Commit Graph

529 Commits

Author SHA1 Message Date
Swissky
b6697d8595 SSRF SVG + Windows Token getsystem 2019-08-15 18:21:06 +02:00
Swissky
9a8b2fee8e
Merge pull request #83 from noraj/patch-3
add XXE ftp tool
2019-08-06 18:06:38 +02:00
Alexandre ZANNI
66c9d945b7
Update README.md 2019-08-06 17:28:47 +02:00
Swissky
bd449e9cea XSS PostMessage 2019-08-03 23:22:14 +02:00
Swissky
9b96c7692f XSS onpointer* 2019-08-01 14:39:15 +02:00
Swissky
a331d87ffe
Better sponsoring method 2019-07-27 13:13:10 +02:00
Swissky
6baa446144 Directory Traversal CVE 2018 Spring 2019-07-27 13:02:16 +02:00
Swissky
98124178db EoP - Juicy Potato 2019-07-26 15:29:34 +02:00
Swissky
657823a353 PTH Mitigation + Linux Smart Enumeration 2019-07-26 14:24:58 +02:00
Swissky
f6c0f226af PXE boot attack 2019-07-25 14:08:32 +02:00
Swissky
859695e2be Update PrivExchange based on chryzsh blog post 2019-07-24 14:10:58 +02:00
Swissky
a14b3af934 Active Directory - Resource Based Constrained Delegation 2019-07-22 21:45:50 +02:00
Swissky
0b9d76eb8e HQL references 2019-07-19 19:34:23 +02:00
Swissky
45af613fd9 Active Directory - Unconstrained delegation 2019-07-17 23:17:35 +02:00
Swissky
3cce80cd53 Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2019-07-14 14:24:00 +02:00
Swissky
382bd9acec Type Juggling - Another SHA 256 2019-07-14 14:23:20 +02:00
Swissky
ca331acba8
Merge pull request #79 from LewisArdern/patch-1
adding reference to blog
2019-07-13 00:11:10 +02:00
Lewis
dab064a583
adding reference to blog 2019-07-12 12:49:02 -07:00
Swissky
504caa3b50 SSTI by calling Popen without guessing the offset 2019-07-10 21:31:44 +02:00
Swissky
bdef021a6d Magic Hashes SHA224 and SHA256 2019-07-10 21:26:24 +02:00
Swissky
05054af343 JWT RS256 to HS256 using pubkey to generate a signature 2019-07-10 20:58:50 +02:00
Swissky
6cecb8fa7a GraphQL - Projection + Edges/Nodes 2019-07-05 21:34:04 +02:00
Swissky
f6564869f0 Fix typo in PHP Object injection 2019-07-05 18:42:42 +02:00
Swissky
13ba72f124 GraphQL + RDP Bruteforce + PostgreSQL RCE 2019-07-01 23:29:29 +02:00
Swissky
46780de750 PostgreSQL rewrite + LFI SSH 2019-06-29 19:23:34 +02:00
Swissky
144b3827ab MS14-068 + /etc/security/opasswd 2019-06-29 17:55:13 +02:00
Swissky
3b85f1b6fc UTF-8 encoding for File Inclusion 2019-06-29 11:20:17 +02:00
Swissky
b148a9c906
Merge pull request #76 from ElonSalfati/master
Added 2 working sql injection lines
2019-06-28 17:30:12 +02:00
Elon Salfati
a4411ae086
Added 2 working sql injection lines 2019-06-28 18:16:45 +03:00
Swissky
7dda79bfc1 ImageMagik Ghost Script + Typo git summary 2019-06-26 00:07:06 +02:00
Swissky
1cec6e9a35
Merge pull request #75 from scarvell/master
Added Freemarker SSTI PoC that doesn't require the use of "tags"/spaces
2019-06-24 14:32:11 +02:00
Brendan Scarvell
601db0e188 Added freemarker PoC that doesn't require spaces or tags 2019-06-24 21:38:56 +10:00
Swissky
9be62677b6 Add root user + PHP null byte version 2019-06-24 00:21:39 +02:00
Swissky
c3f96c6753 GraphQL injection : blind nosqli + sqli 2019-06-21 17:01:43 +02:00
Swissky
9745e67465 HQL Injection + references update 2019-06-16 23:45:52 +02:00
Swissky
6921cde15c
Merge pull request #73 from ahhh/patch-1
Update Windows - Privilege Escalation.md
2019-06-12 00:14:08 +02:00
Dan Borges
24a05c7098
Update Windows - Privilege Escalation.md 2019-06-11 11:51:09 -07:00
Swissky
8cec2e0ca3 Linux PrivEsc - Writable files 2019-06-10 11:09:02 +02:00
Swissky
94a60b43d6 Writable /etc/sudoers + Meterpreter autoroute 2019-06-10 11:00:54 +02:00
Swissky
a85fa5af28 Local File Include : rce via mail + kadimus 2019-06-10 00:05:47 +02:00
Swissky
5d4f65720a PrivEsc - Common Exploits 2019-06-09 20:53:41 +02:00
Swissky
e8cd11f88f plink + sshuttle : Network Pivoting Techniques 2019-06-09 18:13:15 +02:00
Swissky
adcea1a913 Linux PrivEsc + SSH persistency 2019-06-09 16:05:44 +02:00
Swissky
f5a8a6b62f Meterpreter shell 2019-06-09 14:26:14 +02:00
Swissky
93f6c03b54 GraphQL + LXD/etc/passwd PrivEsc + Win firewall 2019-06-09 13:46:40 +02:00
Swissky
00f50c5f32
Merge pull request #72 from h1-ragnar/patch-1
Cloudflare XSS Bypasses by Bohdan Korzhynskyi
2019-06-06 19:03:17 +02:00
h1-ragnar
edcac293a8
Cloudflare XSS Bypasses by Bohdan Korzhynskyi 2019-06-05 21:36:41 +03:00
Swissky
b031115588
Merge pull request #71 from jonasw234/master
Add nginx log files for LFI log poisoning
2019-05-30 12:33:24 +02:00
Jonas Wendorf
f5702467d6 Add nginx log files for LFI log poisoning 2019-05-30 12:01:24 +02:00
Swissky
f88da43e1c SQL informationschema.processlist + UPNP warning + getcap -ep 2019-05-25 18:19:08 +02:00