SakiiR SakiiR
38c273ff00
Added IFS (WAF bypass) to Symfony Twig RCE
2020-03-29 23:23:26 +02:00
SakiiR SakiiR
8b78c2fe71
Added filter(system) twig RCE
2020-03-29 23:19:27 +02:00
Swissky
231e41a59b
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2020-03-29 22:35:26 +02:00
Swissky
268d85b4bf
Symfony SSTI Twig RCE
2020-03-29 22:34:26 +02:00
Swissky
0ba5ad3e71
Merge pull request #172 from bash-c/patch-1
...
Delete unnecessary escape characters
2020-03-29 20:23:25 +02:00
M4x
1d299f55c9
Delete unnecessary escape characters
...
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
Swissky
be8f32b586
Docker escape and exploit
2020-03-29 16:48:09 +02:00
Swissky
95ab07b45e
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
Swissky
d489597357
Merge pull request #169 from guenicoe/patch-1
...
added cmd on the USOSVC vuln
2020-03-24 21:17:37 +01:00
guenicoe
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
Swissky
173366dc65
Merge pull request #167 from PixeLInc/patch-1
...
Remove example from win priv esc
2020-03-23 23:27:10 +01:00
PixeL
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
Swissky
6c38274bdb
Merge pull request #166 from fanixk/patch-1
...
Update Windows - Privilege Escalation.md
2020-03-22 21:56:05 +01:00
Fanis Katsimpas
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
Swissky
4303caa08c
README - Summary update
2020-03-19 12:03:32 +01:00
Swissky
1538ccd7f2
Gaining AWS Console Access via API Keys
2020-03-19 11:59:49 +01:00
Swissky
57b500b48e
Merge pull request #165 from HLOverflow/master
...
More Bash tricks to bypass Command Injection filtering
2020-03-14 18:45:55 +01:00
HLOverflow
97dffcdc40
Update README.md
2020-03-15 01:11:47 +08:00
HLOverflow
3e184c10f9
Added additional character filter bypasses
2020-03-15 01:09:28 +08:00
Swissky
70182d32c9
Merge pull request #164 from Techbrunch/patch-3
...
Update AWS SSRF tips
2020-03-11 16:33:27 +01:00
Techbrunch
3abf2aff2a
Update AWS SSRF tips
...
Added http://instance-data
2020-03-11 15:20:51 +01:00
Swissky
c20f84d09c
Merge pull request #163 from SecGus/master
...
Improvement to the SSTI RCE
2020-03-09 20:06:32 +01:00
chiv
fe4bdb0df4
Improvement to the SSTI RCE
2020-03-09 18:19:33 +00:00
Swissky
1f3a94ba88
AWS SSM + Shadow copy attack
2020-03-06 15:30:38 +01:00
Swissky
5d87804f71
AWS EC2 Instance Connect + Lambda + SSM
2020-03-06 13:33:14 +01:00
Swissky
9207e0204c
Merge pull request #162 from SecGus/master
...
Blind SQL Injection payloads missing from the website.
2020-03-02 15:22:44 +01:00
chivato
29fac06023
From https://twitter.com/secgus
...
MySQL Blind Queries and Data Exfiltration via the ORDER BY clause.
2020-03-01 21:15:19 +00:00
Swissky
c19e36ad34
Azure AD Connect - MSOL Account's password and DCSync
2020-03-01 17:06:31 +01:00
Swissky
71a307a86b
AWS - EC2 copy image
2020-02-29 12:56:00 +01:00
Swissky
74f2dfccca
Kerberos Constrained Delegation
2020-02-23 21:20:46 +01:00
Swissky
c5ac4e9eff
AWS Patterns
2020-02-23 20:58:53 +01:00
Swissky
0b14b12fb4
Merge pull request #159 from noraj/patch-1
...
LDAPi: add scripts and dorks
2020-02-22 01:17:03 +01:00
Alexandre ZANNI
3fad2f364c
add ruby script
2020-02-21 23:49:50 +01:00
Alexandre ZANNI
f28f83bda6
LDAPi: add scripts and dorks
2020-02-21 23:19:48 +01:00
Swissky
915946a343
Fix Cloud Training
2020-02-21 10:50:43 +01:00
Swissky
bda7100a77
Fix Cloud references
2020-02-21 10:47:16 +01:00
Swissky
984078050b
Cloud - Pentest with AWS and Azure
2020-02-21 10:36:01 +01:00
Swissky
7f0650dfc0
IIS Raid Persistence
2020-02-20 16:51:22 +01:00
Swissky
73aa26ba68
Merge pull request #158 from 0xdf0xdf/master
...
Adding second method of chaining PHP filters
2020-02-20 13:07:39 +01:00
0xdf
9d06e1297f
added additional way to chain php filters
2020-02-20 06:40:30 -05:00
0xdf
7d650e9622
fixed error in chaining php filters in File Inclusion page, added an additional example
2020-02-20 06:30:28 -05:00
Swissky
c2292145c8
Merge pull request #157 from Stoo0rmq/patch-1
...
Update File Inclusion
2020-02-18 12:38:43 +01:00
Borja
7be86354b2
Update File Inclusion
...
Added another path
2020-02-18 11:35:22 +00:00
Swissky
ba30618a8b
Cobalt Strike - Artifact
2020-02-14 17:10:00 +01:00
Swissky
7cd49769be
WMI + Cobalt Strike
2020-02-13 22:53:45 +01:00
Swissky
b76a23c77f
Merge pull request #156 from bhattsameer/patch-1
...
Added more TTY Shell using perl and python
2020-02-09 12:15:00 +01:00
Sameer Bhatt (debugger)
994e557178
Added more TTY Shell using perl and python
2020-02-09 12:46:18 +05:30
Swissky
aba6874517
Maps API + secretsdump enabled user/pw last set + certutil mimikatz
2020-02-06 21:41:29 +01:00
Swissky
9c4578f083
Merge pull request #155 from socketz/master
...
Updated Java & Groovy Shells
2020-02-06 16:42:35 +01:00
socketz
056161fd9f
Updated Java & Groovy Shells
...
Added threaded shells and alternative pure Java reverse shell
2020-02-06 15:43:58 +01:00