Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

a

Browse source
This commit is contained in:
Carlos Polop 2024-03-15 00:01:13 +01:00
parent 66b5cedb26
commit 1fcb0ae066
43 changed files with 606 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
README.md
View file

@ -14,10 +14,6 @@ To get started follow this page where you will find the **typical flow** that **
[pentesting-methodology.md](generic-methodologies-and-resources/pentesting-methodology.md)
{% endcontent-ref %}
## Platinum Sponsors
_Your company could be here._
## Corporate Sponsors
### [STM Cyber](https://www.stmcyber.com)
@ -30,6 +26,8 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
**STM Cyber** also support cybersecurity open source projects like HackTricks :)
***
### [RootedCON](https://www.rootedcon.com/)
<figure><img src=".gitbook/assets/image (4) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
@ -37,6 +35,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
[**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
{% embed url="https://www.rootedcon.com/" %}
***
### [Intigriti](https://www.intigriti.com)
@ -48,6 +47,8 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
{% embed url="https://go.intigriti.com/hacktricks" %}
***
### [Trickest](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks)
<figure><img src=".gitbook/assets/image (3) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>
@ -59,6 +60,8 @@ Get Access Today:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
***
### [HACKENPROOF](https://bit.ly/3xrrDrL)
<figure><img src=".gitbook/assets/image (5) (1).png" alt=""><figcaption></figcaption></figure>
@ -86,6 +89,16 @@ Stay informed with the newest bug bounties launching and crucial platform update
{% embed url="https://pentest-tools.com/" %}
***
### [Try Hard Security Group](https://discord.gg/tryhardsecurity)
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### [WebSec](https://websec.nl/)
<figure><img src=".gitbook/assets/websec (1).svg" alt=""><figcaption></figcaption></figure>

14
forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Carving & Recovery tools
More tools in [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery)
@ -104,6 +112,12 @@ Download [here](https://sourceforge.net/projects/findaes/).
You can use [**viu** ](https://github.com/atanunq/viu)to see images from the terminal.\
You can use the linux command line tool **pdftotext** to transform a pdf into text and read it.
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

13
generic-methodologies-and-resources/exfiltration.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Commonly whitelisted domains to exfiltrate information
Check [https://lots-project.com/](https://lots-project.com/) to find commonly whitelisted domains that can be abused
@ -376,6 +384,11 @@ Then copy-paste the text into the windows-shell and a file called nc.exe will be
* [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>

14
generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
The goal of this page is to enumerate **platforms that allow to search for code** (literal or regex) in across thousands/millions of repos in one or more platforms.
This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns.
@ -28,6 +36,12 @@ This helps in several occasions to **search for leaked information** or for **vu
When you look for leaks in a repo and run something like `git log -p` don't forget there might be **other branches with other commits** containing secrets!
{% endhint %}
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
These are some tricks to bypass python sandbox protections and execute arbitrary commands.
## Command Execution Libraries
@ -1117,7 +1125,11 @@ will be bypassed
* [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html](https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html)
* [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6)
***
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>

14
generic-methodologies-and-resources/shells/linux.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
**If you have questions about any of these shells you could check them with** [**https://explainshell.com/**](https://explainshell.com)
## Full TTY
@ -390,6 +398,12 @@ Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new
* [https://tcm1911.github.io/posts/whois-and-finger-reverse-shell/](https://tcm1911.github.io/posts/whois-and-finger-reverse-shell/)
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
generic-methodologies-and-resources/shells/windows.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Lolbas
The page [lolbas-project.github.io](https://lolbas-project.github.io/) is for Windows like [https://gtfobins.github.io/](https://gtfobins.github.io/) is for linux.\
@ -562,6 +570,12 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md)
* [https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

