diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png index f9a051e20..e70bceed6 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png index e70bceed6..d798d9edc 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png index d798d9edc..1ec78aebd 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png index 1ec78aebd..020fb69e2 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png index 020fb69e2..e3657baf3 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png index e3657baf3..f95e8e4d5 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png index f95e8e4d5..9dcb86f81 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1) (1).png index 9dcb86f81..f3314db22 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1) (1).png index f3314db22..7a07c3343 100644 Binary files a/.gitbook/assets/image (1) (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1) (1).png b/.gitbook/assets/image (1) (1) (1).png index 7a07c3343..b40c8ed4a 100644 Binary files a/.gitbook/assets/image (1) (1) (1).png and b/.gitbook/assets/image (1) (1) (1).png differ diff --git a/.gitbook/assets/image (1) (1).png b/.gitbook/assets/image (1) (1).png index b40c8ed4a..977c3f327 100644 Binary files a/.gitbook/assets/image (1) (1).png and b/.gitbook/assets/image (1) (1).png differ diff --git a/.gitbook/assets/image (1).png b/.gitbook/assets/image (1).png index 977c3f327..0b2fb1ac2 100644 Binary files a/.gitbook/assets/image (1).png and b/.gitbook/assets/image (1).png differ diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png index 0b2fb1ac2..02f2bc2fe 100644 Binary files a/.gitbook/assets/image.png and b/.gitbook/assets/image.png differ diff --git a/README.md b/README.md index cd410b988..f07918b52 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Get Access Today: ### [HACKENPROOF](https://bit.ly/3xrrDrL) -
+
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters! @@ -79,7 +79,7 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to ### [Pentest-Tools.com](https://pentest-tools.com/?utm\_term=jul2024\&utm\_medium=link\&utm\_source=hacktricks\&utm\_campaign=spons) - The essential penetration testing toolkit -
+
**Get a hacker's perspective on your web apps, network, and cloud** @@ -87,9 +87,6 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to {% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} - -{% endembed %} - *** ### [SerpApi](https://serpapi.com/) diff --git a/binary-exploitation/format-strings/README.md b/binary-exploitation/format-strings/README.md index 331da0352..bfe350c30 100644 --- a/binary-exploitation/format-strings/README.md +++ b/binary-exploitation/format-strings/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -259,7 +259,7 @@ It's possible to abuse the write actions of a format string vulnerability to **w * [https://guyinatuxedo.github.io/10-fmt\_strings/tw16\_greeting/index.html](https://guyinatuxedo.github.io/10-fmt\_strings/tw16\_greeting/index.html) * 32 bit, relro, no canary, nx, no pie, format string to write an address inside main in `.fini_array` (so the flow loops back 1 more time) and write the address to `system` in the GOT table pointing to `strlen`. When the flow goes back to main, `strlen` is executed with user input and pointing to `system`, it will execute the passed commands. -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/binary-exploitation/libc-heap/README.md b/binary-exploitation/libc-heap/README.md index 346f38fb9..56b38d4bd 100644 --- a/binary-exploitation/libc-heap/README.md +++ b/binary-exploitation/libc-heap/README.md @@ -498,11 +498,11 @@ int main() { Debugging the previous example it's possible to see how at the beginning there is only 1 arena: -
+
Then, after calling the first thread, the one that calls malloc, a new arena is created: -
+
and inside of it some chunks can be found: diff --git a/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md b/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md index 7da139c60..b3ee0b557 100644 --- a/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md +++ b/binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md @@ -41,7 +41,7 @@ This gadget basically allows to confirm that something interesting was executed This technique uses the [**ret2csu**](ret2csu.md) gadget. And this is because if you access this gadget in the middle of some instructions you get gadgets to control **`rsi`** and **`rdi`**: -

