From a65fdbb568fe861b7e4dd4083cd96391a0d74562 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Tue, 12 May 2020 14:27:25 +0200 Subject: [PATCH] XSW 4 Fix #205 --- Methodology and Resources/Cloud - Azure Pentest.md | 3 ++- SAML Injection/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Methodology and Resources/Cloud - Azure Pentest.md b/Methodology and Resources/Cloud - Azure Pentest.md index ec7384d56e..b84ac81ec8 100644 --- a/Methodology and Resources/Cloud - Azure Pentest.md +++ b/Methodology and Resources/Cloud - Azure Pentest.md @@ -30,8 +30,9 @@ $ git clone https://github.com/hausec/PowerZure $ ipmo .\PowerZure $ Set-Subscription -Id [idgoeshere] + # Reader - $ Get-Runbook + $ Get-Runbook, Get-AllUsers, Get-Apps, Get-Resources, Get-WebApps, Get-WebAppDetails # Contributor $ Execute-Command -OS Windows -VM Win10Test -ResourceGroup Test-RG -Command "whoami" diff --git a/SAML Injection/README.md b/SAML Injection/README.md index e244bfd160..2ba8dae76a 100644 --- a/SAML Injection/README.md +++ b/SAML Injection/README.md @@ -70,7 +70,7 @@ XML Signature Wrapping (XSW) attack, some implementations check for a valid sign - XSW1 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response after the existing signature. - XSW2 – Applies to SAML Response messages. Add a cloned unsigned copy of the Response before the existing signature. - XSW3 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion before the existing Assertion. -- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion after the existing Assertion. +- XSW4 – Applies to SAML Assertion messages. Add a cloned unsigned copy of the Assertion within the existing Assertion. - XSW5 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed at the end of the SAML message. - XSW6 – Applies to SAML Assertion messages. Change a value in the signed copy of the Assertion and adds a copy of the original Assertion with the signature removed after the original signature. - XSW7 – Applies to SAML Assertion messages. Add an “Extensions” block with a cloned unsigned assertion.