Commit Graph

1916 Commits

Author SHA1 Message Date
Shahne Rodgers
1659e7c50e Adds more details to the HTTP request smuggling topic
I've tried to give a brief (and certainly not exhaustive) summary of what HTTP request smuggling actually is, HTTP/2 request smuggling attacks and James Kettle's new research on client-side desync attacks.
2022-10-02 16:12:44 +13:00
Markus
bd6a1b759a
Java RMI: Add remote-method-guesser to tools
This also includes slight adjustments to the README.md to adhere to the current contribution example layout
2022-10-01 22:04:49 +02:00
Deep Dhakate
9f0c70d46f update 2022-10-01 19:56:49 +00:00
Swissky
9d1421a6c3
Merge pull request #547 from mschader/patch-6
Api Key Leaks: Add Trivy to tools section
2022-10-01 19:01:47 +02:00
Markus
b7d275d5b0
Api Key Leaks: Add Trivy to tools section 2022-10-01 17:20:51 +02:00
Swissky
72a8556dc9 NodeJS Serialization 2022-09-23 11:21:29 +02:00
Swissky
7a528ccb3f
Merge pull request #545 from noraj/patch-1
Blind NoSQL scripts
2022-09-23 00:38:05 +02:00
Alexandre ZANNI
7e2fa15462
Blind NoSQL scripts
- add missing menu item
- use better string interpolation for python script
- add ruby script
2022-09-23 00:36:41 +02:00
Swissky
2d30e22121 DPAPI - Data Protection API 2022-09-23 00:35:34 +02:00
Swissky
6b76c452a7
Merge pull request #544 from Processus-Thief/master
update hekatomb to install with pip
2022-09-22 16:12:23 +02:00
Processus Thief
8d564ff78b update hekatomb to install with pip
hekatomb is now available on pypi to simplify its installation
2022-09-22 16:10:20 +02:00
Swissky
097756da1c
Merge pull request #543 from noraj/patch-1
add 3 template engines + add lang in menu
2022-09-21 11:42:32 +02:00
Alexandre ZANNI
3e68276fb7
add 3 template engines + add lang in menu 2022-09-21 11:28:57 +02:00
Swissky
c3421582bc
Merge pull request #542 from Processus-Thief/master
Adding Hekatomb.py to DPAPI credentials stealing
2022-09-20 22:31:07 +02:00
Processus Thief
885f8bdb8f Adding Hekatomb.py to DPAPI credentials stealing
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
Then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.

More infos here : https://github.com/Processus-Thief/HEKATOMB
2022-09-20 16:56:07 +02:00
Swissky
267713c0fb YAML Deserialization 2022-09-16 16:37:40 +02:00
Swissky
e677f07197
Merge pull request #539 from dhmosfunk/master
add a new tool for manually http request smuggling exploitation
2022-09-16 08:53:00 +02:00
Dhmos Funk
b4e7add674
add simple http smuggler generator for easiest manually exploitation 2022-09-16 02:30:57 +03:00
Dhmos Funk
d5aed653e8
Update README.md 2022-09-14 18:05:31 +03:00
Swissky
b8afbc8f92 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-13 22:04:58 +02:00
Swissky
c7dd67986c Oracle SQL 2022-09-13 22:04:21 +02:00
Swissky
d32c48bad8
Merge pull request #538 from clem9669/master
XSS: Adding brutelogic polyglot
2022-09-13 15:03:34 +02:00
clem9669
88134256c8
Adding brutelogic polyglot
Adding brutelogic polyglot from blog post.
2022-09-13 11:58:10 +00:00
Swissky
0ca060c049
Merge pull request #537 from dhmosfunk/master
Update the Postgresql time based payloads for database,table,columns extract
2022-09-10 16:44:20 +02:00
Dhmos Funk
aa89a909d1
Update PostgreSQL Injection.md 2022-09-10 15:56:31 +03:00
Swissky
38fa931b84
Merge pull request #525 from mrThe/patch-1
Add boolean-error-based vector for the sqlite
2022-09-07 14:02:54 +02:00
Swissky
7663594118
Update SQLite Injection.md 2022-09-07 14:02:38 +02:00
Swissky
e11a37e6a2
Merge pull request #515 from vladko312/patch-1
Added a new SSTI tool
2022-09-07 14:01:09 +02:00
Swissky
d24e3f2d61
Merge pull request #497 from kz-cyber/xss/angular-xss-2
[update] Angular XSS payload
2022-09-07 00:34:29 +02:00
Swissky
b6e7210ee0
Merge pull request #501 from fantesykikachu/win-p3-revshell
Add Windows Python3 Reverse Shell
2022-09-06 23:23:50 +02:00
Swissky
86e8feca7c
Merge pull request #499 from p3n7a90n/NosqliPayloads
Added basic SSJI paylods
2022-09-06 23:17:12 +02:00
Swissky
26e9cb6dc1
Merge pull request #504 from MilyMilo/master
Add new ruby yaml gadget chain
2022-09-06 23:16:13 +02:00
Swissky
fb7f10eab8
Merge pull request #485 from ajdumanhug/master
SSRF: Don't encode entire IP
2022-09-06 23:15:20 +02:00
Swissky
8d609b1460
Update README.md 2022-09-06 23:15:12 +02:00
Swissky
84fa229a44
Merge pull request #463 from nismo-s13/master
Delete Parser & Curl < 7.54.png
2022-09-06 23:13:55 +02:00
Swissky
3e8ef29223
Merge pull request #536 from CravateRouge/patch-1
Update bloodyAD attacks
2022-09-06 19:32:21 +02:00
CravateRouge
dad7362da6
Update bloodyAD attacks 2022-09-06 19:13:34 +02:00
Swissky
191a72c57e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472 SCCM Network Account 2022-09-04 20:51:23 +02:00
Swissky
fae02107df Jetty RCE Credits 2022-09-04 14:24:16 +02:00
Swissky
4bc5f724b2 Moving learning resources into a specific folder 2022-09-03 16:17:23 +02:00
Swissky
811863501b ESC9 - No Security Extension 2022-09-03 12:07:24 +02:00
Swissky
b1c46228c2
Merge pull request #535 from Techbrunch/patch-11
Add Django Templates SSTI
2022-08-30 14:43:38 +02:00
Techbrunch
7850928d41
Add detection 2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2
Add Django Templates SSTI 2022-08-30 13:50:03 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate  `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04 LFI2RCE - Picture Compression - SOCKS5 CS 2022-08-21 16:38:54 +02:00
Swissky
e7af5aeb84
Merge pull request #532 from wlayzz/patch-2
Update java ssti
2022-08-19 16:25:00 +02:00