This commit is contained in:
carlospolop 2023-01-01 17:19:07 +01:00
parent 00b1424c0f
commit ff67a60687
21 changed files with 235 additions and 157 deletions

View file

@ -100,22 +100,6 @@ In addition to the above WebSec is also a **committed supporter of HackTricks.**
{% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %} {% embed url="https://www.youtube.com/watch?v=Zq2JycGDCPM" %}
### [**INE**](https://ine.com)
![](.gitbook/assets/ine\_logo-3-.jpg)
[**INE**](https://ine.com) is a great platform to start learning or **improve** your **IT knowledge** through their huge range of **courses**. I personally like and have completed many from the [**cybersecurity section**](https://ine.com/pages/cybersecurity). **INE** also provides with the official courses to prepare the **certifications** from [**eLearnSecurity**](https://elearnsecurity.com)**.**
**INE** also support cybersecurity open source projects like HackTricks :)
**Courses and Certifications reviews**
You can find **my reviews of the certifications eMAPT and eWPTXv2** (and their **respective preparation courses**) on the following page:
{% content-ref url="courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md" %}
[ine-courses-and-elearnsecurity-certifications-reviews.md](courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md)
{% endcontent-ref %}
## License ## License
**Copyright © Carlos Polop 2022. Except where otherwise specified (the external information copied into the book belongs to the original authors), the text on** [**HACK TRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop is licensed under the**[ **Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)**](https://creativecommons.org/licenses/by-nc/4.0/)**.**\ **Copyright © Carlos Polop 2022. Except where otherwise specified (the external information copied into the book belongs to the original authors), the text on** [**HACK TRICKS**](https://github.com/carlospolop/hacktricks) **by Carlos Polop is licensed under the**[ **Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)**](https://creativecommons.org/licenses/by-nc/4.0/)**.**\

View file

@ -12,11 +12,13 @@
</details> </details>
<figure><img src="../.gitbook/assets/image (10) (2).png" alt=""><figcaption></figcaption></figure> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## What is a Certificate ## What is a Certificate
@ -195,11 +197,13 @@ openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.cer
openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer openssl pkcs12 -export -in certificatename.cer -inkey privateKey.key -out certificatename.pfx -certfile cacert.cer
``` ```
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Browsers Artifacts <a href="#3def" id="3def"></a> ## Browsers Artifacts <a href="#3def" id="3def"></a>
@ -266,11 +268,13 @@ Opera **stores browser history and download data in the exact same format as Goo
* **Browsers built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences` * **Browsers built-in anti-phishing:** `grep --color 'fraud_protection_enabled' ~/Library/Application Support/com.operasoftware.Opera/Preferences`
* **fraud\_protection\_enabled** should be **true** * **fraud\_protection\_enabled** should be **true**
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## OneDrive ## OneDrive
@ -111,11 +113,13 @@ Other tables inside this database contain more interesting information:
* **deleted\_fields**: Dropbox deleted files * **deleted\_fields**: Dropbox deleted files
* **date\_added** * **date\_added**
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Introduction ## Introduction

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
From: [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/) From: [https://trailofbits.github.io/ctf/forensics/](https://trailofbits.github.io/ctf/forensics/)

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Automatic Enumeration & Escape ## Automatic Enumeration & Escape
@ -508,11 +510,13 @@ If you only have `hostIPC=true`, you most likely can't do much. If any process o
The second technique explained in the post [https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files). The second technique explained in the post [https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/](https://labs.f-secure.com/blog/abusing-the-access-to-mount-namespaces-through-procpidroot/) indicates how you can abuse bind mounts with user namespaces, to affect files inside the host (in that specific case, delete files).
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## CVEs ## CVEs
@ -557,11 +561,13 @@ If you are in **userspace** (**no kernel exploit** involved) the way to find new
* [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket) * [https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket](https://0xn3va.gitbook.io/cheat-sheets/container/escaping/exposed-docker-socket)
* [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4) * [https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4](https://bishopfox.com/blog/kubernetes-pod-privilege-escalation#Pod4)
<img src="../../../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Common Limitations Bypasses ## Common Limitations Bypasses
@ -349,11 +351,13 @@ If you are inside a filesystem with the **read-only and noexec protections** the
* [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0) * [https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0](https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0)
* [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/) * [https://www.secjuice.com/web-application-firewall-waf-evasion/](https://www.secjuice.com/web-application-firewall-waf-evasion/)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
**This tutorial was taken from:** [**https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533**](https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533) **This tutorial was taken from:** [**https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533**](https://medium.com/@ehsahil/basic-android-security-testing-lab-part-1-a2b87e667533)
@ -86,11 +88,13 @@ After installing Certificate SSL endpoints also working fine tested using → [h
After installing the certificate this way Firefox for Android won't use it (based on my tests), so use a different browser. After installing the certificate this way Firefox for Android won't use it (based on my tests), so use a different browser.
