mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
GitBook: [#3619] No subject
This commit is contained in:
parent
7708d4acc9
commit
0bf969f939
7 changed files with 35 additions and 29 deletions
BIN
.gitbook/assets/image (33) (1).png
Normal file
BIN
.gitbook/assets/image (33) (1).png
Normal file
Binary file not shown.
After Width: | Height: | Size: 3.6 KiB |
Binary file not shown.
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 245 KiB |
Binary file not shown.
Before Width: | Height: | Size: 245 KiB After Width: | Height: | Size: 26 KiB |
|
@ -160,7 +160,7 @@ For example:
|
||||||
|
|
||||||
In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
|
In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
|
||||||
|
|
||||||
![](<../.gitbook/assets/image (33).png>)
|
![](<../.gitbook/assets/image (33) (1).png>)
|
||||||
|
|
||||||
In this case you can see that **the char 0x0D is avoided**:
|
In this case you can see that **the char 0x0D is avoided**:
|
||||||
|
|
||||||
|
|
|
@ -205,7 +205,7 @@ To crack these hashes:
|
||||||
|
|
||||||
• If new version of FreeIPA is used, so **PBKDF2\_SHA256** is used: You should decode **base64** -> find PBKDF2\_SHA256 -> it’s **length** is 256 byte. John can work with 256 bits (32 byte) -> SHA-265 used as the pseudo-random function, block size is 32 byte -> you can use only first 256 bit of our PBKDF2\_SHA256 hash -> John The Ripper or hashcat can help you to crack it
|
• If new version of FreeIPA is used, so **PBKDF2\_SHA256** is used: You should decode **base64** -> find PBKDF2\_SHA256 -> it’s **length** is 256 byte. John can work with 256 bits (32 byte) -> SHA-265 used as the pseudo-random function, block size is 32 byte -> you can use only first 256 bit of our PBKDF2\_SHA256 hash -> John The Ripper or hashcat can help you to crack it
|
||||||
|
|
||||||
<figure><img src="../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="../.gitbook/assets/image (33).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
To extract the hashes you need to be **root in the FreeIPA server**, there you can use the tool **`dbscan`** to extract them:
|
To extract the hashes you need to be **root in the FreeIPA server**, there you can use the tool **`dbscan`** to extract them:
|
||||||
|
|
||||||
|
|
|
@ -74,7 +74,7 @@ Other useful extensions:
|
||||||
AAA<--SNIP 232 A-->AAA.php.png
|
AAA<--SNIP 232 A-->AAA.php.png
|
||||||
```
|
```
|
||||||
|
|
||||||
### Bypass Content-Type, Magic Number, Compression & Resizign
|
### Bypass Content-Type, Magic Number, Compression & Resizing
|
||||||
|
|
||||||
* Bypass **Content-Type** checks by setting the **value** of the **Content-Type** **header** to: _image/png_ , _text/plain , application/octet-stream_
|
* Bypass **Content-Type** checks by setting the **value** of the **Content-Type** **header** to: _image/png_ , _text/plain , application/octet-stream_
|
||||||
1. Content-Type **wordlist**: [https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt](https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt)
|
1. Content-Type **wordlist**: [https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt](https://github.com/danielmiessler/SecLists/blob/master/Miscellaneous/web/content-type.txt)
|
||||||
|
@ -90,6 +90,8 @@ Other useful extensions:
|
||||||
* Another technique to make a payload that **survives an image resizing**, using the PHP-GD function `thumbnailImage`. However, you could use the **tEXt chunk** [**technique defined here**](https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html) to insert some text that will **survive compression**.
|
* Another technique to make a payload that **survives an image resizing**, using the PHP-GD function `thumbnailImage`. However, you could use the **tEXt chunk** [**technique defined here**](https://www.synacktiv.com/publications/persistent-php-payloads-in-pngs-how-to-inject-php-code-in-an-image-and-keep-it-there.html) to insert some text that will **survive compression**.
|
||||||
* ****[**Github with the code**](https://github.com/synacktiv/astrolock/blob/main/payloads/generators/gen\_tEXt\_png.php)****
|
* ****[**Github with the code**](https://github.com/synacktiv/astrolock/blob/main/payloads/generators/gen\_tEXt\_png.php)****
|
||||||
|
|
||||||
|
****
|
||||||
|
|
||||||
### Other Tricks to check
|
### Other Tricks to check
|
||||||
|
|
||||||
* Find a vulnerability to **rename** the file already uploaded (to change the extension).
|
* Find a vulnerability to **rename** the file already uploaded (to change the extension).
|
||||||
|
@ -322,6 +324,8 @@ This helps to upload a file that complins with the format of several different f
|
||||||
|
|
||||||
More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a](https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a)
|
More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a](https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<img src="../../.gitbook/assets/i3.png" alt="" data-size="original">\
|
<img src="../../.gitbook/assets/i3.png" alt="" data-size="original">\
|
||||||
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
|
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
|
||||||
|
|
||||||
|
|
|
@ -1,25 +1,22 @@
|
||||||
|
# Esoteric languages
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||||
|
|
||||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||||
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||||
|
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||||
|
|
||||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
||||||
|
|
||||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
## [Esolangs Wiki](https://esolangs.org/wiki/Main\_Page)
|
||||||
|
|
||||||
[Esolangs Wiki](https://esolangs.org/wiki/Main_Page)
|
Check that wiki to search more esotreic languages
|
||||||
|
|
||||||
# Malbolge
|
## Malbolge
|
||||||
|
|
||||||
```
|
```
|
||||||
('&%:9]!~}|z2Vxwv-,POqponl$Hjig%eB@@>}=<M:9wv6WsU2T|nm-,jcL(I&%$#"
|
('&%:9]!~}|z2Vxwv-,POqponl$Hjig%eB@@>}=<M:9wv6WsU2T|nm-,jcL(I&%$#"
|
||||||
|
@ -28,13 +25,13 @@
|
||||||
|
|
||||||
[http://malbolge.doleczek.pl/](http://malbolge.doleczek.pl)
|
[http://malbolge.doleczek.pl/](http://malbolge.doleczek.pl)
|
||||||
|
|
||||||
# npiet
|
## npiet
|
||||||
|
|
||||||
![](<../.gitbook/assets/image (146).png>)
|
![](<../.gitbook/assets/image (146).png>)
|
||||||
|
|
||||||
[https://www.bertnase.de/npiet/npiet-execute.php](https://www.bertnase.de/npiet/npiet-execute.php)
|
[https://www.bertnase.de/npiet/npiet-execute.php](https://www.bertnase.de/npiet/npiet-execute.php)
|
||||||
|
|
||||||
# Rockstar
|
## Rockstar
|
||||||
|
|
||||||
```
|
```
|
||||||
Midnight takes your heart and your soul
|
Midnight takes your heart and your soul
|
||||||
|
@ -65,23 +62,28 @@ Take it to the top
|
||||||
Whisper my world
|
Whisper my world
|
||||||
```
|
```
|
||||||
|
|
||||||
[https://codewithrockstar.com/](https://codewithrockstar.com)
|
{% embed url="https://codewithrockstar.com/" %}
|
||||||
|
|
||||||
|
## PETOOH
|
||||||
|
|
||||||
|
```
|
||||||
|
KoKoKoKoKoKoKoKoKoKo Kud-Kudah
|
||||||
|
KoKoKoKoKoKoKoKo kudah kO kud-Kudah Kukarek kudah
|
||||||
|
KoKoKo Kud-Kudah
|
||||||
|
kOkOkOkO kudah kO kud-Kudah Ko Kukarek kudah
|
||||||
|
KoKoKoKo Kud-Kudah KoKoKoKo kudah kO kud-Kudah kO Kukarek
|
||||||
|
kOkOkOkOkO Kukarek Kukarek kOkOkOkOkOkOkO
|
||||||
|
Kukarek
|
||||||
|
```
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|
||||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||||
|
|
||||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||||
|
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||||
|
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||||
|
|
||||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
|
||||||
|
|
||||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue