diff --git a/SUMMARY.md b/SUMMARY.md index 19fdcc8d9..21bcb5dd9 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -136,630 +136,3 @@ * [PAM - Pluggable Authentication Modules](linux-hardening/linux-post-exploitation/pam-pluggable-authentication-modules.md) * [FreeIPA Pentesting](linux-hardening/freeipa-pentesting.md) -## ๐Ÿ MacOS Hardening - -* [macOS Security & Privilege Escalation](macos-hardening/macos-security-and-privilege-escalation/README.md) - * [macOS Apps - Inspecting, debugging and Fuzzing](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/README.md) - * [Introduction to ARM64](macos-hardening/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing/arm64-basic-assembly.md) - * [macOS AppleFS](macos-hardening/macos-security-and-privilege-escalation/macos-applefs.md) - * [macOS Kernel](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/README.md) - * [macOS Kernel Extensions](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-kernel-extensions.md) - * [macOS MDM](macos-hardening/macos-security-and-privilege-escalation/macos-mdm/README.md) - * [Enrolling Devices in Other Organisations](macos-hardening/macos-security-and-privilege-escalation/macos-mdm/enrolling-devices-in-other-organisations.md) - * [macOS Serial Number](macos-hardening/macos-security-and-privilege-escalation/macos-mdm/macos-serial-number.md) - * [macOS Network Services & Protocols](macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md) - * [macOS File Extension Apps](macos-hardening/macos-security-and-privilege-escalation/macos-file-extension-apps.md) - * [macOS Files, Folders, Binaries & Memory](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/README.md) - * [macOS Bundles](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-bundles.md) - * [macOS Memory Dumping](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-memory-dumping.md) - * [macOS Sensitive Locations](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/macos-sensitive-locations.md) - * [macOS Universal binaries & Mach-O Format](macos-hardening/macos-security-and-privilege-escalation/macos-files-folders-and-binaries/universal-binaries-and-mach-o-format.md) - * [macOS Objective-C](macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md) - * [macOS Proces Abuse](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/README.md) - * [macOS IPC - Inter Process Communication](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md) - * [macOS XPC Connecting Process Check](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-xpc-connecting-process-check.md) - * [macOS PID Reuse](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-pid-reuse.md) - * [macOS XPC Authorization](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/macos-xpc-authorization.md) - * [macOS Function Hooking](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-function-hooking.md) - * [macOS Library Injection](macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-library-injection/README.md) - * [macOS Dyld Hijacking & DYLD\_INSERT\_LIBRARIES](macos-hardening/macos-security-and-privilege-escalation/macos-dyld-hijacking-and-dyld\_insert\_libraries.md) - * [macOS Security Protections](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/README.md) - * [macOS SIP](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sip.md) - * [macOS Sandbox](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/README.md) - * [macOS Sandbox Debug & Bypass](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-sandbox/macos-sandbox-debug-and-bypass.md) - * [macOS TCC](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/README.md) - * [macOS Apple Scripts](macos-hardening/macos-security-and-privilege-escalation/macos-security-protections/macos-tcc/macos-apple-scripts.md) - * [macOS Users](macos-hardening/macos-security-and-privilege-escalation/macos-users.md) -* [macOS Red Teaming](macos-hardening/macos-security-and-privilege-escalation/macos-red-teaming.md) -* [macOS Useful Commands](macos-hardening/macos-useful-commands.md) -* [macOS Auto Start Locations](macos-hardening/macos-auto-start-locations.md) - -## ๐ŸชŸ Windows Hardening - -* [Checklist - Local Windows Privilege Escalation](windows-hardening/checklist-windows-privilege-escalation.md) -* [Windows Local Privilege Escalation](windows-hardening/windows-local-privilege-escalation/README.md) - * [Abusing Tokens](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md) - * [Abuse SeLoadDriverPrivilege](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/abuse-seloaddriverprivilege.md) - * [Access Tokens](windows-hardening/windows-local-privilege-escalation/access-tokens.md) - * [ACLs - DACLs/SACLs/ACEs](windows-hardening/windows-local-privilege-escalation/acls-dacls-sacls-aces.md) - * [AppendData/AddSubdirectory permission over service registry](windows-hardening/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md) - * [Create MSI with WIX](windows-hardening/windows-local-privilege-escalation/create-msi-with-wix.md) - * [COM Hijacking](windows-hardening/windows-local-privilege-escalation/com-hijacking.md) - * [Dll Hijacking](windows-hardening/windows-local-privilege-escalation/dll-hijacking.md) - * [Writable Sys Path +Dll Hijacking Privesc](windows-hardening/windows-local-privilege-escalation/dll-hijacking/writable-sys-path-+dll-hijacking-privesc.md) - * [DPAPI - Extracting Passwords](windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords.md) - * [From High Integrity to SYSTEM with Name Pipes](windows-hardening/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md) - * [Integrity Levels](windows-hardening/windows-local-privilege-escalation/integrity-levels.md) - * [JAWS](windows-hardening/windows-local-privilege-escalation/jaws.md) - * [JuicyPotato](windows-hardening/windows-local-privilege-escalation/juicypotato.md) - * [Leaked Handle Exploitation](windows-hardening/windows-local-privilege-escalation/leaked-handle-exploitation.md) - * [MSI Wrapper](windows-hardening/windows-local-privilege-escalation/msi-wrapper.md) - * [Named Pipe Client Impersonation](windows-hardening/windows-local-privilege-escalation/named-pipe-client-impersonation.md) - * [PowerUp](windows-hardening/windows-local-privilege-escalation/powerup.md) - * [Privilege Escalation with Autoruns](windows-hardening/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md) - * [RoguePotato, PrintSpoofer, SharpEfsPotato, GodPotato](windows-hardening/windows-local-privilege-escalation/roguepotato-and-printspoofer.md) - * [RottenPotato](windows-hardening/windows-local-privilege-escalation/rottenpotato.md) - * [Seatbelt](windows-hardening/windows-local-privilege-escalation/seatbelt.md) - * [SeDebug + SeImpersonate copy token](windows-hardening/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md) - * [SeImpersonate from High To System](windows-hardening/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md) - * [Windows C Payloads](windows-hardening/windows-local-privilege-escalation/windows-c-payloads.md) -* [Active Directory Methodology](windows-hardening/active-directory-methodology/README.md) - * [Abusing Active Directory ACLs/ACEs](windows-hardening/active-directory-methodology/acl-persistence-abuse/README.md) - * [Shadow Credentials](windows-hardening/active-directory-methodology/acl-persistence-abuse/shadow-credentials.md) - * [AD Certificates](windows-hardening/active-directory-methodology/ad-certificates.md) - * [AD CS Account Persistence](windows-hardening/active-directory-methodology/ad-certificates/account-persistence.md) - * [AD CS Domain Escalation](windows-hardening/active-directory-methodology/ad-certificates/domain-escalation.md) - * [AD CS Domain Persistence](windows-hardening/active-directory-methodology/ad-certificates/domain-persistence.md) - * [AD CS Certificate Theft](windows-hardening/active-directory-methodology/ad-certificates/certificate-theft.md) - * [AD information in printers](windows-hardening/active-directory-methodology/ad-information-in-printers.md) - * [AD DNS Records](windows-hardening/active-directory-methodology/ad-dns-records.md) - * [ASREPRoast](windows-hardening/active-directory-methodology/asreproast.md) - * [BloodHound & Other AD Enum Tools](windows-hardening/active-directory-methodology/bloodhound.md) - * [Constrained Delegation](windows-hardening/active-directory-methodology/constrained-delegation.md) - * [Custom SSP](windows-hardening/active-directory-methodology/custom-ssp.md) - * [DCShadow](windows-hardening/active-directory-methodology/dcshadow.md) - * [DCSync](windows-hardening/active-directory-methodology/dcsync.md) - * [Diamond Ticket](windows-hardening/active-directory-methodology/diamond-ticket.md) - * [DSRM Credentials](windows-hardening/active-directory-methodology/dsrm-credentials.md) - * [External Forest Domain - OneWay (Inbound) or bidirectional](windows-hardening/active-directory-methodology/external-forest-domain-oneway-inbound.md) - * [External Forest Domain - One-Way (Outbound)](windows-hardening/active-directory-methodology/external-forest-domain-one-way-outbound.md) - * [Golden Ticket](windows-hardening/active-directory-methodology/golden-ticket.md) - * [Kerberoast](windows-hardening/active-directory-methodology/kerberoast.md) - * [Kerberos Authentication](windows-hardening/active-directory-methodology/kerberos-authentication.md) - * [Kerberos Double Hop Problem](windows-hardening/active-directory-methodology/kerberos-double-hop-problem.md) - * [LAPS](windows-hardening/active-directory-methodology/laps.md) - * [MSSQL AD Abuse](windows-hardening/active-directory-methodology/abusing-ad-mssql.md) - * [Over Pass the Hash/Pass the Key](windows-hardening/active-directory-methodology/over-pass-the-hash-pass-the-key.md) - * [Pass the Ticket](windows-hardening/active-directory-methodology/pass-the-ticket.md) - * [Password Spraying](windows-hardening/active-directory-methodology/password-spraying.md) - * [PrintNightmare](windows-hardening/active-directory-methodology/printnightmare.md) - * [Force NTLM Privileged Authentication](windows-hardening/active-directory-methodology/printers-spooler-service-abuse.md) - * [Privileged Groups](windows-hardening/active-directory-methodology/privileged-groups-and-token-privileges.md) - * [RDP Sessions Abuse](windows-hardening/active-directory-methodology/rdp-sessions-abuse.md) - * [Resource-based Constrained Delegation](windows-hardening/active-directory-methodology/resource-based-constrained-delegation.md) - * [Security Descriptors](windows-hardening/active-directory-methodology/security-descriptors.md) - * [SID-History Injection](windows-hardening/active-directory-methodology/sid-history-injection.md) - * [Silver Ticket](windows-hardening/active-directory-methodology/silver-ticket.md) - * [Skeleton Key](windows-hardening/active-directory-methodology/skeleton-key.md) - * [Unconstrained Delegation](windows-hardening/active-directory-methodology/unconstrained-delegation.md) -* [Windows Security Controls](windows-hardening/authentication-credentials-uac-and-efs.md) - * [UAC - User Account Control](windows-hardening/windows-security-controls/uac-user-account-control.md) -* [NTLM](windows-hardening/ntlm/README.md) - * [Places to steal NTLM creds](windows-hardening/ntlm/places-to-steal-ntlm-creds.md) -* [Lateral Movement](windows-hardening/lateral-movement/README.md) - * [AtExec / SchtasksExec](windows-hardening/ntlm/atexec.md) - * [DCOM Exec](windows-hardening/lateral-movement/dcom-exec.md) - * [PsExec/Winexec/ScExec](windows-hardening/ntlm/psexec-and-winexec.md) - * [SmbExec/ScExec](windows-hardening/ntlm/smbexec.md) - * [WinRM](windows-hardening/ntlm/winrm.md) - * [WmicExec](windows-hardening/ntlm/wmicexec.md) -* [Pivoting to the Cloud](https://cloud.hacktricks.xyz/pentesting-cloud/azure-security/az-lateral-movements) -* [Stealing Windows Credentials](windows-hardening/stealing-credentials/README.md) - * [Windows Credentials Protections](windows-hardening/stealing-credentials/credentials-protections.md) - * [Mimikatz](windows-hardening/stealing-credentials/credentials-mimikatz.md) -* [Basic Win CMD for Pentesters](windows-hardening/basic-cmd-for-pentesters.md) -* [Basic PowerShell for Pentesters](windows-hardening/basic-powershell-for-pentesters/README.md) - * [PowerView/SharpView](windows-hardening/basic-powershell-for-pentesters/powerview.md) -* [Antivirus (AV) Bypass](windows-hardening/av-bypass.md) - -## ๐Ÿ“ฑ Mobile Pentesting - -* [Android APK Checklist](mobile-pentesting/android-checklist.md) -* [Android Applications Pentesting](mobile-pentesting/android-app-pentesting/README.md) - * [Android Applications Basics](mobile-pentesting/android-app-pentesting/android-applications-basics.md) - * [Android Task Hijacking](mobile-pentesting/android-app-pentesting/android-task-hijacking.md) - * [ADB Commands](mobile-pentesting/android-app-pentesting/adb-commands.md) - * [APK decompilers](mobile-pentesting/android-app-pentesting/apk-decompilers.md) - * [AVD - Android Virtual Device](mobile-pentesting/android-app-pentesting/avd-android-virtual-device.md) - * [Burp Suite Configuration for Android](mobile-pentesting/android-app-pentesting/android-burp-suite-settings.md) - * [Bypass Biometric Authentication (Android)](mobile-pentesting/android-app-pentesting/bypass-biometric-authentication-android.md) - * [content:// protocol](mobile-pentesting/android-app-pentesting/content-protocol.md) - * [Drozer