The Hacker Recipes
GitHub
Twitter
Exegol
Tools
Search
⌃K
Links
Introduction
Active Directory
Reconnaissance
Movement
Persistence
Web services
Reconnaissance
Configuration
Accounts and sessions
User inputs
File inclusion
LFI to RCE
logs poisoning
phpinfo
file upload
PHP wrappers and streams
PHP session
/proc
RFI to RCE
Unrestricted file upload
SQL injection
XSS (Cross-Site Scripting)
CSRF (Cross-Site Request Forgery)
SSRF (Server-Side Request Forgery)
IDOR (Insecure Direct Object Reference)
ORED Open redirect
Content-Type juggling
XXE injection
Insecure JSON Web Tokens
Insecure Cookies
HTTP response splitting
🛠️ HTTP parameter pollution
🛠️ SSTI (Server-Side Template Injection)
🛠️ Insecure deserialization
🛠️ CRLF injection
🛠️ Arbitrary file download
🛠️ Directory traversal
🛠️ Null-byte injection
Systems & services
Reconnaissance
Initial access (protocols)
Initial access (phishing)
Privilege escalation
Pivoting
Evasion
(AV) Anti-Virus
🛠️ (EDR) Endpoint Detection and Response
🛠️ Physical
Locks
Networking
Machines
Super secret zones
🛠️ Intelligence gathering
CYBINT
OSINT
GEOINT
🛠️ RADIO
RFID
Bluetooth
Wi-Fi
Wireless keyboard/mouse
🛠️ mobile apps
Android
iOS
Powered By
GitBook
LFI to RCE
Here are the articles in this section:
logs poisoning
phpinfo
file upload
PHP wrappers and streams
PHP session
/proc
Previous
File inclusion
Next
logs poisoning
Last modified
5mo ago
