mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 12:43:23 +00:00
655 lines
51 KiB
Markdown
655 lines
51 KiB
Markdown
# Table of contents
|
|
|
|
* [HackTricks](README.md)
|
|
* [About the author](about-the-author.md)
|
|
* [Getting Started in Hacking](getting-started-in-hacking.md)
|
|
* [Pentesting Methodology](pentesting-methodology.md)
|
|
* [External Recon Methodology](external-recon-methodology/README.md)
|
|
* [Github Leaked Secrets](external-recon-methodology/github-leaked-secrets.md)
|
|
* [Phishing Methodology](phishing-methodology/README.md)
|
|
* [Clone a Website](phishing-methodology/clone-a-website.md)
|
|
* [Detecting Phising](phishing-methodology/detecting-phising.md)
|
|
* [Phishing Documents](phishing-methodology/phishing-documents.md)
|
|
* [Exfiltration](exfiltration.md)
|
|
* [Tunneling and Port Forwarding](tunneling-and-port-forwarding.md)
|
|
* [Brute Force - CheatSheet](brute-force.md)
|
|
* [Search Exploits](search-exploits.md)
|
|
|
|
## Shells
|
|
|
|
* [Shells (Linux, Windows, MSFVenom)](shells/shells/README.md)
|
|
* [MSFVenom - CheatSheet](shells/shells/msfvenom.md)
|
|
* [Shells - Windows](shells/shells/windows.md)
|
|
* [Shells - Linux](shells/shells/linux.md)
|
|
* [Full TTYs](shells/shells/full-ttys.md)
|
|
|
|
## Linux/Unix
|
|
|
|
* [Checklist - Linux Privilege Escalation](linux-unix/linux-privilege-escalation-checklist.md)
|
|
* [Linux Privilege Escalation](linux-unix/privilege-escalation/README.md)
|
|
* [PAM - Pluggable Authentication Modules](linux-unix/privilege-escalation/pam-pluggable-authentication-modules.md)
|
|
* [SELinux](linux-unix/privilege-escalation/selinux.md)
|
|
* [Logstash](linux-unix/privilege-escalation/logstash.md)
|
|
* [Containerd (ctr) Privilege Escalation](linux-unix/privilege-escalation/containerd-ctr-privilege-escalation.md)
|
|
* [Docker Basics & Breakout](linux-unix/privilege-escalation/docker-breakout/README.md)
|
|
* [AuthZ& AuthN - Docker Access Authorization Plugin](linux-unix/privilege-escalation/docker-breakout/authz-and-authn-docker-access-authorization-plugin.md)
|
|
* [Docker Breakout / Privilege Escalation](linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation.md)
|
|
* [release\_agent exploit - Relative Paths to PIDs](linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/release\_agent-exploit-relative-paths-to-pids.md)
|
|
* [Docker release\_agent cgroups escape](linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/docker-release\_agent-cgroups-escape.md)
|
|
* [Sensitive Mounts](linux-unix/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation/sensitive-mounts.md)
|
|
* [Seccomp](linux-unix/privilege-escalation/docker-breakout/seccomp.md)
|
|
* [AppArmor](linux-unix/privilege-escalation/docker-breakout/apparmor.md)
|
|
* [Namespaces](linux-unix/privilege-escalation/docker-breakout/namespaces.md)
|
|
* [Docker --privileged](linux-unix/privilege-escalation/docker-breakout/docker-privileged.md)
|
|
* [Abusing Docker Socket for Privilege Escalation](linux-unix/privilege-escalation/docker-breakout/abusing-docker-socket-for-privilege-escalation.md)
|
|
* [electron/CEF/chromium debugger abuse](linux-unix/privilege-escalation/electron-cef-chromium-debugger-abuse.md)
|
|
* [Escaping from Jails](linux-unix/privilege-escalation/escaping-from-limited-bash.md)
|
|
* [Cisco - vmanage](linux-unix/privilege-escalation/cisco-vmanage.md)
|
|
* [D-Bus Enumeration & Command Injection Privilege Escalation](linux-unix/privilege-escalation/d-bus-enumeration-and-command-injection-privilege-escalation.md)
|
|
* [Interesting Groups - Linux PE](linux-unix/privilege-escalation/interesting-groups-linux-pe/README.md)
|
|
* [lxd/lxc Group - Privilege escalation](linux-unix/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation.md)
|
|
* [ld.so exploit example](linux-unix/privilege-escalation/ld.so.conf-example.md)
|
|
* [Linux Capabilities](linux-unix/privilege-escalation/linux-capabilities.md)
|
|
* [NFS no\_root\_squash/no\_all\_squash misconfiguration PE](linux-unix/privilege-escalation/nfs-no\_root\_squash-misconfiguration-pe.md)
|
|
* [Payloads to execute](linux-unix/privilege-escalation/payloads-to-execute.md)
|
|
* [RunC Privilege Escalation](linux-unix/privilege-escalation/runc-privilege-escalation.md)
|
|
* [Splunk LPE and Persistence](linux-unix/privilege-escalation/splunk-lpe-and-persistence.md)
|
|
