Skip to content

Instantly share code, notes, and snippets.

View michaelkruglos's full-sized avatar

Michael Kruglos michaelkruglos

5 followers · 16 following
View GitHub Profile
@Kirill89
Kirill89 / Dockerfile
Last active March 6, 2023 10:27
Prototype Pollution security vulnerability in minimist
FROM ubuntu:18.04
COPY ./app /app
RUN chmod u+s /app
RUN useradd -s /bin/bash just-user
USER just-user
@BlackFan
BlackFan / Bootstrap_XSS.md
Last active June 17, 2024 04:09
Bootstrap XSS Collection

CVE-2019-8331

Bootstrap < 3.4.1 || < 4.3.1

✔️ CSP strict-dynamic bypass

➖ Requires user interaction

➖ Requires $('[data-toggle="tooltip"]').tooltip();

@wdormann
wdormann / acltest.ps1
Created May 1, 2018 15:20
Check for paths that are writable by normal users, but are in the system-wide Windows path. Any such directory allows for privilege escalation.
If (([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "This script will not function with administrative privileges. Please run as a normal user."
Break
}
$outfile = "acltestfile"
set-variable -name paths -value (Get-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH).path.Split(";")
Foreach ($path in $paths) {
# This prints a table of ACLs
# get-acl $path | %{ $_.Access } | ft -Wrap -AutoSize -property IdentityReference, AccessControlType, FileSystemRights
@curi0usJack
curi0usJack / .htaccess
Last active July 9, 2024 18:38
FYI THIS IS NO LONGER AN .HTACCESS FILE. SEE COMMENTS BELOW. DON'T WORRY, IT'S STILL EASY.
#
# TO-DO: set |DESTINATIONURL| below to be whatever you want e.g. www.google.com. Do not include "http(s)://" as a prefix. All matching requests will be sent to that url. Thanks @Meatballs__!
#
# Note this version requires Apache 2.4+
#
# Save this file into something like /etc/apache2/redirect.rules.
# Then in your site's apache conf file (in /etc/apache2/sites-avaiable/), put this statement somewhere near the bottom
#
# Include /etc/apache2/redirect.rules
#
@retorillo
retorillo / msbuild.md
Last active April 23, 2022 07:11

MsBuild exploration for C++

Three key files

The following three XMLs are key, and I recommend to import them always to take benefit to pre-defined Visual Studio tasks.

  • $(VCTargetsPath)\Microsoft.Cpp.default.props
  • $(VCTargetsPath)\Microsoft.Cpp.props
  • $(VCTargetsPath)\Microsoft.Cpp.targets
@MillerGregor
MillerGregor / TypeScript nwb.config.js
Last active July 14, 2020 06:37
module.exports = {
type: 'react-component',
npm: {
cjs: false,
esModules: false,
umd: false
},
polyfill: false,
webpack: {
config(config) {
@mgeeky
mgeeky / msfvenom-reverse-tcp-WaitForSingleObject.md
Last active November 14, 2023 19:45
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.

Looking for WaitForSingleObject call within modern msfvenom generated payload.

Abstract

This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.

Contents: