mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
GitBook: [master] 4 pages and 3 assets modified
This commit is contained in:
CPol
gitbook-bot
parent
32fa515524
commit
caf6f8ef57
6 changed files with 21 additions and 28 deletions
Binary file not shown.
|
After Width: | Height: | Size: 1.5 KiB |
|
Before Width: | Height: | Size: 142 KiB After Width: | Height: | Size: 142 KiB |
|
|
@ -12,11 +12,11 @@ Here you will find the **typical flow** that **you should follow when pentesting
|
|||
|
||||
**Click in the title to start!**
|
||||
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter **[🐦]([https://emojipedia.org/bird/) [@carlospolopm](https://twitter.com/carlospolopm).**
|
||||
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md) ****[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book.
|
||||
Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book.
|
||||
|
||||
|
||||
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
|
||||
|
||||
|
|
|
|||
|
|
@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
|
|||
|
||||
If you see an error like the following one:
|
||||
|
||||
|
||||
|
||||
|
||||
It means that the server **didn't receive the correct domain name** inside the Host header.
|
||||
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Stego Tricks
|
||||
|
||||
**Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)\*\*\*\*
|
||||
**Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
|
||||
|
||||
## Extracting data from all files
|
||||
|
||||
|
|
@ -106,8 +106,7 @@ To install it : `gem install zsteg`. The source can also be found on [Github](ht
|
|||
|
||||
### stegoVeritas JPG, PNG, GIF, TIFF, BMP
|
||||
|
||||
Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities.
|
||||
Execute `stegoveritas.py stego.jpg` to run all checks.
|
||||
Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities. Execute `stegoveritas.py stego.jpg` to run all checks.
|
||||
|
||||
### Stegsolve
|
||||
|
||||
|
|
@ -161,15 +160,13 @@ Useful commands:
|
|||
|
||||
### Deepsound
|
||||
|
||||
Hide, and check for, information encrypted with AES-265 in sound files.
|
||||
Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
|
||||
Hide, and check for, information encrypted with AES-265 in sound files. Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
|
||||
To search for hidden info, simply run the program and open the sound file. If DeepSound finds any data hidden, you'll need to provide the password to unlock it.
|
||||
|
||||
### Sonic visualizer <a id="sonic-visualizer"></a>
|
||||
|
||||
Sonic visualizer is a tool for viewing and analyzing the contents of audio files. It can be very helpful when facing audio steganography challenges; you can reveal hidden shapes in audio files that many other tools won't detect.
|
||||
If you're stuck, always check the spectrogram of the audio.
|
||||
[Offical Website](https://www.sonicvisualiser.org/)
|
||||
If you're stuck, always check the spectrogram of the audio. [Offical Website](https://www.sonicvisualiser.org/)
|
||||
|
||||
### DTMF Tones - Dial tones
|
||||
|
||||
|
|
@ -187,14 +184,10 @@ import math
|
|||
math.sqrt(2500) #50
|
||||
```
|
||||
|
||||
To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](%20https://www.dcode.fr/binary-image)
|
||||
To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](https://github.com/carlospolop/hacktricks/tree/32fa51552498a17d266ff03e62dfd1e2a61dcd10/binary-image/README.md)
|
||||
To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://online-barcode-reader.inliteresearch.com/)
|
||||
|
||||
### Braile
|
||||
|
||||
[https://www.branah.com/braille-translator](https://www.branah.com/braille-translator%29)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
|
|||
* [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
|
||||
* [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
|
||||
|
||||
|
||||
|
||||
|
||||
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue