translations 2

2025-10-10 18:36:50 +00:00 · 2025-01-02 00:01:03 +01:00 · 2025-01-02 00:01:03 +01:00 · 1853742752
commit 1853742752
parent 91b0736ced
325 changed files with 325 additions and 0 deletions
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md
@ -93,3 +93,4 @@ if ((csFlags & (cs_hard | cs_require_lv)) {
 ```

 {{#include ../../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md
@ -123,3 +123,4 @@ Below is a visual representation of the described attack scenario:
 - **Current Status**: The issue persists in iOS 17 and macOS 14, posing a challenge for those seeking to identify and understand it.

 {{#include ../../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md
@ -337,3 +337,4 @@ DYLD_INSERT_LIBRARIES=inject.dylib ./hello-signed # Won't work
 - [**\*OS Internals, Volume I: User Mode. By Jonathan Levin**](https://www.amazon.com/MacOS-iOS-Internals-User-Mode/dp/099105556X)

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md
@ -164,3 +164,4 @@ sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib"
 ```

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md
@ -314,3 +314,4 @@ find . -type f | xargs grep strcmp| grep key,\ \" | cut -d'"' -f2 | sort -u
 - [**\*OS Internals, Volume I: User Mode. By Jonathan Levin**](https://www.amazon.com/MacOS-iOS-Internals-User-Mode/dp/099105556X)

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md
@ -143,3 +143,4 @@ References and **more information about BTM**:
 - [https://support.apple.com/en-gb/guide/deployment/depdca572563/web](https://support.apple.com/en-gb/guide/deployment/depdca572563/web)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md
@ -129,3 +129,4 @@ iOS AMFI maintains a lost of known hashes which are signed ad-hoc, called the **
 - [**\*OS Internals Volume III**](https://newosxbook.com/home.html)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md
@ -86,3 +86,4 @@ That will fork and exec `/usr/libexec/security_authtrampoline /bin/ls` as root,
 <figure><img src="../../../images/image (10).png" alt=""><figcaption></figcaption></figure>

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md
@ -368,3 +368,4 @@ struct cs_blob {
 - [**\*OS Internals Volume III**](https://newosxbook.com/home.html)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md
@ -169,3 +169,4 @@ Allow the process to **ask for all the TCC permissions**.
 {{#include ../../../banners/hacktricks-training.md}}

 </details>
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md
@ -410,3 +410,4 @@ This feature is particularly useful for preventing certain classes of security v
 - [https://theevilbit.github.io/posts/exploiting_directory_permissions_on_macos/](https://theevilbit.github.io/posts/exploiting_directory_permissions_on_macos/)

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md
@ -180,3 +180,4 @@ xattr -l protected
 ```

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md
@ -480,3 +480,4 @@ In an ".app" bundle if the quarantine xattr is not added to it, when executing i
 {% embed url="https://websec.nl/" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md
@ -176,3 +176,4 @@ Even if it's required that the application has to be **opened by LaunchService**
 - [https://developer.apple.com/videos/play/wwdc2023/10266/](https://developer.apple.com/videos/play/wwdc2023/10266/)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md
@ -251,3 +251,4 @@ __END_DECLS
 - [**\*OS Internals Volume III**](https://newosxbook.com/home.html)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md
@ -397,3 +397,4 @@ Sandbox also has a user daemon running exposing the XPC Mach service `com.apple.
 - [**\*OS Internals Volume III**](https://newosxbook.com/home.html)

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md
@ -113,3 +113,4 @@ codesign --remove-signature SandboxedShellApp.app
 ```

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md
@ -322,3 +322,4 @@ Process 2517 exited with status = 0 (0x00000000)
 - [https://www.youtube.com/watch?v=mG715HcDgO8](https://www.youtube.com/watch?v=mG715HcDgO8)

 {{#include ../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md
@ -50,3 +50,4 @@ The thing is that even if **`python`** was signed by Apple, it **won't execute**
 2. Run _open_ **`–stdin='~$exploit.py' -a Python`**, which runs the Python app with our dropped file serving as its standard input. Python happily runs our code, and since it’s a child process of _launchd_, it isn’t bound to Word’s sandbox rules.

 {{#include ../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md
@ -279,3 +279,4 @@ mount
 ```

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md
@ -602,3 +602,4 @@ macos-tcc-bypasses/
 - [**https://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design/**](https://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design/)

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md
@ -20,3 +20,4 @@ Sandboxed applications requires privileges like `allow appleevent-send` and `(al
 > ```

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md
@ -528,3 +528,4 @@ Another way using [**CoreGraphics events**](https://objectivebythesea.org/v2/tal
 - [**Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms**](https://www.youtube.com/watch?v=a9hsxPdRxsY)

 {{#include ../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md
@ -32,3 +32,4 @@ and tin this case the content cannot be decompiled even with `osadecompile`
 However, there are still some tools that can be used to understand this kind of executables, [**read this research for more info**](https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/)). The tool [**applescript-disassembler**](https://github.com/Jinmo/applescript-disassembler) with [**aevt_decompile**](https://github.com/SentineLabs/aevt_decompile) will be very useful to understand how the script works.

 {{#include ../../../../../banners/hacktricks-training.md}}
+
--- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md
+++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md
@ -928,3 +928,4 @@ int main() {
 > [!CAUTION] > **Accessibility is a very powerful permission**, you could abuse it in other ways, for example you could perform the **keystrokes attack** just from it without needed to call System Events.

 {{#include ../../../../banners/hacktricks-training.md}}
+
--- a/src/misc/references.md
+++ b/src/misc/references.md
@ -47,3 +47,4 @@
 {% embed url="https://ippsec.rocks/" %}

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/README.md
+++ b/src/mobile-pentesting/android-app-pentesting/README.md
@ -831,3 +831,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
 **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/adb-commands.md
+++ b/src/mobile-pentesting/android-app-pentesting/adb-commands.md
@ -352,3 +352,4 @@ If you want to inspect the content of the backup:
 ```

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md
+++ b/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md
@ -396,3 +396,4 @@ if (dpm.isAdminActive(adminComponent)) {
 ```

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
+++ b/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
@ -45,3 +45,4 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an
 - [**https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html**](https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md
+++ b/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md
@ -60,3 +60,4 @@ For straightforward decompilation with **procyon**:
 This tool can be used to dump the DEX of a running APK in memory. This helps to beat static obfuscation that is removed while the application is executed in memory.

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
+++ b/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
@ -228,3 +228,4 @@ You can **use the GUI** to take a snapshot of the VM at any time:
 ![](<../../images/image (234).png>)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md
+++ b/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md
@ -86,3 +86,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
 {% embed url="https://academy.8ksec.io/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/content-protocol.md
+++ b/src/mobile-pentesting/android-app-pentesting/content-protocol.md
@ -96,3 +96,4 @@ Proof-of-Concept HTML:
 {% embed url="https://websec.nl/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md
+++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md
@ -305,3 +305,4 @@ run app.package.debuggable
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
+++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
@ -200,3 +200,4 @@ Vulnerable Providers:
 - [https://labs.withsecure.com/content/dam/labs/docs/mwri-drozer-user-guide-2015-03-23.pdf](https://labs.withsecure.com/content/dam/labs/docs/mwri-drozer-user-guide-2015-03-23.pdf)

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md
+++ b/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md
@ -89,3 +89,4 @@ This example demonstrated how the behavior of a debuggable application can be ma
 - [https://resources.infosecinstitute.com/android-hacking-security-part-6-exploiting-debuggable-android-applications](https://resources.infosecinstitute.com/android-hacking-security-part-6-exploiting-debuggable-android-applications)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md
+++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md
@ -213,3 +213,4 @@ Java.choose("com.example.a11x256.frida_test.my_activity", {
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md
+++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md
@ -145,3 +145,4 @@ You can see that in [the next tutorial](frida-tutorial-2.md).
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md
+++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md
@ -229,3 +229,4 @@ There is a part 5 that I am not going to explain because there isn't anything ne
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
+++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
@ -286,3 +286,4 @@ exit
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md
+++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md
@ -131,3 +131,4 @@ Java.perform(function () {
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
+++ b/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
@ -67,3 +67,4 @@ Make the application run the loop 100000 times when you win the first time. To d
 You need to do this inside a physical device as (I don't know why) this doesn't work in an emulated device.

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md
+++ b/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md
@ -158,3 +158,4 @@ nsenter --mount=/proc/$APP_PID/ns/mnt -- /bin/mount --bind /system/etc/security/
 {% embed url="https://websec.nl/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/intent-injection.md
+++ b/src/mobile-pentesting/android-app-pentesting/intent-injection.md
@ -3,3 +3,4 @@
 **Take a look to: [https://blog.oversecured.com/Android-Access-to-app-protected-components/](https://blog.oversecured.com/Android-Access-to-app-protected-components/)**

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
+++ b/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
@ -46,3 +46,4 @@ Then save the file & back out of all the directories & rebuild the apk with the
 Finally, you need just to **sign the new application**. [Read this section of the page Smali - Decompiling/\[Modifying\]/Compiling to learn how to sign it](smali-changes.md#sing-the-new-apk).

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md
+++ b/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md
@ -38,3 +38,4 @@ By executing the code in a controlled environment, dynamic analysis **allows for
  - This talk discusses a series of obfuscation techniques, solely in Java code, that an Android botnet was using to hide its behavior.

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/react-native-application.md
+++ b/src/mobile-pentesting/android-app-pentesting/react-native-application.md
@ -39,3 +39,4 @@ To search for sensitive credentials and endpoints, follow these steps:
 - [https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7](https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
+++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md
@ -54,3 +54,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
 {% embed url="https://academy.8ksec.io/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/smali-changes.md
+++ b/src/mobile-pentesting/android-app-pentesting/smali-changes.md
@ -198,3 +198,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
 {% embed url="https://academy.8ksec.io/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md
+++ b/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md
@ -35,3 +35,4 @@ In situations where an application is restricted to certain countries, and you'r
 - [https://manifestsecurity.com/android-application-security-part-23/](https://manifestsecurity.com/android-application-security-part-23/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/tapjacking.md
+++ b/src/mobile-pentesting/android-app-pentesting/tapjacking.md
@ -69,3 +69,4 @@ The mitigation is relatively simple as the developer may choose not to receive t
 {% embed url="https://websec.nl/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-app-pentesting/webview-attacks.md
+++ b/src/mobile-pentesting/android-app-pentesting/webview-attacks.md
@ -145,3 +145,4 @@ xhr.send(null)
 - [https://www.justmobilesec.com/en/blog/deep-links-webviews-exploitations-part-I](https://www.justmobilesec.com/en/blog/deep-links-webviews-exploitations-part-I)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/android-checklist.md
+++ b/src/mobile-pentesting/android-checklist.md
@ -69,3 +69,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
 {% embed url="https://academy.8ksec.io/" %}

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/cordova-apps.md
+++ b/src/mobile-pentesting/cordova-apps.md
@ -61,3 +61,4 @@ This command generates an APK with the debug option enabled, facilitating debugg
 For those seeking to automate the cloning process, **[MobSecco](https://github.com/Anof-cyber/MobSecco)** is a recommended tool. It streamlines the cloning of Android applications, simplifying the steps outlined above.

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting-checklist.md
+++ b/src/mobile-pentesting/ios-pentesting-checklist.md
@ -107,3 +107,4 @@ Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banne
 Get Access Today:

 {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+
--- a/src/mobile-pentesting/ios-pentesting/README.md
+++ b/src/mobile-pentesting/ios-pentesting/README.md
@ -1205,3 +1205,4 @@ Get Access Today:

 {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %}
 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md
+++ b/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md
@ -201,3 +201,4 @@ To install iPad-specific applications on iPhone or iPod touch devices, the **UID
 - [https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0056/](https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0056/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
+++ b/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
@ -102,3 +102,4 @@ Get Access Today:

 {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %}
 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md
+++ b/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md
@ -45,3 +45,4 @@ Adjusting the `-A num, --after-context=num` flag allows for the display of more
 **Note**: Direct use of the `strings` command is not recommended for this task due to its limitations in finding relevant information. Instead, employing grep with the `-a` flag on the binary or utilizing radare2 (`izz`)/rabin2 (`-zz`) is advisable for more effective results.

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
+++ b/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md
@ -376,3 +376,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and
 {% embed url="https://academy.8ksec.io/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md
@ -52,3 +52,4 @@ Tools like `frida-trace` can aid in understanding the underlying processes, espe
 - [https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0072/](https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0072/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-basics.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-basics.md
@ -136,3 +136,4 @@ This example indicates that the app is compatible with the armv7 instruction set
 - [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md
@ -81,3 +81,4 @@ However, because the malicious app also registered it and because the used brows
 - [https://evanconnelly.github.io/post/ios-oauth/](https://evanconnelly.github.io/post/ios-oauth/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md
@ -259,3 +259,4 @@ Now that you have **enumerated the classes and modules** used by the application
  ```

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md
@ -3,3 +3,4 @@
 # WebView Protocol Handlers

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md
@ -74,3 +74,4 @@ When serializing data, especially to the file system, it's essential to be vigil
 - [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md
@ -128,3 +128,4 @@ You can try to avoid this detections using **objection's** `ios jailbreak disabl
 - [https://mas.owasp.org/MASTG/iOS/0x06b-iOS-Security-Testing/](https://mas.owasp.org/MASTG/iOS/0x06b-iOS-Security-Testing/)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md
@ -55,3 +55,4 @@ For **receiving items**, it involves:
 - [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md
@ -85,3 +85,4 @@ setInterval(function () {
 {% embed url="https://websec.nl/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-universal-links.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-universal-links.md
@ -88,3 +88,4 @@ Through **diligent configuration and validation**, developers can ensure that un
 - [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-object-persistence-mstg-platform-8](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-object-persistence-mstg-platform-8)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/ios-pentesting/ios-webviews.md
+++ b/src/mobile-pentesting/ios-pentesting/ios-webviews.md
@ -308,3 +308,4 @@ However, be mindful of the limitations:
 - [https://github.com/chame1eon/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md](https://github.com/chame1eon/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/mobile-pentesting/xamarin-apps.md
+++ b/src/mobile-pentesting/xamarin-apps.md
@ -69,3 +69,4 @@ The tool [Uber APK Signer](https://github.com/patrickfav/uber-apk-signer) simpli
 - [https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf](https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf)

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md
+++ b/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md
@ -24,3 +24,4 @@ nmap -n -sV --script "ndmp-fs-info or ndmp-version" -p 10000 <IP> #Both are defa
 `ndmp`

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1026-pentesting-rusersd.md
+++ b/src/network-services-pentesting/1026-pentesting-rusersd.md
@ -20,3 +20,4 @@ katykat    potatohead:ttyp5           Sep  1 09:35      14
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1080-pentesting-socks.md
+++ b/src/network-services-pentesting/1080-pentesting-socks.md
@ -67,3 +67,4 @@ socks5 10.10.10.10 1080 username password
 #### More info: [Tunneling and Port Forwarding](../generic-hacking/tunneling-and-port-forwarding.md)

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1099-pentesting-java-rmi.md
+++ b/src/network-services-pentesting/1099-pentesting-java-rmi.md
@ -328,3 +328,4 @@ Get Access Today:
 {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=1099-pentesting-java-rmi" %}

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/11211-memcache/README.md
+++ b/src/network-services-pentesting/11211-memcache/README.md
@ -197,3 +197,4 @@ memcache-commands.md
 - [https://lzone.de/cheat-sheet/memcached](https://lzone.de/cheat-sheet/memcached)

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/11211-memcache/memcache-commands.md
+++ b/src/network-services-pentesting/11211-memcache/memcache-commands.md
@ -137,3 +137,4 @@ This at least helps to see if any keys are used. To dump the key names from a PH
 {% embed url="https://websec.nl/" %}

