GitBook: [master] 6 pages and 3 assets modified

README.md

@@ -12,9 +12,9 @@ Here you will find the **typical flow** that **you should follow when pentesting
 
 **Click in the title to start!**
 
-If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)[@carlospolopm](https://twitter.com/carlospolopm).  
-**If you want to** share some tricks with the community **you can also submit** pull requests **to** https://github.com/carlospolop/hacktricks that will be reflected in this book.  
-Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book.
+If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter **\*\*\[**🐦**\]\(**[https://emojipedia.org/bird/\)\[@carlospolopm\]\(https://twitter.com/carlospolopm](https://emojipedia.org/bird/%29[@carlospolopm]%28https://twitter.com/carlospolopm)**\).**    
+If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book.  
+Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book.
 
 ![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png)
 

linux-unix/linux-privilege-escalation-checklist.md

@@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

mobile-apps-pentesting/android-app-pentesting/README.md

@@ -97,7 +97,7 @@ In this case you could try to abuse the functionality creating a web with the fo
 
 In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
 
-![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29%20%281%29.png)
 
 Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links).
 
@@ -455,7 +455,7 @@ _Note that you can **omit the package name** and the mobile will automatically c
 
 In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
 
-![](../../.gitbook/assets/image%20%28436%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29.png)
 
 #### Sensitive info
 

pentesting/pentesting-web/api-pentesting.md

@@ -2,10 +2,59 @@
 
 ## Tricks
 
-#### Play with routes
+### Public and private endpoints
+
+Create a list with the public and private endpoints to know which information should be confidential and try to access it in "unathorized" ways.
+
+### Patterns
+
+Search for API patterns inside the api and try to use it to discover more.  
+If you find  _/api/albums/**<album\_id>**/photos/**<photo\_id>**_ ****you could try also things like  _/api/**posts**/<post\_id>/**comment**/_. Use some fuzzer to discover this new endpoints.
+
+### Add parameters
+
+Something like the following example might get you access to another user’s photo album:  
+_/api/MyPictureList → /api/MyPictureList?**user\_id=<other\_user\_id>**_
+
+### Replace parameters
+
+You can try to **fuzz parameters** or **use** parameters **you have seen** in a different endpoints to try to access other information
+
+For example, if you see something like: _/api/albums?**album\_id=<album id>**_
+
+You could **replace** the **`album_id`** parameter with something completely different and potentially get other data: _/api/albums?**account\_id=<account id>**_
+
+### Parameter pollution
+
+ /api/account?**id=<your account id>** →  /api/account?**id=<your account id>&id=<admin's account id>**
+
+### HTTP requet method change
+
+You can try to use the HTTP methods: **GET, POST, PUT, DELETE, PATCH, INVENTED** to try check if the web server gives you unexpected information with them.
+
+### Request content-type
+
+Try to play between the following content-types \(bodifying acordinly the request body\) to make the web server behave unexpectedly:
+
+* **x-www-form-urlencoded** --> user=test
+* **application/xml** -->  <user>test</user>
+* **application/json** -->  {"user": "test"}
+
+### Play with routes
 
 `/files/..%2f..%2f + victim ID + %2f + victim filename`
 
+### Check possible versions
+
+Old versions may be still be in use and be more vulenrable than latest endpoints
+
+* `/api/v1/login`
+* `/api/v2/login` 
+*  `/api/CharityEventFeb2020/user/pp/<ID>`
+*  `/api/CharityEventFeb2021/user/pp/<ID>`
+
+## 
+
 ## Owasp API Security Top 10
 
 Read this document to learn how to **search** and **exploit** Owasp Top 10 API vulnerabilities: [https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)

windows/active-directory-methodology/README.md

@@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
 * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
 * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
 
-![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
+![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2811%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
 

windows/checklist-windows-privilege-escalation.md

@@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*