.2 10.13.2 False
owncloud/server:10.13.3-rc.2-amd64 10.13.3-rc.2-amd64 False
owncloud/server:10.13.2-amd64 10.13.2-amd64 False
@kevthehermit
kevthehermit / detection.yml
Last active September 16, 2022 22:55
Office --> MSDT --> RCE
title: Sysmon Office MSDT
id: c95ed569-5da4-48b3-9698-5e429964556c
description: Detects MSDT Exploit Attempts
status: experimental
author: kevthehermit
date: 2022/05/30
references:
- https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
- https://gist.github.com/kevthehermit/5c8d52af388989cfa0ea38feace977f2
logsource:
@kevthehermit
kevthehermit / uhppote.nse
Created April 9, 2022 09:49
Scans a uhppote access controller and retrieves Access Cards
-- The Head
local match = require "match"
local nmap = require "nmap"
local stdnse = require "stdnse"
local shortport = require "shortport"
description = [[
This script will scan for UHPPOTE Controllers and dump details
]]
@kevthehermit
kevthehermit / 31017.xml
Created June 30, 2021 12:41
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-SMBClient" Guid="{988c59c5-0a1c-45b6-a555-0c62276e327d}" />
<EventID>31017</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x200000000000080</Keywords>
<TimeCreated SystemTime="2021-06-30T11:01:31.025306200Z" />
@kevthehermit
kevthehermit / netgear_analytics.json
Created June 28, 2021 13:49
"routerHardware": {
"productFamily": "router",
"modelName": "xr500",
"stage": "prod",
"deviceInfo": {
"macAddress": "REDACTED BY ME",
"serialNumber": "REDACTED BY ME"
},
"eventType": 1,
"timeStamp": {
@kevthehermit
kevthehermit / omg_extract.py
Created February 1, 2020 13:32
Extract Stuff from O.mg Cable firmaware dumps
import re
import argparse
import esptool
from esptool import ESPLoader
from io import StringIO
import sys
MODE_PATTERN = b'MODE ([1-2])\x00'
SSID_PATTERN = b'SSID (.*)\x00PASS'
@kevthehermit
kevthehermit / keybase.md
Created October 7, 2014 19:40

Keybase proof

I hereby claim:

  • I am kevthehermit on github.
  • I am thehermit (https://keybase.io/thehermit) on keybase.
  • I have a public key whose fingerprint is 86C1 F5F7 B484 91D1 0397 7635 850A 2E18 861A 9E54

To claim this, I am signing this object:

@kevthehermit
kevthehermit / gist:d521193f593a487ee472
Last active August 29, 2015 14:02
Fake Origin Dump - Pipal
This is the pipal output of the Fake Origin Dump.
Read about it here - http://www.slashgear.com/origin-not-hacked-ea-confirms-false-alarm-13333575/
Get pipal here -https://github.com/digininja/pipal
Dates
Months
january = 47 (0.0%)
february = 16 (0.0%)
march = 118 (0.01%)