GitBook: [master] 6 pages and 3 assets modified

This commit is contained in:
CPol 2021-03-04 11:40:50 +00:00 committed by gitbook-bot
parent 5c0ff3b001
commit 17b7f4d0da
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
8 changed files with 58 additions and 9 deletions

View file

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 1.6 KiB

View file

@ -12,9 +12,9 @@ Here you will find the **typical flow** that **you should follow when pentesting
**Click in the title to start!** **Click in the title to start!**
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter ****[**🐦**](https://emojipedia.org/bird/)[@carlospolopm](https://twitter.com/carlospolopm). If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter **\*\*\[**🐦**\]\(**[https://emojipedia.org/bird/\)\[@carlospolopm\]\(https://twitter.com/carlospolopm](https://emojipedia.org/bird/%29[@carlospolopm]%28https://twitter.com/carlospolopm)**\).**
**If you want to** share some tricks with the community **you can also submit** pull requests **to** https://github.com/carlospolop/hacktricks that will be reflected in this book. If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book.
Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book. Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book.
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png) ![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png)

View file

@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book. If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book. Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png) ![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\* [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

View file

@ -97,7 +97,7 @@ In this case you could try to abuse the functionality creating a web with the fo
In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29.png) ![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29%20%281%29.png)
Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links). Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links).
@ -455,7 +455,7 @@ _Note that you can **omit the package name** and the mobile will automatically c
In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
![](../../.gitbook/assets/image%20%28436%29%20%281%29.png) ![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29.png)
#### Sensitive info #### Sensitive info

View file

@ -2,10 +2,59 @@
## Tricks ## Tricks
#### Play with routes ### Public and private endpoints
Create a list with the public and private endpoints to know which information should be confidential and try to access it in "unathorized" ways.
### Patterns
Search for API patterns inside the api and try to use it to discover more.
If you find _/api/albums/**<album\_id>**/photos/**<photo\_id>**_ ****you could try also things like _/api/**posts**/<post\_id>/**comment**/_. Use some fuzzer to discover this new endpoints.
### Add parameters
Something like the following example might get you access to another users photo album:
_/api/MyPictureList → /api/MyPictureList?**user\_id=<other\_user\_id>**_
### Replace parameters
You can try to **fuzz parameters** or **use** parameters **you have seen** in a different endpoints to try to access other information
For example, if you see something like: _/api/albums?**album\_id=<album id>**_
You could **replace** the **`album_id`** parameter with something completely different and potentially get other data: _/api/albums?**account\_id=<account id>**_
### Parameter pollution
/api/account?**id=<your account id>** → /api/account?**id=<your account id>&id=<admin's account id>**
### HTTP requet method change
You can try to use the HTTP methods: **GET, POST, PUT, DELETE, PATCH, INVENTED** to try check if the web server gives you unexpected information with them.
### Request content-type
Try to play between the following content-types \(bodifying acordinly the request body\) to make the web server behave unexpectedly:
* **x-www-form-urlencoded** --> user=test
* **application/xml** --> <user>test</user>
* **application/json** --> {"user": "test"}
### Play with routes
`/files/..%2f..%2f + victim ID + %2f + victim filename` `/files/..%2f..%2f + victim ID + %2f + victim filename`
### Check possible versions
Old versions may be still be in use and be more vulenrable than latest endpoints
* `/api/v1/login`
* `/api/v2/login`
* `/api/CharityEventFeb2020/user/pp/<ID>`
* `/api/CharityEventFeb2021/user/pp/<ID>`
##
## Owasp API Security Top 10 ## Owasp API Security Top 10
Read this document to learn how to **search** and **exploit** Owasp Top 10 API vulnerabilities: [https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf) Read this document to learn how to **search** and **exploit** Owasp Top 10 API vulnerabilities: [https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf](https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf)

View file

@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
* [Python script to enumerate active directory](https://github.com/ropnop/windapsearch) * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
* [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum) * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png) ![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2811%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop) [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)

View file

@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book. If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book. Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png) ![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\* [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*