diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (3) (1).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (11).png
similarity index 100%
rename from .gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (3) (1).png
rename to .gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (11).png
diff --git a/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (6) (1).png b/.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (9).png
similarity index 100%
rename from .gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (6) (1).png
rename to .gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (9).png
diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (1).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (1).png
similarity index 100%
rename from .gitbook/assets/image (253) (1) (2) (1) (1) (1).png
rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (1).png
diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (1).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (2).png
similarity index 100%
rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (1).png
rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (2).png
diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3).png
similarity index 100%
rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2).png
rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3).png
diff --git a/.gitbook/assets/image (446) (1) (2).png b/.gitbook/assets/image (446) (1) (2).png
new file mode 100644
index 000000000..574ff118e
Binary files /dev/null and b/.gitbook/assets/image (446) (1) (2).png differ
diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (1).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (1).png
similarity index 100%
rename from .gitbook/assets/image (535) (1) (1) (2) (2) (1).png
rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (1).png
diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2).png
similarity index 100%
rename from .gitbook/assets/image (535) (1) (1) (2) (2).png
rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2).png
diff --git a/.gitbook/assets/image (563).png b/.gitbook/assets/image (566) (1).png
similarity index 100%
rename from .gitbook/assets/image (563).png
rename to .gitbook/assets/image (566) (1).png
diff --git a/.gitbook/assets/image (570).png b/.gitbook/assets/image (567) (1).png
similarity index 100%
rename from .gitbook/assets/image (570).png
rename to .gitbook/assets/image (567) (1).png
diff --git a/linux-unix/linux-privilege-escalation-checklist.md b/linux-unix/linux-privilege-escalation-checklist.md
index 1ab4a0d59..f8ba4a81f 100644
--- a/linux-unix/linux-privilege-escalation-checklist.md
+++ b/linux-unix/linux-privilege-escalation-checklist.md
@@ -154,7 +154,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
-
+
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
diff --git a/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md b/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md
index 07663a26f..1d1b3cbda 100644
--- a/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md
+++ b/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md
@@ -227,7 +227,60 @@ lldb -n malware.bin --waitfor
| help
|
- help breakpoint #Get help of breakpoint command |
+
+ help breakpoint #Get help of breakpoint command
+ help memory write #Get help to write into the memory
+ |
+
+
+ | reg
+ |
+
+ reg read $rax
+ reg write $rip 0x100035cc0
+ |
+
+
+ | x/s <reg/memory address>
+ |
+ Display the memory as a null-terminated string. |
+
+
+ | x/i <reg/memory address>
+ |
+ Display the memory as assembly instruction. |
+
+
+ | x/b <reg/memory address>
+ |
+ Display the memory as byte. |
+
+
+ | print object (po)
+ |
+
+ This will print the object referenced by the param
+ po $raw
+ {
+
+ dnsChanger = {
+
+ "affiliate" = "";
+
+ "blacklist_dns" = ();
+
+ Note that most of Apple’s Objective-C APIs or methods return objects,
+ and thus should be displayed via the “print object” (po)
+ command. If po doesn't produce a meaningful output use x/b
+
+
+ |
+
+
+ | memory write
+ |
+ memory write 0x100600000 -s 4 0x41414141 #Write AAAA in that address |
diff --git a/macos/macos-security-and-privilege-escalation/macos-mdm.md b/macos/macos-security-and-privilege-escalation/macos-mdm.md
index f3696a5ac..321516436 100644
--- a/macos/macos-security-and-privilege-escalation/macos-mdm.md
+++ b/macos/macos-security-and-privilege-escalation/macos-mdm.md
@@ -95,7 +95,7 @@ It follows a few steps to get the Activation Record performed by **`MCTeslaConfi
2. The JSON payload is encrypted using Absinthe \(**`NACSign`**\)
3. All requests over HTTPs, built-in root certificates are used
-
+
The response is a JSON dictionary with some important data like:
@@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like:
* Signed using the **device identity certificate \(from APNS\)**
* **Certificate chain** includes expired **Apple iPhone Device CA**
-
+
### Step 6: Profile Installation
diff --git a/pentesting-web/saml-attacks/README.md b/pentesting-web/saml-attacks/README.md
index 0f7f54e7b..3637f7858 100644
--- a/pentesting-web/saml-attacks/README.md
+++ b/pentesting-web/saml-attacks/README.md
@@ -6,7 +6,7 @@
## Attacks Graphic
-
+
## Tool
diff --git a/pentesting/6379-pentesting-redis.md b/pentesting/6379-pentesting-redis.md
index 483a1d642..438776002 100644
--- a/pentesting/6379-pentesting-redis.md
+++ b/pentesting/6379-pentesting-redis.md
@@ -24,7 +24,7 @@ msf> use auxiliary/scanner/redis/redis_server
### Banner
-Redis is a **text based protocol**, you can just **send the command in a socket** and the returned values will be readable. Also remember that Redis can run using **ssl/tls** \(but this is very weird\).
