diff --git a/.gitbook/assets/image (15) (1) (1).png b/.gitbook/assets/image (15) (1) (1).png
new file mode 100644
index 000000000..ec5a7ae1c
Binary files /dev/null and b/.gitbook/assets/image (15) (1) (1).png differ
diff --git a/.gitbook/assets/image (15) (1).png b/.gitbook/assets/image (15) (1).png
index ec5a7ae1c..fed36b16d 100644
Binary files a/.gitbook/assets/image (15) (1).png and b/.gitbook/assets/image (15) (1).png differ
diff --git a/.gitbook/assets/image (15).png b/.gitbook/assets/image (15).png
index fed36b16d..d5eb069ff 100644
Binary files a/.gitbook/assets/image (15).png and b/.gitbook/assets/image (15).png differ
diff --git a/.gitbook/assets/image (16) (1) (1).png b/.gitbook/assets/image (16) (1) (1).png
new file mode 100644
index 000000000..05177f76b
Binary files /dev/null and b/.gitbook/assets/image (16) (1) (1).png differ
diff --git a/.gitbook/assets/image (16) (1).png b/.gitbook/assets/image (16) (1).png
index 05177f76b..b3a5bfb51 100644
Binary files a/.gitbook/assets/image (16) (1).png and b/.gitbook/assets/image (16) (1).png differ
diff --git a/.gitbook/assets/image (16).png b/.gitbook/assets/image (16).png
index b3a5bfb51..e8b6b2135 100644
Binary files a/.gitbook/assets/image (16).png and b/.gitbook/assets/image (16).png differ
diff --git a/.gitbook/assets/image (17) (2).png b/.gitbook/assets/image (17) (2).png
new file mode 100644
index 000000000..af9321597
Binary files /dev/null and b/.gitbook/assets/image (17) (2).png differ
diff --git a/.gitbook/assets/image (17).png b/.gitbook/assets/image (17).png
index af9321597..feabde2df 100644
Binary files a/.gitbook/assets/image (17).png and b/.gitbook/assets/image (17).png differ
diff --git a/.gitbook/assets/image (18) (1) (1).png b/.gitbook/assets/image (18) (1) (1).png
new file mode 100644
index 000000000..c475e52f9
Binary files /dev/null and b/.gitbook/assets/image (18) (1) (1).png differ
diff --git a/.gitbook/assets/image (18) (1).png b/.gitbook/assets/image (18) (1).png
index c475e52f9..69f6170c5 100644
Binary files a/.gitbook/assets/image (18) (1).png and b/.gitbook/assets/image (18) (1).png differ
diff --git a/.gitbook/assets/image (18).png b/.gitbook/assets/image (18).png
index 69f6170c5..3a9cc1bb0 100644
Binary files a/.gitbook/assets/image (18).png and b/.gitbook/assets/image (18).png differ
diff --git a/.gitbook/assets/image (19) (2).png b/.gitbook/assets/image (19) (2).png
new file mode 100644
index 000000000..f8b430522
Binary files /dev/null and b/.gitbook/assets/image (19) (2).png differ
diff --git a/.gitbook/assets/image (19).png b/.gitbook/assets/image (19).png
index f8b430522..3305c8600 100644
Binary files a/.gitbook/assets/image (19).png and b/.gitbook/assets/image (19).png differ
diff --git a/.gitbook/assets/image (20) (1) (1).png b/.gitbook/assets/image (20) (1) (1).png
new file mode 100644
index 000000000..ce5072c43
Binary files /dev/null and b/.gitbook/assets/image (20) (1) (1).png differ
diff --git a/.gitbook/assets/image (20) (1).png b/.gitbook/assets/image (20) (1).png
index ce5072c43..fc66de854 100644
Binary files a/.gitbook/assets/image (20) (1).png and b/.gitbook/assets/image (20) (1).png differ
diff --git a/.gitbook/assets/image (20).png b/.gitbook/assets/image (20).png
index fc66de854..e5d569d4c 100644
Binary files a/.gitbook/assets/image (20).png and b/.gitbook/assets/image (20).png differ
diff --git a/.gitbook/assets/image (21) (1) (1).png b/.gitbook/assets/image (21) (1) (1).png
new file mode 100644
index 000000000..34081bf3a
Binary files /dev/null and b/.gitbook/assets/image (21) (1) (1).png differ
diff --git a/.gitbook/assets/image (21) (1).png b/.gitbook/assets/image (21) (1).png
index 34081bf3a..4b19a9eef 100644
Binary files a/.gitbook/assets/image (21) (1).png and b/.gitbook/assets/image (21) (1).png differ
diff --git a/.gitbook/assets/image (21).png b/.gitbook/assets/image (21).png
index 4b19a9eef..efd765a7c 100644
Binary files a/.gitbook/assets/image (21).png and b/.gitbook/assets/image (21).png differ
diff --git a/.gitbook/assets/image (22) (2).png b/.gitbook/assets/image (22) (2).png
new file mode 100644
index 000000000..670ab5e81
Binary files /dev/null and b/.gitbook/assets/image (22) (2).png differ
