cc3b05017d
Added a new RCE payload to Jinja2 SSTI bypasses
2020-04-13 18:44:16 +01:00
29194a8ef1
Add others shell on reverse shell cheatsheet
...
Add others shell on reverse shell cheatsheet
2020-04-13 19:06:01 +02:00
bc8dd0b784
Merge pull request #180 from mindfuckup/master
...
Added: Other CORS Misconfigurations
2020-04-12 17:51:52 +02:00
54e3887077
Added PortSwigger Web Security Academy CORS Link
2020-04-12 15:12:34 +02:00
3e5b367224
Added CORS Exploit when wildcard origin is allowed
2020-04-12 15:06:28 +02:00
f120024c6b
Added CORS exploitation with strict trusted origin whitelist using XSS
2020-04-12 14:57:04 +02:00
48fcdeb7ca
Some clarification in the exploit code
2020-04-12 14:38:52 +02:00
4537555714
Added: CORS Misconfiguration with Null Origin allowed
2020-04-12 14:30:16 +02:00
dd42b44011
Merge pull request #179 from mindfuckup/master
...
Added: Cross-Site WebSocket Hijacking (CSWSH)
2020-04-11 18:26:22 +02:00
930a3a0d8c
Added: Cross-Site WebSocket Hijacking (CSWSH)
2020-04-11 16:24:32 +02:00
89e49b676d
Merge pull request #178 from Techbrunch/patch-4
...
Create web.web.config
2020-04-08 19:26:31 +02:00
5902da38e4
Create web.web.config
...
Source: https://gist.github.com/gazcbm/ea7206fbbad83f62080e0bbbeda77d9c
2020-04-08 19:14:30 +02:00
cea982c062
GraphQL Voyager - Represent any GraphQL API as an interactive graph
2020-04-04 22:33:28 +02:00
6e7af5a267
Docker Registry - Pull/Download
2020-04-04 18:27:41 +02:00
f748af16d2
Merge pull request #176 from Anon-Exploiter/patch-1
...
Using JWT's module to encode payload with type `None`
2020-04-04 14:49:37 +02:00
c9fcb58d57
Using JWT's module to encode payload with type `None`
...
Before the JWT was being encoded/decoded and that was done manually. The JWT's module does all that without manual decoding and splitting.
This PR contains the code to encode the JWT token with type None while using JWT's library in python.
2020-04-04 16:03:56 +05:00
78bd0867fe
Merge pull request #175 from 3rg1s/master
...
Update SQLite Injection.md
2020-04-04 02:22:44 +02:00
009a2f9276
Update SQLite Injection.md
...
Added new link location for the pdf.
2020-04-03 23:15:05 +00:00
b5cc379c4b
Merge pull request #173 from SakiiR/sakiir
...
Added filter(system) twig RCE
2020-03-30 09:28:58 +02:00
38c273ff00
Added IFS (WAF bypass) to Symfony Twig RCE
2020-03-29 23:23:26 +02:00
8b78c2fe71
Added filter(system) twig RCE
2020-03-29 23:19:27 +02:00
231e41a59b
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
2020-03-29 22:35:26 +02:00
268d85b4bf
Symfony SSTI Twig RCE
2020-03-29 22:34:26 +02:00
0ba5ad3e71
Merge pull request #172 from bash-c/patch-1
...
Delete unnecessary escape characters
2020-03-29 20:23:25 +02:00
1d299f55c9
Delete unnecessary escape characters
...
`whoami` has already been wrapped in backquotes. There is no need to user escape characters again
2020-03-29 23:40:39 +08:00
be8f32b586
Docker escape and exploit
2020-03-29 16:48:09 +02:00
95ab07b45e
CloudTrail disable, GraphQL tool
2020-03-28 12:01:56 +01:00
d489597357
Merge pull request #169 from guenicoe/patch-1
...
added cmd on the USOSVC vuln
2020-03-24 21:17:37 +01:00
a3cc577ebd
added cmd on the USOSVC vuln
...
Added `cmd \c C:\Users\nc.exe` as not typing `cmd \c` did not work for me. Might need even more explanation
2020-03-24 20:15:59 +00:00
173366dc65
Merge pull request #167 from PixeLInc/patch-1
...
Remove example from win priv esc
2020-03-23 23:27:10 +01:00
1b190939c4
Remove example from win priv esc
...
This example was used on hackthebox where it leaked the root flag of a machine on free servers.
This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others.
This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
2020-03-23 17:17:42 -05:00
6c38274bdb
Merge pull request #166 from fanixk/patch-1
...
Update Windows - Privilege Escalation.md
2020-03-22 21:56:05 +01:00
2bdbb2dbc5
Update Windows - Privilege Escalation.md
...
Make powershell on EoP - Runas easier to copy paste
2020-03-22 19:25:35 +00:00
4303caa08c
README - Summary update
2020-03-19 12:03:32 +01:00
1538ccd7f2
Gaining AWS Console Access via API Keys
2020-03-19 11:59:49 +01:00
57b500b48e
Merge pull request #165 from HLOverflow/master
...
More Bash tricks to bypass Command Injection filtering
2020-03-14 18:45:55 +01:00
97dffcdc40
Update README.md
2020-03-15 01:11:47 +08:00
3e184c10f9
Added additional character filter bypasses
2020-03-15 01:09:28 +08:00
70182d32c9
Merge pull request #164 from Techbrunch/patch-3
...
Update AWS SSRF tips
2020-03-11 16:33:27 +01:00
3abf2aff2a
Update AWS SSRF tips
...
Added http://instance-data
2020-03-11 15:20:51 +01:00
c20f84d09c
Merge pull request #163 from SecGus/master
...
Improvement to the SSTI RCE
2020-03-09 20:06:32 +01:00
fe4bdb0df4
Improvement to the SSTI RCE
2020-03-09 18:19:33 +00:00
1f3a94ba88
AWS SSM + Shadow copy attack
2020-03-06 15:30:38 +01:00
5d87804f71
AWS EC2 Instance Connect + Lambda + SSM
2020-03-06 13:33:14 +01:00
9207e0204c
Merge pull request #162 from SecGus/master
...
Blind SQL Injection payloads missing from the website.
2020-03-02 15:22:44 +01:00
29fac06023
From https://twitter.com/secgus
...
MySQL Blind Queries and Data Exfiltration via the ORDER BY clause.
2020-03-01 21:15:19 +00:00
c19e36ad34
Azure AD Connect - MSOL Account's password and DCSync
2020-03-01 17:06:31 +01:00
71a307a86b
AWS - EC2 copy image
2020-02-29 12:56:00 +01:00
74f2dfccca
Kerberos Constrained Delegation
2020-02-23 21:20:46 +01:00
c5ac4e9eff
AWS Patterns
2020-02-23 20:58:53 +01:00
chiv
Th1b4ud
Swissky
Emanuel Duss
Techbrunch
Syed Umar Arfeen
fuxsocy.py
SakiiR SakiiR
M4x
guenicoe
PixeL
Fanis Katsimpas
HLOverflow
chivato