{% endhint %} {% endhint %}
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -1,10 +1,12 @@
# iOS Pentesting Checklist # iOS Pentesting Checklist
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>
@ -118,8 +120,10 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}

View file

@ -1,10 +1,12 @@
# iOS Pentesting # iOS Pentesting
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## iOS Pentesting ## iOS Pentesting
@ -382,11 +384,13 @@ struct CGSize {
However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/). However, the best options to disassemble the binary are: [**Hopper**](https://www.hopperapp.com/download.html?) and [**IDA**](https://www.hex-rays.com/products/ida/support/download\_freeware/).
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Data Storage ## Data Storage
@ -742,11 +746,13 @@ Jun 7 13:42:14 iPhone touch[9708] <Notice>: MS:Notice: Injecting: (null) [touch
... ...
``` ```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Backups ## Backups
@ -1228,11 +1234,13 @@ You can find the **libraries used by an application** by running **`otool`** aga
* [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS) * [https://github.com/authenticationfailure/WheresMyBrowser.iOS](https://github.com/authenticationfailure/WheresMyBrowser.iOS)
* [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2) * [https://github.com/nabla-c0d3/ssl-kill-switch2](https://github.com/nabla-c0d3/ssl-kill-switch2)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Burp Cert Installation in physical iOS ## Burp Cert Installation in physical iOS
@ -118,11 +120,13 @@ Steps to configure Burp as proxy:
* Click on _**Ok**_ and the in _**Apply**_ * Click on _**Ok**_ and the in _**Apply**_
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information ## Basic Information
@ -323,11 +325,13 @@ Entry_1:
Command: rmg enum {IP} {PORT} Command: rmg enum {IP} {PORT}
``` ```
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
**Probably if you are playing a CTF a Flask application will be related to** [**SSTI**](../../pentesting-web/ssti-server-side-template-injection/)**.** **Probably if you are playing a CTF a Flask application will be related to** [**SSTI**](../../pentesting-web/ssti-server-side-template-injection/)**.**
@ -86,11 +88,13 @@ Command line tool to brute-force websites using cookies crafted with flask-unsig
[**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret. [**This example**](../../pentesting-web/sql-injection/sqlmap/#eval) uses sqlmap `eval` option to **automatically sign sqlmap payloads** for flask using a known secret.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information ## Basic Information
@ -137,11 +139,13 @@ AutoRepeater Burp Extension: Add a replacement rule
* `Match: v2 (higher version)` * `Match: v2 (higher version)`
* `Replace: v1 (lower version)` * `Replace: v1 (lower version)`
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## 🛡️ API Security Empire Cheat Sheet ## 🛡️ API Security Empire Cheat Sheet
@ -227,11 +231,13 @@ kr brute https://domain.com/api/ -w /tmp/lang-english.txt -x 20 -d=0
* [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API. * [**API-fuzzer**](https://github.com/Fuzzapi/API-fuzzer): API\_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API.
* [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness. * [**race-the-web**](https://github.com/TheHackerDev/race-the-web): Tests for race conditions in web applications by sending out a user-specified number of requests to a target URL (or URLs) _simultaneously_, and then compares the responses from the server for uniqueness.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Basic Information ## Basic Information
@ -99,11 +101,13 @@ curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-conten
curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2 curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
``` ```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Active enumeration ## Active enumeration
@ -281,11 +285,13 @@ wpscan --rua -e ap,at,tt,cb,dbe,u,m --url http://www.domain.com [--plugins-detec
#You can try to bruteforce the admin user using wpscan with "-U admin" #You can try to bruteforce the admin user using wpscan with "-U admin"
``` ```
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Get access by overwriting a bit ## Get access by overwriting a bit
@ -423,11 +429,13 @@ Also, **only install trustable WordPress plugins and themes**.
