maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Translated ['.github/pull_request_template.md', 'src/1911-pentesting-fox

Browse Source
This commit is contained in:
Translator 2025-01-02 10:42:55 +00:00
parent 1853742752
commit bbc21815ec
8 changed files with 147 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.github/pull_request_template.md vendored
View File

@ -1,9 +1,4 @@
You can remove this content before sending the PR:
## Attribution
We value your knowledge and encourage you to share content. Please ensure that you only upload content that you own or that have permission to share it from the original author (adding a reference to the author in the added text or at the end of the page you are modifying or both). Your respect for intellectual property rights fosters a trustworthy and legal sharing environment for everyone.
Thank you for contributing to HackTricks!
## 归属
我们重视您的知识,并鼓励您分享内容。请确保您仅上传您拥有或已获得原作者分享权限的内容(在您添加的文本中或您正在修改的页面末尾添加对作者的引用,或两者都添加)。 您对知识产权的尊重为每个人营造了一个值得信赖和合法的分享环境。
感谢您为 HackTricks 的贡献!

3
src/1911-pentesting-fox.md
View File

@ -2,7 +2,7 @@
{{#include ./banners/hacktricks-training.md}}
And more services:
还有更多服务:
ubiquiti-discover udp "Ubiquiti Networks Device"
@ -27,4 +27,3 @@ InfluxDB
![](<images/image (341).png>)
{{#include ./banners/hacktricks-training.md}}

1
src/6881-udp-pentesting-bittorrent.md
View File

@ -1,4 +1,3 @@
{{#include ./banners/hacktricks-training.md}}
{{#include ./banners/hacktricks-training.md}}

