leonjza

# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/

leonjza

#!/usr/bin/env python2

# Laravel Valet v1.1.4 - 2.0.3 Local Privilege Escalation (macOS)
# February 2017 - @leonjza

# Affected versions: At least since ~v1.1.4 to v2.0.3. Yikes.
# Reintroduced in v2.0.7 via the 'trust' command again.

# This bug got introduced when the sudoers files got added around
# commit b22c60dacab55ffe2dc4585bc88cd58623ec1f40 [1].

leonjza

goness

A golang Nessus XML parser for use in your shell pipeline

examples

Just searching for "MS15":

$ goness -f exported_download.nessus | grep "MS15"
MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution (3042553) (uncredentialed check)|www|10.1.1.1:80

leonjza

This script has moved to: https://github.com/leonjza/socat23

socat with sslv2 and sslv3 support

This script downloads and builds OpenSSL v1.0.2m and socat v1.7.3.2 in /usr/local/src. Once complete, a symlink at /usr/local/bin/socat-ssl23 is created so that you can run it with socat-ssl23.

install

Tested on Kali Linux:

leonjza

BSidesCPT 2017 RFcat Challenge Sources

blog entry

https://leonjza.github.io/blog/2017/12/13/building-the-bsidescpt17-rf-challenge/

Three files are of interest. challenge_server.py, rfcast.py and xor.py.

challenge files

rfcast.py

leonjza

# https://docs.docker.com/engine/installation/linux/docker-ce/debian/

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
echo "deb https://download.docker.com/linux/debian stretch stable" >> /etc/apt/sources.list 
apt install docker-ce

# test that this thing is on
docker run hello-world

leonjza

<?php

/*
 * Quick 'n Dirty Laravel ~5.6 decrypter.
 *  @leonjza
 *
 * Typically, if you see a key with the format base64:key_string then
 * you know you need this decrypter.
 *
 * For Laravel ~5.1, use: https://gist.github.com/leonjza/ce27aa7435f8d131d93f

leonjza

☄️ go-out

This code now lives at: https://github.com/sensepost/go-out

A simple, dependency free, Golang egress buster using @mubix letmeoutofyour.net and @bhinfosecurity allports.exposed services.

install

Save the main.go file and either go run main.go or build it with go build -o go-out main.go, moving the resultant binary to your place of choice.

cross compiling

leonjza

#!/usr/bin/python

# Invoke-Kerberoast output hash extractor.
#
# For when you have:
#    TicketByteHexStream  :
#    Hash                 : $krb5tgs$23$*sqlSvc$Adomain.com$MSSQLSvc/sqlserver.Adomain.com:1433*$C13BFD40143C0E
#                           ....
#    SamAccountName       : sqlSvc
#    DistinguishedName    : CN=sqlSvc,OU=ServiceAccounts,DC=Adomain,DC=com

leonjza

package main

import (
	"context"
	"flag"
	"log"
	"os"
	"os/exec"
	"regexp"
	"strings"