Commit Graph

1930 Commits

Author SHA1 Message Date
Swissky
a71a793648
Merge pull request #676 from dahalsharad/add-wcd-exploit-description-and-image
added Web Cache Deception exploit, description and demonstrative image
2023-10-08 19:10:05 +02:00
sharad
37a4f8c977 added wcd exploit description and demonstrative image 2023-10-04 22:54:37 +05:45
Swissky
892c68e6e7 PEAR_Config example 2023-10-02 17:12:36 +02:00
Swissky
837f220264 LFI with pearcmd.php 2023-10-02 12:52:10 +02:00
Swissky
55edc9fc74 Fix MySQL duplicate cheatsheet 2023-10-01 12:45:12 +02:00
Swissky
d142587f28 Race Condition WIP + AD asreproast/kerberoasting 2023-10-01 12:42:20 +02:00
Swissky
a0475a2f45
Merge pull request #675 from nuts7/kerberoast-without-preauth
Add Kerberoasting w/o domain account
2023-09-30 18:51:19 +02:00
Swissky
485103e9bb IDOR Numeric, Hash, Wildcard and PRNG 2023-09-25 14:15:48 +02:00
Swissky
84569e18e4
Merge pull request #674 from eltociear/patch-1
Fix typo in README.md
2023-09-22 14:50:49 +02:00
nuts7
0cea24cfcb Add Kerberoasting w/o domain account
This commit add a Kerberoasting technique without domain account/credentials just a user without pre-authentication (AS_REP Roastable)
2023-09-22 13:38:28 +02:00
Ikko Eltociear Ashimine
2aaeac91f8
Fix typo in README.md
appropiate -> appropriate
2023-09-22 00:11:33 +09:00
Swissky
83f1af0af0 Command injection update 2023-09-21 13:09:57 +02:00
Swissky
e9fb4f100c Google Web Toolkit 2023-09-19 09:58:22 +02:00
Swissky
59640ba51a MYSQL Wide byte injection (GBK) 2023-09-14 10:53:37 +02:00
Swissky
64a6e3eb04
Merge pull request #672 from manesec/master
Add MYSQL Wide byte injection
2023-09-14 10:25:12 +02:00
Mane
811d71026f
Update MySQL Injection.md
fix typo
2023-09-13 08:33:03 -07:00
Mane
9574af9dd1
Update MySQL Injection.md
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
2023-09-13 08:13:36 -07:00
Swissky
ed7c3a4e0c
Merge pull request #671 from Thy-GoD/patch-1
Add automatic shell upgrade via rustcat.
2023-09-09 10:50:33 +02:00
Thigh_GoD
c7549916b8
Update Reverse Shell Cheatsheet.md
Added small quality adjustment.
2023-09-09 03:51:35 +08:00
Thigh_GoD
cf9b9bf70c
Update Reverse Shell Cheatsheet.md
Added in automatic shell upgrade via rustcat.
2023-09-08 21:15:54 +08:00
Swissky
f9a2880ad5 Recover Public Key From Signed JWTs 2023-09-04 11:37:15 +02:00
Swissky
c030379871
Merge pull request #670 from superboy-zjc/master
Update Lodash SSTI
2023-09-03 17:30:52 +02:00
Swissky
a0c14e5299 SQL injections - WAF bypass 2023-09-03 14:26:03 +02:00
2h0ng
34da0e2708
Update Lodash SSTI
Update Lodash SSTI
2023-09-02 21:24:59 -04:00
Swissky
7752ff806f ASPNET Cookieless Bypass 2023-09-02 23:01:10 +02:00
Swissky
e879ca42a3
Merge pull request #668 from sethsec-bf/patch-1
Added CloudFox and CloudFoxable
2023-08-31 10:37:38 +02:00
Seth Art
339a51cd0d
Added CloudFox and CloudFoxable 2023-08-30 14:11:11 -04:00
Swissky
53ec79abd0 Initial Access Cheatsheet 2023-08-26 22:01:45 +02:00
Swissky
930044d7c1
Merge pull request #666 from dwisiswant0/feat/ssrf-add-tool
feat(SSRF): add tool
2023-08-26 12:50:56 +02:00
Swissky
9db39952e7
Merge pull request #667 from PakCyberbot/master-1
Update SQLite Injection.md
2023-08-26 12:50:06 +02:00
Pak Cyberbot
d5922f421c
Update SQLite Injection.md
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
2023-08-25 15:24:52 +05:00
Dwi Siswanto
63379b9291
feat(SSRF): add tool 2023-08-25 16:34:45 +07:00
Swissky
b0dfcfd438 Hidden Parameters 2023-08-24 22:15:11 +02:00
Swissky
e2e2da74ce
Merge pull request #664 from ScriptSathi/master
feat: Add Rust reverse shell for unix
2023-08-22 18:04:31 +02:00
Tristan D'audibert
aea130a1ac Add Rust reverse shell for unix 2023-08-21 17:50:11 +02:00
cfgs
538a7b024b feat: add cognito-scanner tool for AWS pentest 2023-08-08 10:41:54 +02:00
Vunnm
273da9e1b5
Add JSON simple with form
Add JSON simple paylaod with autosubmit form. Using autosubmit form instead of AJax, allow to bypass some protection like the Standard Enhanced Tracking Protection in Firfefox, which will refuse to send cookie with  cross-site  Ajax request (tested with Firefox 115.0.2esr),.
2023-08-05 14:39:33 +02:00
Swissky
d642e97d8d
Merge pull request #661 from emmanuel-ferdman/wip
fix: broken link on AWS Amazon Bucket S3 page
2023-07-26 14:20:27 +02:00
Emmanuel Ferdman
20b8870123
fix: broken link on AWS Amazon Bucket S3 page
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2023-07-26 15:09:56 +03:00
Swissky
e366ef9a13
Merge pull request #660 from yanncam/master
Added precision on the format, generation and breaking of NetNTLMv1
2023-07-25 15:28:12 +02:00
Yann CAM (ycam)
e80702d599
More details on NetNTLMv1 + typos
More details on NetNTLMv1 + typos
2023-07-25 11:31:35 +02:00
Yann CAM (ycam)
4336cb1fd5
Update NetNTLMv1 breaking methodology
Add SHuck.Sh/ShuckNT process and details.
2023-07-25 11:11:36 +02:00
Swissky
b715364547 Fix typo 2023-07-18 22:19:29 +02:00
Swissky
52ef85a830 WebSocket Tools 2023-07-18 22:17:51 +02:00
Swissky
fbc43be79f Merge pull requests 2023-07-18 18:24:14 +02:00
Swissky
87e6f55e16 Error Based XXE - Local DTD 2023-07-18 18:23:34 +02:00
Swissky
359b9b435e
Merge pull request #659 from preemptible/patch-1
Update BOOKS.md
2023-07-18 10:21:23 +02:00
Swissky
3de6c41823
Merge pull request #658 from NaxnN/patch-2
Update SQLite Injection.md
2023-07-18 10:20:20 +02:00
preemptible
6d12abb4ec
Update BOOKS.md
I added 'black hat Rust', a great book in my humble opinion.
2023-07-18 11:16:36 +03:00
KeoOp
d5f85f13d5
Update SQLite Injection.md
add "group_concat" so that all tables can be extracted once when the query only returns the first item
2023-07-16 23:44:00 +08:00