Skip to content

Instantly share code, notes, and snippets.

View sarinkejohn's full-sized avatar
💭
Thinking is not work....Move fast

Sarinke John sarinkejohn

💭
Thinking is not work....Move fast
6 followers · 25 following
View GitHub Profile
@shinmai
shinmai / writeup.md
Last active December 20, 2022 16:36
CTF Metared Honduras 2022 Writeups

"CTF Metared Honduras 2022" Writeups

[misc]

Xor me (100 pts):

The second parameter was calculated by xoring the first line with your flag.

[xor.txt]:

01100001011100100111010001011111011011110110011001011111011101110110000101110010
@esell
esell / stuff.txt
Last active April 12, 2022 15:55
At this point, it is probably easier to just use something like this: https://github.com/reznok/Spring4Shell-POC
- clone https://spring.io/guides/gs/handling-form-submission/
- you can skip right to gs-handling-form-submission/complete, no need to follow the tutorial
- modify it so that you can build a war file (https://www.baeldung.com/spring-boot-war-tomcat-deploy)
- install tomcat9 + java 11 (i did it on ubuntu 20.04)
- deploy the war file
- update the PoC (https://share.vx-underground.org/) to write the tomcatwar.jsp file to webapps/handling-form-submission instead of webapps/ROOT
@Eversmile12
Eversmile12 / Blockchain.py
Created January 28, 2022 10:51
Python Blockchain
# Python program to create Blockchain
# For timestamp
import datetime
# Calculating the hash
# in order to add digital
# fingerprints to the blocks
import hashlib
@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active August 25, 2025 14:06
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.