From 02c03a87f6f447b0a06a0aa8b188ed3b9d454b55 Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Thu, 11 Feb 2021 23:56:58 +0000
Subject: [PATCH] GitBook: [master] 2 pages modified

---
 pentesting/pentesting-smtp/README.md | 6 ++----
 pentesting/pentesting-web/README.md  | 4 ++--
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/pentesting/pentesting-smtp/README.md b/pentesting/pentesting-smtp/README.md
index f95ca74c..a7a35f43 100644
--- a/pentesting/pentesting-smtp/README.md
+++ b/pentesting/pentesting-smtp/README.md
@@ -20,7 +20,7 @@ If you have the opportunity to **make the victim send you a emai**l \(via contac
 
 You can also get an email from a SMTP server trying to **send to that server an email to a non-existent address** \(because the server will send to the attacker a NDN mail\). But, be sure that you send the email from an allowed address \(check the SPF policy\) and that you can receive NDN messages.
 
-You should also try to **send different contents because you can find more interesting information** on the headers like: `X-Virus-Scanned: by av.domain.com`   
+You should also try to **send different contents because you can find more interesting information** on the headers like: `X-Virus-Scanned: by av.domain.com`  
 You should send the EICAR test file.  
 Detecting the **AV** may allow you to exploit **known vulnerabilities.**
 
@@ -183,7 +183,7 @@ A **complete guide of these countermeasures** can be found in [https://seanthege
 
 **Sender Policy Framework** \(SPF\) provides a mechanism that allows MTAs to check if a host sending an email is authorized.  
 Then, the organisations can define a list of authorised mail servers and the MTAs can query for this lists to check if the email was spoofed or not.  
-****In order to define IP addresses/ranges, domains and others that **are allowed to send email on behalf a domain name**, different "**Mechanism**" cam appear in the SPF registry.
+**\*\*In order to define IP addresses/ranges, domains and others that** are allowed to send email on behalf a domain name**, different "**Mechanism\*\*" cam appear in the SPF registry.
 
 #### Mechanisms
 
@@ -386,5 +386,3 @@ sendmail.cf
 submit.cf
 ```
 
-
-
diff --git a/pentesting/pentesting-web/README.md b/pentesting/pentesting-web/README.md
index ffbaf805..8e10da2b 100644
--- a/pentesting/pentesting-web/README.md
+++ b/pentesting/pentesting-web/README.md
@@ -286,7 +286,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
     * `X-Original-URL: /admin/console`
     * `X-Rewrite-URL: /admin/console`
 * **Guess the password**: Test the following common credentials. Do you know something about the victim? Or the CTF challenge name?
-* [**Brute force**](../../brute-force.md#http-brute)
+* [**Brute force**](../../brute-force.md#http-brute)**:** Try basic, digest and NTLM auth.
 
   {% code title="Common creds" %}
   ```text
@@ -303,7 +303,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
 
 #### 502 Proxy Error
 
-If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1` \(with the host header and other common headers\), the** proxy **will try to** access **\_**google.com**\_ and you will have found a** SSRF.
+If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1`** \(with the host header and other common headers\), the ****proxy ****will try to **access** _**google.com**_ ****and you will have found a **SSRF**.
 
 #### **NTLM Authentication - Info disclosure**