171
src/LICENSE.md
View File

@ -1,173 +1,170 @@
{{#include ./banners/hacktricks-training.md}}
<a rel="license" href="https://creativecommons.org/licenses/by-nc/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://licensebuttons.net/l/by-nc/4.0/88x31.png" /></a><br>Copyright © Carlos Polop 2021. Except where otherwise specified (the external information copied into the book belongs to the original authors), the text on <a href="https://github.com/carlospolop/hacktricks">HACK TRICKS</a> by Carlos Polop is licensed under the <a href="https://creativecommons.org/licenses/by-nc/4.0/">Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)</a>.
<a rel="license" href="https://creativecommons.org/licenses/by-nc/4.0/"><img alt="Creative Commons License" style="border-width:0" src="https://licensebuttons.net/l/by-nc/4.0/88x31.png" /></a><br>版权 © Carlos Polop 2021。除非另有说明书中复制的外部信息属于原作者Carlos Polop 的 <a href="https://github.com/carlospolop/hacktricks">HACK TRICKS</a> 文本根据 <a href="https://creativecommons.org/licenses/by-nc/4.0/">知识共享署名-非商业性 4.0 国际CC BY-NC 4.0</a> 进行许可。
License: Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)<br>
Human Readable License: https://creativecommons.org/licenses/by-nc/4.0/<br>
Complete Legal Terms: https://creativecommons.org/licenses/by-nc/4.0/legalcode<br>
Formatting: https://github.com/jmatsushita/Creative-Commons-4.0-Markdown/blob/master/licenses/by-nc.markdown<br>
许可证:署名-非商业性 4.0 国际CC BY-NC 4.0<br>
人类可读许可证:https://creativecommons.org/licenses/by-nc/4.0/<br>
完整法律条款:https://creativecommons.org/licenses/by-nc/4.0/legalcode<br>
格式:https://github.com/jmatsushita/Creative-Commons-4.0-Markdown/blob/master/licenses/by-nc.markdown<br>
# creative commons
# 知识共享
# Attribution-NonCommercial 4.0 International
# 署名-非商业性 4.0 国际
Creative Commons Corporation (“Creative Commons”) is not a law firm and does not provide legal services or legal advice. Distribution of Creative Commons public licenses does not create a lawyer-client or other relationship. Creative Commons makes its licenses and related information available on an “as-is” basis. Creative Commons gives no warranties regarding its licenses, any material licensed under their terms and conditions, or any related information. Creative Commons disclaims all liability for damages resulting from their use to the fullest extent possible.
知识共享公司(“知识共享”)不是法律事务所,不提供法律服务或法律建议。分发知识共享公共许可证并不构成律师-客户或其他关系。知识共享以“按现状”方式提供其许可证及相关信息。知识共享对其许可证、根据其条款和条件许可的任何材料或任何相关信息不提供任何担保。知识共享在法律允许的最大范围内,否认因其使用而导致的所有损害赔偿责任。
## Using Creative Commons Public Licenses
## 使用知识共享公共许可证
Creative Commons public licenses provide a standard set of terms and conditions that creators and other rights holders may use to share original works of authorship and other material subject to copyright and certain other rights specified in the public license below. The following considerations are for informational purposes only, are not exhaustive, and do not form part of our licenses.
知识共享公共许可证提供了一套标准的条款和条件,创作者和其他权利持有人可以使用这些条款和条件来分享原始著作和其他受版权及某些其他权利保护的材料。以下考虑事项仅供参考,并不详尽,也不构成我们许可证的一部分。
- **Considerations for licensors:** Our public licenses are intended for use by those authorized to give the public permission to use material in ways otherwise restricted by copyright and certain other rights. Our licenses are irrevocable. Licensors should read and understand the terms and conditions of the license they choose before applying it. Licensors should also secure all rights necessary before applying our licenses so that the public can reuse the material as expected. Licensors should clearly mark any material not subject to the license. This includes other CC-licensed material, or material used under an exception or limitation to copyright. [More considerations for licensors](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors).
- **对许可人的考虑:** 我们的公共许可证旨在供那些被授权向公众许可以受版权和某些其他权利限制的方式使用材料的人使用。我们的许可证是不可撤销的。许可人应在申请许可证之前阅读并理解所选择许可证的条款和条件。许可人还应在申请我们的许可证之前确保所有必要的权利,以便公众可以按预期重用材料。许可人应清楚标记任何不受许可证约束的材料。这包括其他 CC 许可的材料,或根据版权的例外或限制使用的材料。[更多对许可人的考虑](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensors)
- **Considerations for the public:** By using one of our public licenses, a licensor grants the public permission to use the licensed material under specified terms and conditions. If the licensors permission is not necessary for any reasonfor example, because of any applicable exception or limitation to copyrightthen that use is not regulated by the license. Our licenses grant only permissions under copyright and certain other rights that a licensor has authority to grant. Use of the licensed material may still be restricted for other reasons, including because others have copyright or other rights in the material. A licensor may make special requests, such as asking that all changes be marked or described. Although not required by our licenses, you are encouraged to respect those requests where reasonable. [More considerations for the public](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees).
- **对公众的考虑:** 通过使用我们的公共许可证,许可人授予公众在指定的条款和条件下使用许可材料的权限。如果许可人的许可因任何原因不必要——例如,由于适用的版权例外或限制——则该使用不受许可证的监管。我们的许可证仅授予许可人有权授予的版权和某些其他权利下的权限。许可材料的使用可能仍因其他原因受到限制,包括因为其他人对材料拥有版权或其他权利。许可人可以提出特殊请求,例如要求标记或描述所有更改。尽管我们的许可证没有要求,但鼓励您在合理的情况下尊重这些请求。[更多对公众的考虑](http://wiki.creativecommons.org/Considerations_for_licensors_and_licensees#Considerations_for_licensees)
# Creative Commons Attribution-NonCommercial 4.0 International Public License
# 知识共享署名-非商业性 4.0 国际公共许可证
By exercising the Licensed Rights (defined below), You accept and agree to be bound by the terms and conditions of this Creative Commons Attribution-NonCommercial 4.0 International Public License ("Public License"). To the extent this Public License may be interpreted as a contract, You are granted the Licensed Rights in consideration of Your acceptance of these terms and conditions, and the Licensor grants You such rights in consideration of benefits the Licensor receives from making the Licensed Material available under these terms and conditions.
通过行使许可权(定义如下),您接受并同意受本知识共享署名-非商业性 4.0 国际公共许可证(“公共许可证”)的条款和条件的约束。在本公共许可证可以被解释为合同的范围内,您在接受这些条款和条件的情况下获得许可权,许可人基于许可材料根据这些条款和条件提供给您这样的权利。
## Section 1 Definitions.
## 第 1 节 定义。
a. **Adapted Material** means material subject to Copyright and Similar Rights that is derived from or based upon the Licensed Material and in which the Licensed Material is translated, altered, arranged, transformed, or otherwise modified in a manner requiring permission under the Copyright and Similar Rights held by the Licensor. For purposes of this Public License, where the Licensed Material is a musical work, performance, or sound recording, Adapted Material is always produced where the Licensed Material is synched in timed relation with a moving image.
a. **改编材料** 指受版权和类似权利保护的材料,该材料源自或基于许可材料,并且在其中许可材料以需要根据许可人持有的版权和类似权利获得许可的方式被翻译、修改、排列、转化或以其他方式修改。就本公共许可证而言,当许可材料是音乐作品、表演或声音录音时,改编材料总是在许可材料与动态影像同步时产生。
b. **Adapter's License** means the license You apply to Your Copyright and Similar Rights in Your contributions to Adapted Material in accordance with the terms and conditions of this Public License.
b. **适配器许可证** 指您根据本公共许可证的条款和条件对您对改编材料的贡献所适用的版权和类似权利的许可证。
c. **Copyright and Similar Rights** means copyright and/or similar rights closely related to copyright including, without limitation, performance, broadcast, sound recording, and Sui Generis Database Rights, without regard to how the rights are labeled or categorized. For purposes of this Public License, the rights specified in Section 2(b)(1)-(2) are not Copyright and Similar Rights.
c. **版权和类似权利** 指版权和/或与版权密切相关的类似权利,包括但不限于表演、广播、声音录音和特有数据库权利,而不考虑这些权利的标签或分类。就本公共许可证而言,第 2 节 (b)(1)-(2) 中规定的权利不属于版权和类似权利。
d. **Effective Technological Measures** means those measures that, in the absence of proper authority, may not be circumvented under laws fulfilling obligations under Article 11 of the WIPO Copyright Treaty adopted on December 20, 1996, and/or similar international agreements.
d. **有效技术措施** 指在缺乏适当授权的情况下,根据 1996 年 12 月 20 日通过的《世界知识产权组织版权条约》第 11 条履行义务的法律下,可能无法规避的措施和/或类似国际协议。
e. **Exceptions and Limitations** means fair use, fair dealing, and/or any other exception or limitation to Copyright and Similar Rights that applies to Your use of the Licensed Material.
e. **例外和限制** 指适用于您使用许可材料的合理使用、公平交易和/或任何其他版权和类似权利的例外或限制。
f. **Licensed Material** means the artistic or literary work, database, or other material to which the Licensor applied this Public License.
f. **许可材料** 指许可人应用本公共许可证的艺术或文学作品、数据库或其他材料。
g. **Licensed Rights** means the rights granted to You subject to the terms and conditions of this Public License, which are limited to all Copyright and Similar Rights that apply to Your use of the Licensed Material and that the Licensor has authority to license.
g. **许可权** 指根据本公共许可证的条款和条件授予您的权利,这些权利仅限于适用于您使用许可材料的所有版权和类似权利,并且许可人有权许可。
h. **Licensor** means the individual(s) or entity(ies) granting rights under this Public License.
h. **许可人** 指根据本公共许可证授予权利的个人或实体。
i. **NonCommercial** means not primarily intended for or directed towards commercial advantage or monetary compensation. For purposes of this Public License, the exchange of the Licensed Material for other material subject to Copyright and Similar Rights by digital file-sharing or similar means is NonCommercial provided there is no payment of monetary compensation in connection with the exchange.
i. **非商业性** 指不主要旨在或针对商业利益或货币补偿。就本公共许可证而言,通过数字文件共享或类似方式将许可材料与其他受版权和类似权利保护的材料交换是非商业性的,前提是与交换无关的货币补偿没有支付。
