ihebski
/ apache-webdav-directory-listing.yaml
Last active
December 18, 2023 06:50
nuclei template for Apache WebDAV Module PROPFIND Arbitrary Directory Listing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: apache-webdav-dir-listing | |
| info: | |
| name: Apache WebDAV Module PROPFIND Arbitrary Directory Listing | |
| author: segfolt | |
| severity: Medium | |
| # https://vuldb.com/?id.16000 | |
| requests: | |
| - raw: |
ihebski
/ CVE-2002-0561.yaml
Created
September 23, 2020 09:51
nuclei template for [CVE-2002-0561] Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2002-0561 | |
| info: | |
| name: Oracle 9iAS PL/SQL Gateway Web Admin Interface Null Authentication | |
| author: Segfolt | |
| severity: High | |
| requests: | |
| - method: GET | |
| path: |
ihebski
/ hp-ilo4-CVE-2017-12542.yaml
Created
September 22, 2020 11:51
nuclei template for [CVE-2017-12542] iLO 4 < 2.53 - Add New Administrator User
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: CVE-2017-12542 | |
| info: | |
| name: iLO 4 < 2.53 - Add New Administrator User | |
| author: segfolt | |
| severity: High | |
| # Exploit Source: https://www.exploit-db.com/exploits/44005 | |
| # Reference: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf03769en_us | |
| requests: | |
| - raw: |
A Pen by Creative Tim on CodePen.
ihebski
/ gist:13c69f0badb50b8bbb76b92e6f7517f0
Last active
March 31, 2022 13:53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // shared by @Retrospected: https://github.com/Retrospected/spring-rce-poc | |
| @InitBinder | |
| public void initBinder(WebDataBinder binder) { | |
| String[] blackList = {"class.*","Class.*","*.class.*",".*Class.*"}; | |
| binder.setDisallowedFields(blackList); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/expect -f | |
| # Constants | |
| set user "" | |
| set pass "" | |
| set timeout -1 | |
| # Options | |
| match_max 100000 | |
| log_user 0 |
ihebski
/ mysql-backup.sh
Created
December 27, 2021 01:41
backup and restore mysql database from defectdojo container
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Get container id | |
| docker ps | grep mysql | |
| # Backup | |
| docker exec -it <container_id> mysqldump -u defectdojo --password=defectdojo defectdojo > backup.sql | |
| # Restore | |
| docker exec -i <container_id> mysql -u defectdojo --password=defectdojo defectdojo < cat backup.sql |
ihebski
/ requirement.txt
Created
September 28, 2021 21:07
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| certifi==2021.5.30 | |
| charset-normalizer==2.0.6 | |
| click==8.0.1 | |
| Flask==2.0.1 | |
| Flask-SQLAlchemy==2.5.1 | |
| greenlet==1.1.1 | |
| idna==3.2 | |
| itsdangerous==2.0.1 | |
| Jinja2==3.0.1 | |
| MarkupSafe==2.0.1 |
ihebski
/ Workstation-Takeover.md
Created
July 28, 2021 11:36
— forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
- Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
- Relaying that machine authentication to LDAPS for configuring RBCD
- RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
NewerOlder