Pentesting
  • API Pentesting
  • Pivoting techniques
  • Aquatone
  • NOSQL injections
  • Basic LDAP Injection
  • Basic authentication bypass
  • SERVER SIDE REQUEST FORGERY (SSRF)
  • SQL injections
  • SSTI
  • Easy - No Protections
  • GENERAL INFORMATION
  • XML External Entity (XXE) Injection Payloads
  • Post exploitation techniques
  • Hashcat Cheatsheet
  • John The Ripper Cheatsheet
  • Cracking files
  • Wordlists & co.
  • WinRM (Windows Remote Management) Pentesting
  • API windows
  • Command find priv /esc
  • Crawl/Fuzz
  • HTTP Request Smuggling
  • Api keys
  • Pivoting, Tunneling, and Port Forwarding
  • Shells & Payloads
  • API Recon
  • API Token Attacks
Powered by GitBook
On this page

GENERAL INFORMATION

PreviousEasy - No ProtectionsNextXML External Entity (XXE) Injection Payloads

Last updated 1 year ago

MISC - Tricks # Checking program/binary protections checksec --file ./binary # Getting more informations about an ELF readelf -a ./binary # Gettign system() adress # Can be simple objdump -D ./binary | grep system # Getting known string ("GNU" for example) # Look for objdump -s ./binary # Getting padding using pwntools >> from pwn import * # Generate pattern >> cyclic(400) ## Find offset where SIGSEGV >> find_cyclic('<RSPoffset>') >> find_cyclic('yaac') # You can list gadgets using ROPGadgets.py # And then look for one you want ./ROPgadget.py --binary ./binary

Page cover image