xpn

GET /beta/deviceLocalCredentials/[DEVICE-ID]?$select=credentials HTTP/1.1
ocp-client-version: 1.0
client-request-id: 96cbfa59-dbfc-4a92-b261-7f77bd8f4b9b
ocp-client-name: Get-LapsAADPassword Windows LAPS Cmdlet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Microsoft Windows 10.0.22621; en-US) PowerShell/5.1.22621.963 Invoke-MgGraphRequest
SdkVersion: graph-powershell/1.26.0, Graph-dotnet-1.25.1
FeatureFlag: 00000047
Cache-Control: no-store, no-cache
Authorization: Bearer [AAD-JWT-HERE]
Accept-Encoding: gzip

tothi

#!/usr/bin/env python3
#
# detect whether the remote MSMQ service on 1801/tcp is enabled or not
# by sending a valid message to the target
#
# resources:
#  https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqmq/b7cc2590-a617-45df-b6a3-1f31102b36fb
#  https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/85498b96-f2c8-43b3-a108-c9d6269dc4af
#

goncalor

MSMQ Nmap service probe

⚠️ Disclaimer: testing of this probe is limited and the MSMQ protocol is proprietary and undocumented. Use this probe at your own risk. ⚠️

Nmap currently has no way to detect whether the service running on TCP port 1801 is [Microsoft Message Queuing (MSMQ)][wikipedia_msmq]. The file msmq-service-probe here has been developed to give Nmap the capability to detect MSMQ. The objective is to help identify assets with MSMQ exposed, that may be vulnerable to [CVE-2023-21554][nist_cve_2023_21554], aka QueueJumper.

This works by sending a MSMQ packet to port 1801 and checking if the response matches an expected fingerprint.

You can run this probe as follows:

mgeeky

# Pack macro-enabled doc to ISO
py PackMyPayload.py Resume1337.xlsm test11.iso

# Apply MOTW on that ISO
Set-Content -Path test11.iso -Stream Zone.Identifier -Value '[ZoneTransfer]','ZoneId=3'

# Mount it
Mount-DiskImage -ImagePath test11.iso

rqu1

from hashlib import md5, sha1
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from base64 import b64encode, b64decode
import sys, time
import requests

DEFAULT_MASTERKEY=b'p1a2l3o4a5l6t7o8'

class PanCrypt():

tadhgboyle

• install homebrew if you have not already

  • /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

• install qemu

  • brew install qemu

• extract the .ova file

  • tar -xvf /path/to/ova

nullbind

# Setup native functions so they can be called through c#
$win32 = @"
using System.Runtime.InteropServices;
using System;

public class Win32 {


[DllImport("kernel32")]
public static extern IntPtr GetProcAddress(IntPtr hModule, string procName);

byt3bl33d3r

{
        # This instructs Caddy to hit the LetsEncrypt staging endpoint, in production you should remove this.
        acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

(proxy_upstream) {
        # Enable access logging to STDOUT
        log
        
        # This is our list of naughty client User Agents that we don't want accessing our C2

OTaKuHP

Bug Bounty Checklist and Cheatsheets

WAPT-https://github.com/KathanP19/HowToHunt/blob/master/CheckList/Web_Checklist_by_Chintan_Gurjar.pdf

Authenication-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/Authentication.pdf

Oauth Misconfiguration-https://binarybrotherhood.io/oauth2_threat_model.html

File Upload-https://github.com/HolyBugx/HolyTips/blob/main/Checklist/File%20Upload.pdf

andrenbrandao

# Set vi key bindings mode
set -g mode-keys vi
set -g status-keys vi

# Set new panes to open in current directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"

# List of plugins