mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
28 KiB
28 KiB
Table of contents
- HackTricks
- Pentesting Methodology
- About the author
- Exfiltration
- Tunneling and Port Forwarding
- Brute Force - CheatSheet
- Search Exploits
Shells
Linux/Unix
- Checklist - Linux Privilege Escalation
- Linux Privilege Escalation
- Escaping from a Docker container
- Escaping from restricted shells - Jails
- Cisco - vmanage
- D-Bus Enumeration & Command Injection Privilege Escalation
- Interesting Groups - Linux PE
- ld.so exploit example
- Linux Capabilities
- NFS no_root_squash/no_all_squash misconfiguration PE
- SSH Forward Agent exploitation
- Socket Command Injection
- Payloads to execute
- Wildcards Spare tricks
- Useful Linux Commands
- Linux Environment Variables
Windows
- Checklist - Local Windows Privilege Escalation
- Windows Local Privilege Escalation
- Privilege Escalation Abusing Tokens
- Privilege Escalation with Autoruns
- Dll Hijacking
- From High Integrity to SYSTEM with Name Pipes
- Named Pipe Client Impersonation
- Leaked Handle Exploitation
- SeDebug + SeImpersonate copy token
- MSI Wrapper
- JuicyPotato
- Windows C Payloads
- PowerUp
- JAWS
- Seatbelt
- RottenPotato
- Active Directory Methodology
- Abusing Active Directory ACLs/ACEs
- AD information in printers
- ASREPRoast
- BloodHound
- Constrained Delegation
- Custom SSP
- DCShadow
- DCSync
- DSRM Credentials
- Golden Ticket
- Kerberos Authentication
- Kerberoast
- MSSQL Trusted Links
- Over Pass the Hash/Pass the Key
- Pass the Ticket
- Password Spraying
- Printers Spooler Service abuse
- Privileged Accounts and Token Privileges
- Resource-based Constrained Delegation
- Security Descriptors
- Silver Ticket
- Skeleton Key
- Unconstrained Delegation
- NTLM
- Stealing Credentials
- Authentication, Credentials, Token privileges, UAC and EFS
- Basic CMD for Pentesters
- Basic PowerShell for Pentesters
- AV Bypass
Mobile Apps Pentesting
- Android APK Checklist
- Android Applications Pentesting
- ADB Commands
- APK decompilers
- Burp Suite Configuration for Android
- Drozer Tutorial
- Exploiting a debuggeable applciation
- Frida Tutorial
- Google CTF 2018 - Shall We Play a Game?
- Make APK Accept CA Certificate
- Manual DeObfuscation
- Reversing Native Libraries
- Smali - Decompiling/[Modifying]/Compiling
- Spoofing your location in Play Store
- Webview Attacks
- What are Intents
Pentesting
- Pentesting Network
- Pentesting JDWP - Java Debug Wire Protocol
- Pentesting Printers
- 7/tcp/udp - Pentesting Echo
- 21 - Pentesting FTP
- 22 - Pentesting SSH/SFTP
- 23 - Pentesting Telnet
- 25,465,587 - Pentesting SMTP/s
- 43 - Pentesting WHOIS
- 53 - Pentesting DNS
- 69/UDP TFTP/Bittorrent-tracker
- 79 - Pentesting Finger
- 80,443 - Pentesting Web Methodology
- 88tcp/udp - Pentesting Kerberos
- 110,995 - Pentesting POP
- 111/TCP/UDP - Pentesting Portmapper
- 113 - Pentesting Ident
- 123/udp - Pentesting NTP
- 135, 593 - Penstesting MSRPC
- 137,138,139 - Pentesting NetBios
- 139,445 - Pentesting SMB
- 143,993 - Pentesting IMAP
- 161,162,10161,10162/udp - Pentesting SNMP
- 194,6667,6660-7000 - Pentesting IRC
- 264 - Pentesting Check Point FireWall-1
- 389, 636, 3268, 3269 - Pentesting LDAP
- 500/udp - Pentesting IPsec/IKE VPN
- 502 - Pentesting Modbus
- 512 - Pentesting Rexec
- 513 - Pentesting Rlogin
- 514 - Pentesting Rsh
- 515 - Pentesting Line Printer Daemon (LPD)
- 548 - Pentesting Apple Filing Protocol (AFP)
- 554,8554 - Pentesting RTSP
- 623/UDP/TCP - IPMI
- 631 - Internet Printing Protocol(IPP)
- 873 - Pentesting Rsync
- 1026 - Pentesting Rusersd
- 1098/1099 - Pentesting Java RMI
- 1433 - Pentesting MSSQL - Microsoft SQL Server
- 1521,1522-1529 - Pentesting Oracle TNS Listener
- 1723 - Pentesting PPTP
- 1883 - Pentesting MQTT (Mosquitto)
- 2049 - Pentesting NFS Service
- 2301,2381 - Pentesting Compaq/HP Insight Manager
- 3260 - Pentesting ISCSI
- 3299 - Pentesting SAPRouter
- 3306 - Pentesting Mysql
- 3389 - Pentesting RDP
- 3632 - Pentesting distcc
- 4369 - Pentesting Erlang Port Mapper Daemon (epmd)
- 5353/UDP Multicast DNS (mDNS)
- 5432,5433 - Pentesting Postgresql
- 5671,5672 - Pentesting AMQP
- 5800,5801,5900,5901 - Pentesting VNC
- 5984,6984 - Pentesting CouchDB
- 5985,5986 - Pentesting WinRM
- 6000 - Pentesting X11
- 6379 - Pentesting Redis
- 8009 - Pentesting Apache JServ Protocol (AJP)
- 9042/9160 - Pentesting Cassandra
- 9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)
- 9200 - Pentesting Elasticsearch
- 10000 - Pentesting Network Data Management Protocol (ndmp)
- 11211 - Pentesting Memcache
- 15672 - Pentesting RabbitMQ Management
- 27017,27018 - Pentesting MongoDB
- 44818/UDP/TCP - Pentesting EthernetIP
- 47808/udp - Pentesting BACNet
- 50030,50060,50070,50075,50090 - Pentesting Hadoop
Pentesting Web
- 2FA Bypass
- Abusing hop-by-hop headers
- Bypass Payment Process
- Captcha Bypass
- Cache Poisoning and Cache Deception
- Clickjacking
- Client Side Template Injection (CSTI)
- Command Injection
- Content Security Policy
CSP
Bypass - Cookies Hacking
- CORS - Misconfigurations & Bypass
- CRLF
%0D%0A
Injection - Cross-site WebSocket hijacking (CSWSH)
- CSRF (Cross Site Request Forgery)
- Dangling Markup - HTML scriptless injection
- Deserialization
- NodeJS deserialization __proto__ abuse
- Java JSF ViewState
.faces
Deserialization - Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner
- Basic Java Deserialization (ObjectInputStream, readObject)
- CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep
- Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)
- Exploiting __VIEWSTATE parameter
- Email Header Injection
- File Inclusion/Path traversal
- File Upload
- HTTP Request Smuggling / HTTP Desync Attack
- IDOR
- JWT Vulnerabilities (Json Web Tokens)
- NoSQL injection
- LDAP Injection
- OAuth to Account takeover
- Open Redirect
- Parameter Pollution
- Race Condition
- Rate Limit Bypass
- SQL Injection
- SSRF (Server Side Request Forgery)
- SSTI (Server Side Template Injection)
- Domain/Subdomain takeover
- Unicode Normalization vulnerability
- Web Tool - WFuzz
- XPATH injection
- XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
- XXE - XEE - XML External Entity
- XSS (Cross Site Scripting)
- XSSI (Cross-Site Script Inclusion)
- XS-Search
Physical attacks
Exploiting
Forensics
Crypto
- Electronic Code Book (ECB)
- Cipher Block Chaining CBC-MAC
- Padding Oracle
- RC4 - Encrypt&Decrypt
- Crypto CTFs Tricks