Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 20:23:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [#3680] No subject

Browse source
This commit is contained in:
CPol 2022-12-15 10:37:10 +00:00 committed by gitbook-bot
parent e4a87540ab
commit d1d70d41a3
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
6 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.gitbook/assets/image (1) (4) (1).png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 177 KiB

BIN
.gitbook/assets/image (1) (4).png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 177 KiB

After

Width:  |  Height:  |  Size: 26 KiB

BIN
.gitbook/assets/image (1).png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 30 KiB

10
pentesting-web/file-inclusion/README.md
View file

@ -591,7 +591,15 @@ If you found a **Local File Inclusion** and you **can exfiltrate the path** of t
[lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md](lfi2rce-via-compress.zlib-+-php\_stream\_prefer\_studio-+-path-disclosure.md)
{% endcontent-ref %}
### References
### To Fatal Error
If you include any of the files `/usr/bin/phar`, `/usr/bin/phar7`, `/usr/bin/phar.phar7`, `/usr/bin/phar.phar`. (You need to include the same one 2 time to throw that error).
**I don't know how is this useful but it might be.**
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
## References
[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal)\
[PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders)

2
windows-hardening/av-bypass.md
View file

@ -231,7 +231,7 @@ You may have seen this screen when downloading some executables from the interne
Microsoft Defender SmartScreen is a security mechanism intended to protect the end user against running potentially malicious applications.
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1) (4).png" alt=""><figcaption></figcaption></figure>
SmartScreen mainly works with a reputation-based approach, meaning that uncommonly download applications will trigger SmartScreen thus alerting and preventing the end user from executing the file (although the file can still be executed by clicking More Info -> Run anyway).

2
windows-hardening/lateral-movement/dcom-exec.md
View file

@ -28,7 +28,7 @@ Fortunately, as an admin, you can remotely interact with DCOM with PowerShell by
It is then possible to invoke the `ExecuteShellCommand` method to start a process on the remote host:
![](<../../.gitbook/assets/image (1) (4).png>)
![](<../../.gitbook/assets/image (1) (4) (1).png>)
## ShellWindows & ShellBrowserWindow