Swissky
|
8411a0640d
|
ESC4 - Access Control Vulnerabilities
|
2021-12-29 15:00:22 +01:00 |
|
Swissky
|
27768783ff
|
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
|
2021-12-29 14:52:20 +01:00 |
|
Swissky
|
e3fb516747
|
MAQ + WEBDAV
|
2021-12-29 14:48:42 +01:00 |
|
Swissky
|
d8dd64e8e3
|
Merge pull request #470 from noraj/patch-1
update PowerGPOAbuse task command
|
2021-12-22 16:22:46 +01:00 |
|
Alexandre ZANNI
|
a430cfcc4e
|
update PowerGPOAbuse task command
|
2021-12-22 16:09:07 +01:00 |
|
Swissky
|
210a2b3081
|
Merge pull request #468 from Zeecka/MySQL-Error-Based-Payload
Add NAME_CONST for MySQL Error based injection
|
2021-12-16 13:38:45 +01:00 |
|
Alex G
|
a568270b15
|
Add NAME_CONST for MySQL Error based injection
|
2021-12-16 12:11:25 +01:00 |
|
Swissky
|
0d6d6049ce
|
AD + Log4shell + Windows Startup
|
2021-12-16 09:52:51 +01:00 |
|
Swissky
|
31c8a263c3
|
Merge pull request #467 from gitmalet/patch-1
Update SQL Injection/SQLite Injection.md
|
2021-12-14 22:09:26 +01:00 |
|
malet
|
4ab2649317
|
Fixing "RCE - Attach Database" Payload
The old payload doesn't work for many cases as the `php` in `<?php` is missing.
|
2021-12-14 19:54:41 +01:00 |
|
Swissky
|
5714b9c9d7
|
samAccountName spoofing + Java RMI
|
2021-12-13 20:42:31 +01:00 |
|
Swissky
|
10974722b1
|
BloodHound Custom Queries + MSSQL CLR
|
2021-12-12 23:04:35 +01:00 |
|
Swissky
|
19c7d1c9e8
|
Merge pull request #412 from A1vinSmith/master
Replace the web.config with the far better version web.web.config
|
2021-12-08 21:53:34 +01:00 |
|
Swissky
|
5974773387
|
Merge pull request #464 from BrianStadnicki/master
SQLite Injection add extract database structure
|
2021-12-07 09:30:15 +01:00 |
|
Brian Stadnicki
|
03427da534
|
SQLite Injection add extract database structure
|
2021-12-07 06:51:27 +00:00 |
|
Swissky
|
ccc1186997
|
Merge pull request #461 from CravateRouge/master
Add alternatives for AD ACL abuse from Linux
|
2021-11-15 17:46:39 +01:00 |
|
CravateRouge
|
8da5f36f85
|
Add alternatives for AD ACL abuse from Linux
|
2021-11-15 17:36:05 +01:00 |
|
Swissky
|
7647407266
|
Merge pull request #458 from Techbrunch/patch-10
Replace xip.io by nip.io
|
2021-11-09 13:57:22 +01:00 |
|
Swissky
|
21b3a0630f
|
Update README.md
|
2021-11-09 13:57:09 +01:00 |
|
Techbrunch
|
a614525b70
|
Replace xip.io by nip.io
xip.io appears to be dead
|
2021-11-09 11:15:44 +01:00 |
|
Swissky
|
3366f5eaac
|
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
Delete unused import
|
2021-11-07 21:16:37 +01:00 |
|
Swissky
|
a6eac592e1
|
Merge pull request #457 from noraj/patch-1
NoSQLi: add POST with urlencoded body
|
2021-11-07 21:16:06 +01:00 |
|
Alexandre ZANNI
|
e0f851e6e9
|
NoSQLi: add POST with urlencoded body
|
2021-11-07 17:49:50 +01:00 |
|
Swissky
|
7d9dd6806e
|
Powershell Cheatsheet
|
2021-11-06 19:14:47 +01:00 |
|
Swissky
|
6ff9a71237
|
Merge pull request #456 from DanielGrunberger/master
Add kubescape to kubernetes tools
|
2021-11-02 12:26:23 +01:00 |
|
DanielGrunberger
|
fb4775ce41
|