+Redis is a **text based protocol**, you can just **send the command in a socket** and the returned values will be readable. Also remember that Redis can run using **ssl/tls** \(but this is very weird\).
In a regular Redis instance you can just connect using `nc` or you could also use `redis-cli`:
@@ -44,7 +44,7 @@ In this last case, this means that **you need valid credentials** to access the
### Redis Authentication
**By default** Redis can be accessed **without credentials**. However, it can be **configured** to support **only password, or username + password**.
-It is possible to **set a password** in _**redis.conf**_ file with the parameter `requirepass` **or temporary** until the service restarts connecting to it and running: `config set requirepass p@ss$12E45`.
+It is possible to **set a password** in _**redis.conf**_ file with the parameter `requirepass` **or temporary** until the service restarts connecting to it and running: `config set requirepass p@ss$12E45`.
Also, a **username** can be configured in the parameter `masteruser` inside the _**redis.conf**_ file.
{% hint style="info" %}
@@ -52,8 +52,8 @@ If only password is configured the username used is "**default**".
Also, note that there is **no way to find externally** if Redis was configured with only password or username+password.
{% endhint %}
-In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) ****it.
-In case you found valid credentials you need to **authenticate the session** after establishing the connection with the command:
+In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) **\*\*it.
+In case you found valid credentials you need to** authenticate the session\*\* after establishing the connection with the command:
```bash
AUTH
diff --git a/pentesting/pentesting-web/iis-internet-information-services.md b/pentesting/pentesting-web/iis-internet-information-services.md
index f17107730..e5d8b2b64 100644
--- a/pentesting/pentesting-web/iis-internet-information-services.md
+++ b/pentesting/pentesting-web/iis-internet-information-services.md
@@ -195,7 +195,7 @@ Host: example-mvc-application.minded
[...]
```
-From the previous output, inside the /bin directory you will also be able to find the Dlls
+From the previous output, inside the /bin directory you will also be able to find the Dlls
* System.Web.Mvc.dll
* System.Web.Mvc.Ajax.dll
@@ -235,7 +235,7 @@ HTTP/1.1 200 OK
Note how in the previous output you can see a new namespace called: **WebApplication1.AdditionalFeatures** which indicates that there is another Dll in the /bin folder called **WebApplication1.AdditionalFeatures.dll**
-### Common files
+### Common files
From [here](https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/)
diff --git a/phishing-methodology/README.md b/phishing-methodology/README.md
index 7e77c0cc2..4652e748e 100644
--- a/phishing-methodology/README.md
+++ b/phishing-methodology/README.md
@@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
* Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
* You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
-
+
{% hint style="info" %}
It's recommended to use the "**Send Test Email**" functionality to test that everything is working.
diff --git a/windows/checklist-windows-privilege-escalation.md b/windows/checklist-windows-privilege-escalation.md
index f80de1812..c278353ab 100644
--- a/windows/checklist-windows-privilege-escalation.md
+++ b/windows/checklist-windows-privilege-escalation.md
@@ -126,7 +126,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
-
+
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*