daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
785 Commits
2 Branches
3 Tags
11 MiB
Commit Graph

785 Commits (33129f2b4c540efaf7fbff5dd37b9f8300b10c6f)

Author SHA1 Message Date
Swissky 3a9b9529cb Mimikatz - Credential Manager & DPAPI 2020-01-05 17:27:02 +01:00
Swissky 73abdeed71 Kerberos AD GPO 2020-01-05 16:28:00 +01:00
Swissky b052f78d95 Blacklist3r and Machine Key 2020-01-02 23:33:04 +01:00
Swissky 97015e4f64
Merge pull request #143 from gdemarcsek/patch-1 
Added another PHP reverse shell payload
 2020-01-02 22:37:45 +01:00
György Demarcsek 9c188139ec
Added PHP reverse shell 
This reverse shell payload for PHP works even if `exec` is disabled and/or the new socket is not on fd 3
 2020-01-02 19:27:35 +01:00
Swissky 0850839b25
Merge pull request #142 from mikesiegel/mike_ssrf 
Added anti-SSRF header bypass for GCP
 2020-01-01 12:44:41 +01:00
mikesiegel e024afc9f7 Added anti-SSRF header bypass for GCP. 2019-12-31 15:11:58 +00:00
mikesiegel 7aa2761e3e Added anti-SSRF header bypass for GCP. Similar technique works on Azure and AWS I'm guessing. 2019-12-31 15:07:20 +00:00
Swissky 0a6ac284c9 AdminSDHolder Abuse 2019-12-30 19:55:47 +01:00
Swissky bcb24c9866 Abusing Active Directory ACLs/ACEs 2019-12-30 14:22:10 +01:00
Swissky 4b10c5e302 AD mitigations 2019-12-26 12:09:23 +01:00
Swissky 1535c5f1b3 Kubernetes - Privileged Service Account Token 2019-12-20 11:33:25 +01:00
Swissky cf5a4b6e97 XSLT injection draft 2019-12-17 21:13:59 +01:00
Swissky 02f714d479
Merge pull request #139 from nizam0906/patch-5 
Fixed Broken Links in Directory traversal
 2019-12-17 19:19:35 +01:00
Swissky ada158cd60
Merge pull request #138 from nizam0906/patch-4 
Fixed Broken Links in Command Injection
 2019-12-17 19:18:54 +01:00
Swissky 4c96a5a6ef
Merge pull request #137 from nizam0906/patch-3 
Updated Summary and Fixed  Broken Links in CSRF
 2019-12-17 19:18:34 +01:00
Swissky 976403034c
Merge pull request #136 from nizam0906/patch-2 
Added Summary in CRLF
 2019-12-17 19:18:11 +01:00
nizam0906 6939499bed
Fixed Broken Links in Directory traversal 2019-12-17 22:35:35 +05:30
nizam0906 4de5a20376
Fixed Broken Links in Command Injection 2019-12-17 22:29:17 +05:30
nizam0906 156ea32217
Updated Summary and Fixed Broken Links in CSRF 2019-12-17 22:21:53 +05:30
nizam0906 d6d649e08f
Added Summary in CRLF 2019-12-17 22:12:35 +05:30
Swissky 4588cc2eee
Merge pull request #135 from nizam0906/patch-1 
Fixed Broken Links in API Key Leaks
 2019-12-17 17:39:55 +01:00
nizam0906 03762911a7
Fixed Broken Links in API Key Leaks 2019-12-17 21:59:19 +05:30
Swissky 896e262531 Privilege impersonation and GraphQL SQLi 2019-12-11 16:59:14 +01:00
Swissky ba9fce83b1
Merge pull request #131 from js-kyle/angularjs 
clarify AngularJS vs Angular
 2019-12-07 12:01:08 +01:00
Kyle Martin e95b0c34a3 clarify AngularJS vs Angular 2019-12-07 10:54:47 +13:00
Swissky 6f4a28ef66 Slim RCE + CAP list 2019-12-05 23:06:53 +01:00
Swissky 21101ec287
Merge pull request #130 from clem9669/patch-3 
Bypass XSS filters on alert
 2019-12-03 15:40:22 +01:00
clem9669 286f7caaa3
Bypass XSS filters on alert 
Bypass XSS filters using javascript global variables based on the following article https://www.secjuice.com/bypass-xss-filters-using-javascript-global-variables/ from theMiddle.
 2019-12-03 15:24:24 +01:00
Swissky e92126a16c
Merge pull request #129 from noraj/patch-2 
SSFR: add ref for docker
 2019-12-02 22:38:28 +01:00
Swissky ac0239d332
Merge pull request #128 from noraj/patch-1 
XXE: add XXE via SVG rasterization
 2019-12-02 22:38:08 +01:00
Swissky c125b35f98
Merge pull request #127 from trietptm/master 
Copy this -> Cut this
 2019-12-02 10:52:19 +01:00
Minh Triet Pham Tran f44d014fc2
Copy this -> Cut this 
Change copy to cut instruction
 2019-12-02 12:59:54 +07:00
Swissky c60f264664 RDP backdoor + RDP session takeover 2019-11-26 23:39:14 +01:00
Swissky 06864b0ff8 Password spraying rewrite + Summary fix 2019-11-25 23:35:20 +01:00
Swissky 3abaa3e23d Linux AD - Keyring, Keytab, CCACHE 2019-11-25 23:12:06 +01:00
Swissky 886a0b9426
Merge pull request #125 from noraj/patch-3 
Ruby: add slim
 2019-11-16 23:49:11 +01:00
Alexandre ZANNI 6a398ca5c3
Ruby: add slim 2019-11-16 17:29:55 +01:00
Swissky 00684a10cd IIS asp shell with .asa, .cer, .xamlx 2019-11-16 14:53:42 +01:00
Swissky 639dc9faec .url file in writeable share 2019-11-14 23:54:57 +01:00
Swissky 3a384c34aa Password spray + AD summary re-org 2019-11-14 23:37:51 +01:00
Swissky 7f266bfda8 mitm ipv6 + macOS kerberoasting 2019-11-14 23:26:13 +01:00
Swissky 255a8c3660
Merge pull request #124 from yehgdotnet/patch-1 
Added new payloads from hahwul.com
 2019-11-14 14:21:31 +01:00
Myo Soe eac33e7e10
Added new payloads 
Added new payloads from https://www.hahwul.com/p/ssrf-open-redirect-cheat-sheet.html

http://google.com\www.whitelisteddomain.tld
http://google.com&www.whitelisteddomain.tld
http:///////////google.com
\\google.com
http://www.whitelisteddomain.tld.google.com
 2019-11-14 18:26:35 +08:00
Swissky 6ca8aa8acc
Merge pull request #123 from bash-c/patch-1 
fix invalid link
 2019-11-14 10:25:54 +01:00
M4x 221b353030
fix invalid link 2019-11-14 16:59:52 +08:00
Swissky 43f185d289 CVE-2019-1322 UsoSvc 2019-11-11 20:31:07 +01:00
Swissky f6d5221a85 SID history break trust + Powershell history + SCF files 2019-11-07 23:21:00 +01:00
Swissky 6fecedd880 MXSS - Mutated XSS - Google POC 2019-11-06 18:32:29 +01:00
Swissky 24516ca7a1 Kubernetes attacks update + ref to securityboulevard 2019-11-05 11:05:59 +01:00