gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-08 19:30:38 -08:00
Code Issues Packages Projects Releases Wiki Activity
819 Commits 2 Branches 7 Tags
14586e4d7a3f9f6c82447dd24880da0ea29afbc8
Commit Graph

819 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Swissky
14586e4d7a ZeroLogon via Mimikatz 2020-09-16 14:13:40 +02:00
Swissky
e79918bdc2 CVE-2020-1472 Unauthenticated domain controller compromise 2020-09-14 23:06:09 +02:00
Swissky
20dadc9815 PHP Phar Deserialization 2020-09-10 15:26:16 +02:00
Swissky
543f63d7de PHP POP Chain 2020-09-10 15:15:53 +02:00
Swissky
ddabfd7531 Merge pull request #244 from noraj/patch-1 
LDAP: add SSH key authentication via LDAP
 2020-09-09 13:21:34 +02:00
Alexandre ZANNI
93751d8650 add SSH key authentication via LDAP 2020-09-09 12:15:07 +02:00
Swissky
6c1e3402e0 Merge pull request #243 from noraj/patch-1 
LDAP: fix AdmYSsion link + add 2 tutorials
 2020-09-09 10:58:18 +02:00
Alexandre ZANNI
9554aa2ed9 fix AdmYSsion link + add 2 tutorials 2020-09-09 09:57:21 +02:00
Swissky
bcd700c951 AWS API calls that return credentials - kmcquade 2020-09-06 17:11:30 +02:00
Swissky
b5e511c03b Merge pull request #242 from maxrodrigo/master 
Fix PHP XSS data collector line breaks
 2020-09-05 11:46:08 +02:00
Max Rodrigo
2f40961990 Fix PHP XSS data collector line breaks 2020-09-05 10:36:58 +02:00
Swissky
83fbdb906b Merge pull request #240 from Laxa/master 
Fix typos
 2020-09-03 14:16:36 +02:00
laxa
b4d9ee0634 Fix typos 2020-09-03 13:57:46 +02:00
Swissky
734bb7ce98 Merge pull request #238 from cnotin/patch-1 
Remove "Leaked API keys" section
 2020-09-01 11:48:56 +02:00
Clément Notin
6865492a6b Remove "Leaked API keys" section 
It's in the "API Key Leaks" folder now and the content is already present there
 2020-08-31 23:54:48 +02:00
Swissky
9a372ec810 Merge pull request #237 from chr-ge/master 
Added missing word
 2020-08-26 11:56:38 +02:00
chr-ge
88f8b7d1aa Added missing word 2020-08-25 23:14:33 +00:00
Swissky
426c2be37e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings into master 2020-08-25 14:39:19 +02:00
Swissky
f431ea7166 HTTP Request Smuggling 2020-08-25 14:38:28 +02:00
Swissky
3ef51a12ce Update README.md 2020-08-22 23:45:49 +02:00
Swissky
75a0f34bdc Merge pull request #236 from Techbrunch/patch-9 
Update README.md
 2020-08-19 16:30:32 +02:00
Swissky
845326dd61 Merge pull request #235 from Techbrunch/patch-7 
Update README.md
 2020-08-19 16:30:15 +02:00
Techbrunch
502a8121b4 Update README.md 
Add reference to debug tag for Jinja2
 2020-08-19 14:46:43 +02:00
Techbrunch
76e6f7dc95 Update README.md 
Add Handlebars payload
 2020-08-19 14:20:18 +02:00
Swissky
cc95f4e386 AD - Forest to Forest compromise 2020-08-18 09:33:38 +02:00
Swissky
6e526de7b4 Merge pull request #234 from justin-p/patch-1 
Added GenericWrite example for values used by the Remote Connection Manager.
 2020-08-17 15:35:26 +02:00
Justin Perdok
f11c45650b Update Active Directory Attack.md 2020-08-17 13:18:30 +00:00
Justin Perdok
1284715128 Update Active Directory Attack.md 2020-08-17 13:15:33 +00:00
Justin Perdok
6f3f2239fa GenericWrite and Remote Connection Manager 
Added content from https://sensepost.com/blog/2020/ace-to-rce/
 2020-08-17 13:00:04 +00:00
Swissky
d386790fd2 Merge pull request #233 from virenpawar/patch-1 
[Update] Added 1 payload
 2020-08-17 12:03:46 +02:00
Viren Pawar
0266a7dd67 [Update] Added 1 payload 
Added one payload which executes without any usage of single or double quotes. Helpful when you have AngularJS injection but quotes are blocked by application.
Working proof of payload here: 

https://portswigger-labs.net/xss/angularjs.php?type=reflected&csp=0&version=1.6.0&x={{x=valueOf.name.constructor.fromCharCode;constructor.constructor(x(97,108,101,114,116,40,49,41))()}}
 2020-08-15 16:29:13 +05:30
Swissky
d1104d6ce1 Merge pull request #230 from bsysop/patch-2 
Typo in Excel extension name
 2020-08-12 12:46:49 +02:00
bsysop
93f321879f Typo in Excel extension name 2020-08-11 21:35:36 -03:00
Swissky
d00d7c9788 Banner HD with credit 2020-08-10 11:36:18 +02:00
Swissky
33129f2b4c Silver Ticket with services list 2020-08-09 19:25:03 +02:00
Swissky
c7e3ea005e Powershell Remoting 2020-08-09 12:15:56 +02:00
Swissky
268b4c2d47 Merge pull request #229 from DeWaRs1206/master 
Fix Corsy link URL
 2020-07-29 18:08:48 +02:00
Emmanuel Iturbide
fbf896edf1 Fix Corsy link URL 2020-07-29 17:53:07 +02:00
Swissky
767eb04af6 Persistence - Typo 2020-07-21 19:48:57 +02:00
Swissky
ca9326b5fc Driver Privilege Escalation 2020-07-13 15:00:36 +02:00
Swissky
dd40ddd233 XSS summary subentries + GraphTCP 2020-07-12 14:44:33 +02:00
Swissky
94f6e31905 Merge pull request #227 from HLOverflow/PostgresqlFilterBypass 
Postgresql filter bypass
 2020-07-12 10:49:22 +02:00
hloverflow
2e7b9db94b Corrected Reference to 2009 paper 2020-07-12 13:21:18 +08:00
HLOverflow
37f66cc523 add to table of content 2020-07-12 13:17:43 +08:00
hloverflow
baadc6d3e9 contribute PostgreSQL bypass quotes technique 2020-07-12 13:14:26 +08:00
HLOverflow
982ac3968c Merge pull request #1 from swisskyrepo/master 
pull from main repository
 2020-07-12 12:33:57 +08:00
Swissky
d3f1bfa1ae Merge pull request #209 from c14dd49h/patch-1 
Update README.md
 2020-07-11 10:50:04 +02:00
Swissky
2c935df34d EL Injection - SSTI 2020-07-10 15:05:13 +02:00
Swissky
cd3de64c73 Merge pull request #225 from artiommocrenco/patch-1 
Add TLS-PSK OpenSSL reverse shell method
 2020-07-08 17:31:17 +02:00
Artiom Mocrenco
62443a3753 fix typo 2020-07-08 18:01:12 +03:00