Zach Grace ztgrace
ztgrace
/ jboss-cli-client-brute.bash
Created
June 4, 2020 15:38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Wrapper for the jboss-cli-client.jar to brute creds | |
| # Usage: ./jboss-cli-client-brute.bash 10.10.10.10 4447 ./users.txt ./passwords.txt | |
| # | |
| # Default port: 4447 | |
| # Nmap service description: JBoss Remoting (JBoss management interface) | |
| host=$1 | |
| port=$2 | |
| user_file=$3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * iOS URI Scheme Fuzzing | |
| * forked from: https://codeshare.frida.re/@dki/ios-url-scheme-fuzzing/ | |
| * Usage: frida -U -l ios-uri-scheme-fuzzing.js -n SpringBoard | |
| * | |
| * Open the specified URL | |
| * openURL("somescheme://test"); | |
| * | |
| * Find the executable name for a particular scheme | |
| * bundleExecutableForScheme("somescheme"); |
ztgrace
/ .htaccess
Created
July 2, 2018 15:44
— forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RewriteEngine On | |
| # Uncomment the below line for verbose logging, including seeing which rule matched. | |
| #LogLevel alert rewrite:trace5 | |
| # BURN AV BURN | |
| # AWS Exclusions. Cloudfronted requests by default will have a UA of "Amazon Cloudfront". More info here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html#header-caching-web-device | |
| RewriteCond expr "-R '54.0.0.0/8'" [OR] | |
| RewriteCond expr "-R '52.0.0.0/8'" [OR] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| apt-get install libncurses-dev | |
| pip install virtualenv | |
| virtualenv ~/.rekall_env | |
| source ~/.rekall_env/bin/activate | |
| pip install --upgrade setuptools pip wheel | |
| pip install rekall | |
| echo 'alias rekal="source ~/.rekall_env/bin/activate; rekall"' >> ~/.bash_aliases |
ztgrace
/ jwt_brute.py
Last active
March 10, 2021 05:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| import jwt | |
| import json | |
| import multiprocessing as mp | |
| from multiprocessing import current_process | |
| import argparse | |
| import Queue | |
| from time import sleep |
ztgrace
/ fhfs_rce.rb
Created
October 10, 2015 21:40
PoC exploit used by the Cult of the Glowing Rectangle at the 2015 DerbyCon CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # This module requires Metasploit: http://metasploit.com/download | |
| # Current source: https://github.com/rapid7/metasploit-framework | |
| ## | |
| require 'msf/core' | |
| class Metasploit3 < Msf::Exploit::Remote | |
| Rank = ExcellentRanking |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| from Crypto.Cipher import AES | |
| import sys | |
| def split_len(seq, length): | |
| return [seq[i:i+length] for i in range(0, len(seq), length)] | |
| def oracle(chosen): | |
| secret = "foobarbaz1234567890%sSecret42" % chosen # target to decrypt |