GitBook: [master] 2 pages modified
This commit is contained in:
parent
3b7f2b135b
commit
02c03a87f6
@ -20,7 +20,7 @@ If you have the opportunity to **make the victim send you a emai**l \(via contac
|
||||
|
||||
You can also get an email from a SMTP server trying to **send to that server an email to a non-existent address** \(because the server will send to the attacker a NDN mail\). But, be sure that you send the email from an allowed address \(check the SPF policy\) and that you can receive NDN messages.
|
||||
|
||||
You should also try to **send different contents because you can find more interesting information** on the headers like: `X-Virus-Scanned: by av.domain.com`
|
||||
You should also try to **send different contents because you can find more interesting information** on the headers like: `X-Virus-Scanned: by av.domain.com`
|
||||
You should send the EICAR test file.
|
||||
Detecting the **AV** may allow you to exploit **known vulnerabilities.**
|
||||
|
||||
@ -183,7 +183,7 @@ A **complete guide of these countermeasures** can be found in [https://seanthege
|
||||
|
||||
**Sender Policy Framework** \(SPF\) provides a mechanism that allows MTAs to check if a host sending an email is authorized.
|
||||
Then, the organisations can define a list of authorised mail servers and the MTAs can query for this lists to check if the email was spoofed or not.
|
||||
****In order to define IP addresses/ranges, domains and others that **are allowed to send email on behalf a domain name**, different "**Mechanism**" cam appear in the SPF registry.
|
||||
**\*\*In order to define IP addresses/ranges, domains and others that** are allowed to send email on behalf a domain name**, different "**Mechanism\*\*" cam appear in the SPF registry.
|
||||
|
||||
#### Mechanisms
|
||||
|
||||
@ -386,5 +386,3 @@ sendmail.cf
|
||||
submit.cf
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
@ -286,7 +286,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
|
||||
* `X-Original-URL: /admin/console`
|
||||
* `X-Rewrite-URL: /admin/console`
|
||||
* **Guess the password**: Test the following common credentials. Do you know something about the victim? Or the CTF challenge name?
|
||||
* [**Brute force**](../../brute-force.md#http-brute)
|
||||
* [**Brute force**](../../brute-force.md#http-brute)**:** Try basic, digest and NTLM auth.
|
||||
|
||||
{% code title="Common creds" %}
|
||||
```text
|
||||
@ -303,7 +303,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
|
||||
|
||||
#### 502 Proxy Error
|
||||
|
||||
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1` \(with the host header and other common headers\), the** proxy **will try to** access **\_**google.com**\_ and you will have found a** SSRF.
|
||||
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1`** \(with the host header and other common headers\), the ****proxy ****will try to **access** _**google.com**_ ****and you will have found a **SSRF**.
|
||||
|
||||
#### **NTLM Authentication - Info disclosure**
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user