PayloadsAllTheThings

mirror of https://github.com/swisskyrepo/PayloadsAllTheThings synced 2024-06-30 19:02:55 +00:00

Author	SHA1	Message	Date
Alexandre ZANNI	7e2fa15462	Blind NoSQL scripts - add missing menu item - use better string interpolation for python script - add ruby script	2022-09-23 00:36:41 +02:00
Swissky	2d30e22121	DPAPI - Data Protection API	2022-09-23 00:35:34 +02:00
Swissky	6b76c452a7	Merge pull request #544 from Processus-Thief/master update hekatomb to install with pip	2022-09-22 16:12:23 +02:00
Processus Thief	8d564ff78b	update hekatomb to install with pip hekatomb is now available on pypi to simplify its installation	2022-09-22 16:10:20 +02:00
Swissky	097756da1c	Merge pull request #543 from noraj/patch-1 add 3 template engines + add lang in menu	2022-09-21 11:42:32 +02:00
Alexandre ZANNI	3e68276fb7	add 3 template engines + add lang in menu	2022-09-21 11:28:57 +02:00
Swissky	c3421582bc	Merge pull request #542 from Processus-Thief/master Adding Hekatomb.py to DPAPI credentials stealing	2022-09-20 22:31:07 +02:00
Processus Thief	885f8bdb8f	Adding Hekatomb.py to DPAPI credentials stealing Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers. Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials. More infos here : https://github.com/Processus-Thief/HEKATOMB	2022-09-20 16:56:07 +02:00
Swissky	267713c0fb	YAML Deserialization	2022-09-16 16:37:40 +02:00
Swissky	e677f07197	Merge pull request #539 from dhmosfunk/master add a new tool for manually http request smuggling exploitation	2022-09-16 08:53:00 +02:00
Dhmos Funk	b4e7add674	add simple http smuggler generator for easiest manually exploitation	2022-09-16 02:30:57 +03:00
Dhmos Funk	d5aed653e8	Update README.md	2022-09-14 18:05:31 +03:00
Swissky	b8afbc8f92	Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings	2022-09-13 22:04:58 +02:00
Swissky	c7dd67986c	Oracle SQL	2022-09-13 22:04:21 +02:00
Swissky	d32c48bad8	Merge pull request #538 from clem9669/master XSS: Adding brutelogic polyglot	2022-09-13 15:03:34 +02:00
clem9669	88134256c8	Adding brutelogic polyglot Adding brutelogic polyglot from blog post.	2022-09-13 11:58:10 +00:00
Swissky	0ca060c049	Merge pull request #537 from dhmosfunk/master Update the Postgresql time based payloads for database,table,columns extract	2022-09-10 16:44:20 +02:00
Dhmos Funk	aa89a909d1	Update PostgreSQL Injection.md	2022-09-10 15:56:31 +03:00
Swissky	38fa931b84	Merge pull request #525 from mrThe/patch-1 Add boolean-error-based vector for the sqlite	2022-09-07 14:02:54 +02:00
Swissky	7663594118	Update SQLite Injection.md	2022-09-07 14:02:38 +02:00
Swissky	e11a37e6a2	Merge pull request #515 from vladko312/patch-1 Added a new SSTI tool	2022-09-07 14:01:09 +02:00
Swissky	d24e3f2d61	Merge pull request #497 from kz-cyber/xss/angular-xss-2 [update] Angular XSS payload	2022-09-07 00:34:29 +02:00
Swissky	b6e7210ee0	Merge pull request #501 from fantesykikachu/win-p3-revshell Add Windows Python3 Reverse Shell	2022-09-06 23:23:50 +02:00
Swissky	86e8feca7c	Merge pull request #499 from p3n7a90n/NosqliPayloads Added basic SSJI paylods	2022-09-06 23:17:12 +02:00
Swissky	26e9cb6dc1	Merge pull request #504 from MilyMilo/master Add new ruby yaml gadget chain	2022-09-06 23:16:13 +02:00
Swissky	fb7f10eab8	Merge pull request #485 from ajdumanhug/master SSRF: Don't encode entire IP	2022-09-06 23:15:20 +02:00
Swissky	8d609b1460	Update README.md	2022-09-06 23:15:12 +02:00
Swissky	84fa229a44	Merge pull request #463 from nismo-s13/master Delete Parser & Curl < 7.54.png	2022-09-06 23:13:55 +02:00
Swissky	3e8ef29223	Merge pull request #536 from CravateRouge/patch-1 Update bloodyAD attacks	2022-09-06 19:32:21 +02:00
CravateRouge	dad7362da6	Update bloodyAD attacks	2022-09-06 19:13:34 +02:00
Swissky	191a72c57e	Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings	2022-09-06 10:05:16 +02:00
Swissky	2be739ea4f	Fixing TGS/ST	2022-09-06 10:03:49 +02:00
Swissky	bdc2d55dd9	Merge pull request #533 from 0xsyr0/patch-1 Quick fix for WSUS malicious patch	2022-09-04 20:54:17 +02:00
Swissky	9e2471a472	SCCM Network Account	2022-09-04 20:51:23 +02:00
Swissky	fae02107df	Jetty RCE Credits	2022-09-04 14:24:16 +02:00
Swissky	4bc5f724b2	Moving learning resources into a specific folder	2022-09-03 16:17:23 +02:00
Swissky	811863501b	ESC9 - No Security Extension	2022-09-03 12:07:24 +02:00
Swissky	b1c46228c2	Merge pull request #535 from Techbrunch/patch-11 Add Django Templates SSTI	2022-08-30 14:43:38 +02:00
Techbrunch	7850928d41	Add detection	2022-08-30 13:54:59 +02:00
Techbrunch	871b3bcaf2	Add Django Templates SSTI	2022-08-30 13:50:03 +02:00
0xsry0	343d63f79f	Quick fix for WSUS malicious patch Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.	2022-08-24 09:10:55 +02:00
Swissky	fbd7517e04	LFI2RCE - Picture Compression - SOCKS5 CS	2022-08-21 16:38:54 +02:00
Swissky	e7af5aeb84	Merge pull request #532 from wlayzz/patch-2 Update java ssti	2022-08-19 16:25:00 +02:00
Wlayzz	961d935623	Update java ssti fix little inattention	2022-08-19 16:22:39 +02:00
Swissky	b25f461b6e	Merge pull request #531 from wlayzz/patch-1 Update Java SSTI	2022-08-19 15:16:46 +02:00
Wlayzz	8d70f262ae	Update Java SSTI Adding variable expressions alternative for java injection	2022-08-19 15:04:52 +02:00
Swissky	804920be62	Source Code Management	2022-08-18 10:43:01 +02:00
Swissky	abc78a6a67	Merge pull request #528 from denandz/patch-1 Add multipart/form-data CSRF technique	2022-08-17 14:24:34 +02:00
DoI	b3e6220da6	Add multipart/form-data CSRF technique	2022-08-17 09:29:05 +12:00
Swissky	6650c361e7	Capture a network trace with builtin tools	2022-08-15 15:02:29 +02:00

1 2 3 4 5 ...

1508 Commits