From 4a1f75d1cc8d4b15ece2c05640d953436a9966ca Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Fri, 3 Jan 2025 10:45:59 +0100 Subject: [PATCH] t3 --- src/LICENSE.md | 1 + src/README.md | 1 + src/SUMMARY.md | 1 + src/android-forensics.md | 1 + src/backdoors/icmpsh.md | 1 + src/backdoors/salseo.md | 1 + src/banners/hacktricks-training.md | 1 + src/binary-exploitation/arbitrary-write-2-exec/README.md | 1 + .../arbitrary-write-2-exec/aw2exec-__malloc_hook.md | 1 + .../arbitrary-write-2-exec/aw2exec-got-plt.md | 1 + .../arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md | 1 + .../arbitrary-write-2-exec/www2exec-atexit.md | 1 + src/binary-exploitation/array-indexing.md | 1 + .../basic-stack-binary-exploitation-methodology/README.md | 1 + .../basic-stack-binary-exploitation-methodology/elf-tricks.md | 1 + .../basic-stack-binary-exploitation-methodology/tools/README.md | 1 + .../tools/pwntools.md | 1 + .../common-binary-protections-and-bypasses/README.md | 1 + .../common-binary-protections-and-bypasses/aslr/README.md | 1 + .../common-binary-protections-and-bypasses/aslr/ret2plt.md | 1 + .../common-binary-protections-and-bypasses/aslr/ret2ret.md | 1 + .../cet-and-shadow-stack.md | 1 + .../common-binary-protections-and-bypasses/libc-protections.md | 1 + .../memory-tagging-extension-mte.md | 1 + .../common-binary-protections-and-bypasses/no-exec-nx.md | 1 + .../common-binary-protections-and-bypasses/pie/README.md | 1 + .../pie/bypassing-canary-and-pie.md | 1 + .../common-binary-protections-and-bypasses/relro.md | 1 + .../stack-canaries/README.md | 1 + .../stack-canaries/bf-forked-stack-canaries.md | 1 + .../stack-canaries/print-stack-canary.md | 1 + src/binary-exploitation/common-exploiting-problems.md | 1 + src/binary-exploitation/format-strings/README.md | 1 + .../format-strings/format-strings-arbitrary-read-example.md | 1 + .../format-strings/format-strings-template.md | 1 + src/binary-exploitation/integer-overflow.md | 1 + src/binary-exploitation/ios-exploiting.md | 1 + src/binary-exploitation/libc-heap/README.md | 1 + src/binary-exploitation/libc-heap/bins-and-memory-allocations.md | 1 + src/binary-exploitation/libc-heap/double-free.md | 1 + src/binary-exploitation/libc-heap/fast-bin-attack.md | 1 + .../libc-heap/heap-memory-functions/README.md | 1 + src/binary-exploitation/libc-heap/heap-memory-functions/free.md | 1 + .../heap-memory-functions/heap-functions-security-checks.md | 1 + .../libc-heap/heap-memory-functions/malloc-and-sysmalloc.md | 1 + .../libc-heap/heap-memory-functions/unlink.md | 1 + src/binary-exploitation/libc-heap/heap-overflow.md | 1 + src/binary-exploitation/libc-heap/house-of-einherjar.md | 1 + src/binary-exploitation/libc-heap/house-of-force.md | 1 + src/binary-exploitation/libc-heap/house-of-lore.md | 1 + src/binary-exploitation/libc-heap/house-of-orange.md | 1 + src/binary-exploitation/libc-heap/house-of-rabbit.md | 1 + src/binary-exploitation/libc-heap/house-of-roman.md | 1 + src/binary-exploitation/libc-heap/house-of-spirit.md | 1 + src/binary-exploitation/libc-heap/large-bin-attack.md | 1 + src/binary-exploitation/libc-heap/off-by-one-overflow.md | 1 + src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md | 1 + src/binary-exploitation/libc-heap/tcache-bin-attack.md | 1 + src/binary-exploitation/libc-heap/unlink-attack.md | 1 + src/binary-exploitation/libc-heap/unsorted-bin-attack.md | 1 + src/binary-exploitation/libc-heap/use-after-free/README.md | 1 + src/binary-exploitation/libc-heap/use-after-free/first-fit.md | 1 + src/binary-exploitation/rop-return-oriented-programing/README.md | 1 + .../brop-blind-return-oriented-programming.md | 1 + .../rop-return-oriented-programing/ret2csu.md | 1 + .../rop-return-oriented-programing/ret2dlresolve.md | 1 + .../rop-return-oriented-programing/ret2esp-ret2reg.md | 1 + .../rop-return-oriented-programing/ret2lib/README.md | 1 + .../rop-return-oriented-programing/ret2lib/one-gadget.md | 1 + .../ret2lib/ret2lib-+-printf-leak-arm64.md | 1 + .../ret2lib/rop-leaking-libc-address/README.md | 1 + .../rop-leaking-libc-address/rop-leaking-libc-template.md | 1 + .../rop-return-oriented-programing/ret2vdso.md | 1 + .../rop-return-oriented-programing/rop-syscall-execv/README.md | 1 + .../rop-syscall-execv/ret2syscall-arm64.md | 1 + .../srop-sigreturn-oriented-programming/README.md | 1 + .../srop-sigreturn-oriented-programming/srop-arm64.md | 1 + src/binary-exploitation/stack-overflow/README.md | 1 + src/binary-exploitation/stack-overflow/pointer-redirecting.md | 1 + src/binary-exploitation/stack-overflow/ret2win/README.md | 1 + src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md | 1 + .../stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md | 1 + src/binary-exploitation/stack-overflow/stack-shellcode/README.md | 1 + .../stack-overflow/stack-shellcode/stack-shellcode-arm64.md | 1 + .../stack-overflow/uninitialized-variables.md | 1 + .../windows-exploiting-basic-guide-oscp-lvl.md | 1 + src/blockchain/blockchain-and-crypto-currencies/README.md | 1 + src/burp-suite.md | 1 + src/crypto-and-stego/blockchain-and-crypto-currencies.md | 1 + src/crypto-and-stego/certificates.md | 1 + src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md | 1 + src/crypto-and-stego/crypto-ctfs-tricks.md | 1 + src/crypto-and-stego/cryptographic-algorithms/README.md | 1 + .../cryptographic-algorithms/unpacking-binaries.md | 1 + src/crypto-and-stego/electronic-code-book-ecb.md | 1 + src/crypto-and-stego/esoteric-languages.md | 1 + src/crypto-and-stego/hash-length-extension-attack.md | 1 + src/crypto-and-stego/padding-oracle-priv.md | 1 + src/crypto-and-stego/rc4-encrypt-and-decrypt.md | 1 + src/crypto-and-stego/stego-tricks.md | 1 + src/cryptography/certificates.md | 1 + src/cryptography/cipher-block-chaining-cbc-mac-priv.md | 1 + src/cryptography/crypto-ctfs-tricks.md | 1 + src/cryptography/electronic-code-book-ecb.md | 1 + src/cryptography/hash-length-extension-attack.md | 1 + src/cryptography/padding-oracle-priv.md | 1 + src/cryptography/rc4-encrypt-and-decrypt.md | 1 + src/emails-vulns.md | 1 + src/exploiting/linux-exploiting-basic-esp/README.md | 1 + src/exploiting/linux-exploiting-basic-esp/fusion.md | 1 + src/exploiting/tools/README.md | 1 + src/exploiting/tools/pwntools.md | 1 + src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md | 1 + src/forensics/basic-forensic-methodology/README.md | 1 + .../basic-forensic-methodology/anti-forensic-techniques.md | 1 + src/forensics/basic-forensic-methodology/docker-forensics.md | 1 + .../basic-forensic-methodology/file-integrity-monitoring.md | 1 + src/forensics/basic-forensic-methodology/linux-forensics.md | 1 + src/forensics/basic-forensic-methodology/malware-analysis.md | 1 + .../basic-forensic-methodology/memory-dump-analysis/README.md | 1 + .../partitions-file-systems-carving/README.md | 1 + .../file-data-carving-recovery-tools.md | 1 + .../partitions-file-systems-carving/file-data-carving-tools.md | 1 + .../basic-forensic-methodology/pcap-inspection/README.md | 1 + .../pcap-inspection/usb-keyboard-pcap-analysis.md | 1 + .../basic-forensic-methodology/pcap-inspection/usb-keystrokes.md | 1 + .../pcap-inspection/wifi-pcap-analysis.md | 1 + .../specific-software-file-type-tricks/.pyc.md | 1 + .../specific-software-file-type-tricks/README.md | 1 + .../specific-software-file-type-tricks/browser-artifacts.md | 1 + .../desofuscation-vbs-cscript.exe.md | 1 + .../specific-software-file-type-tricks/local-cloud-storage.md | 1 + .../specific-software-file-type-tricks/office-file-analysis.md | 1 + .../specific-software-file-type-tricks/pdf-file-analysis.md | 1 + .../specific-software-file-type-tricks/png-tricks.md | 1 + .../video-and-audio-file-analysis.md | 1 + .../specific-software-file-type-tricks/zips-tricks.md | 1 + .../basic-forensic-methodology/windows-forensics/README.md | 1 + .../windows-forensics/interesting-windows-registry-keys.md | 1 + .../windows-forensics/windows-processes.md | 1 + src/generic-hacking/brute-force.md | 1 + src/generic-hacking/exfiltration.md | 1 + src/generic-hacking/reverse-shells/README.md | 1 + .../reverse-shells/expose-local-to-the-internet.md | 1 + src/generic-hacking/reverse-shells/full-ttys.md | 1 + src/generic-hacking/reverse-shells/linux.md | 1 + src/generic-hacking/reverse-shells/msfvenom.md | 1 + src/generic-hacking/reverse-shells/windows.md | 1 + src/generic-hacking/search-exploits.md | 1 + src/generic-hacking/tunneling-and-port-forwarding.md | 1 + .../basic-forensic-methodology/README.md | 1 + .../basic-forensic-methodology/anti-forensic-techniques.md | 1 + .../basic-forensic-methodology/docker-forensics.md | 1 + .../basic-forensic-methodology/file-integrity-monitoring.md | 1 + .../basic-forensic-methodology/image-acquisition-and-mount.md | 1 + .../basic-forensic-methodology/linux-forensics.md | 1 + .../basic-forensic-methodology/malware-analysis.md | 1 + .../basic-forensic-methodology/memory-dump-analysis/README.md | 1 + .../memory-dump-analysis/volatility-cheatsheet.md | 1 + .../partitions-file-systems-carving/README.md | 1 + .../file-data-carving-recovery-tools.md | 1 + .../basic-forensic-methodology/pcap-inspection/README.md | 1 + .../pcap-inspection/dnscat-exfiltration.md | 1 + .../pcap-inspection/suricata-and-iptables-cheatsheet.md | 1 + .../basic-forensic-methodology/pcap-inspection/usb-keystrokes.md | 1 + .../pcap-inspection/wifi-pcap-analysis.md | 1 + .../pcap-inspection/wireshark-tricks.md | 1 + .../specific-software-file-type-tricks/.pyc.md | 1 + .../specific-software-file-type-tricks/README.md | 1 + .../specific-software-file-type-tricks/browser-artifacts.md | 1 + .../desofuscation-vbs-cscript.exe.md | 1 + .../specific-software-file-type-tricks/local-cloud-storage.md | 1 + .../specific-software-file-type-tricks/office-file-analysis.md | 1 + .../specific-software-file-type-tricks/pdf-file-analysis.md | 1 + .../specific-software-file-type-tricks/png-tricks.md | 1 + .../video-and-audio-file-analysis.md | 1 + .../specific-software-file-type-tricks/zips-tricks.md | 1 + .../basic-forensic-methodology/windows-forensics/README.md | 1 + .../windows-forensics/interesting-windows-registry-keys.md | 1 + .../external-recon-methodology/README.md | 1 + .../external-recon-methodology/github-leaked-secrets.md | 1 + .../external-recon-methodology/wide-source-code-search.md | 1 + .../pentesting-methodology.md | 1 + .../pentesting-network/README.md | 1 + .../pentesting-network/dhcpv6.md | 1 + .../pentesting-network/eigrp-attacks.md | 1 + .../pentesting-network/glbp-and-hsrp-attacks.md | 1 + .../pentesting-network/ids-evasion.md | 1 + .../pentesting-network/lateral-vlan-segmentation-bypass.md | 1 + .../pentesting-network/network-protocols-explained-esp.md | 1 + .../pentesting-network/nmap-summary-esp.md | 1 + .../pentesting-network/pentesting-ipv6.md | 1 + .../spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md | 1 + .../pentesting-network/spoofing-ssdp-and-upnp-devices.md | 1 + .../pentesting-network/webrtc-dos.md | 1 + .../pentesting-wifi/README.md | 1 + .../pentesting-wifi/evil-twin-eap-tls.md | 1 + .../phishing-methodology/README.md | 1 + .../phishing-methodology/clone-a-website.md | 1 + .../phishing-methodology/detecting-phising.md | 1 + .../phishing-methodology/phishing-documents.md | 1 + src/generic-methodologies-and-resources/python/README.md | 1 + src/generic-methodologies-and-resources/python/basic-python.md | 1 + .../python/bruteforce-hash-few-chars.md | 1 + .../python/bypass-python-sandboxes/README.md | 1 + .../load_name-load_const-opcode-oob-read.md | 1 + .../python/class-pollution-pythons-prototype-pollution.md | 1 + src/generic-methodologies-and-resources/python/pyscript.md | 1 + .../python/python-internal-read-gadgets.md | 1 + src/generic-methodologies-and-resources/python/venv.md | 1 + src/generic-methodologies-and-resources/python/web-requests.md | 1 + src/generic-methodologies-and-resources/threat-modeling.md | 1 + src/hardware-physical-access/escaping-from-gui-applications.md | 1 + src/hardware-physical-access/firmware-analysis/README.md | 1 + .../firmware-analysis/bootloader-testing.md | 1 + .../firmware-analysis/firmware-integrity.md | 1 + src/hardware-physical-access/physical-attacks.md | 1 + src/interesting-http.md | 1 + src/linux-hardening/bypass-bash-restrictions/README.md | 1 + .../bypass-fs-protections-read-only-no-exec-distroless/README.md | 1 + .../bypass-fs-protections-read-only-no-exec-distroless/ddexec.md | 1 + src/linux-hardening/freeipa-pentesting.md | 1 + src/linux-hardening/linux-environment-variables.md | 1 + src/linux-hardening/linux-post-exploitation/README.md | 1 + .../pam-pluggable-authentication-modules.md | 1 + src/linux-hardening/linux-privilege-escalation-checklist.md | 1 + src/linux-hardening/privilege-escalation/README.md | 1 + src/linux-hardening/privilege-escalation/cisco-vmanage.md | 1 + .../privilege-escalation/containerd-ctr-privilege-escalation.md | 1 + ...bus-enumeration-and-command-injection-privilege-escalation.md | 1 + .../privilege-escalation/docker-security/README.md | 1 + .../abusing-docker-socket-for-privilege-escalation.md | 1 + .../privilege-escalation/docker-security/apparmor.md | 1 + .../authz-and-authn-docker-access-authorization-plugin.md | 1 + .../privilege-escalation/docker-security/cgroups.md | 1 + .../docker-breakout-privilege-escalation/README.md | 1 + .../docker-release_agent-cgroups-escape.md | 1 + .../release_agent-exploit-relative-paths-to-pids.md | 1 + .../docker-breakout-privilege-escalation/sensitive-mounts.md | 1 + .../privilege-escalation/docker-security/docker-privileged.md | 1 + .../privilege-escalation/docker-security/namespaces/README.md | 1 + .../docker-security/namespaces/cgroup-namespace.md | 1 + .../docker-security/namespaces/ipc-namespace.md | 1 + .../docker-security/namespaces/mount-namespace.md | 1 + .../docker-security/namespaces/network-namespace.md | 1 + .../docker-security/namespaces/pid-namespace.md | 1 + .../docker-security/namespaces/time-namespace.md | 1 + .../docker-security/namespaces/user-namespace.md | 1 + .../docker-security/namespaces/uts-namespace.md | 1 + .../privilege-escalation/docker-security/seccomp.md | 1 + .../docker-security/weaponizing-distroless.md | 1 + .../privilege-escalation/electron-cef-chromium-debugger-abuse.md | 1 + .../privilege-escalation/escaping-from-limited-bash.md | 1 + src/linux-hardening/privilege-escalation/euid-ruid-suid.md | 1 + .../privilege-escalation/interesting-groups-linux-pe/README.md | 1 + .../interesting-groups-linux-pe/lxd-privilege-escalation.md | 1 + src/linux-hardening/privilege-escalation/ld.so.conf-example.md | 1 + .../privilege-escalation/linux-active-directory.md | 1 + src/linux-hardening/privilege-escalation/linux-capabilities.md | 1 + src/linux-hardening/privilege-escalation/logstash.md | 1 + .../nfs-no_root_squash-misconfiguration-pe.md | 1 + src/linux-hardening/privilege-escalation/payloads-to-execute.md | 1 + .../privilege-escalation/runc-privilege-escalation.md | 1 + src/linux-hardening/privilege-escalation/selinux.md | 1 + .../privilege-escalation/socket-command-injection.md | 1 + .../privilege-escalation/splunk-lpe-and-persistence.md | 1 + .../privilege-escalation/ssh-forward-agent-exploitation.md | 1 + .../privilege-escalation/wildcards-spare-tricks.md | 1 + src/linux-hardening/privilege-escalation/write-to-root.md | 1 + src/linux-hardening/useful-linux-commands.md | 1 + src/linux-hardening/useful-linux-commands/README.md | 1 + .../useful-linux-commands/bypass-bash-restrictions.md | 1 + src/linux-unix/privilege-escalation/exploiting-yum.md | 1 + .../privilege-escalation/interesting-groups-linux-pe.md | 1 + src/macos-hardening/macos-auto-start-locations.md | 1 + src/macos-hardening/macos-red-teaming/README.md | 1 + src/macos-hardening/macos-red-teaming/macos-keychain.md | 1 + src/macos-hardening/macos-red-teaming/macos-mdm/README.md | 1 + .../macos-mdm/enrolling-devices-in-other-organisations.md | 1 + .../macos-red-teaming/macos-mdm/macos-serial-number.md | 1 + .../macos-security-and-privilege-escalation/README.md | 1 + .../mac-os-architecture/macos-function-hooking.md | 1 + .../mac-os-architecture/macos-iokit.md | 1 + .../macos-security-and-privilege-escalation/macos-applefs.md | 1 + .../macos-basic-objective-c.md | 1 + .../macos-bypassing-firewalls.md | 1 + .../macos-defensive-apps.md | 1 + .../macos-dyld-hijacking-and-dyld_insert_libraries.md | 1 + .../macos-file-extension-apps.md | 1 + .../macos-gcd-grand-central-dispatch.md | 1 + .../macos-privilege-escalation.md | 1 + .../macos-security-and-privilege-escalation/macos-protocols.md | 1 + .../macos-security-and-privilege-escalation/macos-users.md | 1 + src/macos-hardening/macos-useful-commands.md | 1 + src/online-platforms-with-api.md | 1 + src/other-web-tricks.md | 1 + src/pentesting-dns.md | 1 + src/pentesting-web/hacking-jwt-json-web-tokens.md | 1 + src/post-exploitation.md | 1 + src/stealing-sensitive-information-disclosure-from-a-web.md | 1 + 300 files changed, 300 insertions(+) diff --git a/src/LICENSE.md b/src/LICENSE.md index cbbeed195..6cedbaa3b 100644 --- a/src/LICENSE.md +++ b/src/LICENSE.md @@ -172,3 +172,4 @@ Creative Commons may be contacted at [creativecommons.org](http://creativecommon {{#include ./banners/hacktricks-training.md}} + diff --git a/src/README.md b/src/README.md index b752c0e12..00f58bf08 100644 --- a/src/README.md +++ b/src/README.md @@ -144,3 +144,4 @@ welcome/hacktricks-values-and-faq.md {{#include ./banners/hacktricks-training.md}} + diff --git a/src/SUMMARY.md b/src/SUMMARY.md index 4a8579657..fb3efcc74 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -868,3 +868,4 @@ - [Cookies Policy](todo/cookies-policy.md) + diff --git a/src/android-forensics.md b/src/android-forensics.md index 3c6d958a2..b01303a2b 100644 --- a/src/android-forensics.md +++ b/src/android-forensics.md @@ -27,3 +27,4 @@ Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel {{#include ./banners/hacktricks-training.md}} + diff --git a/src/backdoors/icmpsh.md b/src/backdoors/icmpsh.md index 440187885..2e4e64c24 100644 --- a/src/backdoors/icmpsh.md +++ b/src/backdoors/icmpsh.md @@ -31,3 +31,4 @@ icmpsh.exe -t -d 500 -b 30 -s 128 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/backdoors/salseo.md b/src/backdoors/salseo.md index e1bb3be54..492841a21 100644 --- a/src/backdoors/salseo.md +++ b/src/backdoors/salseo.md @@ -178,3 +178,4 @@ rundll32.exe SalseoLoader.dll,main {{#include ../banners/hacktricks-training.md}} + diff --git a/src/banners/hacktricks-training.md b/src/banners/hacktricks-training.md index 8145bf83f..6bc71b77e 100644 --- a/src/banners/hacktricks-training.md +++ b/src/banners/hacktricks-training.md @@ -13,3 +13,4 @@ > + diff --git a/src/binary-exploitation/arbitrary-write-2-exec/README.md b/src/binary-exploitation/arbitrary-write-2-exec/README.md index 3bec4cf45..a5bc60726 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/README.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/README.md @@ -3,3 +3,4 @@ + diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md index bbf5c78db..cca5172d0 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md @@ -72,3 +72,4 @@ Now a **fast bin attack** is performed: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md index 28450c1bf..22b89214a 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md @@ -89,3 +89,4 @@ The **Full RELRO** protection is meant to protect agains this kind of technique {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md index bf34e78a4..7c31a3bd5 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-.dtors-and-.fini_array.md @@ -56,3 +56,4 @@ In order to abuse **`.fini_array`** to get an eternal loop you can [**check what {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md index 9ecd83bb1..b95214982 100644 --- a/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md +++ b/src/binary-exploitation/arbitrary-write-2-exec/www2exec-atexit.md @@ -238,3 +238,4 @@ You can find an example of this in the [**original blog post about the technique {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/array-indexing.md b/src/binary-exploitation/array-indexing.md index 6f4531c37..7ec067907 100644 --- a/src/binary-exploitation/array-indexing.md +++ b/src/binary-exploitation/array-indexing.md @@ -18,3 +18,4 @@ However he you can find some nice **examples**: - 32 bit, no relro, no canary, nx, pie. Abuse a bad indexing to leak addresses of libc and heap from the stack. Abuse the buffer overflow o do a ret2lib calling `system('/bin/sh')` (the heap address is needed to bypass a check). + diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md index 87416ec21..265ac9fc1 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md @@ -111,3 +111,4 @@ Something to take into account is that usually **just one exploitation of a vuln {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md index e353de7b6..36a30991e 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/elf-tricks.md @@ -396,3 +396,4 @@ The `__TLS_MODULE_BASE` is a symbol used to refer to the base address of the thr {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md index 471c0c1e1..3bd7abfdb 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/README.md @@ -241,3 +241,4 @@ Then, configure the debugger: Debugger (linux remote) --> Proccess options...: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md index c695e9b51..33a596405 100644 --- a/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md +++ b/src/binary-exploitation/basic-stack-binary-exploitation-methodology/tools/pwntools.md @@ -176,3 +176,4 @@ pwn update {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/README.md index 4b67a7fc2..5294e2287 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/README.md @@ -35,3 +35,4 @@ This command loads the executable and the core file into GDB, allowing you to in {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md index ec26e6da5..6af429529 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/README.md @@ -304,3 +304,4 @@ Note therefore how it might be possible to **bypass ASLR abusing the vdso** if t {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md index 18e620c42..ee8c6df72 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2plt.md @@ -82,3 +82,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md index a2e523625..a6081b754 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/aslr/ret2ret.md @@ -33,3 +33,4 @@ Following [**this link**](https://github.com/florianhofhammer/stack-buffer-overf {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md b/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md index 4f9b14258..f97a468ab 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/cet-and-shadow-stack.md @@ -25,3 +25,4 @@ The **shadow stack** is a **dedicated stack used solely for storing return addre {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md b/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md index 0888a0db8..82351db77 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/libc-protections.md @@ -84,3 +84,4 @@ Pointer guard is an exploit mitigation technique used in glibc to protect stored {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md b/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md index 39ca23244..439027283 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/memory-tagging-extension-mte.md @@ -84,3 +84,4 @@ When a **mismatch is detected** the kernel will **panic** to prevent further exp {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md b/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md index 5e8bacf3e..e5649b195 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/no-exec-nx.md @@ -16,3 +16,4 @@ The **No-Execute (NX)** bit, also known as **Execute Disable (XD)** in Intel ter {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md index b92435899..418b91c60 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/README.md @@ -32,3 +32,4 @@ bypassing-canary-and-pie.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md index d0049d024..410c3e556 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md @@ -96,3 +96,4 @@ According to that blog post it's recommended to add a short delay between reques {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md b/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md index 66d2ead05..aac21a542 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/relro.md @@ -35,3 +35,4 @@ Note that **LIBC's GOT is usually Partial RELRO**, so it can be modified with an {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md index 466cf3db5..99441d5db 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/README.md @@ -76,3 +76,4 @@ This attack is performed in the writeup: [https://7rocky.github.io/en/ctf/other/ {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md index 8bc7f50f3..d751fd506 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md @@ -121,3 +121,4 @@ Check also the presentation of [https://www.slideshare.net/codeblue_jp/master-ca - 64 bits, no PIE, nx, BF canary, write in some memory a ROP to call `execve` and jump there. + diff --git a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md index 0a455a595..266aef7eb 100644 --- a/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md +++ b/src/binary-exploitation/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md @@ -33,3 +33,4 @@ With an **arbitrary read** like the one provided by format **strings** it might {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/common-exploiting-problems.md b/src/binary-exploitation/common-exploiting-problems.md index 662aac265..925dc3c53 100644 --- a/src/binary-exploitation/common-exploiting-problems.md +++ b/src/binary-exploitation/common-exploiting-problems.md @@ -38,3 +38,4 @@ In order to bypass this the **escape character `\x16` must be prepended to any ` {{#include ../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/format-strings/README.md b/src/binary-exploitation/format-strings/README.md index b687806c2..1bc091c36 100644 --- a/src/binary-exploitation/format-strings/README.md +++ b/src/binary-exploitation/format-strings/README.md @@ -241,3 +241,4 @@ It's possible to abuse the write actions of a format string vulnerability to **w {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md b/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md index c8b15a038..7959b211f 100644 --- a/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md +++ b/src/binary-exploitation/format-strings/format-strings-arbitrary-read-example.md @@ -184,3 +184,4 @@ p.close() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/format-strings/format-strings-template.md b/src/binary-exploitation/format-strings/format-strings-template.md index 95e2f1e80..5b58371af 100644 --- a/src/binary-exploitation/format-strings/format-strings-template.md +++ b/src/binary-exploitation/format-strings/format-strings-template.md @@ -145,3 +145,4 @@ P.interactive() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/integer-overflow.md b/src/binary-exploitation/integer-overflow.md index e33badf8f..149bcf159 100644 --- a/src/binary-exploitation/integer-overflow.md +++ b/src/binary-exploitation/integer-overflow.md @@ -123,3 +123,4 @@ This **doesn't change in ARM64** as you can see in [**this blog post**](https:// {{#include ../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/ios-exploiting.md b/src/binary-exploitation/ios-exploiting.md index 77f327780..37b72bf06 100644 --- a/src/binary-exploitation/ios-exploiting.md +++ b/src/binary-exploitation/ios-exploiting.md @@ -212,3 +212,4 @@ With these primitives, the exploit provides controlled **32-bit reads** and **64 + diff --git a/src/binary-exploitation/libc-heap/README.md b/src/binary-exploitation/libc-heap/README.md index 2e8fdc012..661f7e50f 100644 --- a/src/binary-exploitation/libc-heap/README.md +++ b/src/binary-exploitation/libc-heap/README.md @@ -529,3 +529,4 @@ heap-memory-functions/heap-functions-security-checks.md - [https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/](https://azeria-labs.com/heap-exploitation-part-2-glibc-heap-free-bins/) + diff --git a/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md b/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md index b39f0f605..67dc1a77f 100644 --- a/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md +++ b/src/binary-exploitation/libc-heap/bins-and-memory-allocations.md @@ -640,3 +640,4 @@ heap-memory-functions/heap-functions-security-checks.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/double-free.md b/src/binary-exploitation/libc-heap/double-free.md index e6826e65f..0389d2642 100644 --- a/src/binary-exploitation/libc-heap/double-free.md +++ b/src/binary-exploitation/libc-heap/double-free.md @@ -132,3 +132,4 @@ h1: 0xaaab0f0c2380 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/fast-bin-attack.md b/src/binary-exploitation/libc-heap/fast-bin-attack.md index 9ddcde54d..ebe65b793 100644 --- a/src/binary-exploitation/libc-heap/fast-bin-attack.md +++ b/src/binary-exploitation/libc-heap/fast-bin-attack.md @@ -153,3 +153,4 @@ unsorted-bin-attack.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/README.md b/src/binary-exploitation/libc-heap/heap-memory-functions/README.md index 24d8c3dbb..efbd3b4a7 100644 --- a/src/binary-exploitation/libc-heap/heap-memory-functions/README.md +++ b/src/binary-exploitation/libc-heap/heap-memory-functions/README.md @@ -7,3 +7,4 @@ {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/free.md b/src/binary-exploitation/libc-heap/heap-memory-functions/free.md index c9b6fa11a..742bc9d72 100644 --- a/src/binary-exploitation/libc-heap/heap-memory-functions/free.md +++ b/src/binary-exploitation/libc-heap/heap-memory-functions/free.md @@ -386,3 +386,4 @@ _int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md b/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md index 60d5e2019..3a55006ad 100644 --- a/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md +++ b/src/binary-exploitation/libc-heap/heap-memory-functions/heap-functions-security-checks.md @@ -163,3 +163,4 @@ free.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md b/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md index 0199e5b87..95eee214d 100644 --- a/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md +++ b/src/binary-exploitation/libc-heap/heap-memory-functions/malloc-and-sysmalloc.md @@ -1746,3 +1746,4 @@ sysmalloc_mmap (INTERNAL_SIZE_T nb, size_t pagesize, int extra_flags, mstate av) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md b/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md index c27847032..305e00720 100644 --- a/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md +++ b/src/binary-exploitation/libc-heap/heap-memory-functions/unlink.md @@ -83,3 +83,4 @@ Heap leaks: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/heap-overflow.md b/src/binary-exploitation/libc-heap/heap-overflow.md index 17e6e72f0..cff32837e 100644 --- a/src/binary-exploitation/libc-heap/heap-overflow.md +++ b/src/binary-exploitation/libc-heap/heap-overflow.md @@ -50,3 +50,4 @@ python3 -c 'print("/"*0x400+"/bin/ls\x00")' > hax.txt {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-einherjar.md b/src/binary-exploitation/libc-heap/house-of-einherjar.md index 11b2c1b9e..e68fa4e70 100644 --- a/src/binary-exploitation/libc-heap/house-of-einherjar.md +++ b/src/binary-exploitation/libc-heap/house-of-einherjar.md @@ -49,3 +49,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-force.md b/src/binary-exploitation/libc-heap/house-of-force.md index 57ba9fee6..7ef532ea6 100644 --- a/src/binary-exploitation/libc-heap/house-of-force.md +++ b/src/binary-exploitation/libc-heap/house-of-force.md @@ -64,3 +64,4 @@ Then, do another malloc to get a chunk at the target address. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-lore.md b/src/binary-exploitation/libc-heap/house-of-lore.md index 58fa1f554..f5ef3e422 100644 --- a/src/binary-exploitation/libc-heap/house-of-lore.md +++ b/src/binary-exploitation/libc-heap/house-of-lore.md @@ -47,3 +47,4 @@ Then you will be able to allocate `fake0`. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-orange.md b/src/binary-exploitation/libc-heap/house-of-orange.md index 42ace40b5..311e919a7 100644 --- a/src/binary-exploitation/libc-heap/house-of-orange.md +++ b/src/binary-exploitation/libc-heap/house-of-orange.md @@ -75,3 +75,4 @@ This approach exploits heap management mechanisms, libc information leaks, and h {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-rabbit.md b/src/binary-exploitation/libc-heap/house-of-rabbit.md index ad794d63f..1e388b2c7 100644 --- a/src/binary-exploitation/libc-heap/house-of-rabbit.md +++ b/src/binary-exploitation/libc-heap/house-of-rabbit.md @@ -111,3 +111,4 @@ The **House of Rabbit** technique involves either modifying the size of a fast b {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-roman.md b/src/binary-exploitation/libc-heap/house-of-roman.md index b57aab2c2..217c1c4c8 100644 --- a/src/binary-exploitation/libc-heap/house-of-roman.md +++ b/src/binary-exploitation/libc-heap/house-of-roman.md @@ -118,3 +118,4 @@ Finally, one the correct address is overwritten, **call `malloc` and trigger the {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/house-of-spirit.md b/src/binary-exploitation/libc-heap/house-of-spirit.md index 522f24b9d..4f9877839 100644 --- a/src/binary-exploitation/libc-heap/house-of-spirit.md +++ b/src/binary-exploitation/libc-heap/house-of-spirit.md @@ -118,3 +118,4 @@ int main() { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/large-bin-attack.md b/src/binary-exploitation/libc-heap/large-bin-attack.md index 7e12332f9..76184cb0a 100644 --- a/src/binary-exploitation/libc-heap/large-bin-attack.md +++ b/src/binary-exploitation/libc-heap/large-bin-attack.md @@ -58,3 +58,4 @@ You can find another great explanation of this attack in [**guyinatuxedo**](http {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/off-by-one-overflow.md b/src/binary-exploitation/libc-heap/off-by-one-overflow.md index d344fc0f6..a1d558a85 100644 --- a/src/binary-exploitation/libc-heap/off-by-one-overflow.md +++ b/src/binary-exploitation/libc-heap/off-by-one-overflow.md @@ -115,3 +115,4 @@ This image explains perfectly the attack: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md b/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md index bae6b6aec..3cea311e9 100644 --- a/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md +++ b/src/binary-exploitation/libc-heap/overwriting-a-freed-chunk.md @@ -23,3 +23,4 @@ In this case it would be possible to **modify the size** of the following chunk {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/tcache-bin-attack.md b/src/binary-exploitation/libc-heap/tcache-bin-attack.md index 178f14589..997b1b384 100644 --- a/src/binary-exploitation/libc-heap/tcache-bin-attack.md +++ b/src/binary-exploitation/libc-heap/tcache-bin-attack.md @@ -47,3 +47,4 @@ Usually it's possible to find at the beginning of the heap a chunk containing th {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/unlink-attack.md b/src/binary-exploitation/libc-heap/unlink-attack.md index 1a665428e..c34204f62 100644 --- a/src/binary-exploitation/libc-heap/unlink-attack.md +++ b/src/binary-exploitation/libc-heap/unlink-attack.md @@ -129,3 +129,4 @@ This attack allows to **change a pointer to a chunk to point 3 addresses before {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/unsorted-bin-attack.md b/src/binary-exploitation/libc-heap/unsorted-bin-attack.md index 89e3f968b..6d8584173 100644 --- a/src/binary-exploitation/libc-heap/unsorted-bin-attack.md +++ b/src/binary-exploitation/libc-heap/unsorted-bin-attack.md @@ -73,3 +73,4 @@ Then C was deallocated, and consolidated with A+B (but B was still in used). A n {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/use-after-free/README.md b/src/binary-exploitation/libc-heap/use-after-free/README.md index 069a673d7..d1e45e846 100644 --- a/src/binary-exploitation/libc-heap/use-after-free/README.md +++ b/src/binary-exploitation/libc-heap/use-after-free/README.md @@ -20,3 +20,4 @@ first-fit.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md index 115d3e19b..7b3f78f24 100644 --- a/src/binary-exploitation/libc-heap/use-after-free/first-fit.md +++ b/src/binary-exploitation/libc-heap/use-after-free/first-fit.md @@ -64,3 +64,4 @@ d = malloc(20); // a - In this case it's needed to write 4 inside an specific chunk which is the first one being allocated (even after force freeing all of them). On each new allocated chunk it's number in the array index is stored. Then, allocate 4 chunks (+ the initialy allocated), the last one will have 4 inside of it, free them and force the reallocation of the first one, which will use the last chunk freed which is the one with 4 inside of it. + diff --git a/src/binary-exploitation/rop-return-oriented-programing/README.md b/src/binary-exploitation/rop-return-oriented-programing/README.md index 82d3cf9c6..0645e6ced 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/README.md +++ b/src/binary-exploitation/rop-return-oriented-programing/README.md @@ -195,3 +195,4 @@ rop-syscall-execv/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md b/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md index ff67ec4bf..f87309944 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md +++ b/src/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md @@ -124,3 +124,4 @@ Behaviour signatures to find those functions: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md b/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md index f16f67516..42160ff90 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2csu.md @@ -184,3 +184,4 @@ Usually these cases are also vulnerable to [**ret2plt**](../common-binary-protec {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md b/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md index b3a3c1ab8..469865303 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md @@ -197,3 +197,4 @@ target.interactive() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md b/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md index 7837a1283..12aa1bd45 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2esp-ret2reg.md @@ -189,3 +189,4 @@ p.interactive() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md index 755c3cfd8..94281bf4c 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/README.md @@ -165,3 +165,4 @@ This basically means abusing a **Ret2lib to transform it into a `printf` format {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md index 58dce3570..7b647b12a 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/one-gadget.md @@ -37,3 +37,4 @@ angry_gadget.py examples/libc6_2.23-0ubuntu10_amd64.so {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md index a45f91052..b251b9035 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/ret2lib-+-printf-leak-arm64.md @@ -217,3 +217,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md index 36a43d76e..3994319d7 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/README.md @@ -304,3 +304,4 @@ BINSH = next(libc.search("/bin/sh")) - 64 {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md index e30884959..163560a1f 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md @@ -223,3 +223,4 @@ BINSH = next(libc.search("/bin/sh")) - 64 {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md b/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md index 76002a8f0..7cf6ba6d0 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md +++ b/src/binary-exploitation/rop-return-oriented-programing/ret2vdso.md @@ -69,3 +69,4 @@ srop-sigreturn-oriented-programming/srop-arm64.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md index 19e1ce68b..fb13cbc13 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md +++ b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/README.md @@ -195,3 +195,4 @@ target.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md index abcc529f9..d0ce408f6 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md +++ b/src/binary-exploitation/rop-return-oriented-programing/rop-syscall-execv/ret2syscall-arm64.md @@ -128,3 +128,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md index 06cfe6a0d..ad8212938 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md +++ b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/README.md @@ -145,3 +145,4 @@ target.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md index fbb2e56a7..3e38cfe2c 100644 --- a/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md +++ b/src/binary-exploitation/rop-return-oriented-programing/srop-sigreturn-oriented-programming/srop-arm64.md @@ -192,3 +192,4 @@ And to bypass the address of `/bin/sh` you could create several env variables po {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/README.md b/src/binary-exploitation/stack-overflow/README.md index 54dccee09..5aeba41af 100644 --- a/src/binary-exploitation/stack-overflow/README.md +++ b/src/binary-exploitation/stack-overflow/README.md @@ -104,3 +104,4 @@ There are several protections trying to prevent the exploitation of vulnerabilit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/pointer-redirecting.md b/src/binary-exploitation/stack-overflow/pointer-redirecting.md index 9213444ef..8dfe839a1 100644 --- a/src/binary-exploitation/stack-overflow/pointer-redirecting.md +++ b/src/binary-exploitation/stack-overflow/pointer-redirecting.md @@ -29,3 +29,4 @@ You can find an example in: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/ret2win/README.md b/src/binary-exploitation/stack-overflow/ret2win/README.md index 52ef909dc..5076edd89 100644 --- a/src/binary-exploitation/stack-overflow/ret2win/README.md +++ b/src/binary-exploitation/stack-overflow/ret2win/README.md @@ -115,3 +115,4 @@ ret2win-arm64.