Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-25 06:00:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 4 pages and 3 assets modified

Browse source
This commit is contained in:
CPol 2021-04-11 09:05:05 +00:00 committed by gitbook-bot
parent 32fa515524
commit caf6f8ef57
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
6 changed files with 21 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (12).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.5 KiB

0
.gitbook/assets/image (446).png → .gitbook/assets/image (446) (1) (1).png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

4
README.md
View file

@ -12,11 +12,11 @@ Here you will find the **typical flow** that **you should follow when pentesting
**Click in the title to start!** **Click in the title to start!**
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter **[🐦]([https://emojipedia.org/bird/) [@carlospolopm](https://twitter.com/carlospolopm).** If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md) ****[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book. If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book.
Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book. Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book.
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png) ![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%288%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop) [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)

2
pentesting/pentesting-web/iis-internet-information-services.md
View file

@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
If you see an error like the following one: If you see an error like the following one:
![](../../.gitbook/assets/image%20%28446%29%20%281%29.png) ![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%281%29.png)
It means that the server **didn't receive the correct domain name** inside the Host header. It means that the server **didn't receive the correct domain name** inside the Host header.
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one. In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.

41
stego/stego-tricks.md
View file

@ -1,6 +1,6 @@
# Stego Tricks # Stego Tricks
**Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)\*\*\*\* **Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
## Extracting data from all files ## Extracting data from all files
@ -18,7 +18,7 @@ It can be installed with `apt`, and the [source](https://github.com/ReFirmLabs/b
Foremost is a program that recovers files based on their headers, footers, and internal data structures. I find it especially useful when dealing with png images. You can select the files that Foremost will extract by changing the config file in **/etc/foremost.conf.** Foremost is a program that recovers files based on their headers, footers, and internal data structures. I find it especially useful when dealing with png images. You can select the files that Foremost will extract by changing the config file in **/etc/foremost.conf.**
It can be installed with `apt`, and the [source](https://github.com/korczis/foremost) can be found on Github. It can be installed with `apt`, and the [source](https://github.com/korczis/foremost) can be found on Github.
**Useful commands:** **Useful commands:**
`foremost -i file` : extracts data from the given file. `foremost -i file` : extracts data from the given file.
### Exiftool <a id="exiftool"></a> ### Exiftool <a id="exiftool"></a>
@ -33,7 +33,7 @@ A tool similar to exiftool.
It can be installed with `apt`, and the [source](https://github.com/Exiv2/exiv2) can be found on Github. It can be installed with `apt`, and the [source](https://github.com/Exiv2/exiv2) can be found on Github.
[Official website](http://www.exiv2.org/) [Official website](http://www.exiv2.org/)
**Useful commands:** **Useful commands:**
`exiv2 file` : shows the metadata of the given file `exiv2 file` : shows the metadata of the given file
### File ### File
@ -47,7 +47,7 @@ Useful commands:
`strings -n 6 file | head -n 20`: Extract first 20 strings with min length of 6 `strings -n 6 file | head -n 20`: Extract first 20 strings with min length of 6
`strings -n 6 file | tail -n 20`: Extract last 20 strings with min length of 6 `strings -n 6 file | tail -n 20`: Extract last 20 strings with min length of 6
`strings -e s -n 6 file`: Extract 7bit strings `strings -e s -n 6 file`: Extract 7bit strings
`strings -e S -n 6 file`: Extract 8bit strings `strings -e S -n 6 file`: Extract 8bit strings
`strings -e l -n 6 file`: Extract 16bit strings \(little-endian\) `strings -e l -n 6 file`: Extract 16bit strings \(little-endian\)
`strings -e b -n 6 file`: Extract 16bit strings \(big-endian\) `strings -e b -n 6 file`: Extract 16bit strings \(big-endian\)
`strings -e L -n 6 file`: Extract 32bit strings \(little-endian\) `strings -e L -n 6 file`: Extract 32bit strings \(little-endian\)
@ -72,13 +72,13 @@ To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=s
### identify ### identify
[GraphicMagick](https://imagemagick.org/script/download.php) tool to check what kind of image a file is. Also checks if the image is corrupted. [GraphicMagick](https://imagemagick.org/script/download.php) tool to check what kind of image a file is. Also checks if the image is corrupted.
```text ```text
./magick identify -verbose stego.jpg ./magick identify -verbose stego.jpg
``` ```
If the image is damaged, you may be able to restore it by simply adding a metadata comment to it \(if it's very badly damaged this won't work\): If the image is damaged, you may be able to restore it by simply adding a metadata comment to it \(if it's very badly damaged this won't work\):
```bash ```bash
./magick mogrify -set comment 'Extraneous bytes removed' stego.jpg ./magick mogrify -set comment 'Extraneous bytes removed' stego.jpg
@ -87,7 +87,7 @@ If the image is damaged, you may be able to restore it by simply adding a metada
### Steghide \[JPEG, BMP, WAV, AU\] <a id="steghide"></a> ### Steghide \[JPEG, BMP, WAV, AU\] <a id="steghide"></a>
Steghide is a steganography program that hides data in various kinds of image and audio files. It supports the following file formats : `JPEG, BMP, WAV and AU`. Its also useful for extracting embedded and encrypted data from other files. Steghide is a steganography program that hides data in various kinds of image and audio files. It supports the following file formats : `JPEG, BMP, WAV and AU`. Its also useful for extracting embedded and encrypted data from other files.
