Exploitation
Payloads
Metasploit
Public exploits
SQL injection (SQLi)
- https://github.com/sqlmapproject/sqlmap
- Tamper agent scripts for sqlmap (WAF bypass): https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
- https://github.com/r0oth3x49/ghauri
Cross-site scripting (XSS)
Command Injection
SSRF
Destruction
There may be times during a hacktivist operation when you come to the end of your hack, you've fully compromised your target, exfiltrated everything you can/want and now before finally leaving the network and leaking all the targets secrets online you want to cause chaos and destruction. As was seen by Guacamaya where they used sdelete64.exe -accepteula -r -s C:\*
to wipe systems attached to Pronicos domain you might also want to do the same for Linux and Windows systems in your operations, maybe you want to recursively print a text file with your manifesto across a system/network, encrypt files beyond recovery or just delete everything.
See Chaos and Destruction for different ways to achieve this!