coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
carlospolop 2023-01-01 17:19:07 +01:00
parent 00b1424c0f
commit ff67a60687
21 changed files with 235 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -100,22 +100,6 @@ In addition to the above WebSec is also a **committed supporter of HackTricks.**
{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
### [**INE**](https://ine.com)
![](.gitbook/assets/ine\_logo-3-.jpg)
[**INE**](https://ine.com) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com)**.**
**INE** also support cybersecurity open source projects like HackTricks :)
**Courses and Certifications reviews**
You can find **my reviews of the certifications eMAPT and eWPTXv2** (and their **respective preparation courses**) on the following page:
{% content-ref url="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %}
[ine-courses-and-elearnsecurity-certifications-reviews.md](courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md)
{% endcontent-ref %}
## License
**Copyright © Carlos Polop 2022. Except where otherwise specified (the external information copied into the book belongs to the original authors), the text on** [**HACK TRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop is licensed under the**[ **Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)**](https://creativecommons.org/licenses/by-nc/4.0/)**.**\

16
cryptography/certificates.md
View File

@ -12,11 +12,13 @@
</details>
<figure><img src="../.gitbook/assets/image (10) (2).png" alt=""><figcaption></figcaption></figure>
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## What is a Certificate
@ -195,11 +197,13 @@ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
```
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Browsers Artifacts <a href="#3def" id="3def"></a>
@ -266,11 +268,13 @@ Opera **stores browser history and download data in the exact same format as Goo
* **Browsers built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences`
* **fraud\_protection\_enabled** should be **true**
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## OneDrive
@ -111,11 +113,13 @@ Other tables inside this database contain more interesting information:
* **deleted\_fields**: Dropbox deleted files
* **date\_added**
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

8
forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Introduction

8
forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
From: [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/)

24
linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/README.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Automatic Enumeration & Escape
@ -508,11 +510,13 @@ If you only have `hostIPC=true`, you most likely can't do much. If any process o
The second technique explained in the post [https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files).
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## CVEs
@ -557,11 +561,13 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new
* [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket)
* [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4)
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
linux-hardening/useful-linux-commands/bypass-bash-restrictions.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Common Limitations Bypasses
@ -349,11 +351,13 @@ If you are inside a filesystem with the **read-only and noexec protections** the
* [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)
* [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
**This tutorial was taken from:** [**https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533**](https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533)
@ -86,11 +88,13 @@ After installing Certificate SSL endpoints also working fine tested using → [h
After installing the certificate this way Firefox for Android won't use it (based on my tests), so use a different browser.
{% endhint %}
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
mobile-pentesting/ios-pentesting-checklist.md
View File

@ -1,10 +1,12 @@
# iOS Pentesting Checklist
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>
@ -118,8 +120,10 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}

32
mobile-pentesting/ios-pentesting/README.md
View File

@ -1,10 +1,12 @@
# iOS Pentesting
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## iOS Pentesting
@ -382,11 +384,13 @@ struct CGSize {
However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/).
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Data Storage
@ -742,11 +746,13 @@ Jun 7 13:42:14 iPhone touch[9708] <Notice>: MS:Notice: Injecting: (null) [touch
...
```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Backups
@ -1228,11 +1234,13 @@ You can find the **libraries used by an application** by running **`otool`** aga
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
* [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Burp Cert Installation in physical iOS
@ -118,11 +120,13 @@ Steps to configure Burp as proxy:
* Click on _**Ok**_ and the in _**Apply**_
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
network-services-pentesting/1099-pentesting-java-rmi.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information
@ -323,11 +325,13 @@ Entry_1:
Command: rmg enum {IP} {PORT}
```
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
network-services-pentesting/pentesting-web/flask.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
**Probably if you are playing a CTF a Flask application will be related to** [**SSTI**](../../pentesting-web/ssti-server-side-template-injection/)**.**
@ -86,11 +88,13 @@ Command line tool to brute-force websites using cookies crafted with flask-unsig
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

24
network-services-pentesting/pentesting-web/web-api-pentesting.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information
@ -137,11 +139,13 @@ AutoRepeater Burp Extension: Add a replacement rule
* `Match: v2 (higher version)`
* `Replace: v1 (lower version)`
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## 🛡️ API Security Empire Cheat Sheet
@ -227,11 +231,13 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
* [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API.
* [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

32
network-services-pentesting/pentesting-web/wordpress.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information
@ -99,11 +101,13 @@ curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-conten
curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Active enumeration
@ -281,11 +285,13 @@ wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detec
#You can try to bruteforce the admin user using wpscan with "-U admin"
```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Get access by overwriting a bit
@ -423,11 +429,13 @@ Also, **only install trustable WordPress plugins and themes**.
* **Limit login attempts** to prevent Brute Force attacks
* Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

24
pentesting-web/cache-deception.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## The difference
@ -123,11 +125,13 @@ The [Web Cache Vulnerability Scanner](https://github.com/Hackmanit/Web-Cache-Vul
Example usage: `wcvs -u example.com`
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Vulnerable Examples
@ -227,11 +231,13 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
* [https://youst.in/posts/cache-poisoning-at-scale/](https://youst.in/posts/cache-poisoning-at-scale/)
* [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
pentesting-web/clickjacking.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## What is Clickjacking
@ -175,11 +177,13 @@ See the following documentation for further details and more complex examples:
* [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking)
* [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

24
pentesting-web/domain-subdomain-takeover.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Domain takeover
@ -67,11 +69,13 @@ All of them vulnerable to subdomain takeover. All of them were big brands. Talki
Nevertheless, recent phishing campaigns host content on domains with long domain names that include name of the brand (see [Apple example](https://www.phishtank.com/target\_search.php?target\_id=183\&valid=y\&active=All\&Search=Search)). Having valid SSL certificate (more on that below), keyword in domain name and website which mimics the website of targeted brand, people tend to fall into these attacks. Think about chances with a legitimate subdomain of this brand.
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
### SSL Certificates <a href="#sslcertificates" id="sslcertificates"></a>
@ -159,11 +163,13 @@ Until next time!
[Patrik](https://twitter.com/0xpatrik)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

24
stego/stego-tricks.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Extracting data from all files
@ -84,11 +86,13 @@ cmp original.jpg stego.jpg -b -l
If you find that a **text line** is **bigger** than it should be, then some **hidden information** could be included inside the **spaces** using invisible characters.󐁈󐁥󐁬󐁬󐁯󐀠󐁴󐁨\
To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Extracting data from images
@ -218,11 +222,13 @@ To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://o
* [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/)
* [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>

16
windows-hardening/active-directory-methodology/pass-the-ticket.md
View File

@ -12,11 +12,13 @@
</details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Pass The Ticket (PTT)
@ -63,11 +65,13 @@ klist #List tickets in cache to cehck that mimikatz has loaded the ticket
* [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original">
![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %}
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details>