Root-Me / README.md
# Root-Me
- [**App - Script**](#App---Script)
- [**App - Système**](#App---Systeme)
- [**Cracking**](#Cracking)
- [**Cryptanalyse**](#Cryptanalyse)
- [**Forensic**](#Forensic)
- [**Programmation**](#Programmation)
- [**Réaliste**](#Realiste)
- [**Réseau**](#network)
- [**Stéganographie**](#Steganographie)
- [**Web - Client**](#Web---Client)
- [**Web - Serveur**](#Web---Serveur)
## App - Script
## App - Systeme
## Cracking
## Cryptanalyse
## Forensic
## Programmation
## Realiste
## Network
- [X] FTP - Authentification
- [X] TELNET - authentification
- [X] ETHERNET - trame
- [X] Kerberos - Authentification
- [X] NTLM - Authentification
- [X] Authentification
- [X] Bluetooth
- [X] CISCO - mot de passe
- [X] DNS - transfert de zone
- [X] IP - Time To Live
- [X] LDAP - null bind
- [X] OSPF - Authentification
- [X] POP - APOP
- [X] RF - AM Transmission
- [X] Extraction de données
- [X] RF - Key Fixed Code
- [X] SIP - Authentification
- [X] ETHERNET - Transmission
- [X] Trafic Global System for Mobile communications
- [X] HTTP - DNS Rebinding
- [X] SSL - échange HTTP
- [X] Netfilter - erreurs courantes
- [X] SNMP - Authentification
- [X] Wired Equivalent Privacy
- [X] Charge ICMP
- [X] ARP Spoofing - Écoute active
- [X] XMPP - Authentification
- [X] WPA2 - Enterprise
- [ ] RF - FM Transmission
- [ ] RF - Transmission satellite
- [ ] ARP Spoofing - L’homme du milieu
- [ ] RF - Bande L
- [ ] WPA3 - SAE
## Steganographie
## Web - Client
- [X] Javascript - Authentification
- [X] HTML - boutons désactivés
- [X] Javascript - Source
- [X] Javascript - Authentification 2
- [X] Javascript - Obfuscation 1
- [X] Javascript - Obfuscation 2
- [X] Javascript - Native code
- [X] Javascript - Obfuscation 3
- [X] XSS - Stockée 1
- [X] Javascript - Webpack
- [X] CSRF - 0 protection
- [ ] XSS - Stockée 2
- [X] CSRF - contournement de jeton
- [ ] Javascript - Obfuscation 4
- [ ] Flash - Authentification
- [ ] XSS - Volatile
- [ ] XSS DOM Based - Introduction
- [ ] CSP Bypass - Inline code
- [ ] XSS DOM Based - Eval
- [ ] XSS DOM Based - AngularJS
- [ ] HTTP Response Splitting
- [ ] CSP Bypass - Dangling markup
- [ ] AST - Deobfuscation
- [ ] XSS - Stored - contournement de filtres
- [ ] XSS DOM Based - Filters Bypass
- [ ] CSP Bypass - Dangling markup 2
- [ ] CSP Bypass - JSONP
- [X] CSP Bypass - Nonce
- [ ] Web Socket - 0 protection
- [ ] XSS - DOM Based
- [ ] Javascript - Obfuscation
- [ ] CSS - Exfiltration
- [ ] CSP Bypass - Nonce 2
- [ ] DOM Clobbering
- [ ] Self XSS - DOM Secrets
- [ ] XS Leaks
- [ ] Relative Path Overwrite
- [ ] Javascript - Obfuscation
- [ ] Self XSS - Race Condition
- [ ] Browser - bfcache / disk cache
- [ ] Same Origin Method Execution
- [ ] CSPT - The Ruler
## Web - Serveur
- [X] HTML - Code source
- [X] Mot de passe faible
- [X] HTTP - User-agent
- [X] HTTP - Directory indexing
- [X] HTTP - Open redirect
- [X] PHP - Injection de commande
- [X] HTTP - Headers
- [X] Fichier de sauvegarde
- [X] HTTP - POST
- [X] HTTP - Verb tampering
- [X] SQL injection - Authentification
- [X] HTTP - Cookies
- [X] Install files
- [X] HTTP - Redirection
- [X] Directory traversal
- [X] File upload - Double extensions
- [X] CRLF
- [X] HTTP - Contournement de filtrage IP
- [X] File upload - Type MIME
- [X] Local File Inclusion
- [X] File upload - Null byte
- [X] SQL injection - String
- [X] PHP - Filters
- [X] JWT - Introduction
- [X] PHP - Register globals
- [X] PHP - assert()
- [X] SQL injection - Numérique
- [X] Insecure Code Management
- [X] Local File Inclusion - Double encoding
- [X] JWT - Secret faible
- [X] Remote File Inclusion
- [X] Java - Server-side Template Injection
- [X] LDAP injection - Authentification
- [X] SQL injection - Authentification - GBK
- [X] File upload - ZIP
- [X] PHP - preg_replace()
- [X] PHP - Type juggling
- [X] SQL injection - Error
- [X] SQL injection - En aveugle
- [X] NoSQL injection - Authentification
- [X] Injection de commande - Contournement de filtre
- [X] PHP - Loose Comparison
- [X] SQL Truncation
- [X] PHP - Sérialisation
- [X] XPath injection - Authentification
- [X] JWT - Jeton révoqué
- [ ] SQL injection - Lecture de fichiers
- [X] SQL injection - Time based
- [X] XML External Entity
- [X] PHP - Path Truncation
- [X] SQL Injection - Routed
- [X] Python - Server-side Template Injection Introduction
- [X] API - Broken Access
- [X] XPath injection - String
- [X] JWT - Clé publique
- [X] GraphQL - Introspection
- [X] XSLT - Exécution de code
- [X] Local File Inclusion - Wrappers
- [X] PHP - Eval
- [X] LDAP injection - En aveugle
- [X] SQL injection - Insert
- [X] NoSQL injection - En aveugle
- [X] Node - Eval
- [ ] SQL injection - Contournement de filtres
- [X] API - Mass Assignment
- [X] XSS - Server Side
- [X] Flask - Unsecure session
- [X] PHP - Configuration Apache
- [X] XPath injection - En aveugle
- [ ] Java - Spring Boot
- [X] JWT - Unsecure File Signature
- [X] Nginx - Alias Misconfiguration
- [ ] Server Side Request Forgery
- [X] GraphQL - Mutation
- [X] PHP - Remote Xdebug
- [X] Yaml - Deserialization
- [ ] Node - Serialize
- [X] JWT - Header Injection
- [X] Flask - Development server
- [ ] GraphQL - Injection
- [X] JWT - Unsecure Key Handling
- [ ] PHP - Unserialize overflow
- [ ] NodeJS - vm escape
- [ ] PHP - Unserialize Pop Chain
- [ ] Python - SSTI contournement de filtres en aveugle
- [ ] PHP - Eval - Contournement de filtres avancés
- [ ] NodeJS - Prototype Pollution Bypass
- [ ] API - Broken Access 2
- [ ] File upload - Polyglot
- [ ] GraphQL - Backend injection
- [ ] Elixir - EEx
- [ ] SQL Injection - Second Order
- [X] Nginx - Root Location Misconfiguration
- [ ] Java - Custom gadget deserialisation
- [X] Nginx - SSRF Misconfiguration
- [ ] Python dotenv