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md b/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md index ca102d444..d0c8c3b31 100644 --- a/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md +++ b/src/binary-exploitation/stack-overflow/ret2win/ret2win-arm64.md @@ -189,3 +189,4 @@ p.close() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md b/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md index 6e7d80c73..2f11ab017 100644 --- a/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md +++ b/src/binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md @@ -236,3 +236,4 @@ Also in the following page you can see the equivalent of **Ret2esp in ARM64**: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/stack-shellcode/README.md b/src/binary-exploitation/stack-overflow/stack-shellcode/README.md index 702645a59..f89fe4e9f 100644 --- a/src/binary-exploitation/stack-overflow/stack-shellcode/README.md +++ b/src/binary-exploitation/stack-overflow/stack-shellcode/README.md @@ -97,3 +97,4 @@ The **NOP slide** (`asm('nop')`) is used to increase the chance that execution w {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md b/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md index 24585eb5c..8c609ee0e 100644 --- a/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md +++ b/src/binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md @@ -81,3 +81,4 @@ I opened the generated **`core` file** (`gdb ./bog ./core`) and checked the real {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/stack-overflow/uninitialized-variables.md b/src/binary-exploitation/stack-overflow/uninitialized-variables.md index dbe8f1c01..7cee7b25a 100644 --- a/src/binary-exploitation/stack-overflow/uninitialized-variables.md +++ b/src/binary-exploitation/stack-overflow/uninitialized-variables.md @@ -68,3 +68,4 @@ This doesn't change at all in ARM64 as local variables are also managed in the s {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md b/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md index 3758e559d..2ab8e9655 100644 --- a/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md +++ b/src/binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md @@ -261,3 +261,4 @@ EXITFUNC=thread -e x86/shikata_ga_nai {{#include ../banners/hacktricks-training.md}} + diff --git a/src/blockchain/blockchain-and-crypto-currencies/README.md b/src/blockchain/blockchain-and-crypto-currencies/README.md index 81b4615c0..c45957447 100644 --- a/src/blockchain/blockchain-and-crypto-currencies/README.md +++ b/src/blockchain/blockchain-and-crypto-currencies/README.md @@ -186,3 +186,4 @@ These practices and mechanisms are foundational for anyone looking to engage wit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/burp-suite.md b/src/burp-suite.md index 57504ea27..d8de49ff0 100644 --- a/src/burp-suite.md +++ b/src/burp-suite.md @@ -17,3 +17,4 @@ {{#include ./banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/blockchain-and-crypto-currencies.md b/src/crypto-and-stego/blockchain-and-crypto-currencies.md index cce65e9f9..bc2ade55c 100644 --- a/src/crypto-and-stego/blockchain-and-crypto-currencies.md +++ b/src/crypto-and-stego/blockchain-and-crypto-currencies.md @@ -186,3 +186,4 @@ These practices and mechanisms are foundational for anyone looking to engage wit {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/certificates.md b/src/crypto-and-stego/certificates.md index b7871f8e9..0f9198240 100644 --- a/src/crypto-and-stego/certificates.md +++ b/src/crypto-and-stego/certificates.md @@ -206,3 +206,4 @@ openssl asn1parse -genconf certificatename.tpl -outform PEM -out certificatename {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md b/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md index 9babc544a..5971c1cda 100644 --- a/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md +++ b/src/crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md @@ -55,3 +55,4 @@ More information in [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/crypto-ctfs-tricks.md b/src/crypto-and-stego/crypto-ctfs-tricks.md index d5e6a1f20..f165df54b 100644 --- a/src/crypto-and-stego/crypto-ctfs-tricks.md +++ b/src/crypto-and-stego/crypto-ctfs-tricks.md @@ -301,3 +301,4 @@ A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_). {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/cryptographic-algorithms/README.md b/src/crypto-and-stego/cryptographic-algorithms/README.md index a70912cb4..3e0cf5141 100644 --- a/src/crypto-and-stego/cryptographic-algorithms/README.md +++ b/src/crypto-and-stego/cryptographic-algorithms/README.md @@ -185,3 +185,4 @@ Check **3 comparisons to recognise it**: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md b/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md index fa9e007e4..9132f1946 100644 --- a/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md +++ b/src/crypto-and-stego/cryptographic-algorithms/unpacking-binaries.md @@ -24,3 +24,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/electronic-code-book-ecb.md b/src/crypto-and-stego/electronic-code-book-ecb.md index 8d1180ce1..c01107bc4 100644 --- a/src/crypto-and-stego/electronic-code-book-ecb.md +++ b/src/crypto-and-stego/electronic-code-book-ecb.md @@ -74,3 +74,4 @@ The cookie of this user is going to be composed by 3 blocks: the first 2 is the {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/esoteric-languages.md b/src/crypto-and-stego/esoteric-languages.md index 2b1be3259..a5b8cde0b 100644 --- a/src/crypto-and-stego/esoteric-languages.md +++ b/src/crypto-and-stego/esoteric-languages.md @@ -69,3 +69,4 @@ Kukarek {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/hash-length-extension-attack.md b/src/crypto-and-stego/hash-length-extension-attack.md index b24f88bd8..34dc736ca 100644 --- a/src/crypto-and-stego/hash-length-extension-attack.md +++ b/src/crypto-and-stego/hash-length-extension-attack.md @@ -38,3 +38,4 @@ You can find this attack good explained in [https://blog.skullsecurity.org/2012/ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/padding-oracle-priv.md b/src/crypto-and-stego/padding-oracle-priv.md index 3e4d1dbb3..6172551fd 100644 --- a/src/crypto-and-stego/padding-oracle-priv.md +++ b/src/crypto-and-stego/padding-oracle-priv.md @@ -109,3 +109,4 @@ But if you BF the padding (using padbuster for example) you manage to get anothe {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/rc4-encrypt-and-decrypt.md b/src/crypto-and-stego/rc4-encrypt-and-decrypt.md index 00e933705..c4e548fe1 100644 --- a/src/crypto-and-stego/rc4-encrypt-and-decrypt.md +++ b/src/crypto-and-stego/rc4-encrypt-and-decrypt.md @@ -11,3 +11,4 @@ If you can encrypt a known plaintext you can also extract the password. More ref {{#include ../banners/hacktricks-training.md}} + diff --git a/src/crypto-and-stego/stego-tricks.md b/src/crypto-and-stego/stego-tricks.md index d62dec11c..0f465574c 100644 --- a/src/crypto-and-stego/stego-tricks.md +++ b/src/crypto-and-stego/stego-tricks.md @@ -220,3 +220,4 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/certificates.md b/src/cryptography/certificates.md index 777620734..f11a603ff 100644 --- a/src/cryptography/certificates.md +++ b/src/cryptography/certificates.md @@ -179,3 +179,4 @@ openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certif {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/cipher-block-chaining-cbc-mac-priv.md b/src/cryptography/cipher-block-chaining-cbc-mac-priv.md index 9babc544a..5971c1cda 100644 --- a/src/cryptography/cipher-block-chaining-cbc-mac-priv.md +++ b/src/cryptography/cipher-block-chaining-cbc-mac-priv.md @@ -55,3 +55,4 @@ More information in [https://en.wikipedia.org/wiki/CBC-MAC](https://en.wikipedia {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/crypto-ctfs-tricks.md b/src/cryptography/crypto-ctfs-tricks.md index d5e6a1f20..f165df54b 100644 --- a/src/cryptography/crypto-ctfs-tricks.md +++ b/src/cryptography/crypto-ctfs-tricks.md @@ -301,3 +301,4 @@ A secret is splitted in X parts and to recover it you need Y parts (_Y <=X_). {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/electronic-code-book-ecb.md b/src/cryptography/electronic-code-book-ecb.md index 8d1180ce1..c01107bc4 100644 --- a/src/cryptography/electronic-code-book-ecb.md +++ b/src/cryptography/electronic-code-book-ecb.md @@ -74,3 +74,4 @@ The cookie of this user is going to be composed by 3 blocks: the first 2 is the {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/hash-length-extension-attack.md b/src/cryptography/hash-length-extension-attack.md index 3bcd0e4a2..c8882b69a 100644 --- a/src/cryptography/hash-length-extension-attack.md +++ b/src/cryptography/hash-length-extension-attack.md @@ -36,3 +36,4 @@ You can find this attack good explained in [https://blog.skullsecurity.org/2012/ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/padding-oracle-priv.md b/src/cryptography/padding-oracle-priv.md index faa40fa94..61fd5911a 100644 --- a/src/cryptography/padding-oracle-priv.md +++ b/src/cryptography/padding-oracle-priv.md @@ -110,3 +110,4 @@ But if you BF the padding (using padbuster for example) you manage to get anothe {{#include ../banners/hacktricks-training.md}} + diff --git a/src/cryptography/rc4-encrypt-and-decrypt.md b/src/cryptography/rc4-encrypt-and-decrypt.md index 00e933705..c4e548fe1 100644 --- a/src/cryptography/rc4-encrypt-and-decrypt.md +++ b/src/cryptography/rc4-encrypt-and-decrypt.md @@ -11,3 +11,4 @@ If you can encrypt a known plaintext you can also extract the password. More ref {{#include ../banners/hacktricks-training.md}} + diff --git a/src/emails-vulns.md b/src/emails-vulns.md index 42d15f27f..390ca2769 100644 --- a/src/emails-vulns.md +++ b/src/emails-vulns.md @@ -9,3 +9,4 @@ {{#include ./banners/hacktricks-training.md}} + diff --git a/src/exploiting/linux-exploiting-basic-esp/README.md b/src/exploiting/linux-exploiting-basic-esp/README.md index 11fd1be6e..3d2dbba67 100644 --- a/src/exploiting/linux-exploiting-basic-esp/README.md +++ b/src/exploiting/linux-exploiting-basic-esp/README.md @@ -552,3 +552,4 @@ Consiste en mediante reservas y liberaciones sementar la memoria de forma que qu {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/exploiting/linux-exploiting-basic-esp/fusion.md b/src/exploiting/linux-exploiting-basic-esp/fusion.md index cbab78081..2f232afbc 100644 --- a/src/exploiting/linux-exploiting-basic-esp/fusion.md +++ b/src/exploiting/linux-exploiting-basic-esp/fusion.md @@ -64,3 +64,4 @@ r.interactive() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/exploiting/tools/README.md b/src/exploiting/tools/README.md index 390d37dc3..e2c511ea3 100644 --- a/src/exploiting/tools/README.md +++ b/src/exploiting/tools/README.md @@ -228,3 +228,4 @@ Then, configure the debugger: Debugger (linux remote) --> Proccess options...: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/exploiting/tools/pwntools.md b/src/exploiting/tools/pwntools.md index 0d2764cdd..3ef0d1f43 100644 --- a/src/exploiting/tools/pwntools.md +++ b/src/exploiting/tools/pwntools.md @@ -174,3 +174,4 @@ pwn update {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md b/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md index 077f2fe7b..366633707 100644 --- a/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md +++ b/src/exploiting/windows-exploiting-basic-guide-oscp-lvl.md @@ -261,3 +261,4 @@ EXITFUNC=thread -e x86/shikata_ga_nai {{#include ../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/README.md b/src/forensics/basic-forensic-methodology/README.md index 531ec98f0..a3b9436dd 100644 --- a/src/forensics/basic-forensic-methodology/README.md +++ b/src/forensics/basic-forensic-methodology/README.md @@ -82,3 +82,4 @@ file-integrity-monitoring.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md b/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md index 7f2512d6c..6855e9825 100644 --- a/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md +++ b/src/forensics/basic-forensic-methodology/anti-forensic-techniques.md @@ -153,3 +153,4 @@ It's also possible to modify the configuration of which files are going to be co {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/docker-forensics.md b/src/forensics/basic-forensic-methodology/docker-forensics.md index 17a36b6cb..9d27d98eb 100644 --- a/src/forensics/basic-forensic-methodology/docker-forensics.md +++ b/src/forensics/basic-forensic-methodology/docker-forensics.md @@ -121,3 +121,4 @@ Therefore (as root) you can **dump the memory of the processes** from the host a {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md b/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md index a1e4d8502..a01d62b33 100644 --- a/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md +++ b/src/forensics/basic-forensic-methodology/file-integrity-monitoring.md @@ -26,3 +26,4 @@ File Integrity Monitoring (FIM) is a critical security technique that protects I {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/linux-forensics.md b/src/forensics/basic-forensic-methodology/linux-forensics.md index b832648ec..49acdb9f9 100644 --- a/src/forensics/basic-forensic-methodology/linux-forensics.md +++ b/src/forensics/basic-forensic-methodology/linux-forensics.md @@ -398,3 +398,4 @@ git diff --no-index --diff-filter=D path/to/old_version/ path/to/new_version/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/malware-analysis.md b/src/forensics/basic-forensic-methodology/malware-analysis.md index b3d7379c3..034701f47 100644 --- a/src/forensics/basic-forensic-methodology/malware-analysis.md +++ b/src/forensics/basic-forensic-methodology/malware-analysis.md @@ -172,3 +172,4 @@ When the information is saved in logs you can **check statistics like how many t {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md b/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md index 20cd58d5d..2ec638516 100644 --- a/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md +++ b/src/forensics/basic-forensic-methodology/memory-dump-analysis/README.md @@ -37,3 +37,4 @@ You should **open** it using **IDA** or **Radare** to inspection it in **depth** {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md index 7d45bfd90..17957bab1 100644 --- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md +++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md @@ -236,3 +236,4 @@ You may notice that even performing that action there might be **other parts whe {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md index 26e3eca31..af2609f07 100644 --- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md +++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md @@ -95,3 +95,4 @@ You can use the linux command line tool **pdftotext** to transform a pdf into te {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md index df1bcf771..34a0728d9 100644 --- a/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md +++ b/src/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-tools.md @@ -74,3 +74,4 @@ You can use the linux command line tool **pdftotext** to transform a pdf into te {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/README.md b/src/forensics/basic-forensic-methodology/pcap-inspection/README.md index 2e592bf93..03cd9ad22 100644 --- a/src/forensics/basic-forensic-methodology/pcap-inspection/README.md +++ b/src/forensics/basic-forensic-methodology/pcap-inspection/README.md @@ -228,3 +228,4 @@ usb-keystrokes.