Jason Juntunen
Jason Juntunen
Main requirement for the Ping authentication flow is that it needs a new URI and cookie value with each request, otherwise it will start returning "page expired" warnings. I included...
AdminSDHolder permissions are applied every 60 minutes to numerous protected groups in the domain. If the AdminSDHolder permissions are misconfigured, they will continually apply the same vulnerabilities to Domain Admins...
Modified the xp_dirtree and xp_cmdshell UNC paths to use forward slashes instead of backslashes, and removed the space between the procedure name and quoted path. These changes help to avoid...
Console output and actual file name did not align. Possibly, theoretically, someone could spend way too much time hunting a bug that was more about searching for the wrong file...
Removes the `Select-Object` commands from the `Get-SQLInstanceDomain -CheckMgmt` results. These cause all other properties to be removed, losing valuable info such as `SPN` and `DomainAccount`. NOTE: I have not tested...
Add logic in pingfed.py to extract the pf.adapterId value from the HTML form. Solution for cases where the adapter name has been modified, but the form is otherwise the same....