pich4ya

# @author Pichaya Morimoto (p.morimoto@sth.sh)
# Compiled list of my common bloodhound-python problems & solutions

Bloodhound-python Error #0
You do not get info like GPO and permission abuse edges.
You need to add option -> -c All,LoggedOn

Bloodhound-python Error #1
    raise NoNameservers(request=self.request, errors=self.errors)
dns.resolver.NoNameservers: All nameservers failed to answer the query _ldap._tcp.pdc._msdcs.DCHOSTNAME. IN SRV: Server 10.3.3.7 TCP port 53 answered SERVFAIL

pich4ya

# A numeric lock has a 3 digit key
# "682" - One number is correct and well placed
# "614" - One number is correct but wrongly placed
# "206" - Two number are correct but wrongly placed
# "738" - Nothing is correct
# "780" - One number is correct but wrongly placed

from z3 import *

# Create three integer variables for the lock digits

pich4ya

# @author Pichaya Morimoto (p.morimoto@sth.sh)
# I tried all jadx options for debof, but it did not work.
# This script can be used to replace strings.xml values in a target Java file
# if (!Intrinsics.areEqual(param, context.getString(R.string.m1))) {  -> if (!Intrinsics.areEqual(param, "monday")) {
# Prompted and modified with ChatGPT for FlareOn 10's ItsOnFire
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources/com/secure/itsonfire/MessageWorker.java
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources
import xml.etree.ElementTree as ET
import re
import sys

pich4ya

#!/usr/bin/env zsh
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# Ansible's Vultr module is suck. I have built my own.
# Nuke all my Vultr instances
ssh_key=$(cat ~/.ssh/id_ed25519_vultr.pub)
echo $ssh_key

# List Instances
curl "https://api.vultr.com/v2/instances" \
  -X GET \

pich4ya

#!/bin/zsh
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# https://tryhackme.com/room/lookingglass
# 10.10.169.23

function ssh_connect {
    ssh root@10.10.169.23 -p $1 2>/dev/null | grep -q 'Higher' && echo "Higher" && exit 0
    echo "Lower"
}

pich4ya

#!/usr/bin/env python
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# 2023-03-07
# Weed Shop RCE Exploit

import requests

def create_dbfile(filename):
	# Vulnerability 1: IP Spoofing 
	# File: function.php

pich4ya

#!/usr/bin/env python
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# Ported from https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/chrome_debugger.rb
# pip install requests websocket-client python-socks
# This exploit code can be used to read arbitrary files on the victim machine with
# chrome/chromium --remote-debugging-port=9222, usually runs as a test automation tool in any software testing phase
import requests
import json
import urllib3
import websocket

pich4ya

# @author Pichaya Morimoto (p.morimoto@sth.sh)
# The note at https://gist.github.com/shqld/256e2c4f4b97957fb0ec250cdc6dc463 is incomplete.

brew uninstall rust 
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add x86_64-pc-windows-gnu
rustup target add x86_64-unknown-linux-gnu
rustup target list |grep installed

### Build Windows x86_64

pich4ya

# @author Pichaya Morimoto (p.morimoto@sth.sh)

Problem:

```bash
brew install proxychains-ng 
proxychains4 ncat 1.2.3.4 # not working
```

There are public workarounds like https://benobi.one/posts/running_brew_on_m1_for_x86/ 

pich4ya

# @author Pichaya Morimoto (p.morimoto@sth.sh)

# gem install evil-winrm
# evil-winrm -u "${user}" -p "${pass}"  -i "${ip}"

Evil-WinRM shell v3.4

Info: Establishing connection to remote endpoint

Error: An error of type OpenSSL::Digest::DigestError happened, message is Digest initialization failed: initialization error