Alex G
a568270b15
Add NAME_CONST for MySQL Error based injection
2021-12-16 12:11:25 +01:00
Swissky
0d6d6049ce
AD + Log4shell + Windows Startup
2021-12-16 09:52:51 +01:00
Swissky
31c8a263c3
Merge pull request #467 from gitmalet/patch-1
...
Update SQL Injection/SQLite Injection.md
2021-12-14 22:09:26 +01:00
malet
4ab2649317
Fixing "RCE - Attach Database" Payload
...
The old payload doesn't work for many cases as the `php` in `<?php` is missing.
2021-12-14 19:54:41 +01:00
Swissky
5714b9c9d7
samAccountName spoofing + Java RMI
2021-12-13 20:42:31 +01:00
Swissky
10974722b1
BloodHound Custom Queries + MSSQL CLR
2021-12-12 23:04:35 +01:00
Swissky
19c7d1c9e8
Merge pull request #412 from A1vinSmith/master
...
Replace the web.config with the far better version web.web.config
2021-12-08 21:53:34 +01:00
Swissky
5974773387
Merge pull request #464 from BrianStadnicki/master
...
SQLite Injection add extract database structure
2021-12-07 09:30:15 +01:00
Brian Stadnicki
03427da534
SQLite Injection add extract database structure
2021-12-07 06:51:27 +00:00
Swissky
ccc1186997
Merge pull request #461 from CravateRouge/master
...
Add alternatives for AD ACL abuse from Linux
2021-11-15 17:46:39 +01:00
CravateRouge
8da5f36f85
Add alternatives for AD ACL abuse from Linux
2021-11-15 17:36:05 +01:00
Swissky
7647407266
Merge pull request #458 from Techbrunch/patch-10
...
Replace xip.io by nip.io
2021-11-09 13:57:22 +01:00
Swissky
21b3a0630f
Update README.md
2021-11-09 13:57:09 +01:00
Techbrunch
a614525b70
Replace xip.io by nip.io
...
xip.io appears to be dead
2021-11-09 11:15:44 +01:00
Swissky
3366f5eaac
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
...
Delete unused import
2021-11-07 21:16:37 +01:00
Swissky
a6eac592e1
Merge pull request #457 from noraj/patch-1
...
NoSQLi: add POST with urlencoded body
2021-11-07 21:16:06 +01:00
Alexandre ZANNI
e0f851e6e9
NoSQLi: add POST with urlencoded body
2021-11-07 17:49:50 +01:00
Swissky
7d9dd6806e
Powershell Cheatsheet
2021-11-06 19:14:47 +01:00
Swissky
6ff9a71237
Merge pull request #456 from DanielGrunberger/master
...
Add kubescape to kubernetes tools
2021-11-02 12:26:23 +01:00
DanielGrunberger
fb4775ce41
Add kubescape to kubernetes tools
2021-11-01 23:08:04 +02:00
Swissky
2daebdddff
Merge pull request #455 from h3xstream/master
...
SQL injection various additions
2021-11-01 10:38:44 +01:00
Philippe Arteau
4169e5d603
informa4on_schema => information_schema
...
(Copy-paste error)
2021-10-31 23:33:58 -04:00
Philippe Arteau
6c5e790234
SQLi: Whitespace alternatives + WAF Bypass
2021-10-31 23:25:08 -04:00
Swissky
1c8067a150
Relaying with WebDav Trick + Shadow Credential
2021-10-30 21:04:23 +02:00
Swissky
9d0efb90ea
Merge pull request #454 from seadog007/patch-1
...
Fixed typo
2021-10-30 11:04:18 +02:00
Swissky
c62fd81dad
Merge pull request #453 from h3xstream/master
...
Few filename fixes to allow Windows checkout
2021-10-30 11:03:57 +02:00
Li-Heng Yu
b223c66689
Fixed typo
2021-10-30 11:44:33 +08:00
Philippe Arteau
9d30f792d4
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:55 -04:00
Philippe Arteau
16986febde
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:41 -04:00
Philippe Arteau
7443da045a
Remove filename with special characters.
...
The filename are already covered in `XSS Injection/README.md`
2021-10-29 12:56:25 -04:00
Philippe Arteau
17e2833f1d
Rename file with less than symbol.
2021-10-29 12:26:45 -04:00
Swissky
e9c8953249
Merge pull request #452 from llamasoft/patch-1
...
Update Kubernetes readme.md
2021-10-29 10:04:57 +02:00
Marcus T
ab9e266b37
Update Kubernetes readme.md
...
Adds information about container environments, service accounts, and volumes
2021-10-28 19:28:01 -04:00
Swissky
ee03092eec
Merge pull request #451 from marcan2020/DNS-rebinding
...
DNS rebinding
2021-10-27 22:42:24 +02:00
marcan2020
0803cb04ee
Merge branch 'swisskyrepo:master' into DNS-rebinding
2021-10-27 16:20:23 -04:00
marcan2020
f26844f083
Add DNS rebinding
2021-10-27 16:19:56 -04:00
Swissky
e3373dd108
UnPAC The Hash + MachineKeys.txt
2021-10-26 21:56:39 +02:00
Swissky
add722d1c2
Merge pull request #450 from ahronmoshe/patch-3
...
Update README.md
2021-10-26 21:51:41 +02:00
ahronmoshe
a26867fdf9
Update README.md
2021-10-26 20:35:04 +03:00
Swissky
1a3058f40c
Device Code Phish
2021-10-24 20:07:46 +02:00
Swissky
d484212de9
Merge pull request #447 from mschader/patch-5
...
Update XXE Injection
2021-10-18 12:39:53 +02:00
Markus
46aabc8c8c
Update XXE Injection
...
Slight QOL improvements for the recent changes of the chapter `XXE inside XLSX file`
2021-10-18 10:13:30 +02:00
Swissky
220e0efef6
Merge pull request #446 from noraj/patch-1
...
XXE: OOB via FTP + remote DTD for XSLX files
2021-10-17 18:52:17 +02:00
Alexandre ZANNI
d19b843111
XXE: OOB via FTP + remote DTD for XSLX files
...
better than the HTTP method, must robust approach, easier zip repackaging
2021-10-17 18:00:00 +02:00
Nir
4207479cce
Delete unused imports
2021-10-16 11:33:38 +03:00
Swissky
7e18158c3b
Merge pull request #444 from mschader/patch-4
...
Update Windows - Persistence.md
2021-10-14 09:51:35 +02:00
Markus
6584df310f
Update Windows - Persistence.md
...
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
Swissky
45821c00ea
Merge pull request #443 from Flower-dev/master
...
add links books
2021-10-12 21:03:23 +02:00
Flower Dev
1984797f96
add links books
2021-10-12 20:33:31 +02:00
Swissky
d2ca8d8016
Merge pull request #442 from Flower-dev/master
...
BOOKS.md : new books
2021-10-12 20:21:34 +02:00