Swissky
a71a793648
Merge pull request #676 from dahalsharad/add-wcd-exploit-description-and-image
...
added Web Cache Deception exploit, description and demonstrative image
2023-10-08 19:10:05 +02:00
sharad
37a4f8c977
added wcd exploit description and demonstrative image
2023-10-04 22:54:37 +05:45
Swissky
892c68e6e7
PEAR_Config example
2023-10-02 17:12:36 +02:00
Swissky
837f220264
LFI with pearcmd.php
2023-10-02 12:52:10 +02:00
Swissky
55edc9fc74
Fix MySQL duplicate cheatsheet
2023-10-01 12:45:12 +02:00
Swissky
d142587f28
Race Condition WIP + AD asreproast/kerberoasting
2023-10-01 12:42:20 +02:00
Swissky
a0475a2f45
Merge pull request #675 from nuts7/kerberoast-without-preauth
...
Add Kerberoasting w/o domain account
2023-09-30 18:51:19 +02:00
Swissky
485103e9bb
IDOR Numeric, Hash, Wildcard and PRNG
2023-09-25 14:15:48 +02:00
Swissky
84569e18e4
Merge pull request #674 from eltociear/patch-1
...
Fix typo in README.md
2023-09-22 14:50:49 +02:00
nuts7
0cea24cfcb
Add Kerberoasting w/o domain account
...
This commit add a Kerberoasting technique without domain account/credentials just a user without pre-authentication (AS_REP Roastable)
2023-09-22 13:38:28 +02:00
Ikko Eltociear Ashimine
2aaeac91f8
Fix typo in README.md
...
appropiate -> appropriate
2023-09-22 00:11:33 +09:00
Swissky
83f1af0af0
Command injection update
2023-09-21 13:09:57 +02:00
Swissky
e9fb4f100c
Google Web Toolkit
2023-09-19 09:58:22 +02:00
Swissky
59640ba51a
MYSQL Wide byte injection (GBK)
2023-09-14 10:53:37 +02:00
Swissky
64a6e3eb04
Merge pull request #672 from manesec/master
...
Add MYSQL Wide byte injection
2023-09-14 10:25:12 +02:00
Mane
811d71026f
Update MySQL Injection.md
...
fix typo
2023-09-13 08:33:03 -07:00
Mane
9574af9dd1
Update MySQL Injection.md
...
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
2023-09-13 08:13:36 -07:00
Swissky
ed7c3a4e0c
Merge pull request #671 from Thy-GoD/patch-1
...
Add automatic shell upgrade via rustcat.
2023-09-09 10:50:33 +02:00
Thigh_GoD
c7549916b8
Update Reverse Shell Cheatsheet.md
...
Added small quality adjustment.
2023-09-09 03:51:35 +08:00
Thigh_GoD
cf9b9bf70c
Update Reverse Shell Cheatsheet.md
...
Added in automatic shell upgrade via rustcat.
2023-09-08 21:15:54 +08:00
Swissky
f9a2880ad5
Recover Public Key From Signed JWTs
2023-09-04 11:37:15 +02:00
Swissky
c030379871
Merge pull request #670 from superboy-zjc/master
...
Update Lodash SSTI
2023-09-03 17:30:52 +02:00
Swissky
a0c14e5299
SQL injections - WAF bypass
2023-09-03 14:26:03 +02:00
2h0ng
34da0e2708
Update Lodash SSTI
...
Update Lodash SSTI
2023-09-02 21:24:59 -04:00
Swissky
7752ff806f
ASPNET Cookieless Bypass
2023-09-02 23:01:10 +02:00
Swissky
e879ca42a3
Merge pull request #668 from sethsec-bf/patch-1
...
Added CloudFox and CloudFoxable
2023-08-31 10:37:38 +02:00
Seth Art
339a51cd0d
Added CloudFox and CloudFoxable
2023-08-30 14:11:11 -04:00
Swissky
53ec79abd0
Initial Access Cheatsheet
2023-08-26 22:01:45 +02:00
Swissky
930044d7c1
Merge pull request #666 from dwisiswant0/feat/ssrf-add-tool
...
feat(SSRF): add tool
2023-08-26 12:50:56 +02:00
Swissky
9db39952e7
Merge pull request #667 from PakCyberbot/master-1
...
Update SQLite Injection.md
2023-08-26 12:50:06 +02:00
Pak Cyberbot
d5922f421c
Update SQLite Injection.md
...
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
2023-08-25 15:24:52 +05:00
Dwi Siswanto
63379b9291
feat(SSRF): add tool
2023-08-25 16:34:45 +07:00
Swissky
b0dfcfd438
Hidden Parameters
2023-08-24 22:15:11 +02:00
Swissky
e2e2da74ce
Merge pull request #664 from ScriptSathi/master
...
feat: Add Rust reverse shell for unix
2023-08-22 18:04:31 +02:00
Tristan D'audibert
aea130a1ac
Add Rust reverse shell for unix
2023-08-21 17:50:11 +02:00
cfgs
538a7b024b
feat: add cognito-scanner tool for AWS pentest
2023-08-08 10:41:54 +02:00
Vunnm
273da9e1b5
Add JSON simple with form
...
Add JSON simple paylaod with autosubmit form. Using autosubmit form instead of AJax, allow to bypass some protection like the Standard Enhanced Tracking Protection in Firfefox, which will refuse to send cookie with cross-site Ajax request (tested with Firefox 115.0.2esr),.
2023-08-05 14:39:33 +02:00
Swissky
d642e97d8d
Merge pull request #661 from emmanuel-ferdman/wip
...
fix: broken link on AWS Amazon Bucket S3 page
2023-07-26 14:20:27 +02:00
Emmanuel Ferdman
20b8870123
fix: broken link on AWS Amazon Bucket S3 page
...
Signed-off-by: Emmanuel Ferdman <emmanuelferdman@gmail.com>
2023-07-26 15:09:56 +03:00
Swissky
e366ef9a13
Merge pull request #660 from yanncam/master
...
Added precision on the format, generation and breaking of NetNTLMv1
2023-07-25 15:28:12 +02:00
Yann CAM (ycam)
e80702d599
More details on NetNTLMv1 + typos
...
More details on NetNTLMv1 + typos
2023-07-25 11:31:35 +02:00
Yann CAM (ycam)
4336cb1fd5
Update NetNTLMv1 breaking methodology
...
Add SHuck.Sh/ShuckNT process and details.
2023-07-25 11:11:36 +02:00
Swissky
b715364547
Fix typo
2023-07-18 22:19:29 +02:00
Swissky
52ef85a830
WebSocket Tools
2023-07-18 22:17:51 +02:00
Swissky
fbc43be79f
Merge pull requests
2023-07-18 18:24:14 +02:00
Swissky
87e6f55e16
Error Based XXE - Local DTD
2023-07-18 18:23:34 +02:00
Swissky
359b9b435e
Merge pull request #659 from preemptible/patch-1
...
Update BOOKS.md
2023-07-18 10:21:23 +02:00
Swissky
3de6c41823
Merge pull request #658 from NaxnN/patch-2
...
Update SQLite Injection.md
2023-07-18 10:20:20 +02:00
preemptible
6d12abb4ec
Update BOOKS.md
...
I added 'black hat Rust', a great book in my humble opinion.
2023-07-18 11:16:36 +03:00
KeoOp
d5f85f13d5
Update SQLite Injection.md
...
add "group_concat" so that all tables can be extracted once when the query only returns the first item
2023-07-16 23:44:00 +08:00