diff --git a/.gitbook/assets/image (22).png b/.gitbook/assets/image (22).png
index 670ab5e81..af5dbbe3d 100644
Binary files a/.gitbook/assets/image (22).png and b/.gitbook/assets/image (22).png differ
diff --git a/.gitbook/assets/image (23) (2).png b/.gitbook/assets/image (23) (2).png
new file mode 100644
index 000000000..95d6ba326
Binary files /dev/null and b/.gitbook/assets/image (23) (2).png differ
diff --git a/.gitbook/assets/image (23).png b/.gitbook/assets/image (23).png
index 95d6ba326..aa5ce3239 100644
Binary files a/.gitbook/assets/image (23).png and b/.gitbook/assets/image (23).png differ
diff --git a/.gitbook/assets/image (24) (1) (1).png b/.gitbook/assets/image (24) (1) (1).png
new file mode 100644
index 000000000..db465b8ed
Binary files /dev/null and b/.gitbook/assets/image (24) (1) (1).png differ
diff --git a/.gitbook/assets/image (24) (1).png b/.gitbook/assets/image (24) (1).png
index db465b8ed..aa73a32c5 100644
Binary files a/.gitbook/assets/image (24) (1).png and b/.gitbook/assets/image (24) (1).png differ
diff --git a/.gitbook/assets/image (24).png b/.gitbook/assets/image (24).png
index aa73a32c5..b2681ccdc 100644
Binary files a/.gitbook/assets/image (24).png and b/.gitbook/assets/image (24).png differ
diff --git a/.gitbook/assets/image (25) (1) (1).png b/.gitbook/assets/image (25) (1) (1).png
new file mode 100644
index 000000000..606702899
Binary files /dev/null and b/.gitbook/assets/image (25) (1) (1).png differ
diff --git a/.gitbook/assets/image (25) (1).png b/.gitbook/assets/image (25) (1).png
index 606702899..0a10447ba 100644
Binary files a/.gitbook/assets/image (25) (1).png and b/.gitbook/assets/image (25) (1).png differ
diff --git a/.gitbook/assets/image (25).png b/.gitbook/assets/image (25).png
index 0a10447ba..181a968fc 100644
Binary files a/.gitbook/assets/image (25).png and b/.gitbook/assets/image (25).png differ
diff --git a/.gitbook/assets/image (26) (1) (1).png b/.gitbook/assets/image (26) (1) (1).png
new file mode 100644
index 000000000..307f8dd50
Binary files /dev/null and b/.gitbook/assets/image (26) (1) (1).png differ
diff --git a/.gitbook/assets/image (26) (1).png b/.gitbook/assets/image (26) (1).png
index 307f8dd50..d6a565eb6 100644
Binary files a/.gitbook/assets/image (26) (1).png and b/.gitbook/assets/image (26) (1).png differ
diff --git a/.gitbook/assets/image (26).png b/.gitbook/assets/image (26).png
index d6a565eb6..47f41b21b 100644
Binary files a/.gitbook/assets/image (26).png and b/.gitbook/assets/image (26).png differ
diff --git a/.gitbook/assets/image (27) (1) (1).png b/.gitbook/assets/image (27) (1) (1).png
new file mode 100644
index 000000000..12af266f1
Binary files /dev/null and b/.gitbook/assets/image (27) (1) (1).png differ
diff --git a/.gitbook/assets/image (27) (1).png b/.gitbook/assets/image (27) (1).png
index 12af266f1..90ac64421 100644
Binary files a/.gitbook/assets/image (27) (1).png and b/.gitbook/assets/image (27) (1).png differ
diff --git a/.gitbook/assets/image (27).png b/.gitbook/assets/image (27).png
index 90ac64421..ffea8afba 100644
Binary files a/.gitbook/assets/image (27).png and b/.gitbook/assets/image (27).png differ
diff --git a/.gitbook/assets/image (28) (1) (1).png b/.gitbook/assets/image (28) (1) (1).png
new file mode 100644
index 000000000..d0d8fd1cc
Binary files /dev/null and b/.gitbook/assets/image (28) (1) (1).png differ
diff --git a/.gitbook/assets/image (28) (1).png b/.gitbook/assets/image (28) (1).png
index d0d8fd1cc..4d56204f7 100644
Binary files a/.gitbook/assets/image (28) (1).png and b/.gitbook/assets/image (28) (1).png differ
diff --git a/.gitbook/assets/image (28).png b/.gitbook/assets/image (28).png
index 4d56204f7..22eebd987 100644
Binary files a/.gitbook/assets/image (28).png and b/.gitbook/assets/image (28).png differ
diff --git a/.gitbook/assets/image (29) (1) (1).png b/.gitbook/assets/image (29) (1) (1).png
new file mode 100644
index 000000000..d56598b83
Binary files /dev/null and b/.gitbook/assets/image (29) (1) (1).png differ
diff --git a/.gitbook/assets/image (29) (1).png b/.gitbook/assets/image (29) (1).png
index d56598b83..b817e181c 100644
Binary files a/.gitbook/assets/image (29) (1).png and b/.gitbook/assets/image (29) (1).png differ
diff --git a/.gitbook/assets/image (29).png b/.gitbook/assets/image (29).png
index b817e181c..44b67923d 100644
Binary files a/.gitbook/assets/image (29).png and b/.gitbook/assets/image (29).png differ
diff --git a/.gitbook/assets/image (30) (1) (1).png b/.gitbook/assets/image (30) (1) (1).png
new file mode 100644
index 000000000..8eb902501
Binary files /dev/null and b/.gitbook/assets/image (30) (1) (1).png differ
diff --git a/.gitbook/assets/image (30) (1).png b/.gitbook/assets/image (30) (1).png
index 8eb902501..64b928627 100644
Binary files a/.gitbook/assets/image (30) (1).png and b/.gitbook/assets/image (30) (1).png differ
diff --git a/.gitbook/assets/image (30).png b/.gitbook/assets/image (30).png
index 64b928627..da9890266 100644
Binary files a/.gitbook/assets/image (30).png and b/.gitbook/assets/image (30).png differ
diff --git a/.gitbook/assets/image (37) (1).png b/.gitbook/assets/image (37) (1).png
deleted file mode 100644
index 540b55ef0..000000000
Binary files a/.gitbook/assets/image (37) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (37).png b/.gitbook/assets/image (37).png
index 22eebd987..540b55ef0 100644
Binary files a/.gitbook/assets/image (37).png and b/.gitbook/assets/image (37).png differ
diff --git a/.gitbook/assets/image (38) (1).png b/.gitbook/assets/image (38) (1).png
deleted file mode 100644
index bcf09b809..000000000
Binary files a/.gitbook/assets/image (38) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (38).png b/.gitbook/assets/image (38).png
index 181a968fc..bcf09b809 100644
Binary files a/.gitbook/assets/image (38).png and b/.gitbook/assets/image (38).png differ
diff --git a/.gitbook/assets/image (39) (1).png b/.gitbook/assets/image (39) (1).png
deleted file mode 100644
index 32dd042db..000000000
Binary files a/.gitbook/assets/image (39) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (39).png b/.gitbook/assets/image (39).png
index aa5ce3239..32dd042db 100644
Binary files a/.gitbook/assets/image (39).png and b/.gitbook/assets/image (39).png differ
diff --git a/.gitbook/assets/image (40) (1).png b/.gitbook/assets/image (40) (1).png
deleted file mode 100644
index 53dd523e3..000000000
Binary files a/.gitbook/assets/image (40) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (40).png b/.gitbook/assets/image (40).png
index efd765a7c..53dd523e3 100644
Binary files a/.gitbook/assets/image (40).png and b/.gitbook/assets/image (40).png differ
diff --git a/.gitbook/assets/image (41) (1).png b/.gitbook/assets/image (41) (1).png
deleted file mode 100644
index 8e8243c54..000000000
Binary files a/.gitbook/assets/image (41) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (41).png b/.gitbook/assets/image (41).png
index da9890266..8e8243c54 100644
Binary files a/.gitbook/assets/image (41).png and b/.gitbook/assets/image (41).png differ
diff --git a/.gitbook/assets/image (42) (1).png b/.gitbook/assets/image (42) (1).png
deleted file mode 100644
index 84e0d10e1..000000000
Binary files a/.gitbook/assets/image (42) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (42).png b/.gitbook/assets/image (42).png
index e8b6b2135..84e0d10e1 100644
Binary files a/.gitbook/assets/image (42).png and b/.gitbook/assets/image (42).png differ
diff --git a/.gitbook/assets/image (43) (1).png b/.gitbook/assets/image (43) (1).png
deleted file mode 100644
index 379b82ca3..000000000
Binary files a/.gitbook/assets/image (43) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (43).png b/.gitbook/assets/image (43).png
index d5eb069ff..379b82ca3 100644
Binary files a/.gitbook/assets/image (43).png and b/.gitbook/assets/image (43).png differ
diff --git a/.gitbook/assets/image (44) (1).png b/.gitbook/assets/image (44) (1).png
deleted file mode 100644
index add6a58e9..000000000
Binary files a/.gitbook/assets/image (44) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (44).png b/.gitbook/assets/image (44).png
index 3305c8600..add6a58e9 100644
Binary files a/.gitbook/assets/image (44).png and b/.gitbook/assets/image (44).png differ
diff --git a/.gitbook/assets/image (45) (1).png b/.gitbook/assets/image (45) (1).png
deleted file mode 100644
