Swissky
86e8feca7c
Merge pull request #499 from p3n7a90n/NosqliPayloads
...
Added basic SSJI paylods
2022-09-06 23:17:12 +02:00
Swissky
26e9cb6dc1
Merge pull request #504 from MilyMilo/master
...
Add new ruby yaml gadget chain
2022-09-06 23:16:13 +02:00
Swissky
fb7f10eab8
Merge pull request #485 from ajdumanhug/master
...
SSRF: Don't encode entire IP
2022-09-06 23:15:20 +02:00
Swissky
8d609b1460
Update README.md
2022-09-06 23:15:12 +02:00
Swissky
84fa229a44
Merge pull request #463 from nismo-s13/master
...
Delete Parser & Curl < 7.54.png
2022-09-06 23:13:55 +02:00
Swissky
3e8ef29223
Merge pull request #536 from CravateRouge/patch-1
...
Update bloodyAD attacks
2022-09-06 19:32:21 +02:00
CravateRouge
dad7362da6
Update bloodyAD attacks
2022-09-06 19:13:34 +02:00
Swissky
191a72c57e
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f
Fixing TGS/ST
2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
...
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472
SCCM Network Account
2022-09-04 20:51:23 +02:00
Swissky
fae02107df
Jetty RCE Credits
2022-09-04 14:24:16 +02:00
Swissky
4bc5f724b2
Moving learning resources into a specific folder
2022-09-03 16:17:23 +02:00
Swissky
811863501b
ESC9 - No Security Extension
2022-09-03 12:07:24 +02:00
Swissky
b1c46228c2
Merge pull request #535 from Techbrunch/patch-11
...
Add Django Templates SSTI
2022-08-30 14:43:38 +02:00
Techbrunch
7850928d41
Add detection
2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2
Add Django Templates SSTI
2022-08-30 13:50:03 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
...
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04
LFI2RCE - Picture Compression - SOCKS5 CS
2022-08-21 16:38:54 +02:00
Swissky
e7af5aeb84
Merge pull request #532 from wlayzz/patch-2
...
Update java ssti
2022-08-19 16:25:00 +02:00
Wlayzz
961d935623
Update java ssti
...
fix little inattention
2022-08-19 16:22:39 +02:00
Swissky
b25f461b6e
Merge pull request #531 from wlayzz/patch-1
...
Update Java SSTI
2022-08-19 15:16:46 +02:00
Wlayzz
8d70f262ae
Update Java SSTI
...
Adding variable expressions alternative for java injection
2022-08-19 15:04:52 +02:00
Swissky
804920be62
Source Code Management
2022-08-18 10:43:01 +02:00
Swissky
abc78a6a67
Merge pull request #528 from denandz/patch-1
...
Add multipart/form-data CSRF technique
2022-08-17 14:24:34 +02:00
DoI
b3e6220da6
Add multipart/form-data CSRF technique
2022-08-17 09:29:05 +12:00
Swissky
6650c361e7
Capture a network trace with builtin tools
2022-08-15 15:02:29 +02:00
Swissky
55e05b4b17
Merge pull request #527 from natrajms/patch-2
...
Updating Reference section hyperlinks
2022-08-15 11:40:15 +02:00
Natraj Sangashetty
1bd82af11e
Updating Reference section hyperlinks
2022-08-15 11:15:33 +05:30
nerrorsec
418285b7f6
Boolean - Extract info (order by)
2022-08-13 10:07:54 +05:45
mr.The
f82efffbc7
Boolean error based* instead of just error based
2022-08-12 18:36:43 +03:00
mr.The
0d9a2354e5
Add error-based vector for the sqlite
2022-08-12 18:33:44 +03:00
Swissky
683167d4e9
Merge pull request #521 from mh4ckt3mh4ckt1c4s/ssti-detection
...
Add SSTI detection payload + related resource
2022-08-09 22:09:15 +02:00
Swissky
11271d9072
Jetty RCE
2022-08-09 22:06:55 +02:00
Swissky
fa849c00f2
Jetty RCE + Upload tricks
2022-08-09 22:05:45 +02:00
Swissky
919fee6320
Merge pull request #524 from its0x08/master
...
fix: Fix spelling
2022-08-09 14:05:19 +02:00
its0x08
31b213227e
fix: Fix more spelling
2022-08-09 11:05:40 +02:00
its0x08
fc1f3b25a7
fix: Fix spelling
2022-08-09 11:02:21 +02:00
Swissky
55c9689487
Merge pull request #522 from aelmosalamy/patch-1
...
Typo fix
2022-08-08 22:08:20 +02:00
Adham Elmosalamy
1b2471265a
Typo fix
2022-08-08 16:08:55 +04:00
mh4ckt3mh4ckt1c4s
9d274a39a4
Add SSTI detection payload + related resource
2022-08-05 20:05:20 +02:00
Swissky
7fe0a0475e
Docker Escape cgroup
2022-08-05 12:26:31 +02:00
Swissky
835d6fffe0
Shadow Credentials
2022-08-05 12:00:41 +02:00
Swissky
52e255cb75
Merge pull request #520 from sebch-/patch-1
...
Update Active Directory Attack.md
2022-08-03 19:20:11 +02:00
Swissky
fe1fa242ba
Merge pull request #519 from spidyhackx/patch-1
...
typo
2022-08-03 19:19:40 +02:00
Spidycodes
bb6c9ed172
typo
2022-08-02 21:48:07 +00:00
Seb
310338b279
Update Active Directory Attack.md
...
Find AD
2022-08-02 15:09:23 +02:00
Swissky
e386a110d9
Find DC
2022-07-27 17:23:30 +02:00
Swissky
83c4658ff8
Merge pull request #517 from svewa/master
...
Twig in Wordpress
2022-07-24 13:22:24 +02:00
s. vewa
33d632df4e
Twig in Wordpress
...
Was very unsuccessful with the given Twig examples, quotes were escaped so got invalid, file_excerpt threw an error, too. Include and also injecting the file name helped. Don't know if this is a wordpress thing...
2022-07-24 12:30:09 +02:00