diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/README.md b/src/pentesting-web/browser-extension-pentesting-methodology/README.md index 998ebd4e2..b541ad888 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/README.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/README.md @@ -756,3 +756,4 @@ Project Neto is a Python 3 package conceived to analyse and unravel hidden featu {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md index 849cdb7a1..ea330373d 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-clickjacking.md @@ -100,3 +100,4 @@ browext-xss-example.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md index 2021e3d7d..cc3df2557 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-permissions-and-host_permissions.md @@ -112,3 +112,4 @@ However, tightening security measures often results in decreased flexibility and {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md index 8ac44003f..e37152c7a 100644 --- a/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md +++ b/src/pentesting-web/browser-extension-pentesting-methodology/browext-xss-example.md @@ -117,3 +117,4 @@ Notably, the **`/html/bookmarks.html`** page is prone to framing, thus vulnerabl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/README.md b/src/pentesting-web/cache-deception/README.md index 38d5e764f..419b76f32 100644 --- a/src/pentesting-web/cache-deception/README.md +++ b/src/pentesting-web/cache-deception/README.md @@ -256,3 +256,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md index 9002e1464..158968471 100644 --- a/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md +++ b/src/pentesting-web/cache-deception/cache-poisoning-to-dos.md @@ -144,3 +144,4 @@ Cache: hit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md index a3b1464f1..ea68859c1 100644 --- a/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md +++ b/src/pentesting-web/cache-deception/cache-poisoning-via-url-discrepancies.md @@ -51,3 +51,4 @@ Several cache servers will always cache a response if it's identified as static. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/content-security-policy-csp-bypass/README.md b/src/pentesting-web/content-security-policy-csp-bypass/README.md index 118050c61..57aa5b3a6 100644 --- a/src/pentesting-web/content-security-policy-csp-bypass/README.md +++ b/src/pentesting-web/content-security-policy-csp-bypass/README.md @@ -862,3 +862,4 @@ Stay informed with the newest bug bounties launching and crucial platform update {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md index d7676b27a..5c04bedaa 100644 --- a/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md +++ b/src/pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md @@ -65,3 +65,4 @@ window.frames[0].document.head.appendChild(script) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md index 14a4525bc..328af2ee3 100644 --- a/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md +++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/README.md @@ -262,3 +262,4 @@ XS-Search are oriented to **exfiltrate cross-origin information** abusing **side {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md index 668320c6b..74e45ac5e 100644 --- a/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md +++ b/src/pentesting-web/dangling-markup-html-scriptless-injection/ss-leaks.md @@ -6,3 +6,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/README.md b/src/pentesting-web/deserialization/README.md index 39fcdc5b7..80ed30ce6 100644 --- a/src/pentesting-web/deserialization/README.md +++ b/src/pentesting-web/deserialization/README.md @@ -978,3 +978,4 @@ Check for more details in the [**original post**](https://github.blog/security/v {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md index 6048b9e85..781fcd0b2 100644 --- a/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md +++ b/src/pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md @@ -196,3 +196,4 @@ namespace DeserializationTests {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md index c86946b86..79bfa3825 100644 --- a/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md +++ b/src/pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md @@ -88,3 +88,4 @@ As you can see in this very basic example, the "vulnerability" here appears beca {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md index d3716eac1..ca88ae33e 100644 --- a/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md +++ b/src/pentesting-web/deserialization/exploiting-__viewstate-knowing-the-secret.md @@ -4,3 +4,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md index 5f372789e..1ca43bd1e 100644 --- a/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md +++ b/src/pentesting-web/deserialization/exploiting-__viewstate-parameter.md @@ -221,3 +221,4 @@ Check for [further information here]( select version(); {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md b/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md index 0e8996fcb..58f2867b1 100644 --- a/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md +++ b/src/pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md @@ -28,3 +28,4 @@ Automation of these processes can be facilitated by tools such as SQLMap, which {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/oracle-injection.md b/src/pentesting-web/sql-injection/oracle-injection.md index c0c88c97c..4078084cd 100644 --- a/src/pentesting-web/sql-injection/oracle-injection.md +++ b/src/pentesting-web/sql-injection/oracle-injection.md @@ -160,3 +160,4 @@ Another package I have used in the past with varied success is the [`GETCLOB()` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/README.md b/src/pentesting-web/sql-injection/postgresql-injection/README.md index c29de3a29..aa15a1dd4 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/README.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/README.md @@ -100,3 +100,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md b/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md index 839c37bb5..cdbae03f9 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md @@ -82,3 +82,4 @@ It's noted that **large objects may have ACLs** (Access Control Lists), potentia {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md b/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md index 8163d6ce5..49c656f8f 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/dblink-lo_import-data-exfiltration.md @@ -8,3 +8,4 @@ {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md b/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md index 283b6a243..13fa353ef 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md @@ -110,3 +110,4 @@ SELECT testfunc(); {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md b/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md index fca5e37fe..1156e4cf7 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md @@ -120,3 +120,4 @@ select brute_force('127.0.0.1', '5432', 'postgres', 'postgres'); {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md index bd0555075..7ecec13b0 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md @@ -352,3 +352,4 @@ print(" drop function connect_back(text, integer);") {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md index cfa98bb50..aaa76de09 100644 --- a/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md +++ b/src/pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md @@ -323,3 +323,4 @@ rce-with-postgresql-extensions.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/sqlmap.md b/src/pentesting-web/sql-injection/sqlmap.md index 710dc83cf..8dc1431db 100644 --- a/src/pentesting-web/sql-injection/sqlmap.md +++ b/src/pentesting-web/sql-injection/sqlmap.md @@ -192,3 +192,4 @@ sqlmap -r r.txt -p id --not-string ridiculous --batch {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/sqlmap/README.md b/src/pentesting-web/sql-injection/sqlmap/README.md index e28e1592a..69508e8d5 100644 --- a/src/pentesting-web/sql-injection/sqlmap/README.md +++ b/src/pentesting-web/sql-injection/sqlmap/README.md @@ -238,3 +238,4 @@ Remember that **you can create your own tamper in python** and it's very simple. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md b/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md index 3851e7244..2c9a66bf0 100644 --- a/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md +++ b/src/pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md @@ -78,3 +78,4 @@ sqlmap --tamper tamper.py -r login.txt -p email --second-req second.txt --proxy {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/README.md b/src/pentesting-web/ssrf-server-side-request-forgery/README.md index 0d8f4c8ed..1c08bd528 100644 --- a/src/pentesting-web/ssrf-server-side-request-forgery/README.md +++ b/src/pentesting-web/ssrf-server-side-request-forgery/README.md @@ -404,3 +404,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=ssrf-server-side-request-forgery" %} + diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md index dbbcca9d2..626416241 100644 --- a/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md +++ b/src/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md @@ -658,3 +658,4 @@ Rancher's metadata can be accessed using: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md index cf8100b6c..1f44877b4 100644 --- a/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md +++ b/src/pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md @@ -6,3 +6,4 @@ Check **[https://blog.assetnote.io/2021/01/13/blind-ssrf-chains/](https://blog.a {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md index 5a10ea866..0bcfbdc5d 100644 --- a/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md +++ b/src/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md @@ -222,3 +222,4 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing- {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssti-server-side-template-injection/README.md b/src/pentesting-web/ssti-server-side-template-injection/README.md index 416d41580..cf8f644fc 100644 --- a/src/pentesting-web/ssti-server-side-template-injection/README.md +++ b/src/pentesting-web/ssti-server-side-template-injection/README.md @@ -1122,3 +1122,4 @@ If you think it could be useful, read: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md b/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md index c4870ee7a..8d8de12d6 100644 --- a/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md +++ b/src/pentesting-web/ssti-server-side-template-injection/el-expression-language.md @@ -249,3 +249,4 @@ Check [https://h1pmnh.github.io/post/writeup_spring_el_waf_bypass/](https://h1pm {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md b/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md index 8212ed7bf..febd71c3b 100644 --- a/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md +++ b/src/pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md @@ -367,3 +367,4 @@ The request will be urlencoded by default according to the HTTP format, which ca {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/timing-attacks.md b/src/pentesting-web/timing-attacks.md index d320181bd..a89b332be 100644 --- a/src/pentesting-web/timing-attacks.md +++ b/src/pentesting-web/timing-attacks.md @@ -38,3 +38,4 @@ Once an scoped open proxy is discovered, it was possible to find valid targets b {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/unicode-injection/README.md b/src/pentesting-web/unicode-injection/README.md index 80b0a24cd..f1425a11b 100644 --- a/src/pentesting-web/unicode-injection/README.md +++ b/src/pentesting-web/unicode-injection/README.md @@ -51,3 +51,4 @@ Emoji lists: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/unicode-injection/unicode-normalization.md b/src/pentesting-web/unicode-injection/unicode-normalization.md index a12e863ef..5c63f5e38 100644 --- a/src/pentesting-web/unicode-injection/unicode-normalization.md +++ b/src/pentesting-web/unicode-injection/unicode-normalization.md @@ -105,3 +105,4 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) \*\*\*\* allows t {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/uuid-insecurities.md b/src/pentesting-web/uuid-insecurities.md index 9534f3dec..b4e668794 100644 --- a/src/pentesting-web/uuid-insecurities.md +++ b/src/pentesting-web/uuid-insecurities.md @@ -64,3 +64,4 @@ Imagine a web application that uses UUID v1 for generating password reset links. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/web-tool-wfuzz.md b/src/pentesting-web/web-tool-wfuzz.md index 8ee97702a..132730fdf 100644 --- a/src/pentesting-web/web-tool-wfuzz.md +++ b/src/pentesting-web/web-tool-wfuzz.md @@ -155,3 +155,4 @@ wfuzz -c -z file,/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -- {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/web-vulnerabilities-methodology.md b/src/pentesting-web/web-vulnerabilities-methodology.md index ad5a59ab9..9603d598f 100644 --- a/src/pentesting-web/web-vulnerabilities-methodology.md +++ b/src/pentesting-web/web-vulnerabilities-methodology.md @@ -144,3 +144,4 @@ These vulnerabilities might help to exploit other vulnerabilities. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/web-vulnerabilities-methodology/README.md b/src/pentesting-web/web-vulnerabilities-methodology/README.md index 4ffaa5c16..3f2b8052e 100644 --- a/src/pentesting-web/web-vulnerabilities-methodology/README.md +++ b/src/pentesting-web/web-vulnerabilities-methodology/README.md @@ -128,3 +128,4 @@ These vulnerabilities might help to exploit other vulnerabilities. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/websocket-attacks.md b/src/pentesting-web/websocket-attacks.md index 1ea25a6cd..f07643436 100644 --- a/src/pentesting-web/websocket-attacks.md +++ b/src/pentesting-web/websocket-attacks.md @@ -174,3 +174,4 @@ h2c-smuggling.md {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xpath-injection.md b/src/pentesting-web/xpath-injection.md index fdc619aad..b7fe3ad7f 100644 --- a/src/pentesting-web/xpath-injection.md +++ b/src/pentesting-web/xpath-injection.md @@ -322,3 +322,4 @@ Stay informed with the newest bug bounties launching and crucial platform update {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search.md b/src/pentesting-web/xs-search.md index a67febee0..0b11e6d9e 100644 --- a/src/pentesting-web/xs-search.md +++ b/src/pentesting-web/xs-search.md @@ -965,3 +965,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} + diff --git a/src/pentesting-web/xs-search/README.md b/src/pentesting-web/xs-search/README.md index ccd4e1822..3ed0857e6 100644 --- a/src/pentesting-web/xs-search/README.md +++ b/src/pentesting-web/xs-search/README.md @@ -965,3 +965,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=xs-search" %} + diff --git a/src/pentesting-web/xs-search/connection-pool-by-destination-example.md b/src/pentesting-web/xs-search/connection-pool-by-destination-example.md index a7fd44064..7ec736258 100644 --- a/src/pentesting-web/xs-search/connection-pool-by-destination-example.md +++ b/src/pentesting-web/xs-search/connection-pool-by-destination-example.md @@ -116,3 +116,4 @@ Let's see how this exploit work: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/connection-pool-example.md b/src/pentesting-web/xs-search/connection-pool-example.md index f9a6deec4..29144d8ec 100644 --- a/src/pentesting-web/xs-search/connection-pool-example.md +++ b/src/pentesting-web/xs-search/connection-pool-example.md @@ -527,3 +527,4 @@ In the exploit you can see: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md b/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md index 58eaf2547..1be9f7dec 100644 --- a/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md +++ b/src/pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md @@ -61,3 +61,4 @@ The following **script** taken from [**here**](https://blog.huli.tw/2022/05/05/e {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/css-injection/README.md b/src/pentesting-web/xs-search/css-injection/README.md index aae3b5c92..4f6533489 100644 --- a/src/pentesting-web/xs-search/css-injection/README.md +++ b/src/pentesting-web/xs-search/css-injection/README.md @@ -782,3 +782,4 @@ So, if the font does not match, the response time when visiting the bot is expec {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/css-injection/css-injection-code.md b/src/pentesting-web/xs-search/css-injection/css-injection-code.md index 0be473785..0d4b01211 100644 --- a/src/pentesting-web/xs-search/css-injection/css-injection-code.md +++ b/src/pentesting-web/xs-search/css-injection/css-injection-code.md @@ -281,3 +281,4 @@ input[value=]{list-style:url(http://localhost:5001/end?token=&)}; {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md b/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md index 72861a35a..4fed2a941 100644 --- a/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md +++ b/src/pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md @@ -155,3 +155,4 @@ Let's check the code: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/javascript-execution-xs-leak.md b/src/pentesting-web/xs-search/javascript-execution-xs-leak.md index 9a758a00b..eb5849b07 100644 --- a/src/pentesting-web/xs-search/javascript-execution-xs-leak.md +++ b/src/pentesting-web/xs-search/javascript-execution-xs-leak.md @@ -72,3 +72,4 @@ Main page that generates iframes to the previous `/guessing` page to test each p {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md b/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md index 0c6db5caf..d948f85e6 100644 --- a/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md +++ b/src/pentesting-web/xs-search/performance.now-+-force-heavy-task.md @@ -104,3 +104,4 @@ In this challenge the user could sent thousands of chars and if the flag was con {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/performance.now-example.md b/src/pentesting-web/xs-search/performance.now-example.md index bf1727a86..a2cae506f 100644 --- a/src/pentesting-web/xs-search/performance.now-example.md +++ b/src/pentesting-web/xs-search/performance.now-example.md @@ -56,3 +56,4 @@ document.addEventListener("DOMContentLoaded", main) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xs-search/url-max-length-client-side.md b/src/pentesting-web/xs-search/url-max-length-client-side.md index 50a6b32d7..d48ce87ca 100644 --- a/src/pentesting-web/xs-search/url-max-length-client-side.md +++ b/src/pentesting-web/xs-search/url-max-length-client-side.md @@ -74,3 +74,4 @@ if __name__ == '__main__': {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md index d4f2d7d00..b618d205d 100644 --- a/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md +++ b/src/pentesting-web/xslt-server-side-injection-extensible-stylesheet-language-transformations.md @@ -428,3 +428,4 @@ version="1.0"> {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/README.md b/src/pentesting-web/xss-cross-site-scripting/README.md index 036976f3c..c087abc38 100644 --- a/src/pentesting-web/xss-cross-site-scripting/README.md +++ b/src/pentesting-web/xss-cross-site-scripting/README.md @@ -1754,3 +1754,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md b/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md index 48c197187..7d1cf34df 100644 --- a/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md +++ b/src/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md @@ -108,3 +108,4 @@ For an example of this check the reference link. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md b/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md index 3956e07e0..5860234e2 100644 --- a/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md +++ b/src/pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md @@ -28,3 +28,4 @@ For further details on bfcache and disk cache, references can be found at [web.d {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md b/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md index 51ac054c8..1b76c6eb0 100644 --- a/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md +++ b/src/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md @@ -31,3 +31,4 @@ This will **copy the JS file locally** and you will be able to **modify that cop {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md b/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md index f96865080..df1a52d22 100644 --- a/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md +++ b/src/pentesting-web/xss-cross-site-scripting/dom-clobbering.md @@ -250,3 +250,4 @@ It's possible to add **new entries inside a form** just by **specifying the `for {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-invader.md b/src/pentesting-web/xss-cross-site-scripting/dom-invader.md index c2163fd75..f022708c7 100644 --- a/src/pentesting-web/xss-cross-site-scripting/dom-invader.md +++ b/src/pentesting-web/xss-cross-site-scripting/dom-invader.md @@ -90,3 +90,4 @@ In the previous image it's possible to see that DOM clobbering scan can be turne {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/dom-xss.md b/src/pentesting-web/xss-cross-site-scripting/dom-xss.md index b47099d68..27b3a385f 100644 --- a/src/pentesting-web/xss-cross-site-scripting/dom-xss.md +++ b/src/pentesting-web/xss-cross-site-scripting/dom-xss.md @@ -327,3 +327,4 @@ dom-clobbering.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md b/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md index b3d8cee29..987c25e9c 100644 --- a/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md +++ b/src/pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md @@ -166,3 +166,4 @@ Check the following pages: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md b/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md index 237c20562..691ae6f8e 100644 --- a/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md +++ b/src/pentesting-web/xss-cross-site-scripting/integer-overflow.md @@ -10,3 +10,4 @@ Check: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md b/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md index 39591b5b5..3d0d54ab2 100644 --- a/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md +++ b/src/pentesting-web/xss-cross-site-scripting/js-hoisting.md @@ -140,3 +140,4 @@ let config;` - {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md b/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md index e1cceafaa..57606cc8d 100644 --- a/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md +++ b/src/pentesting-web/xss-cross-site-scripting/other-js-tricks.md @@ -509,3 +509,4 @@ async function sleep(ms) { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md b/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md index 152a1c202..fde93ecd5 100644 --- a/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md +++ b/src/pentesting-web/xss-cross-site-scripting/pdf-injection.md @@ -6,3 +6,4 @@ Chec the post: [**https://portswigger.net/research/portable-data-exfiltration**] {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md b/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md index 535d92ca4..b19c23a19 100644 --- a/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md +++ b/src/pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md @@ -188,3 +188,4 @@ Capturing the **PDF response** with burp should also **show the attachment in cl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md b/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md index c665cb6a6..14a5afd4f 100644 --- a/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md +++ b/src/pentesting-web/xss-cross-site-scripting/shadow-dom.md @@ -6,3 +6,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md b/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md index bcb1b3b25..dc59fb458 100644 --- a/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md +++ b/src/pentesting-web/xss-cross-site-scripting/sniff-leak.md @@ -12,3 +12,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md b/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md index f53513fb5..3c097f2de 100644 --- a/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md +++ b/src/pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md @@ -41,3 +41,4 @@ Basically, the attack flow is the following: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md b/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md index 93e3808b7..51f728aef 100644 --- a/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md +++ b/src/pentesting-web/xss-cross-site-scripting/steal-info-js.md @@ -223,3 +223,4 @@ window.onmessage = function (e) { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md b/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md index 272bd3fa0..d114bbe95 100644 --- a/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md +++ b/src/pentesting-web/xss-cross-site-scripting/xss-in-markdown.md @@ -170,3 +170,4 @@ _http://danlec_@.1 style=background-image:url(data:image/png;base64,iVBORw0KGgoA {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xssi-cross-site-script-inclusion.md b/src/pentesting-web/xssi-cross-site-script-inclusion.md index 7adda7f22..285fa9dc4 100644 --- a/src/pentesting-web/xssi-cross-site-script-inclusion.md +++ b/src/pentesting-web/xssi-cross-site-script-inclusion.md @@ -99,3 +99,4 @@ Takeshi Terada's research introduces another form of XSSI, where Non-Script file {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/xxe-xee-xml-external-entity.md b/src/pentesting-web/xxe-xee-xml-external-entity.md index df5e77448..a886693bb 100644 --- a/src/pentesting-web/xxe-xee-xml-external-entity.md +++ b/src/pentesting-web/xxe-xee-xml-external-entity.md @@ -786,3 +786,4 @@ XMLDecoder is a Java class that creates objects based on a XML message. If a mal {{#include ../banners/hacktricks-training.md}} + diff --git a/src/physical-attacks/escaping-from-gui-applications/README.md b/src/physical-attacks/escaping-from-gui-applications/README.md index ea8540f34..ea262760c 100644 --- a/src/physical-attacks/escaping-from-gui-applications/README.md +++ b/src/physical-attacks/escaping-from-gui-applications/README.md @@ -275,3 +275,4 @@ These shortcuts are for the visual settings and sound settings, depending on the {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/physical-attacks/firmware-analysis/README.md b/src/physical-attacks/firmware-analysis/README.md index 3ed5b4588..18c6e59fe 100644 --- a/src/physical-attacks/firmware-analysis/README.md +++ b/src/physical-attacks/firmware-analysis/README.md @@ -253,3 +253,4 @@ To practice discovering vulnerabilities in firmware, use the following vulnerabl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/physical-attacks/firmware-analysis/bootloader-testing.md b/src/physical-attacks/firmware-analysis/bootloader-testing.md index 53ce0e7d5..1f97ce83f 100644 --- a/src/physical-attacks/firmware-analysis/bootloader-testing.md +++ b/src/physical-attacks/firmware-analysis/bootloader-testing.md @@ -51,3 +51,4 @@ The following steps are recommended for modifying device startup configurations {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/physical-attacks/firmware-analysis/firmware-integrity.md b/src/physical-attacks/firmware-analysis/firmware-integrity.md index e0555f08f..737b0e2bd 100644 --- a/src/physical-attacks/firmware-analysis/firmware-integrity.md +++ b/src/physical-attacks/firmware-analysis/firmware-integrity.md @@ -34,3 +34,4 @@ If possible, vulnerabilities within startup scripts can be exploited to gain per {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/physical-attacks/physical-attacks.md b/src/physical-attacks/physical-attacks.md index 3b46d1808..7833ac84f 100644 --- a/src/physical-attacks/physical-attacks.md +++ b/src/physical-attacks/physical-attacks.md @@ -56,3 +56,4 @@ A new BitLocker recovery key can be added through social engineering tactics, co {{#include ../banners/hacktricks-training.md}} + diff --git a/src/radio-hacking/README.md b/src/radio-hacking/README.md index 3ce0def86..8f95deb47 100644 --- a/src/radio-hacking/README.md +++ b/src/radio-hacking/README.md @@ -2,3 +2,4 @@ + diff --git a/src/radio-hacking/low-power-wide-area-network.md b/src/radio-hacking/low-power-wide-area-network.md index ea4953a97..8ed0a5088 100644 --- a/src/radio-hacking/low-power-wide-area-network.md +++ b/src/radio-hacking/low-power-wide-area-network.md @@ -15,3 +15,4 @@ Long Range (**LoRa**) it’s popular in multiple countries and has an open sourc {{#include ../banners/hacktricks-training.md}} + diff --git a/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md index e2e4fcd76..9d5ea5114 100644 --- a/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md +++ b/src/radio-hacking/pentesting-ble-bluetooth-low-energy.md @@ -70,3 +70,4 @@ sudo bettercap --eval "ble.recon on" {{#include ../banners/hacktricks-training.md}} + diff --git a/src/radio-hacking/pentesting-rfid.md b/src/radio-hacking/pentesting-rfid.md index ab61000e2..90273d6e6 100644 --- a/src/radio-hacking/pentesting-rfid.md +++ b/src/radio-hacking/pentesting-rfid.md @@ -98,3 +98,4 @@ Or using the **proxmark**: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md index 5383590f1..3bec4cf45 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/README.md @@ -2,3 +2,4 @@ + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md index b34e56591..b0bab7933 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-__malloc_hook.md @@ -24,3 +24,4 @@ More info about One Gadget in: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md index 4c0fdfbee..69fd4c957 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aw2exec-got-plt.md @@ -63,3 +63,4 @@ The **Full RELRO** protection is meant to protect agains this kind of technique {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md index 2f0be3c09..13a6a376a 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/arbitrary-write-2-exec/aws2exec-.dtors-and-.fini_array.md @@ -44,3 +44,4 @@ Note that this **won't** **create** an **eternal loop** because when you get bac {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md index 28c79dd97..b94a44b17 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/README.md @@ -34,3 +34,4 @@ This command loads the executable and the core file into GDB, allowing you to in {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md index f6dfa6c56..cd5ed7b90 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/README.md @@ -174,3 +174,4 @@ Try to bypass ASLR abusing addresses inside the stack: {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md index 353d08f68..b144fa96a 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/aslr/ret2plt.md @@ -81,3 +81,4 @@ p.interactive() {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md index b18b18057..20c9dfefd 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/no-exec-nx.md @@ -15,3 +15,4 @@ The **No-Execute (NX)** bit, also known as **Execute Disable (XD)** in Intel ter {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md index e5a76b498..6d0524f08 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/README.md @@ -31,3 +31,4 @@ bypassing-canary-and-pie.md {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md index 042e036ba..d3e1dfea0 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/pie/bypassing-canary-and-pie.md @@ -89,3 +89,4 @@ elf.address = RIP - (RIP & 0xfff) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md index a50cebd5e..f7986e355 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/relro.md @@ -32,3 +32,4 @@ Note that LIBC's GOT is usually Partial RELRO, so it can be modified with an arb {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md index acf11cf1e..54d5a83dd 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/README.md @@ -69,3 +69,4 @@ If the binary has Partial RELRO, then you can use an arbitrary write to modify t {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md index b54248b8b..9cbef43fa 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/bf-forked-stack-canaries.md @@ -235,3 +235,4 @@ io.interactive() - [http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads](http://7rocky.github.io/en/ctf/htb-challenges/pwn/robot-factory/#canaries-and-threads) - 64 bits, no PIE, nx, modify thread and master canary. + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md index 8d32c23b9..bc6d59959 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-binary-protections-and-bypasses/stack-canaries/print-stack-canary.md @@ -27,3 +27,4 @@ With an arbitrary read like the one provided by format **strings** it might be p {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md index 6c2500990..a2f51f81a 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/common-exploiting-problems.md @@ -37,3 +37,4 @@ In order to bypass this the **escape character `\x16` must be prepended to any ` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md index 54cfbee51..35fdff3c3 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/elf-tricks.md @@ -395,3 +395,4 @@ The `__TLS_MODULE_BASE` is a symbol used to refer to the base address of the thr {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md index 5150b15e8..4a7a297bf 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/README.md @@ -169,3 +169,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md index bb4c3a570..5260f58fb 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/format-strings/format-strings-template.md @@ -141,3 +141,4 @@ P.