resources-exploit-web.md

Web Exploitation Resources

ToC

• SQLi
• XXE
• SSRF

Guides

• steal ntlm hash file download
• RCE by uploading a web.config
• An Exploration of JSON Interoperability Vulnerabilities
• Abusing GitLab Runners
  • abuse github/gitlab CI/CD pipelines for remote code execution

Talks

• Attacking Modern Web Tech - Frans Rosen
• Attacking Secondary Contexts in Web Applications

Frameworks

• six2dez/reconftw
• 1N3/Sn1per
• j3ssie/Osmedeus
• lanmaster53/recon-ng
• pry0cc/axiom

Tools

• Tplmap - Code and Template Injection (SSTI)
• ssrfTest (daeken)
• httprebind (daeken)
• docem - automated xxe document embed'r
• CMSeeK
• evilarc
• galer
• Altair GraphQL Client
• gopherus
  • Tool to generate link for exploiting SSRF to RCE
• gmapsapiscanner
  • Check leaked/found Google Maps API Key is vulnerable to unauthorized access
• jwt.io
  • online jwt parser
• ticarpi/jwt_tool
  • A toolkit for testing, tweaking and cracking JSON Web Tokens
• streaak/keyhacks
  • Leaked API Key abuse database
• dwisiswant0/ipfuscator
  • desc: A blazing-fast, thread-safe, straightforward and zero memory allocations tool to swiftly generate alternative IP(v4) address representations in Go.

• bitquark/shortscan
  • desc: An IIS short filename enumeration tool

Authentication

• iangcarroll/cookiemonster
  • desc: 🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions

API

• postman api hacker
• brendan-rius/c-jwt-cracker
• assetnote/kiterunner

Javascript

• BishopFox/jsluice
  • desc: Extract URLs, paths, secrets, and other interesting bits from JavaScript

Command Injection

• without spaces - betterhacker
• Command Injection Payload List
• commix
• Shelling
• image-upload-exploits
  • ghost script, svg, etc payloads for file upload testing

Deserialization

• Java Deserialization Cheat Sheet (GrrrDog)
• GadgetProbe

• GrrrDog/Java-Deserialization-Cheat-Sheet
  • desc: The cheat sheet about Java Deserialization vulnerabilities

PHP

PHP Magic Hashes

• https://www.whitehatsec.com/blog/magic-hashes/
• http://turbochaos.blogspot.com/2013/08/exploiting-exotic-bugs-php-type-juggling.html
• https://pen-testing.sans.org/blog/2014/12/18/php-weak-typing-woes-with-some-pontification-about-code-and-pen-testing

PHP Frameworks

• Fragments RCE SYMFONY - (ambionics)

PHP Mail Exploitation

• Pwning PHP Mail For Fun and RCE (exploitbox.io)
• Why Mail is Dangerous in PHP (RIPS)

Password Reset Vulnerabilities

• 10 Password Reset Vulnerabilities (CyPH3R)

Business Logic

• OpenApiScanner (ngalog)

Recon

• dnscan
• wappalyzer
• dvcs-ripper - download git/svn

Shells

• tennc/webshell
• xl7dev WebShell
• tennc webshells
• payloads - foospidy
• tplmap - template injection
• chankro - php safe function bypass
• xxeinjector - automated xxe injection
• nccgroup - iis web shell alt file type

Burp

• Awesome Burp Extensions
• IP Rotate Burp Extension
• awesome burpsuite

Research

• Smuggling HTTP Headers through Reverse Proxies
• Exploiting Squid Proxies
• Abusing HTTP Hop by Hop Request Headers
• Solr Injection
• pwn_jenkins
  • Notes about attacking Jenkins servers

Chal

• prompt.ml