mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 14:10:41 +00:00
GitBook: [master] 2 pages modified
This commit is contained in:
parent
31675d55e7
commit
fd99e2065f
2 changed files with 19 additions and 14 deletions
|
@ -219,9 +219,13 @@ xmlns:php="http://php.net/xsl" >
|
|||
|
||||
Execute code using other frameworks in the PDF
|
||||
|
||||
### **References**
|
||||
### **More Languages**
|
||||
|
||||
[XSLT\_SSRF](https://feelsec.info/wp-content/uploads/2018/11/XSLT_SSRF.pdf)
|
||||
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf)
|
||||
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf)
|
||||
**In this page you can find examples of RCE in other languajes:** [**https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt\_injection\#C%23%2FVB.NET%2FASP.NET**](https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection#C%23%2FVB.NET%2FASP.NET) **\(C\#, Java, PHP\)**
|
||||
|
||||
## **References**
|
||||
|
||||
* [XSLT\_SSRF](https://feelsec.info/wp-content/uploads/2018/11/XSLT_SSRF.pdf)
|
||||
* [http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf)
|
||||
* [http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf)
|
||||
|
||||
|
|
|
@ -121,9 +121,9 @@ python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/t
|
|||
|
||||
[https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)
|
||||
|
||||
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.
|
||||
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go \(golang\). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.
|
||||
|
||||
You can do port forwarding (bind & reverse), create a socks proxy (bind & reverse).
|
||||
You can do port forwarding \(bind & reverse\), create a socks proxy \(bind & reverse\).
|
||||
|
||||
```bash
|
||||
root@kali:/opt# git clone https://github.com/jpillora/chisel.git
|
||||
|
@ -152,10 +152,11 @@ root@kali:/opt/chisel# ./chisel --help
|
|||
![](https://0xdf.gitlab.io/img/chisel-2.webp)
|
||||
|
||||
Read more:
|
||||
- https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html (Blog by Oxdf)
|
||||
- https://github.com/jpillora/chisel
|
||||
- https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s (HTB Reddish by ippsec)
|
||||
- https://0xdf.gitlab.io/2019/01/26/htb-reddish.html (HTB Reddish by 0xdf)
|
||||
|
||||
* [https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html](https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html) \(Blog by Oxdf\)
|
||||
* [https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)
|
||||
* [https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s](https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s) \(HTB Reddish by ippsec\)
|
||||
* [https://0xdf.gitlab.io/2019/01/26/htb-reddish.html](https://0xdf.gitlab.io/2019/01/26/htb-reddish.html) \(HTB Reddish by 0xdf\)
|
||||
|
||||
## Rpivot
|
||||
|
||||
|
|
Loading…
Reference in a new issue