You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is still a new situation. There is a lot we don't know. We don't
know if there are more possible exploit paths. We only know about this
one path. Please update your systems regardless.
This is a living document. Everything in this document is made in good
faith of being accurate, but like I just said; we don't yet know everything
about what's going on.
Razer USB gadget on Android for Local Privilege Escalation on Windows
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure
Overview
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
Relaying that machine authentication to LDAPS for configuring RBCD
RBCD takeover
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Here is the best setup (I think so :D) for K-series Keychron keyboards on Linux.
Note: many newer Keychron keyboards use QMK as firmware and most tips here do not apply to them. Maybe the ones related to Bluetooth can be useful, but everything related to Apple's keyboard module (hid_apple) on Linux, won't work. As far as I know, all QMK-based boards use the hid_generic module instead. Examples of QMK-based boards are: Q, Q-Pro, V, K-Pro, etc.
Most of these commands have been tested on Ubuntu 20.04 and should also work on most Debian-based distributions.
If a command happens not to work for you, take a look in the comment section.
Make Fn + F-keys work (NOT FOR QMK-BASED BOARDS)
Older Keychron keyboards (those not based on QMK) use the hid_apple driver on Linux, even in the Windows/Android mode, both in Bluetooth and Wired modes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Use cookie authentication to obtain a nonce for WP REST API calls that need authentication.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Proxmox VE 6.x release includes a feature to add custom cloud-init configs. Unfortunately there is poor documentation, so I had to figure this out by adding pieces of information together.
The custom cloud-init files (user-data, meta-data, network-config)
The cloud-init files need to be stored in a snippet. This is not very well documented:
Go to Storage View -> Storage -> Add -> Directory
Give it an ID such as snippets, and specify any path on your host such as /snippets
Under Content choose Snippets and de-select Disk image (optional)
Upload (scp/rsync/whatever) your user-data, meta-data, network-config files to your proxmox server in /snippets/snippets/ (the directory should be there if you followed steps 1-3)
Creates a Filebeat pipeline to ingest Laravel Monolog/log lines.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters