From 8f27fd4cde85f839acb5141d0dee09a0e4c7c28e Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Wed, 13 Jun 2018 09:36:36 +0100 Subject: [PATCH 1/2] Add Zip-Traversal Payload --- Payloads/Zip-Traversal/depth-00.zip | Bin 0 -> 123 bytes Payloads/Zip-Traversal/depth-01.zip | Bin 0 -> 129 bytes Payloads/Zip-Traversal/depth-02.zip | Bin 0 -> 135 bytes Payloads/Zip-Traversal/depth-03.zip | Bin 0 -> 141 bytes Payloads/Zip-Traversal/depth-04.zip | Bin 0 -> 147 bytes Payloads/Zip-Traversal/depth-05.zip | Bin 0 -> 153 bytes Payloads/Zip-Traversal/depth-06.zip | Bin 0 -> 159 bytes Payloads/Zip-Traversal/depth-07.zip | Bin 0 -> 165 bytes Payloads/Zip-Traversal/depth-08.zip | Bin 0 -> 171 bytes Payloads/Zip-Traversal/depth-09.zip | Bin 0 -> 177 bytes Payloads/Zip-Traversal/depth-10.zip | Bin 0 -> 183 bytes Payloads/Zip-Traversal/index.php | 1 + Payloads/Zip-Traversal/make.py | 30 ++++++++++++++++++++++++++++ 13 files changed, 31 insertions(+) create mode 100644 Payloads/Zip-Traversal/depth-00.zip create mode 100644 Payloads/Zip-Traversal/depth-01.zip create mode 100644 Payloads/Zip-Traversal/depth-02.zip create mode 100644 Payloads/Zip-Traversal/depth-03.zip create mode 100644 Payloads/Zip-Traversal/depth-04.zip create mode 100644 Payloads/Zip-Traversal/depth-05.zip create mode 100644 Payloads/Zip-Traversal/depth-06.zip create mode 100644 Payloads/Zip-Traversal/depth-07.zip create mode 100644 Payloads/Zip-Traversal/depth-08.zip create mode 100644 Payloads/Zip-Traversal/depth-09.zip create mode 100644 Payloads/Zip-Traversal/depth-10.zip create mode 100644 Payloads/Zip-Traversal/index.php create mode 100755 Payloads/Zip-Traversal/make.py diff --git a/Payloads/Zip-Traversal/depth-00.zip b/Payloads/Zip-Traversal/depth-00.zip new file mode 100644 index 0000000000000000000000000000000000000000..2644c79f99d1a5bb5bdac43bca31c5c59a52e366 GIT binary patch literal 123 zcmWIWW@Zs#0D;FIXMJ876;!hW*&xgb#F=?1sTFz!83h@M$=RtXTmjyUOd`y<)dRJF a!IDN01=k(m&B_K6U<5*QAgu@DFaQ7^E*1O$ literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-01.zip b/Payloads/Zip-Traversal/depth-01.zip new file mode 100644 index 0000000000000000000000000000000000000000..67ee231f22b378ca7b41a00001f2cfa3e684d8b5 GIT binary patch literal 129 zcmWIWW@Zs#0D;FIXMJ876;!hW*&xgV#Cm%AnRzLx6?z331sRFS*{La90p5&EBFwn8 d0Cj=El131PY(RiFD;r3R5eTh-v>}MY0064I7ajlr literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-02.zip b/Payloads/Zip-Traversal/depth-02.zip new file mode 100644 index 0000000000000000000000000000000000000000..65c99de4b3f18deb9ebfc419fdb620366f2b2e61 GIT binary patch literal 135 zcmWIWW@Zs#0D;FIXMJ876;!hW*&xgh#Cm%AK$Mx6l3JlxkWrA4n4F!O!WH1n$Rxsy eTNh9x7%XW7QD|lac(byBgc*U*7D$_bI1B(j6Bs}M literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-03.zip b/Payloads/Zip-Traversal/depth-03.zip new file mode 100644 index 0000000000000000000000000000000000000000..dd2b461d9585f45ecfe17133c5e8d0c73a494630 GIT binary patch literal 141 zcmWIWW@Zs#0D;FIXMJ876;!hW*&r+g#Cm%A5R{phl3JlxkWrA4n4F!O!WH1n$Rxsy eTO&{}7%XW7QJBUAc(byBWEg?a0Z5yJI1B*T6&Ydx literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-04.zip b/Payloads/Zip-Traversal/depth-04.zip new file mode 100644 index 0000000000000000000000000000000000000000..a3ee7063283c18fc8b9a0db70d7c9989d2ea8abb GIT binary patch literal 147 zcmWIWW@Zs#0D;FIXMJ876;!hW*&r+m#Cm%AaFm&sl3JlxkWrA4n4F!O!WH1n$Rxsy iTQ5*M7%XW7QE+2`47f=F-mGjONk$-a2GUj_4g&yq;2MMg literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-05.zip b/Payloads/Zip-Traversal/depth-05.zip new file mode 100644 index 0000000000000000000000000000000000000000..5515140b318973bc0bea066e8177827573cd1e31 GIT binary patch literal 153 zcmWIWW@Zs#0D;FIXMJ876;!hW*&r+d#Cm%A$S5-}CAC7YAfq57F*!Rmg)6|Dkx7IZ iw|1ZjV6dbSL?N35WWx;$@MdKL$uk0>8<4gIaTov~WgDgd literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-06.zip b/Payloads/Zip-Traversal/depth-06.zip new file mode 100644 index 0000000000000000000000000000000000000000..33985eaa3c16c3ad85812d97916900768a69cdfe GIT binary patch literal 159 zcmWIWW@Zs#0D;FIXMJ876;!hW*&r+p#Cm%AXecu;CAC7YAfq57F*!Rmg)6|Dkx7IZ jw+TQ)z+g!uh(a?A$c391;LXYgQo;y?o2#;eSowxh{FH?gN_~Q literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-08.zip b/Payloads/Zip-Traversal/depth-08.zip new file mode 100644 index 0000000000000000000000000000000000000000..e88d8c50d02baab04fcb111b5da038d85975a6ee GIT binary patch literal 171 zcmWIWW@Zs#0D;FIXMJ876;!hW*&wV4#Cm%ASW#wPN@|5(K}JDFVsdtB3Ri$PBa;X- jZgYS}fx(hS5QWu9pdj4T0B=?{kU~Zv^as*zAPxfnKS3W1 literal 0 HcmV?d00001 diff --git a/Payloads/Zip-Traversal/depth-09.zip b/Payloads/Zip-Traversal/depth-09.zip new file mode 100644 index 0000000000000000000000000000000000000000..8b03632da1f94c24439d01e54cfc3ce64dbd2f21 GIT binary patch literal 177 zcmWIWW@Zs#0D;FIXMJ876;!hW*&wU}#Cm%AxKL(ZN@|5(K}JDFVsdtB3Ri$PBa;X- jZli#vfx(hS5QWQBpg7#%0B=?{kXl9{3 Date: Wed, 13 Jun 2018 09:40:36 +0100 Subject: [PATCH 2/2] README clean up --- README.md | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/README.md b/README.md index 1e22100..e14b51c 100755 --- a/README.md +++ b/README.md @@ -19,34 +19,34 @@ Significant effort is made to give attribution for these lists whenever possible ### Attribution -- Adam Muntner and for the FuzzDB content, including all authors from the FuzzDB project (https://github.com/fuzzdb-project/fuzzdb) -- Ron Bowes of SkullSecurity for collaborating and including all his lists here (https://wiki.skullsecurity.org/Passwords) -- Clarkson University for their research that led to the Clarkson list +- Adam Muntner and for the **FuzzDB** content, including all authors from the FuzzDB project (https://github.com/fuzzdb-project/fuzzdb) [`./Fuzzing/*.fuzzdb.txt`] +- Ron Bowes of **SkullSecurity** for collaborating and including all his lists here (https://wiki.skullsecurity.org/Passwords) +- Clarkson University for their research that led to the **Clarkson password** list [`./Passwords/clarkson-university-82.txt`] - All the authors listed in the XSS with context doc, which was found on pastebin and added to by us -- Ferruh Mavitina for the beginnings of the LFI Fuzz list -- Kevin Johnson for laudnaum shells (https://sourceforge.net/projects/laudanum/) -- RSnake for fierce hostname list -- Charlie Campbell for Spanish word list, numerous other contributions -- Rob Fuller for the IZMY list -- Mark Burnett for the 10 million passwords list -- @shipCod3 for an SSH user/pass list +- Ferruh Mavitina for the beginnings of the **LFI Fuzz** list +- Kevin Johnson for **laudnaum shells** (https://sourceforge.net/projects/laudanum/) [`./Web-Shells/laudanum-0.8/`] +- RSnake for **fierce DNS hostname** list [`./Discovery/DNS/fierce-hostlist.txt`] +- Charlie Campbell for **Spanish word list**, numerous other contributions +- Rob Fuller for the IZMY list [`./Passwords/Leaked-Databases/izmy.txt`] +- Mark Burnett for the **10 million passwords** list +- @shipCod3 for an **SSH user/pass** list - Steve Crapo for doing splitting work on a number of large lists -- Thanks to Blessen Thomas for recommending Mario's/cure53's XSS vectors -- Thanks to Danny Chrastil for submitting an anonymous JSON fuzzing list +- Thanks to Blessen Thomas for recommending **Mario's/cure53's XSS vectors** +- Thanks to Danny Chrastil for submitting an anonymous **JSON fuzzing** list - Many thanks to @geekspeed, @EricSB, @lukebeer, @patrickmollohan, @g0tmi1k, @albinowax, and @kurobeats for submitting via pull requests -- Special thanks to @shipcod3 for MANY contributions! -- Thanks to Samar Dhwoj Acharya for allowing his Github Dorks content to be included! -- Thanks to Liam Somerville for the excellent list of default passwords -- Great thanks to Michael Henriksen for allowing us to include his Gitrob project's signatures -- Honored to have @Brutelogic's brilliant XSS Cheatsheet added to the Fuzzing section! -- 0xsobky's Ultimate XSS Polyglot! -- @otih for bruteforce collected username and password lists -- @govolution for betterdefaultpasslist (https://github.com/govolution/betterdefaultpasslist) -- Max Woolf (@minimaxir) for **big-list-of-naughty-strings** (https://github.com/minimaxir/big-list-of-naughty-strings) [`/Fuzzing/big-list-of-naughty-strings.txt`] -- Ian Gallagher (@craSH) for **http-request-headers** [`/Miscellaneous/http-request-headers/`] -- Arvind Doraiswamy (@arvinddoraiswamy) for **numeric-fields-only** [`/Fuzzing/numeric_fields_only.txt`] -- @badibouzouk for **Domino Hunter** (https://sourceforge.net/projects/dominohunter/) [`/Discovery/Web-Content/Domino-Hunter/`] -- @coldfusion39 for **domi-owned** (https://github.com/coldfusion39/domi-owned) [`/Discovery/Web-Content/domino-*-coldfusion39.txt`] +- Special thanks to @shipcod3 for MANY contributions +- Thanks to Samar Dhwoj Acharya for allowing his **Github Dorks** content to be included +- Thanks to Liam Somerville for the excellent list of **default passwords** +- Great thanks to Michael Henriksen for allowing us to include his **Gitrob project's signatures** +- Honored to have @Brutelogic's brilliant **XSS Cheatsheet** added to the Fuzzing section [`./Fuzzing/XSS*-BruteLogic.txt`] +- 0xsobky's **Ultimate XSS Polyglot** [`./Fuzzing/Polyglots/XSS-Polyglot-Ultimate-0xsobky.txt`] +- @otih for **bruteforce collected user/pass** lists [`./Passwords/Honeypot-Captures/multiplesources-passwords-fabian-fingerle.de.txt`] +- @govolution for **BetterDefaultPassList** (https://github.com/govolution/betterdefaultpasslist) [`./Passwords/Default-Credentials/*-betterdefaultpasslist.txt`] +- Max Woolf (@minimaxir) for **Big List of Naughty Strings** (https://github.com/minimaxir/big-list-of-naughty-strings) [`./Fuzzing/big-list-of-naughty-strings.txt`] +- Ian Gallagher (@craSH) for **HTTP Request Headers** [`./Miscellaneous/http-request-headers/`] +- Arvind Doraiswamy (@arvinddoraiswamy) for **numeric-fields-only** [`./Fuzzing/numeric_fields_only.txt`] +- @badibouzouk for **Domino Hunter** (https://sourceforge.net/projects/dominohunter/) [`./Discovery/Web-Content/Domino-Hunter/`] +- @coldfusion39 for **domi-owned** (https://github.com/coldfusion39/domi-owned) [`./Discovery/Web-Content/domino-*-coldfusion39.txt`] This project stays great because of care and love from the community, and we will never forget that. If you know of a contribution that is not listed above, please let us know…