* [SSH Forward Agent exploitation](linux-unix/privilege-escalation/ssh-forward-agent-exploitation.md)
|
|
* [Socket Command Injection](linux-unix/privilege-escalation/socket-command-injection.md)
|
|
* [Wildcards Spare tricks](linux-unix/privilege-escalation/wildcards-spare-tricks.md)
|
|
* [Linux Active Directory](linux-unix/privilege-escalation/linux-active-directory.md)
|
|
* [Useful Linux Commands](linux-unix/useful-linux-commands/README.md)
|
|
* [Bypass Bash Restrictions](linux-unix/useful-linux-commands/bypass-bash-restrictions.md)
|
|
* [Linux Environment Variables](linux-unix/linux-environment-variables.md)
|
|
|
|
## MacOS
|
|
|
|
* [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md)
|
|
* [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md)
|
|
* [MacOS MDM](macos/macos-security-and-privilege-escalation/macos-mdm/README.md)
|
|
* [Enrolling Devices in Other Organisations](macos/macos-security-and-privilege-escalation/macos-mdm/enrolling-devices-in-other-organisations.md)
|
|
* [MacOS Protocols](macos/macos-security-and-privilege-escalation/macos-protocols.md)
|
|
* [MacOS Red Teaming](macos/macos-security-and-privilege-escalation/macos-red-teaming.md)
|
|
* [MacOS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
|
|
* [MacOS Apps - Inspecting, debugging and Fuzzing](macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md)
|
|
|
|
## Windows
|
|
|
|
* [Checklist - Local Windows Privilege Escalation](windows/checklist-windows-privilege-escalation.md)
|
|
* [Windows Local Privilege Escalation](windows/windows-local-privilege-escalation/README.md)
|
|
* [AppendData/AddSubdirectory permission over service registry](windows/windows-local-privilege-escalation/appenddata-addsubdirectory-permission-over-service-registry.md)
|
|
* [Create MSI with WIX](windows/windows-local-privilege-escalation/create-msi-with-wix.md)
|
|
* [DPAPI - Extracting Passwords](windows/windows-local-privilege-escalation/dpapi-extracting-passwords.md)
|
|
* [SeImpersonate from High To System](windows/windows-local-privilege-escalation/seimpersonate-from-high-to-system.md)
|
|
* [Access Tokens](windows/windows-local-privilege-escalation/access-tokens.md)
|
|
* [ACLs - DACLs/SACLs/ACEs](windows/windows-local-privilege-escalation/acls-dacls-sacls-aces.md)
|
|
* [Dll Hijacking](windows/windows-local-privilege-escalation/dll-hijacking.md)
|
|
* [From High Integrity to SYSTEM with Name Pipes](windows/windows-local-privilege-escalation/from-high-integrity-to-system-with-name-pipes.md)
|
|
* [Integrity Levels](windows/windows-local-privilege-escalation/integrity-levels.md)
|
|
* [JAWS](windows/windows-local-privilege-escalation/jaws.md)
|
|
* [JuicyPotato](windows/windows-local-privilege-escalation/juicypotato.md)
|
|
* [Leaked Handle Exploitation](windows/windows-local-privilege-escalation/leaked-handle-exploitation.md)
|
|
* [MSI Wrapper](windows/windows-local-privilege-escalation/msi-wrapper.md)
|
|
* [Named Pipe Client Impersonation](windows/windows-local-privilege-escalation/named-pipe-client-impersonation.md)
|
|
* [PowerUp](windows/windows-local-privilege-escalation/powerup.md)
|
|
* [Privilege Escalation Abusing Tokens](windows/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md)
|
|
* [Privilege Escalation with Autoruns](windows/windows-local-privilege-escalation/privilege-escalation-with-autorun-binaries.md)
|
|
* [RottenPotato](windows/windows-local-privilege-escalation/rottenpotato.md)
|
|
* [Seatbelt](windows/windows-local-privilege-escalation/seatbelt.md)
|
|
* [SeDebug + SeImpersonate copy token](windows/windows-local-privilege-escalation/sedebug-+-seimpersonate-copy-token.md)
|
|
* [Windows C Payloads](windows/windows-local-privilege-escalation/windows-c-payloads.md)
|
|
* [Active Directory Methodology](windows/active-directory-methodology/README.md)
|
|
* [Abusing Active Directory ACLs/ACEs](windows/active-directory-methodology/acl-persistence-abuse.md)
|
|
* [AD information in printers](windows/active-directory-methodology/ad-information-in-printers.md)
|
|
* [ASREPRoast](windows/active-directory-methodology/asreproast.md)
|
|
* [BloodHound](windows/active-directory-methodology/bloodhound.md)
|
|
* [Constrained Delegation](windows/active-directory-methodology/constrained-delegation.md)
|
|
* [Custom SSP](windows/active-directory-methodology/custom-ssp.md)
|
|
* [DCShadow](windows/active-directory-methodology/dcshadow.md)
|
|
* [DCSync](windows/active-directory-methodology/dcsync.md)
|
|
* [DSRM Credentials](windows/active-directory-methodology/dsrm-credentials.md)
|
|
* [Golden Ticket](windows/active-directory-methodology/golden-ticket.md)
|
|
* [Kerberos Authentication](windows/active-directory-methodology/kerberos-authentication.md)
|
|
* [Kerberoast](windows/active-directory-methodology/kerberoast.md)
|
|
* [MSSQL Trusted Links](windows/active-directory-methodology/mssql-trusted-links.md)
|
|
* [Over Pass the Hash/Pass the Key](windows/active-directory-methodology/over-pass-the-hash-pass-the-key.md)
|
|
* [Pass the Ticket](windows/active-directory-methodology/pass-the-ticket.md)
|
|
* [Password Spraying](windows/active-directory-methodology/password-spraying.md)
|
|
* [Force NTLM Privileged Authentication](windows/active-directory-methodology/printers-spooler-service-abuse.md)
|
|
* [Privileged Accounts and Token Privileges](windows/active-directory-methodology/privileged-accounts-and-token-privileges.md)
|
|
* [Resource-based Constrained Delegation](windows/active-directory-methodology/resource-based-constrained-delegation.md)
|
|
* [Security Descriptors](windows/active-directory-methodology/security-descriptors.md)
|
|
* [Silver Ticket](windows/active-directory-methodology/silver-ticket.md)
|
|
* [Skeleton Key](windows/active-directory-methodology/skeleton-key.md)
|
|
* [Unconstrained Delegation](windows/active-directory-methodology/unconstrained-delegation.md)
|
|
* [NTLM](windows/ntlm/README.md)
|
|
* [Places to steal NTLM creds](windows/ntlm/places-to-steal-ntlm-creds.md)
|
|
* [PsExec/Winexec/ScExec](windows/ntlm/psexec-and-winexec.md)
|
|
* [SmbExec/ScExec](windows/ntlm/smbexec.md)
|
|
* [WmicExec](windows/ntlm/wmicexec.md)
|
|
* [AtExec / SchtasksExec](windows/ntlm/atexec.md)
|
|
* [WinRM](windows/ntlm/winrm.md)
|
|
* [Stealing Credentials](windows/stealing-credentials/README.md)
|
|
* [Credentials Protections](windows/stealing-credentials/credentials-protections.md)
|
|
* [Mimikatz](windows/stealing-credentials/credentials-mimikatz.md)
|
|
* [Authentication, Credentials, UAC and EFS](windows/authentication-credentials-uac-and-efs.md)
|
|
* [Basic CMD for Pentesters](windows/basic-cmd-for-pentesters.md)
|
|
* [Basic PowerShell for Pentesters](windows/basic-powershell-for-pentesters/README.md)
|
|
* [PowerView](windows/basic-powershell-for-pentesters/powerview.md)
|
|
* [AV Bypass](windows/av-bypass.md)
|
|
|
|
## Mobile Apps Pentesting
|
|
|
|
* [Android APK Checklist](mobile-apps-pentesting/android-checklist.md)
|
|
* [Android Applications Pentesting](mobile-apps-pentesting/android-app-pentesting/README.md)
|
|
* [Android Applications Basics](mobile-apps-pentesting/android-app-pentesting/android-applications-basics.md)
|
|
* [Android Task Hijacking](mobile-apps-pentesting/android-app-pentesting/android-task-hijacking.md)
|
|
* [ADB Commands](mobile-apps-pentesting/android-app-pentesting/adb-commands.md)
|
|
* [APK decompilers](mobile-apps-pentesting/android-app-pentesting/apk-decompilers.md)
|
|
* [AVD - Android Virtual Device](mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md)
|
|
* [Burp Suite Configuration for Android](mobile-apps-pentesting/android-app-pentesting/android-burp-suite-settings.md)
|
|
* [content:// protocol](mobile-apps-pentesting/android-app-pentesting/content-protocol.md)
|
|
* [Drozer Tutorial](mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/README.md)
|
|
* [Exploiting Content Providers](mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md)
|
|
* [Exploiting a debuggeable applciation](mobile-apps-pentesting/android-app-pentesting/exploiting-a-debuggeable-applciation.md)
|
|
* [Frida Tutorial](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/README.md)
|
|
* [Frida Tutorial 1](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-1.md)
|
|
* [Frida Tutorial 2](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/frida-tutorial-2.md)
|
|
* [Frida Tutorial 3](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/owaspuncrackable-1.md)
|
|
* [Objection Tutorial](mobile-apps-pentesting/android-app-pentesting/frida-tutorial/objection-tutorial.md)
|
|
* [Google CTF 2018 - Shall We Play a Game?](mobile-apps-pentesting/android-app-pentesting/google-ctf-2018-shall-we-play-a-game.md)
|
|
* [Inspeckage Tutorial](mobile-apps-pentesting/android-app-pentesting/inspeckage-tutorial.md)
|
|
* [Intent Injection](mobile-apps-pentesting/android-app-pentesting/intent-injection.md)
|
|
* [Make APK Accept CA Certificate](mobile-apps-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md)
|
|
* [Manual DeObfuscation](mobile-apps-pentesting/android-app-pentesting/manual-deobfuscation.md)
|
|
* [React Native Application](mobile-apps-pentesting/android-app-pentesting/react-native-application.md)
|
|
* [Reversing Native Libraries](mobile-apps-pentesting/android-app-pentesting/reversing-native-libraries.md)
|
|
* [Smali - Decompiling/\[Modifying\]/Compiling](mobile-apps-pentesting/android-app-pentesting/smali-changes.md)
|
|
* [Spoofing your location in Play Store](mobile-apps-pentesting/android-app-pentesting/spoofing-your-location-in-play-store.md)
|
|
* [Webview Attacks](mobile-apps-pentesting/android-app-pentesting/webview-attacks.md)
|
|
* [iOS Pentesting Checklist](mobile-apps-pentesting/ios-pentesting-checklist.md)
|
|
* [iOS Pentesting](mobile-apps-pentesting/ios-pentesting/README.md)
|
|
* [Basic iOS Testing Operations](mobile-apps-pentesting/ios-pentesting/basic-ios-testing-operations.md)
|
|
* [Burp Suite Configuration for iOS](mobile-apps-pentesting/ios-pentesting/burp-configuration-for-ios.md)
|
|
* [Extracting Entitlements From Compiled Application](mobile-apps-pentesting/ios-pentesting/extracting-entitlements-from-compiled-application.md)
|
|
* [Frida Configuration in iOS](mobile-apps-pentesting/ios-pentesting/frida-configuration-in-ios.md)
|
|
* [iOS App Extensions](mobile-apps-pentesting/ios-pentesting/ios-app-extensions.md)
|
|
* [iOS Basics](mobile-apps-pentesting/ios-pentesting/ios-basics.md)
|
|
* [iOS Custom URI Handlers / Deeplinks / Custom Schemes](mobile-apps-pentesting/ios-pentesting/ios-custom-uri-handlers-deeplinks-custom-schemes.md)
|
|
* [iOS Hooking With Objection](mobile-apps-pentesting/ios-pentesting/ios-hooking-with-objection.md)
|
|
* [iOS Protocol Handlers](mobile-apps-pentesting/ios-pentesting/ios-protocol-handlers.md)
|
|
* [iOS Serialisation and Encoding](mobile-apps-pentesting/ios-pentesting/ios-serialisation-and-encoding.md)
|
|
* [iOS Testing Environment](mobile-apps-pentesting/ios-pentesting/ios-testing-environment.md)
|
|
* [iOS UIActivity Sharing](mobile-apps-pentesting/ios-pentesting/ios-uiactivity-sharing.md)
|
|
* [iOS Universal Links](mobile-apps-pentesting/ios-pentesting/ios-universal-links.md)
|
|
* [iOS UIPasteboard](mobile-apps-pentesting/ios-pentesting/ios-uipasteboard.md)
|
|
* [iOS WebViews](mobile-apps-pentesting/ios-pentesting/ios-webviews.md)
|
|
|
|
## Pentesting
|
|
|
|
* [Pentesting Network](pentesting/pentesting-network/README.md)
|
|
* [Spoofing LLMNR, NBT-NS, mDNS/DNS and WPAD and Relay Attacks](pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md)
|
|
* [Spoofing SSDP and UPnP Devices with EvilSSDP](pentesting/pentesting-network/spoofing-ssdp-and-upnp-devices.md)
|
|
* [Pentesting IPv6](pentesting/pentesting-network/pentesting-ipv6.md)
|
|
* [Nmap Summary (ESP)](pentesting/pentesting-network/nmap-summary-esp.md)
|
|
* [Network Protocols Explained (ESP)](pentesting/pentesting-network/network-protocols-explained-esp.md)
|
|
* [IDS and IPS Evasion](pentesting/pentesting-network/ids-evasion.md)
|
|
* [DHCPv6](pentesting/pentesting-network/dhcpv6.md)
|
|
* [Pentesting Wifi](pentesting/pentesting-wifi/README.md)
|
|
* [Evil Twin EAP-TLS](pentesting/pentesting-wifi/evil-twin-eap-tls.md)
|
|
* [Pentesting JDWP - Java Debug Wire Protocol](pentesting/pentesting-jdwp-java-debug-wire-protocol.md)
|
|
* [Pentesting Printers](pentesting/pentesting-printers/README.md)
|
|
* [Accounting bypass](pentesting/pentesting-printers/accounting-bypass.md)
|
|
* [Buffer Overflows](pentesting/pentesting-printers/buffer-overflows.md)
|
|
* [Credentials Disclosure / Brute-Force](pentesting/pentesting-printers/credentials-disclosure-brute-force.md)
|
|
* [Cross-Site Printing](pentesting/pentesting-printers/cross-site-printing.md)
|
|
* [Document Processing](pentesting/pentesting-printers/document-processing.md)
|
|
* [Factory Defaults](pentesting/pentesting-printers/factory-defaults.md)
|
|
* [File system access](pentesting/pentesting-printers/file-system-access.md)
|
|
* [Firmware updates](pentesting/pentesting-printers/firmware-updates.md)
|
|
* [Memory Access](pentesting/pentesting-printers/memory-access.md)
|
|
* [Physical Damage](pentesting/pentesting-printers/physical-damage.md)
|
|
* [Software packages](pentesting/pentesting-printers/software-packages.md)
