E1A

Intro

”Nuclei is used to send requests across targets based on a template, leading to zero false positives and providing fast scanning on a large number of hosts. Nuclei offers scanning for a variety of protocols, including TCP, DNS, HTTP, SSL, File, Whois, Websocket, Headless etc. With powerful and flexible templating, Nuclei can be used to model all kinds of security checks.”

---

FAQ

• Q: What is nuclei?
• A: Nuclei is a fast and customizable vulnerability scanner based on simple YAML-based templates.

tothi

Certifried combined with KrbRelayUp

Certifried (CVE-2022-26923) gives Domain Admin from non-privileged user with the requirement adding computer accounts or owning a computer account. Kerberos Relay targeting LDAP and Shadow Credentials gives a non-privileged domain user on a domain-joined machine local admin access on (aka owning) the machine. Combination of these two: non-privileged domain user escalating to Domain Admin without the requirement adding/owning computer accounts.

The attack below uses only Windows (no Linux tools interacting with the Domain), simulating a real-world attack scenario.

Prerequisites:

dwisiswant0

#!/bin/bash

curl -s http://burp/cert -x http://127.0.0.1:8080 -o cacert.der
openssl x509 -inform DER -in cacert.der -out cacert.pem
export CERT_HASH=$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1)
adb root && adb remount
adb push cacert.pem "/sdcard/${CERT_HASH}.0"
adb shell su -c "mv /sdcard/${CERT_HASH}.0 /system/etc/security/cacerts"
adb shell su -c "chmod 644 /system/etc/security/cacerts/${CERT_HASH}.0"
rm -rf cacert.*

mss

# Tested on an upgraded Ubuntu 20.04
apt install netplan.io
systemctl unmask systemd-networkd.service
systemctl unmask systemd-resolved.service
ENABLE_TEST_COMMANDS=1 netplan migrate
netplan try
reboot
apt purge ifupdown resolvconf
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

mikaelz

#!/bin/bash

ffmpeg -rtsp_transport tcp \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/102 \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/202 \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/302 \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/402 \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/502 \
    -i rtsp://smartiptv:PASSWORD@192.168.2.3/Streaming/Channels/602 \
    -filter_complex "

CosmicToast

Some useful policies for MinIO

A small collection, because reasons.

User Policies

To apply these:

1. Download the file.
2. mcli admin policy add MYMINIO NAME NAME.json (replace MYMINIO with your configured instance and NAME with the filename).
3. mcli admin policy set MYMINIO NAME user=USER (same as above, replace USER with the user you want to configure).

dargmuesli

#!/bin/bash

set -o errexit -o pipefail -o noclobber -o nounset

LIGHT_BLUE='\e[94m'
LIGHT_GREEN='\e[92m'
LIGHT_RED='\e[91m'
LIGHT_YELLOW='\e[93m'
NC='\e[0m'

jackblk

Note

This tutorial is for Ubuntu & Squid3. Use AWS, Google cloud, Digital Ocean or any services with Ubuntu to follow this tutorial.

Install squid & update

sudo apt-get update
sudo apt-get install squid3
sudo apt-get install apache2-utils

jmpinit

const fs = require('fs');
const path = require('path');
const url = require('url');
const puppeteer = require('puppeteer');

class Webpage {
	static async generatePDF(url, filename) {
		const browser = await puppeteer.launch({ headless: true });
		const page = await browser.newPage();
		await page.goto(url);

elvetemedve

# Yubikey Udev Rule: running a bash script in case your Yubikey is inserted/removed 
ACTION=="add", ENV{PRODUCT}=="1050/407/511", ENV{DEVTYPE}=="usb_device", RUN+="/usr/local/bin/pam-session-locker.sh unlock"
ACTION=="remove", ENV{PRODUCT}=="1050/407/511", ENV{DEVTYPE}=="usb_device", RUN+="/usr/local/bin/pam-session-locker.sh lock"