Sandeep Singh ehsandeep
🏠
tehryanx
/ trufflehog.json
Last active
June 3, 2022 08:26
High signal patterns from trufflehog refactored to work with tomnomnom's gf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "flags": "-HnriE", | |
| "patterns": [ | |
| "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})", | |
| "-----BEGIN RSA PRIVATE KEY-----", | |
| "-----BEGIN DSA PRIVATE KEY-----", | |
| "-----BEGIN EC PRIVATE KEY-----", | |
| "-----BEGIN PGP PRIVATE KEY BLOCK-----", | |
| "AKIA[0-9A-Z]{16}", | |
| "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}", |
harisec
/ exploit_path_traversals_in_Java_webapps.txt
Created
April 27, 2020 10:24
quick primer on how to exploit path traversals in Java web apps (i.e. you can read WEB-INF/web.xml)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| so, you can read WEB-INF/web.xml. how can you escalate this issue? | |
| [step 1]. try to read other common Java files such as WEB-INF/web-jetty.xml. | |
| use a specialized wordlist such as the following (from Sergey Bobrov/BlackFan): | |
| https://github.com/BlackFan/WEB-INF-dict/blob/master/web-inf.txt | |
| with time you can build your own wordlist adding files you've discovered over time. | |
| use Burp Intruder for this, it's perfect for this job. | |
| sort Intruder results by status code so you can see instantly which files were found. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 7 | |
| 11 | |
| 13 | |
| 15 | |
| 17 | |
| 19 | |
| 20 | |
| 21 | |
| 22 | |
| 23 |