Exploitation: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 3: Line 3:
* https://github.com/swisskyrepo/PayloadsAllTheThings
* https://github.com/swisskyrepo/PayloadsAllTheThings
* https://github.com/payloadbox
* https://github.com/payloadbox
* WAF bypass payloads: https://github.com/waf-bypass-maker/waf-community-bypasses


=== Metasploit ===
=== Metasploit ===
* [https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html Install on server]
* Install on server: https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html


=== Public exploits ===
=== Public exploits ===
Line 14: Line 15:
* Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
* Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
* https://github.com/r0oth3x49/ghauri
* https://github.com/r0oth3x49/ghauri
* SQL Injection & XSS Playground: https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#classic-sql-injection


=== Cross-site scripting (XSS) ===
=== Cross-site scripting (XSS) ===
* https://github.com/s0md3v/XSStrike
* https://github.com/s0md3v/XSStrike
*https://github.com/mandatoryprogrammer/xsshunter
* https://github.com/mandatoryprogrammer/xsshunter
* https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground#xss


=== Command Injection ===
=== Command Injection ===
Line 24: Line 27:
=== SSRF ===
=== SSRF ===
* https://github.com/swisskyrepo/SSRFmap
* https://github.com/swisskyrepo/SSRFmap
= Destruction =
There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. As was seen by Guacamaya where they used <code>sdelete64.exe -accepteula -r -s C:\*</code> to wipe systems attached to Pronicos domain you might also want to do the same for Linux and windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.
See [[Chaos and Destruction]] for different ways to achieve this!

Latest revision as of 14:33, 1 August 2023

Payloads

Metasploit

Public exploits

SQL injection (SQLi)

Cross-site scripting (XSS)

Command Injection

SSRF

Retrieved from "https://enlacehacktivista.org/index.php?title=Exploitation&oldid=1333"