ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-30 08:15:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,641 Commits 2 Branches 6 Tags 31 MiB
5966c3a21b
Commit Graph

1641 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mehtab Zafar
8dc1e3c5fe
Update TTY shell command for python 
Made the command to use python3 because mostly now the machines have python3 installed.
 2020-01-10 17:57:53 +05:30
Swissky
7ab6750655
Merge pull request #145 from ayomawdb/master 
Change IP and port to a common value across commands
 2020-01-09 12:44:19 +01:00
Ayoma Wijethunga
7f34c01794 Change IP and port to a common value across commands 2020-01-09 16:20:49 +05:30
Ayoma Wijethunga
96b9adb98b Change IP and port to a common value across commands 2020-01-09 16:17:35 +05:30
Swissky
742c7ee3c2 AppLocker rules 2020-01-06 23:03:54 +01:00
Swissky
71171fa78b SSRF exploiting WSGI 2020-01-05 22:11:28 +01:00
Swissky
3a9b9529cb Mimikatz - Credential Manager & DPAPI 2020-01-05 17:27:02 +01:00
Swissky
73abdeed71 Kerberos AD GPO 2020-01-05 16:28:00 +01:00
Swissky
b052f78d95 Blacklist3r and Machine Key 2020-01-02 23:33:04 +01:00
Swissky
97015e4f64
Merge pull request #143 from gdemarcsek/patch-1 
Added another PHP reverse shell payload
 2020-01-02 22:37:45 +01:00
György Demarcsek
9c188139ec
Added PHP reverse shell 
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
 2020-01-02 19:27:35 +01:00
Swissky
0850839b25
Merge pull request #142 from mikesiegel/mike_ssrf 
Added anti-SSRF header bypass for GCP
 2020-01-01 12:44:41 +01:00
mikesiegel
e024afc9f7 Added anti-SSRF header bypass for GCP. 2019-12-31 15:11:58 +00:00
mikesiegel
7aa2761e3e Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing. 2019-12-31 15:07:20 +00:00
Swissky
0a6ac284c9 AdminSDHolder Abuse 2019-12-30 19:55:47 +01:00
Swissky
bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky
4b10c5e302 AD mitigations 2019-12-26 12:09:23 +01:00
Swissky
1535c5f1b3 Kubernetes - Privileged Service Account Token 2019-12-20 11:33:25 +01:00
Swissky
cf5a4b6e97 XSLT injection draft 2019-12-17 21:13:59 +01:00
Swissky
02f714d479
Merge pull request #139 from nizam0906/patch-5 
Fixed Broken Links in Directory traversal
 2019-12-17 19:19:35 +01:00
Swissky
ada158cd60
Merge pull request #138 from nizam0906/patch-4 
Fixed Broken Links in Command Injection
 2019-12-17 19:18:54 +01:00
Swissky
4c96a5a6ef
Merge pull request #137 from nizam0906/patch-3 
Updated Summary and Fixed  Broken Links in CSRF
 2019-12-17 19:18:34 +01:00
Swissky
976403034c
Merge pull request #136 from nizam0906/patch-2 
Added Summary in CRLF
 2019-12-17 19:18:11 +01:00
nizam0906
6939499bed
Fixed Broken Links in Directory traversal 2019-12-17 22:35:35 +05:30
nizam0906
4de5a20376
Fixed Broken Links in Command Injection 2019-12-17 22:29:17 +05:30
nizam0906
156ea32217
Updated Summary and Fixed Broken Links in CSRF 2019-12-17 22:21:53 +05:30
nizam0906
d6d649e08f
Added Summary in CRLF 2019-12-17 22:12:35 +05:30
Swissky
4588cc2eee
Merge pull request #135 from nizam0906/patch-1 
Fixed Broken Links in API Key Leaks
 2019-12-17 17:39:55 +01:00
nizam0906
03762911a7
Fixed Broken Links in API Key Leaks 2019-12-17 21:59:19 +05:30
Swissky
896e262531 Privilege impersonation and GraphQL SQLi 2019-12-11 16:59:14 +01:00
Swissky
ba9fce83b1
Merge pull request #131 from js-kyle/angularjs 
clarify AngularJS vs Angular
 2019-12-07 12:01:08 +01:00
Kyle Martin
e95b0c34a3 clarify AngularJS vs Angular 2019-12-07 10:54:47 +13:00
Swissky
6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Swissky
21101ec287
Merge pull request #130 from clem9669/patch-3 
Bypass XSS filters on alert
 2019-12-03 15:40:22 +01:00
clem9669
286f7caaa3
Bypass XSS filters on alert 
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
 2019-12-03 15:24:24 +01:00
Swissky
e92126a16c
Merge pull request #129 from noraj/patch-2 
SSFR: add ref for docker
 2019-12-02 22:38:28 +01:00
Swissky
ac0239d332
Merge pull request #128 from noraj/patch-1 
XXE: add XXE via SVG rasterization
 2019-12-02 22:38:08 +01:00
Swissky
c125b35f98
Merge pull request #127 from trietptm/master 
Copy this -> Cut this
 2019-12-02 10:52:19 +01:00
Minh Triet Pham Tran
f44d014fc2
Copy this -> Cut this 
Change copy to cut instruction
 2019-12-02 12:59:54 +07:00
Swissky
c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky
06864b0ff8 Password spraying rewrite + Summary fix 2019-11-25 23:35:20 +01:00
Swissky
3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Swissky
886a0b9426
Merge pull request #125 from noraj/patch-3 
Ruby: add slim
 2019-11-16 23:49:11 +01:00
Alexandre ZANNI
6a398ca5c3
Ruby: add slim 2019-11-16 17:29:55 +01:00
Swissky
00684a10cd IIS asp shell with .asa, .cer, .xamlx 2019-11-16 14:53:42 +01:00
Swissky
639dc9faec .url file in writeable share 2019-11-14 23:54:57 +01:00
Swissky
3a384c34aa Password spray + AD summary re-org 2019-11-14 23:37:51 +01:00
Swissky
7f266bfda8 mitm ipv6 + macOS kerberoasting 2019-11-14 23:26:13 +01:00
Swissky
255a8c3660
Merge pull request #124 from yehgdotnet/patch-1 
Added new payloads from hahwul.com
 2019-11-14 14:21:31 +01:00
Myo Soe
eac33e7e10
Added new payloads 
Added new payloads from https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html

http://google.com\www.whitelisteddomain.tld
http://google.com&www.whitelisteddomain.tld
http:///////////google.com
\\google.com
http://www.whitelisteddomain.tld.google.com
 2019-11-14 18:26:35 +08:00