milo2012’s gists

milo2012 / scada_password_recovery_list.csv

Created June 9, 2018 03:00 — forked from Evilcry/scada_password_recovery_list.csv

SCADA Password Recovery List

We can make this file beautiful and searchable if this error is corrected: It looks like row 8 should actually have 1 column, instead of 8 in line 7.

	Yokogawa;CENTUM CS 3000 DCS;CENTUM:CENTUM
	Yokogawa;EJX910A Multivariable Transmitter HART Communication Type;YOKOGAWA. (to release the Write Protect mode)
	Yokogawa;WT 3000 Driver;anonymous:blank (Ethernet access)
	Yokogawa;DX1000/DX1000N/DX2000 Advanced;Administrator 1:Admin1 etc./ User 1:User01 etc.
	Yokogawa;YFGW410 gateway;admin:!admin
	Wonderware;System Platform/Archestra;administrator:blank
	Wonderware;Intouch;Administrator:Wonderware
	Wonderware;Historian;SQL Server Login: aadbo:pwddbo, wwdbo:pwddbo, aaAdmin:pwAdmin, wwAdmin:wwAdmin, aaPower:pwPower, wwPower:wwPower, aaUser:pwUser, wwUser:wwUser
	Westermo;TDW 33;no password, just return, Hardcoded password: n3Y9kA6otYZu8, (?? TD-36)
	Westermo;MRD-305-DIN/MRD-310/MRD-315/MRD-330/MRD-355/MRD-350/MRD-455;admin:westermo

milo2012 / Backdoor Notes

Created June 14, 2018 19:58

Backdoor Notes

	#Creating signed and customized backdoored macOS applications by abusing Apple Developer tools
	https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187
	Notes:
	Include 1) 1Password 7.app (Gatekeeper Approved) 2) StuffIt Expander.app/Backdoor (Not Approved) in /tmp/apps. You will be allowed to run both 1) and 2) (Gatekeeper bypass)

	Alternative one liner:
	$ pkgbuild --root /tmp/apps --identifier com.microsoft --install-location /Applications mypackage.pkg

milo2012 / pentesting_ios_apps_on_electra.txt

Last active January 19, 2022 14:04

Pentesting IOS Applications on Electra 11.1.2

	#Burp SSL Certificate on IOS 11
	On iOS 11 you can't just install your MITM root cert, you also need to explicitly trust it.
	You can do this by:
	Settings -> General -> About -> Certificate Trust Settings -> Flip the switch on your cert
	----------------------------------------------------------------------------------------------------------------
	#GDB on IOS 11
	Source: https://shmoo419.github.io/
	gdb
	ps -ax \| grep -i appName
	attach [processNo]

milo2012 / sniffCert.py

Created September 27, 2018 04:17

Sniff and extract server SSL certificate of wireless access point (EAP)

	#!/usr/bin/python
	'''
	$ python sniffCert.py -h
	Usage: sniffCert.py [options]

	Options:
	-h, --help show this help message and exit
	-i INTERFACENO Interface to sniff

	$ python sniffCert.py -i en0

milo2012 / exploit_notes_Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002.txt

Last active December 7, 2021 10:17

Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002

	Exploit Notes: CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002

	#Install vulnerable docker version of Jenkins
	$ docker run -p 8080:8080 -p 50000:50000 jenkins/jenkins:2.121.2
	- Go to http://127.0.0.1:8080
	- Install suggested plugins
	- Create a user account (admin\|admin)
	- Click "New Item"
	- Under Item Name, enter 'Helloworld', choose 'Pipeline' and click 'OK'
	- Under 'Pipeline', untick 'Use Groovy Sandbox' and click 'Save'

milo2012 / checkScopeWithNmap.py

Created May 10, 2019 17:17

for segmentation tests - compare nmap xml files with scope and check which scopes were accessible and which weren't

	#!/usr/bin/python -tt
	# -- coding: utf-8 --
	import sys, glob, optparse
	reload(sys);
	from netaddr import IPNetwork
	from libnmap.parser import NmapParser
	ipDict={}
	scopeDict={}

	accessibleList=[]

milo2012 / checkSSHCiphers.py

Created May 22, 2019 04:04

Check SSH Ciphers (works with IPv6)


	import paramiko, sys, logging, optparse, os
	sys.tracebacklimit = 0
	logging.raiseExceptions=False
	acceptedCipherList=[]
	acceptedMacList=[]
	acceptedKeyList=[]
	acceptedKexList=[]
	cipherList = (
	"aes128-ctr",

milo2012 / gist:96ab77e05714915ea22f8c214f838aac

Last active January 4, 2021 07:58

	$ sudo python msfHelper1.py nmap__190723_132536.xml
	[*] Launching Metasploit msfrpcd
	[*] Reading from msfHelper.db
	[*] Loaded 474 URI paths from msfHelper.db

	[*] Loaded 2982 modules from Metasploit

	[List of Unique Service Banners]
	-------- ----------------------------------------------------------------------------
	21/tcp vsftpd version: 2.3.4 ostype: Unix

milo2012 / extractHTTPfromNmap.py

Last active September 17, 2019 18:29

This script parses nmap XML file and extract HTTP/HTTPs servers. The problem with Nmap scanning is that it doesn't correctly identify all hosts running HTTP/HTTPS services. This script attempts to fix this issue

	from libnmap.parser import NmapParser
	import requests, optparse, os, sys, glob, multiprocessing
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
	requests.packages.urllib3.disable_warnings()
	timeout=1.0
	numOfThreads=2

	#This script parses nmap XML file and extract HTTP/HTTPs servers.
	#The problem with Nmap scanning is that it doesn't correctly identify all hosts running HTTP/HTTPS services.

milo2012 / CVE-2018-15473.py

Created June 1, 2020 17:15

SSH Username Enumeration (CVE-2018-15473) - Supports IPv6

	# Exploit: OpenSSH 7.7 - Username Enumeration
	# Author: Justin Gardner
	# Date: 2018-08-20
	# Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz
	# Affected Versions: OpenSSH version < 7.7
	# CVE: CVE-2018-15473

	###########################################################################
	# ____ _____ _____ _ _ #
	# / __ \ / ____/ ____\| \| \| \| #

Keith Lee milo2012