j. **Share** means to provide material to the public by any means or process that requires permission under the Licensed Rights, such as reproduction, public display, public performance, distribution, dissemination, communication, or importation, and to make material available to the public including in ways that members of the public may access the material from a place and at a time individually chosen by them.
j. **分享** 指通过任何需要根据许可权获得许可的方式或过程向公众提供材料,例如复制、公开展示、公开表演、分发、传播、交流或进口,并使材料可供公众使用,包括以公众可以从他们选择的地点和时间访问材料的方式。
k. **Sui Generis Database Rights** means rights other than copyright resulting from Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, as amended and/or succeeded, as well as other essentially equivalent rights anywhere in the world.
k. **特有数据库权利** 指根据 1996 年 3 月 11 日欧洲议会和理事会第 96/9/EC 指令关于数据库的法律保护而产生的除版权以外的权利,以及在世界任何地方的其他本质上等同的权利。
l. **You** means the individual or entity exercising the Licensed Rights under this Public License. Your has a corresponding meaning.
l. **您** 指根据本公共许可证行使许可权的个人或实体。您的含义相应。
## Section 2 Scope.
## 第 2 节 范围。
a. **_License grant._**
a. **_许可证授予。_**
1. Subject to the terms and conditions of this Public License, the Licensor hereby grants You a worldwide, royalty-free, non-sublicensable, non-exclusive, irrevocable license to exercise the Licensed Rights in the Licensed Material to:
1. 根据本公共许可证的条款和条件,许可人特此授予您全球范围内的、免版税的、不可再许可的、非独占的、不可撤销的许可证,以在许可材料中行使许可权:
A. reproduce and Share the Licensed Material, in whole or in part, for NonCommercial purposes only; and
A. 仅为非商业目的复制和分享许可材料的全部或部分;以及
B. produce, reproduce, and Share Adapted Material for NonCommercial purposes only.
B. 仅为非商业目的制作、复制和分享改编材料。
2. **Exceptions and Limitations.** For the avoidance of doubt, where Exceptions and Limitations apply to Your use, this Public License does not apply, and You do not need to comply with its terms and conditions.
3. **Term.** The term of this Public License is specified in Section 6(a).
2. **例外和限制。** 为避免疑义,在您使用的情况下适用例外和限制时,本公共许可证不适用,您无需遵守其条款和条件。
3. **期限。** 本公共许可证的期限在第 6(a) 节中规定。
4. **Media and formats; technical modifications allowed.** The Licensor authorizes You to exercise the Licensed Rights in all media and formats whether now known or hereafter created, and to make technical modifications necessary to do so. The Licensor waives and/or agrees not to assert any right or authority to forbid You from making technical modifications necessary to exercise the Licensed Rights, including technical modifications necessary to circumvent Effective Technological Measures. For purposes of this Public License, simply making modifications authorized by this Section 2(a)(4) never produces Adapted Material.
5. **Downstream recipients.**
4. **媒体和格式;允许的技术修改。** 许可人授权您在所有已知或将来创建的媒体和格式中行使许可权,并进行必要的技术修改。许可人放弃和/或同意不主张任何权利或权威,以禁止您进行必要的技术修改以行使许可权,包括为规避有效技术措施而进行的技术修改。就本公共许可证而言,仅仅进行本第 2(a)(4) 节授权的修改从不产生改编材料。
5. **下游接收者。**
A. **Offer from the Licensor Licensed Material.** Every recipient of the Licensed Material automatically receives an offer from the Licensor to exercise the Licensed Rights under the terms and conditions of this Public License.
A. **来自许可人的提议 许可材料。** 每个许可材料的接收者自动收到来自许可人的提议,以根据本公共许可证的条款和条件行使许可权。
B. **No downstream restrictions.** You may not offer or impose any additional or different terms or conditions on, or apply any Effective Technological Measures to, the Licensed Material if doing so restricts exercise of the Licensed Rights by any recipient of the Licensed Material.
B. **无下游限制。** 如果这样做限制了任何许可材料接收者行使许可权,您不得对许可材料提供或施加任何额外或不同的条款或条件,或对许可材料应用任何有效技术措施。
6. **No endorsement.** Nothing in this Public License constitutes or may be construed as permission to assert or imply that You are, or that Your use of the Licensed Material is, connected with, or sponsored, endorsed, or granted official status by, the Licensor or others designated to receive attribution as provided in Section 3(a)(1)(A)(i).
6. **无认可。** 本公共许可证中的任何内容均不构成或不得解释为许可人或其他指定接收署名的人的认可或暗示您与许可人或其他指定接收署名的人的联系、赞助、认可或授予官方地位的许可。
b. **_Other rights._**
b. **_其他权利。_**
1. Moral rights, such as the right of integrity, are not licensed under this Public License, nor are publicity, privacy, and/or other similar personality rights; however, to the extent possible, the Licensor waives and/or agrees not to assert any such rights held by the Licensor to the limited extent necessary to allow You to exercise the Licensed Rights, but not otherwise.
1. 道德权利,例如完整权利,不在本公共许可证下获得许可,宣传权、隐私权和/或其他类似的人格权也不在其中;但是,在可能的范围内,许可人放弃和/或同意不主张许可人持有的任何此类权利,以便在必要的有限范围内允许您行使许可权,但不包括其他情况。
2. Patent and trademark rights are not licensed under this Public License.
2. 专利和商标权不在本公共许可证下获得许可。
3. To the extent possible, the Licensor waives any right to collect royalties from You for the exercise of the Licensed Rights, whether directly or through a collecting society under any voluntary or waivable statutory or compulsory licensing scheme. In all other cases the Licensor expressly reserves any right to collect such royalties, including when the Licensed Material is used other than for NonCommercial purposes.
