GitBook: [#3680] No subject

This commit is contained in:
CPol 2022-12-15 10:37:10 +00:00 committed by gitbook-bot
parent e4a87540ab
commit d1d70d41a3
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
6 changed files with 11 additions and 3 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 177 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 177 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 30 KiB

View file

@ -591,7 +591,15 @@ If you found a **Local File Inclusion** and you **can exfiltrate the path** of t
[lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md](lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md)
{% endcontent-ref %}
### References
### To Fatal Error
If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/phar.phar7`, `/usr/bin/phar.phar`. (You need to include the same one 2 time to throw that error).
**I don't know how is this useful but it might be.**
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
## References
[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal)\
[PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders)

View file

@ -231,7 +231,7 @@ You may have seen this screen when downloading some executables from the interne
Microsoft Defender SmartScreen is a security mechanism intended to protect the end user against running potentially malicious applications.
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1) (4).png" alt=""><figcaption></figcaption></figure>
SmartScreen mainly works with a reputation-based approach, meaning that uncommonly download applications will trigger SmartScreen thus alerting and preventing the end user from executing the file (although the file can still be executed by clicking More Info -> Run anyway).

View file

@ -28,7 +28,7 @@ Fortunately, as an admin, you can remotely interact with DCOM with PowerShell by
It is then possible to invoke the `ExecuteShellCommand` method to start a process on the remote host:
![](<../../.gitbook/assets/image (1) (4).png>)
![](<../../.gitbook/assets/image (1) (4) (1).png>)
## ShellWindows & ShellBrowserWindow