Commit Graph

2020 Commits

Author SHA1 Message Date
Swissky
d484212de9
Merge pull request #447 from mschader/patch-5
Update XXE Injection
2021-10-18 12:39:53 +02:00
Markus
46aabc8c8c
Update XXE Injection
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
2021-10-18 10:13:30 +02:00
Swissky
220e0efef6
Merge pull request #446 from noraj/patch-1
XXE: OOB via FTP + remote DTD for XSLX files
2021-10-17 18:52:17 +02:00
Alexandre ZANNI
d19b843111
XXE: OOB via FTP + remote DTD for XSLX files
better than the HTTP method, must robust approach, easier zip repackaging
2021-10-17 18:00:00 +02:00
Nir
4207479cce Delete unused imports 2021-10-16 11:33:38 +03:00
Swissky
7e18158c3b
Merge pull request #444 from mschader/patch-4
Update Windows - Persistence.md
2021-10-14 09:51:35 +02:00
Markus
6584df310f
Update Windows - Persistence.md
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
Swissky
45821c00ea
Merge pull request #443 from Flower-dev/master
add links books
2021-10-12 21:03:23 +02:00
Flower Dev
1984797f96 add links books 2021-10-12 20:33:31 +02:00
Swissky
d2ca8d8016
Merge pull request #442 from Flower-dev/master
BOOKS.md : new books
2021-10-12 20:21:34 +02:00
Flower Dev
f6ba0ddbff BOOKS.md : new books 2021-10-12 20:17:52 +02:00
Swissky
9688e6e88e
Merge pull request #441 from marcan2020/patch-12
Update breakout techniques
2021-10-11 23:13:38 +02:00
marcan2020
39a89e937a
Update breakout techniques
- Add a section on unassociated protocols
- Add paths to access filesystem via the address bar
- Fix Stick Keys link
- Fix Task Manager shortcut
- Add reference to HackTricks
2021-10-11 13:53:19 -04:00
Swissky
440b8d825e
Merge pull request #440 from mschader/patch-3
Update Hash Cracking Methodology
2021-10-11 18:11:48 +02:00
Markus
d1345b0016
Update Hash Cracking Methodology
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
2021-10-11 17:08:46 +02:00
Swissky
6c48d0ae49
Merge pull request #438 from mschader/patch-2
Update directory traversal wordlist
2021-10-11 10:13:43 +02:00
Markus
7e737baa23
Update directory traversal wordlist
Update the intruder wordlist to include CVE-2021-42013 (Traversal/RCE into Apache 2.4.49/2.4.50).
Also add some depth to the current fuzzing payloads to not miss /cgi-bin directories which are located deeper than 4 subdirectories.
2021-10-11 10:11:10 +02:00
Swissky
0a10a4d029
Merge pull request #437 from swisskyrepo/hash-cracking
Hash Cracking v0.1
2021-10-10 23:06:18 +02:00
Swissky
883c35a9e5 Hash Cracking v0.1 2021-10-10 23:05:01 +02:00
Swissky
c664a0ee09
Merge pull request #436 from stefanman125/patch-1
Added CVE-2021-41773 payload
2021-10-06 21:16:19 +02:00
Stefan
e4a1217200
Added CVE-2021-41773 payload 2021-10-06 11:10:25 -04:00
Swissky
382a6d57e2
Merge pull request #435 from p0dalirius/patch-2
Fixed typos, added links and better formatting in Active Directory Attack.md
2021-10-06 10:17:38 +02:00
p0dalirius
09b1b8984a Update Active Directory Attack.md 2021-10-06 09:05:49 +02:00
p0dalirius
8045496946 Update Active Directory Attack.md 2021-10-06 08:59:13 +02:00
p0dalirius
19b4bee7a0 Update Active Directory Attack.md 2021-10-06 08:54:16 +02:00
p0dalirius
e0b8bee5a6 Update Active Directory Attack.md 2021-10-06 08:45:44 +02:00
p0dalirius
25b6003229 Update Active Directory Attack.md 2021-10-06 08:29:59 +02:00
p0dalirius
ee53c960f0 Update Active Directory Attack.md 2021-10-06 08:24:51 +02:00
p0dalirius
6d816c6e4b Update Active Directory Attack.md 2021-10-06 08:23:07 +02:00
Podalirius
286b7c507e
Update Active Directory Attack.md 2021-10-06 08:15:51 +02:00
Swissky
acca37dc79
Merge pull request #434 from jaxBCD/patch-1
Update Oracle Sql injection.md add sql error
2021-10-04 17:54:05 +02:00
jaxBCD
11dc7bc2c2
Update Oracle Sql injection.md add sql error
Add some error point oracle sql injection
2021-10-04 22:52:48 +07:00
Swissky
3b5f23b4ea
Merge pull request #433 from stevenfranks/feature/update-books
Refactor Books Page
2021-10-04 10:37:12 +02:00
Swissky
e240bbe4a3
Merge pull request #432 from p0dalirius/ssti_payloads
Added ssti payloads to intruder "ssti.fuzz" wordlist.
2021-10-04 10:35:06 +02:00
Steven Franks
526f06e5c8
Update BOOKS.md 2021-10-04 09:24:14 +01:00
p0dalirius
9ce58c14ef Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
36dc8742c1 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
e65c5ed291 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
704a7415cf Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
861d13780b Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
8482f742ff Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
bb65411c62 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
24b2676f97 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
4313b4f373 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
9a63827cdb Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
d7faae081d Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
4345789297 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
5518c14388 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
19214a7db4 Update ssti.fuzz 2021-10-04 09:21:10 +02:00
p0dalirius
154c07780c Update ssti.fuzz 2021-10-04 09:21:10 +02:00