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md index e51ccb2ea..e81e78ceb 100644 --- a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md +++ b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keyboard-pcap-analysis.md @@ -14,3 +14,4 @@ You can read more information and find some scripts about how to analyse this in {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md index 6bbe7e8ef..210692c6e 100644 --- a/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md +++ b/src/forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md @@ -19,3 +19,4 @@ You can read more information and find some scripts about how to analyse this in {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md b/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md index fa4d2edf6..a2733ab0d 100644 --- a/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md +++ b/src/forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md @@ -41,3 +41,4 @@ Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md index be52ee567..6b118473f 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md @@ -222,3 +222,4 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md index b3cf47a1b..d23a7ab56 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md @@ -41,3 +41,4 @@ zips-tricks.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md index c1f89d74f..5ee7cdffa 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md @@ -164,3 +164,4 @@ These paths and commands are crucial for accessing and understanding the browsin {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md index 4a514defb..08b84952d 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md @@ -50,3 +50,4 @@ End Function {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md index e5a5adf74..2ff1a20b5 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md @@ -99,3 +99,4 @@ Other tables inside this database contain more interesting information: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md index 0304cb9c0..b32d4206d 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md @@ -21,3 +21,4 @@ olevba -c /path/to/document #Extract macros {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md index b32d72ddf..d230344e9 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md @@ -20,3 +20,4 @@ For custom PDF analysis, Python libraries like [PeepDF](https://github.com/jespa {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md index d577ba693..64726e83d 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md @@ -9,3 +9,4 @@ These strategies underscore the importance of a comprehensive approach in CTFs, {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md index 5ec1db19f..2a6030e2c 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md @@ -19,3 +19,4 @@ This array of tools underscores the versatility required in CTF challenges, wher {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md index cf87f9a6c..0dacaa3c0 100644 --- a/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md +++ b/src/forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md @@ -21,3 +21,4 @@ It's crucial to note that password-protected zip files **do not encrypt filename {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/README.md b/src/forensics/basic-forensic-methodology/windows-forensics/README.md index b73f8361f..e3fc48579 100644 --- a/src/forensics/basic-forensic-methodology/windows-forensics/README.md +++ b/src/forensics/basic-forensic-methodology/windows-forensics/README.md @@ -508,3 +508,4 @@ Security EventID 1102 signals the deletion of logs, a critical event for forensi {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md b/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md index c508fab70..8bf07a965 100644 --- a/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md +++ b/src/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md @@ -101,3 +101,4 @@ This guide condenses the crucial paths and methods for accessing detailed system {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md b/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md index 1451e1daf..2cfd90436 100644 --- a/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md +++ b/src/forensics/basic-forensic-methodology/windows-forensics/windows-processes.md @@ -106,3 +106,4 @@ This is run from **userinit.exe** which should be terminated, so **no parent** s {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/brute-force.md b/src/generic-hacking/brute-force.md index ab9bffb5d..b6fea4a25 100644 --- a/src/generic-hacking/brute-force.md +++ b/src/generic-hacking/brute-force.md @@ -875,3 +875,4 @@ Cracking Common Application Hashes {{#include ../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/exfiltration.md b/src/generic-hacking/exfiltration.md index 3ba272f2e..4f5f27b6d 100644 --- a/src/generic-hacking/exfiltration.md +++ b/src/generic-hacking/exfiltration.md @@ -367,3 +367,4 @@ Then copy-paste the text into the windows-shell and a file called nc.exe will be {{#include ../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/reverse-shells/README.md b/src/generic-hacking/reverse-shells/README.md index 1d4a7f319..248a21a77 100644 --- a/src/generic-hacking/reverse-shells/README.md +++ b/src/generic-hacking/reverse-shells/README.md @@ -24,3 +24,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md b/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md index c174cee6d..3758717b6 100644 --- a/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md +++ b/src/generic-hacking/reverse-shells/expose-local-to-the-internet.md @@ -88,3 +88,4 @@ npx localtunnel --port 8000 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/reverse-shells/full-ttys.md b/src/generic-hacking/reverse-shells/full-ttys.md index 23aaebc2b..f08ca1c81 100644 --- a/src/generic-hacking/reverse-shells/full-ttys.md +++ b/src/generic-hacking/reverse-shells/full-ttys.md @@ -109,3 +109,4 @@ expect -c 'spawn sudo -S cat "/root/root.txt";expect "*password*";send " LPORT= -f {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/reverse-shells/windows.md b/src/generic-hacking/reverse-shells/windows.md index 9d9a48dad..defbd2b5e 100644 --- a/src/generic-hacking/reverse-shells/windows.md +++ b/src/generic-hacking/reverse-shells/windows.md @@ -559,3 +559,4 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/search-exploits.md b/src/generic-hacking/search-exploits.md index eafcf5a04..d67f6409b 100644 --- a/src/generic-hacking/search-exploits.md +++ b/src/generic-hacking/search-exploits.md @@ -56,3 +56,4 @@ search_vulns enables you to search for known vulnerabilities and exploits as wel {{#include ../banners/hacktricks-training.md}} + diff --git a/src/generic-hacking/tunneling-and-port-forwarding.md b/src/generic-hacking/tunneling-and-port-forwarding.md index 08446fe1d..53be489b6 100644 --- a/src/generic-hacking/tunneling-and-port-forwarding.md +++ b/src/generic-hacking/tunneling-and-port-forwarding.md @@ -653,3 +653,4 @@ tunnels: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md index 531ec98f0..a3b9436dd 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/README.md @@ -82,3 +82,4 @@ file-integrity-monitoring.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md index 9221761a1..412039a2c 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/anti-forensic-techniques.md @@ -153,3 +153,4 @@ It's also possible to modify the configuration of which files are going to be co {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md index 17a36b6cb..9d27d98eb 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/docker-forensics.md @@ -121,3 +121,4 @@ Therefore (as root) you can **dump the memory of the processes** from the host a {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md index a1e4d8502..a01d62b33 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/file-integrity-monitoring.md @@ -26,3 +26,4 @@ File Integrity Monitoring (FIM) is a critical security technique that protects I {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md index 3c8aae4ac..125af9717 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/image-acquisition-and-mount.md @@ -115,3 +115,4 @@ mount disk.img /mnt -o ro,offset=$((2048*512)) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md index 49acdb9f9..b40735717 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/linux-forensics.md @@ -399,3 +399,4 @@ git diff --no-index --diff-filter=D path/to/old_version/ path/to/new_version/ + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md index b3d7379c3..034701f47 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/malware-analysis.md @@ -172,3 +172,4 @@ When the information is saved in logs you can **check statistics like how many t {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md index f293ef856..2a2959b00 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/README.md @@ -37,3 +37,4 @@ You should **open** it using **IDA** or **Radare** to inspection it in **depth** {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md index 9b84eae0a..cff6f95b0 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md @@ -919,3 +919,4 @@ The **Master Boot Record (MBR)** plays a crucial role in managing the logical pa {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md index 34968e985..eae42b9af 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/README.md @@ -236,3 +236,4 @@ You may notice that even performing that action there might be **other parts whe {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md index 610d78b88..83e475bd3 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md @@ -95,3 +95,4 @@ You can use the linux command line tool **pdftotext** to transform a pdf into te {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md index 62bae2154..42745d4a7 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/README.md @@ -233,3 +233,4 @@ usb-keystrokes.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md index 9e07b899a..f0fb963e8 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md @@ -37,3 +37,4 @@ python3 dnscat_decoder.py sample.pcap bad_domain {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md index eca3cbd80..6b03cea20 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/suricata-and-iptables-cheatsheet.md @@ -234,3 +234,4 @@ drop tcp any any -> any 8000 (msg:"8000 port"; sid:1000;) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md index aa04adeb4..1019e8295 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md @@ -21,3 +21,4 @@ You can read more information and find some scripts about how to analyse this in {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md index 00d0b9d65..f3e90173e 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md @@ -43,3 +43,4 @@ Edit --> Preferences --> Protocols --> IEEE 802.11--> Edit {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md index 58d29a3e7..6dc5b519d 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md @@ -157,3 +157,4 @@ f.close() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md index be52ee567..6b118473f 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md @@ -222,3 +222,4 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md index b3cf47a1b..d23a7ab56 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/README.md @@ -41,3 +41,4 @@ zips-tricks.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md index 9eb0afb2e..2c903fcef 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md @@ -165,3 +165,4 @@ These paths and commands are crucial for accessing and understanding the browsin {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md index 4a514defb..08b84952d 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md @@ -50,3 +50,4 @@ End Function {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md index 492d9c0c0..dc4c6e5d0 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md @@ -99,3 +99,4 @@ Other tables inside this database contain more interesting information: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md index 0304cb9c0..b32d4206d 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md @@ -21,3 +21,4 @@ olevba -c /path/to/document #Extract macros {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md index b32d72ddf..d230344e9 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md @@ -20,3 +20,4 @@ For custom PDF analysis, Python libraries like [PeepDF](https://github.com/jespa {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md index d577ba693..64726e83d 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md @@ -9,3 +9,4 @@ These strategies underscore the importance of a comprehensive approach in CTFs, {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md index 67acc6386..9dde6a953 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md @@ -17,3 +17,4 @@ This array of tools underscores the versatility required in CTF challenges, wher {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md index cf87f9a6c..0dacaa3c0 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md @@ -21,3 +21,4 @@ It's crucial to note that password-protected zip files **do not encrypt filename {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md index dd8a4bd31..0ef7eb575 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/README.md @@ -504,3 +504,4 @@ Security EventID 1102 signals the deletion of logs, a critical event for forensi {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md index c508fab70..8bf07a965 100644 --- a/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md +++ b/src/generic-methodologies-and-resources/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md @@ -101,3 +101,4 @@ This guide