Skip to content

Instantly share code, notes, and snippets.

View mkropat's full-sized avatar
📚
Learning

Michael Kropat mkropat

📚
Learning
49 followers · 0 following
View GitHub Profile
@mkropat
mkropat / knownpaths.py
Last active April 19, 2024 00:07
Python wrapper around the SHGetKnownFolderPath Windows Shell function
import ctypes, sys
from ctypes import windll, wintypes
from uuid import UUID
class GUID(ctypes.Structure): # [1]
_fields_ = [
("Data1", wintypes.DWORD),
("Data2", wintypes.WORD),
("Data3", wintypes.WORD),
("Data4", wintypes.BYTE * 8)
@mkropat
mkropat / set-ie-proxy.ps1
Created January 15, 2015 20:10
$setProxy = {
param($proxy)
Set-Location 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Set-ItemProperty . ProxyServer $proxy
Set-ItemProperty . ProxyOverride '<local>'
Set-ItemProperty . ProxyEnable 1
}
# You can run $setProxy as another user like so:
#
@mkropat
mkropat / EnvPaths.psm1
Last active January 19, 2024 10:12
function Add-EnvPath {
param(
[Parameter(Mandatory=$true)]
[string] $Path,
[ValidateSet('Machine', 'User', 'Session')]
[string] $Container = 'Session'
)
if ($Container -ne 'Session') {
@mkropat
mkropat / RegistryKeyValueStore.cs
Last active December 18, 2023 17:57
Simple Windows Registry interface
public interface IKeyValueStore
{
T Read<T>(string key);
void Write<T>(string key, T value);
}
public class RegistryKeyValueStore : IKeyValueStore
{
readonly RegistryHive _hive;
readonly string _regPath;
@mkropat
mkropat / mkgitconfig
Last active November 23, 2023 20:05
Sensible Git defaults
git config --global --replace-all --type=bool push.autoSetupRemote true
git config --global --type=bool rebase.autoStash true
git config --global --type=bool rebase.updateRefs true
git config --global core.autocrlf input
git config --global core.commentChar auto
git config --global init.defaultBranch main
git config --global pull.ff only
git config --global oh-my-zsh.hide-info 1
git config --global alias.ca 'commit --amend --no-edit'
@mkropat
mkropat / list-globals.js
Created March 5, 2023 00:57
objs = new Set
nameToObj = new Map
function t(obj) {
if (!obj || objs.has(obj) || typeof obj !== 'object') { return }
if (obj.nodeName === 'IFRAME') { return } // iframe descendants can cause security errors
objs.add(obj)
let proto = Object.getPrototypeOf(obj)
let name = (obj.constructor && obj.constructor.name) || (proto && proto.constructor && proto.constructor.name)
if (!nameToObj.has(name)) { nameToObj.set(name, []) }
nameToObj.get(name).push(obj)
@mkropat
mkropat / jumpapp.ahk
Created January 30, 2017 14:02
^!r::Reload
RunOrRaise(caption) {
r := ComObjGet("winmgmts:")
.ExecQuery("SELECT Handle FROM Win32_Process WHERE Caption='" . caption . "'")
If r._NewEnum()[proc]
{
;WinGet, windows, list
;Loop, %windows%
@mkropat
mkropat / store.js
Last active September 5, 2022 12:59
// Moved to: https://github.com/mkropat/todomvc-tagsjs/blob/main/lib/store.js
@mkropat
mkropat / convert-patterns.vim
Created February 23, 2022 18:10
" Pattern 1:
"
" * Operate over a whole file: :call ConvertFile()
" * Or operate over a selection: :'<,'>call ConvertLine()
" * Supports the same :s// and normal commands you regularly use in Vim
" * So minimal Vim Script knowledge needed
function! ConvertFile()
%global/^/call ConvertLine()
endfunction
@mkropat
mkropat / Attacking-OpenIDConnect.md
Last active November 11, 2021 02:44

How to exploit vulnerable implementations

  • Doesn't validate signature? → Forge arbitrary JWTs
  • Acts on data in payload before validating signature? → Forge arbitrary JWTs
  • Doesn't validate signature algorithm? → Forge JWT with algorithm "none"
  • Doesn't validate key↔algorithm match? → Create HS256 signature signed with expected public key
  • Doesn't validate audience? → Trick victim to sign in to evil app, then use creds to auth to vulnerable app as victim
  • Doesn't validate issuer? → Use JWT for one tenant to authenticate to a different tenant
  • Doesn't validate nonce? → Replay attack
  • Doesn't validate nonce/state against original sent value? → CSRF