Skip to content

Instantly share code, notes, and snippets.

View sticks-stuff's full-sized avatar

sharlot sticks-stuff

74 followers · 99 following
View GitHub Profile
@VAMorales
VAMorales / Kofax Capture - Unauthenticated NET Remoting vulnerabilities.md
Created April 23, 2026 14:32
Kofax Capture - Unauthenticated File Read/Write and SMB coercion via .NET Remoting

Exploit Title: Tungsten Automation - Kofax Capture Unauthenticated File Read/Write and SMB coercion via .NET HTTP Remoting

Disclosure Date: 4/23/2026

CVE ID: CVE-2026-23751

Exploit Authors: Victor A. Morales of GM Sectec, Corp.

Vendor Homepage: https://docshield.tungstenautomation.com/Portal/Products/en_US/KC/11.1.0-40hy9nfk91/KC.htm

Known Affected Versions: 6.0.0.0

Description

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 (other versions may be affected) exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service (C:\Kofax\CaptureSS\ServLib\Bin\ACSvc.exe) that is accessible without authentication and uses a default, publicly known endpoint identifier. By modifying the PoC of Code-White's RemotingClient_MBRO_Lazy.exe program to implement a custom channel sink to redirect .NET Remoting traffic to the correct host, an unauthenticated remote attacker can exploit .NET Remoting object unma

@kyhwana
kyhwana / blocksigners.sh
Last active March 26, 2026 23:34
Block RMS support letter signers
#replace "<PAT TOKEN>" with your github PAT token, tested with "Update ALL user data" PAT token.
curl -q https://rms-support-letter.github.io/ | grep "href" | grep "github.com" | grep -v "\/\[" | awk -F "https://github.com/" '{ print $2 }' | awk -F "\"\>" '{ print $1 }' | sed 's/\///g' | sed '/^$/d' | xargs -I USER curl -i -X PUT -H "Authorization: token <pat token here>" -H "Accept: application/vnd.github.v3+json" https://api.github.com/user/blocks/USER
@gatopeich
gatopeich / Wii from SD card in 2020.md
Created July 12, 2020 12:34
Run Wii games from SD card in quick, safe and easy steps (2020 mini guide)

After spending days following some obsolete or incomplete or just too long and specific guides, here is my take on setting up a Wii in the year 2020

  1. Format SD card with 1 partition of 32kb clusters: sudo mkdosfs /dev/sdXX -s 128 -F 32. Up to 32GB SD-HC should work fine, despite what was said in old forums
  2. Install BootMii + HBC with LetterBomb: https://wiibrew.org/wiki/LetterBomb
  3. BACKUP your NAND with BootMii to be safe from bricking: https://sites.google.com/site/completesg/how-to-use/bootmii This is mostly for peace of mind though
  4. Install cIOS 249 base 56 v10 beta52 on slot 249 and base 57 on slot 250. This is the most complex step, be careful to follow the instructions here: https://sites.google.com/site/completesg/backup-launchers/installation
@harlanhaskins
harlanhaskins / TMNT Symbols
Created July 4, 2020 05:59
All the iOS 14/macOS 11/tvOS 14/watchOS 7 symbols that are singable to the TMNT theme song
AACustomByteStreamOpen
AAEntryACLBlob
AAEntryXATBlob
AAFieldKeySetGetKeyCount
AAHeaderGetKeyIndex
ABMultiValueGetCount
ABPersonViewController
ADCommonDefinitions
ADErrorAdUnloaded
ADErrorLoadingThrottled