This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
| # The following command works for downloading when using Git for Windows: | |
| # curl -LOf http://gist.githubusercontent.com/kmorcinek/2710267/raw/.gitignore | |
| # | |
| # Download this file using PowerShell v3 under Windows with the following comand: | |
| # Invoke-WebRequest https://gist.githubusercontent.com/kmorcinek/2710267/raw/ -OutFile .gitignore | |
| # | |
| # or wget: | |
| # wget --no-check-certificate http://gist.githubusercontent.com/kmorcinek/2710267/raw/.gitignore | |
| # User-specific files |
| """ | |
| CVE-2015-9235 PoC, known as | |
| "JWT HS/RSA key confusion vulnerability". | |
| This PoC was used to solve the HTB challenge | |
| "Under Construction" on HackTheBox (HTB). | |
| USAGE: | |
| == | |
| Token was obtained by logging into the |
| -- Remove the history from | |
| rm -rf .git | |
| -- recreate the repos from the current content only | |
| git init | |
| git add . | |
| git commit -m "Initial commit" | |
| -- push to the github remote repos ensuring you overwrite history | |
| git remote add origin [email protected]:<YOUR ACCOUNT>/<YOUR REPOS>.git |
| # The following command works for downloading when using Git for Windows: | |
| # curl -LOf http://gist.githubusercontent.com/kmorcinek/2710267/raw/.gitignore | |
| # | |
| # Download this file using PowerShell v3 under Windows with the following comand: | |
| # Invoke-WebRequest https://gist.githubusercontent.com/kmorcinek/2710267/raw/ -OutFile .gitignore | |
| # | |
| # or wget: | |
| # wget --no-check-certificate http://gist.githubusercontent.com/kmorcinek/2710267/raw/.gitignore | |
| # User-specific files |
