Commit Graph

1679 Commits

Author SHA1 Message Date
Swissky
191a72c57e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472 SCCM Network Account 2022-09-04 20:51:23 +02:00
Swissky
fae02107df Jetty RCE Credits 2022-09-04 14:24:16 +02:00
Swissky
4bc5f724b2 Moving learning resources into a specific folder 2022-09-03 16:17:23 +02:00
Swissky
811863501b ESC9 - No Security Extension 2022-09-03 12:07:24 +02:00
Swissky
b1c46228c2
Merge pull request #535 from Techbrunch/patch-11
Add Django Templates SSTI
2022-08-30 14:43:38 +02:00
Techbrunch
7850928d41
Add detection 2022-08-30 13:54:59 +02:00
Techbrunch
871b3bcaf2
Add Django Templates SSTI 2022-08-30 13:50:03 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate  `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04 LFI2RCE - Picture Compression - SOCKS5 CS 2022-08-21 16:38:54 +02:00
Swissky
e7af5aeb84
Merge pull request #532 from wlayzz/patch-2
Update java ssti
2022-08-19 16:25:00 +02:00
Wlayzz
961d935623
Update java ssti
fix little inattention
2022-08-19 16:22:39 +02:00
Swissky
b25f461b6e
Merge pull request #531 from wlayzz/patch-1
Update Java SSTI
2022-08-19 15:16:46 +02:00
Wlayzz
8d70f262ae
Update Java SSTI
Adding variable expressions alternative for java injection
2022-08-19 15:04:52 +02:00
Swissky
804920be62 Source Code Management 2022-08-18 10:43:01 +02:00
Swissky
abc78a6a67
Merge pull request #528 from denandz/patch-1
Add multipart/form-data CSRF technique
2022-08-17 14:24:34 +02:00
DoI
b3e6220da6
Add multipart/form-data CSRF technique 2022-08-17 09:29:05 +12:00
Swissky
6650c361e7 Capture a network trace with builtin tools 2022-08-15 15:02:29 +02:00
Swissky
55e05b4b17
Merge pull request #527 from natrajms/patch-2
Updating Reference section hyperlinks
2022-08-15 11:40:15 +02:00
Natraj Sangashetty
1bd82af11e
Updating Reference section hyperlinks 2022-08-15 11:15:33 +05:30
nerrorsec
418285b7f6
Boolean - Extract info (order by) 2022-08-13 10:07:54 +05:45
mr.The
f82efffbc7
Boolean error based* instead of just error based 2022-08-12 18:36:43 +03:00
mr.The
0d9a2354e5
Add error-based vector for the sqlite 2022-08-12 18:33:44 +03:00
Swissky
683167d4e9
Merge pull request #521 from mh4ckt3mh4ckt1c4s/ssti-detection
Add SSTI detection payload + related resource
2022-08-09 22:09:15 +02:00
Swissky
11271d9072 Jetty RCE 2022-08-09 22:06:55 +02:00
Swissky
fa849c00f2 Jetty RCE + Upload tricks 2022-08-09 22:05:45 +02:00
Swissky
919fee6320
Merge pull request #524 from its0x08/master
fix: Fix spelling
2022-08-09 14:05:19 +02:00
its0x08
31b213227e fix: Fix more spelling 2022-08-09 11:05:40 +02:00
its0x08
fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
Swissky
55c9689487
Merge pull request #522 from aelmosalamy/patch-1
Typo fix
2022-08-08 22:08:20 +02:00
Adham Elmosalamy
1b2471265a
Typo fix 2022-08-08 16:08:55 +04:00
mh4ckt3mh4ckt1c4s
9d274a39a4
Add SSTI detection payload + related resource 2022-08-05 20:05:20 +02:00
Swissky
7fe0a0475e Docker Escape cgroup 2022-08-05 12:26:31 +02:00
Swissky
835d6fffe0 Shadow Credentials 2022-08-05 12:00:41 +02:00
Swissky
52e255cb75
Merge pull request #520 from sebch-/patch-1
Update Active Directory Attack.md
2022-08-03 19:20:11 +02:00
Swissky
fe1fa242ba
Merge pull request #519 from spidyhackx/patch-1
typo
2022-08-03 19:19:40 +02:00
Spidycodes
bb6c9ed172
typo 2022-08-02 21:48:07 +00:00
Seb
310338b279
Update Active Directory Attack.md
Find AD
2022-08-02 15:09:23 +02:00
Swissky
e386a110d9 Find DC 2022-07-27 17:23:30 +02:00
Swissky
83c4658ff8
Merge pull request #517 from svewa/master
Twig in Wordpress
2022-07-24 13:22:24 +02:00
s. vewa
33d632df4e
Twig in Wordpress
Was very unsuccessful with the given Twig examples, quotes were escaped so got invalid, file_excerpt threw an error, too. Include and also injecting the file name helped. Don't know if this is a wordpress thing...
2022-07-24 12:30:09 +02:00
Swissky
820147466a
Merge pull request #516 from jjeyanthan/patch-1
Update OracleSQL Injection.md
2022-07-20 19:31:11 +02:00
Jeyanthan
7ad7ae722d
Update OracleSQL Injection.md
missing 'T' in the SELECT in the  Oracle blind SQLI section
2022-07-20 13:34:27 +02:00
Vladislav Korchagin
7b79bce819
Update README.md 2022-07-17 18:35:59 +03:00
Swissky
d9921e370b
Merge pull request #511 from buddyeatsbugs/master
Update CSWSH payload
2022-06-30 20:37:05 +02:00
somebodyoncetoldme
d0a198ffee
Update README.md 2022-06-30 10:37:41 -07:00
Swissky
fc8fadbb0c PR Guidelines + User Hunting + HopLa Configuration 2022-06-30 16:33:35 +02:00
fantesykikachu
f6c455d8f9 Windows Python3 Reverse Shell 2022-06-28 06:54:06 +00:00