https://www.scs.stanford.edu/brop/bittau-brop.pdf

+

https://www.scs.stanford.edu/brop/bittau-brop.pdf

These would be the gadgets: diff --git a/generic-methodologies-and-resources/external-recon-methodology/README.md b/generic-methodologies-and-resources/external-recon-methodology/README.md index 0090c408b..d24224499 100644 --- a/generic-methodologies-and-resources/external-recon-methodology/README.md +++ b/generic-methodologies-and-resources/external-recon-methodology/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -731,7 +731,7 @@ There are several tools out there that will perform part of the proposed actions * All free courses of [**@Jhaddix**](https://twitter.com/Jhaddix) like [**The Bug Hunter's Methodology v4.0 - Recon Edition**](https://www.youtube.com/watch?v=p4JgIu1mceI) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/generic-methodologies-and-resources/pentesting-methodology.md b/generic-methodologies-and-resources/pentesting-methodology.md index afb7e7879..eedf6a373 100644 --- a/generic-methodologies-and-resources/pentesting-methodology.md +++ b/generic-methodologies-and-resources/pentesting-methodology.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -151,7 +151,7 @@ Check also the page about [**NTLM**](../windows-hardening/ntlm/), it could be ve * [**CBC-MAC**](../crypto-and-stego/cipher-block-chaining-cbc-mac-priv.md) * [**Padding Oracle**](../crypto-and-stego/padding-oracle-priv.md) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md b/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md index 356319bff..bc9ff2b33 100644 --- a/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md +++ b/linux-hardening/bypass-bash-restrictions/bypass-fs-protections-read-only-no-exec-distroless/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: </details> {% endhint %} -<figure><img src=
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -134,7 +134,7 @@ However, in this kind of containers these protections will usually exist, but yo You can find **examples** on how to **exploit some RCE vulnerabilities** to get scripting languages **reverse shells** and execute binaries from memory in [**https://github.com/carlospolop/DistrolessRCE**](https://github.com/carlospolop/DistrolessRCE). -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md index 38b13f252..8739a87e9 100644 --- a/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md +++ b/macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-code-signing.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: Mach-o binaries contains a load command called **`LC_CODE_SIGNATURE`** that indicates the **offset** and **size** of the signatures inside the binary. Actually, using the GUI tool MachOView, it's possible to find at the end of the binary a section called **Code Signature** with this information: -<figure><img src=
+
The magic header of the Code Signature is **`0xFADE0CC0`**. Then you have information such as the length and the number of blobs of the superBlob that contains them.\ It's possible to find this information in the [source code here](https://github.com/apple-oss-distributions/xnu/blob/94d3b452840153a99b38a3a9659680b2a006908e/osfmk/kern/cs\_blobs.h#L276): diff --git a/network-services-pentesting/pentesting-snmp/README.md b/network-services-pentesting/pentesting-snmp/README.md index 3a3f75cef..acf7e2d78 100644 --- a/network-services-pentesting/pentesting-snmp/README.md +++ b/network-services-pentesting/pentesting-snmp/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -261,7 +261,7 @@ If there is an ACL that only allows some IPs to query the SMNP service, you can * snmpd.conf * snmp-config.xml -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/network-services-pentesting/pentesting-snmp/cisco-snmp.md b/network-services-pentesting/pentesting-snmp/cisco-snmp.md index a134683f8..802c57faa 100644 --- a/network-services-pentesting/pentesting-snmp/cisco-snmp.md +++ b/network-services-pentesting/pentesting-snmp/cisco-snmp.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -56,7 +56,7 @@ msf6 auxiliary(scanner/snmp/snmp_enum) > exploit * [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/network-services-pentesting/pentesting-vnc.md b/network-services-pentesting/pentesting-vnc.md index 7fe131f28..1ad2322e3 100644 --- a/network-services-pentesting/pentesting-vnc.md +++ b/network-services-pentesting/pentesting-vnc.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -68,7 +68,7 @@ I save the tool here also for ease of access: * `port:5900 RFB` -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/network-services-pentesting/pentesting-web/drupal/drupal-rce.md b/network-services-pentesting/pentesting-web/drupal/drupal-rce.md index 14f8de506..ea6429ce7 100644 --- a/network-services-pentesting/pentesting-web/drupal/drupal-rce.md +++ b/network-services-pentesting/pentesting-web/drupal/drupal-rce.md @@ -107,7 +107,7 @@ Before activation: After activation: -
+
diff --git a/network-services-pentesting/pentesting-web/jira.md b/network-services-pentesting/pentesting-web/jira.md index 5b5a02bb3..04a0bb918 100644 --- a/network-services-pentesting/pentesting-web/jira.md +++ b/network-services-pentesting/pentesting-web/jira.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -135,7 +135,7 @@ These are some of the actions a malicious plugin could perform: -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/pentesting-web/file-upload/README.md b/pentesting-web/file-upload/README.md index 1b9395cd0..2874228c5 100644 --- a/pentesting-web/file-upload/README.md +++ b/pentesting-web/file-upload/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -341,7 +341,7 @@ More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-frie * [https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/](https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/) * [https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a](https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/pentesting-web/hacking-jwt-json-web-tokens.md b/pentesting-web/hacking-jwt-json-web-tokens.md index f5b0b4459..10fedbb72 100644 --- a/pentesting-web/hacking-jwt-json-web-tokens.md +++ b/pentesting-web/hacking-jwt-json-web-tokens.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -282,7 +282,7 @@ The token's expiry is checked using the "exp" Payload claim. Given that JWTs are {% embed url="https://github.com/ticarpi/jwt_tool" %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/pentesting-web/ldap-injection.md b/pentesting-web/ldap-injection.md index 07a9abbe3..0061c356e 100644 --- a/pentesting-web/ldap-injection.md +++ b/pentesting-web/ldap-injection.md @@ -17,7 +17,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -236,7 +236,7 @@ intitle:"phpLDAPadmin" inurl:cmd.php {% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/LDAP%20Injection" %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/pentesting-web/sql-injection/postgresql-injection/README.md b/pentesting-web/sql-injection/postgresql-injection/README.md index 1e3e27f79..3871edd21 100644 --- a/pentesting-web/sql-injection/postgresql-injection/README.md +++ b/pentesting-web/sql-injection/postgresql-injection/README.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: </details> {% endhint %} -<figure><img src=
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -107,7 +107,7 @@ SELECT $$hacktricks$$; SELECT $TAG$hacktricks$TAG$; ``` -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/pentesting-web/ssti-server-side-template-injection/README.md b/pentesting-web/ssti-server-side-template-injection/README.md index f10f71bd4..b22ac4fcb 100644 --- a/pentesting-web/ssti-server-side-template-injection/README.md +++ b/pentesting-web/ssti-server-side-template-injection/README.md @@ -811,9 +811,9 @@ home = pugjs.render(injected_page) ### Other NodeJS -

https://miro.medium.com/v2/resize:fit:640/format:webp/1*J4gQBzN8Gbj0CkgSLLhigQ.jpeg

+

https://miro.medium.com/v2/resize:fit:640/format:webp/1*J4gQBzN8Gbj0CkgSLLhigQ.jpeg

-

https://miro.medium.com/v2/resize:fit:640/format:webp/1*jj_-oBi3gZ6UNTvkBogA6Q.jpeg

+

https://miro.medium.com/v2/resize:fit:640/format:webp/1*jj_-oBi3gZ6UNTvkBogA6Q.jpeg

* More info in [https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756](https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756) diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md index cfd35f086..0422b41a8 100644 --- a/pentesting-web/xss-cross-site-scripting/README.md +++ b/pentesting-web/xss-cross-site-scripting/README.md @@ -1,6 +1,6 @@ # XSS (Cross Site Scripting) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -1574,7 +1574,7 @@ Find **more SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](ht * [https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec](https://gist.github.com/rvrsh3ll/09a8b933291f9f98e8ec) * [https://netsec.expert/2020/02/01/xss-in-2020.html](https://netsec.expert/2020/02/01/xss-in-2020.html) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). diff --git a/todo/llm-training-data-preparation/0.-basic-llm-concepts.md b/todo/llm-training-data-preparation/0.-basic-llm-concepts.md index c39110056..82bd54577 100644 --- a/todo/llm-training-data-preparation/0.-basic-llm-concepts.md +++ b/todo/llm-training-data-preparation/0.-basic-llm-concepts.md @@ -140,7 +140,7 @@ At the heart of automatic differentiation is the **chain rule** from calculus. T Mathematically, if `y=f(u)` and `u=g(x)`, then the derivative of `y` with respect to `x` is: -
+
**2. Computational Graph** @@ -150,7 +150,7 @@ In AD, computations are represented as nodes in a **computational graph**, where Let's consider a simple function: -
+
Where: diff --git a/todo/llm-training-data-preparation/4.-attention-mechanisms.md b/todo/llm-training-data-preparation/4.-attention-mechanisms.md index c2ebcf824..0b05139a1 100644 --- a/todo/llm-training-data-preparation/4.-attention-mechanisms.md +++ b/todo/llm-training-data-preparation/4.-attention-mechanisms.md @@ -51,7 +51,7 @@ For each word in the sentence, compute the **attention score** with respect to " **Attention Score between "shiny" and "shiny"** -
+
**Attention Score between "sun" and "shiny"** diff --git a/windows-hardening/av-bypass.md b/windows-hardening/av-bypass.md index 391c7af5c..c8be99380 100644 --- a/windows-hardening/av-bypass.md +++ b/windows-hardening/av-bypass.md @@ -15,7 +15,7 @@ Learn & practice GCP Hacking: {% endhint %} -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). @@ -599,7 +599,7 @@ https://github.com/praetorian-code/vulcan * [https://github.com/persianhydra/Xeexe-TopAntivirusEvasion](https://github.com/persianhydra/Xeexe-TopAntivirusEvasion) -
+
If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).