Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-21 19:43:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
AbdullahRizwan101 2020-12-09 17:11:54 -05:00 committed by GitHub
parent fd1a7051d8
commit 760d34d25d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Cheat Sheet.md
View file

@ -181,14 +181,6 @@ run getgui -u [USER_NAME] -p [PASS]
### Extracting information from repository
`./extractor.sh <location_folder_having_.git_init> <extract_to_a_folder>`
# Wordpress
using wpscan we can find users or do some further enumeration of wordpress version
* `wpscan -e --url http://<ip>/wordpress -e u` Enumerate Users
* `wpscan -e --url http://<ip>/wordpress -e ap` Enumearte All plugins
To bruteforce passwords
* `wpscan --url <ip> -U user_file_path -P password_file_path`
# Web
### XSS to RCE
```
@ -212,6 +204,19 @@ Here `api-endpoint` can be for example `/api/v1/resources/books\?FUZZ\=.bash_his
### Web Shell Bash
`bash -c "<bash_rev_shell>"`
### Wordpress
using wpscan we can find users or do some further enumeration of wordpress version
* `wpscan -e --url http://<ip>/wordpress -e u` Enumerate Users
* `wpscan -e --url http://<ip>/wordpress -e ap` Enumearte All plugins
To bruteforce passwords
* `wpscan --url <ip> -U user_file_path -P password_file_path`
After logging into the wordpress dashboard , we can edit theme's 404.php page with a php revershell
`http://<ip>/wordpress/wp-content/themes/twentytwenty/404.php`
# Wordlists
### Directory Bruteforcing