willis vandevanter
  • Home
  • About
  • Presentations + Trainings
  • Advisories
  • Github
Subscribe
Tagged

cheatsheet

A collection of 4 posts

automation

Cloud Metadata URL List

I landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven’t seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it. To make life a little easier created a living URL list for Metadata broken down by cloud. There

  • Willis Vandevanter
Willis Vandevanter Mar 27, 2016 • 1 min read
cheatsheet

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just (X)XE notes. XML Declaration(s): 1 2 <?xml version="1.0" standalone="no"?> <?xml version="1.0" standalone="yes"?>Vanilla entity test: 1 <!DOCTYPE root [<!ENTITY post "1"

  • Willis Vandevanter
Willis Vandevanter Dec 23, 2015 • 2 min read
cheatsheet

Simple Ruby Exec with Open and Pipe

I was researching something else and thought this was a cool way to execute a command through the open method in ruby: 1 open("|[CMD]")The key is starting the open with pipe. For example, 1 open("|ls")Or to exec and print the result in one line: 1 open(

  • Willis Vandevanter
Willis Vandevanter Apr 13, 2015 • 1 min read
cheatsheet

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques (e.g. XInclude) may require additional settings in Nokogiri. XML Headers: 1 2 <?xml version="1.0" standalone="no"?> <?xml version=

  • Willis Vandevanter
Willis Vandevanter Sep 2, 2014 • 1 min read
willis vandevanter © 2022
Powered by Ghost