Esonhugh

var esprima = require("meriyah");
var estraverse = require("estraverse");
var escodegen = require("escodegen");
var fs = require("node:fs");


function basename(path) {
  return path.split("/").reverse()[0].split(":").reverse()[0].replace("-", "_");
}

Esonhugh

thinkphp 6.0.0-6.0.13 and 6.1.0-6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload.

First, Add new deserialization endpoint, such as:

<?php
namespace app\controller;

use app\BaseController;

Esonhugh

Bloodhound as a service (Kubernetes Deployments/Docker Compose)

Usage

1. Change password (default password: default_admin_passwords)
2. Change user (default user: esonhugh)
3. Change ingress host name to your team server
4. Deploy it!
5. kubectl apply -f deployment-service.yaml -f ingress.yaml -f configmap.yaml # -n <change namespace you deploy>
6. use pipx install git+https://github.com/exploide/bloodhound-cli.git

Esonhugh

# automatically set the AWS environment variables from the json output of `aws sts assume-role` 
aws_sts_env () {
        if [[ -n "$1" ]]
        then
            local cred=$1
        fi
        if [[ -z "$cred" ]]
        then
                echo "Usage: $0 \`json\`"
                echo "Example: export cred=\`aws sts assume-role --role-arn xxxx --role-session-name xxxx|jq ".Credentials"\`"

Esonhugh

#!/bin/bash
#$1 : URL to download .git from (http://target.com/.git/)
#$2 : Folder where the .git-directory will be created

function init_header() {
    cat <<EOF
###########
# GitDumper is part of https://github.com/internetwache/GitTools
#
# Developed and maintained by @gehaxelt from @internetwache

Esonhugh

import os

SOURCE_FILE="merged_cloudtrail_logs.json"

'''
Sample Event
  {
    "eventVersion": "1.08",
    "userIdentity": {
      "type": "Root",

Esonhugh

{
    "version": "2.0.0",
    "tasks": [
        {
            "label": "msfvenom payload creating",
            "type": "shell",
            "detail": "msfvenom payload creating task",
            "problemMatcher": [],
            "command": [
                "msfvenom",

Esonhugh

Origin of Injection

When Kubernetes CRD controller which is responsible to analyzing a specific CR is vulnerable, attackers may control certain custom resources and inject malicious payloads, which could trigger malicious behaviors when the controller parses, processes, stores the CRs, or generates other related resources.

Injection Classification

Injections can be classified via 3 different way.

By injection points

Esonhugh

id: maltrail-os-command-injection

info:
  author: Esonhugh
  name: Unauthenticated OS Command Injection in stamparm/maltrail
  severity: critical
  description: |
    Maltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.
  reference:
    - "https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/"

Esonhugh

function docker_cme() {
    if [[ -z "$1" ]]
    then 
        if [[ -n `sudo docker ps -a|grep crackmapexec` ]]
        then 
            sudo docker start crackmapexec
            sudo docker exec -it crackmapexec sh
        else
            sudo docker run -it --entrypoint=/bin/bash --name crackmapexec byt3bl33d3r/crackmapexec
        fi