GitBook: [#3441] No subject

This commit is contained in:
CPol 2022-09-01 22:02:18 +00:00 committed by gitbook-bot
parent 8cfd532ae4
commit c155919fda
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
62 changed files with 154 additions and 108 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 84 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 154 KiB

After

Width:  |  Height:  |  Size: 178 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 57 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 57 KiB

After

Width:  |  Height:  |  Size: 71 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 51 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 76 KiB

After

Width:  |  Height:  |  Size: 51 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 76 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 178 KiB

After

Width:  |  Height:  |  Size: 48 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 55 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 55 KiB

After

Width:  |  Height:  |  Size: 132 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 71 KiB

After

Width:  |  Height:  |  Size: 197 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 197 KiB

After

Width:  |  Height:  |  Size: 96 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 132 KiB

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 96 KiB

After

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 49 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 49 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 126 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 126 KiB

After

Width:  |  Height:  |  Size: 154 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 48 KiB

After

Width:  |  Height:  |  Size: 37 KiB

View file

@ -1,7 +1,7 @@
# Linux Forensics # Linux Forensics
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -168,7 +168,7 @@ ThisisTheMasterSecret
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -233,7 +233,7 @@ find /sbin/ exec rpm -qf {} \; | grep "is not"
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -376,7 +376,7 @@ usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip) More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -466,7 +466,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -238,7 +238,7 @@ C:\Users\test\Desktop\test>pyinstaller --onefile hello.py
* [https://blog.f-secure.com/how-to-decompile-any-python-binary/](https://blog.f-secure.com/how-to-decompile-any-python-binary/) * [https://blog.f-secure.com/how-to-decompile-any-python-binary/](https://blog.f-secure.com/how-to-decompile-any-python-binary/)
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# Brute Force - CheatSheet # Brute Force - CheatSheet
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -84,7 +84,7 @@ python3 cupp.py -h
* [**https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm**](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm) * [**https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm**](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm)
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -441,7 +441,7 @@ crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -641,7 +641,7 @@ crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -808,7 +808,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Python Sandbox Escape & Pyscript # Python Sandbox Escape & Pyscript
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -51,7 +51,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Bypass Python sandboxes # Bypass Python sandboxes
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -322,7 +322,7 @@ with (a as b):
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -710,7 +710,7 @@ You can check the output of this script in this page:
{% endcontent-ref %} {% endcontent-ref %}
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -1118,7 +1118,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# venv # venv
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -62,7 +62,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Web Requests # Web Requests
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -142,7 +142,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Search Exploits # Search Exploits
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -85,7 +85,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Docker Basics & Breakout # Docker Basics & Breakout
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -124,7 +124,7 @@ tar -zcvf private_keys_backup.tar.gz ~/.docker/trust/private
When I changed Docker host, I had to move the root keys and repository keys to operate from the new host. When I changed Docker host, I had to move the root keys and repository keys to operate from the new host.
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -254,7 +254,7 @@ docker run -it --security-opt=no-new-privileges:true nonewpriv
For more **`--security-opt`** options check: [https://docs.docker.com/engine/reference/run/#security-configuration](https://docs.docker.com/engine/reference/run/#security-configuration) For more **`--security-opt`** options check: [https://docs.docker.com/engine/reference/run/#security-configuration](https://docs.docker.com/engine/reference/run/#security-configuration)
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -397,7 +397,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../../.gitbook/assets/image (1).png>) ![](<../../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Useful Linux Commands # Useful Linux Commands
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -148,7 +148,7 @@ sudo chattr -i file.txt #Remove the bit so you can delete it
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -327,7 +327,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Android Applications Pentesting # Android Applications Pentesting
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -63,7 +63,7 @@ adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -246,7 +246,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
{% endcontent-ref %} {% endcontent-ref %}
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -496,7 +496,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
* [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags) * [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -687,7 +687,7 @@ python androwarn.py -i my_application_to_be_analyzed.apk -r html -v 3
### [MARA Framework](https://github.com/xtiankisutsa/MARA\_Framework) ### [MARA Framework](https://github.com/xtiankisutsa/MARA\_Framework)
![](<../../.gitbook/assets/image (81) (1).png>) ![](<../../.gitbook/assets/image (81).png>)
**MARA** is a **M**obile **A**pplication **R**everse engineering and **A**nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals. **MARA** is a **M**obile **A**pplication **R**everse engineering and **A**nalysis Framework. It is a tool that puts together commonly used mobile application reverse engineering and analysis tools, to assist in testing mobile applications against the OWASP mobile security threats. Its objective is to make this task easier and friendlier to mobile application developers and security professionals.
@ -705,7 +705,7 @@ It is able to:
Useful to detect malware: [https://koodous.com/](https://koodous.com) Useful to detect malware: [https://koodous.com/](https://koodous.com)
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -802,7 +802,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -154,7 +154,7 @@ In this tutorial you have hooked methods using the name of the mathod and _.impl
You can see that in [the next tutorial](frida-tutorial-2.md). You can see that in [the next tutorial](frida-tutorial-2.md).
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -127,7 +127,7 @@ This is also usefull if somehow you are **unable to get some readable source cod
android hooking list activities android hooking list activities
``` ```
![](<../../../.gitbook/assets/image (78) (1).png>) ![](<../../../.gitbook/assets/image (78).png>)
``` ```
android hooking list services android hooking list services