condenses the crucial paths and methods for accessing detailed system {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/README.md b/src/generic-methodologies-and-resources/external-recon-methodology/README.md index 21179e3d8..ff6f5309a 100644 --- a/src/generic-methodologies-and-resources/external-recon-methodology/README.md +++ b/src/generic-methodologies-and-resources/external-recon-methodology/README.md @@ -712,3 +712,4 @@ There are several tools out there that will perform part of the proposed actions {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md b/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md index 3aeaccac3..87354ea9a 100644 --- a/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md +++ b/src/generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md @@ -311,3 +311,4 @@ AWS SECRET {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md index c3b284015..a9613ace3 100644 --- a/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md +++ b/src/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md @@ -18,3 +18,4 @@ This helps in several occasions to **search for leaked information** or for **vu {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-methodology.md b/src/generic-methodologies-and-resources/pentesting-methodology.md index 77009d7b7..c0cecc610 100644 --- a/src/generic-methodologies-and-resources/pentesting-methodology.md +++ b/src/generic-methodologies-and-resources/pentesting-methodology.md @@ -136,3 +136,4 @@ Check also the page about [**NTLM**](../windows-hardening/ntlm/), it could be ve {{#include ../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/README.md b/src/generic-methodologies-and-resources/pentesting-network/README.md index 060eca9a0..1f7de7e4a 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/README.md +++ b/src/generic-methodologies-and-resources/pentesting-network/README.md @@ -902,3 +902,4 @@ Bettercap broadcast WSD packets searching for services (UDP Port 3702). {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md b/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md index 13d3cbfec..07801a20d 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md +++ b/src/generic-methodologies-and-resources/pentesting-network/dhcpv6.md @@ -40,3 +40,4 @@ A comparative view of DHCPv6 and DHCPv4 message types is presented in the table {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md index 695ad6a55..855103ab1 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md +++ b/src/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md @@ -61,3 +61,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md index c510db636..d84b3d1ff 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md +++ b/src/generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md @@ -140,3 +140,4 @@ Executing these steps places the attacker in a position to intercept and manipul {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md b/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md index cea4a3541..c86063da7 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md +++ b/src/generic-methodologies-and-resources/pentesting-network/ids-evasion.md @@ -47,3 +47,4 @@ Or maybe, 2 packets with the same offset comes and the host has to decide which {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md index b2dec97ec..d380863a2 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md +++ b/src/generic-methodologies-and-resources/pentesting-network/lateral-vlan-segmentation-bypass.md @@ -67,3 +67,4 @@ Ultimately, this process enables bypassing of VLAN segmentation, thereby facilit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md b/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md index e4ab393dc..5a9ff6dc1 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md +++ b/src/generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md @@ -55,3 +55,4 @@ Active Directory is a network-accessible database containing objects like users, {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md b/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md index 197bb1abd..448975c2a 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md +++ b/src/generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md @@ -260,3 +260,4 @@ If you don't want to change the values of **`totalwaitms`** and **`tcpwrappedms` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md b/src/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md index 5e7063bae..75812e427 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md +++ b/src/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md @@ -118,3 +118,4 @@ After pinpointing IPv6 addresses associated with an organization, the `ping6` ut {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md b/src/generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md index 506bbdc22..39f98b3d8 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md +++ b/src/generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md @@ -134,3 +134,4 @@ In Windows you **may be able to force some privileged accounts to authenticate t {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md b/src/generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md index 708620c75..a9e8c3116 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md +++ b/src/generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md @@ -33,3 +33,4 @@ In essence, while UPnP offers convenience and network fluidity, it also opens do {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-network/webrtc-dos.md b/src/generic-methodologies-and-resources/pentesting-network/webrtc-dos.md index a77ef8574..f702fcf4c 100644 --- a/src/generic-methodologies-and-resources/pentesting-network/webrtc-dos.md +++ b/src/generic-methodologies-and-resources/pentesting-network/webrtc-dos.md @@ -37,3 +37,4 @@ This vulnerability highlights the delicate balance in media session initializati {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-wifi/README.md b/src/generic-methodologies-and-resources/pentesting-wifi/README.md index 93f4b8d51..b635a8e66 100644 --- a/src/generic-methodologies-and-resources/pentesting-wifi/README.md +++ b/src/generic-methodologies-and-resources/pentesting-wifi/README.md @@ -791,3 +791,4 @@ TODO: Take a look to [https://github.com/wifiphisher/wifiphisher](https://github {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md b/src/generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md index 3cbc89b40..4220d6dc8 100644 --- a/src/generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md +++ b/src/generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md @@ -54,3 +54,4 @@ For further details check https://versprite.com/blog/application-security/eap-tl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/phishing-methodology/README.md b/src/generic-methodologies-and-resources/phishing-methodology/README.md index 9fd49877b..210d6296f 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/README.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/README.md @@ -468,3 +468,4 @@ Use [**Phishious** ](https://github.com/Rices/Phishious)to evaluate if your emai {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md b/src/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md index e65e547a8..c19ab8389 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/clone-a-website.md @@ -30,3 +30,4 @@ goclone {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md b/src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md index f861914cc..0ddeea3eb 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/detecting-phising.md @@ -69,3 +69,4 @@ Using this last option you can even use the field Matching Identities to see if {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md b/src/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md index 1e214fd8e..e97b23bbc 100644 --- a/src/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md +++ b/src/generic-methodologies-and-resources/phishing-methodology/phishing-documents.md @@ -168,3 +168,4 @@ Don't forget that you cannot only steal the hash or the authentication but also {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/README.md b/src/generic-methodologies-and-resources/python/README.md index bbad12bd5..fc7fd18b5 100644 --- a/src/generic-methodologies-and-resources/python/README.md +++ b/src/generic-methodologies-and-resources/python/README.md @@ -14,3 +14,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/basic-python.md b/src/generic-methodologies-and-resources/python/basic-python.md index 8acce1e6e..3529d6263 100644 --- a/src/generic-methodologies-and-resources/python/basic-python.md +++ b/src/generic-methodologies-and-resources/python/basic-python.md @@ -317,3 +317,4 @@ Execution time: 4.792213439941406e-05 seconds {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md b/src/generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md index 33fd3bd76..b14f18f07 100644 --- a/src/generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md +++ b/src/generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md @@ -54,3 +54,4 @@ main() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md index f2ae94730..a6540f27b 100644 --- a/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md +++ b/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md @@ -1149,3 +1149,4 @@ will be bypassed {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md b/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md index 943bb1814..86dd712d3 100644 --- a/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md +++ b/src/generic-methodologies-and-resources/python/bypass-python-sandboxes/load_name-load_const-opcode-oob-read.md @@ -237,3 +237,4 @@ builtins['eval'](builtins['input']()) {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md b/src/generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md index 643f087e3..7734330a0 100644 --- a/src/generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md +++ b/src/generic-methodologies-and-resources/python/class-pollution-pythons-prototype-pollution.md @@ -270,3 +270,4 @@ python-internal-read-gadgets.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/pyscript.md b/src/generic-methodologies-and-resources/python/pyscript.md index 87cee8128..2d5d90d92 100644 --- a/src/generic-methodologies-and-resources/python/pyscript.md +++ b/src/generic-methodologies-and-resources/python/pyscript.md @@ -183,3 +183,4 @@ Result: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/python-internal-read-gadgets.md b/src/generic-methodologies-and-resources/python/python-internal-read-gadgets.md index ce80aac4e..5a5753945 100644 --- a/src/generic-methodologies-and-resources/python/python-internal-read-gadgets.md +++ b/src/generic-methodologies-and-resources/python/python-internal-read-gadgets.md @@ -44,3 +44,4 @@ If the vulnerability is in a different python file, check the previous Flask tri {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/venv.md b/src/generic-methodologies-and-resources/python/venv.md index 9cdb2ba1a..572bdfbf7 100644 --- a/src/generic-methodologies-and-resources/python/venv.md +++ b/src/generic-methodologies-and-resources/python/venv.md @@ -25,3 +25,4 @@ inside the virtual environment {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/python/web-requests.md b/src/generic-methodologies-and-resources/python/web-requests.md index e3a2a5110..f33fa31f0 100644 --- a/src/generic-methodologies-and-resources/python/web-requests.md +++ b/src/generic-methodologies-and-resources/python/web-requests.md @@ -105,3 +105,4 @@ term.cmdloop() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/generic-methodologies-and-resources/threat-modeling.md b/src/generic-methodologies-and-resources/threat-modeling.md index 6a177e4c8..9c6362390 100644 --- a/src/generic-methodologies-and-resources/threat-modeling.md +++ b/src/generic-methodologies-and-resources/threat-modeling.md @@ -111,3 +111,4 @@ Now your finished model should look something like this. And this is how you mak This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack. + diff --git a/src/hardware-physical-access/escaping-from-gui-applications.md b/src/hardware-physical-access/escaping-from-gui-applications.md index 222a18233..197b229ab 100644 --- a/src/hardware-physical-access/escaping-from-gui-applications.md +++ b/src/hardware-physical-access/escaping-from-gui-applications.md @@ -279,3 +279,4 @@ These shortcuts are for the visual settings and sound settings, depending on the {{#include ../banners/hacktricks-training.md}} + diff --git a/src/hardware-physical-access/firmware-analysis/README.md b/src/hardware-physical-access/firmware-analysis/README.md index 901354696..2587bb98c 100644 --- a/src/hardware-physical-access/firmware-analysis/README.md +++ b/src/hardware-physical-access/firmware-analysis/README.md @@ -254,3 +254,4 @@ To practice discovering vulnerabilities in firmware, use the following vulnerabl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/hardware-physical-access/firmware-analysis/bootloader-testing.md b/src/hardware-physical-access/firmware-analysis/bootloader-testing.md index 1f97ce83f..04c704023 100644 --- a/src/hardware-physical-access/firmware-analysis/bootloader-testing.md +++ b/src/hardware-physical-access/firmware-analysis/bootloader-testing.md @@ -52,3 +52,4 @@ The following steps are recommended for modifying device startup configurations {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/hardware-physical-access/firmware-analysis/firmware-integrity.md b/src/hardware-physical-access/firmware-analysis/firmware-integrity.md index 940292f12..f91b17398 100644 --- a/src/hardware-physical-access/firmware-analysis/firmware-integrity.md +++ b/src/hardware-physical-access/firmware-analysis/firmware-integrity.md @@ -27,3 +27,4 @@ If a root shell has already been obtained through dynamic analysis, bootloader m {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/hardware-physical-access/physical-attacks.md b/src/hardware-physical-access/physical-attacks.md index 188604ba2..9de4b4f6a 100644 --- a/src/hardware-physical-access/physical-attacks.md +++ b/src/hardware-physical-access/physical-attacks.md @@ -56,3 +56,4 @@ A new BitLocker recovery key can be added through social engineering tactics, co {{#include ../banners/hacktricks-training.md}} + diff --git a/src/interesting-http.md b/src/interesting-http.md index 629dddcb3..9bec8993b 100644 --- a/src/interesting-http.md +++ b/src/interesting-http.md @@ -39,3 +39,4 @@ Never put any sensitive data inside GET parameters or paths in the URL. {{#include ./banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/bypass-bash-restrictions/README.md b/src/linux-hardening/bypass-bash-restrictions/README.md index 6a6979672..19812b830 100644 --- a/src/linux-hardening/bypass-bash-restrictions/README.md +++ b/src/linux-hardening/bypass-bash-restrictions/README.md @@ -350,3 +350,4 @@ bypass-fs-protections-read-only-no-exec-distroless/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md b/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md index 8ddfc9ec0..0ae1f001e 100644 --- a/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md +++ b/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md @@ -114,3 +114,4 @@ You can find **examples** on how to **exploit some RCE vulnerabilities** to get {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/ddexec.md b/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/ddexec.md index 049ec17df..bd230aa7f 100644 --- a/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/ddexec.md +++ b/src/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/ddexec.md @@ -95,3 +95,4 @@ Block this, EDRs. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/freeipa-pentesting.md b/src/linux-hardening/freeipa-pentesting.md index 6b12cd957..28948dd2f 100644 --- a/src/linux-hardening/freeipa-pentesting.md +++ b/src/linux-hardening/freeipa-pentesting.md @@ -198,3 +198,4 @@ You can check a detailed explaination in [https://posts.specterops.io/attacking- {{#include ../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/linux-environment-variables.md b/src/linux-hardening/linux-environment-variables.md index 0b3c182a5..c407daaca 100644 --- a/src/linux-hardening/linux-environment-variables.md +++ b/src/linux-hardening/linux-environment-variables.md @@ -124,3 +124,4 @@ One background job, one stopped and last command didn't finish correctly: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/linux-post-exploitation/README.md b/src/linux-hardening/linux-post-exploitation/README.md index 6d9940a1d..a5428f0f6 100644 --- a/src/linux-hardening/linux-post-exploitation/README.md +++ b/src/linux-hardening/linux-post-exploitation/README.md @@ -55,3 +55,4 @@ The Pluggable Authentication Module (PAM) is a system used under Linux for user {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md b/src/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md index 6701742a1..407ab0207 100644 --- a/src/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md +++ b/src/linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md @@ -55,3 +55,4 @@ In a setup with multiple auth modules, the process follows a strict order. If th {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/linux-privilege-escalation-checklist.md b/src/linux-hardening/linux-privilege-escalation-checklist.md index 7c7726b69..08ad05d46 100644 --- a/src/linux-hardening/linux-privilege-escalation-checklist.md +++ b/src/linux-hardening/linux-privilege-escalation-checklist.md @@ -143,3 +143,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/README.md b/src/linux-hardening/privilege-escalation/README.md index 2fb4e830e..a4e109492 100644 --- a/src/linux-hardening/privilege-escalation/README.md +++ b/src/linux-hardening/privilege-escalation/README.md @@ -1657,3 +1657,4 @@ cisco-vmanage.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/cisco-vmanage.md b/src/linux-hardening/privilege-escalation/cisco-vmanage.md index 6276e600b..02afe68fa 100644 --- a/src/linux-hardening/privilege-escalation/cisco-vmanage.md +++ b/src/linux-hardening/privilege-escalation/cisco-vmanage.md @@ -161,3 +161,4 @@ bash-4.4# {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/containerd-ctr-privilege-escalation.md b/src/linux-hardening/privilege-escalation/containerd-ctr-privilege-escalation.md index b3dac3ed6..af46ecb18 100644 --- a/src/linux-hardening/privilege-escalation/containerd-ctr-privilege-escalation.md +++ b/src/linux-hardening/privilege-escalation/containerd-ctr-privilege-escalation.md @@ -52,3 +52,4 @@ docker-security/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md b/src/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md index b9a22e24a..8e57a9730 100644 --- a/src/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md +++ b/src/linux-hardening/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md @@ -471,3 +471,4 @@ finish: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/README.md b/src/linux-hardening/privilege-escalation/docker-security/README.md index 4fd8f33e2..f1d7a2ea0 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/README.md +++ b/src/linux-hardening/privilege-escalation/docker-security/README.md @@ -407,3 +407,4 @@ authz-and-authn-docker-access-authorization-plugin.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/abusing-docker-socket-for-privilege-escalation.md b/src/linux-hardening/privilege-escalation/docker-security/abusing-docker-socket-for-privilege-escalation.md index 23c19c7e1..0f201b4af 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/abusing-docker-socket-for-privilege-escalation.md +++ b/src/linux-hardening/privilege-escalation/docker-security/abusing-docker-socket-for-privilege-escalation.md @@ -43,3 +43,4 @@ In this page we have discussed ways to escalate privileges using docker flags, y {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/apparmor.md b/src/linux-hardening/privilege-escalation/docker-security/apparmor.md index 8290b7189..e594b64b0 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/apparmor.md +++ b/src/linux-hardening/privilege-escalation/docker-security/apparmor.md @@ -293,3 +293,4 @@ chmod +x /tmp/test.pl {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md b/src/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md index e6bcdf1ff..c6104d854 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md +++ b/src/linux-hardening/privilege-escalation/docker-security/authz-and-authn-docker-access-authorization-plugin.md @@ -196,3 +196,4 @@ Remember to **re-enable the plugin after escalating**, or a **restart of docker {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/cgroups.md b/src/linux-hardening/privilege-escalation/docker-security/cgroups.md index fa609e204..6fb7ea834 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/cgroups.md +++ b/src/linux-hardening/privilege-escalation/docker-security/cgroups.md @@ -90,3 +90,4 @@ The **root cgroup** is an exception to these rules, allowing direct process plac {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md index be328c4c6..5d00e40bb 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md +++ b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/README.md @@ -638,3 +638,4 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md index 2db7f565d..c6241162e 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md +++ b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/docker-release_agent-cgroups-escape.md @@ -61,3 +61,4 @@ sh -c "echo \$\$ > /tmp/cgrp/x/cgroup.procs" {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md index 686432056..f5d6b4820 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md +++ b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/release_agent-exploit-relative-paths-to-pids.md @@ -85,3 +85,4 @@ cat ${OUTPUT_PATH} {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md index 889b3bf02..aab1fa680 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md +++ b/src/linux-hardening/privilege-escalation/docker-security/docker-breakout-privilege-escalation/sensitive-mounts.md @@ -174,3 +174,4 @@ This directory permits access to modify kernel variables, usually via `sysctl(2) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/docker-privileged.md b/src/linux-hardening/privilege-escalation/docker-security/docker-privileged.md index 95f831cab..8094e0eef 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/docker-privileged.md +++ b/src/linux-hardening/privilege-escalation/docker-security/docker-privileged.md @@ -242,3 +242,4 @@ PID USER TIME COMMAND {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/README.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/README.md index 94f14f8c2..186a370b9 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/README.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/README.md @@ -47,3 +47,4 @@ user-namespace.md {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md index d03634d4f..f9937ed09 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/cgroup-namespace.md @@ -92,3 +92,4 @@ Also, you can only **enter in another process namespace if you are root**. And y {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/ipc-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/ipc-namespace.md index 498749fc3..4e3c65668 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/ipc-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/ipc-namespace.md @@ -101,3 +101,4 @@ ipcs -m # Nothing is seen {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/mount-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/mount-namespace.md index 2dc22792b..e0d810110 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/mount-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/mount-namespace.md @@ -136,3 +136,4 @@ vmware-root_662-2689143848 {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/network-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/network-namespace.md index 3a82a4686..20a9f060f 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/network-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/network-namespace.md @@ -87,3 +87,4 @@ Also, you can only **enter in another process namespace if you are root**. And y {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/pid-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/pid-namespace.md index 90c5d3af2..0b13d908a 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/pid-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/pid-namespace.md @@ -91,3 +91,4 @@ Also, you can only **enter in another process PID namespace if you are root**. A {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md index 7021fed99..0875b9f25 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/time-namespace.md @@ -72,3 +72,4 @@ nsenter -T TARGET_PID --pid /bin/bash {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md index 58ae871e8..9faedb98f 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/user-namespace.md @@ -148,3 +148,4 @@ Probando: 0x141 . . . Error {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md b/src/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md index 66ef3998c..b813bfbef 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md +++ b/src/linux-hardening/privilege-escalation/docker-security/namespaces/uts-namespace.md @@ -78,3 +78,4 @@ nsenter -u TARGET_PID --pid /bin/bash {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/seccomp.md b/src/linux-hardening/privilege-escalation/docker-security/seccomp.md index a61c3e964..c2f8bfa31 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/seccomp.md +++ b/src/linux-hardening/privilege-escalation/docker-security/seccomp.md @@ -158,3 +158,4 @@ Following output shows the “docker inspect” displaying the profile: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md b/src/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md index 1be4c1caf..5b11c2f19 100644 --- a/src/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md +++ b/src/linux-hardening/privilege-escalation/docker-security/weaponizing-distroless.md @@ -30,3 +30,4 @@ Coming at some point of 2023... {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md b/src/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md index 7c7d2b99b..5e96107c7 100644 --- a/src/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md +++ b/src/linux-hardening/privilege-escalation/electron-cef-chromium-debugger-abuse.md @@ -168,3 +168,4 @@ Start-Process "Chrome" "--remote-debugging-port=9222 --restore-last-session" {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/escaping-from-limited-bash.md b/src/linux-hardening/privilege-escalation/escaping-from-limited-bash.md index 66d716c59..93e551b7e 100644 --- a/src/linux-hardening/privilege-escalation/escaping-from-limited-bash.md +++ b/src/linux-hardening/privilege-escalation/escaping-from-limited-bash.md @@ -292,3 +292,4 @@ debug.debug() {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/euid-ruid-suid.md b/src/linux-hardening/privilege-escalation/euid-ruid-suid.md index b1a0ffc3a..b72036b9f 100644 --- a/src/linux-hardening/privilege-escalation/euid-ruid-suid.md +++ b/src/linux-hardening/privilege-escalation/euid-ruid-suid.md @@ -214,3 +214,4 @@ uid=99(nobody) gid=99(nobody) euid=100 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md b/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md index 92cbb164a..5c8b4eb7b 100644 --- a/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md +++ b/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md @@ -264,3 +264,4 @@ These permissions may be abused with the following exploit to **escalate privile {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md b/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md index 7ec437f13..28e45ee20 100644 --- a/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md +++ b/src/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md @@ -91,3 +91,4 @@ lxc config device add mycontainer mydevice disk source=/ path=/mnt/root recursiv {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/ld.so.conf-example.md b/src/linux-hardening/privilege-escalation/ld.so.conf-example.md index 5bb829d3e..d11d4e59f 100644 --- a/src/linux-hardening/privilege-escalation/ld.so.conf-example.md +++ b/src/linux-hardening/privilege-escalation/ld.so.conf-example.md @@ -153,3 +153,4 @@ ldd sharedvuln {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/linux-active-directory.md b/src/linux-hardening/privilege-escalation/linux-active-directory.md index ee8c31452..37196e675 100644 --- a/src/linux-hardening/privilege-escalation/linux-active-directory.md +++ b/src/linux-hardening/privilege-escalation/linux-active-directory.md @@ -126,3 +126,4 @@ crackmapexec 10.XXX.XXX.XXX -u 'ServiceAccount$' -H "HashPlaceholder" -d "YourDO {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/linux-capabilities.md b/src/linux-hardening/privilege-escalation/linux-capabilities.md index 7808490a3..a6ab20d0c 100644 --- a/src/linux-hardening/privilege-escalation/linux-capabilities.md +++ b/src/linux-hardening/privilege-escalation/linux-capabilities.md @@ -1676,3 +1676,4 @@ In summary, `CAP_SETPCAP` allows a process to modify the capability sets of othe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/logstash.md b/src/linux-hardening/privilege-escalation/logstash.md index bdf1cc346..a99153da1 100644 --- a/src/linux-hardening/privilege-escalation/logstash.md +++ b/src/linux-hardening/privilege-escalation/logstash.md @@ -61,3 +61,4 @@ With **config.reload.automatic: true** in **/etc/logstash/logstash.yml**, Logsta {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md b/src/linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md index 0fae9bba6..f4b504dfe 100644 --- a/src/linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md +++ b/src/linux-hardening/privilege-escalation/nfs-no_root_squash-misconfiguration-pe.md @@ -126,3 +126,4 @@ drwxr-x--- 6 1008 1009 1024 Apr 5 2017 9.3_old {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/payloads-to-execute.md b/src/linux-hardening/privilege-escalation/payloads-to-execute.md index c308fb270..ef0e94a5d 100644 --- a/src/linux-hardening/privilege-escalation/payloads-to-execute.md +++ b/src/linux-hardening/privilege-escalation/payloads-to-execute.md @@ -135,3 +135,4 @@ echo hacker:$((mkpasswd -m SHA-512 myhackerpass || openssl passwd -1 -salt mysal {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/runc-privilege-escalation.md b/src/linux-hardening/privilege-escalation/runc-privilege-escalation.md index 3b23e4f9f..fcb76fc40 100644 --- a/src/linux-hardening/privilege-escalation/runc-privilege-escalation.md +++ b/src/linux-hardening/privilege-escalation/runc-privilege-escalation.md @@ -44,3 +44,4 @@ runc run demo {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/selinux.md b/src/linux-hardening/privilege-escalation/selinux.md index f2d1a3f5a..e8a2ce0f6 100644 --- a/src/linux-hardening/privilege-escalation/selinux.md +++ b/src/linux-hardening/privilege-escalation/selinux.md @@ -23,3 +23,4 @@ There are SELinux users in addition to the regular Linux users. SELinux users ar {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/socket-command-injection.md b/src/linux-hardening/privilege-escalation/socket-command-injection.md index 28474ef58..35724b2e7 100644 --- a/src/linux-hardening/privilege-escalation/socket-command-injection.md +++ b/src/linux-hardening/privilege-escalation/socket-command-injection.md @@ -44,3 +44,4 @@ echo "cp /bin/bash /tmp/bash; chmod +s /tmp/bash; chmod +x /tmp/bash;" | socat - {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md b/src/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md index d4f0faf41..3d9ff8e2f 100644 --- a/src/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md +++ b/src/linux-hardening/privilege-escalation/splunk-lpe-and-persistence.md @@ -52,3 +52,4 @@ for i in `cat ip.txt`; do python PySplunkWhisperer2_remote.py --host $i --port 8 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/ssh-forward-agent-exploitation.md b/src/linux-hardening/privilege-escalation/ssh-forward-agent-exploitation.md index 97b18db59..f4decda94 100644 --- a/src/linux-hardening/privilege-escalation/ssh-forward-agent-exploitation.md +++ b/src/linux-hardening/privilege-escalation/ssh-forward-agent-exploitation.md @@ -30,3 +30,4 @@ Another option, is that the user owner of the agent and root may be able to acce {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/wildcards-spare-tricks.md b/src/linux-hardening/privilege-escalation/wildcards-spare-tricks.md index a66aa27b0..d4a14d137 100644 --- a/src/linux-hardening/privilege-escalation/wildcards-spare-tricks.md +++ b/src/linux-hardening/privilege-escalation/wildcards-spare-tricks.md @@ -72,3 +72,4 @@ zip name.zip files -T --unzip-command "sh -c whoami" {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/privilege-escalation/write-to-root.md b/src/linux-hardening/privilege-escalation/write-to-root.md index e96ce7427..4bcb15223 100644 --- a/src/linux-hardening/privilege-escalation/write-to-root.md +++ b/src/linux-hardening/privilege-escalation/write-to-root.md @@ -50,3 +50,4 @@ The file located in `/proc/sys/fs/binfmt_misc` indicates which binary should exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/useful-linux-commands.md b/src/linux-hardening/useful-linux-commands.md index eecf79889..1bfd6b48a 100644 --- a/src/linux-hardening/useful-linux-commands.md +++ b/src/linux-hardening/useful-linux-commands.md @@ -309,3 +309,4 @@ iptables -P OUTPUT ACCEPT {{#include ../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/useful-linux-commands/README.md b/src/linux-hardening/useful-linux-commands/README.md index 871e7427d..fab4f33f8 100644 --- a/src/linux-hardening/useful-linux-commands/README.md +++ b/src/linux-hardening/useful-linux-commands/README.md @@ -311,3 +311,4 @@ iptables -P OUTPUT ACCEPT {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md b/src/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md index 5099beb65..ca32de54f 100644 --- a/src/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md +++ b/src/linux-hardening/useful-linux-commands/bypass-bash-restrictions.md @@ -351,3 +351,4 @@ If you are inside a filesystem with the **read-only and noexec protections** or {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-unix/privilege-escalation/exploiting-yum.md b/src/linux-unix/privilege-escalation/exploiting-yum.md index 627bf66d7..8af8395b3 100644 --- a/src/linux-unix/privilege-escalation/exploiting-yum.md +++ b/src/linux-unix/privilege-escalation/exploiting-yum.md @@ -25,3 +25,4 @@ The example below creates a package that includes a before-install trigger with {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md b/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md index 5fec677b3..6c4277e5f 100644 --- a/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md +++ b/src/linux-unix/privilege-escalation/interesting-groups-linux-pe.md @@ -170,3 +170,4 @@ You can mount the root filesystem of the host machine to an instance’s volume, {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-auto-start-locations.md b/src/macos-hardening/macos-auto-start-locations.md index d2780faa6..23a15058b 100644 --- a/src/macos-hardening/macos-auto-start-locations.md +++ b/src/macos-hardening/macos-auto-start-locations.md @@ -1796,3 +1796,4 @@ RunService () {{#include ../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-red-teaming/README.md b/src/macos-hardening/macos-red-teaming/README.md index 09b6c1e73..6be93c23a 100644 --- a/src/macos-hardening/macos-red-teaming/README.md +++ b/src/macos-hardening/macos-red-teaming/README.md @@ -251,3 +251,4 @@ When a file is downloaded in Safari, if its a "safe" file, it will be **automati {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-red-teaming/macos-keychain.md b/src/macos-hardening/macos-red-teaming/macos-keychain.md index 177798fe0..b1ca70382 100644 --- a/src/macos-hardening/macos-red-teaming/macos-keychain.md +++ b/src/macos-hardening/macos-red-teaming/macos-keychain.md @@ -134,3 +134,4 @@ And these are the **requirements** to be able to **export a secret without a pro {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-red-teaming/macos-mdm/README.md b/src/macos-hardening/macos-red-teaming/macos-mdm/README.md index 30ef4cbb4..abc9788fb 100644 --- a/src/macos-hardening/macos-red-teaming/macos-mdm/README.md +++ b/src/macos-hardening/macos-red-teaming/macos-mdm/README.md @@ -203,3 +203,4 @@ enrolling-devices-in-other-organisations.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md b/src/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md index 2c8dc0ad4..1aac43f07 100644 --- a/src/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md +++ b/src/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations.md @@ -53,3 +53,4 @@ The research highlighted significant security concerns: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md b/src/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md index 28e9aaee6..8819650a3 100644 --- a/src/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md +++ b/src/macos-hardening/macos-red-teaming/macos-mdm/macos-serial-number.md @@ -40,3 +40,4 @@ Digits 1-9 correspond to weeks 1-9. Letters C-Y (excluding vowels and 'S') repre {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/README.md index 3a0450178..01ed0b979 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/README.md @@ -120,3 +120,4 @@ macos-privilege-escalation.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md index 2fcc7d8e8..b5d85d2ec 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md @@ -358,3 +358,4 @@ static void customConstructor(int argc, const char **argv) { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md index 35469c807..9f75b6cfc 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-iokit.md @@ -232,3 +232,4 @@ After the array is created you can see all the exported functions: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md index 08567ad22..182aa16e8 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md @@ -34,3 +34,4 @@ The list of firmlinks can be found in the **`/usr/share/firmlinks`** file. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md index 831fb3bd2..d3554a737 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md @@ -348,3 +348,4 @@ It's also possible to manage files **using `NSURL` objects instead of `NSString` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md index e97f1be4c..35f1b57fa 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-bypassing-firewalls.md @@ -86,3 +86,4 @@ macos-proces-abuse/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md index 29a9dc9f9..fe0a6669a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md @@ -19,3 +19,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md index 210dd1928..fd67eed18 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md @@ -166,3 +166,4 @@ sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib" {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md index 6d789ddd4..7af7a3628 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md @@ -72,3 +72,4 @@ grep -A3 CFBundleTypeExtensions Info.plist | grep string {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md index 89b1f1b76..f9b21a1b1 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-gcd-grand-central-dispatch.md @@ -225,3 +225,4 @@ Ghidra will automatically rewrite everything: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md index 2b9f486ce..9f22047ec 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.md @@ -247,3 +247,4 @@ macos-files-folders-and-binaries/macos-sensitive-locations.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md index cc012147d..e0b572fd2 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md @@ -128,3 +128,4 @@ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.p {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-users.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-users.md index b83f3783f..8a2558bcb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-users.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-users.md @@ -35,3 +35,4 @@ Moreover, `accountsd` gets the list of account types from `/Library/Preferences/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-useful-commands.md b/src/macos-hardening/macos-useful-commands.md index 5555716d7..c5cbf59fb 100644 --- a/src/macos-hardening/macos-useful-commands.md +++ b/src/macos-hardening/macos-useful-commands.md @@ -150,3 +150,4 @@ Without prompts {{#include ../banners/hacktricks-training.md}} + diff --git a/src/online-platforms-with-api.md b/src/online-platforms-with-api.md index 09fb5715e..fc82faee9 100644 --- a/src/online-platforms-with-api.md +++ b/src/online-platforms-with-api.md @@ -121,3 +121,4 @@ Search by domain and email and get if it was pwned and passwords. Commercial? {{#include ./banners/hacktricks-training.md}} + diff --git a/src/other-web-tricks.md b/src/other-web-tricks.md index a17d557c7..2ed74f815 100644 --- a/src/other-web-tricks.md +++ b/src/other-web-tricks.md @@ -38,3 +38,4 @@ Developers might forget to disable various debugging options in the production e {{#include ./banners/hacktricks-training.md}} + diff --git a/src/pentesting-dns.md b/src/pentesting-dns.md index ac44c461a..8cbf55228 100644 --- a/src/pentesting-dns.md +++ b/src/pentesting-dns.md @@ -9,3 +9,4 @@ {{#include ./banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/hacking-jwt-json-web-tokens.md b/src/pentesting-web/hacking-jwt-json-web-tokens.md index 75f00b0a4..92949af5f 100644 --- a/src/pentesting-web/hacking-jwt-json-web-tokens.md +++ b/src/pentesting-web/hacking-jwt-json-web-tokens.md @@ -269,3 +269,4 @@ The token's expiry is checked using the "exp" Payload claim. Given that JWTs are {{#include ../banners/hacktricks-training.md}} + diff --git a/src/post-exploitation.md b/src/post-exploitation.md index 71e3947dd..7e400c985 100644 --- a/src/post-exploitation.md +++ b/src/post-exploitation.md @@ -16,3 +16,4 @@ {{#include ./banners/hacktricks-training.md}} + diff --git a/src/stealing-sensitive-information-disclosure-from-a-web.md b/src/stealing-sensitive-information-disclosure-from-a-web.md index 157e415b1..db0f19686 100644 --- a/src/stealing-sensitive-information-disclosure-from-a-web.md +++ b/src/stealing-sensitive-information-disclosure-from-a-web.md @@ -13,3 +13,4 @@ Here I present you the main ways to can try to achieve it: {{#include ./banners/hacktricks-training.md}} +