From 0b90094002068f7d6ab9f059e587507353f9e2bc Mon Sep 17 00:00:00 2001 From: Vincent Gilles <16140019+Rude-Monkey@users.noreply.github.com> Date: Sat, 17 Oct 2020 22:47:20 +0200 Subject: [PATCH] Fix(Docs): Correcting typos on the repo --- API Key Leaks/README.md | 4 +-- Account Takeover/README.md | 4 +-- Insecure Source Code Management/README.md | 2 +- Kubernetes/readme.md | 2 +- .../Active Directory Attack.md | 2 +- .../Cloud - AWS Pentest.md | 2 +- .../Network Discovery.md | 4 +-- .../Windows - Mimikatz.md | 2 +- Open Redirect/README.md | 2 +- SQL Injection/README.md | 2 +- Server Side Template Injection/README.md | 6 ++-- Web Cache Deception/README.md | 2 +- XSS Injection/README.md | 32 +++++++++---------- XXE Injection/Files/XXE PHP Wrapper.xml | 2 +- XXE Injection/README.md | 4 +-- 15 files changed, 36 insertions(+), 36 deletions(-) diff --git a/API Key Leaks/README.md b/API Key Leaks/README.md index b3768b0..bb8ad5b 100644 --- a/API Key Leaks/README.md +++ b/API Key Leaks/README.md @@ -1,6 +1,6 @@ # API Key Leaks -> The API key is a unique identifier that is used to authenticate requests associated with your project. Some developpers might hardcode them or leave it on public shares. +> The API key is a unique identifier that is used to authenticate requests associated with your project. Some developers might hardcode them or leave it on public shares. ## Summary @@ -27,7 +27,7 @@ ## Exploit -The following commands can be used to takeover accounts or extract personnal informations from the API using the leaked token. +The following commands can be used to takeover accounts or extract personal information from the API using the leaked token. ### Google Maps diff --git a/Account Takeover/README.md b/Account Takeover/README.md index f534ccb..c23568a 100644 --- a/Account Takeover/README.md +++ b/Account Takeover/README.md @@ -20,7 +20,7 @@ 1. Request password reset to your email address 2. Click on the password reset link -3. Dont change password +3. Don't change password 4. Click any 3rd party websites(eg: Facebook, twitter) 5. Intercept the request in Burp Suite proxy 6. Check if the referer header is leaking password reset token. @@ -115,7 +115,7 @@ Refer to **HTTP Request Smuggling** vulnerability page. 3. Final request could look like the following ```powershell GET / HTTP/1.1 - Transfert-Encoding: chunked + Transfer-Encoding: chunked Host: something.com User-Agent: Smuggler/v1.0 Content-Length: 83 diff --git a/Insecure Source Code Management/README.md b/Insecure Source Code Management/README.md index a081494..79090ca 100644 --- a/Insecure Source Code Management/README.md +++ b/Insecure Source Code Management/README.md @@ -30,7 +30,7 @@ Check for the following files, if they exist you can extract the .git folder. ### Github example with a .git 1. Check 403 error (Forbidden) for .git or even better : a directory listing -2. Git saves all informations in log file .git/logs/HEAD (try 'head' in lowercase too) +2. Git saves all information in log file .git/logs/HEAD (try 'head' in lowercase too) ```powershell 0000000000000000000000000000000000000000 15ca375e54f056a576905b41a417b413c57df6eb root 1455532500 +0000 clone: from https://github.com/fermayo/hello-world-lamp.git 15ca375e54f056a576905b41a417b413c57df6eb 26e35470d38c4d6815bc4426a862d5399f04865c Michael 1489390329 +0000 commit: Initial. diff --git a/Kubernetes/readme.md b/Kubernetes/readme.md index 984d621..029a503 100644 --- a/Kubernetes/readme.md +++ b/Kubernetes/readme.md @@ -14,7 +14,7 @@ - [Impersonating a Privileged Account](#impersonating-a-privileged-account) - [Privileged Service Account Token](#privileged-service-account-token) - [Interesting endpoints to reach](#interesting-endpoints-to-reach) -- [API addresses that you should know](#api-adresses-that-you-should-know) +- [API addresses that you should know](#api-addresses-that-you-should-know) - [References](#references) ## Tools diff --git a/Methodology and Resources/Active Directory Attack.md b/Methodology and Resources/Active