Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity
4676 commits 18 branches 0 tags 464 MiB
Commit graph

662 commits

Author SHA1 Message Date
Justin Applegate
09b618c00e
Flask extension isn't vulnerable anymore actually 2024-01-30 22:15:31 -05:00
Justin Applegate
8ebee8912b
Mixing up Django and Flask 2024-01-30 22:05:13 -05:00
Justin Applegate
d8a6d00b9d
Adding CVE number for Django cache manipulation 2024-01-30 22:00:55 -05:00
Justin Applegate
094bfcace9
Create django.md 
Added cache manipulation
 2024-01-30 21:52:51 -05:00
gitlab.com/beune
e0fd0a99d7
Update README.md 
Fix typo
 2024-01-26 10:39:53 +01:00
Valtteri Lehtinen
6a0ea1a28e Add 4840-pentesting-opc-ua 2024-01-14 21:54:55 +02:00
Carlos Polop
cc62aeca66 arte 2024-01-12 08:54:15 +01:00
Carlos Polop
c61eef67c4 arte 2024-01-12 08:53:44 +01:00
Carlos Polop
37bb97ea8e pentest-tools 2024-01-11 14:23:18 +01:00
Carlos Polop
ad1f5a6cf5 dns 2024-01-11 14:18:30 +01:00
Carlos Polop
4e607e95d5
Merge pull request #779 from MegaManSec/patch-1 
Update pentesting-ssh.md
 2024-01-11 01:08:42 +01:00
Carlos Polop
b045c000b2 Merge branch 'master' of github.com:carlospolop/hacktricks 2024-01-10 11:21:56 +01:00
Carlos Polop
f0b5bcb9d2 arte 2024-01-10 11:21:44 +01:00
Joshua Rogers
8018901584
Update pentesting-ssh.md 
Add SSH-Snake info.
 2024-01-10 04:55:52 +01:00
CPol
bdb5a4b010
GITBOOK-4230: change request with no subject merged in GitBook 2024-01-10 00:59:55 +00:00
Carlos Polop
4d6eff6732 arte 2024-01-08 12:25:42 +01:00
Carlos Polop
d15c2e37d1 arte 2024-01-08 12:25:09 +01:00
Carlos Polop
977350907c arte 2024-01-05 23:37:11 +01:00
Carlos Polop
48d9033854 arte 2024-01-05 23:36:48 +01:00
Carlos Polop
8f1aed6958
Merge pull request #775 from NaxnN/patch-9 
add missing space in 6379-pentesting-redis.md
 2024-01-04 10:02:30 +01:00
Carlos Polop
5d26a0c40a arte 2024-01-03 11:43:38 +01:00
Carlos Polop
5da23fa278 arte 2024-01-03 11:42:55 +01:00
Carlos Polop
c2d34d11b4 arte 2024-01-02 19:28:27 +01:00
KeoOp
2da93f568b
update 6379-pentesting-redis.md 2024-01-01 17:46:15 +09:00
Carlos Polop
f61bdeceae arte 2023-12-31 02:24:39 +01:00
Carlos Polop
3bc68642e2
Merge pull request #771 from manesec/master 
Update 6000-pentesting-x11.md
 2023-12-29 17:46:19 +01:00
Mane
1562d6185c
Update 6000-pentesting-x11.md 
Add example for `xxd` and `w`. 

# Reference
https://0xdf.gitlab.io/2022/11/21/htb-squashed.html
 2023-12-29 00:56:54 -08:00
n3rada
df39ded79a
update: jdwp repository and explaination 2023-12-28 18:48:26 +00:00
CPol
08536c564d
GITBOOK-4222: change request with no subject merged in GitBook 2023-12-27 23:58:16 +00:00
CPol
76315e4cc2
GITBOOK-4219: change request with no subject merged in GitBook 2023-12-26 20:51:20 +00:00
CPol
da42a67a80
GITBOOK-4216: change request with no subject merged in GitBook 2023-12-26 00:45:07 +00:00
Carlos Polop
8ed6ac013b
Merge pull request #768 from emizzz/master 
fix URL error in Joomla RCE
 2023-12-25 01:33:12 +01:00
Carlos Polop
03fb0ebb99
Merge pull request #758 from manesec/master 
Update SNMP and Basic PowerShell for Pentesters
 2023-12-24 19:53:33 +01:00
CPol
a6d32b1828
GITBOOK-4208: change request with no subject merged in GitBook 2023-12-24 18:15:27 +00:00
Carlos Polop
1699aa01ac
Merge pull request #757 from N7WEra/patch-1 
Update JIRA page
 2023-12-24 19:03:57 +01:00
emizzz
e1802676f6
fix URL error 
I think once the code is injected, the correct URL is: 
"/templates/protostar/error.php"
and not:
"/templates/protostar/error.php/error.php"
 2023-12-22 14:19:47 +01:00
Carlos Polop
f97bf8980c
Merge pull request #752 from cyberMilosz/master 
Replace references to F-Secure LABS with WithSecure Labs
 2023-12-19 22:44:29 +01:00
CPol
20b5224810
GITBOOK-4192: change request with no subject merged in GitBook 2023-12-16 13:28:14 +00:00
Mane
2c3f4bdd68
Update README.md 
Add `Microsoft Windows SNMP parameters`, which very useful.

