From 118924f291241837eb5cc992b036f63c83e7903f Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Tue, 12 Nov 2024 19:01:34 +0100 Subject: [PATCH] Challenges added for CRLF, Command Injection, File Inclusion --- CRLF Injection/README.md | 5 +++-- Command Injection/README.md | 5 ++++- File Inclusion/README.md | 9 +++++++++ GraphQL Injection/README.md | 4 ++-- Type Juggling/README.md | 3 ++- 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/CRLF Injection/README.md b/CRLF Injection/README.md index bf75112..33e12d4 100644 --- a/CRLF Injection/README.md +++ b/CRLF Injection/README.md @@ -11,7 +11,7 @@ * [Add a cookie](#add-a-cookie) * [Add a cookie - XSS Bypass](#add-a-cookie---xss-bypass) * [Write HTML](#write-html) -* [Filter Bypass](#filter-bypass) + * [Filter Bypass](#filter-bypass) * [Labs](#labs) * [References](#references) @@ -97,7 +97,7 @@ Content-Length: 34 ``` -## Filter Bypass +### Filter Bypass Using UTF-8 encoding @@ -116,6 +116,7 @@ Remainder: ## Labs * [PortSwigger - HTTP/2 request splitting via CRLF injection](https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection) +* [Root Me - CRLF](https://www.root-me.org/en/Challenges/Web-Server/CRLF) ## References diff --git a/Command Injection/README.md b/Command Injection/README.md index c0bd640..ff9385a 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -423,7 +423,10 @@ In Unix-like command-line interfaces, the `--` symbol is used to signify the end * [PortSwigger - Blind OS command injection with output redirection](https://portswigger.net/web-security/os-command-injection/lab-blind-output-redirection) * [PortSwigger - Blind OS command injection with out-of-band interaction](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band) * [PortSwigger - Blind OS command injection with out-of-band data exfiltration](https://portswigger.net/web-security/os-command-injection/lab-blind-out-of-band-data-exfiltration) - +* [Root Me - PHP - Command injection](https://www.root-me.org/en/Challenges/Web-Server/PHP-Command-injection) +* [Root Me - Command injection - Filter bypass](https://www.root-me.org/en/Challenges/Web-Server/Command-injection-Filter-bypass) +* [Root Me - PHP - assert()](https://www.root-me.org/en/Challenges/Web-Server/PHP-assert) +* [Root Me - PHP - preg_replace()](https://www.root-me.org/en/Challenges/Web-Server/PHP-preg_replace) ### Challenge diff --git a/File Inclusion/README.md b/File Inclusion/README.md index 879c121..c1a0c00 100644 --- a/File Inclusion/README.md +++ b/File Inclusion/README.md @@ -41,6 +41,7 @@ - [LFI to RCE via PHP sessions](#lfi-to-rce-via-php-sessions) - [LFI to RCE via PHP PEARCMD](#lfi-to-rce-via-php-pearcmd) - [LFI to RCE via credentials files](#lfi-to-rce-via-credentials-files) +- [Labs](#labs) - [References](#references) @@ -661,6 +662,14 @@ Another way to gain SSH access to a Linux machine through LFI is by reading the If SSH is active check which user is being used `/proc/self/status` and `/etc/passwd` and try to access `//.ssh/id_rsa`. +## Labs + +* [Root Me - Local File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion) +* [Root Me - Local File Inclusion - Double encoding](https://www.root-me.org/en/Challenges/Web-Server/Local-File-Inclusion-Double-encoding) +* [Root Me - Remote File Inclusion](https://www.root-me.org/en/Challenges/Web-Server/Remote-File-Inclusion) +* [Root Me - PHP - Filters](https://www.root-me.org/en/Challenges/Web-Server/PHP-Filters) + + ## References * [Baby^H Master PHP 2017 - Orange Tsai (@orangetw) - Dec 5, 2021](https://github.com/orangetw/My-CTF-Web-Challenges#babyh-master-php-2017) diff --git a/GraphQL Injection/README.md b/GraphQL Injection/README.md index 0a51708..8a23a1e 100644 --- a/GraphQL Injection/README.md +++ b/GraphQL Injection/README.md @@ -22,8 +22,8 @@ - [JSON list based batching](#json-list-based-batching) - [Query name based batching](#query-name-based-batching) - [Injections](#injections) - - [NOSQL injection](#nosql-injection) - - [SQL injection](#sql-injection) + - [NOSQL injection](#nosql-injection) + - [SQL injection](#sql-injection) - [Labs](#labs) - [References](#references) diff --git a/Type Juggling/README.md b/Type Juggling/README.md index 31a9e53..97abf16 100644 --- a/Type Juggling/README.md +++ b/Type Juggling/README.md @@ -144,7 +144,8 @@ The exploitation phase is the following: ## Labs -* [Root Me - PHP - type juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling) +* [Root Me - PHP - Type Juggling](https://www.root-me.org/en/Challenges/Web-Server/PHP-type-juggling) +* [Root Me - PHP - Loose Comparison](https://www.root-me.org/en/Challenges/Web-Server/PHP-Loose-Comparison) ## References