* **Limit login attempts** to prevent Brute Force attacks * **Limit login attempts** to prevent Brute Force attacks
* Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses. * Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## The difference ## The difference
@ -123,11 +125,13 @@ The [Web Cache Vulnerability Scanner](https://github.com/Hackmanit/Web-Cache-Vul
Example usage: `wcvs -u example.com` Example usage: `wcvs -u example.com`
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Vulnerable Examples ## Vulnerable Examples
@ -227,11 +231,13 @@ Learn here about how to perform[ Cache Deceptions attacks abusing HTTP Request S
* [https://youst.in/posts/cache-poisoning-at-scale/](https://youst.in/posts/cache-poisoning-at-scale/) * [https://youst.in/posts/cache-poisoning-at-scale/](https://youst.in/posts/cache-poisoning-at-scale/)
* [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9) * [https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9](https://bxmbn.medium.com/how-i-test-for-web-cache-vulnerabilities-tips-and-tricks-9b138da08ff9)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## What is Clickjacking ## What is Clickjacking
@ -175,11 +177,13 @@ See the following documentation for further details and more complex examples:
* [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking) * [**https://portswigger.net/web-security/clickjacking**](https://portswigger.net/web-security/clickjacking)
* [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html) * [**https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html**](https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking\_Defense\_Cheat\_Sheet.html)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Domain takeover ## Domain takeover
@ -67,11 +69,13 @@ All of them vulnerable to subdomain takeover. All of them were big brands. Talki
Nevertheless, recent phishing campaigns host content on domains with long domain names that include name of the brand (see [Apple example](https://www.phishtank.com/target\_search.php?target\_id=183\&valid=y\&active=All\&Search=Search)). Having valid SSL certificate (more on that below), keyword in domain name and website which mimics the website of targeted brand, people tend to fall into these attacks. Think about chances with a legitimate subdomain of this brand. Nevertheless, recent phishing campaigns host content on domains with long domain names that include name of the brand (see [Apple example](https://www.phishtank.com/target\_search.php?target\_id=183\&valid=y\&active=All\&Search=Search)). Having valid SSL certificate (more on that below), keyword in domain name and website which mimics the website of targeted brand, people tend to fall into these attacks. Think about chances with a legitimate subdomain of this brand.
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
### SSL Certificates <a href="#sslcertificates" id="sslcertificates"></a> ### SSL Certificates <a href="#sslcertificates" id="sslcertificates"></a>
@ -159,11 +163,13 @@ Until next time!
[Patrik](https://twitter.com/0xpatrik) [Patrik](https://twitter.com/0xpatrik)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Extracting data from all files ## Extracting data from all files
@ -84,11 +86,13 @@ cmp original.jpg stego.jpg -b -l
If you find that a **text line** is **bigger** than it should be, then some **hidden information** could be included inside the **spaces** using invisible characters.󐁈󐁥󐁬󐁬󐁯󐀠󐁴󐁨\ If you find that a **text line** is **bigger** than it should be, then some **hidden information** could be included inside the **spaces** using invisible characters.󐁈󐁥󐁬󐁬󐁯󐀠󐁴󐁨\
To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder) To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder](https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Extracting data from images ## Extracting data from images
@ -218,11 +222,13 @@ To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://o
* [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) * [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/)
* [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit) * [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
<img src="../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>

View file

@ -12,11 +12,13 @@
</details> </details>
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
## Pass The Ticket (PTT) ## Pass The Ticket (PTT)
@ -63,11 +65,13 @@ klist #List tickets in cache to cehck that mimikatz has loaded the ticket
* [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/) * [https://www.tarlogic.com/blog/how-to-attack-kerberos/](https://www.tarlogic.com/blog/how-to-attack-kerberos/)
<img src="../../.gitbook/assets/image (10) (2).png" alt="" data-size="original"> ![](<../.gitbook/assets/image (9) (1) (2).png>)
**Security Skills as a Service** platform bridges the current skill set gap by combining **global offensive security talent with smart automation**, providing real-time data you need to make informed decisions. \
Use [**Trickest**](https://trickest.io/) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:
{% embed url="https://www.syncubes.com/" %} {% embed url="https://trickest.com/?utm_campaign=hacktrics&utm_medium=banner&utm_source=hacktricks" %}
<details> <details>