|
|
* [Transmission channel](pentesting/pentesting-printers/transmission-channel.md)
|
|
* [Print job manipulation](pentesting/pentesting-printers/print-job-manipulation.md)
|
|
* [Print Job Retention](pentesting/pentesting-printers/print-job-retention.md)
|
|
* [Scanner and Fax](pentesting/pentesting-printers/scanner-and-fax.md)
|
|
* [Pentesting SAP](pentesting/pentesting-sap.md)
|
|
* [7/tcp/udp - Pentesting Echo](pentesting/7-tcp-udp-pentesting-echo.md)
|
|
* [21 - Pentesting FTP](pentesting/pentesting-ftp/README.md)
|
|
* [FTP Bounce attack - Scan](pentesting/pentesting-ftp/ftp-bounce-attack.md)
|
|
* [FTP Bounce - Download 2ºFTP file](pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md)
|
|
* [22 - Pentesting SSH/SFTP](pentesting/pentesting-ssh.md)
|
|
* [23 - Pentesting Telnet](pentesting/pentesting-telnet.md)
|
|
* [25,465,587 - Pentesting SMTP/s](pentesting/pentesting-smtp/README.md)
|
|
* [SMTP - Commands](pentesting/pentesting-smtp/smtp-commands.md)
|
|
* [43 - Pentesting WHOIS](pentesting/43-pentesting-whois.md)
|
|
* [53 - Pentesting DNS](pentesting/pentesting-dns.md)
|
|
* [69/UDP TFTP/Bittorrent-tracker](pentesting/69-udp-tftp.md)
|
|
* [79 - Pentesting Finger](pentesting/pentesting-finger.md)
|
|
* [80,443 - Pentesting Web Methodology](pentesting/pentesting-web/README.md)
|
|
* [403 & 401 Bypasses](pentesting/pentesting-web/403-and-401-bypasses.md)
|
|
* [AEM - Adobe Experience Cloud](pentesting/pentesting-web/aem-adobe-experience-cloud.md)
|
|
* [Apache](pentesting/pentesting-web/apache.md)
|
|
* [Artifactory Hacking guide](pentesting/pentesting-web/artifactory-hacking-guide.md)
|
|
* [Buckets](pentesting/pentesting-web/buckets/README.md)
|
|
* [Firebase Database](pentesting/pentesting-web/buckets/firebase-database.md)
|
|
* [AWS-S3](pentesting/pentesting-web/buckets/aws-s3.md)
|
|
* [CGI](pentesting/pentesting-web/cgi.md)
|
|
* [Code Review Tools](pentesting/pentesting-web/code-review-tools.md)
|
|
* [Drupal](pentesting/pentesting-web/drupal.md)
|
|
* [Flask](pentesting/pentesting-web/flask.md)
|
|
* [Git](pentesting/pentesting-web/git.md)
|
|
* [Golang](pentesting/pentesting-web/golang.md)
|
|
* [GraphQL](pentesting/pentesting-web/graphql.md)
|
|
* [H2 - Java SQL database](pentesting/pentesting-web/h2-java-sql-database.md)
|
|
* [IIS - Internet Information Services](pentesting/pentesting-web/iis-internet-information-services.md)
|
|
* [JBOSS](pentesting/pentesting-web/jboss.md)
|
|
* [Jenkins](pentesting/pentesting-web/jenkins.md)
|
|
* [JIRA](pentesting/pentesting-web/jira.md)
|
|
* [Joomla](pentesting/pentesting-web/joomla.md)
|
|
* [JSP](pentesting/pentesting-web/jsp.md)
|
|
* [Laravel](pentesting/pentesting-web/laravel.md)
|
|
* [Moodle](pentesting/pentesting-web/moodle.md)
|
|
* [Nginx](pentesting/pentesting-web/nginx.md)
|
|
* [PHP Tricks (SPA)](pentesting/pentesting-web/php-tricks-esp/README.md)
|
|
* [PHP - Useful Functions & disable\_functions/open\_basedir bypass](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/README.md)
|
|
* [disable\_functions bypass - php-fpm/FastCGI](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-fpm-fastcgi.md)
|
|
* [disable\_functions bypass - dl function](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-dl-function.md)
|
|
* [disable\_functions bypass - PHP 7.0-7.4 (\*nix only)](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-7.0-7.4-nix-only.md)
|
|
* [disable\_functions bypass - Imagick <= 3.3.0 PHP >= 5.4 Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-imagick-less-than-3.3.0-php-greater-than-5.4-exploit.md)
|
|
* [disable\_functions - PHP 5.x Shellshock Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.x-shellshock-exploit.md)
|
|
* [disable\_functions - PHP 5.2.4 ionCube extension Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-php-5.2.4-ioncube-extension-exploit.md)
|
|
* [disable\_functions bypass - PHP <= 5.2.9 on windows](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-less-than-5.2.9-on-windows.md)
|
|
* [disable\_functions bypass - PHP 5.2.4 and 5.2.5 PHP cURL](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.4-and-5.2.5-php-curl.md)
|
|
* [disable\_functions bypass - PHP safe\_mode bypass via proc\_open() and custom environment Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-safe\_mode-bypass-via-proc\_open-and-custom-environment-exploit.md)
|
|
