GitBook: [#3522] No subject
Before Width: | Height: | Size: 254 KiB After Width: | Height: | Size: 120 KiB |
BIN
.gitbook/assets/image (25) (1).png
Normal file
After Width: | Height: | Size: 2.9 KiB |
Before Width: | Height: | Size: 2.9 KiB After Width: | Height: | Size: 143 KiB |
BIN
.gitbook/assets/image (26) (1).png
Normal file
After Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 13 KiB After Width: | Height: | Size: 62 KiB |
BIN
.gitbook/assets/image (27) (1).png
Normal file
After Width: | Height: | Size: 1.8 KiB |
Before Width: | Height: | Size: 1.8 KiB After Width: | Height: | Size: 70 KiB |
BIN
.gitbook/assets/image (28) (1).png
Normal file
After Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 148 KiB |
BIN
.gitbook/assets/image (29) (1).png
Normal file
After Width: | Height: | Size: 2.1 KiB |
Before Width: | Height: | Size: 2.1 KiB After Width: | Height: | Size: 37 KiB |
BIN
.gitbook/assets/image (30) (1).png
Normal file
After Width: | Height: | Size: 1.9 KiB |
Before Width: | Height: | Size: 1.9 KiB After Width: | Height: | Size: 27 KiB |
BIN
.gitbook/assets/image (31) (1).png
Normal file
After Width: | Height: | Size: 1.9 KiB |
Before Width: | Height: | Size: 1.9 KiB After Width: | Height: | Size: 211 KiB |
BIN
.gitbook/assets/image (321) (1).png
Normal file
After Width: | Height: | Size: 41 KiB |
Before Width: | Height: | Size: 41 KiB After Width: | Height: | Size: 71 KiB |
BIN
.gitbook/assets/image (324) (1).png
Normal file
After Width: | Height: | Size: 22 KiB |
Before Width: | Height: | Size: 22 KiB After Width: | Height: | Size: 83 KiB |
BIN
.gitbook/assets/image (325) (1).png
Normal file
After Width: | Height: | Size: 249 KiB |
Before Width: | Height: | Size: 249 KiB After Width: | Height: | Size: 161 KiB |
BIN
.gitbook/assets/image (326) (1).png
Normal file
After Width: | Height: | Size: 108 KiB |
Before Width: | Height: | Size: 108 KiB After Width: | Height: | Size: 189 KiB |
BIN
.gitbook/assets/image (329) (1).png
Normal file
After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 223 KiB |
BIN
.gitbook/assets/image (33) (1).png
Normal file
After Width: | Height: | Size: 3.6 KiB |
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 19 KiB |
BIN
.gitbook/assets/image (330) (1).png
Normal file
After Width: | Height: | Size: 7.1 KiB |
Before Width: | Height: | Size: 7.1 KiB After Width: | Height: | Size: 55 KiB |
BIN
.gitbook/assets/image (335) (1).png
Normal file
After Width: | Height: | Size: 335 KiB |
Before Width: | Height: | Size: 335 KiB After Width: | Height: | Size: 85 KiB |
BIN
.gitbook/assets/image (34) (1).png
Normal file
After Width: | Height: | Size: 2.7 KiB |
Before Width: | Height: | Size: 2.7 KiB After Width: | Height: | Size: 114 KiB |
BIN
.gitbook/assets/image (345) (1).png
Normal file
After Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 12 KiB After Width: | Height: | Size: 54 KiB |
BIN
.gitbook/assets/image (349) (1).png
Normal file
After Width: | Height: | Size: 4.8 KiB |
Before Width: | Height: | Size: 4.8 KiB After Width: | Height: | Size: 314 KiB |
BIN
.gitbook/assets/image (35) (1).png
Normal file
After Width: | Height: | Size: 71 KiB |
Before Width: | Height: | Size: 71 KiB After Width: | Height: | Size: 229 KiB |
BIN
.gitbook/assets/image (350) (1).png
Normal file
After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 85 KiB |
BIN
.gitbook/assets/image (351) (1).png
Normal file
After Width: | Height: | Size: 81 KiB |
Before Width: | Height: | Size: 81 KiB After Width: | Height: | Size: 98 KiB |
BIN
.gitbook/assets/image (353) (1).png
Normal file
After Width: | Height: | Size: 3.2 KiB |
Before Width: | Height: | Size: 3.2 KiB After Width: | Height: | Size: 125 KiB |
BIN
.gitbook/assets/image (36) (1).png
Normal file
After Width: | Height: | Size: 31 KiB |
Before Width: | Height: | Size: 31 KiB After Width: | Height: | Size: 102 KiB |
BIN
.gitbook/assets/image (360) (1).png
Normal file
After Width: | Height: | Size: 2.6 KiB |
Before Width: | Height: | Size: 2.6 KiB After Width: | Height: | Size: 115 KiB |
BIN
.gitbook/assets/image (363) (1).png
Normal file
After Width: | Height: | Size: 9.6 KiB |
Before Width: | Height: | Size: 9.6 KiB After Width: | Height: | Size: 50 KiB |
BIN
.gitbook/assets/image (364) (1).png
Normal file
After Width: | Height: | Size: 6.1 KiB |
Before Width: | Height: | Size: 6.1 KiB After Width: | Height: | Size: 152 KiB |
BIN
.gitbook/assets/image (368) (1).png
Normal file
After Width: | Height: | Size: 92 KiB |
Before Width: | Height: | Size: 92 KiB After Width: | Height: | Size: 51 KiB |
BIN
.gitbook/assets/image (39) (1).png
Normal file
After Width: | Height: | Size: 82 KiB |
Before Width: | Height: | Size: 82 KiB After Width: | Height: | Size: 101 KiB |
BIN
.gitbook/assets/image (40) (1).png
Normal file
After Width: | Height: | Size: 205 KiB |
Before Width: | Height: | Size: 205 KiB After Width: | Height: | Size: 146 KiB |
BIN
.gitbook/assets/image (43) (1).png
Normal file
After Width: | Height: | Size: 4.6 KiB |
Before Width: | Height: | Size: 4.6 KiB After Width: | Height: | Size: 176 KiB |
BIN
.gitbook/assets/image (46) (1).png
Normal file
After Width: | Height: | Size: 35 KiB |
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 38 KiB |
BIN
.gitbook/assets/image (48) (1).png
Normal file
After Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 55 KiB |
BIN
.gitbook/assets/image (49) (1).png
Normal file
After Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 30 KiB After Width: | Height: | Size: 127 KiB |
BIN
.gitbook/assets/image (52) (1).png
Normal file
After Width: | Height: | Size: 49 KiB |
Before Width: | Height: | Size: 49 KiB After Width: | Height: | Size: 202 KiB |
BIN
.gitbook/assets/image (54) (1).png
Normal file
After Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 43 KiB |
BIN
.gitbook/assets/image (56) (1).png
Normal file
After Width: | Height: | Size: 7.9 KiB |
Before Width: | Height: | Size: 7.9 KiB After Width: | Height: | Size: 110 KiB |
BIN
.gitbook/assets/image (57) (1).png
Normal file
After Width: | Height: | Size: 9.7 KiB |
Before Width: | Height: | Size: 9.7 KiB After Width: | Height: | Size: 143 KiB |
BIN
.gitbook/assets/image (58) (1).png
Normal file
After Width: | Height: | Size: 11 KiB |
Before Width: | Height: | Size: 11 KiB After Width: | Height: | Size: 106 KiB |
Before Width: | Height: | Size: 254 KiB After Width: | Height: | Size: 468 KiB |
BIN
.gitbook/assets/image (61) (1).png
Normal file
After Width: | Height: | Size: 148 KiB |
Before Width: | Height: | Size: 148 KiB After Width: | Height: | Size: 142 KiB |
BIN
.gitbook/assets/image (62) (1).png
Normal file
After Width: | Height: | Size: 89 KiB |
Before Width: | Height: | Size: 89 KiB After Width: | Height: | Size: 150 KiB |
BIN
.gitbook/assets/image (64) (1).png
Normal file
After Width: | Height: | Size: 35 KiB |
Before Width: | Height: | Size: 35 KiB After Width: | Height: | Size: 115 KiB |
BIN
.gitbook/assets/image (66) (1).png
Normal file
After Width: | Height: | Size: 47 KiB |
Before Width: | Height: | Size: 47 KiB After Width: | Height: | Size: 40 KiB |
BIN
.gitbook/assets/image (67) (2).png
Normal file
After Width: | Height: | Size: 26 KiB |
Before Width: | Height: | Size: 26 KiB After Width: | Height: | Size: 138 KiB |
BIN
.gitbook/assets/image (68) (1).png
Normal file
After Width: | Height: | Size: 20 KiB |
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 220 KiB |
BIN
.gitbook/assets/image (69) (1).png
Normal file
After Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 95 KiB |
