0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] 6 pages modified

This commit is contained in:
CPol 2020-12-27 14:58:40 +00:00 committed by gitbook-bot
parent e6d06266b5
commit 045649c4ab
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
5 changed files with 1028 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
SUMMARY.md
View File

@ -318,7 +318,8 @@
* [Exploiting \_\_VIEWSTATE parameter](pentesting-web/deserialization/exploiting-__viewstate-parameter.md)
* [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md)
* [Email Header Injection](pentesting-web/email-header-injection.md)
* [File Inclusion/Path traversal](pentesting-web/file-inclusion.md)
* [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md)
* [LFI - Linux List](pentesting-web/file-inclusion/lfi-linux-list.md)
* [File Upload](pentesting-web/file-upload/README.md)
* [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md)
* [Formula Injection](pentesting-web/formula-injection.md)

8
pentesting-web/file-inclusion.md → pentesting-web/file-inclusion/README.md
View File

@ -21,7 +21,7 @@ wfuzz -c -w ./lfi2.txt --hw 0 http://10.10.10.10/nav.php?page=../../../../../../
**Mixing several \*nix LFI lists and adding more paths I have created this one:**
{% file src="../.gitbook/assets/lfi2.txt" %}
{% file src="../../.gitbook/assets/lfi2.txt" %}
A list that uses several techniques to find the file /etc/password \(to check if the vulnerability exists\) can be found [here](https://github.com/xmendez/wfuzz/blob/master/wordlist/vulns/dirTraversal-nix.txt)
@ -35,7 +35,7 @@ Using theses lists and deleting repetitions I have created a new one:
* [https://github.com/soffensive/windowsblindread/blob/master/windows-files.txt](https://github.com/soffensive/windowsblindread/blob/master/windows-files.txt)
* [http://awesomehackers.org/2018/05/11/path-traversal-cheat-sheet/](http://awesomehackers.org/2018/05/11/path-traversal-cheat-sheet/)
{% file src="../.gitbook/assets/winlfi.txt" %}
{% file src="../../.gitbook/assets/winlfi.txt" %}
A list that uses several techniques to find the file /boot.ini \(to check if the vulnerability exists\) can be found [here](https://github.com/xmendez/wfuzz/blob/master/wordlist/vulns/dirTraversal-win.txt)
@ -342,7 +342,7 @@ sed -i 's/\[tmp_name\] \=>/\[tmp_name\] =\&gt/g' phpinfolfi.py
You have to change also the **payload** at the beginning of the exploit \(for a php-rev-shell for example\), the **REQ1** \(this should point to the phpinfo page and should have the padding included, i.e.: _REQ1="""POST /install.php?mode=phpinfo&a="""+padding+""" HTTP/1.1\r_\), and **LFIREQ** \(this should point to the LFI vulnerability, i.e.: _LFIREQ="""GET /info?page=%s%%00 HTTP/1.1\r --_ Check the double "%" when exploiting null char\)
{% file src="../.gitbook/assets/lfi-with-phpinfo-assistance.pdf" %}
{% file src="../../.gitbook/assets/lfi-with-phpinfo-assistance.pdf" %}
#### Theory
@ -388,5 +388,5 @@ print('[x] Something went wrong, please try again')
[PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders)
{% file src="../.gitbook/assets/en-local-file-inclusion-1.pdf" %}
{% file src="../../.gitbook/assets/en-local-file-inclusion-1.pdf" %}

1020
pentesting-web/file-inclusion/lfi-linux-list.md Normal file
View File

File diff suppressed because it is too large Load Diff

2
pentesting/pentesting-web/README.md
View File

@ -369,7 +369,7 @@ Check for this vulnerabilities:
* \*\*\*\*[**Dangling Markup - HTML scriptless injection**](../../pentesting-web/dangling-markup-html-scriptless-injection.md)\*\*\*\*
* \*\*\*\*[**Deserialization**](../../pentesting-web/deserialization/)\*\*\*\*
* \*\*\*\*[**Email Header Injection**](../../pentesting-web/email-header-injection.md)\*\*\*\*
* \*\*\*\*[**File Inclusion**](../../pentesting-web/file-inclusion.md)\*\*\*\*
* \*\*\*\*[**File Inclusion**](../../pentesting-web/file-inclusion/)\*\*\*\*
* \*\*\*\*[**File Upload**](../../pentesting-web/file-upload/)\*\*\*\*
* \*\*\*\*[**IDOR**](../../pentesting-web/idor.md)\*\*\*\*
* \*\*\*\*[**JWT Vulnerabilities**](../../pentesting-web/hacking-jwt-json-web-tokens.md)\*\*\*\*

2
pentesting/pentesting-web/php-tricks-esp/README.md
View File

@ -125,7 +125,7 @@ Dos usuarios generados a la vez pueden tener la misma cookie \(si la cookie depe
When you have the **usernames** of teh users of the machine. Check the address: **/~<USERNAME>** to see if the php directories are activated.
\*\*\*\*[**LFI and RCE using php wrappers**](../../../pentesting-web/file-inclusion.md)\*\*\*\*
\*\*\*\*[**LFI and RCE using php wrappers**](../../../pentesting-web/file-inclusion/)\*\*\*\*
## Code execution