RCE
Links
- Reverse shell on a Node.js application
- commix Automated All-in-One OS Command Injection and Exploitation Tool
- Bookfresh case
- Encoding Web Shell in PNG IDAT chunks (post)
- Exploiting PHP-GD imagecreatefromgif() function (github repo)
- Series about webshells detection
- Exploit/bypass PHP escapeshellarg/escapeshellcmd functions
- GTFOBins is a curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions.
- LOLBAS Living Off The Land Binaries and Scripts (and also Libraries)
- FILE Structure Exploitation ('vtable' check bypass)
- Play with FILE Structure
- File Stream Pointer Overflow
- david942j/one_gadget The best tool for finding one gadget RCE in libc.so.6