index aaae701f2..000000000
Binary files a/.gitbook/assets/image (45) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (45).png b/.gitbook/assets/image (45).png
index 44b67923d..aaae701f2 100644
Binary files a/.gitbook/assets/image (45).png and b/.gitbook/assets/image (45).png differ
diff --git a/.gitbook/assets/image (46) (1).png b/.gitbook/assets/image (46) (1).png
deleted file mode 100644
index 9c2d70983..000000000
Binary files a/.gitbook/assets/image (46) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (46).png b/.gitbook/assets/image (46).png
index e5d569d4c..9c2d70983 100644
Binary files a/.gitbook/assets/image (46).png and b/.gitbook/assets/image (46).png differ
diff --git a/.gitbook/assets/image (47) (1).png b/.gitbook/assets/image (47) (1).png
deleted file mode 100644
index 69f755198..000000000
Binary files a/.gitbook/assets/image (47) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (47).png b/.gitbook/assets/image (47).png
index af5dbbe3d..69f755198 100644
Binary files a/.gitbook/assets/image (47).png and b/.gitbook/assets/image (47).png differ
diff --git a/.gitbook/assets/image (48) (1).png b/.gitbook/assets/image (48) (1).png
deleted file mode 100644
index dbc5a377d..000000000
Binary files a/.gitbook/assets/image (48) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (48).png b/.gitbook/assets/image (48).png
index 47f41b21b..dbc5a377d 100644
Binary files a/.gitbook/assets/image (48).png and b/.gitbook/assets/image (48).png differ
diff --git a/.gitbook/assets/image (49) (1).png b/.gitbook/assets/image (49) (1).png
deleted file mode 100644
index c46cb0aca..000000000
Binary files a/.gitbook/assets/image (49) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (49).png b/.gitbook/assets/image (49).png
index ffea8afba..c46cb0aca 100644
Binary files a/.gitbook/assets/image (49).png and b/.gitbook/assets/image (49).png differ
diff --git a/.gitbook/assets/image (50) (1).png b/.gitbook/assets/image (50) (1).png
deleted file mode 100644
index e4156b037..000000000
Binary files a/.gitbook/assets/image (50) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (50).png b/.gitbook/assets/image (50).png
index feabde2df..e4156b037 100644
Binary files a/.gitbook/assets/image (50).png and b/.gitbook/assets/image (50).png differ
diff --git a/.gitbook/assets/image (51) (1).png b/.gitbook/assets/image (51) (1).png
deleted file mode 100644
index 9cc426fc7..000000000
Binary files a/.gitbook/assets/image (51) (1).png and /dev/null differ
diff --git a/.gitbook/assets/image (51).png b/.gitbook/assets/image (51).png
index 3a9cc1bb0..9cc426fc7 100644
Binary files a/.gitbook/assets/image (51).png and b/.gitbook/assets/image (51).png differ
diff --git a/exploiting/windows-exploiting-basic-guide-oscp-lvl.md b/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
index 496cc977f..d19ec1474 100644
--- a/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
+++ b/exploiting/windows-exploiting-basic-guide-oscp-lvl.md
@@ -2,13 +2,13 @@
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
@@ -56,13 +56,13 @@ Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
**File --> Attach**
- (1).png>)
+ (1) (1).png>)
**And press START button**
## **Send the exploit and check if EIP is affected:**
- (1).png>)
+ (1) (1).png>)
Every time you break the service you should restart it as is indicated in the beginnig of this page.
@@ -70,7 +70,7 @@ Every time you break the service you should restart it as is indicated in the be
The pattern should be as big as the buffer you used to broke the service previously.
- (1).png>)
+ (1) (1).png>)
```
/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000
@@ -80,11 +80,11 @@ Change the buffer of the exploit and set the pattern and lauch the exploit.
A new crash should appeard, but with a different EIP address:
- (1).png>)
+ (1) (1).png>)
Check if the address was in your pattern:
- (1).png>)
+ (1) (1).png>)
```
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 39694438
@@ -100,9 +100,9 @@ buffer = 'A'*2606 + 'BBBB' + 'CCCC'
With this buffer the EIP crashed should point to 42424242 ("BBBB")
- (1).png>)
+ (1) (1).png>)
- (1).png>)
+ (1) (1).png>)
Looks like it is working.
