-
https://book.hacktricks.xyz/pentesting-web/abusing-hop-by-hop-headers
Currently we rather naively copy all headers from the downstream request. I would guess most of the hop-by-hop headers are alre…
-
Hello, I am using evil-winrm on kali linux ,connected to the Forest dc machine of HTB
I have downloaded to my kali machine the latest version of sharphound.ps1 in order to use it in evil-winrm. Also…
-
We are looking for contributors!
JWT attacks involve a user sending modified JWTs to the server to accomplish a malicious goal.
Typically, the goal is to circumvent authentication and access contr…
-
Place where we can put various links for quick access
-
# PHAR deserialization allowing remote code execution
## Description
`Gregwar\Image` is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fi…
-
Server-side template injection is a type of code injection that allows an attacker to execute malicious code on a web server by injecting template directives. By manipulating these directives, an atta…
-
Keypoints:
- /phpinfo --> got user name info "Shenzi"
- One useful tip for lab machines is to try out any useful keywords you’ve identified so far **to identify directories, usernames or passwords**…
-
Keypoints:
- wpscan didn:t give useful info
- FFUF find /filemanager path, access with admin:admin, upload a reverse shell php file and find dora credentails info
- [PE] disk group
-
## Requirements:
1. A way to send config to wireguard from embedded config
2. A way to trigger and/or detect the VPN via URI
3. Detect if wireguard is installed and notify user to download from a…
-
The current GitHub Actions cache poisoning section (https://cloud.hacktricks.xyz/pentesting-ci-cd/github-security/abusing-github-actions/gh-actions-cache-poisoning) is a bit light on details.
I've …