Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 17 pages and 28 assets modified

Browse source
This commit is contained in:
CPol 2021-08-15 22:19:51 +00:00 committed by gitbook-bot
parent 3ec5598e2d
commit aca0a36b21
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
31 changed files with 25 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (1).png → .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

0
.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (2).png → .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

0
.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (3).png → .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (3).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

0
.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (4).png → .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (4).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

0
.gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3).png → .gitbook/assets/image (253) (1) (2) (1) (1) (2) (2) (3) (3) (5) (5).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 40 KiB

0
.gitbook/assets/image (446) (1) (2) (2) (1).png → .gitbook/assets/image (446) (1) (2) (2) (3) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

0
.gitbook/assets/image (446) (1) (2) (2) (2).png → .gitbook/assets/image (446) (1) (2) (2) (3) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

0
.gitbook/assets/image (446) (1) (2) (2).png → .gitbook/assets/image (446) (1) (2) (2) (3) (3).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

0
.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (1).png → .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

0
.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (3).png → .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

0
.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (4).png → .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (3).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

0
.gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2).png → .gitbook/assets/image (535) (1) (1) (2) (2) (2) (2) (2) (2) (4).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 MiB

After

Width:  |  Height:  |  Size: 1.3 MiB

0
.gitbook/assets/image (567) (1) (1).png → .gitbook/assets/image (567) (1) (2) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

0
.gitbook/assets/image (567) (1).png → .gitbook/assets/image (567) (1) (2) (2).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 740 KiB

After

Width:  |  Height:  |  Size: 740 KiB

5
linux-unix/privilege-escalation/README.md
View file

@ -1428,6 +1428,11 @@ Files that ships in packages downloaded from distribution repository go into `/u
{% page-ref page="cisco-vmanage.md" %} {% page-ref page="cisco-vmanage.md" %}
### Kernel Security Protections
* [https://github.com/a13xp0p0v/kconfig-hardened-check](https://github.com/a13xp0p0v/kconfig-hardened-check)
* [https://github.com/a13xp0p0v/linux-kernel-defence-map](https://github.com/a13xp0p0v/linux-kernel-defence-map)
## More help ## More help
[Static impacket binaries](https://github.com/ropnop/impacket_static_binaries) [Static impacket binaries](https://github.com/ropnop/impacket_static_binaries)

2
macos/macos-security-and-privilege-escalation/macos-mdm.md
View file

@ -115,7 +115,7 @@ The response is a JSON dictionary with some important data like:
* Signed using the **device identity certificate \(from APNS\)** * Signed using the **device identity certificate \(from APNS\)**
* **Certificate chain** includes expired **Apple iPhone Device CA** * **Certificate chain** includes expired **Apple iPhone Device CA**
![](../../.gitbook/assets/image%20%28567%29%20%281%29.png) ![](../../.gitbook/assets/image%20%28567%29%20%281%29%20%282%29.png)
### Step 6: Profile Installation ### Step 6: Profile Installation

2
pentesting-web/saml-attacks/README.md
View file

@ -6,7 +6,7 @@
## Attacks Graphic ## Attacks Graphic
![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png) ![](../../.gitbook/assets/image%20%28535%29%20%281%29%20%281%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
## Tool ## Tool

10
pentesting/1099-pentesting-java-rmi.md
View file

@ -95,15 +95,15 @@ RMI methods are usually interesting as a bunch of them will **deserialize the re
To execute remote methods, Java RMI clients submit a 64-bit hash of the method signature, which the server uses to identify the corresponding server-side method. These **hashes are computed** with the following logic: To execute remote methods, Java RMI clients submit a 64-bit hash of the method signature, which the server uses to identify the corresponding server-side method. These **hashes are computed** with the following logic:
1. **Source code** representation of the signature: 1. **Source code** representation of the signature:
`void myRemoteMethod(int count, Object obj, boolean flag)` `void myRemoteMethod(int count, Object obj, boolean flag)`
2. **Bytecode** representation of signature: 2. **Bytecode** representation of signature:
`myRemoteMethod(ILjava/lang/Object;Z)V` `myRemoteMethod(ILjava/lang/Object;Z)V`
3. Method Hash: **big-endian representation of first 8 bytes of the SHA1 of the signature**: 3. Method Hash: **big-endian representation of first 8 bytes of the SHA1 of the signature**:
`Hash = SHA1String(“myRemoteMethod(ILjava/lang/Object;Z)V”).substring(0,8).reverse()` `Hash = SHA1String(“myRemoteMethod(ILjava/lang/Object;Z)V”).substring(0,8).reverse()`