18
generic-methodologies-and-resources/tunneling-and-port-forwarding.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Nmap tip
{% hint style="warning" %}
@ -597,7 +605,7 @@ It opens 3 tunnels:
tunnels:
mytcp:
addr: 4444
proto: tcp
proto: tcptunne
anothertcp:
addr: 5555
proto: tcp
@ -611,6 +619,14 @@ tunnels:
* [https://github.com/securesocketfunneling/ssf](https://github.com/securesocketfunneling/ssf)
* [https://github.com/z3APA3A/3proxy](https://github.com/z3APA3A/3proxy)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
linux-hardening/linux-environment-variables.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Global variables
The global variables **will be** inherited by **child processes**.
@ -133,6 +141,12 @@ One background job, one stopped and last command didn't finish correctly:
![](<../.gitbook/assets/image (90).png>)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
mobile-pentesting/android-app-pentesting/android-applications-basics.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Android Security Model
**There are two layers:**
@ -407,6 +415,12 @@ if (dpm.isAdminActive(adminComponent)) {
}
```
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
mobile-pentesting/android-app-pentesting/android-task-hijacking.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Task, Back Stack and Foreground Activities
In Android, a **task** is essentially a set of activities that users interact with to complete a specific job, organized within a **back stack**. This stack orders activities based on when they were opened, with the most recent activity displayed at the top as the **foreground activity**. At any moment, only this activity is visible on the screen, making it part of the **foreground task**.
@ -56,6 +64,12 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an
* [**https://blog.dixitaditya.com/android-task-hijacking/**](https://blog.dixitaditya.com/android-task-hijacking/)
* [**https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html**](https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
Some applications don't like user downloaded certificates, so in order to inspect web traffic for some apps we actually have to decompile the application & add a few things & recompile it.
# Automatic
@ -61,6 +69,12 @@ Finally, you need just to **sign the new application**. [Read this section of th
<details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
Other ways to support HackTricks:

14
mobile-pentesting/android-checklist.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### [Learn Android fundamentals](android-app-pentesting/#2-android-application-fundamentals)
* [ ] [Basics](android-app-pentesting/#fundamentals-review)
@ -67,6 +75,12 @@
* [ ] [Read here](android-app-pentesting/#obfuscating-deobfuscating-code)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
mobile-pentesting/ios-pentesting-checklist.md
View file

@ -22,6 +22,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### Preparation
* [ ] Read [**iOS Basics**](ios-pentesting/ios-basics.md)
@ -110,6 +118,12 @@ Other ways to support HackTricks:
* [ ] Check for [**automatic patching/updating**](ios-pentesting/#hot-patching-enforced-updateing) mechanisms
* [ ] Check for [**malicious third party libraries**](ios-pentesting/#third-parties)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

13
network-services-pentesting/43-pentesting-whois.md
View file

@ -14,6 +14,13 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
# Basic Information
@ -45,6 +52,12 @@ Also, the WHOIS service always needs to use a **database** to store and extract
* `port:43 whois`
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
# HackTricks Automatic Commands
```

13
network-services-pentesting/49-pentesting-tacacs+.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
The **Terminal Access Controller Access Control System (TACACS)** protocol is used to centrally validate users trying to access routers or Network Access Servers (NAS). Its upgraded version, **TACACS+**, separates the services into authentication, authorization, and accounting (AAA).
@ -52,6 +60,11 @@ By gaining access to the control panel of network equipment using the obtained c
* [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>

14
network-services-pentesting/7-tcp-udp-pentesting-echo.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
# Basic Information
@ -48,6 +56,12 @@ Hello echo #This is the response
[CA-1996-01 UDP Port Denial-of-Service Attack](http://www.cert.org/advisories/CA-1996-01.html)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
network-services-pentesting/ipsec-ike-vpn-pentesting.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
**IPsec** is widely recognized as the principal technology for securing communications between networks (LAN-to-LAN) and from remote users to the network gateway (remote access), serving as the backbone for enterprise VPN solutions.
@ -282,6 +290,12 @@ Ensure that actual, secure values are used to replace the placeholders when conf
* `port:500 IKE`
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

16
network-services-pentesting/pentesting-ftp/README.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
The **File Transfer Protocol (FTP)** serves as a standard protocol for file transfer across a computer network between a server and a client.\
@ -237,6 +245,14 @@ The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here,
***
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## HackTricks Automatic Commands
```

13
network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
View file

@ -14,6 +14,13 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
# FTP Bounce - Scanning
@ -47,6 +54,12 @@ nmap -Pn -v -p 21,80 -b ftp:ftp@10.2.1.5 127.0.0.1 #Scan ports 21,80 of the FTP
nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the internal network (of the FTP) ports 21,22,445,80,443
```
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>

14
network-services-pentesting/pentesting-imap.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Internet Message Access Protocol
The **Internet Message Access Protocol (IMAP)** is designed for the purpose of enabling users to **access their email messages from any location**, primarily through an Internet connection. In essence, emails are **retained on a server** rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done **directly from the server**. This capability allows for the convenience of checking emails from **multiple devices**, ensuring that no messages are missed regardless of the device used.
@ -172,6 +180,12 @@ done
* `port:143 CAPABILITY`
* `port:993 CAPABILITY`
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
## HackTricks Automatic Commands
```

14
network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
From [wikipedia](https://en.wikipedia.org/wiki/Microsoft\_SQL\_Server):
@ -531,7 +539,13 @@ You probably will be able to **escalate to Administrator** following one of thes
* [https://www.netspi.com/blog/technical/network-penetration-testing/hacking-sql-server-stored-procedures-part-2-user-impersonation/](https://www.netspi.com/blog/technical/network-penetration-testing/hacking-sql-server-stored-procedures-part-2-user-impersonation/)
* [https://www.netspi.com/blog/technical/network-penetration-testing/executing-smb-relay-attacks-via-sql-server-using-metasploit/](https://www.netspi.com/blog/technical/network-penetration-testing/executing-smb-relay-attacks-via-sql-server-using-metasploit/)
* [https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/](https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## HackTricks Automatic Commands

14
network-services-pentesting/pentesting-pop.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
**Post Office Protocol (POP)** is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and **retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of **POP clients** typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, **POP3** stands out as the most prevalently employed version.
@ -103,6 +111,12 @@ From [https://academy.hackthebox.com/module/112/section/1073](https://academy.ha
| `auth_verbose_passwords` | Passwords used for authentication are logged and can also be truncated. |
| `auth_anonymous_username` | This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism. |
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
## HackTricks Automatic Commands
```

14
network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
View file

@ -12,7 +12,13 @@
</details>
### **What is a RID**
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### Overview of Relative Identifiers (RID) and Security Identifiers (SID)
@ -97,6 +103,12 @@ done
To **understand** better how the tools _**samrdump**_ **and** _**rpcdump**_ works you should read [**Pentesting MSRPC**](../135-pentesting-msrpc.md).
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

15
network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### SSRF PHP functions
Some function such as **file\_get\_contents(), fopen(), file(), md5\_file()** accept URLs as input that they will follow making **possible SSRF vulnerabilities** if the use can control the data:
@ -66,6 +74,13 @@ $context = stream_context_create($options);
$file = file_get_contents($url, false, $context);
```
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
network-services-pentesting/pentesting-web/tomcat.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Discovery
* It usually runs on **port 8080**
@ -258,6 +266,12 @@ msf> use post/windows/gather/enum_tomcat
* [https://github.com/simran-sankhala/Pentest-Tomcat](https://github.com/simran-sankhala/Pentest-Tomcat)
* [https://hackertarget.com/sample/nexpose-metasploitable-test.pdf](https://hackertarget.com/sample/nexpose-metasploitable-test.pdf)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### Avoid to run with root
In order to not run Tomcat with root a very common configuration is to set an Apache server in port 80/443 and, if the requested path matches a regexp, the request is sent to Tomcat running on a different port.
@ -149,6 +157,12 @@ The file shows us what each of the roles `manager-gui`, `manager-script`, `manag
* [https://academy.hackthebox.com/module/113/section/1090](https://academy.hackthebox.com/module/113/section/1090)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

12
pentesting-web/bypass-payment-process.md
View file

@ -14,6 +14,13 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Payment Bypass Techniques
@ -45,6 +52,11 @@ If you encounter a parameter that contains a URL, especially one following the p
1. **Intercept Responses**: Use tools to intercept and analyze the responses from the server. Look for any data that might indicate a successful transaction or reveal the next steps in the payment process.
2. **Modify Responses**: Attempt to modify the responses before they are processed by the browser or the application to simulate a successful transaction scenario.
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>

14
pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
JNDI, integrated into Java since the late 1990s, serves as a directory service, enabling Java programs to locate data or objects through a naming system. It supports various directory services via service provider interfaces (SPIs), allowing data retrieval from different systems, including remote Java objects. Common SPIs include CORBA COS, Java RMI Registry, and LDAP.
@ -470,6 +478,12 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l
* [https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/](https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/)
* [https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/](https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

15
pentesting-web/h2c-smuggling.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### H2C Smuggling <a href="#http2-over-cleartext-h2c" id="http2-over-cleartext-h2c"></a>
#### HTTP2 Over Cleartext (H2C) <a href="#http2-over-cleartext-h2c" id="http2-over-cleartext-h2c"></a>
@ -104,6 +112,13 @@ Check the labs to test both scenarios in [https://github.com/0ang3el/websocket-s
* [https://bishopfox.com/blog/h2c-smuggling-request](https://bishopfox.com/blog/h2c-smuggling-request)
* [https://github.com/0ang3el/websocket-smuggle.git](https://github.com/0ang3el/websocket-smuggle.git)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

15
pentesting-web/hacking-with-cookies/README.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Cookie Attributes
Cookies come with several attributes that control their behavior in the user's browser. Heres a rundown of these attributes in a more passive voice:
@ -263,6 +271,13 @@ There should be a pattern (with the size of a used block). So, knowing how are a
* [https://blog.ankursundara.com/cookie-bugs/](https://blog.ankursundara.com/cookie-bugs/)
* [https://www.linkedin.com/posts/rickey-martin-24533653\_100daysofhacking-penetrationtester-ethicalhacking-activity-7016286424526180352-bwDd](https://www.linkedin.com/posts/rickey-martin-24533653\_100daysofhacking-penetrationtester-ethicalhacking-activity-7016286424526180352-bwDd)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## AWS
### Abusing SSRF in AWS EC2 environment
@ -580,6 +588,12 @@ Rancher's metadata can be accessed using:
* `curl http://rancher-metadata/<version>/<path>`
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### Localhost
```bash
@ -217,6 +225,12 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-
* [https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25](https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25)
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
pentesting-web/xs-search/css-injection/README.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## CSS Injection
### Attribute Selector
@ -481,6 +489,12 @@ So, if the font does not match, the response time when visiting the bot is expec
* [https://infosecwriteups.com/exfiltration-via-css-injection-4e999f63097d](https://infosecwriteups.com/exfiltration-via-css-injection-4e999f63097d)
* [https://x-c3ll.github.io/posts/CSS-Injection-Primitives/](https://x-c3ll.github.io/posts/CSS-Injection-Primitives/)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
View file

@ -14,6 +14,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Basic Information
A **service worker** is a script run by your browser in the background, separate from any web page, enabling features that don't require a web page or user interaction, thus enhancing **offline and background processing** capabilities. Detailed information on service workers can be found [here](https://developers.google.com/web/fundamentals/primers/service-workers). By exploiting service workers within a vulnerable web domain, attackers can gain control over the victim's interactions with all pages within that domain.
@ -115,6 +123,12 @@ For an example of this check the reference link.
* [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
reversing/common-api-used-in-malware.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Generic
### Networking
@ -148,6 +156,12 @@ The malware will unmap the legitimate code from memory of the process and load a
* **EAT** (**Export Address Table**) Hooks. This hooks can be done from **userland**. The goal is to hook exported functions by DLLs.
* **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the beginning of this.
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
reversing/reversing-tools-basic-methods/README.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## ImGui Based Reversing tools
Software:
@ -417,6 +425,12 @@ So, in this challenge, knowing the values of the buttons, you needed to **press
* [https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering](https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering)
* [https://github.com/malrev/ABD](https://github.com/malrev/ABD) (Binary deobfuscation)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
stego/stego-tricks.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## **Extracting Data from Files**
### **Binwalk**
@ -229,6 +237,12 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/
* [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/)
* [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
todo/radio-hacking/flipper-zero/README.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
With [**Flipper Zero**](https://flipperzero.one/) you can:
* **Listen/Capture/Replay radio frequencies:** [**Sub-GHz**](fz-sub-ghz.md)
@ -25,6 +33,12 @@ With [**Flipper Zero**](https://flipperzero.one/) you can:
**Other Flipper Zero resources in** [**https://github.com/djsime1/awesome-flipperzer**](https://github.com/djsime1/awesome-flipperzero)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
todo/radio-hacking/flipper-zero/fz-sub-ghz.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Intro <a href="#kfpn7" id="kfpn7"></a>
Flipper Zero can **receive and transmit radio frequencies in the range of 300-928 MHz** with its built-in module, which can read, save, and emulate remote controls. These controls are used for interaction with gates, barriers, radio locks, remote control switches, wireless doorbells, smart lights, and more. Flipper Zero can help you to learn if your security is compromised.
@ -119,6 +127,12 @@ Get dBms of the saved frequencies
* [https://docs.flipperzero.one/sub-ghz](https://docs.flipperzero.one/sub-ghz)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

15
todo/radio-hacking/proxmark-3.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## Attacking RFID Systems with Proxmark3
The first thing you need to do is to have a [**Proxmark3**](https://proxmark.com) and [**install the software and it's dependencie**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux)[**s**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux).
@ -71,6 +79,13 @@ proxmark3> script run mfkeys
You can create a script to **fuzz tag readers**, so copying the data of a **valid card** just write a **Lua script** that **randomize** one or more random **bytes** and check if the **reader crashes** with any iteration.
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
windows-hardening/checklist-windows-privilege-escalation.md
View file

@ -14,6 +14,14 @@ Other ways to support HackTricks:
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
### **Best tool to look for Windows local privilege escalation vectors:** [**WinPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS)
### [System Info](windows-local-privilege-escalation/#system-info)
@ -123,6 +131,12 @@ Other ways to support HackTricks:
* [ ] Check if you can abuse it
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

14
windows-hardening/lateral-movement/dcom-exec.md
View file

@ -12,6 +12,14 @@
</details>
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## MMC20.Application
**For more info about this technique chech the original post from [https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/](https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/)**
@ -126,6 +134,12 @@ SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe
* [https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/](https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/)
* [https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/](https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/)
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
<details>
<summary><strong>Learn AWS hacking from zero to hero with</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>