It can be installed with `apt`, and the [source](https://github.com/StefanoDeVuono/steghide) can be found on Github. It can be installed with `apt`, and the [source](https://github.com/StefanoDeVuono/steghide) can be found on Github.
**Useful commands:** **Useful commands:**
`steghide info file` : displays info about whether a file has embedded data or not. `steghide info file` : displays info about whether a file has embedded data or not.
`steghide extract -sf file [--passphrase password]` : extracts embedded data from a file \[using a password\] `steghide extract -sf file [--passphrase password]` : extracts embedded data from a file \[using a password\]
@ -101,13 +101,12 @@ You can also extract content from steghide using the web: [https://futureboy.us/
zsteg is a tool that can detect hidden data in png and bmp files. zsteg is a tool that can detect hidden data in png and bmp files.
To install it : `gem install zsteg`. The source can also be found on [Github](https://github.com/zed-0xff/zsteg) To install it : `gem install zsteg`. The source can also be found on [Github](https://github.com/zed-0xff/zsteg)
**Useful commands:** **Useful commands:**
`zsteg -a file` : Runs every detection method on the given file `zsteg -a file` : Runs every detection method on the given file
`zsteg -E file` : Extracts data with the given payload \(example : zsteg -E b4,bgr,msb,xy name.png\) `zsteg -E file` : Extracts data with the given payload \(example : zsteg -E b4,bgr,msb,xy name.png\)
### stegoVeritas JPG, PNG, GIF, TIFF, BMP ### stegoVeritas JPG, PNG, GIF, TIFF, BMP
Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities. Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities. Execute `stegoveritas.py stego.jpg` to run all checks.
Execute `stegoveritas.py stego.jpg` to run all checks.
### Stegsolve ### Stegsolve
@ -149,27 +148,25 @@ Get details on a PNG file \(or even find out it's actually something else!\).
### ffmpeg ### ffmpeg
ffmpeg can be used to check the integrity of audio files, reporting various information about the file, as well as any errors it finds. ffmpeg can be used to check the integrity of audio files, reporting various information about the file, as well as any errors it finds.
`ffmpeg -v info -i stego.mp3 -f null -` `ffmpeg -v info -i stego.mp3 -f null -`
### Wavsteg \[WAV\] <a id="wavsteg"></a> ### Wavsteg \[WAV\] <a id="wavsteg"></a>
WavSteg is a Python3 tool that can hide data, using least significant bit, in wav files. It can also search for, and extract, data from wav files. WavSteg is a Python3 tool that can hide data, using least significant bit, in wav files. It can also search for, and extract, data from wav files.
You can get it from [Github](https://github.com/ragibson/Steganography#WavSteg) You can get it from [Github](https://github.com/ragibson/Steganography#WavSteg)
Useful commands: Useful commands:
`python3 WavSteg.py -r -b 1 -s soundfile -o outputfile` : Extracts to an output file \(taking only 1 lsb\) `python3 WavSteg.py -r -b 1 -s soundfile -o outputfile` : Extracts to an output file \(taking only 1 lsb\)
`python3 WavSteg.py -r -b 2 -s soundfile -o outputfile` : Extracts to an output file \(taking only 2 lsb\) `python3 WavSteg.py -r -b 2 -s soundfile -o outputfile` : Extracts to an output file \(taking only 2 lsb\)
### Deepsound ### Deepsound
Hide, and check for, information encrypted with AES-265 in sound files. Hide, and check for, information encrypted with AES-265 in sound files. Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
To search for hidden info, simply run the program and open the sound file. If DeepSound finds any data hidden, you'll need to provide the password to unlock it. To search for hidden info, simply run the program and open the sound file. If DeepSound finds any data hidden, you'll need to provide the password to unlock it.
### Sonic visualizer <a id="sonic-visualizer"></a> ### Sonic visualizer <a id="sonic-visualizer"></a>
Sonic visualizer is a tool for viewing and analyzing the contents of audio files. It can be very helpful when facing audio steganography challenges; you can reveal hidden shapes in audio files that many other tools won't detect. Sonic visualizer is a tool for viewing and analyzing the contents of audio files. It can be very helpful when facing audio steganography challenges; you can reveal hidden shapes in audio files that many other tools won't detect.
If you're stuck, always check the spectrogram of the audio. If you're stuck, always check the spectrogram of the audio. [Offical Website](https://www.sonicvisualiser.org/)
[Offical Website](https://www.sonicvisualiser.org/)
### DTMF Tones - Dial tones ### DTMF Tones - Dial tones
@ -187,14 +184,10 @@ import math
math.sqrt(2500) #50 math.sqrt(2500) #50
``` ```
To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](%20https://www.dcode.fr/binary-image) To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](https://github.com/carlospolop/hacktricks/tree/32fa51552498a17d266ff03e62dfd1e2a61dcd10/binary-image/README.md)
To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://online-barcode-reader.inliteresearch.com/) To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://online-barcode-reader.inliteresearch.com/)
### Braile ### Braile
[https://www.branah.com/braille-translator](https://www.branah.com/braille-translator%29) [https://www.branah.com/braille-translator](https://www.branah.com/braille-translator%29)

2
windows/active-directory-methodology/README.md
View file

@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
* [Python script to enumerate active directory](https://github.com/ropnop/windapsearch) * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
* [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum) * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2811%29.png) ![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2812%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop) [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)