GitBook: [master] 403 pages and 64 assets modified

This commit is contained in:
CPol 2020-11-30 15:34:43 +00:00 committed by gitbook-bot
parent 968dd31998
commit 4575638508
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
55 changed files with 27 additions and 25 deletions

View file

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 21 KiB

View file

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 72 KiB

View file

Before

Width:  |  Height:  |  Size: 72 KiB

After

Width:  |  Height:  |  Size: 72 KiB

View file

Before

Width:  |  Height:  |  Size: 158 KiB

After

Width:  |  Height:  |  Size: 158 KiB

View file

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

View file

Before

Width:  |  Height:  |  Size: 17 KiB

After

Width:  |  Height:  |  Size: 17 KiB

View file

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

View file

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

View file

Before

Width:  |  Height:  |  Size: 1.1 MiB

After

Width:  |  Height:  |  Size: 1.1 MiB

View file

Before

Width:  |  Height:  |  Size: 82 KiB

After

Width:  |  Height:  |  Size: 82 KiB

View file

Before

Width:  |  Height:  |  Size: 123 KiB

After

Width:  |  Height:  |  Size: 123 KiB

View file

Before

Width:  |  Height:  |  Size: 34 KiB

After

Width:  |  Height:  |  Size: 34 KiB

View file

Before

Width:  |  Height:  |  Size: 58 KiB

After

Width:  |  Height:  |  Size: 58 KiB

View file

Before

Width:  |  Height:  |  Size: 5.2 KiB

After

Width:  |  Height:  |  Size: 5.2 KiB

View file

Before

Width:  |  Height:  |  Size: 783 KiB

After

Width:  |  Height:  |  Size: 783 KiB

View file

Before

Width:  |  Height:  |  Size: 161 KiB

After

Width:  |  Height:  |  Size: 161 KiB

View file

Before

Width:  |  Height:  |  Size: 185 KiB

After

Width:  |  Height:  |  Size: 185 KiB

View file

Before

Width:  |  Height:  |  Size: 1.4 KiB

After

Width:  |  Height:  |  Size: 1.4 KiB

View file

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

View file

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

View file

Before

Width:  |  Height:  |  Size: 24 KiB

After

Width:  |  Height:  |  Size: 24 KiB

View file

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

View file

Before

Width:  |  Height:  |  Size: 3.2 MiB

After

Width:  |  Height:  |  Size: 3.2 MiB

View file

Before

Width:  |  Height:  |  Size: 90 KiB

After

Width:  |  Height:  |  Size: 90 KiB

View file

Before

Width:  |  Height:  |  Size: 813 KiB

After

Width:  |  Height:  |  Size: 813 KiB

View file

Before

Width:  |  Height:  |  Size: 134 KiB

After

Width:  |  Height:  |  Size: 134 KiB

View file

@ -10,7 +10,7 @@ dht udp "DHT Nodes"
![](.gitbook/assets/image%20%28182%29.png)
![](.gitbook/assets/image%20%28345%29.png)
![](.gitbook/assets/image%20%28345%29%20%282%29.png)
InfluxDB

View file

@ -20,7 +20,7 @@ Don't forget to **give ⭐ on the github** to motivate me to continue developing
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29.png)
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%286%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

View file

@ -20,7 +20,7 @@ Find as much information about the target as you can and generate a custom dicti
### Crunch
```text
```bash
crunch 4 6 0123456789ABCDEF -o crunch1.txt #From length 4 to 6 using that alphabet
crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha # Only length 4 using charset mixalpha (inside file charset.lst)
@ -112,6 +112,7 @@ medusa -u root -P 500-worst-passwords.txt -h <IP> -M ftp
```bash
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst sizzle.htb.local http-get /certsrv/
# Use https-get mode for httpS
medusa -h <IP> -u <username> -P <passwords.txt> -M http -m DIR:/path/to/auth -T 10
```
@ -119,6 +120,7 @@ medusa -h <IP> -u <username> -P <passwords.txt> -M http -m DIR:/path/to/auth -
```bash
hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst domain.htb http-post-form "/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect" -V
# Use https-post-form mode for httpS
```
For http**s** you have to change from "http-post-form" to "**https-post-form"**

View file

@ -8,7 +8,7 @@ This machine was categorised as easy and it was pretty easy.
I started **enumerating the machine using my tool** [**Legion**](https://github.com/carlospolop/legion):
![](../../.gitbook/assets/image%20%2861%29.png)
![](../../.gitbook/assets/image%20%2879%29.png)
In as you can see 2 ports are open: 80 \(**HTTP**\) and 22 \(**SSH**\)

View file

@ -45,7 +45,7 @@ DebuggableAttribute.DebuggingModes.EnableEditAndContinue)]
And click on **compile**:
![](../.gitbook/assets/image%20%28144%29.png)
![](../.gitbook/assets/image%20%28314%29.png)
Then save the new file on _**File &gt;&gt; Save module...**_:

View file

@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%284%29.png)
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

View file

@ -198,7 +198,7 @@ However there are **a lot of different command line useful options** that you ca
First of all you need to download the Der certificate from Burp. You can do this in _**Proxy**_ --&gt; _**Options**_ --&gt; _**Import / Export CA certificate**_
![](../../.gitbook/assets/image%20%28367%29.png)
![](../../.gitbook/assets/image%20%28367%29%20%281%29.png)
**Export the certificate in Der format** and lets **transform** it to a form that **Android** is going to be able to **understand.** Note that **in order to configure the burp certificate on the Android machine in AVD** you need to **run** this machine **with** the **`-writable-system`** option.
For example you can run it like:

View file

@ -59,7 +59,7 @@ content://com.mwr.example.sieve.DBContentProvider/Passwords/
You should also check the **ContentProvider code** to search for queries:
![](../../../.gitbook/assets/image%20%28152%29.png)
![](../../../.gitbook/assets/image%20%28121%29%20%281%29.png)
Also, if you can't find full queries you could **check which names are declared by the ContentProvider** on the `onCreate` method:
@ -76,7 +76,7 @@ When checking the code of the Content Provider **look** also for **functions** n
![](../../../.gitbook/assets/image%20%28211%29.png)
![](../../../.gitbook/assets/image%20%28254%29.png)
![](../../../.gitbook/assets/image%20%28254%29%20%281%29.png)
Because you will be able to call them

View file

@ -60,7 +60,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67.png)
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

View file

@ -132,7 +132,7 @@ Check also the page about [**NTLM**](windows/ntlm/), it could be very useful to
* [**CBC-MAC**](crypto/cipher-block-chaining-cbc-mac-priv.md)
* [**Padding Oracle**](crypto/padding-oracle-priv.md)
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%281%29.png)
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%281%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)

View file

@ -14,7 +14,7 @@ The following properties or combination of properties apply to ViewState informa
## **Test Cases**
![](../../.gitbook/assets/image%20%2873%29.png)
![](../../.gitbook/assets/image%20%28309%29.png)
### Test Case: 1 EnableViewStateMac=false and viewStateEncryptionMode=false

View file

@ -149,7 +149,7 @@ You can download [**GadgetProbe**](https://github.com/BishopFox/GadgetProbe) fro
Inside the github, [**GadgetProbe has some wordlists**](https://github.com/BishopFox/GadgetProbe/tree/master/wordlists) ****with Java classes for being tested.
![](../../.gitbook/assets/intruder4%20%281%29.gif)
![](../../.gitbook/assets/intruder4%20%281%29%20%281%29.gif)
### More Information

View file

@ -4,7 +4,7 @@
First of all, we need to understand `Object`in JavaScript. An object is simply a collection of key and value pairs, often called properties of that object. For example:
![](../../.gitbook/assets/image%20%28398%29.png)
![](../../.gitbook/assets/image%20%28389%29%20%281%29.png)
In Javascript, `Object`is a basic object, the template for all newly created objects. It is possible to create an empty object by passing `null`to `Object.create`. However, the newly created object will also have a type that corresponds to the passed parameter and inherits all the basic properties.

View file

@ -72,7 +72,7 @@ Then, a malicious user could insert a different Unicode character equivalent to
You could use one of the following characters to trick the webapp and exploit a XSS:
![](../.gitbook/assets/image%20%2895%29.png)
![](../.gitbook/assets/image%20%28312%29.png)
Notice that for example the first Unicode character purposed can be sent as: `%e2%89%ae` or as `%u226e`

View file

@ -126,7 +126,7 @@ Once administrative access to the BMC is obtained, there are a number of methods
![](https://blog.rapid7.com/content/images/post-images/27966/ipmi_boot.png)
![](../.gitbook/assets/image%20%28198%29.png)
![](../.gitbook/assets/image%20%28202%29.png)
## Exploiting the BMC from the Host

View file

@ -45,7 +45,7 @@ responder -I <Iface> --wpad
Responder is going to **impersonate all the service using the mentioned protocols**. Once some user try to access a service being resolved using those protocols, **he will try to authenticate against Responde**r and Responder will be able to **capture** the "credentials" \(most probably a **NTLMv2 Challenge/Response**\):
![](../../.gitbook/assets/poison.jpg)
![](../../.gitbook/assets/poison%20%281%29.jpg)
## **Inveigh**
@ -77,7 +77,7 @@ If you want to use **MultiRelay**, go to _**/usr/share/responder/tools**_ and ex
python MultiRelay.py -t <IP target> -u ALL #If "ALL" then all users are relayed
```
![](../../.gitbook/assets/image%20%28153%29.png)
![](../../.gitbook/assets/image%20%28209%29.png)
### Post-Exploitation \(MultiRelay\)

View file

@ -241,7 +241,7 @@ Some really bad implementations allowed the Null PIN to connect \(very weird als
All the proposed WPS attacks can be easily performed using _**airgeddon.**_
![](../../../.gitbook/assets/image%20%28260%29.png)
![](../../../.gitbook/assets/image%20%28201%29%20%281%29.png)
* 5 and 6 lets you try **your custom PIN** \(if you have any\)
* 7 and 8 perform the **Pixie Dust attack**

View file

@ -24,7 +24,7 @@ Accessing _/user/&lt;number&gt;_ you can see the number of existing users, in th
![](../../.gitbook/assets/image%20%2826%29.png)
![](../../.gitbook/assets/image%20%28158%29.png)
![](../../.gitbook/assets/image%20%28227%29.png)
## Hidden pages enumeration

View file

@ -102,7 +102,7 @@ Below you can find the simplest demonstration of an application authentication r
As we can see from the response screenshot, the first and the third requests returned _null_ and reflected the corresponding information in the _error_ section. The **second mutation had the correct authentication** data and the response has the correct authentication session token.
![](../../.gitbook/assets/image%20%2867%29.png)
![](../../.gitbook/assets/image%20%28119%29.png)
## Tools

View file

@ -183,7 +183,7 @@ It is recommended to disable Wp-Cron and create a real cronjob inside the host t
</methodCall>
```
![](../../.gitbook/assets/image%20%2890%29.png)
![](../../.gitbook/assets/image%20%28107%29.png)
![](../../.gitbook/assets/image%20%28224%29.png)

View file

@ -396,7 +396,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%282%29.png)
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%282%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

View file

@ -37,7 +37,7 @@ If you don't want to wait an hour you can use a PS script to make the restore ha
Note the spotless' user membership:
![](../../.gitbook/assets/a1.png)
![](../../.gitbook/assets/1%20%282%29.png)
However, we can still add new users:

View file

@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%283%29.png)
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%283%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*