cheatsheet - willis vandevanter

Cloud Metadata URL List

I landed the SSRF Cloud Metadata technique in a few different scenarios recently. If you haven’t seen the talk BHUSA 2014 - Bringing a Machete to the Amazon I recommend it. To make life a little easier created a living URL list for Metadata broken down by cloud. There

cheatsheet

XML Entity Cheatsheet - Updated

An XML Entity testing cheatsheet. This is an updated version with nokogiri tests removed, just (X)XE notes. XML Declaration(s): 1 2 <?xml version="1.0" standalone="no"?> <?xml version="1.0" standalone="yes"?>Vanilla entity test: 1 <!DOCTYPE root [<!ENTITY post "1"

cheatsheet

Simple Ruby Exec with Open and Pipe

I was researching something else and thought this was a cool way to execute a command through the open method in ruby: 1 open("|[CMD]")The key is starting the open with pipe. For example, 1 open("|ls")Or to exec and print the result in one line: 1 open(

cheatsheet

XML Entity Cheatsheet

An XML Entity testing cheatsheet. Testing was done using an older vulnerable version of nokogiri. In IRB you can require previous versions of gems. Certain techniques (e.g. XInclude) may require additional settings in Nokogiri. XML Headers: 1 2 <?xml version="1.0" standalone="no"?> <?xml version=