Swissky
229502c497
Update Linux - Persistence.md
2020-09-23 17:29:34 +02:00
Swissky
a478356f43
MySQL Fast Exploitation using json_arrayagg()
2020-09-23 17:19:34 +02:00
Swissky
4d5c10965d
Account Takeover
2020-09-19 11:30:32 +02:00
Swissky
1a0e31a05e
Zero Logon - Restore pwd
2020-09-18 21:21:55 +02:00
Swissky
f4ef56fca0
Mimikatz Zerologon + reset pwd
2020-09-17 14:05:54 +02:00
Swissky
62678c26ce
.NET Zero Logon
2020-09-16 14:31:59 +02:00
Swissky
14586e4d7a
ZeroLogon via Mimikatz
2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2
CVE-2020-1472 Unauthenticated domain controller compromise
2020-09-14 23:06:09 +02:00
Swissky
20dadc9815
PHP Phar Deserialization
2020-09-10 15:26:16 +02:00
Swissky
543f63d7de
PHP POP Chain
2020-09-10 15:15:53 +02:00
Swissky
ddabfd7531
Merge pull request #244 from noraj/patch-1
...
LDAP: add SSH key authentication via LDAP
2020-09-09 13:21:34 +02:00
Alexandre ZANNI
93751d8650
add SSH key authentication via LDAP
2020-09-09 12:15:07 +02:00
Swissky
6c1e3402e0
Merge pull request #243 from noraj/patch-1
...
LDAP: fix AdmYSsion link + add 2 tutorials
2020-09-09 10:58:18 +02:00
Alexandre ZANNI
9554aa2ed9
fix AdmYSsion link + add 2 tutorials
2020-09-09 09:57:21 +02:00
Swissky
bcd700c951
AWS API calls that return credentials - kmcquade
2020-09-06 17:11:30 +02:00
Swissky
b5e511c03b
Merge pull request #242 from maxrodrigo/master
...
Fix PHP XSS data collector line breaks
2020-09-05 11:46:08 +02:00
Max Rodrigo
2f40961990
Fix PHP XSS data collector line breaks
2020-09-05 10:36:58 +02:00
Swissky
83fbdb906b
Merge pull request #240 from Laxa/master
...
Fix typos
2020-09-03 14:16:36 +02:00
laxa
b4d9ee0634
Fix typos
2020-09-03 13:57:46 +02:00
zero77
f1d55a132a
Update Linux - Persistence.md
2020-09-02 09:43:25 +00:00
Swissky
734bb7ce98
Merge pull request #238 from cnotin/patch-1
...
Remove "Leaked API keys" section
2020-09-01 11:48:56 +02:00
Clément Notin
6865492a6b
Remove "Leaked API keys" section
...
It's in the "API Key Leaks" folder now and the content is already present there
2020-08-31 23:54:48 +02:00
Swissky
9a372ec810
Merge pull request #237 from chr-ge/master
...
Added missing word
2020-08-26 11:56:38 +02:00
chr-ge
88f8b7d1aa
Added missing word
2020-08-25 23:14:33 +00:00
Swissky
426c2be37e
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings into master
2020-08-25 14:39:19 +02:00
Swissky
f431ea7166
HTTP Request Smuggling
2020-08-25 14:38:28 +02:00
Swissky
3ef51a12ce
Update README.md
2020-08-22 23:45:49 +02:00
Swissky
75a0f34bdc
Merge pull request #236 from Techbrunch/patch-9
...
Update README.md
2020-08-19 16:30:32 +02:00
Swissky
845326dd61
Merge pull request #235 from Techbrunch/patch-7
...
Update README.md
2020-08-19 16:30:15 +02:00
Techbrunch
502a8121b4
Update README.md
...
Add reference to debug tag for Jinja2
2020-08-19 14:46:43 +02:00
Techbrunch
76e6f7dc95
Update README.md
...
Add Handlebars payload
2020-08-19 14:20:18 +02:00
Swissky
cc95f4e386
AD - Forest to Forest compromise
2020-08-18 09:33:38 +02:00
Swissky
6e526de7b4
Merge pull request #234 from justin-p/patch-1
...
Added GenericWrite example for values used by the Remote Connection Manager.
2020-08-17 15:35:26 +02:00
Justin Perdok
f11c45650b
Update Active Directory Attack.md
2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128
Update Active Directory Attack.md
2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa
GenericWrite and Remote Connection Manager
...
Added content from https://sensepost.com/blog/2020/ace-to-rce/
2020-08-17 13:00:04 +00:00
Swissky
d386790fd2
Merge pull request #233 from virenpawar/patch-1
...
[Update] Added 1 payload
2020-08-17 12:03:46 +02:00
Viren Pawar
0266a7dd67
[Update] Added 1 payload
...
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here:
https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x= {{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
2020-08-15 16:29:13 +05:30
Swissky
d1104d6ce1
Merge pull request #230 from bsysop/patch-2
...
Typo in Excel extension name
2020-08-12 12:46:49 +02:00
bsysop
93f321879f
Typo in Excel extension name
2020-08-11 21:35:36 -03:00
Swissky
d00d7c9788
Banner HD with credit
2020-08-10 11:36:18 +02:00
Swissky
33129f2b4c
Silver Ticket with services list
2020-08-09 19:25:03 +02:00
Swissky
c7e3ea005e
Powershell Remoting
2020-08-09 12:15:56 +02:00
Swissky
268b4c2d47
Merge pull request #229 from DeWaRs1206/master
...
Fix Corsy link URL
2020-07-29 18:08:48 +02:00
Emmanuel Iturbide
fbf896edf1
Fix Corsy link URL
2020-07-29 17:53:07 +02:00
Swissky
767eb04af6
Persistence - Typo
2020-07-21 19:48:57 +02:00
Swissky
ca9326b5fc
Driver Privilege Escalation
2020-07-13 15:00:36 +02:00
Swissky
dd40ddd233
XSS summary subentries + GraphTCP
2020-07-12 14:44:33 +02:00
Swissky
94f6e31905
Merge pull request #227 from HLOverflow/PostgresqlFilterBypass
...
Postgresql filter bypass
2020-07-12 10:49:22 +02:00
hloverflow
2e7b9db94b
Corrected Reference to 2009 paper
2020-07-12 13:21:18 +08:00