grahamhelton

if [ $# -ne 2 ]
then
        echo "Usage: getsha1 <github_url> <path_to_store_file>
        IE: getsha1 https://github.com/danielmiessler/SecLists Documents/wordlists/seclists"
        exit
fi
github="$1"
sha1=$(git ls-remote $1 | awk '{print $1}' | head -n 1)
echo "
home.file = {

irsdl

// by @irsdl
boolean manualColorHighlightEnabled = true; // e.g. BurpRed anywhere in the request
boolean pwnFoxColorHighlightEnabled = true; // to support PwnFox Firefox extension containers

// BEGIN HIGHLIGHT LOGIC {

boolean hasAlreadyBeenColoured = false;
/* Manual highlight logic to see something like BurpRed */
if(manualColorHighlightEnabled){
    Pattern manualHighlightPattern = Pattern.compile("burp([a-z]{3,7}+)", Pattern.CASE_INSENSITIVE); // like burpRed or burpYellow

RalphDesmangles

using System;
using System.Collections.Generic;
using System.Security.Principal;
using System.Text.RegularExpressions;

/*
PoC To enumerate logged on users on a remote system using the winreg named pipe.
Based on the work of Rohan Vazarkar (@cptjesus) and Antonio Cocomazzi (@splinter_code).

RemoteRegistry service must be enabled (default) for this to work.

stong

twitter.com##div[aria-label="Trending"]
twitter.com##aside[aria-label="Who to follow"]
twitter.com##a[aria-label="Search and explore"]
twitter.com##svg[aria-label="Verified account"]
twitter.com##a[aria-label="Communities"]
twitter.com##a[aria-label="Verified Orgs"]
twitter.com##a[aria-label="Jobs"]
twitter.com##a[aria-label="Top Articles"]
twitter.com##a[aria-label^="Notifications"]
twitter.com##a[aria-label="Home"]

win3zz

user@hostname:~/exploit$ cat > test.c

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main() {
    if (setuid(0) != 0) {

xen0bit

FROM debian:latest

RUN apt-get update && apt-get install -y \
    git \
    build-essential \
    wget \
    python3

WORKDIR /build

nullenc0de

import subprocess
import argparse

# Define the command to run Nuclei
nuclei_command = "nuclei -silent -t credential-stuffing/cloud -var username={} -var password={}"

# Create a command-line argument parser
parser = argparse.ArgumentParser(description='Credential Stuffing Scanner')

# Add an argument for specifying the creds.txt file

to016

This Gist provides a Proof-of-Concept (POC) for CVE-2023-41892, a Craft CMS vulnerability that allows Remote Code Execution (RCE).

Overview

CVE-2023-41892 is a security vulnerability discovered in Craft CMS, a popular content management system. Craft CMS versions affected by this vulnerability allow attackers to execute arbitrary code remotely, potentially compromising the security and integrity of the application.

POC

This POC is depending on writing webshell, so finding a suitable folder with writable permission is necessary.

avlidienbrunn

Description

This was a challenge to demonstrate how the content-type header can be used to fool the browser into treating the HTTP response body in unexpected ways.

Source

As the harder solution works for both, heres source:

php

adamsvoboda

%windir%\system32\WerFaultSecure.exe
%windir%\system32\mrt.exe
%windir%\system32\svchost.exe
%windir%\system32\NETSTAT.EXE
%windir%\system32\wbem\WmiPrvSE.exe
%windir%\system32\DriverStore\FileRepository\*\NVWMI\nvWmi64.exe
%programfiles(x86)%\Microsoft Intune Management Extension\ClientHealthEval.exe
%programfiles(x86)%\Microsoft Intune Management Extension\SensorLogonTask.exe
%programfiles(x86)%\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe
%programdata%\Microsoft\Windows Defender Advanced Threat Protection\DataCollection\*\OpenHandleCollector.exe