Directory Attack.md index f8f911b..eb80a30 100644 --- a/Methodology and Resources/Active Directory Attack.md +++ b/Methodology and Resources/Active Directory Attack.md @@ -1670,7 +1670,7 @@ PXE allows a workstation to boot from the network by retrieving an operating sys PS > Get-PXECreds -InterfaceAlias « lab 0 » # Wait for the DHCP to get an address - >> Get a valid IP adress + >> Get a valid IP address >>> >>> DHCP proposal IP address: 192.168.22.101 >>> >>> DHCP Validation: DHCPACK >>> >>> IP address configured: 192.168.22.101 diff --git a/Methodology and Resources/Cloud - AWS Pentest.md b/Methodology and Resources/Cloud - AWS Pentest.md index 3c0e6e5..094c10a 100644 --- a/Methodology and Resources/Cloud - AWS Pentest.md +++ b/Methodology and Resources/Cloud - AWS Pentest.md @@ -472,7 +472,7 @@ https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attac > Using the extracted information, the tool will generate a forged SAML token as an arbitrary user that can then be used to authenticate to Office 365 without knowledge of that user's password. This attack also bypasses any MFA requirements. Requirement: -* Token-signing private key (export from personnal store using Mimikatz) +* Token-signing private key (export from personal store using Mimikatz) * IdP public certificate * IdP name * Role name (role to assume) diff --git a/Methodology and Resources/Network Discovery.md b/Methodology and Resources/Network Discovery.md index bf050ed..c296724 100644 --- a/Methodology and Resources/Network Discovery.md +++ b/Methodology and Resources/Network Discovery.md @@ -139,11 +139,11 @@ cat masscan_machines.tmp | grep open | cut -d " " -f4 | sort -u > masscan_machin sudo masscan --rate 1000 --interface tap0 --router-ip $ROUTER_IP -p1-65535,U:1-65535 $MACHINE_IP --banners -oL $MACHINE_IP/scans/masscan-ports.lst -# TCP grab banners and services informations +# TCP grab banners and services information TCP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep tcp | cut -d " " -f3 | tr '\n' ',' | head -c -1) [ "$TCP_PORTS" ] && sudo nmap -sT -sC -sV -v -Pn -n -T4 -p$TCP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_tcp $MACHINE_IP -# UDP grab banners and services informations +# UDP grab banners and services information UDP_PORTS=$(cat $MACHINE_IP/scans/masscan-ports.lst| grep open | grep udp | cut -d " " -f3 | tr '\n' ',' | head -c -1) [ "$UDP_PORTS" ] && sudo nmap -sU -sC -sV -v -Pn -n -T4 -p$UDP_PORTS --reason --version-intensity=5 -oA $MACHINE_IP/scans/nmap_udp $MACHINE_IP ``` diff --git a/Methodology and Resources/Windows - Mimikatz.md b/Methodology and Resources/Windows - Mimikatz.md index 32e729d..f103759 100644 --- a/Methodology and Resources/Windows - Mimikatz.md +++ b/Methodology and Resources/Windows - Mimikatz.md @@ -206,7 +206,7 @@ Mimikatz in memory (no binary on disk) with : - [Invoke-Mimikatz](https://raw.githubusercontent.com/PowerShellEmpire/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1) from PowerShellEmpire - [Invoke-Mimikatz](https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1) from PowerSploit -More informations can be grabbed from the Memory with : +More information can be grabbed from the Memory with : - [Invoke-Mimikittenz](https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1) diff --git a/Open Redirect/README.md b/Open Redirect/README.md index 57365b0..d74315f 100644 --- a/Open Redirect/README.md +++ b/Open Redirect/README.md @@ -21,7 +21,7 @@ https://famous-website.tld/signup?redirectUrl=https://famous-website.tld/account After signing up you get redirected to your account, this redirection is specified by the `redirectUrl` parameter in the URL. What happens if we change the `famous-website.tld/account` to `evil-website.tld`? -```powerhshell +```powershell https://famous-website.tld/signup?redirectUrl=https://evil-website.tld/account ``` diff --git a/SQL Injection/README.md b/SQL Injection/README.md index 15bb292..dfa09e5 100644 --- a/SQL Injection/README.md +++ b/SQL Injection/README.md @@ -225,7 +225,7 @@ tamper=name_of_the_tamper |concat2concatws.py | Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)'| |charencode.py | Url-encodes all characters in a given payload (not processing already encoded) | |charunicodeencode.py | Unicode-url-encodes non-encoded characters in a given payload (not processing already encoded) | -|equaltolike.py | Replaces all occurances of operator equal ('=') with operator 'LIKE' | +|equaltolike.py | Replaces all occurrences of operator equal ('=') with operator 'LIKE' | |escapequotes.py | Slash escape quotes (' and ") | |greatest.py | Replaces greater than operator ('>') with 'GREATEST' counterpart | |halfversionedmorekeywords.py | Adds versioned MySQL comment before each keyword | diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md index 643d7df..4e3be42 100644 --- a/Server Side Template Injection/README.md +++ b/Server Side Template Injection/README.md @@ -1,6 +1,6 @@ # Templates Injections -> Template injection allows an attacker to include template code into an existant (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages +> Template injection allows an attacker to include template code into an existing (or not) template. A template engine makes designing HTML pages easier by using static template files which at runtime replaces variables/placeholders with actual values in the HTML pages ## Summary @@ -387,7 +387,7 @@ Source: https://jinja.palletsprojects.com/en/2.11.x/templates/#debug-statement ### Jinja2 - Remote Code Execution -Listen for connexion +Listen for connection ```bash nv -lnvp 8000 @@ -475,7 +475,7 @@ Bypassing most common filters ('.','_','|join','[',']','mro' and 'base') by http {{ request }} would return a request object like com.[...].context.TemplateContextRequest@23548206 ``` -Jinjava is an open source project developped by Hubspot, available at [https://github.com/HubSpot/jinjava/](https://github.com/HubSpot/jinjava/) +Jinjava is an open source project developed by Hubspot, available at [https://github.com/HubSpot/jinjava/](https://github.com/HubSpot/jinjava/) ### Jinjava - Command execution diff --git a/Web Cache Deception/README.md b/Web Cache Deception/README.md index ade7166..70ec347 100644 --- a/Web Cache Deception/README.md +++ b/Web Cache Deception/README.md @@ -37,7 +37,7 @@ Video of the attack by Omer Gil - Web Cache Deception Attack in PayPal Home Page Header: X-Original-URL (Symfony) Header: X-Rewrite-URL (Symfony) ``` -2. Cache poisonning attack - Example for `X-Forwarded-Host` unkeyed input (remember to use a buster to only cache this webpage instead of the main page of the website) +2. Cache poisoning attack - Example for `X-Forwarded-Host` unkeyed input (remember to use a buster to only cache this webpage instead of the main page of the website) ```js GET /test?buster=123 HTTP/1.1 Host: target.com diff --git a/XSS Injection/README.md b/XSS Injection/README.md index f6bb8d0..21af4b7 100644 --- a/XSS Injection/README.md +++ b/XSS Injection/README.md @@ -227,7 +227,7 @@ javascript:prompt(1) javascript:confirm(1) -We can encode the "javacript:" in Hex/Octal +We can encode the "javascript:" in Hex/Octal \x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x3aalert(1) \u006A\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003aalert(1) \152\141\166\141\163\143\162\151\160\164\072alert(1) @@ -824,7 +824,7 @@ javascript:([,ウ,,,,ア]=[]+{},[ネ,ホ,ヌ,セ,,ミ,ハ,ヘ,,,ナ]=[!!ウ]+! ### Bypass using Lontara -```javscript +```javascript ᨆ='',ᨊ=!ᨆ+ᨆ,ᨎ=!ᨊ+ᨆ,ᨂ=ᨆ+{},ᨇ=ᨊ[ᨆ++],ᨋ=ᨊ[ᨏ=ᨆ],ᨃ=++ᨏ+ᨆ,ᨅ=ᨂ[ᨏ+ᨃ],ᨊ[ᨅ+=ᨂ[ᨆ]+(ᨊ.ᨎ+ᨂ)[ᨆ]+ᨎ[ᨃ]+ᨇ+ᨋ+ᨊ[ᨏ]+ᨅ+ᨇ+ᨂ[ᨆ]+ᨋ][ᨅ](ᨎ[ᨆ]+ᨎ[ᨏ]+ᨊ[ᨃ]+ᨋ+ᨇ+"(ᨆ)")() ``` @@ -997,25 +997,25 @@ Works for CSP like `script-src 'self' data:` ### Cloudflare XSS Bypasses by [@Bohdan Korzhynskyi](https://twitter.com/bohdansec) -#### 21st april 2020 +#### 21st April 2020 ```html ``` -#### 22nd august 2019 +#### 22nd August 2019 ```html ``` -#### 3rd june 2019 +#### 3rd June 2019 ```html @@ -1023,19 +1023,19 @@ Works for CSP like `script-src 'self' data:` xss'">