3. 在可能的范围内,许可人放弃从您行使许可权中收取版税的任何权利,无论是直接还是通过任何自愿或可放弃的法定或强制许可计划。在所有其他情况下,许可人明确保留收取此类版税的任何权利,包括当许可材料用于非商业目的以外的情况。
## Section 3 License Conditions.
## 第 3 节 许可证条件。
Your exercise of the Licensed Rights is expressly made subject to the following conditions.
您行使许可权明确受以下条件的约束。
a. **_Attribution._**
a. **_署名。_**
1. If You Share the Licensed Material (including in modified form), You must:
1. 如果您分享许可材料(包括修改后的形式),您必须:
A. retain the following if it is supplied by the Licensor with the Licensed Material:
A. 保留许可人随许可材料提供的以下内容:
i. identification of the creator(s) of the Licensed Material and any others designated to receive attribution, in any reasonable manner requested by the Licensor (including by pseudonym if designated);
i. 许可材料创作者的身份以及任何其他指定接收署名的人的身份,以许可人要求的任何合理方式(包括如有指定则以笔名);
ii. a copyright notice;
ii. 版权声明;
iii. a notice that refers to this Public License;
iii. 提及本公共许可证的通知;
iv. a notice that refers to the disclaimer of warranties;
iv. 提及免责声明的通知;
v. a URI or hyperlink to the Licensed Material to the extent reasonably practicable;
v. 在合理可行的范围内,指向许可材料的 URI 或超链接;
B. indicate if You modified the Licensed Material and retain an indication of any previous modifications; and
B. 指明您是否修改了许可材料,并保留任何先前修改的指示;以及
C. indicate the Licensed Material is licensed under this Public License, and include the text of, or the URI or hyperlink to, this Public License.
C. 指明许可材料是根据本公共许可证获得许可的,并包括本公共许可证的文本或 URI 或超链接。
2. You may satisfy the conditions in Section 3(a)(1) in any reasonable manner based on the medium, means, and context in which You Share the Licensed Material. For example, it may be reasonable to satisfy the conditions by providing a URI or hyperlink to a resource that includes the required information.
2. 您可以以任何合理的方式满足第 3(a)(1) 节中的条件,具体取决于您分享许可材料的媒介、方式和上下文。例如,通过提供指向包含所需信息的资源的 URI 或超链接来满足条件可能是合理的。
3. If requested by the Licensor, You must remove any of the information required by Section 3(a)(1)(A) to the extent reasonably practicable.
3. 如果许可人要求,您必须在合理可行的范围内删除第 3(a)(1)(A) 节要求的任何信息。
4. If You Share Adapted Material You produce, the Adapter's License You apply must not prevent recipients of the Adapted Material from complying with this Public License.
4. 如果您分享您制作的改编材料,您所应用的适配器许可证不得妨碍改编材料的接收者遵守本公共许可证。
## Section 4 Sui Generis Database Rights.
## 第 4 节 特有数据库权利。
Where the Licensed Rights include Sui Generis Database Rights that apply to Your use of the Licensed Material:
当许可权包括适用于您使用许可材料的特有数据库权利时:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right to extract, reuse, reproduce, and Share all or a substantial portion of the contents of the database for NonCommercial purposes only;
a. 为避免疑义,第 2(a)(1) 节授予您仅为非商业目的提取、重用、复制和分享数据库内容的全部或实质性部分的权利;
b. if You include all or a substantial portion of the database contents in a database in which You have Sui Generis Database Rights, then the database in which You have Sui Generis Database Rights (but not its individual contents) is Adapted Material; and
b. 如果您在拥有特有数据库权利的数据库中包含数据库内容的全部或实质性部分,则您拥有特有数据库权利的数据库(但不包括其单独内容)是改编材料;以及
c. You must comply with the conditions in Section 3(a) if You Share all or a substantial portion of the contents of the database.
c. 如果您分享数据库内容的全部或实质性部分,您必须遵守第 3(a) 节中的条件。
For the avoidance of doubt, this Section 4 supplements and does not replace Your obligations under this Public License where the Licensed Rights include other Copyright and Similar Rights.
为避免疑义,本第 4 节补充并不替代您在许可权包括其他版权和类似权利时在本公共许可证下的义务。
## Section 5 Disclaimer of Warranties and Limitation of Liability.
## 第 5 节 免责声明和责任限制。
a. **Unless otherwise separately undertaken by the Licensor, to the extent possible, the Licensor offers the Licensed Material as-is and as-available, and makes no representations or warranties of any kind concerning the Licensed Material, whether express, implied, statutory, or other. This includes, without limitation, warranties of title, merchantability, fitness for a particular purpose, non-infringement, absence of latent or other defects, accuracy, or the presence or absence of errors, whether or not known or discoverable. Where disclaimers of warranties are not allowed in full or in part, this disclaimer may not apply to You.**
a. **除非许可人另有单独承诺,在可能的范围内,许可人以现状和可用的方式提供许可材料,并不对许可材料的任何种类作出任何陈述或担保,无论是明示、暗示、法定或其他。这包括但不限于所有权、适销性、特定用途的适用性、不侵权、缺陷的缺失或其他缺陷、准确性或错误的存在或缺失的担保,无论是否已知或可发现。在不允许完全或部分免责声明的情况下,本免责声明可能不适用于您。**
b. **To the extent possible, in no event will the Licensor be liable to You on any legal theory (including, without limitation, negligence) or otherwise for any direct, special, indirect, incidental, consequential, punitive, exemplary, or other losses, costs, expenses, or damages arising out of this Public License or use of the Licensed Material, even if the Licensor has been advised of the possibility of such losses, costs, expenses, or damages. Where a limitation of liability is not allowed in full or in part, this limitation may not apply to You.**
b. **在可能的范围内,许可人对您不承担任何法律理论(包括但不限于过失)或其他原因造成的任何直接、特殊、间接、附带、后果性、惩罚性、示范性或其他损失、费用、开支或损害的责任,即使许可人已被告知可能发生此类损失、费用、开支或损害。在不允许完全或部分责任限制的情况下,本限制可能不适用于您。**
c. The disclaimer of warranties and limitation of liability provided above shall be interpreted in a manner that, to the extent possible, most closely approximates an absolute disclaimer and waiver of all liability.
c. 上述免责声明和责任限制应以尽可能接近绝对免责声明和放弃所有责任的方式进行解释。
## Section 6 Term and Termination.
## 第 6 节 期限和终止。
a. This Public License applies for the term of the Copyright and Similar Rights licensed here. However, if You fail to comply with this Public License, then Your rights under this Public License terminate automatically.
a. 本公共许可证适用于此处许可的版权和类似权利的期限。然而,如果您未能遵守本公共许可证,则您在本公共许可证下的权利将自动终止。
b. Where Your right to use the Licensed Material has terminated under Section 6(a), it reinstates:
b. 当您根据第 6(a) 节终止使用许可材料的权利时,它将恢复:
1. automatically as of the date the violation is cured, provided it is cured within 30 days of Your discovery of the violation; or
1. 在您发现违规行为后的 30 天内,自动恢复至违规行为得到纠正之日;或
2. upon express reinstatement by the Licensor.
2. 经许可人明确恢复。
For the avoidance of doubt, this Section 6(b) does not affect any right the Licensor may have to seek remedies for Your violations of this Public License.
为避免疑义,本第 6(b) 节不影响许可人可能对您违反本公共许可证寻求救济的任何权利。
c. For the avoidance of doubt, the Licensor may also offer the Licensed Material under separate terms or conditions or stop distributing the Licensed Material at any time; however, doing so will not terminate this Public License.
c. 为避免疑义,许可人也可以根据单独的条款或条件提供许可材料,或随时停止分发许可材料;然而,这样做不会终止本公共许可证。
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public License.
d. 第 1、5、6、7 和 8 节在本公共许可证终止后继续有效。
## Section 7 Other Terms and Conditions.
## 第 7 节 其他条款和条件。
a. The Licensor shall not be bound by any additional or different terms or conditions communicated by You unless expressly agreed.
a. 除非明确同意,许可人不受您传达的任何额外或不同条款或条件的约束。
b. Any arrangements, understandings, or agreements regarding the Licensed Material not stated herein are separate from and independent of the terms and conditions of this Public License.
b. 关于许可材料的任何安排、理解或协议,除非在此明确说明,否则与本公共许可证的条款和条件是分开的且独立的。
## Section 8 Interpretation.
## 第 8 节 解释。
a. For the avoidance of doubt, this Public License does not, and shall not be interpreted to, reduce, limit, restrict, or impose conditions on any use of the Licensed Material that could lawfully be made without permission under this Public License.
a. 为避免疑义,本公共许可证不构成,也不得解释为,减少、限制、限制或对任何可以在不需要本公共许可证许可的情况下合法进行的许可材料使用施加条件。
b. To the extent possible, if any provision of this Public License is deemed unenforceable, it shall be automatically reformed to the minimum extent necessary to make it enforceable. If the provision cannot be reformed, it shall be severed from this Public License without affecting the enforceability of the remaining terms and conditions.
b. 在可能的范围内,如果本公共许可证的任何条款被视为不可执行,则应自动修订至必要的最低限度以使其可执行。如果该条款无法修订,则应从本公共许可证中剔除,而不影响其余条款和条件的可执行性。
c. No term or condition of this Public License will be waived and no failure to comply consented to unless expressly agreed to by the Licensor.
d. Nothing in this Public License constitutes or may be interpreted as a limitation upon, or waiver of, any privileges and immunities that apply to the Licensor or You, including from the legal processes of any jurisdiction or authority.
c. 本公共许可证的任何条款或条件均不得放弃,且除非许可人明确同意,否则不得同意不遵守。
d. 本公共许可证中的任何内容均不构成或不得解释为对适用于许可人或您的任何特权和豁免的限制或放弃,包括来自任何司法管辖区或权威的法律程序。
```
Creative Commons is not a party to its public licenses. Notwithstanding, Creative Commons may elect to apply one of its public licenses to material it publishes and in those instances will be considered the “Licensor.” Except for the limited purpose of indicating that material is shared under a Creative Commons public license or as otherwise permitted by the Creative Commons policies published at [creativecommons.org/policies](http://creativecommons.org/policies), Creative Commons does not authorize the use of the trademark “Creative Commons” or any other trademark or logo of Creative Commons without its prior written consent including, without limitation, in connection with any unauthorized modifications to any of its public licenses or any other arrangements, understandings, or agreements concerning use of licensed material. For the avoidance of doubt, this paragraph does not form part of the public licenses.
Creative Commons may be contacted at [creativecommons.org](http://creativecommons.org/).
```
{{#include ./banners/hacktricks-training.md}}

