Skip to content

Instantly share code, notes, and snippets.

View staaldraad's full-sized avatar

Etienne Stalmans staaldraad

469 followers · 4 following
View GitHub Profile
@staaldraad
staaldraad / riak_dump.js
Last active August 29, 2015 14:16
Connect and dump Riak databases
/* Connect to and extract values from Riak database. Default port 8087
Author: etienne@sensepost.com
Version: 1.0 26 February 2015
*/
var argv = require('minimist')(process.argv.slice(2));
var riak = require('riak-pb');
if(process.argv.length < 2){
@staaldraad
staaldraad / hbase_dump.js
Created March 10, 2015 16:31
dump data from HBase database
var thrift = require('thrift');
var util = require('util')
var HBase = require('./gen-nodejs/Hbase');
var HBaseTypes = require('./gen-nodejs/Hbase_types');
var port = 9090
//var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TFramedTransport,protocol:thrift.TBinaryProtocol });
var connection = thrift.createConnection(process.argv[2], port, { transport: thrift.TBufferedTransport, protocol:thrift.TBinaryProtocol });
connection.on('connect', function () {
@staaldraad
staaldraad / awks
Last active October 2, 2015 15:29
Create a sha256 hash (in uppercase) for each line in a file:
awk '{printf "%s - ",$1 }{"echo -n "$1"|sha256sum"|getline d;split(d,a,"-"); print toupper(a[1])}' notes.txt
For each line in the 'reps.txt' - create a random string of correct length and do a replace.
for i in `cat reps.txt`; do [16:28]
x=`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w ${#i} | head -n 1`; echo $x;
sed -i "s/$i/$x/g" x6 ;
done
@staaldraad
staaldraad / signer.sh
Last active October 16, 2015 10:47
Script to sign PDFs
#! /bin/bash
# PDF signing in Linux
# Author: etienne@sensepost.com
# Version: 1.0 16 October 2015
# Requirements: xv, imagemagick
# Check if requirements are met:
if ! which convert 2>/dev/null; then
echo "ImageMagick not installed and is required"
exit 1
fi
@staaldraad
staaldraad / decodeWAS.py
Created December 1, 2015 14:07
Decode websphere passwords
#!/bin/bash
import sys
import binascii
tmp = binascii.a2b_base64(sys.argv[1])
out = ""
for x in tmp:
out += chr(ord(x)^95) #xor with the underscore char (_)
@staaldraad
staaldraad / redis_dump.js
Last active December 19, 2016 10:10
Dump data from open Redis instance
/*
Dump data from open Redis instance.
Usage: node redis_dump.js -h 10.10.0.1
node redis_dump.js -n 10 #dumps the first 10 keys from the instance
node redis_dump.js -k keyname #dump the value of a specific key
Author: etienne@sensepost.com
Version: 1.0 12 February 2015
*/
var redis = require("redis")
@staaldraad
staaldraad / count words and sort
Created December 9, 2016 11:56
Count all words in a list and sort
grep -v "^\s*$" /tmp/cracked| sort | uniq -c | sort -bnr
@staaldraad
staaldraad / onDC.ps1
Created May 30, 2017 14:47
Detect Possible Ruler usage On Exchange and Domain Controller
Get-EventLog -InstanceId 4776 -LogName "Security" | ForEach-Object {
$sp = $_.message -split "`n"
$tmp = $sp | Select-String -Pattern 'RULER'
if($tmp.count -ge 1){
Write-Host "Possible Ruler usage at: " $_.TimeGenerated
$sp | Select-String -Pattern 'Logon Account:' | write-host
}
}
@staaldraad
staaldraad / getWPSLogin
Created January 19, 2015 10:18
Get the login portal page for websphere (WPS) - Allows you to get to www.host.com/wps/portal/ut!/p/ without knowing the complete/valid path. Redirect will send you there automagically
GET /wps/redirect HTTP/1.1
Host: www.host.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-ZA,en-GB;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Cookie: WASReqURL=http:///wps/
Connection: keep-alive
@staaldraad
staaldraad / MetasploitDockerfile
Last active November 2, 2017 15:34
Metasploit in a Docker container
FROM ubuntu:14.04
MAINTAINER Etienne Stalmans, etienne@sensepost.com
RUN apt-get update && apt-get install -y \
unzip \
iptables
RUN apt-get install -y \
build-essential \