coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] 2 pages modified

Browse Source
This commit is contained in:
CPol 2021-02-11 23:56:58 +00:00 committed by gitbook-bot
parent 3b7f2b135b
commit 02c03a87f6
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 4 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pentesting/pentesting-smtp/README.md
View File

@ -183,7 +183,7 @@ A **complete guide of these countermeasures** can be found in [https://seanthege
**Sender Policy Framework** \(SPF\) provides a mechanism that allows MTAs to check if a host sending an email is authorized.
Then, the organisations can define a list of authorised mail servers and the MTAs can query for this lists to check if the email was spoofed or not.
****In order to define IP addresses/ranges, domains and others that **are allowed to send email on behalf a domain name**, different "**Mechanism**" cam appear in the SPF registry.
**\*\*In order to define IP addresses/ranges, domains and others that** are allowed to send email on behalf a domain name**, different "**Mechanism\*\*" cam appear in the SPF registry.
#### Mechanisms
@ -386,5 +386,3 @@ sendmail.cf
submit.cf
```

4
pentesting/pentesting-web/README.md
View File

@ -286,7 +286,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
* `X-Original-URL: /admin/console`
* `X-Rewrite-URL: /admin/console`
* **Guess the password**: Test the following common credentials. Do you know something about the victim? Or the CTF challenge name?
* [**Brute force**](../../brute-force.md#http-brute)
* [**Brute force**](../../brute-force.md#http-brute)**:** Try basic, digest and NTLM auth.
{% code title="Common creds" %}
```text
@ -303,7 +303,7 @@ _Note that anytime a new directory is discovered during brute-forcing or spideri
#### 502 Proxy Error
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1` \(with the host header and other common headers\), the** proxy **will try to** access **\_**google.com**\_ and you will have found a** SSRF.
If any page **responds** with that **code**, it's probably a **bad configured proxy**. **If you send a HTTP request like: `GET https://google.com HTTP/1.1`** \(with the host header and other common headers\), the ****proxy ****will try to **access** _**google.com**_ ****and you will have found a **SSRF**.
#### **NTLM Authentication - Info disclosure**