Etienne Stalmans staaldraad
staaldraad
/ getWPSLogin
Created
January 19, 2015 10:18
Get the login portal page for websphere (WPS) - Allows you to get to www.host.com/wps/portal/ut!/p/ without knowing the complete/valid path. Redirect will send you there automagically
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| GET /wps/redirect HTTP/1.1 | |
| Host: www.host.com | |
| User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 | |
| Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 | |
| Accept-Language: en-ZA,en-GB;q=0.8,en-US;q=0.5,en;q=0.3 | |
| Accept-Encoding: gzip, deflate | |
| Cookie: WASReqURL=http:///wps/ | |
| Connection: keep-alive |
staaldraad
/ pyforw.py
Last active
February 19, 2024 06:54
Python script to create a Connect-Connect tunnel. For those times ncat/socat can't be put on the box and python is available..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Python script to create a Connect-Connect tunnel. For those times ncat/socat can't be put on the box and python is available.. | |
| Author: Etienne Stalmans <etienne@sensepost.com> | |
| Version: 1.0 (22_01_2015) | |
| Usage: python pyforw.py <targetIP> <targetPort> <jumpbox> <jumpboxPort> | |
| python pyforw.py 10.1.1.1 3389 179.0.0.100 8081 | |
| """ | |
| from socket import * |
staaldraad
/ mongo_dump.js
Created
February 3, 2015 14:32
Connect to mongodb and extract list of databases, collections and dump 'x' number of records from a selected collection. Usage: node mongo_dump.js [host] [option] Where option can be: c -- dump a list of collections x [db] [collection] -- dump values from the collection in database 'db' Example: node mongo_dump.js 127.0.0.1 x TestDB users
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Quick and dirty scanner of exposed MongoDB instances | |
| Author: etienne@sensepost.com | |
| Version: 04/02/2015 | |
| */ | |
| var host = "127.0.0.1:27017"; | |
| var d_collections = false; | |
| var dx_collection = false; | |
| var MongoClient = require('mongodb').MongoClient; | |
| var limitsize = 10; |
staaldraad
/ memcache_dump.js
Created
February 3, 2015 15:26
Dump data from exposed memcached instances
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| NodeJS interface to memcache. Allows for extracting keys and specific values. | |
| Author: etienne@sensepost.com | |
| Version: 02/02/2015 v0.1 | |
| */ | |
| var host = process.argv[2] | |
| var port = 11211 | |
| if(!process.argv[3]) | |
| { |
staaldraad
/ cassandra_dump.js
Last active
August 29, 2015 14:15
Dump/Extract info from Cassandra database over hsql
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| connect to and dump keyspace/tables/data from cassandra database | |
| Usage: | |
| Get keyspaces: node cassandra_dump.js -h 10.10.0.1 | |
| Get Tables in Keyspace: node cassandra_dump.js -h 10.10.0.1 -k keyspacename | |
| Get 10 rows from a table: node cassandra_dump.js -h 10.10.0.1 -k keyspacename -t tablename | |
| Custom SQL/CQL statment: node cassandra_dump.js -h 10.10.0.1 -k keyspacename -s 'SELECT * FROM tablename LIMIT 5' | |
| Author: etienne@sensepost.com | |
| Version: 1.0 17 February 2015 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Dump data from open Redis instance. | |
| Usage: node redis_dump.js -h 10.10.0.1 | |
| node redis_dump.js -n 10 #dumps the first 10 keys from the instance | |
| node redis_dump.js -k keyname #dump the value of a specific key | |
| Author: etienne@sensepost.com | |
| Version: 1.0 12 February 2015 | |
| */ | |
| var redis = require("redis") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Connect to and extract values from Riak database. Default port 8087 | |
| Author: etienne@sensepost.com | |
| Version: 1.0 26 February 2015 | |
| */ | |
| var argv = require('minimist')(process.argv.slice(2)); | |
| var riak = require('riak-pb'); | |
| if(process.argv.length < 2){ |
staaldraad
/ Dockerfile
Last active
June 6, 2018 14:20
Use Docker to run @sensepost Mana like a hipster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Mana-toolkit from @sensepost | |
| # | |
| # VERSION 0.1 | |
| FROM ubuntu | |
| MAINTAINER Etienne Stalmans, etienne@sensepost.com | |
| RUN apt-get update && apt-get install -y \ | |
| unzip \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var thrift = require('thrift'); | |
| var util = require('util') | |
| var HBase = require('./gen-nodejs/Hbase'); | |
| var HBaseTypes = require('./gen-nodejs/Hbase_types'); | |
| var port = 9090 | |
| //var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TFramedTransport,protocol:thrift.TBinaryProtocol }); | |
| var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TBufferedTransport, protocol:thrift.TBinaryProtocol }); | |
| connection.on('connect', function () { |
staaldraad
/ huaweiPassExtract.py
Last active
May 19, 2023 11:00
Extract local users and passwords from Huawei router/firewall config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Simple tool to extract local users and passwords from most Huawei routers/firewalls. | |
| Author: Etienne Stalmans (etienne@sensepost.com) | |
| Version: 1.0 (15/01/2014) | |
| """ | |
| import os | |
| import sys | |
| import argparse |