2018-08-13 10:01:13 +00:00
# Payloads All The Things
2017-04-25 21:22:55 +00:00
A list of useful payloads and bypasses for Web Application Security.
2016-11-02 13:26:00 +00:00
Feel free to improve with your payloads and techniques !
2018-08-13 10:01:13 +00:00
I < 3 pull requests : )
You can also contribute with a beer IRL or with `buymeacoffee.com`
[![Coffee ](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png )](https://buymeacoff.ee/swissky)
2016-10-18 07:06:10 +00:00
2018-12-24 13:17:49 +00:00
Every section contains the following files, you can use the `_template_vuln` folder to create a new chapter:
2018-08-13 10:01:13 +00:00
- README.md - vulnerability description and how to exploit it
2018-12-24 13:14:51 +00:00
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
2018-03-23 12:53:53 +00:00
You might also like :
2018-07-09 17:49:56 +00:00
2018-08-13 10:01:13 +00:00
- [Methodology and Resources ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/ )
- [Active Directory Attack.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md )
- [Methodology_and_enumeration.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md )
- [Network Pivoting Techniques.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md )
2018-10-02 14:57:01 +00:00
- [Network Discovery.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Discovery.md )
2018-08-13 10:01:13 +00:00
- [Reverse Shell Cheatsheet.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md )
2018-10-02 14:17:16 +00:00
- [Subdomains Enumeration.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Subdomains%20Enumeration.md )
2018-08-13 10:01:13 +00:00
- [Windows - Download and Execute.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md )
- [Windows - Mimikatz.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md )
- [Windows - Persistence.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md )
- [Windows - Privilege Escalation.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md )
- [Windows - Using credentials.md ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md )
- [CVE Exploits ](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits )
2018-11-18 12:40:47 +00:00
- Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py
- Apache Struts 2 CVE-2017-5638.py
- Apache Struts 2 CVE-2017-9805.py
- Apache Struts 2 CVE-2018-11776.py
- Docker API RCE.py
- Drupalgeddon2 CVE-2018-7600.rb
- Heartbleed CVE-2014-0160.py
- JBoss CVE-2015-7501.py
- Jenkins CVE-2015-8103.py
- Jenkins CVE-2016-0792.py
- Shellshock CVE-2014-6271.py
- Tomcat CVE-2017-12617.py
- WebLogic CVE-2016-3510.py
- WebLogic CVE-2017-10271.py
- WebLogic CVE-2018-2894.py
- WebSphere CVE-2015-7450.py
2018-03-23 12:53:53 +00:00
2018-08-11 22:17:58 +00:00
## Try Harder
2018-08-13 10:01:13 +00:00
2018-08-11 22:17:58 +00:00
Ever wonder where you can use your knowledge ? The following list will help you find "targets" to improve your skills.
2018-03-27 23:55:14 +00:00
2018-08-13 10:01:13 +00:00
- __Bug Bounty Platforms__
- [HackerOne ](https://hackerone.com )
- [BugCrowd ](https://bugcrowd.com )
- [Bounty Factory ](https://bountyfactory.io )
- [Synack ](https://www.synack.com/ )
- [Intigriti ](https://www.intigriti.com )
- [List of Bounty Program ](https://bugcrowd.com/list-of-bug-bounty-programs/ )
- __Online Platforms__
- [Hack The Box ](hackthebox.eu/ )
- [Penetration test lab "Test lab" | Pentestit ](https://lab.pentestit.ru )
- [PentesterLab : Learn Web Penetration Testing: The Right Way ](https://pentesterlab.com/ )
- [Zenk-Security ](https://www.zenk-security.com/epreuves.php )
- [Root-Me ](https://www.root-me.org )
- [W3Challs ](https://w3challs.com/ )
- [NewbieContest ](https://www.newbiecontest.org/ )
- [Vulnhub ](https://www.vulnhub.com/ )
- [The Cryptopals Crypto Challenges ](https://cryptopals.com/ )
- [alert(1) to win ](https://alf.nu/alert1 )
- [Hacksplaining ](https://www.hacksplaining.com/exercises )
- [HackThisSite ](https://hackthissite.org )
- [Hackers.gg ](hackers.gg )
- [Mind Map - Penetration Testing Practice Labs - Aman Hardikar ](http://www.amanhardikar.com/mindmaps/Practice.html )
2017-04-08 13:59:40 +00:00
2018-08-11 22:17:58 +00:00
## Book's list
2018-08-13 10:01:13 +00:00
2018-08-11 22:17:58 +00:00
Grab a book and relax, these ones are the best security books (in my opinion).
2016-11-03 16:56:15 +00:00
2018-08-13 10:01:13 +00:00
- [Web Hacking 101 ](https://leanpub.com/web-hacking-101 )
- [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill ](https://leanpub.com/ltr101-breaking-into-infosec )
- [OWASP Testing Guide v4 ](https://www.owasp.org/index.php/OWASP_Testing_Project )
- [Penetration Testing: A Hands-On Introduction to Hacking ](http://amzn.to/2dhHTSn )
- [The Hacker Playbook 2: Practical Guide to Penetration Testing ](http://amzn.to/2d9wYKa )
- [The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition ](http://a.co/6MqC9bD )
- [The Mobile Application Hacker’ s Handbook ](http://amzn.to/2cVOIrE )
- [Black Hat Python: Python Programming for Hackers and Pentesters ](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900 )
- [Metasploit: The Penetration Tester's Guide ](https://www.nostarch.com/metasploit )
- [The Database Hacker's Handbook, David Litchfield et al., 2005 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html )
- [The Shellcoders Handbook by Chris Anley et al., 2007 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html )
- [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html )
- [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html )
- [iOS Hackers Handbook by Charlie Miller et al., 2012 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html )
- [Android Hackers Handbook by Joshua J. Drake et al., 2014 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html )
- [The Browser Hackers Handbook by Wade Alcorn et al., 2014 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html )
- [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015 ](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html )
- [Car Hacker's Handbook by Craig Smith, 2016 ](https://www.nostarch.com/carhacking )
2018-08-11 22:17:58 +00:00
## More resources
2018-03-23 12:53:53 +00:00
### Blogs/Websites
2018-08-13 10:01:13 +00:00
- [BUG BOUNTY FIELD MANUAL: THE DEFINITIVE GUIDE FOR PLANNING, LAUNCHING, AND OPERATING A SUCCESSFUL BUG BOUNTY PROGRAM ](https://www.hackerone.com/blog/the-bug-bounty-field-manual )
- [How to become a Bug Bounty Hunter - Sam Houston ](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102 )
- [Tips from Top Hackers – Bug Hunting methodology and the importance of writing quality submissions - Sam Houston ](https://www.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions/ )
- [ARNE SWINNEN'S SECURITY BLOG JUST ANOTHER INFOSEC BLOG ](https://www.arneswinnen.net )
- [XSS Jigsaw - innerht.ml ](https://blog.innerht.ml )
- [ZeroSec Blog: Featuring Write-Ups, Projects & Adventures ](https://blog.zsec.uk/tag/ltr101/ )
2017-02-07 08:53:48 +00:00
2018-03-26 13:47:44 +00:00
### Youtube
2018-08-11 22:17:58 +00:00
2018-08-13 10:01:13 +00:00
- [Hunting for Top Bounties - Nicolas Grégoire ](https://www.youtube.com/watch?v=mQjTgDuLsp4 )
- [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen ](https://www.youtube.com/watch?v=dsekKYNLBbc )
- [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén ](https://www.youtube.com/watch?v=KDo68Laayh8 )
- [IppSec Channel - Hack The Box Writeups ](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA )
2018-08-11 22:17:58 +00:00
### Docker
2018-08-13 10:01:13 +00:00
2018-08-11 22:17:58 +00:00
| Command | Link |
| :------------- | :------------- |
| `docker pull remnux/metasploit` | [docker-metasploit ](https://hub.docker.com/r/remnux/metasploit/ ) |
| `docker pull paoloo/sqlmap` | [docker-sqlmap ](https://hub.docker.com/r/paoloo/sqlmap/ ) |
| `docker pull kalilinux/kali-linux-docker` | [official Kali Linux ](https://hub.docker.com/r/kalilinux/kali-linux-docker/ ) |
| `docker pull owasp/zap2docker-stable` | [official OWASP ZAP ](https://github.com/zaproxy/zaproxy ) |
| `docker pull wpscanteam/wpscan` | [official WPScan ](https://hub.docker.com/r/wpscanteam/wpscan/ ) |
| `docker pull infoslack/dvwa` | [Damn Vulnerable Web Application (DVWA) ](https://hub.docker.com/r/infoslack/dvwa/ ) |
2018-10-18 15:32:01 +00:00
| `docker run --name dvna -p 9090:9090 -d appsecco/dvna:sqlite` | [Damn Vulnerable NodeJS Application ](https://github.com/appsecco/dvna ) |
2018-08-11 22:17:58 +00:00
| `docker pull danmx/docker-owasp-webgoat` | [OWASP WebGoat Project docker image ](https://hub.docker.com/r/danmx/docker-owasp-webgoat/ ) |
| `docker pull opendns/security-ninjas` | [Security Ninjas ](https://hub.docker.com/r/opendns/security-ninjas/ ) |
| `docker pull ismisepaul/securityshepherd` | [OWASP Security Shepherd ](https://hub.docker.com/r/ismisepaul/securityshepherd/ ) |
| `docker-compose build && docker-compose up` | [OWASP NodeGoat ](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker ) |
| `docker pull citizenstig/nowasp` | [OWASP Mutillidae II Web Pen-Test Practice Application ](https://hub.docker.com/r/citizenstig/nowasp/ ) |
| `docker pull bkimminich/juice-shop` | [OWASP Juice Shop ](https://github.com/bkimminich/juice-shop#docker-container ) |