From aca0a36b21ed3fd56b11d7f142fccd39754bc522 Mon Sep 17 00:00:00 2001 From: CPol Date: Sun, 15 Aug 2021 22:19:51 +0000 Subject: [PATCH] GitBook: [master] 17 pages and 28 assets modified --- ...53) (1) (2) (1) (1) (2) (2) (3) (3) (5) (1).png} | Bin ...53) (1) (2) (1) (1) (2) (2) (3) (3) (5) (2).png} | Bin ...53) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3).png} | Bin ...53) (1) (2) (1) (1) (2) (2) (3) (3) (5) (4).png} | Bin ...53) (1) (2) (1) (1) (2) (2) (3) (3) (5) (5).png} | Bin ... (1).png => image (446) (1) (2) (2) (3) (1).png} | Bin ... (2).png => image (446) (1) (2) (2) (3) (2).png} | Bin ... (2).png => image (446) (1) (2) (2) (3) (3).png} | Bin ...e (535) (1) (1) (2) (2) (2) (2) (2) (2) (1).png} | Bin ...e (535) (1) (1) (2) (2) (2) (2) (2) (2) (2).png} | Bin ...e (535) (1) (1) (2) (2) (2) (2) (2) (2) (3).png} | Bin ...e (535) (1) (1) (2) (2) (2) (2) (2) (2) (4).png} | Bin ...567) (1) (1).png => image (567) (1) (2) (1).png} | Bin ...ge (567) (1).png => image (567) (1) (2) (2).png} | Bin linux-unix/privilege-escalation/README.md | 5 +++++ .../macos-mdm.md | 2 +- pentesting-web/saml-attacks/README.md | 2 +- pentesting/1099-pentesting-java-rmi.md | 10 +++++----- pentesting/5985-5986-pentesting-winrm.md | 2 +- pentesting/pentesting-dns.md | 1 + pentesting/pentesting-imap.md | 1 + pentesting/pentesting-kerberos-88/README.md | 3 +-- pentesting/pentesting-ldap.md | 1 + pentesting/pentesting-mssql-microsoft-sql-server.md | 1 + pentesting/pentesting-ntp.md | 1 + pentesting/pentesting-rpcbind.md | 2 +- pentesting/pentesting-smtp/README.md | 1 + pentesting/pentesting-snmp/README.md | 1 + pentesting/pentesting-web/README.md | 2 +- .../iis-internet-information-services.md | 2 +- phishing-methodology/README.md | 2 +- 31 files changed, 25 insertions(+), 14 deletions(-) rename .gitbook/assets/{image (253) (1) (2) (1) (1) (2) (2) (3) (3) (1).png => image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (1).png} (100%) rename .gitbook/assets/{image (253) (1) (2) (1) (1) (2) (2) (3) (3) (2).png => image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (2).png} (100%) rename .gitbook/assets/{image (253) (1) (2) (1) (1) (2) (2) (3) (3) (3).png => image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3).png} (100%) rename .gitbook/assets/{image (253) (1) (2) (1) (1) (2) (2) (3) (3) (4).png => image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (4).png} (100%) rename .gitbook/assets/{image (253) (1) (2) (1) (1) (2) (2) (3) (3).png => image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (5).png} (100%) rename .gitbook/assets/{image (446) (1) (2) (2) (1).png => image (446) (1) (2) (2) (3) (1).png} (100%) rename .gitbook/assets/{image (446) (1) (2) (2) (2).png => image (446) (1) (2) (2) (3) (2).png} (100%) rename .gitbook/assets/{image (446) (1) (2) (2).png => image (446) (1) (2) (2) (3) (3).png} (100%) rename .gitbook/assets/{image (535) (1) (1) (2) (2) (2) (2) (2) (1).png => image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1).png} (100%) rename .gitbook/assets/{image (535) (1) (1) (2) (2) (2) (2) (2) (3).png => image (535) (1) (1) (2) (2) (2) (2) (2) (2) (2).png} (100%) rename .gitbook/assets/{image (535) (1) (1) (2) (2) (2) (2) (2) (4).png => image (535) (1) (1) (2) (2) (2) (2) (2) (2) (3).png} (100%) rename .gitbook/assets/{image (535) (1) (1) (2) (2) (2) (2) (2).png => image (535) (1) (1) (2) (2) (2) (2) (2) (2) (4).png} (100%) rename .gitbook/assets/{image (567) (1) (1).png => image (567) (1) (2) (1).png} (100%) rename .gitbook/assets/{image (567) (1).png => image (567) (1) (2) (2).png} (100%) diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (1).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (1).png similarity index 100% rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (1).png rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (1).png diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (2).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (2).png similarity index 100% rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (2).png rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (2).png diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (3).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3).png similarity index 100% rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (3).png rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3).png diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (4).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (4).png similarity index 100% rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (4).png rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (4).png diff --git a/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3).png b/.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (5).png similarity index 100% rename from .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3).png rename to .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (5).png diff --git a/.gitbook/assets/image (446) (1) (2) (2) (1).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (1).png similarity index 100% rename from .gitbook/assets/image (446) (1) (2) (2) (1).png rename to .gitbook/assets/image (446) (1) (2) (2) (3) (1).png diff --git a/.gitbook/assets/image (446) (1) (2) (2) (2).