GitBook: [master] 3 pages and 2 assets modified

mobile-apps-pentesting/android-app-pentesting/README.md

@@ -97,7 +97,7 @@ In this case you could try to abuse the functionality creating a web with the fo
 
 In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
 
-![](../../.gitbook/assets/image%20%28436%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28436%29%20%281%29%20%281%29.png)
 
 Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links).
 
@@ -455,7 +455,7 @@ _Note that you can **omit the package name** and the mobile will automatically c
 
 In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
 
-![](../../.gitbook/assets/image%20%28436%29.png)
+![](../../.gitbook/assets/image%20%28436%29%20%281%29.png)
 
 #### Sensitive info
 

pentesting-web/file-upload/README.md

@@ -39,7 +39,7 @@ Other useful extensions:
 5. Add **another layer of extensions** to the previous check:
    * _file.png.jpg.php_
    * _file.php%00.png%00.jpg_
-6. Try to put the **exec extension before the valid extension** and pray so the server is misconfigured. ****\(useful to exploit Apache misconfigurations where anything with extension _.php_, but **not necessarily ending in .php** will execute code\):
+6. Try to put the **exec extension before the valid extension** and pray so the server is misconfigured. **\*\*\(useful to exploit Apache misconfigurations where anything with extension** _**.php**_**, but** not necessarily ending in .php\*\* will execute code\):
    * _ex: file.php.png_
 7. Using **NTFS alternate data stream \(ADS\)** in **Windows**. In this case, a colon character “:” will be inserted after a forbidden extension and before a permitted one. As a result, an **empty file with the forbidden extension** will be created on the server \(e.g. “file.asax:.jpg”\). This file might be edited later using other techniques such as using its short filename. The “**::$data**” pattern can also be used to create non-empty files. Therefore, adding a dot character after this pattern might also be useful to bypass further restrictions \(.e.g. “file.asp::$data.”\)
 
@@ -65,7 +65,7 @@ Other useful extensions:
 ### Special extension tricks
 
 If you are trying to upload files to a **PHP server**, [take a look at the **.htaccess** trick to execute code](https://book.hacktricks.xyz/pentesting/pentesting-web/php-tricks-esp#code-execution-via-httaccess).  
-If you are  trying to upload files to an **ASP server**, [take a look at the **.config** trick to execute code](../../pentesting/pentesting-web/iis-internet-information-services.md#execute-config-files).
+If you are trying to upload files to an **ASP server**, [take a look at the **.config** trick to execute code](../../pentesting/pentesting-web/iis-internet-information-services.md#execute-config-files).
 
 The `.phar` files are like the `.jar` for java, but for php, and can be **used like a php file** \(executing it with php, or including it inside a script...\)
 
@@ -122,7 +122,7 @@ Note that **another option** you may be thinking of to bypass this check is to m
 * [**XXE and CORS** bypass with PDF-Adobe upload](pdf-upload-xxe-and-cors-bypass.md)
 * Specially crafted PDFs to XSS: The [following page present how to **inject PDF data to obtain JS execution**](../xss-cross-site-scripting/pdf-injection.md). If you can upload PDFs you could prepare some PDF that will execute arbitrary JS following the given indications.
 
-Here’s a top 10 list of things that you can achieve by uploading \(from  [link](https://twitter.com/SalahHasoneh1/status/1281274120395685889)\):
+Here’s a top 10 list of things that you can achieve by uploading \(from [link](https://twitter.com/SalahHasoneh1/status/1281274120395685889)\):
 
 1. **ASP / ASPX / PHP5 / PHP / PHP3**: Webshell / RCE
 2. **SVG**: Stored XSS / SSRF / XXE
@@ -192,7 +192,7 @@ if(isset($_REQUEST['cmd'])){
 }?>
 ```
 
-2. Use “file spraying” and create a compressed zip file:
+1. Use “file spraying” and create a compressed zip file:
 
 ```text
 root@s2crew:/tmp# for i in `seq 1 10`;do FILE=$FILE"xxA"; cp simple-backdoor.php $FILE"cmd.php";done
@@ -257,5 +257,3 @@ This helps to upload a file that complins with the format of several different f
 
 More information in: [https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a](https://medium.com/swlh/polyglot-files-a-hackers-best-friend-850bf812dd8a)
 
-
-

pentesting-web/sql-injection/postgresql-injection/README.md

@@ -1,21 +1,21 @@
 # PostgreSQL injection
 
-**This page aims to explain different tricks that could help you to exploit a SQLinjection found in a postgresql database and to compliment the tricks you can find on** [**https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md**](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md)\*\*\*\*
+**This page aims to explain different tricks that could help you to exploit a SQLinjection found in a postgresql database and to compliment the tricks you can find on** [**https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md**](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/PostgreSQL%20Injection.md)
 
 ## Network Interaction - Privilege Escalation, Port Scanner, NTLM challenge response disclosure & Exfiltration
 
 **`dblink`** is a **PostgreSQL module** that offers several interesting options from the attacker point of view. It can be used to **connect to other PostgreSQL instances** of perform **TCP connections**.  
 **These functionalities** along with the **`COPY FROM`** functionality can be used to **escalate privileges**, perform **port scanning** or grab **NTLM challenge responses**.  
-[**You can read here how to perform these attacked.**](network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md)\*\*\*\*
+[**You can read here how to perform these attacked.**](network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md)
 
 ### **Exfiltration example using dblink and large objects**
 
-You can [**read this example**](dblink-lo_import-data-exfiltration.md) ****to see a CTF example of **how to load data inside large objects and then exfiltrate the content of large objects inside the username** of the function `dblink_connect`.
+You can [**read this example**](dblink-lo_import-data-exfiltration.md) **\*\*to see a CTF example of** how to load data inside large objects and then exfiltrate the content of large objects inside the username\*\* of the function `dblink_connect`.
 
 ## PL/pgSQL password bruteforce
 
 PL/pgSQL, as a **fully featured programming language**, allows much more procedural control than SQL, including the **ability to use loops and other control structures**. SQL statements and triggers can call functions created in the PL/pgSQL language.  
-**You can abuse this language in order to ask PostgreSQL to brute-force the users credentials.** [**Read this to learn how.**](pl-pgsql-password-bruteforce.md)\*\*\*\*
+**You can abuse this language in order to ask PostgreSQL to brute-force the users credentials.** [**Read this to learn how.**](pl-pgsql-password-bruteforce.md)
 
 ## File-system actions
 
@@ -40,7 +40,7 @@ A very important limitation of this technique is that **`copy` cannot be used to
 ### **Binary files upload**
 
 However, there are **other techniques to upload big binary files**.  
-[**Read this page to learn how to do it.**](big-binary-files-upload-postgresql.md)\*\*\*\*
+[**Read this page to learn how to do it.**](big-binary-files-upload-postgresql.md)
 
 ## RCE
 
@@ -67,7 +67,7 @@ More information about this vulnerability [**here**](https://medium.com/greenwol
 ### RCE with PostgreSQL extensions
 
 Once you have **learned** from the previous post **how to upload binary files** you could try obtain **RCE uploading a postgresql extension and loading it**.  
-[**Lear how to abuse this functionality reading this post.**](rce-with-postgresql-extensions.md)\*\*\*\*
+[**Lear how to abuse this functionality reading this post.**](rce-with-postgresql-extensions.md)
 
 ### PostgreSQL configuration file RCE