@@ -271,12 +271,12 @@ EXITFUNC=thread -e x86/shikata_ga_nai
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
diff --git a/generic-methodologies-and-resources/pentesting-network/README.md b/generic-methodologies-and-resources/pentesting-network/README.md
index 2ed76d693..36b6e74b4 100644
--- a/generic-methodologies-and-resources/pentesting-network/README.md
+++ b/generic-methodologies-and-resources/pentesting-network/README.md
@@ -335,7 +335,7 @@ I would like to point out that **Access/Desirable (0x03)** indicates that the DT
By analyzing the STP frames, **we learn about the existence of VLAN 30 and VLAN 60.**
-
+
#### Attacking specific VLANs
@@ -438,7 +438,7 @@ yersinia -G #For graphic mode
To erase the entire VLAN database, select the **deleting all VTP vlans** option
-
+
### STP Attacks
diff --git a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
index 626439cee..1b86b91bc 100644
--- a/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
+++ b/generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
@@ -18,7 +18,7 @@
**EIGRP (Enhanced Interior Gateway Routing Protocol)** is a dynamic routing protocol. **It is a distance-vector protocol.** **If there is no authentication and configuration of passive interfaces, an intruder can interfere with EIGRP routing and cause routing tables poisoning.** **Moreover, EIGRP network (in other words, autonomous system) is flat and has no segmentation into any zones.** What could this mean for an attacker? Well, if he injects a route, it is likely that this route will spread throughout the autonomous EIGRP system.
-
+
First and foremost, attacking a standalone EIGRP system requires establishing a neighborhood with a legitimate EIGRP router, which opens up a lot of possibilities, from basic reconnaissance to various injections.
@@ -35,7 +35,7 @@ For this I will use [**FRRouting**](https://frrouting.org/). This is an open-sou
eigrpd=yes
```
-
+
After that, you need to correct the **vtysh.conf** file by adding a line responsible for saving the configuration to one file, so that configurations of different protocols are not scattered into different files **(e.g. eigrpd.conf, staticd.conf).** It is configurable optionally.
@@ -88,7 +88,7 @@ EIGRP Neighborship with GW1 (10.10.100.100):
EIGRP Neighborship with GW2 (10.10.100.200):
-
+
During the establishment and maintenance of the neighborhood between EIGRP routers, routers exchange their routing information. After the neighborhood is established, new routes will appear in our routing table of the attacking system, namely:
@@ -97,7 +97,7 @@ During the establishment and maintenance of the neighborhood between EIGRP route
* **100.100.100.0/24 via 10.10.100.100;**
* **172.16.100.0/24 via 10.10.100.200**
-
+
Thus, after establishing the neighborhood, we know about the existence of these subnets, which makes it easier for us to pentest and save time. We can do without additional subnet scanning. Now we are in the EIGRP routing domain and we can develop some attack vectors. Letβs talk about them.
@@ -117,13 +117,13 @@ Arguments of the script:
~$ sudo python3 helloflooding.py --interface eth0 --as 1 --subnet 10.10.100.0/24
```
-
+
### EIGRP Blackhole
The essence of this attack is a simple injection of a false route that will poison the routing table. Traffic to, **say, the** `10.10.100.0/24` **network will go nowhere, causing a denial of service. Such an attack is called a Blackhole.** The script [**routeinject.py**](https://github.com/in9uz/EIGRPWN/blob/main/routeinject.py) \*\*\*\* will be the tool used to perform it. For this example, I will send traffic destined for host `172.16.100.140/32` to the black hole.
-
+
Arguments of the script:
@@ -137,7 +137,7 @@ Arguments of the script:
~$ sudo python3 routeinject.py --interface eth0 --as 1 --src 10.10.100.50 --dst 172.16.100.140 --prefix 32
```
-
+
**Our host seems to be in trouble :)**
@@ -165,7 +165,7 @@ Script arguments:
Dump of traffic during a neighborhood disruption
-
GW1 router endlessly disconnects and reconnects EIGRP
+
GW1 router endlessly disconnects and reconnects EIGRP
**A DoS attack can be carried out in this way. During operation, endless breakups and neighborhood attempts occur, paralyzing part of the EIGRP routing domain.**
@@ -189,7 +189,7 @@ After running the script, the routing table starts overflowing with routes. The
Routing table overflows on GW1 router
-
Overloaded router CPU
+
Overloaded router CPU
diff --git a/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md b/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
index be77d457f..238bbdf65 100644
--- a/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
+++ b/mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md
@@ -16,7 +16,7 @@ Download the APK here:
I am going to upload the APK to [https://appetize.io/](https://appetize.io) (free account) to see how the apk is behaving:
- (1).png>)
+.png>)
Looks like you need to win 1000000 times to get the flag.
@@ -24,7 +24,7 @@ Following the steps from [pentesting Android](./) you can decompile the applicat
Reading the java code:
- (1).png>)
+.png>)
It looks like the function that is going print the flag is **m().**
@@ -44,13 +44,13 @@ to:
if-eq v0, v9, :cond_2
```
- (1).png>)
+.png>)
- (1).png>)
+.png>)
Follow the steps of [pentest Android](./) to recompile and sign the APK. Then, upload it to [https://appetize.io/](https://appetize.io) and lets see what happens:
- (1).png>)
+.png>)
Looks like the flag is written without being completely decrypted. Probably the m() function should be called 1000000 times.
diff --git a/network-services-pentesting/113-pentesting-ident.md b/network-services-pentesting/113-pentesting-ident.md
index fd152d433..05bf03eef 100644
--- a/network-services-pentesting/113-pentesting-ident.md
+++ b/network-services-pentesting/113-pentesting-ident.md
@@ -2,13 +2,13 @@
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
@@ -36,11 +36,11 @@ PORT STATE SERVICE
If a machine is running the service ident and samba (445) and you are connected to samba using the port 43218. You can get which user is running the samba service by doing:
- (1).png>)
+ (1) (1).png>)
If you just press enter when you conenct to the service:
- (1).png>)
+ (1) (1).png>)
Other errors:
@@ -87,10 +87,6 @@ ident-user-enum v1.0 ( http://pentestmonkey.net/tools/ident-user-enum )
identd.conf
-
-
-
-
 (1) (2).png>)
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -121,12 +117,12 @@ Entry_2:
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
diff --git a/network-services-pentesting/49-pentesting-tacacs+.md b/network-services-pentesting/49-pentesting-tacacs+.md
index f799f6b2d..bdfbb646c 100644
--- a/network-services-pentesting/49-pentesting-tacacs+.md
+++ b/network-services-pentesting/49-pentesting-tacacs+.md
@@ -51,17 +51,17 @@ Now we have to wait for an administrator to log into the device through the TACA
Now click the **CRACK** button and wait for **Loki** to break the password.
-
+
### Decrypt Traffic
Great, we managed to unlock the key, now we need to decrypt the TACACS traffic. As I said, Wireshark can handle encrypted TACACS traffic if the key is present.
-
+
We see which banner was used.
-
+
We find the username of the user `admin`
@@ -69,7 +69,7 @@ We find the username of the user `admin`
As a result, **we have the `admin:secret1234` credentials,** which can be used to access the hardware itself. **I think Iβll check their validity.**
-
+
This is how you can attack TACACS+ and **gain access** to the control panel of network equipment.
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
index 26fce2b53..893f3c655 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
@@ -40,7 +40,7 @@ If `==` is used in PHP, then there are unexpected cases where the comparison doe
PHP comparison tables: [https://www.php.net/manual/en/types.comparisons.php](https://www.php.net/manual/en/types.comparisons.php)
- (1).png>)
+.png>)
{% file src="../../../.gitbook/assets/EN-PHP-loose-comparison-Type-Juggling-OWASP (1).pdf" %}
diff --git a/network-services-pentesting/pentesting-web/put-method-webdav.md b/network-services-pentesting/pentesting-web/put-method-webdav.md
index 68801d18e..7ba047dd8 100644
--- a/network-services-pentesting/pentesting-web/put-method-webdav.md
+++ b/network-services-pentesting/pentesting-web/put-method-webdav.md
@@ -10,13 +10,13 @@ Get Access Today:
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
@@ -80,7 +80,7 @@ This vulnerability is very interesting. The **WebDav** does **not allow** to **u
Then you can **upload** your shell as a ".**txt" file** and **copy/move it to a ".asp;.txt"** file. An accessing that file through the web server, it will be **executed** (cadaver will said that the move action didn't work, but it did).
- (1).png>)
+ (1) (1).png>)
## Post credentials
@@ -122,13 +122,13 @@ wget --user --ask-password http://domain/path/to/webdav/ -O - -q
-ποΈ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) ποΈ - π₯ Youtube π₯
+ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**π¬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**π¦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
-* **Share your hacking tricks by submitting PRs to the [hacktricks repo](https://github.com/carlospolop/hacktricks) and [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)**.
+* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
diff --git a/network-services-pentesting/pentesting-web/wordpress.md b/network-services-pentesting/pentesting-web/wordpress.md
index cbe686a7e..2f3091648 100644
--- a/network-services-pentesting/pentesting-web/wordpress.md
+++ b/network-services-pentesting/pentesting-web/wordpress.md
@@ -304,7 +304,7 @@ Appearance β Theme Editor β 404 Template (at the right)
Change the content for a php shell:
- (1).png>)
+ (1) (1).png>)
Search in internet how can you access that updated page. In this case you have to access here: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
diff --git a/radio-hacking/pentesting-rfid.md b/radio-hacking/pentesting-rfid.md
index b6aafdafc..6f1ececef 100644
--- a/radio-hacking/pentesting-rfid.md
+++ b/radio-hacking/pentesting-rfid.md
@@ -39,7 +39,7 @@ Most RFID **security controls** have mechanisms that **restrict** the **read** o
### Low & High frequency tags comparison
-
+
## Low-Frequency RFID Tags (125kHz)
@@ -74,7 +74,7 @@ It's usually found in bank cards, public transport, and other secure passes.
**High-frequency 13.56 MHz tags are a set of standards and protocols**. They are usually referred to as [NFC](https://nfc-forum.org/what-is-nfc/about-the-technology/), but that's not always correct. The basic protocol set used on the physical and logical levels is ISO 14443. High-level protocols, as well as alternative standards (like ISO 19092), are based upon it. Many people refer to this technology as **Near Field Communication (NFC)**, a term for devices operating over the 13.56 MHz frequency.
-
+
To put it simply, NFC's architecture works like this: the transmission protocol is chosen by the company making the cards and implemented based on the low-level ISO 14443. For example, NXP invented its own high-level transmission protocol called Mifare. But on the lower level, Mifare cards are based on ISO 14443-A standard.
diff --git a/todo/radio-hacking/flipper-zero/README.md b/todo/radio-hacking/flipper-zero/README.md
index 2a5372efc..38dc418ac 100644
--- a/todo/radio-hacking/flipper-zero/README.md
+++ b/todo/radio-hacking/flipper-zero/README.md
@@ -40,7 +40,7 @@ The **Read** option **listens on the configured frequency** on the indicated mod
While Read is in use, it's possible to press the **left button** and **configure it**.\
At this moment it has **4 modulations** (AM270, AM650, FM328 and FM476), and **several relevant frequencies** stored:
-
+
You can set **any that interests you**, however, if you are **not sure which frequency** could be the one used by the remote you have, **set Hopping to ON** (Off by default), and press the button several times until Flipper captures it and give you the info you need to set the frequency.
diff --git a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
index e7d034aed..d013cca16 100644
--- a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
+++ b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md
@@ -37,13 +37,13 @@ Some times, when you get a card you will find the ID (or part) of it written in
For example in this EM-Marin card in the physical card is possible to **read the last 3 of 5 bytes in clear**.\
The other 2 can be brute-forced if you cannot read them from the card.
-
+
* **HID**
Same happens in this HID card where only 2 out of 3 bytes can be found printed in the card
-
+
### Emulate/Write
diff --git a/todo/radio-hacking/flipper-zero/fz-ibutton.md b/todo/radio-hacking/flipper-zero/fz-ibutton.md
index 55b32ff3a..26d9c8351 100644
--- a/todo/radio-hacking/flipper-zero/fz-ibutton.md
+++ b/todo/radio-hacking/flipper-zero/fz-ibutton.md
@@ -16,7 +16,7 @@
The **blue** part of the following imageis how you would need to **put the real iButton** so the Flipper can **read it.** The **green** part is how you need to **touch the reader** with the Flipper zero to **correctly emulate an iButton**.
-
+
## Actions
@@ -32,6 +32,16 @@ It's possible to **add manually** an iButton of type: **Dallas, Cyfral, and Meta
It's possible to **emulate** saved iButtons (read or manually added).
+{% hint style="info" %}
+If you cannot make the expected contacts of the Flipper Zero touch the reader you can **use the external GPIO:**
+{% endhint %}
+
+
+
+## References
+
+* [https://blog.flipperzero.one/taming-ibutton/](https://blog.flipperzero.one/taming-ibutton/)
+
ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
diff --git a/todo/radio-hacking/flipper-zero/fz-nfc.md b/todo/radio-hacking/flipper-zero/fz-nfc.md
index 28a60f229..93013d78d 100644
--- a/todo/radio-hacking/flipper-zero/fz-nfc.md
+++ b/todo/radio-hacking/flipper-zero/fz-nfc.md
@@ -59,7 +59,7 @@ Flipper Zero can **read NFC cards**, however, it **doesn't understand all the pr
#### Reading the UID VS Reading the Data Inside
-
+
In Flipper, reading 13.56 MHz tags can be divided into two parts:
diff --git a/todo/radio-hacking/ibutton.md b/todo/radio-hacking/ibutton.md
index b8bd545eb..9c520fcd1 100644
--- a/todo/radio-hacking/ibutton.md
+++ b/todo/radio-hacking/ibutton.md
@@ -16,17 +16,29 @@
iButton is a generic name for an electronic identification key packed in a **coin-shaped metal container**. It is also called **Dallas Touch** Memory or contact memory. Even though it is often wrongly referred to as a βmagneticβ key, there is **nothing magnetic** in it. In fact, a full-fledged **microchip** operating on a digital protocol is hidden inside.
-
+
### What is iButton?
Usually, iButton implies the physical form of the key and reader - a round coin with two contacts. For the frame surrounding it, there are lots of variations from the most common plastic holder with a hole to rings, pendants, etc.
-
+
When the key reaches the reader, the **contacts come to touch** and the key is powered to **transmit** its ID. Sometimes the key is **not read** immediately because the **contact PSD of an intercom is larger** than it should be. So the outer contours of the key and the reader couldn't touch. If that's the case, you'll have to press the key over one of the walls of the reader.
-
+
+
+### **1-Wire protocol**
+
+Dallas keys exchange data using the 1-wire protocol. With only one contact for data transfer (!!) in both directions, from master to slave and vice versa. The 1-wire protocol works according to the Master-Slave model. In this topology, the Master always initiates communication and the Slave follows its instructions.
+
+When the key (Slave) contacts the intercom (Master), the chip inside the key turns on, powered by the intercom, and the key is initialized. Following that the intercom requests the key ID. Next, we will look up this process in more detail.
+
+Flipper can work both in Master and Slave modes. In the key reading mode, Flipper acts as a reader this is to say it works as a Master. And in the key emulation mode, the flipper pretends to be a key, it is in the Slave mode.
+
+### Dallas, Cyfral & Metakom keys
+
+For information about how these keys works check the page [https://blog.flipperzero.one/taming-ibutton/](https://blog.flipperzero.one/taming-ibutton/)
### Attacks
@@ -36,6 +48,10 @@ iButtons can be attacked with Flipper Zero:
[fz-ibutton.md](flipper-zero/fz-ibutton.md)
{% endcontent-ref %}
+## References
+
+* [https://blog.flipperzero.one/taming-ibutton/](https://blog.flipperzero.one/taming-ibutton/)
+
ποΈ HackTricks LIVE TwitchWednesdays 5.30pm (UTC) ποΈ -π₯ Youtube π₯
diff --git a/todo/radio-hacking/infrared.md b/todo/radio-hacking/infrared.md
index c4436d9db..f225cfbd0 100644
--- a/todo/radio-hacking/infrared.md
+++ b/todo/radio-hacking/infrared.md
@@ -32,19 +32,19 @@ IR protocols differ in 3 factors:
Bits are encoded by modulating the duration of the space between pulses. The width of the pulse itself is constant.
-
+
**2. Pulse Width Encoding**
Bits are encoded by modulation of the pulse width. The width of space after pulse burst is constant.
-
+
**3. Phase Encoding**
It is also known as Manchester encoding. The logical value is defined by the polarity of the transition between pulse burst and space. "Space to pulse burst" denotes logic "0", "pulse burst to space" denotes logic "1".
-
+
**4. Combination of previous ones and other exotics**
@@ -58,7 +58,7 @@ Manufacturers love to use their own unique IR protocols, even within the same ra
The most reliable way to see how the remote IR signal looks like is to use an oscilloscope. It does not demodulate or invert the received signal, it is just displayed "as is". This is useful for testing and debugging. I will show the expected signal on the example of the NEC IR protocol.
-
+
Usually, there is a preamble at the beginning of an encoded packet. This allows the receiver to determine the level of gain and background. There are also protocols without preamble, for example, Sharp.
diff --git a/windows-hardening/windows-local-privilege-escalation/juicypotato.md b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
index bb15987ff..416695cea 100644
--- a/windows-hardening/windows-local-privilege-escalation/juicypotato.md
+++ b/windows-hardening/windows-local-privilege-escalation/juicypotato.md
@@ -115,7 +115,7 @@ c:\Users\Public>
### Launch a new CMD (if you have RDP access)
- (1).png>)
+.png>)
## CLSID Problems
.png)
 (1).png)
.png)
 (2).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (1).png)
 (1).png)
.png)
 (1).png)
 (4).png)
.png)
 (1).png)
.png)
 (2).png)
.png)
 (1).png)
.png)
 (1).png)
.png)
 (2).png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)