Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 09:27:32 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 3 pages modified

Browse source
This commit is contained in:
CPol 2021-03-31 10:21:23 +00:00 committed by gitbook-bot
parent a518d603e3
commit 9d73005b51
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 9 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
mobile-apps-pentesting/android-app-pentesting/README.md
View file

@ -751,7 +751,9 @@ AndroL4b is an Android security virtual machine based on ubuntu-mate includes th
### OWASP
{% embed url="https://github.com/OWASP/owasp-mstg%0Ahttps://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06g-testing-network-communication" %}
{% embed url="https://github.com/OWASP/owasp-mstg" %}
{% embed url="https://mobile-security.gitbook.io/mobile-security-testing-guide/ios-testing-guide/0x06g-testing-network-communication" %}
### Git Repos

6
pentesting/pentesting-pop.md
View file

@ -63,15 +63,15 @@ root@kali:~# telnet $ip 110
+OK
PASS password
+OK Welcome billydean
list
+OK 2 1807
1 786
2 1021
retr 1
+OK Message follows
From: jamesbrown@motown.com
Dear Billy Dean,

7
pentesting/pentesting-web/iis-internet-information-services.md
View file

@ -27,7 +27,6 @@ Pragma: no-cache
Location: https://192.168.5.237/owa/
Server: Microsoft-IIS/10.0
X-FEServer: NHEXCHANGE2016
```
## Execute .config files
@ -38,7 +37,7 @@ More information and techniques to exploit this vulnerability [here](https://sor
## IIS HTTP Bruteforce
Download the list that I have created:
Download the list that I have created:
{% file src="../../.gitbook/assets/iisfinal.txt" %}
@ -155,7 +154,6 @@ You can also use **metasploit**: `use scanner/http/iis_shortname_scanner`
You can try to **mix** this **vulnerability** and the last one to find new **folders** and **bypass** the authentication.
## ASP.NET Trace.AXD enabled debugging
ASP.NET include a debugging mode and its file is called `trace.axd`.
@ -164,6 +162,7 @@ It keeps a very detailed log of all requests made to an application over a perio
This information includes remote client IP's, session IDs, all request and response cookies, physical paths, source code information, and potentially even usernames and passwords.
https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
[https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/](https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/)
![Screenshot 2021-03-30 at 13 19 11](https://user-images.githubusercontent.com/31736688/112974448-2690b000-915b-11eb-896c-f41c27c44286.png)