View file

@ -1,7 +1,7 @@
# Android APK Checklist # Android APK Checklist
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -97,7 +97,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -67,7 +67,7 @@ Content-Length: 267
* `port:15672 http` * `port:15672 http`
{% hint style="danger" %} {% hint style="danger" %}
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# 8086 - Pentesting InfluxDB # 8086 - Pentesting InfluxDB
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -164,7 +164,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# 5432,5433 - Pentesting Postgresql # 5432,5433 - Pentesting Postgresql
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -99,7 +99,7 @@ ORDER BY 1;
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -179,7 +179,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -16,7 +16,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -311,7 +311,7 @@ id_rsa
* You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening\_guides.html) * You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening\_guides.html)
* [https://community.turgensec.com/ssh-hacking-guide](https://community.turgensec.com/ssh-hacking-guide) * [https://community.turgensec.com/ssh-hacking-guide](https://community.turgensec.com/ssh-hacking-guide)
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -47,7 +47,7 @@ inurl:status EJInvokerServlet
``` ```
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -127,7 +127,7 @@ find / -name "config.php" 2>/dev/null | grep "moodle/config.php"
``` ```
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# Command Injection # Command Injection
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -101,7 +101,7 @@ Here are the top 25 parameters that could be vulnerable to code injection and si
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -187,7 +187,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -212,7 +212,7 @@ The best prevention technique is to not use users input directly inside response
* [**https://www.acunetix.com/websitesecurity/crlf-injection/**](https://www.acunetix.com/websitesecurity/crlf-injection/) * [**https://www.acunetix.com/websitesecurity/crlf-injection/**](https://www.acunetix.com/websitesecurity/crlf-injection/)
{% hint style="danger" %} {% hint style="danger" %}
<img src="../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -202,7 +202,7 @@ out of band request with the current username
* [**https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/**](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/) * [**https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/**](https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/)
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# Email Injections # Email Injections
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -118,7 +118,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -96,7 +96,7 @@ php vuln.php
{% embed url="https://blog.ripstech.com/2018/new-php-exploitation-technique/" %} {% embed url="https://blog.ripstech.com/2018/new-php-exploitation-technique/" %}
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# NoSQL injection # NoSQL injection
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -121,7 +121,7 @@ Using the **$func** operator of the [MongoLite](https://github.com/agentejo/cock
![](<../.gitbook/assets/image (468).png>) ![](<../.gitbook/assets/image (468).png>)
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -272,7 +272,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Race Condition # Race Condition
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -125,7 +125,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# Rate Limit Bypass # Rate Limit Bypass
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -84,7 +84,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -1,7 +1,7 @@
# XS-Search # XS-Search
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -84,7 +84,7 @@ You can access the tool in [https://xsinator.com/](https://xsinator.com/)
{% endhint %} {% endhint %}
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -196,7 +196,7 @@ You can perform the same attack with **`portal`** tags.
Applications often use [postMessage broadcasts](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to share information with other origins. Listening to this messages one could find **sensitive info** (potentially if the the `targetOrigin` param is not used). Also, the fact of receiving some message can be **used as an oracle** (you only receive this kind of message if you are logged in). Applications often use [postMessage broadcasts](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to share information with other origins. Listening to this messages one could find **sensitive info** (potentially if the the `targetOrigin` param is not used). Also, the fact of receiving some message can be **used as an oracle** (you only receive this kind of message if you are logged in).
