From 1fcb0ae066c4cc3786512bdcd18e1579aaa78fde Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Fri, 15 Mar 2024 00:01:13 +0100 Subject: [PATCH] a --- README.md | 21 +++++++++++++++---- .../file-data-carving-recovery-tools.md | 14 +++++++++++++ .../exfiltration.md | 13 ++++++++++++ .../wide-source-code-search.md | 14 +++++++++++++ .../python/bypass-python-sandboxes/README.md | 14 ++++++++++++- .../shells/linux.md | 14 +++++++++++++ .../shells/windows.md | 14 +++++++++++++ .../tunneling-and-port-forwarding.md | 18 +++++++++++++++- .../linux-environment-variables.md | 14 +++++++++++++ .../android-applications-basics.md | 14 +++++++++++++ .../android-task-hijacking.md | 14 +++++++++++++ .../make-apk-accept-ca-certificate.md | 14 +++++++++++++ mobile-pentesting/android-checklist.md | 14 +++++++++++++ mobile-pentesting/ios-pentesting-checklist.md | 14 +++++++++++++ .../43-pentesting-whois.md | 13 ++++++++++++ .../49-pentesting-tacacs+.md | 13 ++++++++++++ .../7-tcp-udp-pentesting-echo.md | 14 +++++++++++++ .../ipsec-ike-vpn-pentesting.md | 14 +++++++++++++ .../pentesting-ftp/README.md | 16 ++++++++++++++ .../pentesting-ftp/ftp-bounce-attack.md | 13 ++++++++++++ .../pentesting-imap.md | 14 +++++++++++++ .../README.md | 14 +++++++++++++ network-services-pentesting/pentesting-pop.md | 14 +++++++++++++ .../pentesting-smb/rpcclient-enumeration.md | 14 ++++++++++++- .../pentesting-web/php-tricks-esp/php-ssrf.md | 15 +++++++++++++ .../pentesting-web/tomcat.md | 14 +++++++++++++ .../tomcat/basic-tomcat-info.md | 14 +++++++++++++ pentesting-web/bypass-payment-process.md | 12 +++++++++++ ...g-and-directory-interface-and-log4shell.md | 14 +++++++++++++ pentesting-web/h2c-smuggling.md | 15 +++++++++++++ pentesting-web/hacking-with-cookies/README.md | 15 +++++++++++++ .../cloud-ssrf.md | 14 +++++++++++++ .../url-format-bypass.md | 14 +++++++++++++ .../xs-search/css-injection/README.md | 14 +++++++++++++ .../abusing-service-workers.md | 14 +++++++++++++ reversing/common-api-used-in-malware.md | 14 +++++++++++++ .../reversing-tools-basic-methods/README.md | 14 +++++++++++++ stego/stego-tricks.md | 14 +++++++++++++ todo/radio-hacking/flipper-zero/README.md | 14 +++++++++++++ todo/radio-hacking/flipper-zero/fz-sub-ghz.md | 14 +++++++++++++ todo/radio-hacking/proxmark-3.md | 15 +++++++++++++ .../checklist-windows-privilege-escalation.md | 14 +++++++++++++ .../lateral-movement/dcom-exec.md | 14 +++++++++++++ 43 files changed, 606 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 4b160b736..0f79d69d4 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,6 @@ To get started follow this page where you will find the **typical flow** that ** [pentesting-methodology.md](generic-methodologies-and-resources/pentesting-methodology.md) {% endcontent-ref %} -## Platinum Sponsors - -_Your company could be here._ - ## Corporate Sponsors ### [STM Cyber](https://www.stmcyber.com) @@ -30,6 +26,8 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm **STM Cyber** also support cybersecurity open source projects like HackTricks :) +*** + ### [RootedCON](https://www.rootedcon.com/)
@@ -37,6 +35,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm [**RootedCON**](https://www.rootedcon.com) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline. {% embed url="https://www.rootedcon.com/" %} +*** ### [Intigriti](https://www.intigriti.com) @@ -48,6 +47,8 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm {% embed url="https://go.intigriti.com/hacktricks" %} +*** + ### [Trickest](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks)
@@ -59,6 +60,8 @@ Get Access Today: {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} +*** + ### [HACKENPROOF](https://bit.ly/3xrrDrL)
@@ -86,6 +89,16 @@ Stay informed with the newest bug bounties launching and crucial platform update {% embed url="https://pentest-tools.com/" %} +*** + +### [Try Hard Security Group](https://discord.gg/tryhardsecurity) + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### [WebSec](https://websec.nl/)
diff --git a/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md index 39e91d582..ef5ad9ce6 100644 --- a/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md +++ b/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md @@ -14,6 +14,14 @@ Other ways to support HackTricks: +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Carving & Recovery tools More tools in [https://github.com/Claudio-C/awesome-datarecovery](https://github.com/Claudio-C/awesome-datarecovery) @@ -104,6 +112,12 @@ Download [here](https://sourceforge.net/projects/findaes/). You can use [**viu** ](https://github.com/atanunq/viu)to see images from the terminal.\ You can use the linux command line tool **pdftotext** to transform a pdf into text and read it. +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/generic-methodologies-and-resources/exfiltration.md b/generic-methodologies-and-resources/exfiltration.md index 60b1645bf..9051fe136 100644 --- a/generic-methodologies-and-resources/exfiltration.md +++ b/generic-methodologies-and-resources/exfiltration.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Commonly whitelisted domains to exfiltrate information Check [https://lots-project.com/](https://lots-project.com/) to find commonly whitelisted domains that can be abused @@ -376,6 +384,11 @@ Then copy-paste the text into the windows-shell and a file called nc.exe will be * [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md index 03816699e..7f80ae2d4 100644 --- a/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md +++ b/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + The goal of this page is to enumerate **platforms that allow to search for code** (literal or regex) in across thousands/millions of repos in one or more platforms. This helps in several occasions to **search for leaked information** or for **vulnerabilities** patterns. @@ -28,6 +36,12 @@ This helps in several occasions to **search for leaked information** or for **vu When you look for leaks in a repo and run something like `git log -p` don't forget there might be **other branches with other commits** containing secrets! {% endhint %} +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md index 61ac2e734..442eed46f 100644 --- a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md +++ b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + These are some tricks to bypass python sandbox protections and execute arbitrary commands. ## Command Execution Libraries @@ -1117,7 +1125,11 @@ will be bypassed * [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html](https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html) * [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6) -*** +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/shells/linux.md b/generic-methodologies-and-resources/shells/linux.md index aebd99f39..03caeb114 100644 --- a/generic-methodologies-and-resources/shells/linux.md +++ b/generic-methodologies-and-resources/shells/linux.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + **If you have questions about any of these shells you could check them with** [**https://explainshell.com/**](https://explainshell.com) ## Full TTY @@ -390,6 +398,12 @@ Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new * [https://tcm1911.github.io/posts/whois-and-finger-reverse-shell/](https://tcm1911.github.io/posts/whois-and-finger-reverse-shell/) * [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/generic-methodologies-and-resources/shells/windows.md b/generic-methodologies-and-resources/shells/windows.md index f85528e5c..aa2297346 100644 --- a/generic-methodologies-and-resources/shells/windows.md +++ b/generic-methodologies-and-resources/shells/windows.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Lolbas The page [lolbas-project.github.io](https://lolbas-project.github.io/) is for Windows like [https://gtfobins.github.io/](https://gtfobins.github.io/) is for linux.\ @@ -562,6 +570,12 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive * [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md) * [https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/) ​ +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md index 5f182803b..f92548b30 100644 --- a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md +++ b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Nmap tip {% hint style="warning" %} @@ -597,7 +605,7 @@ It opens 3 tunnels: tunnels: mytcp: addr: 4444 - proto: tcp + proto: tcptunne anothertcp: addr: 5555 proto: tcp @@ -611,6 +619,14 @@ tunnels: * [https://github.com/securesocketfunneling/ssf](https://github.com/securesocketfunneling/ssf) * [https://github.com/z3APA3A/3proxy](https://github.com/z3APA3A/3proxy) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/linux-hardening/linux-environment-variables.md b/linux-hardening/linux-environment-variables.md index e8c49fbcd..df5f54685 100644 --- a/linux-hardening/linux-environment-variables.md +++ b/linux-hardening/linux-environment-variables.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Global variables The global variables **will be** inherited by **child processes**. @@ -133,6 +141,12 @@ One background job, one stopped and last command didn't finish correctly: ![](<../.gitbook/assets/image (90).png>) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/mobile-pentesting/android-app-pentesting/android-applications-basics.md index 86b03378e..18e98dc72 100644 --- a/mobile-pentesting/android-app-pentesting/android-applications-basics.md +++ b/mobile-pentesting/android-app-pentesting/android-applications-basics.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Android Security Model **There are two layers:** @@ -407,6 +415,12 @@ if (dpm.isAdminActive(adminComponent)) { } ``` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md index dfd0162bb..6e807fe8d 100644 --- a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md +++ b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Task, Back Stack and Foreground Activities In Android, a **task** is essentially a set of activities that users interact with to complete a specific job, organized within a **back stack**. This stack orders activities based on when they were opened, with the most recent activity displayed at the top as the **foreground activity**. At any moment, only this activity is visible on the screen, making it part of the **foreground task**. @@ -56,6 +64,12 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an * [**https://blog.dixitaditya.com/android-task-hijacking/**](https://blog.dixitaditya.com/android-task-hijacking/) * [**https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html**](https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md index 20bd390a2..5e4820e8b 100644 --- a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md +++ b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + Some applications don't like user downloaded certificates, so in order to inspect web traffic for some apps we actually have to decompile the application & add a few things & recompile it. # Automatic @@ -61,6 +69,12 @@ Finally, you need just to **sign the new application**. [Read this section of th
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Other ways to support HackTricks: diff --git a/mobile-pentesting/android-checklist.md b/mobile-pentesting/android-checklist.md index 53cc87f45..791130ff5 100644 --- a/mobile-pentesting/android-checklist.md +++ b/mobile-pentesting/android-checklist.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### [Learn Android fundamentals](android-app-pentesting/#2-android-application-fundamentals) * [ ] [Basics](android-app-pentesting/#fundamentals-review) @@ -67,6 +75,12 @@ * [ ] [Read here](android-app-pentesting/#obfuscating-deobfuscating-code) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/mobile-pentesting/ios-pentesting-checklist.md b/mobile-pentesting/ios-pentesting-checklist.md index aac02cfeb..5a22bf834 100644 --- a/mobile-pentesting/ios-pentesting-checklist.md +++ b/mobile-pentesting/ios-pentesting-checklist.md @@ -22,6 +22,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### Preparation * [ ] Read [**iOS Basics**](ios-pentesting/ios-basics.md) @@ -110,6 +118,12 @@ Other ways to support HackTricks: * [ ] Check for [**automatic patching/updating**](ios-pentesting/#hot-patching-enforced-updateing) mechanisms * [ ] Check for [**malicious third party libraries**](ios-pentesting/#third-parties) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/43-pentesting-whois.md b/network-services-pentesting/43-pentesting-whois.md index 5eff2164e..82582673b 100644 --- a/network-services-pentesting/43-pentesting-whois.md +++ b/network-services-pentesting/43-pentesting-whois.md @@ -14,6 +14,13 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** # Basic Information @@ -45,6 +52,12 @@ Also, the WHOIS service always needs to use a **database** to store and extract * `port:43 whois` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + # HackTricks Automatic Commands ``` diff --git a/network-services-pentesting/49-pentesting-tacacs+.md b/network-services-pentesting/49-pentesting-tacacs+.md index 79da37bd5..b6f274c9d 100644 --- a/network-services-pentesting/49-pentesting-tacacs+.md +++ b/network-services-pentesting/49-pentesting-tacacs+.md @@ -14,6 +14,14 @@ Other ways to support HackTricks: +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information The **Terminal Access Controller Access Control System (TACACS)** protocol is used to centrally validate users trying to access routers or Network Access Servers (NAS). Its upgraded version, **TACACS+**, separates the services into authentication, authorization, and accounting (AAA). @@ -52,6 +60,11 @@ By gaining access to the control panel of network equipment using the obtained c * [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/7-tcp-udp-pentesting-echo.md b/network-services-pentesting/7-tcp-udp-pentesting-echo.md index 234edbca9..d9925968e 100644 --- a/network-services-pentesting/7-tcp-udp-pentesting-echo.md +++ b/network-services-pentesting/7-tcp-udp-pentesting-echo.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + # Basic Information @@ -48,6 +56,12 @@ Hello echo #This is the response [CA-1996-01 UDP Port Denial-of-Service Attack](http://www.cert.org/advisories/CA-1996-01.html) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/network-services-pentesting/ipsec-ike-vpn-pentesting.md index 13121e1bc..be22f326f 100644 --- a/network-services-pentesting/ipsec-ike-vpn-pentesting.md +++ b/network-services-pentesting/ipsec-ike-vpn-pentesting.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information **IPsec** is widely recognized as the principal technology for securing communications between networks (LAN-to-LAN) and from remote users to the network gateway (remote access), serving as the backbone for enterprise VPN solutions. @@ -282,6 +290,12 @@ Ensure that actual, secure values are used to replace the placeholders when conf * `port:500 IKE` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md index 076a5bf82..7436db2e4 100644 --- a/network-services-pentesting/pentesting-ftp/README.md +++ b/network-services-pentesting/pentesting-ftp/README.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information The **File Transfer Protocol (FTP)** serves as a standard protocol for file transfer across a computer network between a server and a client.\ @@ -237,6 +245,14 @@ The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here, *** +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## HackTricks Automatic Commands ``` diff --git a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md index 22f8e7a2d..3746b725c 100644 --- a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md +++ b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md @@ -14,6 +14,13 @@ Other ways to support HackTricks: +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** # FTP Bounce - Scanning @@ -47,6 +54,12 @@ nmap -Pn -v -p 21,80 -b ftp:ftp@10.2.1.5 127.0.0.1 #Scan ports 21,80 of the FTP nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the internal network (of the FTP) ports 21,22,445,80,443 ``` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
diff --git a/network-services-pentesting/pentesting-imap.md b/network-services-pentesting/pentesting-imap.md index 2db24675b..3dc0ab0bc 100644 --- a/network-services-pentesting/pentesting-imap.md +++ b/network-services-pentesting/pentesting-imap.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Internet Message Access Protocol The **Internet Message Access Protocol (IMAP)** is designed for the purpose of enabling users to **access their email messages from any location**, primarily through an Internet connection. In essence, emails are **retained on a server** rather than being downloaded and stored on an individual's personal device. This means that when an email is accessed or read, it is done **directly from the server**. This capability allows for the convenience of checking emails from **multiple devices**, ensuring that no messages are missed regardless of the device used. @@ -172,6 +180,12 @@ done * `port:143 CAPABILITY` * `port:993 CAPABILITY` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + ## HackTricks Automatic Commands ``` diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md index 0f2647145..4c69adca8 100644 --- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md +++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md @@ -14,6 +14,14 @@ Other ways to support HackTricks: +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information From [wikipedia](https://en.wikipedia.org/wiki/Microsoft\_SQL\_Server): @@ -531,7 +539,13 @@ You probably will be able to **escalate to Administrator** following one of thes * [https://www.netspi.com/blog/technical/network-penetration-testing/hacking-sql-server-stored-procedures-part-2-user-impersonation/](https://www.netspi.com/blog/technical/network-penetration-testing/hacking-sql-server-stored-procedures-part-2-user-impersonation/) * [https://www.netspi.com/blog/technical/network-penetration-testing/executing-smb-relay-attacks-via-sql-server-using-metasploit/](https://www.netspi.com/blog/technical/network-penetration-testing/executing-smb-relay-attacks-via-sql-server-using-metasploit/) * [https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/](https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/) +**Try Hard Security Group** +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** ## HackTricks Automatic Commands diff --git a/network-services-pentesting/pentesting-pop.md b/network-services-pentesting/pentesting-pop.md index ee00c2f0e..c8af53f60 100644 --- a/network-services-pentesting/pentesting-pop.md +++ b/network-services-pentesting/pentesting-pop.md @@ -12,6 +12,14 @@ +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information **Post Office Protocol (POP)** is described as a protocol within the realm of computer networking and the Internet, which is utilized for the extraction and **retrieval of email from a remote mail server**, making it accessible on the local device. Positioned within the application layer of the OSI model, this protocol enables users to fetch and receive email. The operation of **POP clients** typically involves establishing a connection to the mail server, downloading all messages, storing these messages locally on the client system, and subsequently removing them from the server. Although there are three iterations of this protocol, **POP3** stands out as the most prevalently employed version. @@ -103,6 +111,12 @@ From [https://academy.hackthebox.com/module/112/section/1073](https://academy.ha | `auth_verbose_passwords` | Passwords used for authentication are logged and can also be truncated. | | `auth_anonymous_username` | This specifies the username to be used when logging in with the ANONYMOUS SASL mechanism. | +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + ## HackTricks Automatic Commands ``` diff --git a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md index 23bb52896..5397c0042 100644 --- a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md +++ b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md @@ -12,7 +12,13 @@ -### **What is a RID** +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** ### Overview of Relative Identifiers (RID) and Security Identifiers (SID) @@ -97,6 +103,12 @@ done To **understand** better how the tools _**samrdump**_ **and** _**rpcdump**_ works you should read [**Pentesting MSRPC**](../135-pentesting-msrpc.md). +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md index f2e18a2fc..801248888 100644 --- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md +++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### SSRF PHP functions Some function such as **file\_get\_contents(), fopen(), file(), md5\_file()** accept URLs as input that they will follow making **possible SSRF vulnerabilities** if the use can control the data: @@ -66,6 +74,13 @@ $context = stream_context_create($options); $file = file_get_contents($url, false, $context); ``` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/pentesting-web/tomcat.md b/network-services-pentesting/pentesting-web/tomcat.md index a49e5f283..837250b0e 100644 --- a/network-services-pentesting/pentesting-web/tomcat.md +++ b/network-services-pentesting/pentesting-web/tomcat.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Discovery * It usually runs on **port 8080** @@ -258,6 +266,12 @@ msf> use post/windows/gather/enum_tomcat * [https://github.com/simran-sankhala/Pentest-Tomcat](https://github.com/simran-sankhala/Pentest-Tomcat) * [https://hackertarget.com/sample/nexpose-metasploitable-test.pdf](https://hackertarget.com/sample/nexpose-metasploitable-test.pdf) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md index e28e836e3..74a5e56fd 100644 --- a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md +++ b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### Avoid to run with root In order to not run Tomcat with root a very common configuration is to set an Apache server in port 80/443 and, if the requested path matches a regexp, the request is sent to Tomcat running on a different port. @@ -149,6 +157,12 @@ The file shows us what each of the roles `manager-gui`, `manager-script`, `manag * [https://academy.hackthebox.com/module/113/section/1090](https://academy.hackthebox.com/module/113/section/1090) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/bypass-payment-process.md b/pentesting-web/bypass-payment-process.md index 50ee0200d..056d08ac4 100644 --- a/pentesting-web/bypass-payment-process.md +++ b/pentesting-web/bypass-payment-process.md @@ -14,6 +14,13 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** ## Payment Bypass Techniques @@ -45,6 +52,11 @@ If you encounter a parameter that contains a URL, especially one following the p 1. **Intercept Responses**: Use tools to intercept and analyze the responses from the server. Look for any data that might indicate a successful transaction or reveal the next steps in the payment process. 2. **Modify Responses**: Attempt to modify the responses before they are processed by the browser or the application to simulate a successful transaction scenario. +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md index 38a1f480e..38d6cda5b 100644 --- a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md +++ b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information JNDI, integrated into Java since the late 1990s, serves as a directory service, enabling Java programs to locate data or objects through a naming system. It supports various directory services via service provider interfaces (SPIs), allowing data retrieval from different systems, including remote Java objects. Common SPIs include CORBA COS, Java RMI Registry, and LDAP. @@ -470,6 +478,12 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l * [https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/](https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/) * [https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/](https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/h2c-smuggling.md b/pentesting-web/h2c-smuggling.md index d67b47511..7421fc087 100644 --- a/pentesting-web/h2c-smuggling.md +++ b/pentesting-web/h2c-smuggling.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### H2C Smuggling #### HTTP2 Over Cleartext (H2C) @@ -104,6 +112,13 @@ Check the labs to test both scenarios in [https://github.com/0ang3el/websocket-s * [https://bishopfox.com/blog/h2c-smuggling-request](https://bishopfox.com/blog/h2c-smuggling-request) * [https://github.com/0ang3el/websocket-smuggle.git](https://github.com/0ang3el/websocket-smuggle.git) + +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/hacking-with-cookies/README.md b/pentesting-web/hacking-with-cookies/README.md index 30f905673..b23b529b5 100644 --- a/pentesting-web/hacking-with-cookies/README.md +++ b/pentesting-web/hacking-with-cookies/README.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Cookie Attributes Cookies come with several attributes that control their behavior in the user's browser. Here’s a rundown of these attributes in a more passive voice: @@ -263,6 +271,13 @@ There should be a pattern (with the size of a used block). So, knowing how are a * [https://blog.ankursundara.com/cookie-bugs/](https://blog.ankursundara.com/cookie-bugs/) * [https://www.linkedin.com/posts/rickey-martin-24533653\_100daysofhacking-penetrationtester-ethicalhacking-activity-7016286424526180352-bwDd](https://www.linkedin.com/posts/rickey-martin-24533653\_100daysofhacking-penetrationtester-ethicalhacking-activity-7016286424526180352-bwDd) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md index 686847027..0ac4a1316 100644 --- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md +++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## AWS ### Abusing SSRF in AWS EC2 environment @@ -580,6 +588,12 @@ Rancher's metadata can be accessed using: * `curl http://rancher-metadata//` +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md index 6fb48dbb3..8cde1c3c7 100644 --- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md +++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### Localhost ```bash @@ -217,6 +225,12 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing- * [https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25](https://as745591.medium.com/albussec-penetration-list-08-server-side-request-forgery-ssrf-sample-90267f095d25) * [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Request%20Forgery/README.md) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/xs-search/css-injection/README.md b/pentesting-web/xs-search/css-injection/README.md index 93179e864..cc95934b7 100644 --- a/pentesting-web/xs-search/css-injection/README.md +++ b/pentesting-web/xs-search/css-injection/README.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## CSS Injection ### Attribute Selector @@ -481,6 +489,12 @@ So, if the font does not match, the response time when visiting the bot is expec * [https://infosecwriteups.com/exfiltration-via-css-injection-4e999f63097d](https://infosecwriteups.com/exfiltration-via-css-injection-4e999f63097d) * [https://x-c3ll.github.io/posts/CSS-Injection-Primitives/](https://x-c3ll.github.io/posts/CSS-Injection-Primitives/) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md index 437c2e2db..d8555e35f 100644 --- a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md +++ b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md @@ -14,6 +14,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Basic Information A **service worker** is a script run by your browser in the background, separate from any web page, enabling features that don't require a web page or user interaction, thus enhancing **offline and background processing** capabilities. Detailed information on service workers can be found [here](https://developers.google.com/web/fundamentals/primers/service-workers). By exploiting service workers within a vulnerable web domain, attackers can gain control over the victim's interactions with all pages within that domain. @@ -115,6 +123,12 @@ For an example of this check the reference link. * [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/reversing/common-api-used-in-malware.md b/reversing/common-api-used-in-malware.md index 007b33d83..d55280618 100644 --- a/reversing/common-api-used-in-malware.md +++ b/reversing/common-api-used-in-malware.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Generic ### Networking @@ -148,6 +156,12 @@ The malware will unmap the legitimate code from memory of the process and load a * **EAT** (**Export Address Table**) Hooks. This hooks can be done from **userland**. The goal is to hook exported functions by DLLs. * **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the beginning of this. +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/reversing/reversing-tools-basic-methods/README.md b/reversing/reversing-tools-basic-methods/README.md index 0fcbc35cd..3fc30fe42 100644 --- a/reversing/reversing-tools-basic-methods/README.md +++ b/reversing/reversing-tools-basic-methods/README.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## ImGui Based Reversing tools Software: @@ -417,6 +425,12 @@ So, in this challenge, knowing the values of the buttons, you needed to **press * [https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering](https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering) * [https://github.com/malrev/ABD](https://github.com/malrev/ABD) (Binary deobfuscation) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/stego/stego-tricks.md b/stego/stego-tricks.md index 31c270867..f7fe3b2b8 100644 --- a/stego/stego-tricks.md +++ b/stego/stego-tricks.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## **Extracting Data from Files** ### **Binwalk** @@ -229,6 +237,12 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/ * [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) * [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/todo/radio-hacking/flipper-zero/README.md b/todo/radio-hacking/flipper-zero/README.md index d014b9023..40384ae9f 100644 --- a/todo/radio-hacking/flipper-zero/README.md +++ b/todo/radio-hacking/flipper-zero/README.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + With [**Flipper Zero**](https://flipperzero.one/) you can: * **Listen/Capture/Replay radio frequencies:** [**Sub-GHz**](fz-sub-ghz.md) @@ -25,6 +33,12 @@ With [**Flipper Zero**](https://flipperzero.one/) you can: **Other Flipper Zero resources in** [**https://github.com/djsime1/awesome-flipperzer**](https://github.com/djsime1/awesome-flipperzero) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md index a30098897..5fc668863 100644 --- a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md +++ b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Intro Flipper Zero can **receive and transmit radio frequencies in the range of 300-928 MHz** with its built-in module, which can read, save, and emulate remote controls. These controls are used for interaction with gates, barriers, radio locks, remote control switches, wireless doorbells, smart lights, and more. Flipper Zero can help you to learn if your security is compromised. @@ -119,6 +127,12 @@ Get dBms of the saved frequencies * [https://docs.flipperzero.one/sub-ghz](https://docs.flipperzero.one/sub-ghz) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/todo/radio-hacking/proxmark-3.md b/todo/radio-hacking/proxmark-3.md index e7fa4e6c8..4f1a34a17 100644 --- a/todo/radio-hacking/proxmark-3.md +++ b/todo/radio-hacking/proxmark-3.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## Attacking RFID Systems with Proxmark3 The first thing you need to do is to have a [**Proxmark3**](https://proxmark.com) and [**install the software and it's dependencie**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux)[**s**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux). @@ -71,6 +79,13 @@ proxmark3> script run mfkeys You can create a script to **fuzz tag readers**, so copying the data of a **valid card** just write a **Lua script** that **randomize** one or more random **bytes** and check if the **reader crashes** with any iteration. +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/windows-hardening/checklist-windows-privilege-escalation.md b/windows-hardening/checklist-windows-privilege-escalation.md index 9193333f9..b04e6a603 100644 --- a/windows-hardening/checklist-windows-privilege-escalation.md +++ b/windows-hardening/checklist-windows-privilege-escalation.md @@ -14,6 +14,14 @@ Other ways to support HackTricks:
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ### **Best tool to look for Windows local privilege escalation vectors:** [**WinPEAS**](https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS) ### [System Info](windows-local-privilege-escalation/#system-info) @@ -123,6 +131,12 @@ Other ways to support HackTricks: * [ ] Check if you can abuse it +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! diff --git a/windows-hardening/lateral-movement/dcom-exec.md b/windows-hardening/lateral-movement/dcom-exec.md index aabb5e8e1..adc4c96b4 100644 --- a/windows-hardening/lateral-movement/dcom-exec.md +++ b/windows-hardening/lateral-movement/dcom-exec.md @@ -12,6 +12,14 @@
+**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} + +*** + ## MMC20.Application **For more info about this technique chech the original post from [https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/](https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/)** @@ -126,6 +134,12 @@ SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe * [https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/](https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/) * [https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/](https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/) +**Try Hard Security Group** + +
+ +{% embed url="https://discord.gg/tryhardsecurity" %} +
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!