BIN
.gitbook/assets/image (85) (1).png
Normal file
After Width: | Height: | Size: 7.7 KiB |
Before Width: | Height: | Size: 7.7 KiB After Width: | Height: | Size: 98 KiB |
Before Width: | Height: | Size: 19 KiB After Width: | Height: | Size: 49 KiB |
|
@ -44,7 +44,7 @@ You can check their **blog** in [**https://blog.stmcyber.com**](https://blog.stm
|
|||
|
||||
### [SYN CUBES](https://www.syncubes.com/)
|
||||
|
||||
<figure><img src=".gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image (33).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
|
||||
|
||||
|
|
14
SUMMARY.md
|
@ -12,13 +12,15 @@
|
|||
* [External Recon Methodology](generic-methodologies-and-resources/external-recon-methodology/README.md)
|
||||
* [Github Dorks & Leaks](generic-methodologies-and-resources/external-recon-methodology/github-leaked-secrets.md)
|
||||
* [Pentesting Network](generic-methodologies-and-resources/pentesting-network/README.md)
|
||||
* [DHCPv6](generic-methodologies-and-resources/pentesting-network/dhcpv6.md)
|
||||
* [EIGRP Attacks](generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md)
|
||||
* [GLBP & HSRP Attacks](generic-methodologies-and-resources/pentesting-network/glbp-and-hsrp-attacks.md)
|
||||
* [IDS and IPS Evasion](generic-methodologies-and-resources/pentesting-network/ids-evasion.md)
|
||||
* [Network Protocols Explained (ESP)](generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md)
|
||||
* [Nmap Summary (ESP)](generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md)
|
||||
* [Pentesting IPv6](generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md)
|
||||
* [Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks](generic-methodologies-and-resources/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
|
||||
* [Spoofing SSDP and UPnP Devices with EvilSSDP](generic-methodologies-and-resources/pentesting-network/spoofing-ssdp-and-upnp-devices.md)
|
||||
* [Pentesting IPv6](generic-methodologies-and-resources/pentesting-network/pentesting-ipv6.md)
|
||||
* [Nmap Summary (ESP)](generic-methodologies-and-resources/pentesting-network/nmap-summary-esp.md)
|
||||
* [Network Protocols Explained (ESP)](generic-methodologies-and-resources/pentesting-network/network-protocols-explained-esp.md)
|
||||
* [IDS and IPS Evasion](generic-methodologies-and-resources/pentesting-network/ids-evasion.md)
|
||||
* [DHCPv6](generic-methodologies-and-resources/pentesting-network/dhcpv6.md)
|
||||
* [Pentesting Wifi](generic-methodologies-and-resources/pentesting-wifi/README.md)
|
||||
* [Evil Twin EAP-TLS](generic-methodologies-and-resources/pentesting-wifi/evil-twin-eap-tls.md)
|
||||
* [Phishing Methodology](generic-methodologies-and-resources/phishing-methodology/README.md)
|
||||
|
@ -285,6 +287,7 @@
|
|||
* [25,465,587 - Pentesting SMTP/s](network-services-pentesting/pentesting-smtp/README.md)
|
||||
* [SMTP - Commands](network-services-pentesting/pentesting-smtp/smtp-commands.md)
|
||||
* [43 - Pentesting WHOIS](network-services-pentesting/43-pentesting-whois.md)
|
||||
* [49 - Pentesting TACACS+](network-services-pentesting/49-pentesting-tacacs+.md)
|
||||
* [53 - Pentesting DNS](network-services-pentesting/pentesting-dns.md)
|
||||
* [69/UDP TFTP/Bittorrent-tracker](network-services-pentesting/69-udp-tftp.md)
|
||||
* [79 - Pentesting Finger](network-services-pentesting/pentesting-finger.md)
|
||||
|
@ -396,6 +399,7 @@
|
|||
* [3690 - Pentesting Subversion (svn server)](network-services-pentesting/3690-pentesting-subversion-svn-server.md)
|
||||
* [3702/UDP - Pentesting WS-Discovery](network-services-pentesting/3702-udp-pentesting-ws-discovery.md)
|
||||
* [4369 - Pentesting Erlang Port Mapper Daemon (epmd)](network-services-pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md)
