mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 07:04:22 +00:00
Randomness mt_rand + Analytics
This commit is contained in:
parent
1dae291696
commit
99f3557415
4 changed files with 22 additions and 4 deletions
1
.github/overrides/main.html
vendored
1
.github/overrides/main.html
vendored
|
@ -14,6 +14,7 @@
|
||||||
</div>
|
</div>
|
||||||
<br>
|
<br>
|
||||||
<script async src="https://static.addtoany.com/menu/page.js"></script>
|
<script async src="https://static.addtoany.com/menu/page.js"></script>
|
||||||
|
<script defer src="https://cloud.umami.is/script.js" data-website-id="82be5164-e1f3-4cb0-bd22-20e02086d3d4"></script>
|
||||||
</div>
|
</div>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
|
|
@ -104,6 +104,7 @@ A self-hosted runner for GitHub Actions is a machine that you manage and maintai
|
||||||
|
|
||||||
Scan a public GitHub Organization for Self-Hosted Runners
|
Scan a public GitHub Organization for Self-Hosted Runners
|
||||||
|
|
||||||
|
* [AdnaneKhan/Gato-X](https://github.com/AdnaneKhan/Gato-X) - Fork of Gato - Gato (Github Attack TOolkit) - Extreme Edition
|
||||||
* [praetorian-inc/gato](https://github.com/praetorian-inc/gato) - GitHub Actions Pipeline Enumeration and Attack Tool
|
* [praetorian-inc/gato](https://github.com/praetorian-inc/gato) - GitHub Actions Pipeline Enumeration and Attack Tool
|
||||||
```ps1
|
```ps1
|
||||||
gato -s enumerate -t targetOrg -oJ target_org_gato.json
|
gato -s enumerate -t targetOrg -oJ target_org_gato.json
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
* [GUID Versions](#guid-versions)
|
* [GUID Versions](#guid-versions)
|
||||||
* [Mongo ObjectId](#mongo-objectid)
|
* [Mongo ObjectId](#mongo-objectid)
|
||||||
* [Uniqid](#uniqid)
|
* [Uniqid](#uniqid)
|
||||||
|
* [mt_rand](#mt_rand)
|
||||||
* [Other](#other)
|
* [Other](#other)
|
||||||
* [References](#references)
|
* [References](#references)
|
||||||
|
|
||||||
|
@ -133,6 +134,20 @@ for token in tokens:
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## mt_rand
|
||||||
|
|
||||||
|
Breaking mt_rand() with two output values and no bruteforce.
|
||||||
|
|
||||||
|
* [ambionics/mt_rand-reverse](https://github.com/ambionics/mt_rand-reverse) - Script to recover mt_rand()'s seed with only two outputs and without any bruteforce.
|
||||||
|
|
||||||
|
```ps1
|
||||||
|
./display_mt_rand.php 12345678 123
|
||||||
|
712530069 674417379
|
||||||
|
|
||||||
|
./reverse_mt_rand.py 712530069 674417379 123 1
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Other
|
## Other
|
||||||
|
|
||||||
Other bad ideas that are sometimes shipped into production.
|
Other bad ideas that are sometimes shipped into production.
|
||||||
|
@ -149,11 +164,12 @@ Generic identification and sandwitch attack:
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
### References
|
## References
|
||||||
|
|
||||||
* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust)
|
* [In GUID We Trust - Daniel Thatcher - October 11, 2022](https://www.intruder.io/research/in-guid-we-trust)
|
||||||
* [IDOR through MongoDB Object IDs Prediction - Amey Anekar - August 25, 2020](https://techkranti.com/idor-through-mongodb-object-ids-prediction/)
|
* [IDOR through MongoDB Object IDs Prediction - Amey Anekar - August 25, 2020](https://techkranti.com/idor-through-mongodb-object-ids-prediction/)
|
||||||
* [[FR] Secret basé sur le temps non sécurisé et attaque par sandwich - Analyse de mes recherches et publication de l’outil “Reset Tolkien” - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-fr.html)
|
* [[FR] Secret basé sur le temps non sécurisé et attaque par sandwich - Analyse de mes recherches et publication de l’outil “Reset Tolkien” - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-fr.html)
|
||||||
* [[EN] Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html)
|
* [[EN] Unsecure time-based secret and Sandwich Attack - Analysis of my research and release of the “Reset Tolkien” tool - Tom CHAMBARETAUD / @AethliosIK - 2 apr 2024](https://www.aeth.cc/public/Article-Reset-Tolkien/secret-time-based-article-en.html)
|
||||||
* [Secret non sécurisé basé sur le temps et attaques par sandwich - Tom CHAMBARETAUD aka Aethlios](#)
|
* [Secret non sécurisé basé sur le temps et attaques par sandwich - Tom CHAMBARETAUD aka Aethlios](#)
|
||||||
* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - Oct 18, 2023](https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01)
|
* [Exploiting Weak Pseudo-Random Number Generation in PHP’s rand and srand Functions - Jacob Moore - Oct 18, 2023](https://medium.com/@moorejacob2017/exploiting-weak-pseudo-random-number-generation-in-phps-rand-and-srand-functions-445229b83e01)
|
||||||
|
* [Breaking PHP's mt_rand() with 2 values and no bruteforce - Charles Fol - 06 January, 2020](https://www.ambionics.io/blog/php-mt-rand-prediction)
|
|
@ -44,8 +44,8 @@ theme:
|
||||||
# - navigation.path
|
# - navigation.path
|
||||||
|
|
||||||
extra_css:
|
extra_css:
|
||||||
- custom.css
|
- custom.css
|
||||||
|
|
||||||
markdown_extensions:
|
markdown_extensions:
|
||||||
- tables
|
- tables
|
||||||
- attr_list
|
- attr_list
|
||||||
|
|
Loading…
Reference in a new issue