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md index 3b03a8a87..ed33d2c84 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/one-gadget.md @@ -21,3 +21,4 @@ To the address indicated by One Gadget you need to **add the base address where {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md index 6e7d04a48..1c69a5277 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/README.md @@ -94,3 +94,4 @@ There are several protections trying to prevent the exploitation of vulnerabilit {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md index 5fb38ad2c..070328c13 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/pointer-redirecting.md @@ -28,3 +28,4 @@ You can find an example in: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md index 2561b80e4..2e68173a8 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2csu.md @@ -81,3 +81,4 @@ Usually these cases are also vulnerable to [**ret2plt**](../common-binary-protec {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md index 874110244..803a9e427 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2dlresolve.md @@ -64,3 +64,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md index bcc05b476..c76e07751 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2esp-ret2reg.md @@ -65,3 +65,4 @@ You can find an example here: [https://ir0nstone.gitbook.io/notes/types/stack/re {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md index 4b92b59f2..61f7f38fd 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/README.md @@ -142,3 +142,4 @@ This basically means abusing a **Ret2lib to transform it into a `printf` format {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md index 290f5e1e9..a6ed561de 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/README.md @@ -304,3 +304,4 @@ BINSH = next(libc.search("/bin/sh")) - 64 {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md index 06dcb8f9c..9e880995a 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2lib/rop-leaking-libc-address/rop-leaking-libc-template.md @@ -218,3 +218,4 @@ BINSH = next(libc.search("/bin/sh")) - 64 {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md index dfb290e28..dbc6084a9 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2ret.md @@ -32,3 +32,4 @@ Following [**this link**](https://github.com/florianhofhammer/stack-buffer-overf {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md index eac6e55ee..c2539d09c 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/ret2win.md @@ -98,3 +98,4 @@ The Python script sends a carefully crafted message that, when processed by the {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md index c7271512d..bf1ab4fd9 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-return-oriented-programing.md @@ -179,3 +179,4 @@ stack-pivoting-ebp2ret-ebp-chaining.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md index 5ddd42e31..a19003e59 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/rop-syscall-execv.md @@ -198,3 +198,4 @@ target.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md index a22550e5e..aef7facea 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/srop-sigreturn-oriented-programming.md @@ -61,3 +61,4 @@ p.interactive() {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md index 53e6040e0..a81314ee5 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md @@ -189,3 +189,4 @@ xchg , rsp {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md index 18f3baff0..37bd380df 100644 --- a/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md +++ b/src/reversing-and-exploiting/linux-exploiting-basic-esp/stack-overflow/stack-shellcode.md @@ -94,3 +94,4 @@ The **NOP slide** (`asm('nop')`) is used to increase the chance that execution w {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing/common-api-used-in-malware.md b/src/reversing/common-api-used-in-malware.md index 435a2e2bc..987b6028c 100644 --- a/src/reversing/common-api-used-in-malware.md +++ b/src/reversing/common-api-used-in-malware.md @@ -138,3 +138,4 @@ The malware will unmap the legitimate code from memory of the process and load a {{#include ../banners/hacktricks-training.md}} + diff --git a/src/reversing/cryptographic-algorithms/README.md b/src/reversing/cryptographic-algorithms/README.md index 5b458b43e..018650d03 100644 --- a/src/reversing/cryptographic-algorithms/README.md +++ b/src/reversing/cryptographic-algorithms/README.md @@ -184,3 +184,4 @@ Check **3 comparisons to recognise it**: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/cryptographic-algorithms/unpacking-binaries.md b/src/reversing/cryptographic-algorithms/unpacking-binaries.md index 3320953a8..fa9e007e4 100644 --- a/src/reversing/cryptographic-algorithms/unpacking-binaries.md +++ b/src/reversing/cryptographic-algorithms/unpacking-binaries.md @@ -23,3 +23,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/README.md b/src/reversing/reversing-tools-basic-methods/README.md index 09e8d9224..2ca719738 100644 --- a/src/reversing/reversing-tools-basic-methods/README.md +++ b/src/reversing/reversing-tools-basic-methods/README.md @@ -411,3 +411,4 @@ So, in this challenge, knowing the values of the buttons, you needed to **press {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/angr/README.md b/src/reversing/reversing-tools-basic-methods/angr/README.md index 6e4ef0b11..5cff6ad5a 100644 --- a/src/reversing/reversing-tools-basic-methods/angr/README.md +++ b/src/reversing/reversing-tools-basic-methods/angr/README.md @@ -210,3 +210,4 @@ Furthermore, you can use `proj.hook_symbol(name, hook)`, providing the name of a {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md b/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md index ea909b2ee..6dde52c67 100644 --- a/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md +++ b/src/reversing/reversing-tools-basic-methods/angr/angr-examples.md @@ -835,3 +835,4 @@ if __name__ == '__main__': {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/blobrunner.md b/src/reversing/reversing-tools-basic-methods/blobrunner.md index 88542d62a..528d3a514 100644 --- a/src/reversing/reversing-tools-basic-methods/blobrunner.md +++ b/src/reversing/reversing-tools-basic-methods/blobrunner.md @@ -209,3 +209,4 @@ int main(int argc, char* argv[]) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/cheat-engine.md b/src/reversing/reversing-tools-basic-methods/cheat-engine.md index a99760698..1d8eb48f5 100644 --- a/src/reversing/reversing-tools-basic-methods/cheat-engine.md +++ b/src/reversing/reversing-tools-basic-methods/cheat-engine.md @@ -162,3 +162,4 @@ So, insert your new assembly code in the "**newmem**" section and remove the ori {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md b/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md index e093a5889..052f3ae17 100644 --- a/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md +++ b/src/reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md @@ -187,3 +187,4 @@ else: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools/README.md b/src/reversing/reversing-tools/README.md index 6d380db1c..49c5e8462 100644 --- a/src/reversing/reversing-tools/README.md +++ b/src/reversing/reversing-tools/README.md @@ -113,3 +113,4 @@ To decompile Java bytecode, these tools can be very helpful: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/reversing-tools/blobrunner.md b/src/reversing/reversing-tools/blobrunner.md index 88542d62a..528d3a514 100644 --- a/src/reversing/reversing-tools/blobrunner.md +++ b/src/reversing/reversing-tools/blobrunner.md @@ -209,3 +209,4 @@ int main(int argc, char* argv[]) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/reversing/word-macros.md b/src/reversing/word-macros.md index b6a9c2f09..f3d025225 100644 --- a/src/reversing/word-macros.md +++ b/src/reversing/word-macros.md @@ -17,3 +17,4 @@ Using the **GetObject** function it's possible to obtain data from forms of the {{#include ../banners/hacktricks-training.md}} + diff --git a/src/stego/esoteric-languages.md b/src/stego/esoteric-languages.md index 1309f8212..7661d896c 100644 --- a/src/stego/esoteric-languages.md +++ b/src/stego/esoteric-languages.md @@ -68,3 +68,4 @@ Kukarek {{#include ../banners/hacktricks-training.md}} + diff --git a/src/stego/stego-tricks.md b/src/stego/stego-tricks.md index 81d967435..d62dec11c 100644 --- a/src/stego/stego-tricks.md +++ b/src/stego/stego-tricks.md @@ -219,3 +219,4 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/6881-udp-pentesting-bittorrent.md b/src/todo/6881-udp-pentesting-bittorrent.md index e94bb9223..25c97cae9 100644 --- a/src/todo/6881-udp-pentesting-bittorrent.md +++ b/src/todo/6881-udp-pentesting-bittorrent.md @@ -2,3 +2,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/android-forensics.md b/src/todo/android-forensics.md index 4baba3332..079176ee7 100644 --- a/src/todo/android-forensics.md +++ b/src/todo/android-forensics.md @@ -26,3 +26,4 @@ Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/burp-suite.md b/src/todo/burp-suite.md index 24d0abbc0..14466ea26 100644 --- a/src/todo/burp-suite.md +++ b/src/todo/burp-suite.md @@ -16,3 +16,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/cookies-policy.md b/src/todo/cookies-policy.md index 8b7ee8459..08300b186 100644 --- a/src/todo/cookies-policy.md +++ b/src/todo/cookies-policy.md @@ -45,3 +45,4 @@ We may update this Cookies Policy from time to time to reflect changes in our pr If you have any questions or concerns about this Cookies Policy, please contact us at [support@hacktricks.xyz](mailto:support@hacktricks.xyz) + diff --git a/src/todo/hardware-hacking/README.md b/src/todo/hardware-hacking/README.md index 85c0219a2..7ce959e33 100644 --- a/src/todo/hardware-hacking/README.md +++ b/src/todo/hardware-hacking/README.md @@ -51,3 +51,4 @@ The SWD interface requires **two pins**: a bidirectional **SWDIO** signal, which {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/hardware-hacking/fault_injection_attacks.md b/src/todo/hardware-hacking/fault_injection_attacks.md index 0d7c35bd5..6b96e7df6 100644 --- a/src/todo/hardware-hacking/fault_injection_attacks.md +++ b/src/todo/hardware-hacking/fault_injection_attacks.md @@ -5,3 +5,4 @@ Fault injections attacks includes introducing external distrubance in electronic There are a lot of methods and mediums for injecting fault into an electronic circuit. + diff --git a/src/todo/hardware-hacking/i2c.md b/src/todo/hardware-hacking/i2c.md index 9252b3078..5544a7e5a 100644 --- a/src/todo/hardware-hacking/i2c.md +++ b/src/todo/hardware-hacking/i2c.md @@ -211,3 +211,4 @@ Any key to exit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/hardware-hacking/jtag.md b/src/todo/hardware-hacking/jtag.md index f0aa21727..ccbfd02f5 100644 --- a/src/todo/hardware-hacking/jtag.md +++ b/src/todo/hardware-hacking/jtag.md @@ -25,3 +25,4 @@ If you are contacting a JTAG, you will find one or several **lines starting by F {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/hardware-hacking/radio.md b/src/todo/hardware-hacking/radio.md index ecbe4ef9f..79ce5586d 100644 --- a/src/todo/hardware-hacking/radio.md +++ b/src/todo/hardware-hacking/radio.md @@ -197,3 +197,4 @@ You can use the **same technique as the one used in the AM example** to get the {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/hardware-hacking/side_channel_analysis.md b/src/todo/hardware-hacking/side_channel_analysis.md index 5803cf9e9..af4df1da0 100644 --- a/src/todo/hardware-hacking/side_channel_analysis.md +++ b/src/todo/hardware-hacking/side_channel_analysis.md @@ -7,3 +7,4 @@ Analysing the vibrations in glass sheets which is near the sound source, but the These attacks are very popular in case of leaking data such as private keys or finding operations in the processors. An electronic circuit is has a lot of channels from which, information is constantly leaked. Monitoring and analysing can be useful for diclosing a lot of information about the circuit and internals of it. + diff --git a/src/todo/hardware-hacking/spi.md b/src/todo/hardware-hacking/spi.md index a8a0dc64e..f60d72f06 100644 --- a/src/todo/hardware-hacking/spi.md +++ b/src/todo/hardware-hacking/spi.md @@ -66,3 +66,4 @@ flashrom -VV -c "W25Q64.V" -p buspirate_spi:dev=COM3 -r flash_content.img {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/hardware-hacking/uart.md b/src/todo/hardware-hacking/uart.md index 4a5af6a49..f99b8a08d 100644 --- a/src/todo/hardware-hacking/uart.md +++ b/src/todo/hardware-hacking/uart.md @@ -184,3 +184,4 @@ Although, it is necessary to note that it's not always the case that the uboot i {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/industrial-control-systems-hacking/README.md b/src/todo/industrial-control-systems-hacking/README.md index 4075078a3..37829c900 100644 --- a/src/todo/industrial-control-systems-hacking/README.md +++ b/src/todo/industrial-control-systems-hacking/README.md @@ -16,3 +16,4 @@ These techniques can also be used to protect against attacks and blue teaming fo + diff --git a/src/todo/industrial-control-systems-hacking/modbus.md b/src/todo/industrial-control-systems-hacking/modbus.md index 0bcc6aa89..5b423d8b3 100644 --- a/src/todo/industrial-control-systems-hacking/modbus.md +++ b/src/todo/industrial-control-systems-hacking/modbus.md @@ -33,3 +33,4 @@ Due to it's large scale use and lack of upgradations, attacking Modbus provides + diff --git a/src/todo/interesting-http.md b/src/todo/interesting-http.md index c8c86356e..5efcf75c2 100644 --- a/src/todo/interesting-http.md +++ b/src/todo/interesting-http.md @@ -38,3 +38,4 @@ Never put any sensitive data inside GET parameters or paths in the URL. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/investment-terms.md b/src/todo/investment-terms.md index fdb3bbb9f..c0c66c4c0 100644 --- a/src/todo/investment-terms.md +++ b/src/todo/investment-terms.md @@ -68,3 +68,4 @@ However, the buyer will be paying some fee to the seller for opening the option * **Options:** The buyer profits when the market moves favorably beyond the strike price by more than the premium paid. The seller profits by keeping the premium if the option is not exercised. + diff --git a/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md b/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md index 64317434b..e56929d3c 100644 --- a/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md +++ b/src/todo/llm-training-data-preparation/0.-basic-llm-concepts.md @@ -298,3 +298,4 @@ During the backward pass: - **Accuracy:** Provides exact derivatives up to machine precision. - **Ease of Use:** Eliminates manual computation of derivatives. + diff --git a/src/todo/llm-training-data-preparation/1.-tokenizing.md b/src/todo/llm-training-data-preparation/1.-tokenizing.md index 454605faa..0b126a672 100644 --- a/src/todo/llm-training-data-preparation/1.-tokenizing.md +++ b/src/todo/llm-training-data-preparation/1.-tokenizing.md @@ -96,3 +96,4 @@ print(token_ids[:50]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/2.-data-sampling.md b/src/todo/llm-training-data-preparation/2.-data-sampling.md index 9909261e1..695f072ee 100644 --- a/src/todo/llm-training-data-preparation/2.-data-sampling.md +++ b/src/todo/llm-training-data-preparation/2.-data-sampling.md @@ -238,3 +238,4 @@ tensor([[ 367, 2885, 1464, 1807], - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/3.-token-embeddings.md b/src/todo/llm-training-data-preparation/3.-token-embeddings.md index 7db973e25..a0f9514be 100644 --- a/src/todo/llm-training-data-preparation/3.-token-embeddings.md +++ b/src/todo/llm-training-data-preparation/3.-token-embeddings.md @@ -216,3 +216,4 @@ print(input_embeddings.shape) # torch.Size([8, 4, 256]) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md b/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md index 86c81104c..88c96386d 100644 --- a/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md +++ b/src/todo/llm-training-data-preparation/4.-attention-mechanisms.md @@ -427,3 +427,4 @@ For another compact and efficient implementation you could use the [`torch.nn.Mu - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/5.-llm-architecture.md b/src/todo/llm-training-data-preparation/5.-llm-architecture.md index dc2f7f2e3..1e86eaff4 100644 --- a/src/todo/llm-training-data-preparation/5.-llm-architecture.md +++ b/src/todo/llm-training-data-preparation/5.-llm-architecture.md @@ -699,3 +699,4 @@ print("Output length:", len(out[0])) - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md b/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md index a9e0a9bb9..b493e9798 100644 --- a/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md +++ b/src/todo/llm-training-data-preparation/6.-pre-training-and-loading-models.md @@ -968,3 +968,4 @@ There 2 quick scripts to load the GPT2 weights locally. For both you can clone t - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md b/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md index fa5817f83..b30cace1c 100644 --- a/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md +++ b/src/todo/llm-training-data-preparation/7.0.-lora-improvements-in-fine-tuning.md @@ -62,3 +62,4 @@ def replace_linear_with_lora(model, rank, alpha): - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md b/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md index 447524b91..dbab34b80 100644 --- a/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md +++ b/src/todo/llm-training-data-preparation/7.1.-fine-tuning-for-classification.md @@ -115,3 +115,4 @@ You can find all the code to fine-tune GPT2 to be a spam classifier in [https:// - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md b/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md index 13342ef1a..05e138b75 100644 --- a/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md +++ b/src/todo/llm-training-data-preparation/7.2.-fine-tuning-to-follow-instructions.md @@ -105,3 +105,4 @@ You can find an example of the code to perform this fine tuning in [https://gith - [https://www.manning.com/books/build-a-large-language-model-from-scratch](https://www.manning.com/books/build-a-large-language-model-from-scratch) + diff --git a/src/todo/llm-training-data-preparation/README.md b/src/todo/llm-training-data-preparation/README.md index 35cbc6ae9..7a381e315 100644 --- a/src/todo/llm-training-data-preparation/README.md +++ b/src/todo/llm-training-data-preparation/README.md @@ -97,3 +97,4 @@ You should start by reading this post for some basic concepts you should know ab 7.2.-fine-tuning-to-follow-instructions.md {{#endref}} + diff --git a/src/todo/misc.md b/src/todo/misc.md index 3e00501dd..8b4e89443 100644 --- a/src/todo/misc.md +++ b/src/todo/misc.md @@ -59,3 +59,4 @@ Snow --> Hide messages using spaces and tabs {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/more-tools.md b/src/todo/more-tools.md index 380fe4b8a..ecad2f377 100644 --- a/src/todo/more-tools.md +++ b/src/todo/more-tools.md @@ -125,3 +125,4 @@ Firmware emulation: FIRMADYNE (https://github.com/firmadyne/firmadyne/) is a pla {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/online-platforms-with-api.md b/src/todo/online-platforms-with-api.md index 3c12740af..7ada55681 100644 --- a/src/todo/online-platforms-with-api.md +++ b/src/todo/online-platforms-with-api.md @@ -126,3 +126,4 @@ It detects IP geolocation, data center, ASN and even VPN information. It offers {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/other-web-tricks.md b/src/todo/other-web-tricks.md index 265b2ef1e..f275f5851 100644 --- a/src/todo/other-web-tricks.md +++ b/src/todo/other-web-tricks.md @@ -34,3 +34,4 @@ Developers might forget to disable various debugging options in the production e {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/pentesting-dns.md b/src/todo/pentesting-dns.md index 97ee7c6dc..816c7a6d3 100644 --- a/src/todo/pentesting-dns.md +++ b/src/todo/pentesting-dns.md @@ -8,3 +8,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/post-exploitation.md b/src/todo/post-exploitation.md index bff441463..c7385b0c9 100644 --- a/src/todo/post-exploitation.md +++ b/src/todo/post-exploitation.md @@ -15,3 +15,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/README.md b/src/todo/radio-hacking/README.md index 3ce0def86..8f95deb47 100644 --- a/src/todo/radio-hacking/README.md +++ b/src/todo/radio-hacking/README.md @@ -2,3 +2,4 @@ + diff --git a/src/todo/radio-hacking/fissure-the-rf-framework.md b/src/todo/radio-hacking/fissure-the-rf-framework.md index 34c1e70a6..90210ab19 100644 --- a/src/todo/radio-hacking/fissure-the-rf-framework.md +++ b/src/todo/radio-hacking/fissure-the-rf-framework.md @@ -184,3 +184,4 @@ We acknowledge and are grateful to these developers: Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions to this project. + diff --git a/src/todo/radio-hacking/flipper-zero/README.md b/src/todo/radio-hacking/flipper-zero/README.md index 99c99363e..ef20a6fea 100644 --- a/src/todo/radio-hacking/flipper-zero/README.md +++ b/src/todo/radio-hacking/flipper-zero/README.md @@ -17,3 +17,4 @@ With [**Flipper Zero**](https://flipperzero.one/) you can: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md b/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md index b12a38fcd..3ef4e28be 100644 --- a/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md +++ b/src/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md @@ -60,3 +60,4 @@ After **copying** a card or **entering** the ID **manually** it's possible to ** {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/flipper-zero/fz-ibutton.md b/src/todo/radio-hacking/flipper-zero/fz-ibutton.md index 4cd74e1ef..9fbd28475 100644 --- a/src/todo/radio-hacking/flipper-zero/fz-ibutton.md +++ b/src/todo/radio-hacking/flipper-zero/fz-ibutton.md @@ -41,3 +41,4 @@ It's possible to **emulate** saved iButtons (read or manually added). {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/flipper-zero/fz-infrared.md b/src/todo/radio-hacking/flipper-zero/fz-infrared.md index ec5bbb74e..6534f163b 100644 --- a/src/todo/radio-hacking/flipper-zero/fz-infrared.md +++ b/src/todo/radio-hacking/flipper-zero/fz-infrared.md @@ -39,3 +39,4 @@ If it doesn't, Flipper can **store** the **signal** and will allow you to **repl {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/flipper-zero/fz-nfc.md b/src/todo/radio-hacking/flipper-zero/fz-nfc.md index 91236c1e7..3e6a68ea0 100644 --- a/src/todo/radio-hacking/flipper-zero/fz-nfc.md +++ b/src/todo/radio-hacking/flipper-zero/fz-nfc.md @@ -78,3 +78,4 @@ However, you **can't read the CVV this way** (the 3 digits on the back of the ca {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md index 22c32f58a..215b291d8 100644 --- a/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md +++ b/src/todo/radio-hacking/flipper-zero/fz-sub-ghz.md @@ -103,3 +103,4 @@ Check the list in [https://docs.flipperzero.one/sub-ghz/frequencies](https://doc {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/ibutton.md b/src/todo/radio-hacking/ibutton.md index 112378be0..4598898c6 100644 --- a/src/todo/radio-hacking/ibutton.md +++ b/src/todo/radio-hacking/ibutton.md @@ -44,3 +44,4 @@ flipper-zero/fz-ibutton.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/infrared.md b/src/todo/radio-hacking/infrared.md index 5e2a12b64..0fd7aec42 100644 --- a/src/todo/radio-hacking/infrared.md +++ b/src/todo/radio-hacking/infrared.md @@ -80,3 +80,4 @@ flipper-zero/fz-infrared.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/low-power-wide-area-network.md b/src/todo/radio-hacking/low-power-wide-area-network.md index 369b139a2..1051ef019 100644 --- a/src/todo/radio-hacking/low-power-wide-area-network.md +++ b/src/todo/radio-hacking/low-power-wide-area-network.md @@ -15,3 +15,4 @@ Long Range (**LoRa**) it’s popular in multiple countries and has an open sourc {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md b/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md index 6ecba8e30..5efb22b22 100644 --- a/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md +++ b/src/todo/radio-hacking/pentesting-ble-bluetooth-low-energy.md @@ -72,3 +72,4 @@ sudo bettercap --eval "ble.recon on" {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/pentesting-rfid.md b/src/todo/radio-hacking/pentesting-rfid.md index 44c0e32dc..13e0b40f6 100644 --- a/src/todo/radio-hacking/pentesting-rfid.md +++ b/src/todo/radio-hacking/pentesting-rfid.md @@ -98,3 +98,4 @@ proxmark-3.