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -278,7 +278,7 @@ Browsers use sockets to communicate with servers. As the operating system and th
For more info: [https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/](https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/) For more info: [https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/](https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/)
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -817,7 +817,7 @@ In an execution timing it's possible to **eliminate** **network factors** to obt
* **Code Example**: [https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks](https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks) * **Code Example**: [https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks](https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks)
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -935,7 +935,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../.gitbook/assets/image (1).png>) ![](<../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -117,7 +117,7 @@ The **security descriptor** configured on the **Enterprise CA** defines these ri
This ultimately ends up setting the Security registry value in the key **`HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration<CA NAME>`** on the CA server. We have encountered several AD CS servers that grant low-privileged users remote access to this key via remote registry: This ultimately ends up setting the Security registry value in the key **`HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration<CA NAME>`** on the CA server. We have encountered several AD CS servers that grant low-privileged users remote access to this key via remote registry:
<figure><img src="../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (6) (2).png" alt=""><figcaption></figcaption></figure>
Low-privileged users can also **enumerate this via DCOM** using the `ICertAdminD2` COM interfaces `GetCASecurity` method. However, normal Windows clients need to install the Remote Server Administration Tools (RSAT) to use it since the COM interface and any COM objects that implement it are not present on Windows by default. Low-privileged users can also **enumerate this via DCOM** using the `ICertAdminD2` COM interfaces `GetCASecurity` method. However, normal Windows clients need to install the Remote Server Administration Tools (RSAT) to use it since the COM interface and any COM objects that implement it are not present on Windows by default.
@ -129,7 +129,7 @@ Other requirements could be in place to control who can get a certificate.
**CA certificate manager approval** results in the certificate template setting the `CT_FLAG_PEND_ALL_REQUESTS` (0x2) bit on the AD objects `msPKI-EnrollmentFlag` attribute. This puts all **certificate requests** based on the template into the **pending state** (visible in the “Pending Requests” section in `certsrv.msc`), which requires a certificate manager to **approve or deny** the request before the certificate is issued: **CA certificate manager approval** results in the certificate template setting the `CT_FLAG_PEND_ALL_REQUESTS` (0x2) bit on the AD objects `msPKI-EnrollmentFlag` attribute. This puts all **certificate requests** based on the template into the **pending state** (visible in the “Pending Requests” section in `certsrv.msc`), which requires a certificate manager to **approve or deny** the request before the certificate is issued:
<figure><img src="../../.gitbook/assets/image (13).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (13) (2).png" alt=""><figcaption></figcaption></figure>
#### Enrolment Agents, Authorized Signatures, and Application Policies #### Enrolment Agents, Authorized Signatures, and Application Policies
@ -175,7 +175,7 @@ The “NTAUTH certificate store” mentioned here refers to an AD object AD CS i
This means that when **AD CS creates a new CA** (or it renews CA certificates), it publishes the new certificate to the **`NTAuthCertificates`** object by adding the new certificate to the objects `cacertificate` attribute: This means that when **AD CS creates a new CA** (or it renews CA certificates), it publishes the new certificate to the **`NTAuthCertificates`** object by adding the new certificate to the objects `cacertificate` attribute:
<figure><img src="../../.gitbook/assets/image (9).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (9) (2).png" alt=""><figcaption></figcaption></figure>
During certificate authentication, the DC can then verify that the authenticating certificate chains to a CA certificate defined by the **`NTAuthCertificates`** object. CA certificates in the **`NTAuthCertificates`** object must in turn chain to a root CA. The big takeaway here is the **`NTAuthCertificates`** object is the root of trust for certificate authentication in Active Directory! During certificate authentication, the DC can then verify that the authenticating certificate chains to a CA certificate defined by the **`NTAuthCertificates`** object. CA certificates in the **`NTAuthCertificates`** object must in turn chain to a root CA. The big takeaway here is the **`NTAuthCertificates`** object is the root of trust for certificate authentication in Active Directory!
@ -184,13 +184,13 @@ During certificate authentication, the DC can then verify that the authenticatin
Schannel is the security support provider (SSP) Windows leverages when establishing TLS/SSL connections. Schannel supports **client authentication** (amongst many other capabilities), enabling a remote server to **verify the identity of the connecting user**. It accomplishes this using PKI, with certificates being the primary credential.\ Schannel is the security support provider (SSP) Windows leverages when establishing TLS/SSL connections. Schannel supports **client authentication** (amongst many other capabilities), enabling a remote server to **verify the identity of the connecting user**. It accomplishes this using PKI, with certificates being the primary credential.\
During the **TLS handshake**, the server **requests a certificate from the client** for authentication. The client, having previously been issued a client authentication certificate from a CA the server trusts, sends its certificate to the server. The **server then validates** the certificate is correct and grants the user access assuming everything is okay. During the **TLS handshake**, the server **requests a certificate from the client** for authentication. The client, having previously been issued a client authentication certificate from a CA the server trusts, sends its certificate to the server. The **server then validates** the certificate is correct and grants the user access assuming everything is okay.
<figure><img src="../../.gitbook/assets/image (8) (2).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (8).png" alt=""><figcaption></figcaption></figure>
When an account authenticates to AD using a certificate, the DC needs to somehow map the certificate credential to an AD account. **Schannel** first attempts to **map** the **credential** to a **user** account use Kerbeross **S4U2Self** functionality. \ When an account authenticates to AD using a certificate, the DC needs to somehow map the certificate credential to an AD account. **Schannel** first attempts to **map** the **credential** to a **user** account use Kerbeross **S4U2Self** functionality. \
If that is **unsuccessful**, it will follow the attempt to map the **certificate to a user** account using the certificates **SAN extension**, a combination of the **subject** and **issuer** fields, or solely from the issuer. By default, not many protocols in AD environments support AD authentication via Schannel out of the box. WinRM, RDP, and IIS all support client authentication using Schannel, but it **requires additional configuration**, and in some cases like WinRM does not integrate with Active Directory.\ If that is **unsuccessful**, it will follow the attempt to map the **certificate to a user** account using the certificates **SAN extension**, a combination of the **subject** and **issuer** fields, or solely from the issuer. By default, not many protocols in AD environments support AD authentication via Schannel out of the box. WinRM, RDP, and IIS all support client authentication using Schannel, but it **requires additional configuration**, and in some cases like WinRM does not integrate with Active Directory.\
One protocol that does commonly work assuming AD CS has been setup - is **LDAPS**. The cmdlet `Get-LdapCurrentUser` demonstrates how one can authenticate to LDAP using .NET libraries. The cmdlet performs an LDAP “Who am I?” extended operation to display the currently authenticating user: One protocol that does commonly work assuming AD CS has been setup - is **LDAPS**. The cmdlet `Get-LdapCurrentUser` demonstrates how one can authenticate to LDAP using .NET libraries. The cmdlet performs an LDAP “Who am I?” extended operation to display the currently authenticating user:
<figure><img src="../../.gitbook/assets/image (2) (1).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (2) (4).png" alt=""><figcaption></figcaption></figure>
## AD CS Enumeration ## AD CS Enumeration

