AvasDream

TLDR

Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. Cisco Security Manager offers comprehensive security management (configuration and event management) across a wide range of Cisco security appliances, including Cisco ASA Adaptive Security Appliances, Cisco IPS Series Sensor Appliances, Cisco Integrated Services Routers (ISRs), Cisco Firewall Services Modules (FWSMs), Cisco Catalyst, Cisco Switches and many more. Cisco Security Manager allows you to manage networks of all sizes efficiently-from small networks to large networks consisting of hundreds of devices.

Several pre-auth vulnerabilities were submitted to Cisco on 2020-07-13 and (according to Cisco) patched in version 4.22 on 2020-11-10. Release notes didn't state anything about the vulnerabilities, security advisories were not published. All payload are processed in the context of NT AUTHORITY\SYSTEM.

exploiting xss

what can you inject in the affected point?

html tags

1.1. Easiest case
1.2. Try to create a script tag

attributes with event handler value (onload, onerror, ...)

2.1. There are some examples here and more here
2.2. You can try a brute force using this list
2.3. Base64: You can replace alert(1) with location=window.atob`amF2YXNjcmlwdDphbGVydCgxKQoK`

Purpose

Cheatsheet for HackTheBox with common things to do while solving these CTF challenges.

Because a smart man once said:

Never google twice.

Linux General

8x Nvidia GTX 1080 Hashcat Benchmarks

Product: Sagitta Brutalis 1080 (PN S3480-GTX-1080-2697-128)

Software: Hashcat v3.00-beta-145-g069634a, Nvidia driver 367.18

Accelerator: 8x Nvidia GTX 1080 Founders Edition

	# This is a proof-of-concept for a security bug in GitHub Actions which has since been fixed.
	# See https://blog.teddykatz.com/2021/03/17/github-actions-write-access.html for more information.
	# The proof-of-concept was only ever used in a test environment to validate the existence of the
	# vulnerability, and is shown here for educational purposes.
	#
	# The proof-of-concept would have the effect of creating a `vandalism.md` file, containing vandalism,
	# on the default branch of a victim repository.
	#
	# To use the proof-of-concept, the steps would have been:
	# 1. Fork the victim repository

	# Source: https://gist.github.com/a0a7ff04a7e22409cdfd8b466edb4e48

	#################################################
	# Argo Events #
	# Event-Based Dependency Manager for Kubernetes #
	# https://youtu.be/sUPkGChvD54 #
	#################################################

	#########
	# Setup #

	<#
	.SYNOPSIS
	This script can bypass User Access Control (UAC) via fodhelper.exe

	It creates a new registry structure in: "HKCU:\Software\Classes\ms-settings\" to perform UAC bypass and starts
	an elevated command prompt.

	.NOTES
	Function : FodhelperUACBypass
	File Name : FodhelperUACBypass.ps1

	import { v4 as uuid } from 'uuid';

	export function generateId() {
	return uuid();
	}

	const v4 = new RegExp(/^[0-9A-F]{8}-[0-9A-F]{4}-4[0-9A-F]{3}-[89AB][0-9A-F]{3}-[0-9A-F]{12}$/i);

	console.log(generateId().match(v4));
	//console.log(generateId().length)

	#!/usr/bin/env bash

	# Author : shahril96
	# Licensed under the WTFPL license - http://www.wtfpl.net/about/

	# Make sure only root can run our script
	[[ $EUID -ne 0 ]] && { echo "This script must be run as root" 1>&2; exit 1; }

	# print help msg if not enough argument given
	[ $# -ne 1 ] && { echo "Usage: `basename $0` port-to-listen"; exit 1; }

	import argparse
	from multiprocessing import Process
	import logging
	logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
	from scapy.all import *
	import signal
	import threading
	from sys import platform