Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 5 pages and 8 assets modified

Browse source
This commit is contained in:
CPol 2021-01-18 14:15:45 +00:00 committed by gitbook-bot
parent 2410f95b66
commit 77d3e6535d
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
9 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (1).png → .gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 93 KiB

After

Width:  |  Height:  |  Size: 93 KiB

0
.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2).png → .gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 93 KiB

After

Width:  |  Height:  |  Size: 93 KiB

0
.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (1).png → .gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2).png → .gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

2
1911-pentesting-fox.md
View file

@ -10,7 +10,7 @@ dht udp "DHT Nodes"
![](.gitbook/assets/image%20%28182%29.png) ![](.gitbook/assets/image%20%28182%29.png)
![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png) ![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
InfluxDB InfluxDB

2
linux-unix/privilege-escalation/README.md
View file

@ -1083,7 +1083,7 @@ screen -ls
**Attach to a session** **Attach to a session**
```bash ```bash
screen -dr <session> #The -d is to detacche whoeevr is attached to it screen -dr <session> #The -d is to detacche whoever is attached to it
screen -dr 3350.foo #In the example of the image screen -dr 3350.foo #In the example of the image
``` ```

2
misc/basic-python/bypass-python-sandboxes.md
View file

@ -301,7 +301,7 @@ dis.dis('d\x01\x00}\x01\x00d\x02\x00}\x02\x00d\x03\x00d\x04\x00g\x02\x00}\x03\x0
* [https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/](https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/) * [https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/](https://ctf-wiki.github.io/ctf-wiki/pwn/linux/sandbox/python-sandbox-escape/)
* [https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/](https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/) * [https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/](https://blog.delroth.net/2013/03/escaping-a-python-sandbox-ndh-2013-quals-writeup/)
* [https://gynvael.coldwind.pl/n/python\_sandbox\_escape](https://gynvael.coldwind.pl/n/python_sandbox_escape) * [https://gynvael.coldwind.pl/n/python\_sandbox\_escape](https://gynvael.coldwind.pl/n/python_sandbox_escape)
* [https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html) * [https://nedbatchelder.com/blog/201206/eval\_really\_is\_dangerous.html](https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html)
\*\*\*\* \*\*\*\*

2
pentesting-web/formula-injection.md
View file

@ -41,5 +41,5 @@ The good news is that **this payload is executed automatically when the file is
It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`** It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`**
![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png) ![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)

4
reset-password.md
View file

@ -1,4 +1,4 @@
# Reset/Forgotten Password Bypass # Reset/Forgoten Password Bypass
## HTTP Headers ## HTTP Headers
@ -7,7 +7,7 @@ Sometimes in order to reset a password you contact an api endpoint and **send th
![](.gitbook/assets/1_6qc-agcjyzwmf8rgnvr_eg.png) ![](.gitbook/assets/1_6qc-agcjyzwmf8rgnvr_eg.png)
The back-end may take the information present in the **Host header** and use it for the link where the token to reset the password is going to be sent. The back-end may take the information present in the **Host header** and use it for the link where the token to reset the password is going to be sent.
For example, in this case if could send the reset password email to _something@gmail.com_ and set the token link to _https://bing.com/resetpasswd?token=12348rhfblrihvkurewfwu23_ For example, in this case if could send the reset password email to _something@gmail.com_ and set the token link to [https://bing.com/resetpasswd?token=12348rhfblrihvkurewfwu23](https://bing.com/resetpasswd?token=12348rhfblrihvkurewfwu23)
Example from [https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491](https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491) Example from [https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491](https://medium.com/@abhishake100/password-reset-poisoning-to-ato-and-otp-bypass-1a3b0eba5491)