View file

@ -192,7 +192,7 @@ certutil -config "CA_HOST\CA_NAME" -setreg policy\EditFlags -EDITF_ATTRIBUTESUBJ
A certificate authority itself has a **set of permissions** that secure various **CA actions**. These permissions can be access from `certsrv.msc`, right clicking a CA, selecting properties, and switching to the Security tab: A certificate authority itself has a **set of permissions** that secure various **CA actions**. These permissions can be access from `certsrv.msc`, right clicking a CA, selecting properties, and switching to the Security tab:
<figure><img src="../../../.gitbook/assets/image (8).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image (73).png" alt=""><figcaption></figcaption></figure>
This can also be enumerated via [**PSPKIs module**](https://www.pkisolutions.com/tools/pspki/) with `Get-CertificationAuthority | Get-CertificationAuthorityAcl`: This can also be enumerated via [**PSPKIs module**](https://www.pkisolutions.com/tools/pspki/) with `Get-CertificationAuthority | Get-CertificationAuthorityAcl`:
@ -204,9 +204,9 @@ The two main rights here are the **`ManageCA`** right and the **`ManageCertifica
If you have a principal with **`ManageCA`** rights on a **certificate authority**, we can use **PSPKI** to remotely flip the **`EDITF_ATTRIBUTESUBJECTALTNAME2`** bit to **allow SAN** specification in any template ([ECS6](domain-escalation.md#editf\_attributesubjectaltname2-esc6)): If you have a principal with **`ManageCA`** rights on a **certificate authority**, we can use **PSPKI** to remotely flip the **`EDITF_ATTRIBUTESUBJECTALTNAME2`** bit to **allow SAN** specification in any template ([ECS6](domain-escalation.md#editf\_attributesubjectaltname2-esc6)):
<figure><img src="../../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../../.gitbook/assets/image (73).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image (70).png" alt=""><figcaption></figcaption></figure>
This is also possible in a simpler form with [**PSPKIs Enable-PolicyModuleFlag**](https://www.sysadmins.lv/projects/pspki/enable-policymoduleflag.aspx) cmdlet. This is also possible in a simpler form with [**PSPKIs Enable-PolicyModuleFlag**](https://www.sysadmins.lv/projects/pspki/enable-policymoduleflag.aspx) cmdlet.
@ -261,7 +261,7 @@ Another limitation of NTLM relay attacks is that they **require a victim account
Certify.exe cas Certify.exe cas
``` ```
<figure><img src="../../../.gitbook/assets/image (78).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image (6).png" alt=""><figcaption></figcaption></figure>
Enterprise CAs also **store CES endpoints** in their AD object in the `msPKI-Enrollment-Servers` property. **Certutil.exe** and **PSPKI** can parse and list these endpoints: Enterprise CAs also **store CES endpoints** in their AD object in the `msPKI-Enrollment-Servers` property. **Certutil.exe** and **PSPKI** can parse and list these endpoints:
@ -269,14 +269,14 @@ Enterprise CAs also **store CES endpoints** in their AD object in the `msPKI-Enr
certutil.exe -enrollmentServerURL -config CORPDC01.CORP.LOCAL\CORP-CORPDC01-CA certutil.exe -enrollmentServerURL -config CORPDC01.CORP.LOCAL\CORP-CORPDC01-CA
``` ```
<figure><img src="../../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
```powershell ```powershell
Import-Module PSPKI Import-Module PSPKI
Get-CertificationAuthority | select Name,Enroll* | Format-List * Get-CertificationAuthority | select Name,Enroll* | Format-List *
``` ```
<figure><img src="../../../.gitbook/assets/image (81).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
## References ## References

View file

@ -16,11 +16,57 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
## Forging Certificates with Stolen CA Certificates - DPERSIST1
How can you tell that a certificate is a CA certificate?
* The CA certificate exists on the **CA server itself**, with its **private key protected by machine DPAPI** (unless the OS uses a TPM/HSM/other hardware for protection).
* The **Issuer** and **Subject** for the cert are both set to the **distinguished name of the CA**.
* CA certificates (and only CA certs) **have a “CA Version” extension**.
* There are **no EKUs**
The built-in GUI supported way to **extract this certificate private key** is with `certsrv.msc` on the CA server.\
However, this certificate **isn't different** from other certificates stored in the system, so for example check the [**THEFT2 technique**](certificate-theft.md#user-certificate-theft-via-dpapi-theft2) to see how to **extract** them.
Once you have the **CA cert** with the private key in `.pfx` format you can use [**ForgeCert**](https://github.com/GhostPack/ForgeCert) **** to create valid certificates:
```bash
# Create new certificate with ForgeCert
ForgeCert.exe --CaCertPath ca.pfx --CaCertPassword Password123! --Subject "CN=User" --SubjectAltName localadmin@theshire.local --NewCertPath localadmin.pfx --NewCertPassword Password123!
# Use new certificate with Rubeus to authenticate
Rubeus.exe asktgt /user:localdomain /certificate:C:\ForgeCert\localadmin.pfx /password:Password123!
```
{% hint style="warning" %}
**Note**: The target **user** specified when forging the certificate needs to be **active/enabled** in AD and **able to authenticate** since an authentication exchange will still occur as this user. Trying to forge a certificate for the krbtgt account, for example, will not work.
{% endhint %}
This forged certificate will be **valid** until the end date specified and as **long as the root CA certificate is valid** (usually from 5 to **10+ years**). It's also valid for **machines**, so combined with **S4U2Self**, an attacker can **maintain persistence on any domain machine** for as long as the CA certificate is valid.\
Moreover, the **certificates generated** with this method **cannot be revoked** as CA is not aware of them.
## Trusting Rogue CA Certificates - DPERSIST2
The object `NTAuthCertificates` defines one or more **CA certificates** in its `cacertificate` **attribute** and AD uses it: During authentication, the **domain controller** checks if **`NTAuthCertificates`** object **contains** an entry for the **CA specified** in the authenticating **certificates** Issuer field. If **it is, authentication proceeds**.
An attacker could generate a **self-signed CA certificate** and **add** it to the **`NTAuthCertificates`** object. Attackers can do this if they have **control** over the **`NTAuthCertificates`** AD object (in default configurations only **Enterprise Admin** group members and members of the **Domain Admins** or **Administrators** in the **forest roots domain** have these permissions). With the elevated access, one can **edit** the **`NTAuthCertificates`** object from any system with `certutil.exe -dspublish -f C:\Temp\CERT.crt NTAuthCA126` , or using the [**PKI Health Tool**](https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/import-third-party-ca-to-enterprise-ntauth-store#method-1---import-a-certificate-by-using-the-pki-health-tool).&#x20;
The specified certificate should **work with the previously detailed forgery method with ForgeCert** to generate certificates on demand.
## Malicious Misconfiguration - DPERSIST3
There is a myriad of opportunities for **persistence** via **security descriptor modifications of AD CS** components. Any scenario described in the “[Domain Escalation](domain-escalation.md)” section could be maliciously implemented by an attacker with elevated access, as well as addition of “control rights'' (i.e., WriteOwner/WriteDACL/etc.) to sensitive components. This includes:
* **CA servers AD computer** object
* The **CA servers RPC/DCOM server**
* Any **descendant AD object or container** in the container **`CN=Public Key Services,CN=Services,CN=Configuration,DC=<DOMAIN>,DC=<COM>`** (e.g., the Certificate Templates container, Certification Authorities container, the NTAuthCertificates object, etc.)
* **AD groups delegated rights to control AD CS by default or by the current organization** (e.g., the built-in Cert Publishers group and any of its members)
For example, an attacker with **elevated permissions** in the domain could add the **`WriteOwner`** permission to the default **`User`** certificate template, where the attacker is the principal for the right. To abuse this at a later point, the attacker would first modify the ownership of the **`User`** template to themselves, and then would **set** **`mspki-certificate-name-flag`** to **1** on the template to enable **`ENROLLEE_SUPPLIES_SUBJECT`** (i.e., allowing a user to supply a Subject Alternative Name in the request). The attacker could then **enroll** in the **template**, specifying a **domain administrator** name as an alternative name, and use the resulting certificate for authentication as the DA.
## References
* All the information of this page was taken from [https://www.specterops.io/assets/resources/Certified\_Pre-Owned.pdf](https://www.specterops.io/assets/resources/Certified\_Pre-Owned.pdf)
<details> <details>

View file

@ -1,7 +1,7 @@
# DCSync # DCSync
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -45,7 +45,7 @@ Get-ObjectAcl -DistinguishedName "dc=dollarcorp,dc=moneycorp,dc=local" -ResolveG
``` ```
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -106,7 +106,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -87,13 +87,13 @@ In the previous flow it was used the trust hash instead of the **clear text pass
The cleartext password can be obtained by converting the \[ CLEAR ] output from mimikatz from hexadecimal and removing null bytes \x00: The cleartext password can be obtained by converting the \[ CLEAR ] output from mimikatz from hexadecimal and removing null bytes \x00:
![](<../../.gitbook/assets/image (2) (1) (2).png>) ![](<../../.gitbook/assets/image (2) (1).png>)
Sometimes when creating a trust relationship, a password must be typed in by the user for the trust. In this demonstration, the key is the original trust password and therefore human readable. As the key cycles (30 days), the cleartext will not be human-readable but technically still usable. Sometimes when creating a trust relationship, a password must be typed in by the user for the trust. In this demonstration, the key is the original trust password and therefore human readable. As the key cycles (30 days), the cleartext will not be human-readable but technically still usable.
The cleartext password can be used to perform regular authentication as the trust account, an alternative to requesting a TGT using the Kerberos secret key of the trust account. Here, querying root.local from ext.local for members of Domain Admins: The cleartext password can be used to perform regular authentication as the trust account, an alternative to requesting a TGT using the Kerberos secret key of the trust account. Here, querying root.local from ext.local for members of Domain Admins:
![](<../../.gitbook/assets/image (1) (1) (2).png>) ![](<../../.gitbook/assets/image (1) (1) (1).png>)
## References ## References

View file

@ -1,7 +1,7 @@
# Kerberoast # Kerberoast
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -77,7 +77,7 @@ When a TGS is requested, Windows event `4769 - A Kerberos service ticket was req
{% endhint %} {% endhint %}
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -144,7 +144,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -175,7 +175,7 @@ mimikatz(commandline) # lsadump::dcsync /dc:pcdc.domain.local /domain:domain.loc
{% endcontent-ref %} {% endcontent-ref %}
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -1,7 +1,7 @@
# ACLs - DACLs/SACLs/ACEs # ACLs - DACLs/SACLs/ACEs
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -83,7 +83,7 @@ The canonical order ensures that the following takes place:
* All **explicit ACEs are processed before any inherited ACE**. This is consistent with the concept of discretionary access control: access to a child object (for example a file) is at the discretion of the child's owner, not the owner of the parent object (for example a folder). The owner of a child object can define permissions directly on the child. The result is that the effects of inherited permissions are modified. * All **explicit ACEs are processed before any inherited ACE**. This is consistent with the concept of discretionary access control: access to a child object (for example a file) is at the discretion of the child's owner, not the owner of the parent object (for example a folder). The owner of a child object can define permissions directly on the child. The result is that the effects of inherited permissions are modified.
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@ -209,7 +209,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
![](<../../.gitbook/assets/image (1).png>) ![](<../../.gitbook/assets/image (9).png>)
\ \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -224,7 +224,7 @@ BOOL APIENTRY DllMain (HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReser
``` ```
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

View file

@ -17,7 +17,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
</details> </details>
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).
@ -358,7 +358,7 @@ Find more Autoruns like registries in [https://www.microsoftpressstore.com/artic
* [https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2](https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2) * [https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2](https://www.microsoftpressstore.com/articles/article.aspx?p=2762082\&seqNum=2)
{% hint style="danger" %} {% hint style="danger" %}
<img src="../../.gitbook/assets/image (1) (1) (1).png" alt="" data-size="original"> <img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="original">
If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_). If you are interested in **hacking carer** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).