Tutorial](mobile-pentesting/android-app-pentesting/drozer-tutorial/README.md) - * [Exploiting Content Providers](mobile-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md) - * [Exploiting a debuggeable applciation](mobile-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md) - * [Frida Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/README.md) - * [Frida Tutorial 1](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md) - * [Frida Tutorial 2](mobile-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md) - * [Frida Tutorial 3](mobile-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md) - * [Objection Tutorial](mobile-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md) - * [Google CTF 2018 - Shall We Play a Game?](mobile-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md) - * [Inspeckage Tutorial](mobile-pentesting/android-app-pentesting/inspeckage-tutorial.md) - * [Intent Injection](mobile-pentesting/android-app-pentesting/intent-injection.md) - * [Make APK Accept CA Certificate](mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md) - * [Manual DeObfuscation](mobile-pentesting/android-app-pentesting/manual-deobfuscation.md) - * [React Native Application](mobile-pentesting/android-app-pentesting/react-native-application.md) - * [Reversing Native Libraries](mobile-pentesting/android-app-pentesting/reversing-native-libraries.md) - * [Smali - Decompiling/\[Modifying\]/Compiling](mobile-pentesting/android-app-pentesting/smali-changes.md) - * [Spoofing your location in Play Store](mobile-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md) - * [Webview Attacks](mobile-pentesting/android-app-pentesting/webview-attacks.md) -* [iOS Pentesting Checklist](mobile-pentesting/ios-pentesting-checklist.md) -* [iOS Pentesting](mobile-pentesting/ios-pentesting/README.md) - * [Basic iOS Testing Operations](mobile-pentesting/ios-pentesting/basic-ios-testing-operations.md) - * [Burp Suite Configuration for iOS](mobile-pentesting/ios-pentesting/burp-configuration-for-ios.md) - * [Extracting Entitlements From Compiled Application](mobile-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md) - * [Frida Configuration in iOS](mobile-pentesting/ios-pentesting/frida-configuration-in-ios.md) - * [iOS App Extensions](mobile-pentesting/ios-pentesting/ios-app-extensions.md) - * [iOS Basics](mobile-pentesting/ios-pentesting/ios-basics.md) - * [iOS Custom URI Handlers / Deeplinks / Custom Schemes](mobile-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md) - * [iOS Hooking With Objection](mobile-pentesting/ios-pentesting/ios-hooking-with-objection.md) - * [iOS Protocol Handlers](mobile-pentesting/ios-pentesting/ios-protocol-handlers.md) - * [iOS Serialisation and Encoding](mobile-pentesting/ios-pentesting/ios-serialisation-and-encoding.md) - * [iOS Testing Environment](mobile-pentesting/ios-pentesting/ios-testing-environment.md) - * [iOS UIActivity Sharing](mobile-pentesting/ios-pentesting/ios-uiactivity-sharing.md) - * [iOS Universal Links](mobile-pentesting/ios-pentesting/ios-universal-links.md) - * [iOS UIPasteboard](mobile-pentesting/ios-pentesting/ios-uipasteboard.md) - * [iOS WebViews](mobile-pentesting/ios-pentesting/ios-webviews.md) - -## ๐Ÿ‘ฝ Network Services Pentesting - -* [Pentesting JDWP - Java Debug Wire Protocol](network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md) -* [Pentesting Printers](network-services-pentesting/pentesting-printers/README.md) - * [Accounting bypass](network-services-pentesting/pentesting-printers/accounting-bypass.md) - * [Buffer Overflows](network-services-pentesting/pentesting-printers/buffer-overflows.md) - * [Credentials Disclosure / Brute-Force](network-services-pentesting/pentesting-printers/credentials-disclosure-brute-force.md) - * [Cross-Site Printing](network-services-pentesting/pentesting-printers/cross-site-printing.md) - * [Document Processing](network-services-pentesting/pentesting-printers/document-processing.md) - * [Factory Defaults](network-services-pentesting/pentesting-printers/factory-defaults.md) - * [File system access](network-services-pentesting/pentesting-printers/file-system-access.md) - * [Firmware updates](network-services-pentesting/pentesting-printers/firmware-updates.md) - * [Memory Access](network-services-pentesting/pentesting-printers/memory-access.md) - * [Physical Damage](network-services-pentesting/pentesting-printers/physical-damage.md) - * [Software packages](network-services-pentesting/pentesting-printers/software-packages.md) - * [Transmission channel](network-services-pentesting/pentesting-printers/transmission-channel.md) - * [Print job manipulation](network-services-pentesting/pentesting-printers/print-job-manipulation.md) - * [Print Job Retention](network-services-pentesting/pentesting-printers/print-job-retention.md) - * [Scanner and Fax](network-services-pentesting/pentesting-printers/scanner-and-fax.md) -* [Pentesting SAP](network-services-pentesting/pentesting-sap.md) -* [Pentesting VoIP](network-services-pentesting/pentesting-voip/README.md) - * [Basic VoIP Protocols](network-services-pentesting/pentesting-voip/basic-voip-protocols/README.md) - * [SIP (Session Initiation Protocol)](network-services-pentesting/pentesting-voip/basic-voip-protocols/sip-session-initiation-protocol.md) -* [Pentesting Remote GdbServer](network-services-pentesting/pentesting-remote-gdbserver.md) -* [7/tcp/udp - Pentesting Echo](network-services-pentesting/7-tcp-udp-pentesting-echo.md) -* [21 - Pentesting FTP](network-services-pentesting/pentesting-ftp/README.md) - * [FTP Bounce attack - Scan](network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md) - * [FTP Bounce - Download 2ยบFTP file](network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md) -* [22 - Pentesting SSH/SFTP](network-services-pentesting/pentesting-ssh.md) -* [23 - Pentesting Telnet](network-services-pentesting/pentesting-telnet.md) -* [25,465,587 - Pentesting SMTP/s](network-services-pentesting/pentesting-smtp/README.md) - * [SMTP - Commands](network-services-pentesting/pentesting-smtp/smtp-commands.md) -* [43 - Pentesting WHOIS](network-services-pentesting/43-pentesting-whois.md) -* [49 - Pentesting TACACS+](network-services-pentesting/49-pentesting-tacacs+.md) -* [53 - Pentesting DNS](network-services-pentesting/pentesting-dns.md) -* [69/UDP TFTP/Bittorrent-tracker](network-services-pentesting/69-udp-tftp.md) -* [79 - Pentesting Finger](network-services-pentesting/pentesting-finger.md) -* [80,443 - Pentesting Web Methodology](network-services-pentesting/pentesting-web/README.md) - * [403 & 401 Bypasses](network-services-pentesting/pentesting-web/403-and-401-bypasses.md) - * [AEM - Adobe Experience Cloud](network-services-pentesting/pentesting-web/aem-adobe-experience-cloud.md) - * [Apache](network-services-pentesting/pentesting-web/apache.md) - * [Artifactory Hacking guide](network-services-pentesting/pentesting-web/artifactory-hacking-guide.md) - * [Bolt CMS](network-services-pentesting/pentesting-web/bolt-cms.md) - * [Buckets](network-services-pentesting/pentesting-web/buckets/README.md) - * [Firebase Database](network-services-pentesting/pentesting-web/buckets/firebase-database.md) - * [CGI](network-services-pentesting/pentesting-web/cgi.md) - * [Code Review Tools](network-services-pentesting/pentesting-web/code-review-tools.md) - * [DotNetNuke (DNN)](network-services-pentesting/pentesting-web/dotnetnuke-dnn.md) - * [Drupal](network-services-pentesting/pentesting-web/drupal.md) - * [Flask](network-services-pentesting/pentesting-web/flask.md) - * [NodeJS Express](network-services-pentesting/pentesting-web/nodejs-express.md) - * [Git](network-services-pentesting/pentesting-web/git.md) - * [Golang](network-services-pentesting/pentesting-web/golang.md) - * [Grafana](network-services-pentesting/pentesting-web/grafana.md) - * [GraphQL](network-services-pentesting/pentesting-web/graphql.md) - * [H2 - Java SQL database](network-services-pentesting/pentesting-web/h2-java-sql-database.md) - * [IIS - Internet Information Services](network-services-pentesting/pentesting-web/iis-internet-information-services.md) - * [ImageMagick Security](network-services-pentesting/pentesting-web/imagemagick-security.md) - * [JBOSS](network-services-pentesting/pentesting-web/jboss.md) - * [JIRA](network-services-pentesting/pentesting-web/jira.md) - * [Joomla](network-services-pentesting/pentesting-web/joomla.md) - * [JSP](network-services-pentesting/pentesting-web/jsp.md) - * [Laravel](network-services-pentesting/pentesting-web/laravel.md) - * [Moodle](network-services-pentesting/pentesting-web/moodle.md) - * [Nginx](network-services-pentesting/pentesting-web/nginx.md) - * [PHP Tricks](network-services-pentesting/pentesting-web/php-tricks-esp/README.md) - * [PHP - Useful Functions & disable\_functions/open\_basedir bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/README.md) - * [disable\_functions bypass - php-fpm/FastCGI](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md) - * [disable\_functions bypass - dl function](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-dl-function.md) - * [disable\_functions bypass - PHP 7.0-7.4 (\*nix only)](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-7.0-7.4-nix-only.md) - * [disable\_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md) - * [disable\_functions - PHP 5.x Shellshock Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.x-shellshock-exploit.md) - * [disable\_functions - PHP 5.2.4 ionCube extension Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.2.4-ioncube-extension-exploit.md) - * [disable\_functions bypass - PHP <= 5.2.9 on windows](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-less-than-5.2.9-on-windows.md) - * [disable\_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md) - * [disable\_functions bypass - PHP safe\_mode bypass via proc\_open() and custom environment Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-safe\_mode-bypass-via-proc\_open-and-custom-environment-exploit.md) - * [disable\_functions bypass - PHP Perl Extension Safe\_mode Bypass Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-perl-extension-safe\_mode-bypass-exploit.md) - * [disable\_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md) - * [disable\_functions bypass - PHP 5.2 - FOpen Exploit](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2-fopen-exploit.md) - * [disable\_functions bypass - via mem](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-via-mem.md) - * [disable\_functions bypass - mod\_cgi](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-mod\_cgi.md) - * [disable\_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl\_exec](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl\_exec.md) - * [PHP - RCE abusing object creation: new $\_GET\["a"\]($\_GET\["b"\])](network-services-pentesting/pentesting-web/php-tricks-esp/php-rce-abusing-object-creation-new-usd\_get-a-usd\_get-b.md) - * [PHP SSRF](network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md) - * [Python](network-services-pentesting/pentesting-web/python.md) - * [Rocket Chat](network-services-pentesting/pentesting-web/rocket-chat.md) - * [Special HTTP headers](network-services-pentesting/pentesting-web/special-http-headers.md) - * [Spring Actuators](network-services-pentesting/pentesting-web/spring-actuators.md) - * [Symfony](network-services-pentesting/pentesting-web/symphony.md) - * [Tomcat](network-services-pentesting/pentesting-web/tomcat.md) - * [Basic Tomcat Info](network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md) - * [Uncovering CloudFlare](network-services-pentesting/pentesting-web/uncovering-cloudflare.md) - * [VMWare (ESX, VCenter...)](network-services-pentesting/pentesting-web/vmware-esx-vcenter....md) - * [WAF Bypass](network-services-pentesting/pentesting-web/waf-bypass.md) - * [Web API Pentesting](network-services-pentesting/pentesting-web/web-api-pentesting.md) - * [WebDav](network-services-pentesting/pentesting-web/put-method-webdav.md) - * [Werkzeug / Flask Debug](network-services-pentesting/pentesting-web/werkzeug.md) - * [Wordpress](network-services-pentesting/pentesting-web/wordpress.md) - * [XSS to RCE Electron Desktop Apps](network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/README.md) - * [Electron contextIsolation RCE via preload code](network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/electron-contextisolation-rce-via-preload-code.md) - * [Electron contextIsolation RCE via Electron internal code](network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/electron-contextisolation-rce-via-electron-internal-code.md) - * [Electron contextIsolation RCE via IPC](network-services-pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/electron-contextisolation-rce-via-ipc.md) -* [88tcp/udp - Pentesting Kerberos](network-services-pentesting/pentesting-kerberos-88/README.md) - * [Harvesting tickets from Windows](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md) - * [Harvesting tickets from Linux](network-services-pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md) -* [110,995 - Pentesting POP](network-services-pentesting/pentesting-pop.md) -* [111/TCP/UDP - Pentesting Portmapper](network-services-pentesting/pentesting-rpcbind.md) -* [113 - Pentesting Ident](network-services-pentesting/113-pentesting-ident.md) -* [123/udp - Pentesting NTP](network-services-pentesting/pentesting-ntp.md) -* [135, 593 - Pentesting MSRPC](network-services-pentesting/135-pentesting-msrpc.md) -* [137,138,139 - Pentesting NetBios](network-services-pentesting/137-138-139-pentesting-netbios.md) -* [139,445 - Pentesting SMB](network-services-pentesting/pentesting-smb.md) - * [rpcclient enumeration](network-services-pentesting/pentesting-smb/rpcclient-enumeration.md) -* [143,993 - Pentesting IMAP](network-services-pentesting/pentesting-imap.md) -* [161,162,10161,10162/udp - Pentesting SNMP](network-services-pentesting/pentesting-snmp/README.md) - * [Cisco SNMP](network-services-pentesting/pentesting-snmp/cisco-snmp.md) - * [SNMP RCE](network-services-pentesting/pentesting-snmp/snmp-rce.md) -* [194,6667,6660-7000 - Pentesting IRC](network-services-pentesting/pentesting-irc.md) -* [264 - Pentesting Check Point FireWall-1](network-services-pentesting/pentesting-264-check-point-firewall-1.md) -* [389, 636, 3268, 3269 - Pentesting LDAP](network-services-pentesting/pentesting-ldap.md) -* [500/udp - Pentesting IPsec/IKE VPN](network-services-pentesting/ipsec-ike-vpn-pentesting.md) -* [502 - Pentesting Modbus](network-services-pentesting/pentesting-modbus.md) -* [512 - Pentesting Rexec](network-services-pentesting/512-pentesting-rexec.md) -* [513 - Pentesting Rlogin](network-services-pentesting/pentesting-rlogin.md) -* [514 - Pentesting Rsh](network-services-pentesting/pentesting-rsh.md) -* [515 - Pentesting Line Printer Daemon (LPD)](network-services-pentesting/515-pentesting-line-printer-daemon-lpd.md) -* [548 - Pentesting Apple Filing Protocol (AFP)](network-services-pentesting/584-pentesting-afp.md) -* [554,8554 - Pentesting RTSP](network-services-pentesting/554-8554-pentesting-rtsp.md) -* [623/UDP/TCP - IPMI](network-services-pentesting/623-udp-ipmi.md) -* [631 - Internet Printing Protocol(IPP)](network-services-pentesting/pentesting-631-internet-printing-protocol-ipp.md) -* [873 - Pentesting Rsync](network-services-pentesting/873-pentesting-rsync.md) -* [1026 - Pentesting Rusersd](network-services-pentesting/1026-pentesting-rusersd.md) -* [1080 - Pentesting Socks](network-services-pentesting/1080-pentesting-socks.md) -* [1098/1099/1050 - Pentesting Java RMI - RMI-IIOP](network-services-pentesting/1099-pentesting-java-rmi.md) -* [1433 - Pentesting MSSQL - Microsoft SQL Server](network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md) - * [Types of MSSQL Users](network-services-pentesting/pentesting-mssql-microsoft-sql-server/types-of-mssql-users.md) -* [1521,1522-1529 - Pentesting Oracle TNS Listener](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md) - * [Oracle Pentesting requirements installation](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation.md) - * [TNS Poison](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/tns-poison.md) - * [Remote stealth pass brute force](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md) - * [Oracle RCE & more](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-rce-and-more.md) -* [1723 - Pentesting PPTP](network-services-pentesting/1723-pentesting-pptp.md) -* [1883 - Pentesting MQTT (Mosquitto)](network-services-pentesting/1883-pentesting-mqtt-mosquitto.md) -* [2049 - Pentesting NFS Service](network-services-pentesting/nfs-service-pentesting.md) -* [2301,2381 - Pentesting Compaq/HP Insight Manager](network-services-pentesting/pentesting-compaq-hp-insight-manager.md) -* [2375, 2376 Pentesting Docker](network-services-pentesting/2375-pentesting-docker.md) -* [3128 - Pentesting Squid](network-services-pentesting/3128-pentesting-squid.md) -* [3260 - Pentesting ISCSI](network-services-pentesting/3260-pentesting-iscsi.md) -* [3299 - Pentesting SAPRouter](network-services-pentesting/3299-pentesting-saprouter.md) -* [3306 - Pentesting Mysql](network-services-pentesting/pentesting-mysql.md) -* [3389 - Pentesting RDP](network-services-pentesting/pentesting-rdp.md) -* [3632 - Pentesting distcc](network-services-pentesting/3632-pentesting-distcc.md) -* [3690 - Pentesting Subversion (svn server)](network-services-pentesting/3690-pentesting-subversion-svn-server.md) -* [3702/UDP - Pentesting WS-Discovery](network-services-pentesting/3702-udp-pentesting-ws-discovery.md) -* [4369 - Pentesting Erlang Port Mapper Daemon (epmd)](network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md) -* [4786 - Cisco Smart Install](network-services-pentesting/4786-cisco-smart-install.md) -* [5000 - Pentesting Docker Registry](network-services-pentesting/5000-pentesting-docker-registry.md) -* [5353/UDP Multicast DNS (mDNS) and DNS-SD](network-services-pentesting/5353-udp-multicast-dns-mdns.md) -* [5432,5433 - Pentesting Postgresql](network-services-pentesting/pentesting-postgresql.md) -* [5439 - Pentesting Redshift](network-services-pentesting/5439-pentesting-redshift.md) -* [5555 - Android Debug Bridge](network-services-pentesting/5555-android-debug-bridge.md) -* [5601 - Pentesting Kibana](network-services-pentesting/5601-pentesting-kibana.md) -* [5671,5672 - Pentesting AMQP](network-services-pentesting/5671-5672-pentesting-amqp.md) -* [5800,5801,5900,5901 - Pentesting VNC](network-services-pentesting/pentesting-vnc.md) -* [5984,6984 - Pentesting CouchDB](network-services-pentesting/5984-pentesting-couchdb.md) -* [5985,5986 - Pentesting WinRM](network-services-pentesting/5985-5986-pentesting-winrm.md) -* [5985,5986 - Pentesting OMI](network-services-pentesting/5985-5986-pentesting-omi.md) -* [6000 - Pentesting X11](network-services-pentesting/6000-pentesting-x11.md) -* [6379 - Pentesting Redis](network-services-pentesting/6379-pentesting-redis.md) -* [8009 - Pentesting Apache JServ Protocol (AJP)](network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md) -* [8086 - Pentesting InfluxDB](network-services-pentesting/8086-pentesting-influxdb.md) -* [8089 - Pentesting Splunkd](network-services-pentesting/8089-splunkd.md) -* [8333,18333,38333,18444 - Pentesting Bitcoin](network-services-pentesting/8333-18333-38333-18444-pentesting-bitcoin.md) -* [9000 - Pentesting FastCGI](network-services-pentesting/9000-pentesting-fastcgi.md) -* [9001 - Pentesting HSQLDB](network-services-pentesting/9001-pentesting-hsqldb.md) -* [9042/9160 - Pentesting Cassandra](network-services-pentesting/cassandra.md) -* [9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)](network-services-pentesting/9100-pjl.md) -* [9200 - Pentesting Elasticsearch](network-services-pentesting/9200-pentesting-elasticsearch.md) -* [10000 - Pentesting Network Data Management Protocol (ndmp)](network-services-pentesting/10000-network-data-management-protocol-ndmp.md) -* [11211 - Pentesting Memcache](network-services-pentesting/11211-memcache/README.md) - * [Memcache Commands](network-services-pentesting/11211-memcache/memcache-commands.md) -* [15672 - Pentesting RabbitMQ Management](network-services-pentesting/15672-pentesting-rabbitmq-management.md) -* [24007,24008,24009,49152 - Pentesting GlusterFS](network-services-pentesting/24007-24008-24009-49152-pentesting-glusterfs.md) -* [27017,27018 - Pentesting MongoDB](network-services-pentesting/27017-27018-mongodb.md) -* [44134 - Pentesting Tiller (Helm)](network-services-pentesting/44134-pentesting-tiller-helm.md) -* [44818/UDP/TCP - Pentesting EthernetIP](network-services-pentesting/44818-ethernetip.md) -* [47808/udp - Pentesting BACNet](network-services-pentesting/47808-udp-bacnet.md) -* [50030,50060,50070,50075,50090 - Pentesting Hadoop](network-services-pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md) - -## ๐Ÿ•ธ Pentesting Web - -* [Web Vulnerabilities Methodology](pentesting-web/web-vulnerabilities-methodology/README.md) - * [Browser Extensions](pentesting-web/web-vulnerabilities-methodology/browser-extensions.md) -* [Reflecting Techniques - PoCs and Polygloths CheatSheet](pentesting-web/pocs-and-polygloths-cheatsheet/README.md) - * [Web Vulns List](pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md) -* [2FA/OTP Bypass](pentesting-web/2fa-bypass.md) -* [Account Takeover](pentesting-web/account-takeover.md) -* [Bypass Payment Process](pentesting-web/bypass-payment-process.md) -* [Captcha Bypass](pentesting-web/captcha-bypass.md) -* [Cache Poisoning and Cache Deception](pentesting-web/cache-deception.md) -* [Clickjacking](pentesting-web/clickjacking.md) -* [Client Side Template Injection (CSTI)](pentesting-web/client-side-template-injection-csti.md) -* [Client Side Path Traversal](pentesting-web/client-side-path-traversal.md) -* [Command Injection](pentesting-web/command-injection.md) -* [Content Security Policy (CSP) Bypass](pentesting-web/content-security-policy-csp-bypass/README.md) - * [CSP bypass: self + 'unsafe-inline' with Iframes](pentesting-web/content-security-policy-csp-bypass/csp-bypass-self-+-unsafe-inline-with-iframes.md) -* [Cookies Hacking](pentesting-web/hacking-with-cookies/README.md) - * [Cookie Tossing](pentesting-web/hacking-with-cookies/cookie-tossing.md) - * [Cookie Jar Overflow](pentesting-web/hacking-with-cookies/cookie-jar-overflow.md) - * [Cookie Bomb](pentesting-web/hacking-with-cookies/cookie-bomb.md) -* [CORS - Misconfigurations & Bypass](pentesting-web/cors-bypass.md) -* [CRLF (%0D%0A) Injection](pentesting-web/crlf-0d-0a.md) -* [Cross-site WebSocket hijacking (CSWSH)](pentesting-web/cross-site-websocket-hijacking-cswsh.md) -* [CSRF (Cross Site Request Forgery)](pentesting-web/csrf-cross-site-request-forgery.md) -* [Dangling Markup - HTML scriptless injection](pentesting-web/dangling-markup-html-scriptless-injection.md) -* [Dependency Confusion](pentesting-web/dependency-confusion.md) -* [Deserialization](pentesting-web/deserialization/README.md) - * [NodeJS - \_\_proto\_\_ & prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md) - * [Client Side Prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md) - * [Express Prototype Pollution Gadgets](pentesting-web/deserialization/nodejs-proto-prototype-pollution/express-prototype-pollution-gadgets.md) - * [Prototype Pollution to RCE](pentesting-web/deserialization/nodejs-proto-prototype-pollution/prototype-pollution-to-rce.md) - * [Java JSF ViewState (.faces) Deserialization](pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md) - * [Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner](pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md) - * [Basic Java Deserialization (ObjectInputStream, readObject)](pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md) - * [PHP - Deserialization + Autoload Classes](pentesting-web/deserialization/php-deserialization-+-autoload-classes.md) - * [CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep](pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md) - * [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md) - * [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-knowing-the-secret.md) - * [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-parameter.md) - * [Python Yaml Deserialization](pentesting-web/deserialization/python-yaml-deserialization.md) - * [JNDI - Java Naming and Directory Interface & Log4Shell](pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md) -* [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md) -* [Email Injections](pentesting-web/email-injections.md) -* [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md) - * [phar:// deserialization](pentesting-web/file-inclusion/phar-deserialization.md) - * [LFI2RCE via PHP Filters](pentesting-web/file-inclusion/lfi2rce-via-php-filters.md) - * [LFI2RCE via Nginx temp files](pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md) - * [LFI2RCE via PHP\_SESSION\_UPLOAD\_PROGRESS](pentesting-web/file-inclusion/via-php\_session\_upload\_progress.md) - * [LFI2RCE via Segmentation Fault](pentesting-web/file-inclusion/lfi2rce-via-segmentation-fault.md) - * [LFI2RCE via phpinfo()](pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md) - * [LFI2RCE Via temp file uploads](pentesting-web/file-inclusion/lfi2rce-via-temp-file-uploads.md) - * [LFI2RCE via Eternal waiting](pentesting-web/file-inclusion/lfi2rce-via-eternal-waiting.md) - * [LFI2RCE Via compress.zlib + PHP\_STREAM\_PREFER\_STUDIO + Path Disclosure](pentesting-web/file-inclusion/lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md) -* [File Upload](pentesting-web/file-upload/README.md) - * [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md) -* [Formula/CSV/Doc/LaTeX Injection](pentesting-web/formula-doc-latex-injection.md) -* [HTTP Connection Contamination](pentesting-web/http-connection-contamination.md) -* [HTTP Connection Request Smuggling](pentesting-web/http-connection-request-smuggling.md) -* [HTTP Request Smuggling / HTTP Desync Attack](pentesting-web/http-request-smuggling/README.md) - * [Browser HTTP Request Smuggling](pentesting-web/http-request-smuggling/browser-http-request-smuggling.md) - * [Request Smuggling in HTTP/2 Downgrades](pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md) -* [HTTP Response Smuggling / Desync](pentesting-web/http-response-smuggling-desync.md) -* [Upgrade Header Smuggling](pentesting-web/h2c-smuggling.md) -* [hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md) -* [IDOR](pentesting-web/idor.md) -* [Integer Overflow](pentesting-web/integer-overflow.md) -* [JWT Vulnerabilities (Json Web