diff --git a/exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md b/exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md index b037dcc6b..5f2b4b000 100644 --- a/exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md +++ b/exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md @@ -23,7 +23,7 @@ {% hint style="info" %} Note that **`checksec`** might not find that a binary is protected by a canary if this was statically compiled and it's not capable to identify the function.\ -However, you can manually notice this if you find that a value is saved in the stack at the begging of a function call and this value is checked before exiting. +However, you can manually notice this if you find that a value is saved in the stack at the beginning of a function call and this value is checked before exiting. {% endhint %} # Brute force Canary diff --git a/exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md b/exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md index a31015d0b..ec2086713 100644 --- a/exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md +++ b/exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md @@ -219,7 +219,7 @@ gets At this point we should know the libc library used. As we are exploiting a local binary I will use just:`/lib/x86_64-linux-gnu/libc.so.6` -So, at the begging of `template.py` change the **libc** variable to: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it` +So, at the beginning of `template.py` change the **libc** variable to: `libc = ELF("/lib/x86_64-linux-gnu/libc.so.6") #Set library path when know it` Giving the **path** to the **libc library** the rest of the **exploit is going to be automatically calculated**. diff --git a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md index 1bb009c71..856fa1dc0 100644 --- a/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md +++ b/forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md @@ -76,7 +76,7 @@ To fix this you need to **add the correct magic number** at the beginning of the '550d0d0a' ``` -The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **begging** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000` +The **magic number** in this case for python3.8 is **`0x550d0d0a`**, then, to fix this error you will need to **add** at the **beginning** of the **.pyc file** the following bytes: `0x0d550a0d000000000000000000000000` **Once** you have **added** that magic header, the **error should be fixed.** diff --git a/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md b/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md index b70c14ed3..adf97b61b 100644 --- a/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md +++ b/generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md @@ -42,7 +42,7 @@ If you **know the MAC address of a host in the same net** as you (you could just Suppose the **MAC address** is **`12:34:56:78:9a:bc`** 1. To IPv6 notation: **`1234:5678:9abc`** -2. Append `fe80::` at the begging and Insert `fffe` in the middle: **`fe80::`**`1234:56`**`ff:fe`**`78:9abc` +2. Append `fe80::` at the beginning and Insert `fffe` in the middle: **`fe80::`**`1234:56`**`ff:fe`**`78:9abc` 3. Invert seventh bit from the left, from 0001 0010 to 0001 0000: `fe80::1`**`0`**`34:56ff:fe78:9abc` 4. `fe80::1034:56ff:fe78:9abc` diff --git a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md index 72be366bf..580b3145e 100644 --- a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md +++ b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md @@ -1045,7 +1045,7 @@ function_type(code_obj, mydict, None, None, None)("secretcode") ### Bypass Defenses -In previous examples at the begging of this post, you can see **how to execute any python code using the `compile` function**. This is interesting because you can **execute whole scripts** with loops and everything in a **one liner** (and we could do the same using **`exec`**).\ +In previous examples at the beginning of this post, you can see **how to execute any python code using the `compile` function**. This is interesting because you can **execute whole scripts** with loops and everything in a **one liner** (and we could do the same using **`exec`**).\ Anyway, sometimes it could be useful to **create** a **compiled object** in a local machine and execute it in the **CTF machine** (for example because we don't have the `compiled` function in the CTF). For example, let's compile and execute manually a function that reads _./poc.py_: diff --git a/mobile-pentesting/android-app-pentesting/smali-changes.md b/mobile-pentesting/android-app-pentesting/smali-changes.md index eaab45ff9..55a799be5 100644 --- a/mobile-pentesting/android-app-pentesting/smali-changes.md +++ b/mobile-pentesting/android-app-pentesting/smali-changes.md @@ -179,7 +179,7 @@ Recommendations: ### Toasting -Remember to add 3 to the number of _.locals_ at the begging of the function. +Remember to add 3 to the number of _.locals_ at the beginning of the function. This code is prepared to be inserted in the **middle of a function** (**change** the number of the **variables** as necessary). It will take the **value of this.o**, **transform** it to **String** and them **make** a **toast** with its value. diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md index bcde48d42..f58c5ce7e 100644 --- a/network-services-pentesting/pentesting-ftp/README.md +++ b/network-services-pentesting/pentesting-ftp/README.md @@ -180,7 +180,7 @@ You could also abuse this behaviour to make a FTP server interact with other pro The theory is easy: 1. **Upload the request (inside a text file) to the vulnerable server.** Remember that if you want to talk with another HTTP or FTP server you need to change lines with `0x0d 0x0a` -2. **Use `REST X` to avoid sending the characters you don't want to send** (maybe to upload the request inside the file you needed to put some image header at the begging) +2. **Use `REST X` to avoid sending the characters you don't want to send** (maybe to upload the request inside the file you needed to put some image header at the beginning) 3. **Use `PORT`to connect to the arbitrary server and service** 4. **Use `RETR`to send the saved request to the server.** diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md index b832f1843..928160979 100644 --- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md +++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md @@ -520,7 +520,7 @@ You can use the tool [https://github.com/teambi0s/dfunc-bypasser](https://github ### Bypassing using other system functions -Just return to the begging of this page and **check if any of the command executing functions isn't disabled and available in the environment**. If you find just 1 of them, you will be able to use it to execute arbitrary system commands. +Just return to the beginning of this page and **check if any of the command executing functions isn't disabled and available in the environment**. If you find just 1 of them, you will be able to use it to execute arbitrary system commands. ### LD\_PRELOAD bypass diff --git a/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md b/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md index 3e75500c7..b4ff9a2b1 100644 --- a/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md +++ b/pentesting-web/file-inclusion/lfi2rce-via-php-filters.md @@ -16,7 +16,7 @@ This [**writeup** ](https://gist.github.com/loknop/b27422d355ea1fd0d90d6dbc1e278d4d)explains that you can use **php filters to generate arbitrary content** as output. Which basically means that you can **generate arbitrary php code** for the include **without needing to write** it into a file. -Basically the goal of the script is to **generate a Base64** string at the **begging** of the file that will be **finally decoded** providing the desired payload that will be **interpreted by `include`**. +Basically the goal of the script is to **generate a Base64** string at the **beginning** of the file that will be **finally decoded** providing the desired payload that will be **interpreted by `include`**. The bases to do this are: diff --git a/pentesting-web/http-request-smuggling/README.md b/pentesting-web/http-request-smuggling/README.md index 58bd91983..533070cd0 100644 --- a/pentesting-web/http-request-smuggling/README.md +++ b/pentesting-web/http-request-smuggling/README.md @@ -66,7 +66,7 @@ Here, the **front-end** server uses the **`Content-Length`** header and the **ba `GET /404 HTTP/1.1`\ `Foo: x` -Note how `Content-Length` indicate the **bodies request length is 30 bytes long** (_remember that HTTP uses as new line, so 2bytes each new line_), so the reverse proxy **will send the complete request** to the back-end, and the back-end will process the `Transfer-Encoding` header leaving the `GET /404 HTTP/1.1` as the **begging of the next request** (BTW, the next request will be appended to `Foo:x`). +Note how `Content-Length` indicate the **bodies request length is 30 bytes long** (_remember that HTTP uses as new line, so 2bytes each new line_), so the reverse proxy **will send the complete request** to the back-end, and the back-end will process the `Transfer-Encoding` header leaving the `GET /404 HTTP/1.1` as the **beginning of the next request** (BTW, the next request will be appended to `Foo:x`). ### TE.CL vulnerabilities diff --git a/pentesting-web/xs-search.md b/pentesting-web/xs-search.md index 839e0dfc0..a1fa09fe0 100644 --- a/pentesting-web/xs-search.md +++ b/pentesting-web/xs-search.md @@ -905,7 +905,7 @@ However, if for whatever reason you **MUST** do it **char by char** (maybe the c ``` -Therefore, what you can do is to **add a lot of junk chars** (For example **thousands of "W"s**) to **fill the web page before the secret**. We do this so the image is not loaded at the begging. +Therefore, what you can do is to **add a lot of junk chars** (For example **thousands of "W"s**) to **fill the web page before the secret**. We do this so the image is not loaded at the beginning. However, you make the **bot access the page** with something like diff --git a/pentesting-web/xs-search/css-injection/README.md b/pentesting-web/xs-search/css-injection/README.md index 5772fca7a..2acf96d05 100644 --- a/pentesting-web/xs-search/css-injection/README.md +++ b/pentesting-web/xs-search/css-injection/README.md @@ -75,7 +75,7 @@ The attacker will f**ollow that loop until it manages to leak completely the sec You can find the original [**Pepe Vila's code to exploit this here**](https://gist.github.com/cgvwzq/6260f0f0a47c009c87b4d46ce3808231) or you can find almost the [**same code but commented here**.](./#css-injection) {% hint style="info" %} -The script will try to discover 2 chars each time (from the begging and from the end) because the attribute selector allows to do things like: +The script will try to discover 2 chars each time (from the beginning and from the end) because the attribute selector allows to do things like: ```css /* value^= to match the beggining of the value*/ diff --git a/reversing/common-api-used-in-malware.md b/reversing/common-api-used-in-malware.md index 21620f9fd..ff31d6bc3 100644 --- a/reversing/common-api-used-in-malware.md +++ b/reversing/common-api-used-in-malware.md @@ -149,7 +149,7 @@ The malware will unmap the legitimate code from memory of the process and load a * **IRP** (**I/O Request Packets**) transmit pieces of data from one component to another. Almost everything in the kernel uses IRPs and each device object has its own function table that can be hooked: DKOM (Direct Kernel Object Manipulation) * The **IAT** (**Import Address Table**) is useful to resolve dependencies. It's possible to hook this table in order to hijack the code that will be called. * **EAT** (**Export Address Table**) Hooks. This hooks can be done from **userland**. The goal is to hook exported functions by DLLs. -* **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the begging of this. +* **Inline Hooks**: This type are difficult to achieve. This involve modifying the code of the functions itself. Maybe by putting a jump at the beginning of this.