Skip to content

Some good-boy scripts I've made throughout my time learning aggressive infosec

Notifications You must be signed in to change notification settings

scumdestroy/pentest-scripts-for-dangerous-boys

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pentester-bounty-hunter-scripts

Just posting some of the scripts I write as I strengthen my pythonic coding, some exploit scripts as I work through their write-ups and attempt to develop my own PoC's, as well as random scripts from one-off challenges or snippets undeserving of an entire github shrine dedicated to their rancid memory.

Thanks for reading and checking out my repo!


CBC-mac / Initialization Vector vulnerability

based on the vulnerability of using a hardcoded IV in CBC-MAC implementation (it should be an IV consisting of just nullbytes) POC based on the idea that if you can modify the IV, you can change parts of the cookie without the signature being invalidated. In a basic misconfiguration such as this, you just need to make a log in, the app should give you a sig and the IV as a cookie. Then compute a XOR of the first block, get the first block of your desired username (this POC uses administrator), XOR from x^y. Hopefully, this simplifies something. Special thanks to Louis Nyffenegger for this one.
 puts "curl -H 'Cookie: iv=#{new_iv}; auth=#{new_auth}' <victim site>" 

CVE-2018-0114 POC written in Ruby, real credit goes to Louis Nyffenegger


CVE-2019-5420

exploit to conjure up cookies to impersonate any user, discovered by ooooooo_q @ hackerone https://hackerone.com/reports/473888

JWT-KID-param-RCE.rb

inspired by Ruby library Net::FTP (CVE-2017-17405), allows attacker to run commands via KID parameter

JWT-decompile-and-resign.rb

common misconfiguration of JSON web tokens vuln script

JWT-kid-vuln.rb

another JWT POC based on a similar misconfiguration of the KID paramater, this time due to a lack of escaping that can allow SQLI or LFI

SAML-exploit-101.rb

Very basic implementation to easily produce that big chunky SAML code you can swap in with a web proxy right before it hits the server

ASCII-number-to-text

Convert a bunch of spaced ascii numbers into UTF-8, for baby's first crypto challenge

hex2utf-decoder.py

Like above, baby's first hex decoder for human babies.

json-csrf.html

super primitive CSRF POC, though when applied in JSON format

methodist.py // HTTP Method's enumerator

python3 methodist.py [full url]

oauth-CSRF

Tamper with some parameters to expose a weakness in oauth implementation for your web-app. Fill in the variables noted within and deploy with ```
"curl -H 'Authorization: Bearer [TOKEN]' [RESOURCE_SERVER]/api/keys --dump-header -"

phar_exploit.php

POC for a very poor implementation of phar. Hopefully, this is near extinct in the wild and lives on solely through some honeypots.

SAML-interception-exploit-simple.rb/py

Again, very simple SAML POC, code couldn't really be boiled down to less really.

ugadget-deserialization.rb

couldn't get the other scripts on here to work for me, nor the articles I read for the case I was attempting to exploit. Extremely impressive and clever work from Luke Jahnke and this article. https://www.elttam.com/blog/ruby-deserialization/

XOR-singlebyte

Another script from the infant's crypto challenge building blocks primer.

zlib-decompressor.py

this really doesn't come standard as a bash command and i'm not looking it up on google for the 4th time this season.

About

Some good-boy scripts I've made throughout my time learning aggressive infosec

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published