From 116e3864db7686bf854dbac6888d76089b0b7875 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Fri, 9 Feb 2024 18:55:27 +0100 Subject: [PATCH] a --- .../desofuscation-vbs-cscript.exe.md | 4 ++-- mobile-pentesting/ios-pentesting/ios-webviews.md | 4 ++-- pentesting-web/file-upload/README.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md index 7755d0972..e1fb4471c 100644 --- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md +++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md @@ -25,13 +25,13 @@ Wscript.Echo "Like this?" ## Commnets -```bas +```bash ' this is a comment ``` ## Test -```bas +```bash cscript.exe file.vbs ``` diff --git a/mobile-pentesting/ios-pentesting/ios-webviews.md b/mobile-pentesting/ios-pentesting/ios-webviews.md index 7d9d732c3..c2d47a562 100644 --- a/mobile-pentesting/ios-pentesting/ios-webviews.md +++ b/mobile-pentesting/ios-pentesting/ios-webviews.md @@ -27,7 +27,7 @@ WebViews are utilized within applications to display web content interactively. - **SFSafariViewController** offers a standardized web browsing experience within apps, recognizable by its specific layout including a read-only address field, share and navigation buttons, and a direct link to open content in Safari. Unlike **WKWebView**, **JavaScript** cannot be disabled in **SFSafariViewController**, which also shares cookies and data with Safari, maintaining user privacy from the app. It must be displayed prominently according to App Store guidelines. -```objetivec +```javascript // Example of disabling JavaScript in WKWebView: WKPreferences *preferences = [[WKPreferences alloc] init]; preferences.javaScriptEnabled = NO; @@ -87,7 +87,7 @@ Dynamic analysis involves inspecting the heap for WebView instances and their pr Heap inspection can be conducted using `ObjC.choose()` to identify WebView instances and check `javaScriptEnabled` and `hasonlysecurecontent` properties. {% code title="webviews_inspector.js" %} -```objetivec +```javascript ObjC.choose(ObjC.classes['UIWebView'], { onMatch: function (ui) { console.log('onMatch: ', ui); diff --git a/pentesting-web/file-upload/README.md b/pentesting-web/file-upload/README.md index d01c4ed5a..41301eeac 100644 --- a/pentesting-web/file-upload/README.md +++ b/pentesting-web/file-upload/README.md @@ -301,7 +301,7 @@ For further details **check the original post in**: [https://blog.silentsignal.e 3. **Modification with a Hex Editor or vi**: The names of the files inside the zip are altered using vi or a hex editor, changing "xxA" to "../" to traverse directories. - ```vi + ```bash :set modifiable :%s/xxA/..\//g :x!