# Reference:

https://www.websecgeeks.com/2017/04/hacking-snmp-service-part-2-post.html

https://refabr1k.gitbook.io/oscp/info-gathering/snmp#juicy-mib-values
 2023-12-12 01:40:07 -08:00
N7WEra
98c15ec776
Update the permisson list 2023-12-11 15:46:57 +00:00
N7WEra
5aa2e16fd9
Update jira.md 
changed the date
 2023-12-11 14:38:01 +00:00
N7WEra
08a6342a99
Update page 
to reflect changes in the API
 2023-12-11 14:25:00 +00:00
Miłosz Gaczkowski
2a30e960b5 Replace references to F-Secure LABS with WithSecure Labs 
F-Secure split into 2 companies in early 2022. For a while, all links to labs.f-secure.com redirected to labs.withsecure.com, but this is no longer the case - leaving some links on HackTricks broken. This commit replaces all outdated links with their current locations.
 2023-12-04 13:43:41 -05:00
carlospolop
81005f76c9 hp 2023-12-04 16:57:41 +01:00
carlospolop
21ed9007c4 hackenproof 2023-12-04 16:45:05 +01:00
CPol
f6cedd55e4
GITBOOK-4174: change request with no subject merged in GitBook 2023-12-04 09:33:43 +00:00
Alexandre ZANNI
b7996be56b
pentesting-smb: change title 2023-11-27 18:01:07 +01:00
Alexandre ZANNI
50f37523f5
pentesting-smb: add From Windows / no third-party tools 2023-11-27 17:58:23 +01:00
Carlos Polop
da044c173c
Merge pull request #746 from manesec/master 
Update php-useful-functions-disable_functions-open_basedir-bypass
 2023-11-27 07:57:04 +01:00
Mane
d1d885dcc6
Update README.md 
Make more readable and add a tools p0wny-shell to automatic check and bypass .

## Reference: 

https://github.com/flozz/p0wny-shell   (source code in shell.php, In function `executeCommand` )
 2023-11-21 12:02:42 -08:00
Bigyls
69a5c16e62
Remove "X-ProxyUser-Ip: 127.0.0.1" duplicate 2023-11-16 15:27:36 +01:00
CPol
f35e1aac93
GITBOOK-4152: change request with no subject merged in GitBook 2023-11-05 22:42:10 +00:00
Carlos Polop
35033a280b
Merge pull request #732 from jjfeldcher/jjfeldcher-wordpress-changes 
Update wordpress.md
 2023-11-05 17:47:13 +01:00
Carlos Polop
1645075b1e
Merge pull request #730 from Sn1r/master 
Update 403-and-401-bypasses.md
 2023-11-05 17:10:17 +01:00
Carlos Polop
101c754301
Merge pull request #726 from A1vinSmith/master 
Update tomcat.md
 2023-11-05 16:42:26 +01:00
Carlos Polop
5a4ab88d61
Merge pull request #724 from chovanecadam/patch-2 
fix: autocommand syntax
 2023-11-05 16:07:22 +01:00
Carlos Polop
1aeb3dd0cf
Merge pull request #722 from entr0pie/master 
Added special characters command to FTP file dump
 2023-11-05 15:59:30 +01:00
Carlos Polop
700b4c3885
Merge pull request #721 from cosad3s/master 
Add Network Service Pentesting page for IBM MQ (TCP/1414)
 2023-11-05 15:59:05 +01:00
CPol
a3ad24c9ea
GITBOOK-4148: change request with no subject merged in GitBook 2023-11-03 11:03:53 +00:00
Alvin Smith
e0e04cfef5
Update pentesting-dns.md 2023-11-03 14:17:04 +13:00
Alvin Smith
64f1c9d8b0
Merge branch 'carlospolop:master' into master 2023-11-03 14:14:05 +13:00
CPol
233703a1b1
GITBOOK-4146: change request with no subject merged in GitBook 2023-11-02 16:52:21 +00:00
CPol
46d107852a
GITBOOK-4142: change request with no subject merged in GitBook 2023-10-27 16:04:24 +00:00
CPol
1015696215
GITBOOK-4141: change request with no subject merged in GitBook 2023-10-27 15:46:20 +00:00
CPol
0272b33ab5
GITBOOK-4140: change request with no subject merged in GitBook 2023-10-26 14:15:46 +00:00
jjfeldcher
fac24cd8b4
Update wordpress.md 
Added some new knowledge to the Wordpress tricks page.