74
src/README.md
View File

@ -1,31 +1,31 @@
# HackTricks
Reading time: {{ #reading_time }}
阅读时间: {{ #reading_time }}
<figure><img src="images/hacktricks.gif" alt=""><figcaption></figcaption></figure>
_Hacktricks logos & motion design by_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
_Hacktricks 标志和动态设计由_ [_@ppiernacho_](https://www.instagram.com/ppieranacho/)_._
> [!TIP]
> **Welcome to the wiki where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.**
> **欢迎来到这个维基在这里你将找到我从CTF、现实生活应用、阅读研究和新闻中学到的每一个黑客技巧/技术/无论是什么。**
To get started follow this page where you will find the **typical flow** that **you should follow when pentesting** one or more **machines:**
要开始,请遵循此页面,在这里你将找到**你在进行一个或多个机器的渗透测试时应该遵循的典型流程:**
{{#ref}}
generic-methodologies-and-resources/pentesting-methodology.md
{{#endref}}
## Corporate Sponsors
## 企业赞助商
### [STM Cyber](https://www.stmcyber.com)
<figure><img src="images/stm (1).png" alt=""><figcaption></figcaption></figure>
[**STM Cyber**](https://www.stmcyber.com) is a great cybersecurity company whose slogan is **HACK THE UNHACKABLE**. They perform their own research and develop their own hacking tools to **offer several valuable cybersecurity services** like pentesting, Red teams and training.
[**STM Cyber**](https://www.stmcyber.com) 是一家优秀的网络安全公司,其口号是**HACK THE UNHACKABLE**。他们进行自己的研究并开发自己的黑客工具,以**提供多种有价值的网络安全服务**,如渗透测试、红队和培训。
You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stmcyber.com)
你可以查看他们的**博客**在 [**https://blog.stmcyber.com**](https://blog.stmcyber.com)
**STM Cyber** also support cybersecurity open source projects like HackTricks :)
**STM Cyber** 还支持像 HackTricks 这样的网络安全开源项目 :)
---
@ -33,7 +33,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
<figure><img src="images/image (45).png" alt=""><figcaption></figcaption></figure>
[**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
[**RootedCON**](https://www.rootedcon.com) 是**西班牙**最相关的网络安全事件,也是**欧洲**最重要的事件之一。这个大会的**使命是促进技术知识**,是各个学科的技术和网络安全专业人士的一个热闹的交流点。
{% embed url="https://www.rootedcon.com/" %}
@ -43,9 +43,9 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
<figure><img src="images/image (47).png" alt=""><figcaption></figcaption></figure>
**Intigriti** is the **Europe's #1** ethical hacking and **bug bounty platform.**
**Intigriti** 是**欧洲第一**的道德黑客和**漏洞赏金平台**。
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
**漏洞赏金提示****注册** **Intigriti**,这是一个由黑客为黑客创建的高级**漏洞赏金平台**!今天就加入我们 [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks),开始赚取高达**$100,000**的赏金!
{% embed url="https://go.intigriti.com/hacktricks" %}
@ -56,9 +56,9 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
<figure><img src="images/image (48).png" alt=""><figcaption></figcaption></figure>
\
Use [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.
使用 [**Trickest**](https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks) 轻松构建和**自动化工作流程**,由世界上**最先进**的社区工具提供支持。
Get Access Today:
今天就获取访问权限:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
@ -68,23 +68,23 @@ Get Access Today:
<figure><img src="images/image (3).png" alt=""><figcaption></figcaption></figure>
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
加入 [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) 服务器,与经验丰富的黑客和漏洞赏金猎人交流!
- **Hacking Insights:** Engage with content that delves into the thrill and challenges of hacking
- **Real-Time Hack News:** Keep up-to-date with fast-paced hacking world through real-time news and insights
- **Latest Announcements:** Stay informed with the newest bug bounties launching and crucial platform updates
- **黑客见解**:参与深入探讨黑客的刺激和挑战的内容
- **实时黑客新闻**:通过实时新闻和见解跟上快速变化的黑客世界
- **最新公告**:了解最新的漏洞赏金发布和重要平台更新
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
**今天就加入我们** [**Discord**](https://discord.com/invite/N3FrSbmwdy),开始与顶级黑客合作!
---
### [Pentest-Tools.com](https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons) - The essential penetration testing toolkit
### [Pentest-Tools.com](https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons) - 必备的渗透测试工具包
<figure><img src="images/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
**Get a hacker's perspective on your web apps, network, and cloud**
**从黑客的角度看待你的网络应用、网络和云**
**Find and report critical, exploitable vulnerabilities with real business impact.** Use our 20+ custom tools to map the attack surface, find security issues that let you escalate privileges, and use automated exploits to collect essential evidence, turning your hard work into persuasive reports.
**查找并报告具有实际商业影响的关键、可利用的漏洞。** 使用我们20多个自定义工具来映射攻击面查找让你提升权限的安全问题并使用自动化漏洞利用收集重要证据将你的辛勤工作转化为有说服力的报告。
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
@ -94,22 +94,22 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to
<figure><img src="images/image (1254).png" alt=""><figcaption></figcaption></figure>
**SerpApi** offers fast and easy real-time APIs to **access search engine results**. They scrape search engines, handle proxies, solve captchas, and parse all rich structured data for you.
**SerpApi** 提供快速且简单的实时API以**访问搜索引擎结果**。他们抓取搜索引擎,处理代理,解决验证码,并为你解析所有丰富的结构化数据。
A subscription to one of SerpApis plans includes access to over 50 different APIs for scraping different search engines, including Google, Bing, Baidu, Yahoo, Yandex, and more.\
Unlike other providers, **SerpApi doesnt just scrape organic results**. SerpApi responses consistently include all ads, inline images and videos, knowledge graphs, and other elements and features present in the search results.
订阅SerpApi的计划之一包括访问50多个不同的API用于抓取不同的搜索引擎包括Google、Bing、百度、Yahoo、Yandex等。\
与其他提供商不同,**SerpApi不仅仅抓取自然结果**。SerpApi的响应始终包括所有广告、内联图像和视频、知识图谱以及搜索结果中存在的其他元素和功能。
Current SerpApi customers include **Apple, Shopify, and GrubHub**.\
For more information check out their [**blog**](https://serpapi.com/blog/)**,** or try an example in their [**playground**](https://serpapi.com/playground)**.**\
You can **create a free account** [**here**](https://serpapi.com/users/sign_up)**.**
当前的SerpApi客户包括**Apple、Shopify和GrubHub**。\
有关更多信息,请查看他们的[**博客**](https://serpapi.com/blog/)****或在他们的[**游乐场**](https://serpapi.com/playground)**中尝试示例。**\
你可以在[**这里**](https://serpapi.com/users/sign_up)**创建一个免费账户。**
---
### 8kSec Academy In-Depth Mobile Security Courses
### 8kSec Academy 深入的移动安全课程
<figure><img src="images/image (2).png" alt=""><figcaption></figcaption></figure>
Learn the technologies and skills required to perform vulnerability research, penetration testing, and reverse engineering to protect mobile applications and devices. **Master iOS and Android security** through our on-demand courses and **get certified**:
学习执行漏洞研究、渗透测试和逆向工程所需的技术和技能,以保护移动应用和设备。通过我们的按需课程**掌握iOS和Android安全**并**获得认证**
{% embed url="https://academy.8ksec.io/" %}
@ -119,26 +119,26 @@ Learn the technologies and skills required to perform vulnerability research, pe
<figure><img src="images/websec (1).svg" alt=""><figcaption></figcaption></figure>
[**WebSec**](https://websec.nl) is a professional cybersecurity company based in **Amsterdam** which helps **protecting** businesses **all over the world** against the latest cybersecurity threats by providing **offensive-security services** with a **modern** approach.
[**WebSec**](https://websec.nl) 是一家总部位于**阿姆斯特丹**的专业网络安全公司,帮助**保护**全球企业免受最新网络安全威胁,通过提供**进攻性安全服务**以**现代**的方式。
WebSec is an **all-in-one security company** which means they do it all; Pentesting, **Security** Audits, Awareness Trainings, Phishing Campagnes, Code Review, Exploit Development, Security Experts Outsourcing and much more.
WebSec 是一家**一体化安全公司**,这意味着他们做所有事情;渗透测试、**安全**审计、意识培训、网络钓鱼活动、代码审查、漏洞开发、安全专家外包等等。
Another cool thing about WebSec is that unlike the industry average WebSec is **very confident in their skills**, to such an extent that they **guarantee the best quality results**, it states on their website "**If we can't hack it, You don't pay it!**". For more info take a look at their [**website**](https://websec.nl/en/) and [**blog**](https://websec.nl/blog/)!
WebSec的另一个酷点是与行业平均水平不同WebSec对他们的技能**非常自信**,以至于他们**保证最佳质量结果**,他们在网站上声明“**如果我们无法攻破它,你就不需要支付!**”。有关更多信息,请查看他们的[**网站**](https://websec.nl/en/)和[**博客**](https://websec.nl/blog/)
In addition to the above WebSec is also a **committed supporter of HackTricks.**
除了上述内容WebSec 还是**HackTricks的坚定支持者**。
{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
## License & Disclaimer
## 许可证和免责声明
Check them in:
查看他们在:
{{#ref}}
welcome/hacktricks-values-and-faq.md
{{#endref}}
## Github Stats
## Github 统计
![HackTricks Github Stats](https://repobeats.axiom.co/api/embed/68f8746802bcf1c8462e889e6e9302d4384f164b.svg)
![HackTricks Github 统计](https://repobeats.axiom.co/api/embed/68f8746802bcf1c8462e889e6e9302d4384f164b.svg)
{{#include ./banners/hacktricks-training.md}}

2
src/SUMMARY.md
View File

@ -866,3 +866,5 @@
- [Post Exploitation](todo/post-exploitation.md)
- [Investment Terms](todo/investment-terms.md)
- [Cookies Policy](todo/cookies-policy.md)

27
src/android-forensics.md
View File

@ -2,27 +2,26 @@
{{#include ./banners/hacktricks-training.md}}
## Locked Device
## 锁定设备
To start extracting data from an Android device it has to be unlocked. If it's locked you can:
要开始从 Android 设备提取数据,设备必须解锁。如果设备被锁定,您可以:
- Check if the device has debugging via USB activated.
- Check for a possible [smudge attack](https://www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf)
- Try with [Brute-force](https://www.cultofmac.com/316532/this-brute-force-device-can-crack-any-iphones-pin-code/)
- 检查设备是否已通过 USB 激活调试。
- 检查可能的 [smudge attack](https://www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf)
- 尝试使用 [Brute-force](https://www.cultofmac.com/316532/this-brute-force-device-can-crack-any-iphones-pin-code/)
## Data Adquisition
## 数据获取
Create an [android backup using adb](mobile-pentesting/android-app-pentesting/adb-commands.md#backup) and extract it using [Android Backup Extractor](https://sourceforge.net/projects/adbextractor/): `java -jar abe.jar unpack file.backup file.tar`
创建一个 [android backup using adb](mobile-pentesting/android-app-pentesting/adb-commands.md#backup) 并使用 [Android Backup Extractor](https://sourceforge.net/projects/adbextractor/) 提取: `java -jar abe.jar unpack file.backup file.tar`
### If root access or physical connection to JTAG interface
### 如果有 root 访问或物理连接到 JTAG 接口
- `cat /proc/partitions` (search the path to the flash memory, generally the first entry is _mmcblk0_ and corresponds to the whole flash memory).
- `df /data` (Discover the block size of the system).
- dd if=/dev/block/mmcblk0 of=/sdcard/blk0.img bs=4096 (execute it with the information gathered from the block size).
- `cat /proc/partitions`(搜索闪存的路径,通常第一个条目是 _mmcblk0_,对应整个闪存)。
- `df /data`(发现系统的块大小)。
- dd if=/dev/block/mmcblk0 of=/sdcard/blk0.img bs=4096(使用从块大小收集的信息执行)。
### Memory
### 内存
Use Linux Memory Extractor (LiME) to extract the RAM information. It's a kernel extension that should be loaded via adb.
使用 Linux Memory Extractor (LiME) 提取 RAM 信息。这是一个应该通过 adb 加载的内核扩展。
{{#include ./banners/hacktricks-training.md}}

15
src/burp-suite.md
View File

@ -1,18 +1,17 @@
{{#include ./banners/hacktricks-training.md}}
# Basic Payloads
# 基本有效载荷
- **Simple List:** Just a list containing an entry in each line
- **Runtime File:** A list read in runtime (not loaded in memory). For supporting big lists.
- **Case Modification:** Apply some changes to a list of strings(No change, to lower, to UPPER, to Proper name - First capitalized and the rest to lower-, to Proper Name -First capitalized an the rest remains the same-.
- **Numbers:** Generate numbers from X to Y using Z step or randomly.
- **Brute Forcer:** Character set, min & max length.
- **简单列表:** 仅包含每行一个条目的列表
- **运行时文件:** 在运行时读取的列表(不加载到内存中)。用于支持大列表。
- **大小写修改:** 对字符串列表应用一些更改(不变,转为小写,转为大写,转为专有名词 - 首字母大写,其余小写 -,转为专有名词 - 首字母大写,其余保持不变)。
- **数字:** 使用 Z 步长或随机生成从 X 到 Y 的数字。
- **暴力破解:** 字符集,最小和最大长度。
[https://github.com/0xC01DF00D/Collabfiltrator](https://github.com/0xC01DF00D/Collabfiltrator) : Payload to execute commands and grab the output via DNS requests to burpcollab.
[https://github.com/0xC01DF00D/Collabfiltrator](https://github.com/0xC01DF00D/Collabfiltrator) : 用于执行命令并通过 DNS 请求获取输出的有效载荷到 burpcollab。
{% embed url="https://medium.com/@ArtsSEC/burp-suite-exporter-462531be24e" %}
[https://github.com/h3xstream/http-script-generator](https://github.com/h3xstream/http-script-generator)
{{#include ./banners/hacktricks-training.md}}