.png)
.png)
 (1).png)
 (1) (2).png)
.png)
+.png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -195,7 +195,7 @@ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md b/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md
index ee2e6f68c..d86515fc1 100644
--- a/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md
+++ b/ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md
@@ -1,25 +1,20 @@
-
+# hc0n Christmas CTF - 2019
.png)
+.png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -265,7 +265,7 @@ Opera **stores browser history and download data in the exact same format as Goo
* **Browser’s built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences`
* **fraud\_protection\_enabled** should be **true**
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
index 13c87af2f..2982fc3d6 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -111,7 +111,7 @@ Other tables inside this database contain more interesting information:
* **deleted\_fields**: Dropbox deleted files
* **date\_added**
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
index cd345e863..31164bdf5 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
index 5eda26359..60f946006 100644
--- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
+++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/generic-methodologies-and-resources/brute-force.md b/generic-methodologies-and-resources/brute-force.md
index b3a3e794d..63f38121a 100644
--- a/generic-methodologies-and-resources/brute-force.md
+++ b/generic-methodologies-and-resources/brute-force.md
@@ -1,6 +1,6 @@
# Brute Force - CheatSheet
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -77,7 +77,7 @@ python3 cupp.py -h
* [**https://github.com/google/fuzzing/tree/master/dictionaries**](https://github.com/carlospolop/hacktricks/tree/95b16dc7eb952272459fc877e4c9d0777d746a16/google/fuzzing/tree/master/dictionaries/README.md)
* [**https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm**](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm)
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -432,7 +432,7 @@ set PASS_FILE /usr/share/metasploit-framework/data/wordlists/passwords.lst
crackmapexec winrm .png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
Dump of traffic during a neighborhood disruption
.png)
Dump of traffic during a neighborhood disruption
.png)
GW1 router endlessly disconnects and reconnects EIGRP
.png)
GW1 router endlessly disconnects and reconnects EIGRP
.png)
Routing table overflows on GW1 router
.png)
Routing table overflows on GW1 router
.png)
Overloaded router CPU
.png)
Overloaded router CPU
.png)
.png)
.png)
.png)
GLBP Ads
.png)
GLBP Ads
.png)
GLBP Advertisement from first router
.png)
GLBP Advertisement from first router
.png)
Loki found GLBP ads from two routers
.png)
Loki found GLBP ads from two routers
.png)
.png)
.png)
The structure of a malicious GLBP injection
.png)
The structure of a malicious GLBP injection
.png)
.png)
.png)
HSRP Ads
.png)
HSRP Ads
.png)
First HSRP router
.png)
First HSRP router
.png)
Second HSRP router
.png)
Second HSRP router
.png)
Extracted MD5 hashes from HSRP traffic dump
.png)
Extracted MD5 hashes from HSRP traffic dump
.png)
Cracked HSRP domain password
.png)
Cracked HSRP domain password
.png)
Loki detected HSRP ads
.png)
Loki detected HSRP ads
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
+.png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -508,7 +508,7 @@ If you only have `hostIPC=true`, you most likely can't do much. If any process o
The second technique explained in the post [https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files).
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -557,7 +557,7 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new
* [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket)
* [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
index 49cb45032..ecdc8b1f9 100644
--- a/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
+++ b/linux-hardening/privilege-escalation/interesting-groups-linux-pe/README.md
@@ -1,25 +1,20 @@
-
+# Interesting Groups - Linux PE
.png)
+.png)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -310,7 +310,7 @@ If you are inside a filesystem with the **read-only and noexec protections** the
* [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)
* [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/android-app-pentesting/README.md b/mobile-pentesting/android-app-pentesting/README.md
index 79cda952a..ec4016af1 100644
--- a/mobile-pentesting/android-app-pentesting/README.md
+++ b/mobile-pentesting/android-app-pentesting/README.md
@@ -1,6 +1,6 @@
# Android Applications Pentesting
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -56,7 +56,7 @@ package:/data/app/com.android.insecurebankv2-Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
```
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -237,7 +237,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
[content-protocol.md](content-protocol.md)
{% endcontent-ref %}
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -485,7 +485,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
* **Eternal cookies**: In several cases when the android application finish the session the cookie isn't revoked or it could be even saved to disk
* [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -499,7 +499,7 @@ Get Access Today:
**Static analysis**
- (1).png>)
+.png>)
**Vulnerability assessment of the application** using a nice web-based frontend. You can also perform dynamic analysis (but you need to prepare the environment).