|
||||
* [4786 - Cisco Smart Install](network-services-pentesting/4786-cisco-smart-install.md)
|
||||
* [5000 - Pentesting Docker Registry](network-services-pentesting/5000-pentesting-docker-registry.md)
|
||||
* [5353/UDP Multicast DNS (mDNS) and DNS-SD](network-services-pentesting/5353-udp-multicast-dns-mdns.md)
|
||||
* [5432,5433 - Pentesting Postgresql](network-services-pentesting/pentesting-postgresql.md)
|
||||
|
|
|
@ -4,25 +4,19 @@
|
|||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
{% hint style="danger" %}
|
||||
<img src="../.gitbook/assets/image.png" alt="" data-size="original">
|
||||
<img src="../.gitbook/assets/image (33).png" alt="" data-size="original">
|
||||
|
||||
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
|
||||
|
||||
{% embed url="https://www.syncubes.com/" %}
|
||||
{% endhint %}
|
||||
|
||||
## What is a Certificate
|
||||
|
||||
|
@ -201,26 +195,20 @@ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
|
|||
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
|
||||
```
|
||||
|
||||
{% hint style="danger" %}
|
||||
<img src="../.gitbook/assets/image.png" alt="" data-size="original">
|
||||
<img src="../.gitbook/assets/image (33).png" alt="" data-size="original">
|
||||
|
||||
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
|
||||
|
||||
{% embed url="https://www.syncubes.com/" %}
|
||||
{% endhint %}
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
|
|
@ -4,15 +4,11 @@
|
|||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
|
@ -66,7 +62,7 @@ Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
|
|||
|
||||
## **Send the exploit and check if EIP is affected:**
|
||||
|
||||
![](<../.gitbook/assets/image (25).png>)
|
||||
![](<../.gitbook/assets/image (25) (1).png>)
|
||||
|
||||
Every time you break the service you should restart it as is indicated in the beginnig of this page.
|
||||
|
||||
|
@ -74,7 +70,7 @@ Every time you break the service you should restart it as is indicated in the be
|
|||
|
||||
The pattern should be as big as the buffer you used to broke the service previously.
|
||||
|
||||
![](<../.gitbook/assets/image (26).png>)
|
||||
![](<../.gitbook/assets/image (26) (1).png>)
|
||||
|
||||
```
|
||||
/usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000
|
||||
|
@ -84,11 +80,11 @@ Change the buffer of the exploit and set the pattern and lauch the exploit.
|
|||
|
||||
A new crash should appeard, but with a different EIP address:
|
||||
|
||||
![](<../.gitbook/assets/image (27).png>)
|
||||
![](<../.gitbook/assets/image (27) (1).png>)
|
||||
|
||||
Check if the address was in your pattern:
|
||||
|
||||
![](<../.gitbook/assets/image (28).png>)
|
||||
![](<../.gitbook/assets/image (28) (1).png>)
|
||||
|
||||
```
|
||||
/usr/share/metasploit-framework/tools/exploit/pattern_offset.rb -l 3000 -q 39694438
|
||||
|
@ -104,9 +100,9 @@ buffer = 'A'*2606 + 'BBBB' + 'CCCC'
|
|||
|
||||
With this buffer the EIP crashed should point to 42424242 ("BBBB")
|
||||
|
||||
![](<../.gitbook/assets/image (30).png>)
|
||||
![](<../.gitbook/assets/image (30) (1).png>)
|
||||
|
||||
![](<../.gitbook/assets/image (29).png>)
|
||||
![](<../.gitbook/assets/image (29) (1).png>)
|
||||
|
||||
Looks like it is working.
|
||||
|
||||
|
@ -122,7 +118,7 @@ buffer = 'A'*2606 + 'BBBB' + 'C'*600
|
|||
|
||||
launch the new exploit and check the EBP and the length of the usefull shellcode
|
||||
|
||||
![](<../.gitbook/assets/image (31).png>)
|
||||
![](<../.gitbook/assets/image (31) (1).png>)
|
||||
|
||||
![](<../.gitbook/assets/image (32).png>)
|
||||
|
||||
|
@ -164,11 +160,11 @@ For example:
|
|||
|
||||
In this case you can see that **you shouldn't use the char 0x0A** (nothing is saved in memory since the char 0x09).