* [disable\_functions bypass - PHP Perl Extension Safe\_mode Bypass Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-perl-extension-safe\_mode-bypass-exploit.md)
|
|
* [disable\_functions bypass - PHP 5.2.3 - Win32std ext Protections Bypass](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2.3-win32std-ext-protections-bypass.md)
|
|
* [disable\_functions bypass - PHP 5.2 - FOpen Exploit](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-5.2-fopen-exploit.md)
|
|
* [disable\_functions bypass - via mem](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-via-mem.md)
|
|
* [disable\_functions bypass - mod\_cgi](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-mod\_cgi.md)
|
|
* [disable\_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl\_exec](pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable\_functions-open\_basedir-bypass/disable\_functions-bypass-php-4-greater-than-4.2.0-php-5-pcntl\_exec.md)
|
|
* [Python](pentesting/pentesting-web/python.md)
|
|
* [Special HTTP headers](pentesting/pentesting-web/special-http-headers.md)
|
|
* [Spring Actuators](pentesting/pentesting-web/spring-actuators.md)
|
|
* [Symphony](pentesting/pentesting-web/symphony.md)
|
|
* [Tomcat](pentesting/pentesting-web/tomcat.md)
|
|
* [Uncovering CloudFlare](pentesting/pentesting-web/uncovering-cloudflare.md)
|
|
* [VMWare (ESX, VCenter...)](pentesting/pentesting-web/vmware-esx-vcenter....md)
|
|
* [Web API Pentesting](pentesting/pentesting-web/web-api-pentesting.md)
|
|
* [WebDav](pentesting/pentesting-web/put-method-webdav.md)
|
|
* [werkzeug](pentesting/pentesting-web/werkzeug.md)
|
|
* [Wordpress](pentesting/pentesting-web/wordpress.md)
|
|
* [XSS to RCE Electron Desktop Apps](pentesting/pentesting-web/xss-to-rce-electron-desktop-apps.md)
|
|
* [88tcp/udp - Pentesting Kerberos](pentesting/pentesting-kerberos-88/README.md)
|
|
* [Harvesting tickets from Windows](pentesting/pentesting-kerberos-88/harvesting-tickets-from-windows.md)
|
|
* [Harvesting tickets from Linux](pentesting/pentesting-kerberos-88/harvesting-tickets-from-linux.md)
|
|
* [110,995 - Pentesting POP](pentesting/pentesting-pop.md)
|
|
* [111/TCP/UDP - Pentesting Portmapper](pentesting/pentesting-rpcbind.md)
|
|
* [113 - Pentesting Ident](pentesting/113-pentesting-ident.md)
|
|
* [123/udp - Pentesting NTP](pentesting/pentesting-ntp.md)
|
|
* [135, 593 - Pentesting MSRPC](pentesting/135-pentesting-msrpc.md)
|
|
* [137,138,139 - Pentesting NetBios](pentesting/137-138-139-pentesting-netbios.md)
|
|
* [139,445 - Pentesting SMB](pentesting/pentesting-smb.md)
|
|
* [143,993 - Pentesting IMAP](pentesting/pentesting-imap.md)
|
|
* [161,162,10161,10162/udp - Pentesting SNMP](pentesting/pentesting-snmp/README.md)
|
|
* [SNMP RCE](pentesting/pentesting-snmp/snmp-rce.md)
|
|
* [194,6667,6660-7000 - Pentesting IRC](pentesting/pentesting-irc.md)
|
|
* [264 - Pentesting Check Point FireWall-1](pentesting/pentesting-264-check-point-firewall-1.md)
|
|
* [389, 636, 3268, 3269 - Pentesting LDAP](pentesting/pentesting-ldap.md)
|
|
* [500/udp - Pentesting IPsec/IKE VPN](pentesting/ipsec-ike-vpn-pentesting.md)
|
|
* [502 - Pentesting Modbus](pentesting/pentesting-modbus.md)
|
|
* [512 - Pentesting Rexec](pentesting/512-pentesting-rexec.md)
|
|
* [513 - Pentesting Rlogin](pentesting/pentesting-rlogin.md)
|
|
* [514 - Pentesting Rsh](pentesting/pentesting-rsh.md)
|
|
* [515 - Pentesting Line Printer Daemon (LPD)](pentesting/515-pentesting-line-printer-daemon-lpd.md)
|
|
* [548 - Pentesting Apple Filing Protocol (AFP)](pentesting/584-pentesting-afp.md)
|
|
* [554,8554 - Pentesting RTSP](pentesting/554-8554-pentesting-rtsp.md)
|
|
* [623/UDP/TCP - IPMI](pentesting/623-udp-ipmi.md)
|
|
* [631 - Internet Printing Protocol(IPP)](pentesting/pentesting-631-internet-printing-protocol-ipp.md)
|
|
* [873 - Pentesting Rsync](pentesting/873-pentesting-rsync.md)
|
|
* [1026 - Pentesting Rusersd](pentesting/1026-pentesting-rusersd.md)
|
|
* [1080 - Pentesting Socks](pentesting/1080-pentesting-socks.md)
|
|
* [1098/1099/1050 - Pentesting Java RMI - RMI-IIOP](pentesting/1099-pentesting-java-rmi.md)
|
|
* [1433 - Pentesting MSSQL - Microsoft SQL Server](pentesting/pentesting-mssql-microsoft-sql-server.md)
|
|
* [1521,1522-1529 - Pentesting Oracle TNS Listener](pentesting/1521-1522-1529-pentesting-oracle-listener/README.md)
|
|
* [Oracle Pentesting requirements installation](pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-pentesting-requirements-installation.md)
|
|
* [TNS Poison](pentesting/1521-1522-1529-pentesting-oracle-listener/tns-poison.md)
|
|
* [Remote stealth pass brute force](pentesting/1521-1522-1529-pentesting-oracle-listener/remote-stealth-pass-brute-force.md)
|
|
* [Oracle RCE & more](pentesting/1521-1522-1529-pentesting-oracle-listener/oracle-rce-and-more.md)
|
|
* [1723 - Pentesting PPTP](pentesting/1723-pentesting-pptp.md)
|
|
* [1883 - Pentesting MQTT (Mosquitto)](pentesting/1883-pentesting-mqtt-mosquitto.md)
|
|
* [2049 - Pentesting NFS Service](pentesting/nfs-service-pentesting.md)
|
|
* [2301,2381 - Pentesting Compaq/HP Insight Manager](pentesting/pentesting-compaq-hp-insight-manager.md)
|
|
* [2375, 2376 Pentesting Docker](pentesting/2375-pentesting-docker.md)
|
|
* [3128 - Pentesting Squid](pentesting/3128-pentesting-squid.md)
|
|
* [3260 - Pentesting ISCSI](pentesting/3260-pentesting-iscsi.md)
|
|
* [3299 - Pentesting SAPRouter](pentesting/3299-pentesting-saprouter.md)
|
|
* [3306 - Pentesting Mysql](pentesting/pentesting-mysql.md)
|
|
* [3389 - Pentesting RDP](pentesting/pentesting-rdp.md)
|
|
* [3632 - Pentesting distcc](pentesting/3632-pentesting-distcc.md)
|
|
* [3690 - Pentesting Subversion (svn server)](pentesting/3690-pentesting-subversion-svn-server.md)
|
|
* [3702/UDP - Pentesting WS-Discovery](pentesting/3702-udp-pentesting-ws-discovery.md)
|
|
* [4369 - Pentesting Erlang Port Mapper Daemon (epmd)](pentesting/4369-pentesting-erlang-port-mapper-daemon-epmd.md)
|
|
* [5000 - Pentesting Docker Registry](pentesting/5000-pentesting-docker-registry.md)
|
|
* [5353/UDP Multicast DNS (mDNS) and DNS-SD](pentesting/5353-udp-multicast-dns-mdns.md)
|
|
* [5432,5433 - Pentesting Postgresql](pentesting/pentesting-postgresql.md)
|
|
* [5555 - Android Debug Bridge](pentesting/5555-android-debug-bridge.md)
|
|
* [5601 - Pentesting Kibana](pentesting/5601-pentesting-kibana.md)
|
|
* [5671,5672 - Pentesting AMQP](pentesting/5671-5672-pentesting-amqp.md)
|
|
* [5800,5801,5900,5901 - Pentesting VNC](pentesting/pentesting-vnc.md)
|
|
* [5984,6984 - Pentesting CouchDB](pentesting/5984-pentesting-couchdb.md)
|
|
* [5985,5986 - Pentesting WinRM](pentesting/5985-5986-pentesting-winrm.md)
|
|
* [5985,5986 - Pentesting OMI](pentesting/5985-5986-pentesting-omi.md)
|
|
* [6000 - Pentesting X11](pentesting/6000-pentesting-x11.md)
|
|
* [6379 - Pentesting Redis](pentesting/6379-pentesting-redis.md)
|
|
* [8009 - Pentesting Apache JServ Protocol (AJP)](pentesting/8009-pentesting-apache-jserv-protocol-ajp.md)
|
|
* [8086 - Pentesting InfluxDB](pentesting/8086-pentesting-influxdb.md)
|
|
* [8089 - Pentesting Splunkd](pentesting/8089-splunkd.md)
|
|
* [9000 - Pentesting FastCGI](pentesting/9000-pentesting-fastcgi.md)
|
|
* [9001 - Pentesting HSQLDB](pentesting/9001-pentesting-hsqldb.md)
|
|
* [9042/9160 - Pentesting Cassandra](pentesting/cassandra.md)
|
|
* [9100 - Pentesting Raw Printing (JetDirect, AppSocket, PDL-datastream)](pentesting/9100-pjl.md)
|
|
* [9200 - Pentesting Elasticsearch](pentesting/9200-pentesting-elasticsearch.md)
|
|
* [10000 - Pentesting Network Data Management Protocol (ndmp)](pentesting/10000-network-data-management-protocol-ndmp.md)
|
|
* [11211 - Pentesting Memcache](pentesting/11211-memcache.md)
|
|
* [15672 - Pentesting RabbitMQ Management](pentesting/15672-pentesting-rabbitmq-management.md)
|
|
* [24007,24008,24009,49152 - Pentesting GlusterFS](pentesting/24007-24008-24009-49152-pentesting-glusterfs.md)
|
|
* [27017,27018 - Pentesting MongoDB](pentesting/27017-27018-mongodb.md)
|
|
* [44134 - Pentesting Tiller (Helm)](pentesting/44134-pentesting-tiller-helm.md)
|
|
* [44818/UDP/TCP - Pentesting EthernetIP](pentesting/44818-ethernetip.md)
|
|
* [47808/udp - Pentesting BACNet](pentesting/47808-udp-bacnet.md)
|
|
* [50030,50060,50070,50075,50090 - Pentesting Hadoop](pentesting/50030-50060-50070-50075-50090-pentesting-hadoop.md)
|
|
* [Pentesting Remote GdbServer](pentesting/pentesting-remote-gdbserver.md)
|
|
|
|
## Pentesting Web
|
|
|
|
* [Web Vulnerabilities Methodology](pentesting-web/web-vulnerabilities-methodology.md)
|
|
* [Reflecting Techniques - PoCs and Polygloths CheatSheet](pentesting-web/pocs-and-polygloths-cheatsheet/README.md)
|
|
* [Web Vulns List](pentesting-web/pocs-and-polygloths-cheatsheet/web-vulns-list.md)
|
|
* [2FA/OTP Bypass](pentesting-web/2fa-bypass.md)
|
|
* [Bypass Payment Process](pentesting-web/bypass-payment-process.md)
