Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-09-04 18:29:25 +00:00 committed by gitbook-bot
parent 31675d55e7
commit fd99e2065f
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 19 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md
View file

@ -219,9 +219,13 @@ xmlns:php="http://php.net/xsl" >
Execute code using other frameworks in the PDF
### **References**
### **More Languages**
[XSLT\_SSRF](https://feelsec.info/wp-content/uploads/2018/11/XSLT_SSRF.pdf)
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf)
[http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf)
**In this page you can find examples of RCE in other languajes:** [**https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt\_injection\#C%23%2FVB.NET%2FASP.NET**](https://vulncat.fortify.com/en/detail?id=desc.dataflow.java.xslt_injection#C%23%2FVB.NET%2FASP.NET) **\(C\#, Java, PHP\)**
## **References**
* [XSLT\_SSRF](https://feelsec.info/wp-content/uploads/2018/11/XSLT_SSRF.pdf)
* [http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20IO%20Active.pdf)
* [http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf)

15
tunneling-and-port-forwarding.md
View file

@ -121,9 +121,9 @@ python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/t
[https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go \(golang\). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.
You can do port forwarding (bind & reverse), create a socks proxy (bind & reverse).
You can do port forwarding \(bind & reverse\), create a socks proxy \(bind & reverse\).
```bash
root@kali:/opt# git clone https://github.com/jpillora/chisel.git
@ -152,10 +152,11 @@ root@kali:/opt/chisel# ./chisel --help
![](https://0xdf.gitlab.io/img/chisel-2.webp)
Read more:
- https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html (Blog by Oxdf)
- https://github.com/jpillora/chisel
- https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s (HTB Reddish by ippsec)
- https://0xdf.gitlab.io/2019/01/26/htb-reddish.html (HTB Reddish by 0xdf)
* [https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html](https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html) \(Blog by Oxdf\)
* [https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)
* [https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s](https://www.youtube.com/watch?v=Yp4oxoQIBAM&t=1469s) \(HTB Reddish by ippsec\)
* [https://0xdf.gitlab.io/2019/01/26/htb-reddish.html](https://0xdf.gitlab.io/2019/01/26/htb-reddish.html) \(HTB Reddish by 0xdf\)
## Rpivot
@ -286,7 +287,7 @@ http-proxy <proxy_ip> 8080 <file_with_creds> ntlm
[http://cntlm.sourceforge.net/](http://cntlm.sourceforge.net/)
It authenticates against a proxy and binds a port locally that is forwarded to the external service you specify. Then, you can use the tool of your choice through this port.
It authenticates against a proxy and binds a port locally that is forwarded to the external service you specify. Then, you can use the tool of your choice through this port.
Example that forward port 443
```text