 2023-10-25 16:42:52 -07:00
Snir Aviv
e720a71d6a
Update 403-and-401-bypasses.md 2023-10-21 15:30:38 +03:00
Alvin Smith
55cd0adf16
Update tomcat.md 
Fixed the MSFVenom WAR Stageless reverse TCP payload command for Tomcat page.
 2023-10-20 14:15:50 +13:00
CPol
943d735974
GITBOOK-4131: change request with no subject merged in GitBook 2023-10-16 18:10:45 +00:00
Adam Chovanec
ae610a5acd
fix: autocommand syntax 2023-10-16 19:42:43 +02:00
CPol
63857c0541
GITBOOK-4126: change request with no subject merged in GitBook 2023-10-15 16:45:54 +00:00
CPol
c383ffed62
GITBOOK-4125: change request with no subject merged in GitBook 2023-10-15 15:23:24 +00:00
CPol
6a5f71e401
GITBOOK-4121: change request with no subject merged in GitBook 2023-10-14 20:45:59 +00:00
tandera
c0a157ed69
Added special characters command to FTP file dump 2023-10-13 19:19:28 -03:00
Sébastien Copin
fe88ec40e7
Update 1414-pentesting-ibmmq.md (typos) 2023-10-12 13:52:24 +02:00
Sébastien Copin
30cbf6ebc7 Add Pentesting IBM MQ (1414) 2023-10-12 01:08:45 +02:00
Leandro
a3d33f13c3
Adding SQL Server Linked Servers Passwords Attack 
Adding a section to the pentesting-mssql-microsoft-sql-server playbook where SQL Server Linked Servers Passwords Attack is detailed with information and scripts to handle the needed configurations. Also a script for the extraction and decryption of the passwords is added.
Furthermore, additional information is provided to better understand the attack.
 2023-10-09 20:52:49 +01:00
CPol
aafdb7f10e
GITBOOK-4111: change request with no subject merged in GitBook 2023-10-05 14:47:43 +00:00
CPol
7f25eb4d37
GITBOOK-4108: change request with no subject merged in GitBook 2023-10-04 15:51:37 +00:00
CPol
261348bb2c
GITBOOK-4100: change request with no subject merged in GitBook 2023-09-28 15:09:34 +00:00
CPol
afd72865a1
GITBOOK-4092: change request with no subject merged in GitBook 2023-09-24 09:51:34 +00:00
Peter Potrowl
22c8a0639e
Fix sentence in werkzeug.md 
Sentence made no sense
 2023-09-17 21:52:17 +02:00
Adam Chovanec
3d67f023f8
minor fix of automatic commands 
The -u flag was used twice.
