GitBook: [master] 8 pages and 19 assets modified

linux-unix/linux-privilege-escalation-checklist.md

@@ -154,7 +154,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md

@@ -227,7 +227,60 @@ lldb -n malware.bin --waitfor
     <tr>
       <td style="text-align:left"><b>help</b>
       </td>
-      <td style="text-align:left">help breakpoint #Get help of breakpoint command</td>
+      <td style="text-align:left">
+        <p>help breakpoint #Get help of breakpoint command</p>
+        <p>help memory write #Get help to write into the memory</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>reg</b>
+      </td>
+      <td style="text-align:left">
+        <p>reg read $rax</p>
+        <p>reg write $rip 0x100035cc0</p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>x/s &lt;reg/memory address&gt;</b>
+      </td>
+      <td style="text-align:left">Display the memory as a null-terminated string.</td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>x/i &lt;reg/memory address&gt;</b>
+      </td>
+      <td style="text-align:left">Display the memory as assembly instruction.</td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>x/b &lt;reg/memory address&gt;</b>
+      </td>
+      <td style="text-align:left">Display the memory as byte.</td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>print object (po)</b>
+      </td>
+      <td style="text-align:left">
+        <p>This will print the object referenced by the param</p>
+        <p>po $raw</p>
+        <p><code>{</code>
+        </p>
+        <p><code> dnsChanger =  {</code>
+        </p>
+        <p><code>   &quot;affiliate&quot; = &quot;&quot;;</code>
+        </p>
+        <p><code>   &quot;blacklist_dns&quot; = ();</code>
+        </p>
+        <p>Note that most of Apple&#x2019;s Objective-C APIs or methods return objects,
+          and thus should be displayed via the &#x201C;print object&#x201D; (po)
+          command. If po doesn&apos;t produce a meaningful output use <code>x/b</code>
+          <br
+          />
+        </p>
+      </td>
+    </tr>
+    <tr>
+      <td style="text-align:left"><b>memory write</b>
+      </td>
+      <td style="text-align:left">memory write 0x100600000 -s 4 0x41414141 #Write AAAA in that address</td>
     </tr>
   </tbody>
 </table>

macos/macos-security-and-privilege-escalation/macos-mdm.md

@@ -95,7 +95,7 @@ It follows a few steps to get the Activation Record performed by **`MCTeslaConfi
    2. The JSON payload is encrypted using Absinthe \(**`NACSign`**\)
    3. All requests over HTTPs, built-in root certificates are used 
 
-![](../../.gitbook/assets/image%20%28563%29.png)
+![](../../.gitbook/assets/image%20%28566%29.png)
 
 The response is a JSON dictionary with some important data like:
 
@@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like:
 * Signed using the **device identity certificate \(from APNS\)**
 * **Certificate chain** includes expired **Apple iPhone Device CA**
 
-![](../../.gitbook/assets/image%20%28570%29.png)
+![](../../.gitbook/assets/image%20%28567%29%20%281%29.png)
 
 ### Step 6: Profile Installation
 

pentesting-web/saml-attacks/README.md

@@ -6,7 +6,7 @@
 
 ## Attacks Graphic
 
-![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 
 ## Tool
 

pentesting/6379-pentesting-redis.md

@@ -44,7 +44,7 @@ In this last case, this means that **you need valid credentials** to access the
 ### Redis Authentication
 
 **By default** Redis can be accessed **without credentials**. However, it can be **configured** to support **only password, or username + password**.  
-It is possible to **set a password** in _**redis.conf**_ file with the parameter `requirepass`  **or temporary** until the service restarts connecting to it and running: `config set requirepass p@ss$12E45`.  
+It is possible to **set a password** in _**redis.conf**_ file with the parameter `requirepass` **or temporary** until the service restarts connecting to it and running: `config set requirepass p@ss$12E45`.  
 Also, a **username** can be configured in the parameter `masteruser` inside the _**redis.conf**_ file.
 
 {% hint style="info" %}
@@ -52,8 +52,8 @@ If only password is configured the username used is "**default**".
 Also, note that there is **no way to find externally** if Redis was configured with only password or username+password.
 {% endhint %}
 
-In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) ****it.  
-In case you found valid credentials you need to **authenticate the session** after establishing the connection with the command:
+In cases like this one you will **need to find valid credentials** to interact with Redis so you could try to [**brute-force**](../brute-force.md#redis) **\*\*it.  
+In case you found valid credentials you need to** authenticate the session\*\* after establishing the connection with the command:
 
 ```bash
 AUTH <username> <password>

phishing-methodology/README.md

@@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
 * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
 * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
 
-![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%281%29.png)
+![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29.png)
 
 {% hint style="info" %}
 It's recommended to use the "**Send Test Email**" functionality to test that everything is working.  

windows/checklist-windows-privilege-escalation.md

@@ -126,7 +126,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29%20%281%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*