Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-22 03:53:03 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update Cheat Sheet.md

Browse source
This commit is contained in:
ARZ 2021-07-12 23:58:08 +05:00 committed by GitHub
parent 46e2cf9e54
commit fa33cdc456
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
Cheat Sheet.md
View file

@ -563,6 +563,21 @@ To get a RCE
* Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell. * Goto `Appearance` -> `Editor` Select the 404.php template of the current theme and paste php reverse-shell.
* Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one) * Then navigate to `http://ip/wp-content/themes/twentyfifteen/404.php` (theme name can be twentytwenty for the latest one)
### Apache Tomcat
```
If we have access to /manager/html , we can upload a WAR payload (arz.war) and access it through http://ip/arz
```
#### Apache Tomcat used with nginx
```
If we nginx is being used as a reverse proxy to apache tom we can abuse it through Path Traversal Trough Reverse Proxy Mapping
```
https://www.acunetix.com/vulnerabilities/web/tomcat-path-traversal-via-reverse-proxy-mapping/
https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf
# Wordlists # Wordlists
### Directory Bruteforcing ### Directory Bruteforcing