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (2).png similarity index 100% rename from .gitbook/assets/image (446) (1) (2) (2) (2).png rename to .gitbook/assets/image (446) (1) (2) (2) (3) (2).png diff --git a/.gitbook/assets/image (446) (1) (2) (2).png b/.gitbook/assets/image (446) (1) (2) (2) (3) (3).png similarity index 100% rename from .gitbook/assets/image (446) (1) (2) (2).png rename to .gitbook/assets/image (446) (1) (2) (2) (3) (3).png diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (1).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1).png similarity index 100% rename from .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (1).png rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1).png diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (3).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (2).png similarity index 100% rename from .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (3).png rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (2).png diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (4).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (3).png similarity index 100% rename from .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (4).png rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (3).png diff --git a/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2).png b/.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (4).png similarity index 100% rename from .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2).png rename to .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (4).png diff --git a/.gitbook/assets/image (567) (1) (1).png b/.gitbook/assets/image (567) (1) (2) (1).png similarity index 100% rename from .gitbook/assets/image (567) (1) (1).png rename to .gitbook/assets/image (567) (1) (2) (1).png diff --git a/.gitbook/assets/image (567) (1).png b/.gitbook/assets/image (567) (1) (2) (2).png similarity index 100% rename from .gitbook/assets/image (567) (1).png rename to .gitbook/assets/image (567) (1) (2) (2).png diff --git a/linux-unix/privilege-escalation/README.md b/linux-unix/privilege-escalation/README.md index 50c50dcd6..dde147967 100644 --- a/linux-unix/privilege-escalation/README.md +++ b/linux-unix/privilege-escalation/README.md @@ -1428,6 +1428,11 @@ Files that ships in packages downloaded from distribution repository go into `/u {% page-ref page="cisco-vmanage.md" %} +### Kernel Security Protections + +* [https://github.com/a13xp0p0v/kconfig-hardened-check](https://github.com/a13xp0p0v/kconfig-hardened-check) +* [https://github.com/a13xp0p0v/linux-kernel-defence-map](https://github.com/a13xp0p0v/linux-kernel-defence-map) + ## More help [Static impacket binaries](https://github.com/ropnop/impacket_static_binaries) diff --git a/macos/macos-security-and-privilege-escalation/macos-mdm.md b/macos/macos-security-and-privilege-escalation/macos-mdm.md index 321516436..275e49e15 100644 --- a/macos/macos-security-and-privilege-escalation/macos-mdm.md +++ b/macos/macos-security-and-privilege-escalation/macos-mdm.md @@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like: * Signed using the **device identity certificate \(from APNS\)** * **Certificate chain** includes expired **Apple iPhone Device CA** -![](../../.gitbook/assets/image%20%28567%29%20%281%29.png) +![](../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29.png) ### Step 6: Profile Installation diff --git a/pentesting-web/saml-attacks/README.md b/pentesting-web/saml-attacks/README.md index dfc966987..986f7ef17 100644 --- a/pentesting-web/saml-attacks/README.md +++ b/pentesting-web/saml-attacks/README.md @@ -6,7 +6,7 @@ ## Attacks Graphic -![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png) +![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png) ## Tool diff --git a/pentesting/1099-pentesting-java-rmi.md b/pentesting/1099-pentesting-java-rmi.md index 1c41f2849..c4dfe333c 100644 --- a/pentesting/1099-pentesting-java-rmi.md +++ b/pentesting/1099-pentesting-java-rmi.md @@ -95,15 +95,15 @@ RMI methods are usually interesting as a bunch of them will **deserialize the re To execute remote methods, Java RMI clients submit a 64-bit hash of the method signature, which the server uses to identify the corresponding server-side method. These **hashes are computed** with the following logic: -1. **Source code** representation of the signature: +1. **Source code** representation of the signature: - `void myRemoteMethod(int count, Object obj, boolean flag)` + `void myRemoteMethod(int count, Object obj, boolean flag)` -2. **Bytecode** representation of signature: +2. **Bytecode** representation of signature: - `myRemoteMethod(ILjava/lang/Object;Z)V` + `myRemoteMethod(ILjava/lang/Object;Z)V` -3. Method Hash: **big-endian representation of first 8 bytes of the SHA1 of the signature**: +3. Method Hash: **big-endian representation of first 8 bytes of the SHA1 of the signature**: `Hash = SHA1String(“myRemoteMethod(ILjava/lang/Object;Z)V”).substring(0,8).reverse()` diff --git a/pentesting/5985-5986-pentesting-winrm.md b/pentesting/5985-5986-pentesting-winrm.md index 668d87bff..7794efde2 100644 --- a/pentesting/5985-5986-pentesting-winrm.md +++ b/pentesting/5985-5986-pentesting-winrm.md @@ -265,5 +265,5 @@ Entry_1: print(s.run_ps('ipconfig')) https://book.hacktricks.xyz/pentesting/pentesting-winrm - ``` +``` diff --git a/pentesting/pentesting-dns.md b/pentesting/pentesting-dns.md index af1abaa8a..89f36cd78 100644 --- a/pentesting/pentesting-dns.md +++ b/pentesting/pentesting-dns.md @@ -239,3 +239,4 @@ Entry_5: Description: Eunuerate a DC via DNS Command: dig -t _gc._{Domain_Name} && dig -t _ldap._{Domain_Name} && dig -t _kerberos._{Domain_Name} && dig -t _kpasswd._{Domain_Name} && nmap --script dns-srv-enum --script-args "dns-srv-enum.domain={Domain_Name}" ``` + diff --git a/pentesting/pentesting-imap.md b/pentesting/pentesting-imap.md index efb596f8c..861e5d149 100644 --- a/pentesting/pentesting-imap.md +++ b/pentesting/pentesting-imap.md @@ -183,3 +183,4 @@ Entry_3: Description: Banner Grab 993 Command: openssl s_client -connect {IP}:993 -quiet ``` + diff --git a/pentesting/pentesting-kerberos-88/README.md b/pentesting/pentesting-kerberos-88/README.md index 7c56a5573..f02c842d2 100644 --- a/pentesting/pentesting-kerberos-88/README.md +++ b/pentesting/pentesting-kerberos-88/README.md @@ -57,7 +57,6 @@ Entry_3: Entry_4: Name: With Creds Description: Attempt to get a list of user service principal names - Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs - + Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs ``` diff --git a/pentesting/pentesting-ldap.md b/pentesting/pentesting-ldap.md index d6e1b77a5..aa7b56b0d 100644 --- a/pentesting/pentesting-ldap.md +++ b/pentesting/pentesting-ldap.md @@ -375,3 +375,4 @@ Entry_5: Description: Need Naming Context to do big dump Command: ldapsearch -h {IP} -x -b "{Naming_Context}" ``` + diff --git a/pentesting/pentesting-mssql-microsoft-sql-server.md b/pentesting/pentesting-mssql-microsoft-sql-server.md index 535447670..ea4861664 100644 --- a/pentesting/pentesting-mssql-microsoft-sql-server.md +++ b/pentesting/pentesting-mssql-microsoft-sql-server.md @@ -269,3 +269,4 @@ Entry_2: Description: Nmap with SQL Scripts Command: nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER -sV -p 1433 {IP} ``` + diff --git a/pentesting/pentesting-ntp.md b/pentesting/pentesting-ntp.md index bd1e9775e..152b6646f 100644 --- a/pentesting/pentesting-ntp.md +++ b/pentesting/pentesting-ntp.md @@ -67,3 +67,4 @@ Entry_2: Description: Enumerate NTP Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP} ``` + diff --git a/pentesting/pentesting-rpcbind.md b/pentesting/pentesting-rpcbind.md index cd62f0961..09c1dced0 100644 --- a/pentesting/pentesting-rpcbind.md +++ b/pentesting/pentesting-rpcbind.md @@ -96,7 +96,7 @@ Entry_1: Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service. https://book.hacktricks.xyz/pentesting/pentesting-rpcbind - + Entry_2: Name: rpc info Description: May give netstat-type info diff --git a/pentesting/pentesting-smtp/README.md b/pentesting/pentesting-smtp/README.md index b01a601b0..5db427eaa 100644 --- a/pentesting/pentesting-smtp/README.md +++ b/pentesting/pentesting-smtp/README.md @@ -479,3 +479,4 @@ Entry_6: Description: Find MX servers of an organization Command: dig +short mx {Domain_Name} ``` + diff --git a/pentesting/pentesting-snmp/README.md b/pentesting/pentesting-snmp/README.md index ddb8236bb..7359980fc 100644 --- a/pentesting/pentesting-snmp/README.md +++ b/pentesting/pentesting-snmp/README.md @@ -211,3 +211,4 @@ Entry_4: Description: Nmap snmp (no brute) Command: nmap --script "snmp* and not snmp-brute" {IP} ``` + diff --git a/pentesting/pentesting-web/README.md b/pentesting/pentesting-web/README.md index 276f23c5b..5422fcc87 100644 --- a/pentesting/pentesting-web/README.md +++ b/pentesting/pentesting-web/README.md @@ -430,5 +430,5 @@ Entry_10: Command: | ?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e - ``` + diff --git a/pentesting/pentesting-web/iis-internet-information-services.md b/pentesting/pentesting-web/iis-internet-information-services.md index dfafbe085..7b4dd9e67 100644 --- a/pentesting/pentesting-web/iis-internet-information-services.md +++ b/pentesting/pentesting-web/iis-internet-information-services.md @@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml If you see an error like the following one: -![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29.png) +![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29.png) It means that the server **didn't receive the correct domain name** inside the Host header. In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. diff --git a/phishing-methodology/README.md b/phishing-methodology/README.md index 18e621ae0..c96f1e6ee 100644 --- a/phishing-methodology/README.md +++ b/phishing-methodology/README.md @@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._ * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors -![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29.png) +![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29%20%285%29.png) {% hint style="info" %} It's recommended to use the "**Send Test Email**" functionality to test that everything is working.