mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2025-12-30 06:30:27 -08:00
1b190939c4
This example was used on hackthebox where it leaked the root flag of a machine on free servers. This resulted in every user being able to get the root flag before they have even completed the box which isn't fair to others. This example should either be changed or removed completely to combat copy-pasting without knowing what you're doing.
Payloads All The Things
A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! I ❤️ pull requests :)
You can also contribute with a 🍻 IRL
Every section contains the following files, you can use the _template_vuln folder to create a new chapter:
- README.md - vulnerability description and how to exploit it
- Intruder - a set of files to give to Burp Intruder
- Images - pictures for the README.md
- Files - some files referenced in the README.md
You might also like the Methodology and Resources folder :
- Methodology and Resources
- Active Directory Attack.md
- Cloud - AWS Pentest.md
- Cloud - Azure Pentest.md
- Cobalt Strike - Cheatsheet.md
- Linux - Persistence.md
- Linux - Privilege Escalation.md
- Metasploit - Cheatsheet.md
- Methodology and enumeration.md
- Network Pivoting Techniques.md
- Network Discovery.md
- Reverse Shell Cheatsheet.md
- Subdomains Enumeration.md
- Windows - Download and Execute.md
- Windows - Mimikatz.md
- Windows - Persistence.md
- Windows - Post Exploitation Koadic.md
- Windows - Privilege Escalation.md
- Windows - Using credentials.md
- CVE Exploits
You want more ? Check the Books and Youtube videos selections.