Kill it!
As admin launch SymCorpUi.exe and unprotect SEP in options.
for /L %n in (1,0,10) do taskkill /F /IM ccSvcHst.exe & timeout 1
Guillaume Quéré gquere
gquere
/ spring_actuator_explorer.py
Created Apr 12, 2022
View spring_actuator_explorer.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import requests | |
| import sys | |
| import urllib3 | |
| # https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/spring-boot.txt | |
| actuators = [ 'trace', 'health', 'loggers', 'logfile', 'metrics', 'autoconfig', 'heapdump', 'env', 'env/home', 'env/pwd', 'env/lang', 'env/language', 'env/tz', 'env/path', 'env/hostname', 'info', 'dump', 'configprops', 'cloudfoundryapplication', 'features', 'flyway', 'liquibase', 'mappings', 'version', 'auditevents', 'beans', 'gateway/routes', 'actuator', 'actuator/auditLog', 'actuator/auditevents', 'actuator/beans', 'actuator/caches', 'actuator/conditions', 'actuator/configurationMetadata', 'actuator/configprops', 'actuator/dump', 'actuator/env', 'actuator/env/home', 'actuator/env/pwd', 'actuator/env/lang', 'actuator/env/language', 'actuator/env/tz', 'actuator/env/path', 'actuator/env/hostname', 'actuator/events', 'actuator/exportRegisteredServices', 'actuator/features', 'actuator/flyway', 'actuator/gateway/routes', 'actuator/health', 'actu |
View artifactory_downloader.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import requests | |
| import re | |
| from packaging import version | |
| # IGNORE SSL WARNING ########################################################### | |
| import urllib3 | |
| urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
gquere
/ fortigate_decrypt.py
Last active Apr 24, 2022
Decrypt FortiGate configuration secrets CVE-2019-6693
View fortigate_decrypt.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from Cryptodome.Cipher import AES | |
| import base64 | |
| import sys | |
| key = b'Mary had a littl' | |
| data = base64.b64decode(sys.argv[1]) | |
| iv = data[0:4] + b'\x00' * 12 |
View weblogic_password.decrypt.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # python3 port from https://github.com/L-codes/ctf-scripts/blob/master/crypto/weblogic_password.py | |
| # /console/ login account | |
| # -i ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/security/SerializedSystemIni.dat | |
| # -f ~/wls<VERSION>/user_projects/domains/<DOMAIN_NAME>/config/config.xml | |
| from Cryptodome.Cipher import ARC2, AES, DES3 | |
| from Cryptodome.Hash import SHA | |
| import struct | |
| import re |
gquere
/ shitmantec.md
Last active Feb 21, 2022
View shitmantec.md
gquere
/ barebox_advisory.md
Last active Aug 30, 2021
View barebox_advisory.md
BareBox security advisory
Barebox security features
The security features of Barebox are:
- Signed images
- Signed "state variables" (shared with the kernel)
gquere
/ shitmantec.py
Created Feb 12, 2021
View shitmantec.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import re | |
| import random | |
| import base64 | |
| with open(sys.argv[1], "rb") as f: | |
| lines = f.readlines() | |
| obfuscated_lines = b"" |
View ports.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Network | |
| ======= | |
| DNS 53 | |
| DHCP server 67 | |
| DHCP client 68 | |
| NTP 123 | |
| Auth | |
| ==== | |
| TACACS 49 |
gquere
/ openldap2hashcat.py
Last active Apr 17, 2022
Convert OpenLDAP hashes to a format Hashcat can understand
View openldap2hashcat.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Convert OpenLDAP hashes to a format Hashcat can understand | |
| import sys | |
| import base64 | |
| with open(sys.argv[1], 'r') as f: | |
| lines = f.readlines() | |
| for line in lines: | |
| line = line.rstrip("\n") |
gquere
/ openldap2john.py
Last active Nov 17, 2020
Convert OpenLDAP hashes to a format john the ripper can understand
View openldap2john.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # Convert OpenLDAP hashes to a format john the ripper can understand | |
| import sys | |
| import base64 | |
| with open(sys.argv[1], 'r') as f: | |
| lines = f.readlines() | |
| for line in lines: | |
| line = line.rstrip("\n") |
NewerOlder