 2023-09-11 13:41:59 +02:00
Carlos Polop
85f15789e5
Merge pull request #703 from ScribblerCoder/docker-nginx-proxy 
add dockerized version of nginx proxy with ajp
 2023-09-11 02:00:52 +02:00
Carlos Polop
51bcb61305
Merge pull request #701 from afaq1337/patch-2 
Update code-review-tools.md
 2023-09-11 00:53:37 +02:00
Carlos Polop
8a91ee0d81
Merge pull request #700 from afaq1337/patch-1 
Update code-review-tools.md
 2023-09-11 00:27:19 +02:00
Carlos Polop
00a4a530df
Merge pull request #691 from viktoriia-lsg/master 
Angular methodology
 2023-09-11 00:07:37 +02:00
CPol
9a823c5316
GITBOOK-4073: change request with no subject merged in GitBook 2023-09-07 06:07:56 +00:00
ScribblerCoder
640dac454d
add dockerized version of nginx proxy with ajp 2023-09-07 03:35:02 +03:00
Afaq
3a92d887a8
Update code-review-tools.md 
Added a tool for pnpm package manager.
 2023-09-06 18:09:21 +05:00
Afaq
d0d6f13464
Update code-review-tools.md 
Added a tool for RUST.
 2023-09-06 18:05:05 +05:00
CPol
23c4c394e0
GITBOOK-4072: change request with no subject merged in GitBook 2023-09-05 17:43:46 +00:00
CPol
cdac602134
GITBOOK-4070: change request with no subject merged in GitBook 2023-09-05 14:44:49 +00:00
CPol
129d9d0d73
GITBOOK-4069: change request with no subject merged in GitBook 2023-09-05 14:37:12 +00:00
carlospolop
93b6df668e trickest 2023-09-05 00:10:11 +02:00
CPol
5d5ee35764
GITBOOK-4067: change request with no subject merged in GitBook 2023-09-04 16:23:40 +00:00
CPol
8cd2f11ec3
GITBOOK-4065: change request with no subject merged in GitBook 2023-09-04 14:02:39 +00:00
carlospolop
987e1109d8 trickest 2023-09-03 17:41:02 +02:00
CPol
90e5cbe540
GITBOOK-4064: change request with no subject merged in GitBook 2023-09-03 13:08:13 +00:00
carlospolop
d308298b26 intruder 2023-09-03 01:51:32 +02:00
carlospolop
2463753c56 intruder 2023-09-03 01:48:41 +02:00
CPol
0de31f2383
GITBOOK-4061: change request with no subject merged in GitBook 2023-08-31 15:11:42 +00:00
CPol
749e1c091d
GITBOOK-4059: change request with no subject merged in GitBook 2023-08-30 09:07:26 +00:00
Carlos Polop
fae6f50ce8
Merge pull request #696 from DeveloperOl/master 
Update pentesting-postgresql.md
 2023-08-29 20:47:50 +02:00
Carlos Polop
f2d54cb3c6
Merge pull request #690 from jblommaert/master-1 
Fix: Typo
 2023-08-29 20:18:44 +02:00
Oliver Boehlk
95f20afc82
Update pentesting-postgresql.md 
unify Select in caps lock
 2023-08-28 09:37:49 +02:00
Oliver Boehlk
2cff636067
Update pentesting-postgresql.md 
Add current_catalog as Postgres enumeration command
 2023-08-28 09:34:29 +02:00
Carlos Polop
db529bc0a3
Merge pull request #686 from Syncriix/master 
SMB Local User Enummeration
 2023-08-27 22:04:29 +02:00
CPol
3d9ea66965
GITBOOK-4051: change request with no subject merged in GitBook 2023-08-25 07:48:03 +00:00
CPol
7b95b4b0e9
GITBOOK-4044: change request with no subject merged in GitBook 2023-08-22 09:57:13 +00:00
CPol
554b95eac8
GITBOOK-4035: change request with no subject merged in GitBook 2023-08-16 04:32:29 +00:00
CPol
4c29b49ee0
GITBOOK-4034: change request with no subject merged in GitBook 2023-08-15 18:05:01 +00:00
CPol
d724c6604b
GITBOOK-4032: change request with no subject merged in GitBook 2023-08-15 16:09:09 +00:00
Sebastian
712e41590b
Merge branch 'carlospolop:master' into master 2023-08-15 10:12:22 +02:00
Sebastian
aaf5917e25
Added Automation 2023-08-15 10:09:34 +02:00
CPol
fd47bcfc8d