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/113-pentesting-ident.md
+++ b/src/network-services-pentesting/113-pentesting-ident.md
@ -108,3 +108,4 @@ Entry_2:
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/135-pentesting-msrpc.md
+++ b/src/network-services-pentesting/135-pentesting-msrpc.md
@ -126,3 +126,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
 **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/137-138-139-pentesting-netbios.md
+++ b/src/network-services-pentesting/137-138-139-pentesting-netbios.md
@ -83,3 +83,4 @@ Entry_2:
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1414-pentesting-ibmmq.md
+++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md
@ -360,3 +360,4 @@ CONTAINER ID   IMAGE                                COMMAND                  CRE
 - [mgeeky's gist - "Practical IBM MQ Penetration Testing notes"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec)
 - [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf)
 - [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq)
+
--- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md
+++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md
@ -63,3 +63,4 @@ Entry_2:
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md
+++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md
@ -63,3 +63,4 @@ Entry_2:
 ```

 {{#include ../../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md
+++ b/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md
@ -64,3 +64,4 @@ hashcat -m 1420 --hex-salt hash.txt wordlist
 {% embed url="https://go.intigriti.com/hacktricks" %}

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1723-pentesting-pptp.md
+++ b/src/network-services-pentesting/1723-pentesting-pptp.md
@ -22,3 +22,4 @@ nmap –Pn -sSV -p1723 <IP>
 - [https://github.com/moxie0/chapcrack](https://github.com/moxie0/chapcrack)

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md
+++ b/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md
@ -125,3 +125,4 @@ Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header
 - `port:1883 MQTT`

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/2375-pentesting-docker.md
+++ b/src/network-services-pentesting/2375-pentesting-docker.md
@ -335,3 +335,4 @@ You can use auditd to monitor docker.
 - [https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc](https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc)

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md
+++ b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md
@ -37,3 +37,4 @@ If you receive an **error trying to mount the filesystem**, you can check the lo
 And storing them in your machine `/etc/ssl` or `/usr/lib/ssl` directory (if a different directory is used check for lines similar to: "_could not load our cert at /usr/lib/ssl/glusterfs.pem_" in the logs) .

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/27017-27018-mongodb.md
+++ b/src/network-services-pentesting/27017-27018-mongodb.md
@ -135,3 +135,4 @@ Stay informed with the newest bug bounties launching and crucial platform update
 **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3128-pentesting-squid.md
+++ b/src/network-services-pentesting/3128-pentesting-squid.md
@ -41,3 +41,4 @@ python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3260-pentesting-iscsi.md
+++ b/src/network-services-pentesting/3260-pentesting-iscsi.md
@ -179,3 +179,4 @@ node.conn[0].iscsi.OFMarker = No
 - [https://ptestmethod.readthedocs.io/en/latest/LFF-IPS-P2-VulnerabilityAnalysis.html#iscsiadm](https://ptestmethod.readthedocs.io/en/latest/LFF-IPS-P2-VulnerabilityAnalysis.html#iscsiadm)

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3299-pentesting-saprouter.md
+++ b/src/network-services-pentesting/3299-pentesting-saprouter.md
@ -78,3 +78,4 @@ For more detailed information on Metasploit modules and their usage, visit [Rapi
 - `port:3299 !HTTP Network packet too big`

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3632-pentesting-distcc.md
+++ b/src/network-services-pentesting/3632-pentesting-distcc.md
@ -32,3 +32,4 @@ _I don't think shodan detects this service._
 Post created by **Álex B (@r1p)**

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md
+++ b/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md
@ -27,3 +27,4 @@ svn up -r 2 #Go to revision 2 inside the checkout folder
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
+++ b/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md
@ -23,3 +23,4 @@ PORT     STATE         SERVICE
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/43-pentesting-whois.md
+++ b/src/network-services-pentesting/43-pentesting-whois.md
@ -55,3 +55,4 @@ Entry_2:
 ```

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md
+++ b/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md
@ -93,3 +93,4 @@ msf5> use exploit/multi/misc/erlang_cookie_rce
 - `port:4369 "at port"`

 {{#include ../banners/hacktricks-training.md}}
+
--- a/src/network-services-pentesting/44134-pentesting-tiller-helm.md
+++ b/src/network-services-pentesting/44134-pentesting-tiller-helm.md
@ -67,3 +67,4 @@ helm --host tiller-deploy.kube-system:44134 install --name pwnchart helm-tiller-
 In [http://rui0.cn/archives/1573](http://rui0.cn/archives/1573) you have the **explanation of the attack**, but basically, if you read the files [**clusterrole.yaml**](https://github.com/Ruil1n/helm-tiller-pwn/blob/main/pwnchart/templates/clusterrole.yaml) and [**clusterrolebinding.yaml**](https://github.com/Ruil1n/helm-tiller-pwn/blob/main/pwnchart/templates/clusterrolebinding.yaml) inside _helm-tiller-pwn/pwnchart/templates/_ you can see how **all the privileges are being given to the default token**.

 {{#include ../banners/hacktricks-training.md}}
+
--- a/Show More
+++ b/Show More