Commit Graph

1339 Commits

Author SHA1 Message Date
Swissky
89f906f7a8 Fix issue - C reverse shell 2020-04-21 11:17:39 +02:00
Swissky
95fed140ec Fix - SSTI Payloads 2020-04-21 11:13:19 +02:00
Swissky
0de5cb7123
Merge pull request #186 from Techbrunch/patch-6
Add insomnia to GraphQL list of tools
2020-04-21 10:56:59 +02:00
Techbrunch
ade039c1bc
Add insomnia to GraphQL list of tools 2020-04-21 10:49:47 +02:00
Swissky
1d8414c703 ASP.NET Razor SSTI 2020-04-18 21:18:22 +02:00
Swissky
af6760ef7a RoadRecon + JSON None refs 2020-04-17 16:34:51 +02:00
chiv
7e7f5e7628 Added SSTI RCE bypass payload for Jinja2 2020-04-13 18:48:43 +01:00
chiv
cc3b05017d Added a new RCE payload to Jinja2 SSTI bypasses 2020-04-13 18:44:16 +01:00
Swissky
44e676ea70
Merge pull request #182 from thibaudrobin/patch-1
Add others shell on reverse shell cheatsheet
2020-04-13 19:42:58 +02:00
Swissky
a19fd013fb
Merge pull request #181 from SecGus/master
Added RCE SSTI Jinja2 Bypass payload developed by SecGus (chivato)
2020-04-13 19:42:14 +02:00
Th1b4ud
29194a8ef1
Add others shell on reverse shell cheatsheet
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
Swissky
bc8dd0b784
Merge pull request #180 from mindfuckup/master
Added: Other CORS Misconfigurations
2020-04-12 17:51:52 +02:00
Emanuel Duss
54e3887077 Added PortSwigger Web Security Academy CORS Link 2020-04-12 15:12:34 +02:00
Emanuel Duss
3e5b367224 Added CORS Exploit when wildcard origin is allowed 2020-04-12 15:06:28 +02:00
Emanuel Duss
f120024c6b Added CORS exploitation with strict trusted origin whitelist using XSS 2020-04-12 14:57:04 +02:00
Emanuel Duss
48fcdeb7ca Some clarification in the exploit code 2020-04-12 14:38:52 +02:00
Emanuel Duss
4537555714 Added: CORS Misconfiguration with Null Origin allowed 2020-04-12 14:30:16 +02:00
Swissky
dd42b44011
Merge pull request #179 from mindfuckup/master
Added: Cross-Site WebSocket Hijacking (CSWSH)
2020-04-11 18:26:22 +02:00
Emanuel Duss
930a3a0d8c Added: Cross-Site WebSocket Hijacking (CSWSH) 2020-04-11 16:24:32 +02:00
Swissky
89e49b676d
Merge pull request #178 from Techbrunch/patch-4
Create web.web.config
2020-04-08 19:26:31 +02:00
Techbrunch
5902da38e4
Create web.web.config
Source: https://gist.github.com/gazcbm/ea7206fbbad83f62080e0bbbeda77d9c
2020-04-08 19:14:30 +02:00
Swissky
cea982c062 GraphQL Voyager - Represent any GraphQL API as an interactive graph 2020-04-04 22:33:28 +02:00
Swissky
6e7af5a267 Docker Registry - Pull/Download 2020-04-04 18:27:41 +02:00
Swissky
f748af16d2
Merge pull request #176 from Anon-Exploiter/patch-1
Using JWT's module to encode payload with type `None`
2020-04-04 14:49:37 +02:00
Syed Umar Arfeen
c9fcb58d57
Using JWT's module to encode payload with type None
Before the JWT was being encoded/decoded and that was done manually. The JWT's module does all that without manual decoding and splitting. 

This PR contains the code to encode the JWT token with type None while using JWT's library in python.
2020-04-04 16:03:56 +05:00
Swissky
78bd0867fe
Merge pull request #175 from 3rg1s/master
Update SQLite Injection.md
2020-04-04 02:22:44 +02:00
fuxsocy.py
009a2f9276
Update SQLite Injection.md
Added new link location for the pdf.
2020-04-03 23:15:05 +00:00
Swissky
b5cc379c4b
Merge pull request #173 from SakiiR/sakiir
Added filter(system) twig RCE
2020-03-30 09:28:58 +02:00
SakiiR SakiiR
38c273ff00 Added IFS (WAF bypass) to Symfony Twig RCE 2020-03-29 23:23:26 +02:00
SakiiR SakiiR
8b78c2fe71 Added filter(system) twig RCE 2020-03-29 23:19:27 +02:00
Swissky
231e41a59b Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2020-03-29 22:35:26 +02:00
Swissky
268d85b4bf Symfony SSTI Twig RCE 2020-03-29 22:34:26 +02:00
Swissky
0ba5ad3e71
Merge pull request #172 from bash-c/patch-1
Delete unnecessary escape characters
2020-03-29 20:23:25 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586 Docker escape and exploit 2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e CloudTrail disable, GraphQL tool 2020-03-28 12:01:56 +01:00
Swissky
d489597357
Merge pull request #169 from guenicoe/patch-1
added cmd on the USOSVC vuln
2020-03-24 21:17:37 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
Swissky
173366dc65
Merge pull request #167 from PixeLInc/patch-1
Remove example from win priv esc
2020-03-23 23:27:10 +01:00
PixeL
1b190939c4
Remove example from win priv esc
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.

This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Swissky
6c38274bdb
Merge pull request #166 from fanixk/patch-1
Update Windows - Privilege Escalation.md
2020-03-22 21:56:05 +01:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
4303caa08c README - Summary update 2020-03-19 12:03:32 +01:00
Swissky
1538ccd7f2 Gaining AWS Console Access via API Keys 2020-03-19 11:59:49 +01:00
Swissky
57b500b48e
Merge pull request #165 from HLOverflow/master
More Bash tricks to bypass Command Injection filtering
2020-03-14 18:45:55 +01:00
HLOverflow
97dffcdc40
Update README.md 2020-03-15 01:11:47 +08:00
HLOverflow
3e184c10f9
Added additional character filter bypasses 2020-03-15 01:09:28 +08:00
Swissky
70182d32c9
Merge pull request #164 from Techbrunch/patch-3
Update AWS SSRF tips
2020-03-11 16:33:27 +01:00
Techbrunch
3abf2aff2a
Update AWS SSRF tips
Added http://instance-data
2020-03-11 15:20:51 +01:00
Swissky
c20f84d09c
Merge pull request #163 from SecGus/master
Improvement to the SSTI RCE
2020-03-09 20:06:32 +01:00