Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/other-web-tricks.md

80 lines
6.2 KiB
Markdown
Raw Normal View History

Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
# Other Web Tricks
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
{% hint style="success" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
<summary>Support HackTricks</summary>
a
2024-02-02 12:19:57 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki hila za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
{% endhint %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['network-services-pentesting/512-pentesting-rexec.md', 'netw
2024-08-04 15:19:02 +00:00
<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
**Pata mtazamo wa hacker kuhusu programu zako za wavuti, mtandao, na wingu**
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:26:41 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
**Pata na ripoti udhaifu muhimu, unaoweza kutumiwa kwa faida halisi ya biashara.** Tumia zana zetu zaidi ya 20 za kawaida kupanga uso wa shambulio, pata masuala ya usalama yanayokuruhusu kupandisha mamlaka, na tumia matumizi ya kiotomatiki kukusanya ushahidi muhimu, ukigeuza kazi yako ngumu kuwa ripoti za kushawishi.
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### Host header
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
Mara kadhaa nyuma ya pazia inategemea **Host header** kufanya baadhi ya vitendo. Kwa mfano, inaweza kutumia thamani yake kama **domain ya kutuma upya nenosiri**. Hivyo unapopokea barua pepe yenye kiungo cha kurekebisha nenosiri lako, domain inayotumika ni ile uliyoweka katika Host header. Kisha, unaweza kuomba kurekebisha nenosiri la watumiaji wengine na kubadilisha domain kuwa moja inayodhibitiwa na wewe ili kuiba nambari zao za kurekebisha nenosiri. [WriteUp](https://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-take-over-any-users-account-with-host-header-injection-546fff6d0f2).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
GITBOOK-3868: change request with no subject merged in GitBook
2023-04-06 23:17:12 +00:00
{% hint style="warning" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
Kumbuka kwamba inawezekana usihitaji hata kusubiri mtumiaji abonyeze kiungo cha kurekebisha nenosiri ili kupata tokeni, kwani labda hata **filta za spam au vifaa/boti vingine vya kati vitabonyeza ili kuchambua**.
GITBOOK-3868: change request with no subject merged in GitBook
2023-04-06 23:17:12 +00:00
{% endhint %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### Session booleans
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
Wakati mwingine unapokamilisha uthibitisho fulani kwa usahihi, nyuma ya pazia itachukua **kuongeza boolean yenye thamani "True" kwa sifa ya usalama ya kikao chako**. Kisha, mwisho tofauti utajua kama umepita hiyo ukaguzi kwa mafanikio.\
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
Hata hivyo, ikiwa **umepita ukaguzi** na kikao chako kinapewa thamani hiyo "True" katika sifa ya usalama, unaweza kujaribu **kufikia rasilimali nyingine** ambazo **zinategemea sifa hiyo hiyo** lakini ambazo **hupaswi kuwa na ruhusa** za kufikia. [WriteUp](https://medium.com/@ozguralp/a-less-known-attack-vector-second-order-idor-attacks-14468009781a).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### Register functionality
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
Jaribu kujiandikisha kama mtumiaji ambaye tayari yupo. Jaribu pia kutumia wahusika sawa (madoadoa, nafasi nyingi na Unicode).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### Takeover emails
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
Jiandikishe barua pepe, kabla ya kuithibitisha badilisha barua pepe, kisha, ikiwa barua pepe mpya ya uthibitisho itatumwa kwa barua pepe ya kwanza iliyosajiliwa, unaweza kuchukua barua pepe yoyote. Au ikiwa unaweza kuwezesha barua pepe ya pili kuthibitisha ya kwanza, unaweza pia kuchukua akaunti yoyote.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### Access Internal servicedesk of companies using atlassian
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
{% embed url="https://yourcompanyname.atlassian.net/servicedesk/customer/user/login" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
### TRACE method
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:26:41 +00:00
Wakandarasi wanaweza kusahau kuzima chaguzi mbalimbali za ufuatiliaji katika mazingira ya uzalishaji. Kwa mfano, njia ya HTTP `TRACE` imeundwa kwa madhumuni ya uchunguzi. Ikiwa imewezeshwa, seva ya wavuti itajibu maombi yanayotumia njia ya `TRACE` kwa kurudisha katika jibu ombi halisi lililopokelewa. Tabia hii mara nyingi haina madhara, lakini wakati mwingine husababisha kufichuliwa kwa habari, kama vile jina la vichwa vya uthibitishaji vya ndani ambavyo vinaweza kuongezwa kwa maombi na proxies za kinyume.![Image for post](https://miro.medium.com/max/60/1\*wDFRADTOd9Tj63xucenvAA.png?q=20)
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
![Image for post](https://miro.medium.com/max/1330/1\*wDFRADTOd9Tj63xucenvAA.png)
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['network-services-pentesting/512-pentesting-rexec.md', 'netw
2024-08-04 15:19:02 +00:00
<figure><img src="/.gitbook/assets/pentest-tools.svg" alt=""><figcaption></figcaption></figure>
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
**Pata mtazamo wa hacker kuhusu programu zako za wavuti, mtandao, na wingu**
Translated ['README.md', 'binary-exploitation/format-strings/README.md',
2024-11-09 13:26:41 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
**Pata na ripoti udhaifu muhimu, unaoweza kutumiwa kwa faida halisi ya biashara.** Tumia zana zetu zaidi ya 20 za kawaida kupanga uso wa shambulio, pata masuala ya usalama yanayokuruhusu kupandisha mamlaka, na tumia matumizi ya kiotomatiki kukusanya ushahidi muhimu, ukigeuza kazi yako ngumu kuwa ripoti za kushawishi.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['README.md', 'network-services-pentesting/512-pentesting-rex
2024-07-29 09:27:29 +00:00
{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %}
asd
2023-05-31 10:24:06 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
{% hint style="success" %}
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
Jifunze na fanya mazoezi ya AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Jifunze na fanya mazoezi ya GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
<details>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
<summary>Support HackTricks</summary>
a
2024-02-02 12:19:57 +00:00
Translated ['README.md', 'generic-methodologies-and-resources/python/byp
2024-11-09 13:53:18 +00:00
* Angalia [**mpango wa usajili**](https://github.com/sponsors/carlospolop)!
* **Jiunge na** 💬 [**kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuatilie** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki hila za hacking kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['1911-pentesting-fox.md', '6881-udp-pentesting-bittorrent.md
2024-07-18 18:37:42 +00:00
{% endhint %}
Reference in a new issue Copy permalink