Tokens)](pentesting-web/hacking-jwt-json-web-tokens.md) -* [LDAP Injection](pentesting-web/ldap-injection.md) -* [Login Bypass](pentesting-web/login-bypass/README.md) - * [Login bypass List](pentesting-web/login-bypass/sql-login-bypass.md) -* [NoSQL injection](pentesting-web/nosql-injection.md) -* [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md) - * [OAuth - Happy Paths, XSS, Iframes & Post Messages to leak code & state values](pentesting-web/oauth-to-account-takeover/oauth-happy-paths-xss-iframes-and-post-messages-to-leak-code-and-state-values.md) -* [Open Redirect](pentesting-web/open-redirect.md) -* [Parameter Pollution](pentesting-web/parameter-pollution.md) -* [Phone Number Injections](pentesting-web/phone-number-injections.md) -* [PostMessage Vulnerabilities](pentesting-web/postmessage-vulnerabilities/README.md) - * [Blocking main page to steal postmessage](pentesting-web/postmessage-vulnerabilities/blocking-main-page-to-steal-postmessage.md) - * [Bypassing SOP with Iframes - 1](pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-1.md) - * [Bypassing SOP with Iframes - 2](pentesting-web/postmessage-vulnerabilities/bypassing-sop-with-iframes-2.md) - * [Steal postmessage modifying iframe location](pentesting-web/postmessage-vulnerabilities/steal-postmessage-modifying-iframe-location.md) -* [Race Condition](pentesting-web/race-condition.md) -* [Rate Limit Bypass](pentesting-web/rate-limit-bypass.md) -* [Registration & Takeover Vulnerabilities](pentesting-web/registration-vulnerabilities.md) -* [Regular expression Denial of Service - ReDoS](pentesting-web/regular-expression-denial-of-service-redos.md) -* [Reset/Forgotten Password Bypass](pentesting-web/reset-password.md) -* [SAML Attacks](pentesting-web/saml-attacks/README.md) - * [SAML Basics](pentesting-web/saml-attacks/saml-basics.md) -* [Server Side Inclusion/Edge Side Inclusion Injection](pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md) -* [SQL Injection](pentesting-web/sql-injection/README.md) - * [MS Access SQL Injection](pentesting-web/sql-injection/ms-access-sql-injection.md) - * [MSSQL Injection](pentesting-web/sql-injection/mssql-injection.md) - * [MySQL injection](pentesting-web/sql-injection/mysql-injection/README.md) - * [MySQL File priv to SSRF/RCE](pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md) - * [Oracle injection](pentesting-web/sql-injection/oracle-injection.md) - * [Cypher Injection (neo4j)](pentesting-web/sql-injection/cypher-injection-neo4j.md) - * [PostgreSQL injection](pentesting-web/sql-injection/postgresql-injection/README.md) - * [dblink/lo\_import data exfiltration](pentesting-web/sql-injection/postgresql-injection/dblink-lo\_import-data-exfiltration.md) - * [PL/pgSQL Password Bruteforce](pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md) - * [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md) - * [Big Binary Files Upload (PostgreSQL)](pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md) - * [RCE with PostgreSQL Languages](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md) - * [RCE with PostgreSQL Extensions](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md) - * [SQLMap - Cheetsheat](pentesting-web/sql-injection/sqlmap/README.md) - * [Second Order Injection - SQLMap](pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md) -* [SSRF (Server Side Request Forgery)](pentesting-web/ssrf-server-side-request-forgery/README.md) - * [URL Format Bypass](pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md) - * [SSRF Vulnerable Platforms](pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md) - * [Cloud SSRF](pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md) -* [SSTI (Server Side Template Injection)](pentesting-web/ssti-server-side-template-injection/README.md) - * [EL - Expression Language](pentesting-web/ssti-server-side-template-injection/el-expression-language.md) - * [Jinja2 SSTI](pentesting-web/ssti-server-side-template-injection/jinja2-ssti.md) -* [Reverse Tab Nabbing](pentesting-web/reverse-tab-nabbing.md) -* [Unicode Injection](pentesting-web/unicode-injection/README.md) - * [Unicode Normalization](pentesting-web/unicode-injection/unicode-normalization.md) -* [Web Tool - WFuzz](pentesting-web/web-tool-wfuzz.md) -* [XPATH injection](pentesting-web/xpath-injection.md) -* [XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)](pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md) -* [XXE - XEE - XML External Entity](pentesting-web/xxe-xee-xml-external-entity.md) -* [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md) - * [Abusing Service Workers](pentesting-web/xss-cross-site-scripting/abusing-service-workers.md) - * [Chrome Cache to XSS](pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md) - * [Debugging Client Side JS](pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md) - * [Dom Clobbering](pentesting-web/xss-cross-site-scripting/dom-clobbering.md) - * [DOM Invader](pentesting-web/xss-cross-site-scripting/dom-invader.md) - * [DOM XSS](pentesting-web/xss-cross-site-scripting/dom-xss.md) - * [Iframes in XSS, CSP and SOP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md) - * [Misc JS Tricks & Relevant Info](pentesting-web/xss-cross-site-scripting/other-js-tricks.md) - * [PDF Injection](pentesting-web/xss-cross-site-scripting/pdf-injection.md) - * [Server Side XSS (Dynamic PDF)](pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md) - * [SOME - Same Origin Method Execution](pentesting-web/xss-cross-site-scripting/some-same-origin-method-execution.md) - * [Steal Info JS](pentesting-web/xss-cross-site-scripting/steal-info-js.md) - * [XSS in Markdown](pentesting-web/xss-cross-site-scripting/xss-in-markdown.md) - * [XSS Tools](pentesting-web/xss-cross-site-scripting/xss-tools.md) -* [XSSI (Cross-Site Script Inclusion)](pentesting-web/xssi-cross-site-script-inclusion.md) -* [XS-Search/XS-Leaks](pentesting-web/xs-search.md) - * [Connection Pool Example](pentesting-web/xs-search/connection-pool-example.md) - * [Connection Pool by Destination Example](pentesting-web/xs-search/connection-pool-by-destination-example.md) - * [Cookie Bomb + Onerror XS Leak](pentesting-web/xs-search/cookie-bomb-+-onerror-xs-leak.md) - * [URL Max Length - Client Side](pentesting-web/xs-search/url-max-length-client-side.md) - * [performance.now example](pentesting-web/xs-search/performance.now-example.md) - * [performance.now + Force heavy task](pentesting-web/xs-search/performance.now-+-force-heavy-task.md) - * [Event Loop Blocking + Lazy images](pentesting-web/xs-search/event-loop-blocking-+-lazy-images.md) - * [JavaScript Execution XS Leak](pentesting-web/xs-search/javascript-execution-xs-leak.md) - * [CSS Injection](pentesting-web/xs-search/css-injection/README.md) - * [CSS Injection Code](pentesting-web/xs-search/css-injection/css-injection-code.md) - -## โ›ˆ Cloud Security - -* [Pentesting Kubernetes](https://cloud.hacktricks.xyz/pentesting-cloud/kubernetes-security) -* [Pentesting Cloud (AWS, GCP, Az...)](https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology) -* [Pentesting CI/CD (Github, Jenkins, Terraform...)](https://cloud.hacktricks.xyz/pentesting-ci-cd/pentesting-ci-cd-methodology) - -## ๐Ÿ˜Ž Hardware/Physical Access - -* [Physical Attacks](physical-attacks/physical-attacks.md) -* [Escaping from KIOSKs](physical-attacks/escaping-from-gui-applications/README.md) - * [Show file extensions](physical-attacks/escaping-from-gui-applications/show-file-extensions.md) -* [Firmware Analysis](physical-attacks/firmware-analysis/README.md) - * [Bootloader testing](physical-attacks/firmware-analysis/bootloader-testing.md) - * [Firmware Integrity](physical-attacks/firmware-analysis/firmware-integrity.md) - -## ๐Ÿฆ… Reversing & Exploiting - -* [Reversing Tools & Basic Methods](reversing/reversing-tools-basic-methods/README.md) - * [Angr](reversing/reversing-tools-basic-methods/angr/README.md) - * [Angr - Examples](reversing/reversing-tools-basic-methods/angr/angr-examples.md) - * [Z3 - Satisfiability Modulo Theories (SMT)](reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md) - * [Cheat Engine](reversing/reversing-tools-basic-methods/cheat-engine.md) - * [Blobrunner](reversing/reversing-tools-basic-methods/blobrunner.md) -* [Common API used in Malware](reversing/common-api-used-in-malware.md) -* [Word Macros](reversing/word-macros.md) -* [Linux Exploiting (Basic) (SPA)](exploiting/linux-exploiting-basic-esp/README.md) - * [Format Strings Template](exploiting/linux-exploiting-basic-esp/format-strings-template.md) - * [ROP - call sys\_execve](exploiting/linux-exploiting-basic-esp/rop-syscall-execv.md) - * [ROP - Leaking LIBC address](exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md) - * [ROP - Leaking LIBC template](exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/rop-leaking-libc-template.md) - * [Bypassing Canary & PIE](exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md) - * [Ret2Lib](exploiting/linux-exploiting-basic-esp/ret2lib.md) - * [Fusion](exploiting/linux-exploiting-basic-esp/fusion.md) -* [Exploiting Tools](exploiting/tools/README.md) - * [PwnTools](exploiting/tools/pwntools.md) -* [Windows Exploiting (Basic Guide - OSCP lvl)](exploiting/windows-exploiting-basic-guide-oscp-lvl.md) - -## ๐Ÿ”ฎ Crypto & Stego - -* [Cryptographic/Compression Algorithms](reversing/cryptographic-algorithms/README.md) - * [Unpacking binaries](reversing/cryptographic-algorithms/unpacking-binaries.md) -* [Certificates](cryptography/certificates.md) -* [Cipher Block Chaining CBC-MAC](cryptography/cipher-block-chaining-cbc-mac-priv.md) -* [Crypto CTFs Tricks](cryptography/crypto-ctfs-tricks.md) -* [Electronic Code Book (ECB)](cryptography/electronic-code-book-ecb.md) -* [Hash Length Extension Attack](cryptography/hash-length-extension-attack.md) -* [Padding Oracle](cryptography/padding-oracle-priv.md) -* [RC4 - Encrypt\&Decrypt](cryptography/rc4-encrypt-and-decrypt.md) -* [Stego Tricks](stego/stego-tricks.md) -* [Esoteric languages](stego/esoteric-languages.md) -* [Blockchain & Crypto Currencies](blockchain/blockchain-and-crypto-currencies/README.md) - -## ๐Ÿง External Platforms Reviews/Writeups - -* [BRA.I.NSMASHER Presentation](a.i.-exploiting/bra.i.nsmasher-presentation/README.md) - * [Basic Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md) - * [Basic Captcha Breaker](a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md) - * [BIM Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md) - * [Hybrid Malware Classifier Part 1](a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md) - * [ML Basics](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md) - * [Feature Engineering](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md) -* [INE Courses and eLearnSecurity Certifications Reviews](courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md) - -## ๐Ÿฆ‚ C2 - -* [Merlin](backdoors/merlin.md) -* [Empire](backdoors/empire.md) -* [Salseo](backdoors/salseo.md) -* [ICMPsh](backdoors/icmpsh.md) -* [Cobalt Strike](c2/cobalt-strike.md) - -## โœ TODO - -* [Other Big References](misc/references.md) -* [Rust Basics](todo/rust-basics.md) -* [More Tools](todo/more-tools.md) -* [MISC](todo/misc.md) -* [Pentesting DNS](pentesting-dns.md) -* [Hardware Hacking](todo/hardware-hacking/README.md) - * [I2C](todo/hardware-hacking/i2c.md) - * [UART](todo/hardware-hacking/uart.md) - * [Radio](todo/hardware-hacking/radio.md) - * [JTAG](todo/hardware-hacking/jtag.md) - * [SPI](todo/hardware-hacking/spi.md) -* [Radio Hacking](radio-hacking/README.md) - * [Pentesting RFID](radio-hacking/pentesting-rfid.md) - * [Infrared](todo/radio-hacking/infrared.md) - * [Sub-GHz RF](todo/radio-hacking/sub-ghz-rf.md) - * [iButton](todo/radio-hacking/ibutton.md) - * [Flipper Zero](todo/radio-hacking/flipper-zero/README.md) - * [FZ - NFC](todo/radio-hacking/flipper-zero/fz-nfc.md) - * [FZ - Sub-GHz](todo/radio-hacking/flipper-zero/fz-sub-ghz.md) - * [FZ - Infrared](todo/radio-hacking/flipper-zero/fz-infrared.md) - * [FZ - iButton](todo/radio-hacking/flipper-zero/fz-ibutton.md) - * [FZ - 125kHz RFID](todo/radio-hacking/flipper-zero/fz-125khz-rfid.md) - * [Proxmark 3](todo/radio-hacking/proxmark-3.md) - * [FISSURE - The RF Framework](todo/radio-hacking/fissure-the-rf-framework.md) - * [Low-Power Wide Area Network](radio-hacking/low-power-wide-area-network.md) - * [Pentesting BLE - Bluetooth Low Energy](radio-hacking/pentesting-ble-bluetooth-low-energy.md) -* [Burp Suite](burp-suite.md) -* [Other Web Tricks](other-web-tricks.md) -* [Interesting HTTP](interesting-http.md) -* [Emails Vulnerabilities](emails-vulns.md) -* [Android Forensics](android-forensics.md) -* [TR-069](todo/tr-069.md) -* [6881/udp - Pentesting BitTorrent](6881-udp-pentesting-bittorrent.md) -* [CTF Write-ups](ctf-write-ups/README.md) - * [challenge-0521.intigriti.io](ctf-write-ups/challenge-0521.intigriti.io.md) - * [Try Hack Me](ctf-write-ups/try-hack-me/README.md) - * [hc0n Christmas CTF - 2019](ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md) - * [Pickle Rick](ctf-write-ups/try-hack-me/pickle-rick.md) -* [1911 - Pentesting fox](1911-pentesting-fox.md) -* [Online Platforms with API](online-platforms-with-api.md) -* [Stealing Sensitive Information Disclosure from a Web](stealing-sensitive-information-disclosure-from-a-web.md) -* [Post Exploitation](post-exploitation.md) -* [Cookies Policy](todo/cookies-policy.md)