@@ -639,7 +639,7 @@ super-analyzer {apk_file}
### [StaCoAn](https://github.com/vincentcox/StaCoAn)
- (1).png>)
+.png>)
StaCoAn is a **crossplatform** tool which aids developers, bugbounty hunters and ethical hackers performing [static code analysis](https://en.wikipedia.org/wiki/Static\_program\_analysis) on mobile applications\*.
@@ -692,7 +692,7 @@ It is able to:
Useful to detect malware: [https://koodous.com/](https://koodous.com)
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -783,7 +783,7 @@ For more information visit:
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
diff --git a/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md b/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
index 9d73a15be..8877d2038 100644
--- a/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
+++ b/mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -86,7 +86,7 @@ After installing Certificate SSL endpoints also working fine tested using → [h
After installing the certificate this way Firefox for Android won't use it (based on my tests), so use a different browser.
{% endhint %}
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md b/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
index 17ade4c88..01b37809f 100644
--- a/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
+++ b/mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md
@@ -39,7 +39,7 @@ brew install openjdk@8
If you installed Android Studio, you can just open the main project view and access: _**Tools**_ --> _**AVD Manager.**_
- (1).png>)
+.png>)
Then, click on _**Create Virtual Device**_, _**select** the phone you want to use_ and click on _**Next.**_\
\_\_In the current view you are going to be able to **select and download the Android image** that the phone is going to run:
diff --git a/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md b/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
index f71bce09c..7cc98004c 100644
--- a/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
+++ b/mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md
@@ -131,7 +131,7 @@ Knowing the name of the columns you could also **modify the entries**:
It is simple to test for SQL injection **(SQLite)** by manipulating the **projection** and **selection fields** that are passed to the content provider.\
When quering the Content Provider there are 2 interesting arguments to search for information: _--selection_ and _--projection_:
-.png>)
+ (1).png>)
You can try to **abuse** this **parameters** to test for **SQL injections**:
diff --git a/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md b/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
index 9c587e918..9b4244cf6 100644
--- a/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
+++ b/mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md
@@ -62,7 +62,7 @@ Some interesting information (like passwords or paths) could be find inside the
env
```
- (1).png>)
+.png>)
#### Frida Information
@@ -148,7 +148,7 @@ Lets start looking for classes inside our application
android hooking search classes asvid.github.io.fridaapp
```
- (1).png>)
+.png>)
#### Search Methods of a class
@@ -249,15 +249,15 @@ memory dump from_base
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -118,7 +118,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/ios-pentesting/README.md b/mobile-pentesting/ios-pentesting/README.md
index f4529a441..3497e9dc1 100644
--- a/mobile-pentesting/ios-pentesting/README.md
+++ b/mobile-pentesting/ios-pentesting/README.md
@@ -1,6 +1,6 @@
# iOS Pentesting
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -382,7 +382,7 @@ struct CGSize {
However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/).
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -742,7 +742,7 @@ Jun 7 13:42:14 iPhone touch[9708]
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -1166,7 +1166,7 @@ You can find the **libraries used by an application** by running **`otool`** aga
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
* [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
index 272da090d..341928017 100644
--- a/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
+++ b/mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -118,7 +118,7 @@ Steps to configure Burp as proxy:
* Click on _**Ok**_ and the in _**Apply**_
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/1099-pentesting-java-rmi.md b/network-services-pentesting/1099-pentesting-java-rmi.md
index 04f16a7e1..0e8ff4223 100644
--- a/network-services-pentesting/1099-pentesting-java-rmi.md
+++ b/network-services-pentesting/1099-pentesting-java-rmi.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -323,7 +323,7 @@ Entry_1:
Command: rmg enum {IP} {PORT}
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/113-pentesting-ident.md b/network-services-pentesting/113-pentesting-ident.md
index 72bebbba9..132079fbe 100644
--- a/network-services-pentesting/113-pentesting-ident.md
+++ b/network-services-pentesting/113-pentesting-ident.md
@@ -4,15 +4,11 @@
 (1) (1) (1).png)
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
{% embed url="https://www.stmcyber.com/careers" %}
-{% endhint %}
## Basic Information
@@ -45,7 +39,7 @@ service rabbitmq-server restart
Once you have correctly authenticated you will see the admin console:
-.png>)
+ (1).png>)
Also, if you have valid credentials you may find interesting the information of `http://localhost:15672/api/connections`
@@ -66,26 +60,20 @@ Content-Length: 267
* `port:15672 http`
-{% hint style="danger" %}
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
{% embed url="https://www.stmcyber.com/careers" %}
-{% endhint %}
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
 (3).png)
.png)
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -86,7 +86,7 @@ Command line tool to brute-force websites using cookies crafted with flask-unsig
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/pentesting-web/graphql.md b/network-services-pentesting/pentesting-web/graphql.md
index 2597cf435..e2f805fde 100644
--- a/network-services-pentesting/pentesting-web/graphql.md
+++ b/network-services-pentesting/pentesting-web/graphql.md
@@ -48,7 +48,7 @@ With this query you will find the name of all the types being used:
With this query you can extract all the types, it's fields, and it's arguments (and the type of the args). This will be very useful to know how to query the database.
-.png>)
+ (3).png>)
**Errors**
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
index 635decc44..777af9cea 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/README.md
@@ -40,7 +40,7 @@ If `==` is used in PHP, then there are unexpected cases where the comparison doe
PHP comparison tables: [https://www.php.net/manual/en/types.comparisons.php](https://www.php.net/manual/en/types.comparisons.php)
- (1).png>)
+.png>)
{% file src="../../../.gitbook/assets/EN-PHP-loose-comparison-Type-Juggling-OWASP (1).pdf" %}
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
index 6ac5e53f0..07c6bfcfa 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md
@@ -142,9 +142,9 @@ foreach($file_list as $f){
If you want to **learn more about PHP-FPM and FastCGI** you can read the [first section of this page](disable\_functions-bypass-php-fpm-fastcgi.md).\
If **`php-fpm`** is configured you can abuse it to completely bypass **open\_basedir**:
- (1).png>)
+.png>)
- (1).png>)
+.png>)
Note that the first thing you need to do is find where is the **unix socket of php-fpm**. It use to be under `/var/run` so you can **use the previous code to list the directory and find it**.\
Code from [here](https://balsn.tw/ctf\_writeup/20190323-0ctf\_tctf2019quals/#wallbreaker-easy).
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
index ea85ffe31..df0f43936 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md
@@ -45,7 +45,7 @@ I'm not sure if this is working in modern versions because I tried once and it d
Using [Gopherus](https://github.com/tarunkant/Gopherus) you can generate a payload to send to the FastCGI listener and execute arbitrary commands:
- (1).png>)
+.png>)
Then, you can grab the urlencoded payload and decode it and transform to base64, \[**using this recipe of cyberchef for example**]\([http://icyberchef.com/#recipe=URL\_Decode%28%29To\_Base64%28'A-Za-z0-9%2B/%3D'%29\&input=JTAxJTAxJTAwJTAxJTAwJTA4JTAwJTAwJTAwJTAxJTAwJTAwJTAwJTAwJTAwJTAwJTAxJTA0JTAwJTAxJTAxJTA0JTA0JTAwJTBGJTEwU0VSVkVSX1NPRlRXQVJFZ28lMjAvJTIwZmNnaWNsaWVudCUyMCUwQiUwOVJFTU9URV9BRERSMTI3LjAuMC4xJTBGJTA4U0VSVkVSX1BST1RPQ09MSFRUUC8xLjElMEUlMDJDT05URU5UX0xFTkdUSDc2JTBFJTA0UkVRVUVTVF9NRVRIT0RQT1NUJTA5S1BIUF9WQUxVRWFsbG93X3VybF9pbmNsdWRlJTIwJTNEJTIwT24lMEFkaXNhYmxlX2Z1bmN0aW9ucyUyMCUzRCUyMCUwQWF1dG9fcHJlcGVuZF9maWxlJTIwJTNEJTIwcGhwJTNBLy9pbnB1dCUwRiUxN1NDUklQVF9GSUxFTkFNRS92YXIvd3d3L2h0bWwvaW5kZXgucGhwJTBEJTAxRE9DVU1FTlRfUk9PVC8lMDAlMDAlMDAlMDAlMDElMDQlMDAlMDElMDAlMDAlMDAlMDAlMDElMDUlMDAlMDElMDBMJTA0JTAwJTNDJTNGcGhwJTIwc3lzdGVtJTI4JTI3d2hvYW1pJTIwJTNFJTIwL3RtcC93aG9hbWkudHh0JTI3JTI5JTNCZGllJTI4JTI3LS0tLS1NYWRlLWJ5LVNweUQzci0tLS0tJTBBJTI3JTI5JTNCJTNGJTNFJTAwJTAwJTAwJTAw](http://icyberchef.com/#recipe=URL\_Decode%28%29To\_Base64%28'A-Za-z0-9%2B/%3D'%29\&input=JTAxJTAxJTAwJTAxJTAwJTA4JTAwJTAwJTAwJTAxJTAwJTAwJTAwJTAwJTAwJTAwJTAxJTA0JTAwJTAxJTAxJTA0JTA0JTAwJTBGJTEwU0VSVkVSX1NPRlRXQVJFZ28lMjAvJTIwZmNnaWNsaWVudCUyMCUwQiUwOVJFTU9URV9BRERSMTI3LjAuMC4xJTBGJTA4U0VSVkVSX1BST1RPQ09MSFRUUC8xLjElMEUlMDJDT05URU5UX0xFTkdUSDc2JTBFJTA0UkVRVUVTVF9NRVRIT0RQT1NUJTA5S1BIUF9WQUxVRWFsbG93X3VybF9pbmNsdWRlJTIwJTNEJTIwT24lMEFkaXNhYmxlX2Z1bmN0aW9ucyUyMCUzRCUyMCUwQWF1dG9fcHJlcGVuZF9maWxlJTIwJTNEJTIwcGhwJTNBLy9pbnB1dCUwRiUxN1NDUklQVF9GSUxFTkFNRS92YXIvd3d3L2h0bWwvaW5kZXgucGhwJTBEJTAxRE9DVU1FTlRfUk9PVC8lMDAlMDAlMDAlMDAlMDElMDQlMDAlMDElMDAlMDAlMDAlMDAlMDElMDUlMDAlMDElMDBMJTA0JTAwJTNDJTNGcGhwJTIwc3lzdGVtJTI4JTI3d2hvYW1pJTIwJTNFJTIwL3RtcC93aG9hbWkudHh0JTI3JTI5JTNCZGllJTI4JTI3LS0tLS1NYWRlLWJ5LVNweUQzci0tLS0tJTBBJTI3JTI5JTNCJTNGJTNFJTAwJTAwJTAwJTAw)). And then copy/pasting the abse64 in this php code:
@@ -419,7 +419,7 @@ Using the previous function you will see that the function **`system`** is **sti
.png>)
- (1).png>)
+.png>)
**So, I think that you can only set `disable_functions` via php `.ini` config files and the PHP\_VALUE won't override that setting.**
diff --git a/network-services-pentesting/pentesting-web/put-method-webdav.md b/network-services-pentesting/pentesting-web/put-method-webdav.md
index d74ef27b8..d9f3b1aa9 100644
--- a/network-services-pentesting/pentesting-web/put-method-webdav.md
+++ b/network-services-pentesting/pentesting-web/put-method-webdav.md
@@ -1,28 +1,22 @@
# WebDav
-{% hint style="danger" %}
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-{% endhint %}
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -133,7 +133,7 @@ AutoRepeater Burp Extension: Add a replacement rule
* `Match: v2 (higher version)`
* `Replace: v1 (lower version)`
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -223,7 +223,7 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
* [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API.
* [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/network-services-pentesting/pentesting-web/wordpress.md b/network-services-pentesting/pentesting-web/wordpress.md
index 323fc2ce0..605104088 100644
--- a/network-services-pentesting/pentesting-web/wordpress.md
+++ b/network-services-pentesting/pentesting-web/wordpress.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -93,7 +93,7 @@ curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-conten
curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -267,7 +267,7 @@ Try to access _https://worpress-site.com/wp-json/oembed/1.0/proxy?url=ybdk28vjsa
This is the response when it doesn't work:
-.png>)
+ (1).png>)
### SSRF
@@ -283,7 +283,7 @@ wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detec
#You can try to bruteforce the admin user using wpscan with "-U admin"
```
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -425,7 +425,7 @@ Also, **only install trustable WordPress plugins and themes**.
* **Limit login attempts** to prevent Brute Force attacks
* Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/cache-deception.md b/pentesting-web/cache-deception.md
index 8feedd2f4..d81e261f5 100644
--- a/pentesting-web/cache-deception.md
+++ b/pentesting-web/cache-deception.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -123,7 +123,7 @@ The [Web Cache Vulnerability Scanner](https://github.com/Hackmanit/Web-Cache-Vul
Example usage: `wcvs -u example.com`
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -227,7 +227,7 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
* [https://youst.in/posts/cache-poisoning-at-scale/](https://youst.in/posts/cache-poisoning-at-scale/)
* [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/clickjacking.md b/pentesting-web/clickjacking.md
index 15a867a40..d3c2a07b7 100644
--- a/pentesting-web/clickjacking.md
+++ b/pentesting-web/clickjacking.md
@@ -12,7 +12,7 @@
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -175,7 +175,7 @@ See the following documentation for further details and more complex examples:
* [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking)
* [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/command-injection.md b/pentesting-web/command-injection.md
index 6818afdee..273dc6178 100644
--- a/pentesting-web/command-injection.md
+++ b/pentesting-web/command-injection.md
@@ -1,30 +1,22 @@
# Command Injection
-{% hint style="danger" %}
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-{% endhint %}
-
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -67,7 +67,7 @@ All of them vulnerable to subdomain takeover. All of them were big brands. Talki
Nevertheless, recent phishing campaigns host content on domains with long domain names that include name of the brand (see [Apple example](https://www.phishtank.com/target\_search.php?target\_id=183\&valid=y\&active=All\&Search=Search)). Having valid SSL certificate (more on that below), keyword in domain name and website which mimics the website of targeted brand, people tend to fall into these attacks. Think about chances with a legitimate subdomain of this brand.
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
@@ -159,7 +159,7 @@ Until next time!
[Patrik](https://twitter.com/0xpatrik)
-
+
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
diff --git a/pentesting-web/email-injections.md b/pentesting-web/email-injections.md
index 1671cf9ce..8dd4d6902 100644
--- a/pentesting-web/email-injections.md
+++ b/pentesting-web/email-injections.md
@@ -1,28 +1,22 @@
# Email Injections
-{% hint style="danger" %}
- (1).png>)
+ (1) (2).png>)
\
Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
-{% endhint %}