GitBook: [master] 8 pages and 19 assets modified
Before Width: | Height: | Size: 1.5 KiB After Width: | Height: | Size: 1.5 KiB |
Before Width: | Height: | Size: 1.5 KiB After Width: | Height: | Size: 1.5 KiB |
Before Width: | Height: | Size: 40 KiB After Width: | Height: | Size: 40 KiB |
Before Width: | Height: | Size: 40 KiB After Width: | Height: | Size: 40 KiB |
Before Width: | Height: | Size: 40 KiB After Width: | Height: | Size: 40 KiB |
BIN
.gitbook/assets/image (446) (1) (2).png
Normal file
After Width: | Height: | Size: 142 KiB |
Before Width: | Height: | Size: 1.3 MiB After Width: | Height: | Size: 1.3 MiB |
Before Width: | Height: | Size: 1.3 MiB After Width: | Height: | Size: 1.3 MiB |
Before Width: | Height: | Size: 566 KiB After Width: | Height: | Size: 566 KiB |
Before Width: | Height: | Size: 740 KiB After Width: | Height: | Size: 740 KiB |
|
@ -154,7 +154,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
|
|||
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
|
||||
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
|
||||
|
||||
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
|
||||
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
|
||||
|
||||
|
|
|
@ -227,7 +227,60 @@ lldb -n malware.bin --waitfor
|
|||
<tr>
|
||||
<td style="text-align:left"><b>help</b>
|
||||
</td>
|
||||
<td style="text-align:left">help breakpoint #Get help of breakpoint command</td>
|
||||
<td style="text-align:left">
|
||||
<p>help breakpoint #Get help of breakpoint command</p>
|
||||
<p>help memory write #Get help to write into the memory</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>reg</b>
|
||||
</td>
|
||||
<td style="text-align:left">
|
||||
<p>reg read $rax</p>
|
||||
<p>reg write $rip 0x100035cc0</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>x/s <reg/memory address></b>
|
||||
</td>
|
||||
<td style="text-align:left">Display the memory as a null-terminated string.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>x/i <reg/memory address></b>
|
||||
</td>
|
||||
<td style="text-align:left">Display the memory as assembly instruction.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>x/b <reg/memory address></b>
|
||||
</td>
|
||||
<td style="text-align:left">Display the memory as byte.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>print object (po)</b>
|
||||
</td>
|
||||
<td style="text-align:left">
|
||||
<p>This will print the object referenced by the param</p>
|
||||
<p>po $raw</p>
|
||||
<p><code>{</code>
|
||||
</p>
|
||||
<p><code> dnsChanger = {</code>
|
||||
</p>
|
||||
<p><code> "affiliate" = "";</code>
|
||||
</p>
|
||||
<p><code> "blacklist_dns" = ();</code>
|
||||
</p>
|
||||
<p>Note that most of Apple’s Objective-C APIs or methods return objects,
|
||||
and thus should be displayed via the “print object” (po)
|
||||
command. If po doesn't produce a meaningful output use <code>x/b</code>
|
||||
<br
|
||||
/>
|
||||
</p>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td style="text-align:left"><b>memory write</b>
|
||||
</td>
|
||||
<td style="text-align:left">memory write 0x100600000 -s 4 0x41414141 #Write AAAA in that address</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
|
|
@ -95,7 +95,7 @@ It follows a few steps to get the Activation Record performed by **`MCTeslaConfi
|
|||
2. The JSON payload is encrypted using Absinthe \(**`NACSign`**\)
|
||||
3. All requests over HTTPs, built-in root certificates are used
|
||||
|
||||
![](../../.gitbook/assets/image%20%28563%29.png)
|
||||
![](../../.gitbook/assets/image%20%28566%29.png)
|
||||
|
||||
The response is a JSON dictionary with some important data like:
|
||||
|
||||
|
@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like:
|
|||
* Signed using the **device identity certificate \(from APNS\)**
|
||||
* **Certificate chain** includes expired **Apple iPhone Device CA**
|
||||
|
||||
![](../../.gitbook/assets/image%20%28570%29.png)
|
||||
![](../../.gitbook/assets/image%20%28567%29%20%281%29.png)
|
||||
|
||||
### Step 6: Profile Installation
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
## Attacks Graphic
|
||||
|
||||
![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%281%29.png)
|
||||
![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
|
||||
|
||||
## Tool
|
||||
|
||||
|
|
|
@ -52,8 +52,8 @@ If only password is configured the username used is "**default**".
|
|||
Also, note that there is **no way to find externally** if Redis was configured with only password or username+password.
|
||||
{% endhint %}
|
||||
|
||||
In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) ****it.
|
||||
In case you found valid credentials you need to **authenticate the session** after establishing the connection with the command:
|
||||
In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) **\*\*it.
|
||||
In case you found valid credentials you need to** authenticate the session\*\* after establishing the connection with the command:
|
||||
|
||||
```bash
|
||||
AUTH <username> <password>
|
||||
|
|
|
@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
|
|||
* Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
|
||||
* You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
|
||||
|
||||
![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%281%29.png)
|
||||
![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29.png)
|
||||
|
||||
{% hint style="info" %}
|
||||
It's recommended to use the "**Send Test Email**" functionality to test that everything is working.
|
||||
|
|
|
@ -126,7 +126,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
|
|||
If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.
|
||||
Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
|
||||
|
||||
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29%20%281%29.png)
|
||||
![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
|
||||
|
||||
|
|