2
pentesting/5985-5986-pentesting-winrm.md
View file

@ -265,5 +265,5 @@ Entry_1:
print(s.run_ps('ipconfig')) print(s.run_ps('ipconfig'))
https://book.hacktricks.xyz/pentesting/pentesting-winrm https://book.hacktricks.xyz/pentesting/pentesting-winrm
``` ```

1
pentesting/pentesting-dns.md
View file

@ -239,3 +239,4 @@ Entry_5:
Description: Eunuerate a DC via DNS Description: Eunuerate a DC via DNS
Command: dig -t _gc._{Domain_Name} && dig -t _ldap._{Domain_Name} && dig -t _kerberos._{Domain_Name} && dig -t _kpasswd._{Domain_Name} && nmap --script dns-srv-enum --script-args "dns-srv-enum.domain={Domain_Name}" Command: dig -t _gc._{Domain_Name} && dig -t _ldap._{Domain_Name} && dig -t _kerberos._{Domain_Name} && dig -t _kpasswd._{Domain_Name} && nmap --script dns-srv-enum --script-args "dns-srv-enum.domain={Domain_Name}"
``` ```

1
pentesting/pentesting-imap.md
View file

@ -183,3 +183,4 @@ Entry_3:
Description: Banner Grab 993 Description: Banner Grab 993
Command: openssl s_client -connect {IP}:993 -quiet Command: openssl s_client -connect {IP}:993 -quiet
``` ```

3
pentesting/pentesting-kerberos-88/README.md
View file

@ -57,7 +57,6 @@ Entry_3:
Entry_4: Entry_4:
Name: With Creds Name: With Creds
Description: Attempt to get a list of user service principal names Description: Attempt to get a list of user service principal names
Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs Command: GetUserSPNs.py -request -dc-ip {IP} active.htb/svc_tgs
``` ```

1
pentesting/pentesting-ldap.md
View file

@ -375,3 +375,4 @@ Entry_5:
Description: Need Naming Context to do big dump Description: Need Naming Context to do big dump
Command: ldapsearch -h {IP} -x -b "{Naming_Context}" Command: ldapsearch -h {IP} -x -b "{Naming_Context}"
``` ```

1
pentesting/pentesting-mssql-microsoft-sql-server.md
View file

@ -269,3 +269,4 @@ Entry_2:
Description: Nmap with SQL Scripts Description: Nmap with SQL Scripts
Command: nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER -sV -p 1433 {IP} Command: nmap --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER -sV -p 1433 {IP}
``` ```

1
pentesting/pentesting-ntp.md
View file

@ -67,3 +67,4 @@ Entry_2:
Description: Enumerate NTP Description: Enumerate NTP
Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP} Command: nmap -sU -sV --script "ntp* and (discovery or vuln) and not (dos or brute)" -p 123 {IP}
``` ```

2
pentesting/pentesting-rpcbind.md
View file

@ -96,7 +96,7 @@ Entry_1:
Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service. Provides information between Unix based systems. Port is often probed, it can be used to fingerprint the Nix OS, and to obtain information about available services. Port used with NFS, NIS, or any rpc-based service.
https://book.hacktricks.xyz/pentesting/pentesting-rpcbind https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
Entry_2: Entry_2:
Name: rpc info Name: rpc info
Description: May give netstat-type info Description: May give netstat-type info

1
pentesting/pentesting-smtp/README.md
View file

@ -479,3 +479,4 @@ Entry_6:
Description: Find MX servers of an organization Description: Find MX servers of an organization
Command: dig +short mx {Domain_Name} Command: dig +short mx {Domain_Name}
``` ```

1
pentesting/pentesting-snmp/README.md
View file

@ -211,3 +211,4 @@ Entry_4:
Description: Nmap snmp (no brute) Description: Nmap snmp (no brute)
Command: nmap --script "snmp* and not snmp-brute" {IP} Command: nmap --script "snmp* and not snmp-brute" {IP}
``` ```

2
pentesting/pentesting-web/README.md
View file

@ -430,5 +430,5 @@ Entry_10:
Command: | Command: |
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php ?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e wpscan --url {Web_Proto}://{IP}{1} --enumerate ap,at,cb,dbe && wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --passwords {Big_Passwordlist} -e
``` ```

2
pentesting/pentesting-web/iis-internet-information-services.md
View file

@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
If you see an error like the following one: If you see an error like the following one:
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29.png) ![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%282%29%20%282%29%20%283%29.png)
It means that the server **didn't receive the correct domain name** inside the Host header. It means that the server **didn't receive the correct domain name** inside the Host header.
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.

2
phishing-methodology/README.md
View file

@ -339,7 +339,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
* Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._ * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
* You can leave blank the username and password, but make sure to check the Ignore Certificate Errors * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29.png) ![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%282%29%20%282%29%20%283%29%20%283%29%20%285%29.png)
{% hint style="info" %} {% hint style="info" %}
It's recommended to use the "**Send Test Email**" functionality to test that everything is working. It's recommended to use the "**Send Test Email**" functionality to test that everything is working.