Skip to content

Instantly share code, notes, and snippets.

View tuantmb's full-sized avatar
😹

Tuan T tuantmb

😹
  • Vietnam
View GitHub Profile
@JohnHammond
JohnHammond / solve_classic_passwd.sh
Created February 8, 2021 02:30
Writeup to TryHackMe's "Classic Passwd" challenge
# Run ltrace
ltrace ./Challenge.Challenge
# Enter a bogus username to see the `strcmp` instruction and see the correct answer.
# Get the flag
echo "AGB6js5d9dkG7" | ./Challenge.Challenge
@Esirei
Esirei / auto-next.js
Last active November 16, 2022 16:35
Pluralsight AutoNext Module
let autoNext = () => {
Array.from(document.querySelectorAll('.player-modal.is-active button'))
.filter(b => b.textContent === 'Continue to next module')
.forEach(b => b.click());
};
setInterval(autoNext, 5000);
@nikallass
nikallass / check-smb-v3.11.sh
Created March 11, 2020 04:57
CVE-2020-0796. Scan HOST/CIDR with nmap script smb-protocols.nse and grep SMB version 3.11.
#!/bin/bash
if [ $# -eq 0 ]
then
echo $'Usage:\n\tcheck-smb-v3.11.sh TARGET_IP_or_CIDR'
exit 1
fi
echo "Checking if there's SMB v3.11 in" $1 "..."
nmap -p445 --script smb-protocols -Pn -n $1 | grep -P '\d+\.\d+\.\d+\.\d+|^\|.\s+3.11' | tr '\n' ' ' | replace 'Nmap scan report for' '@' | tr "@" "\n" | grep 3.11 | tr '|' ' ' | tr '_' ' ' | grep -oP '\d+\.\d+\.\d+\.\d+'
@monoxgas
monoxgas / main.cpp
Created February 12, 2020 22:19
Adaptive DLL Hijacking - Patching LoadLibrary Return
#include <Windows.h>
#include <intrin.h>
#include <string>
#include <TlHelp32.h>
#include <psapi.h>
BOOL PatchTheRet(HMODULE realModule) {
// Get primary module info
I have done some preliminary research into this bug and so far it does not seem like a backdoor. Just some really weird logic when handling routes, and rendering templates.
As to why widgetConfig[code] executes via a POST request, it is because of the following code located in /includes/vb5/frontend/applicationlight.php
$serverData = array_merge($_GET, $_POST);
if (!empty($this->application['handler']) AND method_exists($this, $this->application['handler']))
{
$app = $this->application['handler'];
@rxwx
rxwx / pulseversion.py
Created August 13, 2019 09:04
Pulse Secure Version Scanner
import requests
import sys
import re
HEADERS = {"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0"}
if len(sys.argv) != 2:
print " Usage: python pulseversion.py <target ip/domain>"
sys.exit(1)
# nginx@nginx:~$ cat /etc/nginx/sites-available/outlook.conf
server {
listen 192.168.128.2:80;
server_name yourdomain.com;
return 301 https://yourdomain.com$request_uri;
}
server {
listen 192.168.128.2:443;
@psiborg
psiborg / readme.md
Last active September 27, 2024 08:46
Apple Magic Mouse and Windows 10 #windows
  1. Download the latest version of the "Boot Camp Support Software" (e.g., 5.1.5722) from https://support.apple.com/downloads/bootcamp
  2. Unzip the file (e.g., bootcamp5.1.5722.zip) to a new directory
  3. Run BootCamp\Drivers\Apple\AppleWirelessMouse64.exe
  4. Turn on Bluetooth and pair your Magic Mouse

Note: Apple wireless mouse devices have a built-in passcode of "0000" (four zeros).

@mackwage
mackwage / windows_hardening.cmd
Last active November 9, 2024 14:22
Script to perform some hardening of Windows OS
:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering.
:: Obligatory 'views are my own'. :)
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key!
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
:
@dentechy
dentechy / WSL-ssh-server.md
Last active October 8, 2024 10:48
A step by step tutorial on how to automatically start ssh server on boot on the Windows Subsystem for Linux

How to automatically start ssh server on boot on Windows Subsystem for Linux

Microsoft partnered with Canonical to create Bash on Ubuntu on Windows, running through a technology called the Windows Subsystem for Linux. Below are instructions on how to set up the ssh server to run automatically at boot.

  1. Edit the /etc/ssh/sshd_config file by running the command sudo vi /etc/ssh/sshd_config and do the following
    1. Change Port to 2222 (or any other port above 1000)
    2. Change PasswordAuthentication to yes. This can be changed back to no if ssh keys are setup.
  2. Restart the ssh server:
    • sudo service ssh --full-restart
  3. With this setup, the ssh server must be turned on every time you run Bash on Ubuntu on Windows, as by default it is off. Use this command to turn it on: