Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4180: change request with no subject merged in GitBook

Browse source
This commit is contained in:
CPol 2023-12-05 11:51:09 +00:00 committed by gitbook-bot
parent 81005f76c9
commit 5fc9f17db4
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -77,8 +77,6 @@ Intruder never rests. Round-the-clock protection monitors your systems 24/7. Wan
<figure><img src=".gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1) (3) (1).png" alt=""><figcaption></figcaption></figure>
Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to communicate with experienced hackers and bug bounty hunters!
**Hacking Insights**\
@ -92,6 +90,8 @@ Stay informed with the newest bug bounties launching and crucial platform update
**Join us on** [**Discord**](https://discord.com/invite/N3FrSbmwdy) and start collaborating with top hackers today!
***
### [WebSec](https://websec.nl/)
<figure><img src=".gitbook/assets/websec (1).svg" alt=""><figcaption></figcaption></figure>

2
macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection.md
View file

@ -207,6 +207,8 @@ ws.send('{\"id\": 1, \"method\": \"Network.getAllCookies\"}')
print(ws.recv()
```
In [**this blogpost**](https://hackerone.com/reports/1274695), this debugging is abused to make a headless chrome **download arbitrary files in arbitrary locations**.
### Injection from the App Plist
You could abuse this env variable in a plist to maintain persistence adding these keys: