Skip to content

Instantly share code, notes, and snippets.

View 5l1v3r1's full-sized avatar

5l1v3r1 5l1v3r1

823 followers · 4.7k following
View GitHub Profile
@5l1v3r1
5l1v3r1 / lsa-whisperer.md
Created April 27, 2024 19:33 — forked from EvanMcBroom/lsa-whisperer.md
LSA Whisperer

LSA Whisperer

Thank you to SpecterOps for supporting this research, to Elad for helping draft this blog, and to Sarah, Daniel, and Adam for proofreading and editing! Crossposted on the SpecterOps Blog.

What follows is the culmination of two years of research with funding by SpecterOps and contributions from many of my coworkers.

Special thanks are needed to Elad, Lee, Will, Daniel, and Kai. Elad, Lee, and Will have contributed several ideas to the project, which are documented here, and have each spent multiple days testing the tool. Daniel has answered all of my inevitable questions about AzureAD (whoops, now Ent

@5l1v3r1
5l1v3r1 / ChatGPT-Dan-Jailbreak.md
Created December 29, 2023 07:38 — forked from coolaj86/ChatGPT-Dan-Jailbreak.md
@5l1v3r1
5l1v3r1 / GitHub-Leaked-API-Keys-and-Secrets.md
Created October 3, 2023 22:31 — forked from win3zz/GitHub-Leaked-API-Keys-and-Secrets.md

GitHub Search Syntax for Finding API Keys/Secrets/Tokens

As a security professional, it is important to conduct a thorough reconnaissance. With the increasing use of APIs nowadays, it has become paramount to keep access tokens and other API-related secrets secure in order to prevent leaks. However, despite technological advances, human error remains a factor, and many developers still unknowingly hardcode their API secrets into source code and commit them to public repositories. GitHub, being a widely popular platform for public code repositories, may inadvertently host such leaked secrets. To help identify these vulnerabilities, I have created a comprehensive search list using powerful search syntax that enables the search of thousands of leaked keys and secrets in a single search.

Search Syntax:

(path:*.{File_extension1} OR path:*.{File_extension-N}) AND ({Keyname1} OR {Keyname-N}) AND (({Signature/pattern1} OR {Signature/pattern-N}) AND ({PlatformTag1} OR {PlatformTag-N}))

Examples:

**1.

@5l1v3r1
5l1v3r1 / nmap.sh
Created October 3, 2023 19:40 — forked from Bo0oM/nmap.sh
Three steps for nmap
echo -n "Target list (google.com, 192.168.1.1/24): "
read IP
echo "Treat all hosts as online -- skip host discovery (Y/N)?"
read answer
PN=""
if [ "$answer" != "${answer#[Yy]}" ] ; then
PN="-Pn";
fi
@5l1v3r1
5l1v3r1 / CryptoJS_AES_decrypt.php
Created October 3, 2023 19:39 — forked from Bo0oM/CryptoJS_AES_decrypt.php
CryptoJS AES decrypt on PHP
<?php
/**
* author: alexeyprudnikov
**/
class JsAes {
public static function Decrypt($base64string, $secretkey) {
$base64string = str_replace('_', '+', $base64string);
$data = base64_decode($base64string);
@5l1v3r1
5l1v3r1 / memcached-dumper.php
Created October 3, 2023 19:39 — forked from Bo0oM/memcached-dumper.php
Memcached dumper
#!/usr/bin/env php
<?php
if (! isset($argv[1])) {
echo 'Usage: memcached-dumper.php <server>'.PHP_EOL;
exit;
}
@5l1v3r1
5l1v3r1 / gist:d8b8e6049a3c5960344d16efefdcf2ce
Created October 3, 2023 18:35 — forked from Bo0oM/gist:5d18e56847d2b1722bf5eedea853119b
Bitrix urls
This file has been truncated, but you can view the full file.
rss.php
coupon_activation.php
tools/bizproc_wf_settings.php
tools/seo_yandex.php
tools/seo_google.php
tools/get_catalog_menu.php
tools/sale_farm_check_print.php
tools/vote/uf.php
tools/vote/vote_chart.php
tools/sale/discount_coupon_list.php
@5l1v3r1
5l1v3r1 / CVE-2023-21939.md
Created September 15, 2023 20:51 — forked from win3zz/CVE-2023-21939.md
CVE-2023-21939 - Code Exec - Proof of Concept

CVE-2023-21939 - Code Exec - Proof of Concept

Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie

@5l1v3r1
5l1v3r1 / windows10-cleanup.bat
Created August 13, 2023 16:47 — forked from tkuennen/windows10-cleanup.bat
Removes most of the crap from Windows 10
@rem *** Disable Some Services ***
sc stop DiagTrack
sc stop diagnosticshub.standardcollector.service
sc stop dmwappushservice
sc stop WMPNetworkSvc
sc stop WSearch
sc config DiagTrack start= disabled
sc config diagnosticshub.standardcollector.service start= disabled
sc config dmwappushservice start= disabled
@5l1v3r1
5l1v3r1 / SysEnv.ahk
Created July 25, 2023 17:11 — forked from roblogic/SysEnv.ahk
Editing Windows PATH with AutoHotKey
#SingleInstance, Force
#NoEnv ; somewhat ironic...
; this won't work in vista/7 if it's not run as an administrator.
; i'm too lazy to request it manually so the easiest way is to
; compile this script, and then under Compatibility tab in the
; compiled exe's Properties select "Run as Administrator"
RegRead, P, HKLM, SYSTEM\CurrentControlSet\Control\Session Manager\Environment, PATH