Add kubescape to kubernetes tools
|
2021-11-01 23:08:04 +02:00 |
|
Swissky
|
2daebdddff
|
Merge pull request #455 from h3xstream/master
SQL injection various additions
|
2021-11-01 10:38:44 +01:00 |
|
Philippe Arteau
|
4169e5d603
|
informa4on_schema => information_schema
(Copy-paste error)
|
2021-10-31 23:33:58 -04:00 |
|
Philippe Arteau
|
6c5e790234
|
SQLi: Whitespace alternatives + WAF Bypass
|
2021-10-31 23:25:08 -04:00 |
|
Swissky
|
1c8067a150
|
Relaying with WebDav Trick + Shadow Credential
|
2021-10-30 21:04:23 +02:00 |
|
Swissky
|
9d0efb90ea
|
Merge pull request #454 from seadog007/patch-1
Fixed typo
|
2021-10-30 11:04:18 +02:00 |
|
Swissky
|
c62fd81dad
|
Merge pull request #453 from h3xstream/master
Few filename fixes to allow Windows checkout
|
2021-10-30 11:03:57 +02:00 |
|
Li-Heng Yu
|
b223c66689
|
Fixed typo
|
2021-10-30 11:44:33 +08:00 |
|
Philippe Arteau
|
9d30f792d4
|
Remove filename with special characters.
The filename are already covered in `XSS Injection/README.md`
|
2021-10-29 12:56:55 -04:00 |
|
Philippe Arteau
|
16986febde
|
Remove filename with special characters.
The filename are already covered in `XSS Injection/README.md`
|
2021-10-29 12:56:41 -04:00 |
|
Philippe Arteau
|
7443da045a
|
Remove filename with special characters.
The filename are already covered in `XSS Injection/README.md`
|
2021-10-29 12:56:25 -04:00 |
|
Philippe Arteau
|
17e2833f1d
|
Rename file with less than symbol.
|
2021-10-29 12:26:45 -04:00 |
|
Swissky
|
e9c8953249
|
Merge pull request #452 from llamasoft/patch-1
Update Kubernetes readme.md
|
2021-10-29 10:04:57 +02:00 |
|
Marcus T
|
ab9e266b37
|
Update Kubernetes readme.md
Adds information about container environments, service accounts, and volumes
|
2021-10-28 19:28:01 -04:00 |
|
Swissky
|
ee03092eec
|
Merge pull request #451 from marcan2020/DNS-rebinding
DNS rebinding
|
2021-10-27 22:42:24 +02:00 |
|
marcan2020
|
0803cb04ee
|
Merge branch 'swisskyrepo:master' into DNS-rebinding
|
2021-10-27 16:20:23 -04:00 |
|
marcan2020
|
f26844f083
|
Add DNS rebinding
|
2021-10-27 16:19:56 -04:00 |
|
Swissky
|
e3373dd108
|
UnPAC The Hash + MachineKeys.txt
|
2021-10-26 21:56:39 +02:00 |
|
Swissky
|
add722d1c2
|
Merge pull request #450 from ahronmoshe/patch-3
Update README.md
|
2021-10-26 21:51:41 +02:00 |
|
ahronmoshe
|
a26867fdf9
|
Update README.md
|
2021-10-26 20:35:04 +03:00 |
|
Swissky
|
1a3058f40c
|
Device Code Phish
|
2021-10-24 20:07:46 +02:00 |
|
Swissky
|
d484212de9
|
Merge pull request #447 from mschader/patch-5
Update XXE Injection
|
2021-10-18 12:39:53 +02:00 |
|
Markus
|
46aabc8c8c
|
Update XXE Injection
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
|
2021-10-18 10:13:30 +02:00 |
|
Swissky
|
220e0efef6
|
Merge pull request #446 from noraj/patch-1
XXE: OOB via FTP + remote DTD for XSLX files
|
2021-10-17 18:52:17 +02:00 |
|
Alexandre ZANNI
|
d19b843111
|
XXE: OOB via FTP + remote DTD for XSLX files
better than the HTTP method, must robust approach, easier zip repackaging
|
2021-10-17 18:00:00 +02:00 |
|