GITBOOK-4031: change request with no subject merged in GitBook 2023-08-15 01:35:49 +00:00
viktoriia-lsg
94b66dff7a
Update angular.md 2023-08-14 15:50:33 +03:00
viktoriia-lsg
7393f7a7ef
Angular methodology is edited 2023-08-14 15:49:18 +03:00
Julien Blommaert
49bb2cc70c
Fix: Typo 
Fix typo in the Pentesting VoIP Readme
 2023-08-14 14:01:55 +02:00
viktoriia-lsg
a8b75fece8
Angular methodology is added 2023-08-14 14:58:56 +03:00
Sebastian
bd550716ae
SMB Local User Enummeration 2023-08-08 11:05:26 +02:00
CPol
d66ecb4cdd
GITBOOK-4021: change request with no subject merged in GitBook 2023-07-31 15:59:11 +00:00
CPol
84d05a4c74
GITBOOK-4018: change request with no subject merged in GitBook 2023-07-30 21:28:42 +00:00
CPol
184e54867b
GITBOOK-4012: change request with no subject merged in GitBook 2023-07-19 11:35:52 +00:00
Carlos Polop
2cc2d9b182
Merge pull request #671 from austinleblanc/patch-1 
Update 3128-pentesting-squid.md
 2023-07-19 13:16:59 +02:00
Carlos Polop
4f4d314fca
Merge pull request #665 from sidhawkss/patch-1 
Change: machine_id explanation
 2023-07-17 17:25:20 +02:00
CPol
1ea7eeae91
GITBOOK-4011: change request with no subject merged in GitBook 2023-07-17 13:05:52 +00:00
carlospolop
d84af2b1f5 hp 2023-07-14 17:03:41 +02:00
carlospolop
6277fe6f8b hackenproof 2023-07-14 16:20:34 +02:00
CPol
cbc84fb677
GITBOOK-4009: change request with no subject merged in GitBook 2023-07-14 11:41:41 +00:00
CPol
f11b4d1856
GITBOOK-4008: change request with no subject merged in GitBook 2023-07-13 09:57:55 +00:00
austinleblanc
d948dd6bc1
Update 3128-pentesting-squid.md 
Typo fix
 2023-07-10 14:14:36 -04:00
Carlos Polop
74c65ab7b2
Merge pull request #660 from NaxnN/patch-6 
Update werkzeug.md
 2023-07-10 12:38:14 +02:00
SidHawks
a18bebaf7e
Change: machine_id explanation 2023-07-02 00:04:36 -03:00
Fabio Zuber
c57346ff77
docs(IIS): correct typo in basic auth bypass 2023-06-27 16:25:54 +02:00
Carlos Polop
41263c3fd8
Merge pull request #654 from shiomiyan/patch-3 
Fix typo in GraphQL document
 2023-06-24 18:44:47 +02:00
KeoOp
dc3bd534ee
Update werkzeug.md 2023-06-19 10:18:43 +08:00
CPol
96d3c84e90
GITBOOK-3985: change request with no subject merged in GitBook 2023-06-14 14:40:53 +00:00
CPol
9a68c91e4e
GITBOOK-3984: change request with no subject merged in GitBook 2023-06-14 10:51:55 +00:00
CPol
fa3b6dffc2
GITBOOK-3983: change request with no subject merged in GitBook 2023-06-14 00:31:26 +00:00
CPol
0164fe76c8
GITBOOK-3982: change request with no subject merged in GitBook 2023-06-13 16:23:33 +00:00
CPol
5850e04a1f
GITBOOK-3981: change request with no subject merged in GitBook 2023-06-13 10:26:10 +00:00
CPol
aac81361dc
GITBOOK-3975: change request with no subject merged in GitBook 2023-06-10 23:31:32 +00:00
shiomiyan
62befea09c
Fix typo in GraphQL document 2023-06-10 23:46:50 +09:00
CPol
273f175b12
GITBOOK-3971: change request with no subject merged in GitBook 2023-06-08 16:46:11 +00:00
CPol
cd4025c14f
GITBOOK-3968: change request with no subject merged in GitBook 2023-06-06 22:57:49 +00:00
CPol
e53c11a86a
GITBOOK-3966: change request with no subject merged in GitBook 2023-06-06 21:42:32 +00:00
CPol
f06b553ee0
GITBOOK-3965: change request with no subject merged in GitBook 2023-06-01 21:44:32 +00:00
CPol
ff4a3d95b7
GITBOOK-3962: change request with no subject merged in GitBook 2023-06-01 20:34:49 +00:00
Ally Petitt
f8c7abee39
Clean up and add additional WAF bypass techniques to waf-bypass.md 2023-05-31 20:00:55 -07:00