|
||||
|
||||
![](<../.gitbook/assets/image (33).png>)
|
||||
![](<../.gitbook/assets/image (33) (1).png>)
|
||||
|
||||
In this case you can see that **the char 0x0D is avoided**:
|
||||
|
||||
![](<../.gitbook/assets/image (34).png>)
|
||||
![](<../.gitbook/assets/image (34) (1).png>)
|
||||
|
||||
## Find a JMP ESP as a return address
|
||||
|
||||
|
@ -186,7 +182,7 @@ You will **list the memory maps**. Search for some DLl that has:
|
|||
* **NXCompat: False**
|
||||
* **OS Dll: True**
|
||||
|
||||
![](<../.gitbook/assets/image (35).png>)
|
||||
![](<../.gitbook/assets/image (35) (1).png>)
|
||||
|
||||
Now, inside this memory you should find some JMP ESP bytes, to do that execute:
|
||||
|
||||
|
@ -197,7 +193,7 @@ Now, inside this memory you should find some JMP ESP bytes, to do that execute:
|
|||
|
||||
**Then, if some address is found, choose one that don't contain any badchar:**
|
||||
|
||||
![](<../.gitbook/assets/image (36).png>)
|
||||
![](<../.gitbook/assets/image (36) (1).png>)
|
||||
|
||||
**In this case, for example: \_0x5f4a358f**\_
|
||||
|
||||
|
@ -277,14 +273,10 @@ EXITFUNC=thread -e x86/shikata_ga_nai
|
|||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
|
|
@ -4,25 +4,19 @@
|
|||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
{% hint style="danger" %}
|
||||
<img src="../../../.gitbook/assets/image.png" alt="" data-size="original">
|
||||
<img src="../../../.gitbook/assets/image (33).png" alt="" data-size="original">
|
||||
|
||||
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
|
||||
|
||||
{% embed url="https://www.syncubes.com/" %}
|
||||
{% endhint %}
|
||||
|
||||
## Browsers Artifacts <a href="#3def" id="3def"></a>
|
||||
|
||||
|
@ -42,13 +36,13 @@ Let us take a look at the most common artifacts stored by browsers.
|
|||
* **Logins:** Self Explanatory.
|
||||
* **Favicons:** They are the little icons found in tabs, urls, bookmarks and the such. They can be used as another source to get more information about the website or places the user visited.
|
||||
* **Browser Sessions:** Self Explanatory.
|
||||
* **Downloads:**Self Explanatory.
|
||||
* \*\*Downloads:\*\*Self Explanatory.
|
||||
* **Form Data:** Anything typed inside forms is oftentimes stored by the browser, so the next time the user enters something inside of a form the browser can suggest previously entered data.
|
||||
* **Thumbnails:** Self Explanatory.
|
||||
|
||||
## Firefox
|
||||
|
||||
Firefox create the profiles folder in \~/_**.mozilla/firefox/**_ (Linux), in **/Users/$USER/Library/Application Support/Firefox/Profiles/** (MacOS), _**%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\\**_ (Windows)_**.**_\
|
||||
Firefox create the profiles folder in \~/_**.mozilla/firefox/**_ (Linux), in **/Users/$USER/Library/Application Support/Firefox/Profiles/** (MacOS), _**%userprofile%\AppData\Roaming\Mozilla\Firefox\Profiles\\**_ (Windows)_**.**_\
|
||||
Inside this folder, the file _**profiles.ini**_ should appear with the name(s) of the user profile(s).\
|
||||
Each profile has a "**Path**" variable with the name of the folder where its data is going to be stored. The folder should be **present in the same directory where the \_profiles.ini**\_\*\* exist\*\*. If it isn't, then, probably it was deleted.
|
||||
|
||||
|
@ -271,26 +265,20 @@ Opera **stores browser history and download data in the exact same format as Goo
|
|||
* **Browser’s built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences`
|
||||
* **fraud\_protection\_enabled** should be **true**
|
||||
|
||||
{% hint style="danger" %}
|
||||
<img src="../../../.gitbook/assets/image.png" alt="" data-size="original">
|
||||
<img src="../../../.gitbook/assets/image (33).png" alt="" data-size="original">
|
||||
|
||||
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions.
|
||||
|
||||
{% embed url="https://www.syncubes.com/" %}
|
||||
{% endhint %}
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
|