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/proxmark-3.md b/src/todo/radio-hacking/proxmark-3.md index 1d510b3e9..ac97439a8 100644 --- a/src/todo/radio-hacking/proxmark-3.md +++ b/src/todo/radio-hacking/proxmark-3.md @@ -63,3 +63,4 @@ You can create a script to **fuzz tag readers**, so copying the data of a **vali {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/radio-hacking/sub-ghz-rf.md b/src/todo/radio-hacking/sub-ghz-rf.md index 47b089f28..2c256ae0e 100644 --- a/src/todo/radio-hacking/sub-ghz-rf.md +++ b/src/todo/radio-hacking/sub-ghz-rf.md @@ -86,3 +86,4 @@ Testing against an aftermarket rolling code system installed on a car, **sending {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/todo/references.md b/src/todo/references.md index cbb355a3a..554fdab52 100644 --- a/src/todo/references.md +++ b/src/todo/references.md @@ -48,3 +48,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/rust-basics.md b/src/todo/rust-basics.md index 4a276273b..c85552ae1 100644 --- a/src/todo/rust-basics.md +++ b/src/todo/rust-basics.md @@ -318,3 +318,4 @@ fn main() { ``` + diff --git a/src/todo/stealing-sensitive-information-disclosure-from-a-web.md b/src/todo/stealing-sensitive-information-disclosure-from-a-web.md index a7f90758b..2abdec480 100644 --- a/src/todo/stealing-sensitive-information-disclosure-from-a-web.md +++ b/src/todo/stealing-sensitive-information-disclosure-from-a-web.md @@ -12,3 +12,4 @@ Here I present you the main ways to can try to achieve it: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/todo/test-llms.md b/src/todo/test-llms.md index e81afde87..e9eb3e6fa 100644 --- a/src/todo/test-llms.md +++ b/src/todo/test-llms.md @@ -50,3 +50,4 @@ It offers several sections like: * **API Access:** Simple APIs for running models the enable developers to deploy and scale models effortlessly within their own applications. + diff --git a/src/todo/tr-069.md b/src/todo/tr-069.md index 828848138..a8379e36e 100644 --- a/src/todo/tr-069.md +++ b/src/todo/tr-069.md @@ -2,3 +2,4 @@ + diff --git a/src/welcome/about-the-author.md b/src/welcome/about-the-author.md index 9c8ff5fa9..ace23bba7 100644 --- a/src/welcome/about-the-author.md +++ b/src/welcome/about-the-author.md @@ -12,3 +12,4 @@ HackTricks is also a wiki were **a lot of researches also share their latest fin {{#include ../banners/hacktricks-training.md}} + diff --git a/src/welcome/hacktricks-values-and-faq.md b/src/welcome/hacktricks-values-and-faq.md index 93e608850..5ef81c7b8 100644 --- a/src/welcome/hacktricks-values-and-faq.md +++ b/src/welcome/hacktricks-values-and-faq.md @@ -144,3 +144,4 @@ This license does not grant any trademark or branding rights in relation to the {{#include ../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/README.md b/src/windows-hardening/active-directory-methodology/README.md index bf83630d5..92d184d42 100644 --- a/src/windows-hardening/active-directory-methodology/README.md +++ b/src/windows-hardening/active-directory-methodology/README.md @@ -722,3 +722,4 @@ rdp-sessions-abuse.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md b/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md index 153cc0d05..9997e196a 100644 --- a/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md +++ b/src/windows-hardening/active-directory-methodology/abusing-ad-mssql.md @@ -293,3 +293,4 @@ A strategy that many authors have come up with is to force a SYSTEM service to a {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md index 8963c0a92..0bf686666 100644 --- a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md +++ b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md @@ -201,3 +201,4 @@ Furthermore, additional methods for executing code or maintaining persistence, s {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md index cede72578..64ef33b89 100644 --- a/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md +++ b/src/windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md @@ -66,3 +66,4 @@ ShadowSpray aims to **exploit GenericWrite/GenericAll permissions that wide user {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates.md b/src/windows-hardening/active-directory-methodology/ad-certificates.md index 6b3f66cbf..b4b2a991b 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates.md @@ -128,3 +128,4 @@ certutil -v -dstemplate {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/README.md b/src/windows-hardening/active-directory-methodology/ad-certificates/README.md index d619085f1..ede4e23cb 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates/README.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates/README.md @@ -128,3 +128,4 @@ certutil -v -dstemplate {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md b/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md index b726249af..0f68fef52 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md @@ -54,3 +54,4 @@ This approach allows for an **extended persistence** method, minimizing the risk {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md b/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md index 56c155a71..da2621a3b 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md @@ -116,3 +116,4 @@ This explanation encapsulates the process and tools involved in NTLM credential {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md index 46ca77321..b83ae7a11 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md @@ -742,3 +742,4 @@ Both scenarios lead to an **increase in the attack surface** from one forest to {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md index db5b40f9a..9925066ab 100644 --- a/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md +++ b/src/windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md @@ -66,3 +66,4 @@ An example of malicious implementation would involve an attacker, who has **elev {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-dns-records.md b/src/windows-hardening/active-directory-methodology/ad-dns-records.md index 0c1a6f19d..ab59ea5b0 100644 --- a/src/windows-hardening/active-directory-methodology/ad-dns-records.md +++ b/src/windows-hardening/active-directory-methodology/ad-dns-records.md @@ -19,3 +19,4 @@ For more information read [https://dirkjanm.io/getting-in-the-zone-dumping-activ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md index a726f5bfd..87a193d50 100644 --- a/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md +++ b/src/windows-hardening/active-directory-methodology/ad-information-in-printers.md @@ -55,3 +55,4 @@ slapd -d 2 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/asreproast.md b/src/windows-hardening/active-directory-methodology/asreproast.md index cb2e308af..9055233a6 100644 --- a/src/windows-hardening/active-directory-methodology/asreproast.md +++ b/src/windows-hardening/active-directory-methodology/asreproast.md @@ -112,3 +112,4 @@ Stay informed with the newest bug bounties launching and crucial platform update {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/bloodhound.md b/src/windows-hardening/active-directory-methodology/bloodhound.md index 8ea9c71c0..bcb873aa3 100644 --- a/src/windows-hardening/active-directory-methodology/bloodhound.md +++ b/src/windows-hardening/active-directory-methodology/bloodhound.md @@ -96,3 +96,4 @@ To run it, can execute the binary `PingCastle.exe` and it will start an **intera {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/constrained-delegation.md b/src/windows-hardening/active-directory-methodology/constrained-delegation.md index 14d1d1fcf..5062f036c 100644 --- a/src/windows-hardening/active-directory-methodology/constrained-delegation.md +++ b/src/windows-hardening/active-directory-methodology/constrained-delegation.md @@ -82,3 +82,4 @@ Invoke-Mimikatz -Command '"kerberos::ptt TGS_Administrator@dollarcorp.moneycorp. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/custom-ssp.md b/src/windows-hardening/active-directory-methodology/custom-ssp.md index 979a785ef..f26fcb2bf 100644 --- a/src/windows-hardening/active-directory-methodology/custom-ssp.md +++ b/src/windows-hardening/active-directory-methodology/custom-ssp.md @@ -45,3 +45,4 @@ Event ID 4657 - Audit creation/change of `HKLM:\System\CurrentControlSet\Control {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/dcshadow.md b/src/windows-hardening/active-directory-methodology/dcshadow.md index 904153ec7..1d8be7221 100644 --- a/src/windows-hardening/active-directory-methodology/dcshadow.md +++ b/src/windows-hardening/active-directory-methodology/dcshadow.md @@ -73,3 +73,4 @@ Notice that in this case you need to make **several changes,** not just one. So, {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/dcsync.md b/src/windows-hardening/active-directory-methodology/dcsync.md index 5c16fec40..c109802f3 100644 --- a/src/windows-hardening/active-directory-methodology/dcsync.md +++ b/src/windows-hardening/active-directory-methodology/dcsync.md @@ -89,3 +89,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=dcsync" %} + diff --git a/src/windows-hardening/active-directory-methodology/diamond-ticket.md b/src/windows-hardening/active-directory-methodology/diamond-ticket.md index f866ff502..9033c284d 100644 --- a/src/windows-hardening/active-directory-methodology/diamond-ticket.md +++ b/src/windows-hardening/active-directory-methodology/diamond-ticket.md @@ -31,3 +31,4 @@ powershell Get-DomainUser -Identity -Properties objectsid {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/dsrm-credentials.md b/src/windows-hardening/active-directory-methodology/dsrm-credentials.md index 471c6d1c3..08a86a3b3 100644 --- a/src/windows-hardening/active-directory-methodology/dsrm-credentials.md +++ b/src/windows-hardening/active-directory-methodology/dsrm-credentials.md @@ -33,3 +33,4 @@ More info about this in: [https://adsecurity.org/?p=1714](https://adsecurity.org {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md b/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md index 6921ec4cc..63aa0f357 100644 --- a/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md +++ b/src/windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md @@ -82,3 +82,4 @@ The cleartext password can be used to perform regular authentication as the trus {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md b/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md index 7a8d88e24..eae19a77e 100644 --- a/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md +++ b/src/windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md @@ -128,3 +128,4 @@ Rubeus.exe asktgs /service:cifs/dc.doamin.external /domain:dc.domain.external /d {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/golden-ticket.md b/src/windows-hardening/active-directory-methodology/golden-ticket.md index 314ee03cc..f6c5b2729 100644 --- a/src/windows-hardening/active-directory-methodology/golden-ticket.md +++ b/src/windows-hardening/active-directory-methodology/golden-ticket.md @@ -63,3 +63,4 @@ Other little tricks defenders can do is **alert on 4769's for sensitive users** {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/kerberoast.md b/src/windows-hardening/active-directory-methodology/kerberoast.md index 150eaaa5d..8aefa38c2 100644 --- a/src/windows-hardening/active-directory-methodology/kerberoast.md +++ b/src/windows-hardening/active-directory-methodology/kerberoast.md @@ -196,3 +196,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=kerberoast" %} + diff --git a/src/windows-hardening/active-directory-methodology/kerberos-authentication.md b/src/windows-hardening/active-directory-methodology/kerberos-authentication.md index 7e73c6993..609680253 100644 --- a/src/windows-hardening/active-directory-methodology/kerberos-authentication.md +++ b/src/windows-hardening/active-directory-methodology/kerberos-authentication.md @@ -6,3 +6,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md b/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md index 93f25bf78..0919c601f 100644 --- a/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md +++ b/src/windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md @@ -110,3 +110,4 @@ icacls.exe "C:\Users\redsuit\Documents\ssh\OpenSSH-Win64" /grant Everyone:RX /T {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/laps.md b/src/windows-hardening/active-directory-methodology/laps.md index 16b6f32e0..ff37cf3c2 100644 --- a/src/windows-hardening/active-directory-methodology/laps.md +++ b/src/windows-hardening/active-directory-methodology/laps.md @@ -148,3 +148,4 @@ Then, just compile the new `AdmPwd.PS.dll` and upload it to the machine in `C:\T {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md b/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md index f2461c9c7..57de36453 100644 --- a/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md +++ b/src/windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md @@ -49,3 +49,4 @@ To conform to operational security and use AES256, the following command can be {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/pass-the-ticket.md b/src/windows-hardening/active-directory-methodology/pass-the-ticket.md index 4a5483d48..178825168 100644 --- a/src/windows-hardening/active-directory-methodology/pass-the-ticket.md +++ b/src/windows-hardening/active-directory-methodology/pass-the-ticket.md @@ -62,3 +62,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/password-spraying.md b/src/windows-hardening/active-directory-methodology/password-spraying.md index f7d77f596..300406892 100644 --- a/src/windows-hardening/active-directory-methodology/password-spraying.md +++ b/src/windows-hardening/active-directory-methodology/password-spraying.md @@ -160,3 +160,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md b/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md index efeef58e0..63f1f1b01 100644 --- a/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md +++ b/src/windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md @@ -129,3 +129,4 @@ If you can capture [NTLMv1 challenges read here how to crack them](../ntlm/#ntlm {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/printnightmare.md b/src/windows-hardening/active-directory-methodology/printnightmare.md index 37db1ab28..702aaf80c 100644 --- a/src/windows-hardening/active-directory-methodology/printnightmare.md +++ b/src/windows-hardening/active-directory-methodology/printnightmare.md @@ -6,3 +6,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md index 4d79df258..b3cfc6418 100644 --- a/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md +++ b/src/windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md @@ -320,3 +320,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md b/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md index 46d8956aa..15fbe4a25 100644 --- a/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md +++ b/src/windows-hardening/active-directory-methodology/rdp-sessions-abuse.md @@ -74,3 +74,4 @@ beacon> upload C:\Payloads\pivot.exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md b/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md index 9093a7241..9f3d89321 100644 --- a/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md +++ b/src/windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md @@ -141,3 +141,4 @@ Lear about the [**available service tickets here**](silver-ticket.md#available-s {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/security-descriptors.md b/src/windows-hardening/active-directory-methodology/security-descriptors.md index 707e4f162..6021490a5 100644 --- a/src/windows-hardening/active-directory-methodology/security-descriptors.md +++ b/src/windows-hardening/active-directory-methodology/security-descriptors.md @@ -50,3 +50,4 @@ Check [**Silver Tickets**](silver-ticket.md) to learn how you could use the hash {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/sid-history-injection.md b/src/windows-hardening/active-directory-methodology/sid-history-injection.md index dc53783a0..5352b04b8 100644 --- a/src/windows-hardening/active-directory-methodology/sid-history-injection.md +++ b/src/windows-hardening/active-directory-methodology/sid-history-injection.md @@ -138,3 +138,4 @@ raiseChild.py -target-exec 10.10.10.10 /username {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/silver-ticket.md b/src/windows-hardening/active-directory-methodology/silver-ticket.md index 002963e2c..46371d1c1 100644 --- a/src/windows-hardening/active-directory-methodology/silver-ticket.md +++ b/src/windows-hardening/active-directory-methodology/silver-ticket.md @@ -161,3 +161,4 @@ dcsync.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/skeleton-key.md b/src/windows-hardening/active-directory-methodology/skeleton-key.md index 934b0890a..199fb16d5 100644 --- a/src/windows-hardening/active-directory-methodology/skeleton-key.md +++ b/src/windows-hardening/active-directory-methodology/skeleton-key.md @@ -30,3 +30,4 @@ Verification after a system reboot is crucial to ensure that the protective meas {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md b/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md index eff0a89b2..eb9045abe 100644 --- a/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md +++ b/src/windows-hardening/active-directory-methodology/unconstrained-delegation.md @@ -54,3 +54,4 @@ printers-spooler-service-abuse.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs.md b/src/windows-hardening/authentication-credentials-uac-and-efs.md index aaae81847..20f34d37d 100644 --- a/src/windows-hardening/authentication-credentials-uac-and-efs.md +++ b/src/windows-hardening/authentication-credentials-uac-and-efs.md @@ -283,3 +283,4 @@ Get Access Today: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs/README.md b/src/windows-hardening/authentication-credentials-uac-and-efs/README.md index 64df480dd..2782f7a37 100644 --- a/src/windows-hardening/authentication-credentials-uac-and-efs/README.md +++ b/src/windows-hardening/authentication-credentials-uac-and-efs/README.md @@ -283,3 +283,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md b/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md index cd589f967..23db30e59 100644 --- a/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md +++ b/src/windows-hardening/authentication-credentials-uac-and-efs/uac-user-account-control.md @@ -217,3 +217,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/av-bypass.md b/src/windows-hardening/av-bypass.md index 9692c0fb8..d470cee15 100644 --- a/src/windows-hardening/av-bypass.md +++ b/src/windows-hardening/av-bypass.md @@ -579,3 +579,4 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {{#include ../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/basic-cmd-for-pentesters.md b/src/windows-hardening/basic-cmd-for-pentesters.md index d47497701..13d7f4bc9 100644 --- a/src/windows-hardening/basic-cmd-for-pentesters.md +++ b/src/windows-hardening/basic-cmd-for-pentesters.md @@ -480,3 +480,4 @@ powershell -ep bypass - < c:\temp:ttt {{#include ../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/basic-powershell-for-pentesters/README.md b/src/windows-hardening/basic-powershell-for-pentesters/README.md index e2ab70a69..8d1a4f791 100644 --- a/src/windows-hardening/basic-powershell-for-pentesters/README.md +++ b/src/windows-hardening/basic-powershell-for-pentesters/README.md @@ -466,3 +466,4 @@ RawDescriptor : System.Security.AccessControl.CommonSecurityDescriptor {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/basic-powershell-for-pentesters/powerview.md b/src/windows-hardening/basic-powershell-for-pentesters/powerview.md index 0a894a6ed..15be7ee7c 100644 --- a/src/windows-hardening/basic-powershell-for-pentesters/powerview.md +++ b/src/windows-hardening/basic-powershell-for-pentesters/powerview.md @@ -342,3 +342,4 @@ Add-NetGroupUser -Username username -GroupName 'Domain Admins' -Domain my.domain {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/checklist-windows-privilege-escalation.md b/src/windows-hardening/checklist-windows-privilege-escalation.md index 2280ec460..3d897fcc4 100644 --- a/src/windows-hardening/checklist-windows-privilege-escalation.md +++ b/src/windows-hardening/checklist-windows-privilege-escalation.md @@ -113,3 +113,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/cobalt-strike.md b/src/windows-hardening/cobalt-strike.md index b2f3eba1e..6cf274944 100644 --- a/src/windows-hardening/cobalt-strike.md +++ b/src/windows-hardening/cobalt-strike.md @@ -235,3 +235,4 @@ pscp -r root@kali:/opt/cobaltstrike/artifact-kit/dist-pipe . ``` + diff --git a/src/windows-hardening/lateral-movement/README.md b/src/windows-hardening/lateral-movement/README.md index 523202d49..8c702979d 100644 --- a/src/windows-hardening/lateral-movement/README.md +++ b/src/windows-hardening/lateral-movement/README.md @@ -16,3 +16,4 @@ There are different different ways to execute commands in external systems, here {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/atexec.md b/src/windows-hardening/lateral-movement/atexec.md index 3829b036f..a04950330 100644 --- a/src/windows-hardening/lateral-movement/atexec.md +++ b/src/windows-hardening/lateral-movement/atexec.md @@ -32,3 +32,4 @@ More information about the [**use of schtasks with silver tickets here**](../act {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/dcom-exec.md b/src/windows-hardening/lateral-movement/dcom-exec.md index 538e316d6..2f0e646d1 100644 --- a/src/windows-hardening/lateral-movement/dcom-exec.md +++ b/src/windows-hardening/lateral-movement/dcom-exec.md @@ -118,3 +118,4 @@ SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/psexec-and-winexec.md b/src/windows-hardening/lateral-movement/psexec-and-winexec.md index 8f7c69ff6..9c0ad3dd2 100644 --- a/src/windows-hardening/lateral-movement/psexec-and-winexec.md +++ b/src/windows-hardening/lateral-movement/psexec-and-winexec.md @@ -41,3 +41,4 @@ SharpLateral.exe redexec HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/smbexec.md b/src/windows-hardening/lateral-movement/smbexec.md index 138380f7b..23a587ee9 100644 --- a/src/windows-hardening/lateral-movement/smbexec.md +++ b/src/windows-hardening/lateral-movement/smbexec.md @@ -55,3 +55,4 @@ FOr further details check [https://blog.ropnop.com/using-credentials-to-own-wind {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/winrm.md b/src/windows-hardening/lateral-movement/winrm.md index 44cca4241..913866940 100644 --- a/src/windows-hardening/lateral-movement/winrm.md +++ b/src/windows-hardening/lateral-movement/winrm.md @@ -6,3 +6,4 @@ For information about [**WinRM read this page**](../../network-services-pentesti {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/lateral-movement/wmiexec.md b/src/windows-hardening/lateral-movement/wmiexec.md index f893fbae1..8a6438453 100644 --- a/src/windows-hardening/lateral-movement/wmiexec.md +++ b/src/windows-hardening/lateral-movement/wmiexec.md @@ -129,3 +129,4 @@ SharpLateral redwmi HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/README.md b/src/windows-hardening/ntlm/README.md index c35fc4a55..c35b4d26f 100644 --- a/src/windows-hardening/ntlm/README.md +++ b/src/windows-hardening/ntlm/README.md @@ -286,3 +286,4 @@ wce.exe -s ::: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/atexec.md b/src/windows-hardening/ntlm/atexec.md index 3829b036f..a04950330 100644 --- a/src/windows-hardening/ntlm/atexec.md +++ b/src/windows-hardening/ntlm/atexec.md @@ -32,3 +32,4 @@ More information about the [**use of schtasks with silver tickets here**](../act {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md b/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md index 3aea077ca..c9c9db24b 100644 --- a/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md +++ b/src/windows-hardening/ntlm/places-to-steal-ntlm-creds.md @@ -6,3 +6,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/psexec-and-winexec.md b/src/windows-hardening/ntlm/psexec-and-winexec.md index 47a06f34b..b413686fe 100644 --- a/src/windows-hardening/ntlm/psexec-and-winexec.md +++ b/src/windows-hardening/ntlm/psexec-and-winexec.md @@ -53,3 +53,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/smbexec.md b/src/windows-hardening/ntlm/smbexec.md index ea27ebb13..5615536c2 100644 --- a/src/windows-hardening/ntlm/smbexec.md +++ b/src/windows-hardening/ntlm/smbexec.md @@ -39,3 +39,4 @@ FOr further details check [https://blog.ropnop.com/using-credentials-to-own-wind {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/winrm.md b/src/windows-hardening/ntlm/winrm.md index 44cca4241..913866940 100644 --- a/src/windows-hardening/ntlm/winrm.md +++ b/src/windows-hardening/ntlm/winrm.md @@ -6,3 +6,4 @@ For information about [**WinRM read this page**](../../network-services-pentesti {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/ntlm/wmiexec.md b/src/windows-hardening/ntlm/wmiexec.md index f893fbae1..8a6438453 100644 --- a/src/windows-hardening/ntlm/wmiexec.md +++ b/src/windows-hardening/ntlm/wmiexec.md @@ -129,3 +129,4 @@ SharpLateral redwmi HOSTNAME C:\\Users\\Administrator\\Desktop\\malware.exe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/stealing-credentials/README.md b/src/windows-hardening/stealing-credentials/README.md index a823eff48..799148b43 100644 --- a/src/windows-hardening/stealing-credentials/README.md +++ b/src/windows-hardening/stealing-credentials/README.md @@ -323,3 +323,4 @@ Download it from:[ http://www.tarasco.org/security/pwdump_7](http://www.tarasco. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/stealing-credentials/credentials-mimikatz.md b/src/windows-hardening/stealing-credentials/credentials-mimikatz.md index 9b30e2307..33c0667b0 100644 --- a/src/windows-hardening/stealing-credentials/credentials-mimikatz.md +++ b/src/windows-hardening/stealing-credentials/credentials-mimikatz.md @@ -221,3 +221,4 @@ Deepen your expertise in **Mobile Security** with 8kSec Academy. Master iOS and {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/stealing-credentials/credentials-protections.md b/src/windows-hardening/stealing-credentials/credentials-protections.md index 4ab516c04..974bfa98c 100644 --- a/src/windows-hardening/stealing-credentials/credentials-protections.md +++ b/src/windows-hardening/stealing-credentials/credentials-protections.md @@ -117,3 +117,4 @@ For more detailed information, consult the official [documentation](https://docs {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/stealing-credentials/wts-impersonator.md b/src/windows-hardening/stealing-credentials/wts-impersonator.md index 969b3c713..05cb163a8 100644 --- a/src/windows-hardening/stealing-credentials/wts-impersonator.md +++ b/src/windows-hardening/stealing-credentials/wts-impersonator.md @@ -49,3 +49,4 @@ WTSEnumerateSessionsA β†’ WTSQuerySessionInformationA β†’ WTSQueryUserToken β†’ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/README.md b/src/windows-hardening/windows-local-privilege-escalation/README.md index b8e4ebc83..27aef6bcd 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/README.md +++ b/src/windows-hardening/windows-local-privilege-escalation/README.md @@ -1619,3 +1619,4 @@ C:\Windows\microsoft.net\framework\v4.0.30319\MSBuild.exe -version #Compile the {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md b/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md index 1d69a45f6..dc9726a3a 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md +++ b/src/windows-hardening/windows-local-privilege-escalation/access-tokens.md @@ -109,3 +109,4 @@ Learn more about tokens in this tutorials: [https://medium.com/@seemant.bisht24/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md b/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md index 555657d79..265ed69b5 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md +++ b/src/windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md @@ -175,3 +175,4 @@ Get Access Today: {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=acls-dacls-sacls-aces" %} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md b/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md index 8c2c0577c..7a32103ba 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md +++ b/src/windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md @@ -27,3 +27,4 @@ Although the vulnerability was initially disclosed unintentionally through the s {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md b/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md index 8fbd33416..f811cb30c 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md +++ b/src/windows-hardening/windows-local-privilege-escalation/com-hijacking.md @@ -80,3 +80,4 @@ Then, you can just create the HKCU entry and everytime the user logs in, your ba {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md b/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md index 05571cade..b39cf8cec 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md +++ b/src/windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md @@ -68,3 +68,4 @@ Please note that while this summary aims to provide valuable information, it is {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md index 8c85631d0..b48b25f28 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md +++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking.md @@ -246,3 +246,4 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md index 51fe854d6..b0dbd83ea 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md +++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/README.md @@ -246,3 +246,4 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md index 626de6839..d38fe12d2 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md +++ b/src/windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md @@ -83,3 +83,4 @@ When the service is re-started, the **dll should be loaded and executed** (you c {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md b/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md index bd48a4ae9..1b04fc5c3 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md +++ b/src/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md @@ -115,3 +115,4 @@ With extracted from LDAP computers list you can find every sub network even if y {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md b/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md index 80302fd1e..f30d6f078 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md +++ b/src/windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md @@ -119,3 +119,4 @@ int main() { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md b/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md index c220d9937..02acd7339 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md +++ b/src/windows-hardening/windows-local-privilege-escalation/integrity-levels.md @@ -98,3 +98,4 @@ Due to the restrictions commented in this and the previous section, from a secur {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md b/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md index 9ffe0a8b4..f9d906f10 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md +++ b/src/windows-hardening/windows-local-privilege-escalation/juicypotato.md @@ -132,3 +132,4 @@ Then download [test_clsid.bat ](https://github.com/ohpe/juicy-potato/blob/master {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md b/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md index be8aed0cb..7ab7b43e2 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md +++ b/src/windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md @@ -692,3 +692,4 @@ Another tool to leak a handle and exploit it. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md b/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md index 259f6b6f5..e1ac9e375 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md +++ b/src/windows-hardening/windows-local-privilege-escalation/msi-wrapper.md @@ -21,3 +21,4 @@ From here just click on **next buttons** and the last **build button and your in {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md b/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md index 76b843a24..15a5056c9 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md +++ b/src/windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md @@ -8,3 +8,4 @@ Check: [**https://ired.team/offensive-security/privilege-escalation/windows-name {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md index faf1557bc..fb3d99c4c 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md +++ b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md @@ -183,3 +183,4 @@ Full token privileges cheatsheet at [https://github.com/gtworek/Priv2Admin](http {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md index 40a10125e..0ee1af1e3 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md +++ b/src/windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md @@ -350,3 +350,4 @@ autorunsc.exe -m -nobanner -a * -ct /accepteula {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md b/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md index e398595ef..d1f90b41b 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md +++ b/src/windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md @@ -95,3 +95,4 @@ nt authority\system {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md b/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md index 7b3e0046e..62b71b264 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md +++ b/src/windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md @@ -214,3 +214,4 @@ int _tmain( int argc, TCHAR* argv[] ) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md b/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md index a6068b533..83386f092 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md +++ b/src/windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md @@ -179,3 +179,4 @@ Inside that process "Administrators" can "Read Memory" and "Read Permissions" wh {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md b/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md index 56957d947..2ed58453d 100644 --- a/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md +++ b/src/windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md @@ -17,3 +17,4 @@ int main () {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/windows-hardening/windows-security-controls/uac-user-account-control.md b/src/windows-hardening/windows-security-controls/uac-user-account-control.md index 8f1515ef3..44ac85079 100644 --- a/src/windows-hardening/windows-security-controls/uac-user-account-control.md +++ b/src/windows-hardening/windows-security-controls/uac-user-account-control.md @@ -217,3 +217,4 @@ Get Access Today: {{#include ../../banners/hacktricks-training.md}} +