|
|
* [Captcha Bypass](pentesting-web/captcha-bypass.md)
|
|
* [Cache Poisoning and Cache Deception](pentesting-web/cache-deception.md)
|
|
* [Clickjacking](pentesting-web/clickjacking.md)
|
|
* [Client Side Template Injection (CSTI)](pentesting-web/client-side-template-injection-csti.md)
|
|
* [Command Injection](pentesting-web/command-injection.md)
|
|
* [Content Security Policy (CSP) Bypass](pentesting-web/content-security-policy-csp-bypass.md)
|
|
* [Cookies Hacking](pentesting-web/hacking-with-cookies/README.md)
|
|
* [Cookie Tossing](pentesting-web/hacking-with-cookies/cookie-tossing.md)
|
|
* [Cookie Jar Overflow](pentesting-web/hacking-with-cookies/cookie-jar-overflow.md)
|
|
* [Cookie Bomb](pentesting-web/hacking-with-cookies/cookie-bomb.md)
|
|
* [CORS - Misconfigurations & Bypass](pentesting-web/cors-bypass.md)
|
|
* [CRLF (%0D%0A) Injection](pentesting-web/crlf-0d-0a.md)
|
|
* [Cross-site WebSocket hijacking (CSWSH)](pentesting-web/cross-site-websocket-hijacking-cswsh.md)
|
|
* [CSRF (Cross Site Request Forgery)](pentesting-web/csrf-cross-site-request-forgery.md)
|
|
* [Dangling Markup - HTML scriptless injection](pentesting-web/dangling-markup-html-scriptless-injection.md)
|
|
* [Deserialization](pentesting-web/deserialization/README.md)
|
|
* [NodeJS - \_\_proto\_\_ & prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/README.md)
|
|
* [Client Side Prototype Pollution](pentesting-web/deserialization/nodejs-proto-prototype-pollution/client-side-prototype-pollution.md)
|
|
* [Java JSF ViewState (.faces) Deserialization](pentesting-web/deserialization/java-jsf-viewstate-.faces-deserialization.md)
|
|
* [Java DNS Deserialization, GadgetProbe and Java Deserialization Scanner](pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md)
|
|
* [Basic Java Deserialization (ObjectInputStream, readObject)](pentesting-web/deserialization/basic-java-deserialization-objectinputstream-readobject.md)
|
|
* [CommonsCollection1 Payload - Java Transformers to Rutime exec() and Thread Sleep](pentesting-web/deserialization/java-transformers-to-rutime-exec-payload.md)
|
|
* [Basic .Net deserialization (ObjectDataProvider gadget, ExpandedWrapper, and Json.Net)](pentesting-web/deserialization/basic-.net-deserialization-objectdataprovider-gadgets-expandedwrapper-and-json.net.md)
|
|
* [Exploiting \_\_VIEWSTATE knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-knowing-the-secret.md)
|
|
* [Exploiting \_\_VIEWSTATE without knowing the secrets](pentesting-web/deserialization/exploiting-\_\_viewstate-parameter.md)
|
|
* [Python Yaml Deserialization](pentesting-web/deserialization/python-yaml-deserialization.md)
|
|
* [JNDI - Java Naming and Directory Interface & Log4Shell](pentesting-web/deserialization/jndi-java-naming-and-directory-interface-and-log4shell.md)
|
|
* [Domain/Subdomain takeover](pentesting-web/domain-subdomain-takeover.md)
|
|
* [Email Injections](pentesting-web/email-header-injection.md)
|
|
* [File Inclusion/Path traversal](pentesting-web/file-inclusion/README.md)
|
|
* [phar:// deserialization](pentesting-web/file-inclusion/phar-deserialization.md)
|
|
* [File Upload](pentesting-web/file-upload/README.md)
|
|
* [PDF Upload - XXE and CORS bypass](pentesting-web/file-upload/pdf-upload-xxe-and-cors-bypass.md)
|
|
* [Formula Injection](pentesting-web/formula-injection.md)
|
|
* [HTTP Request Smuggling / HTTP Desync Attack](pentesting-web/http-request-smuggling/README.md)
|
|
* [Request Smuggling in HTTP/2 Downgrades](pentesting-web/http-request-smuggling/request-smuggling-in-http-2-downgrades.md)
|
|
* [HTTP Response Smuggling / Desync](pentesting-web/http-response-smuggling-desync.md)
|
|
* [H2C Smuggling](pentesting-web/h2c-smuggling.md)
|
|
* [hop-by-hop headers](pentesting-web/abusing-hop-by-hop-headers.md)
|
|
* [IDOR](pentesting-web/idor.md)
|
|
* [JWT Vulnerabilities (Json Web Tokens)](pentesting-web/hacking-jwt-json-web-tokens.md)
|
|
* [NoSQL injection](pentesting-web/nosql-injection.md)
|
|
* [LDAP Injection](pentesting-web/ldap-injection.md)
|
|
* [Login Bypass](pentesting-web/login-bypass/README.md)
|
|
* [Login bypass List](pentesting-web/login-bypass/sql-login-bypass.md)
|
|
* [OAuth to Account takeover](pentesting-web/oauth-to-account-takeover.md)
|
|
* [Open Redirect](pentesting-web/open-redirect.md)
|
|
* [Parameter Pollution](pentesting-web/parameter-pollution.md)
|
|
* [PostMessage Vulnerabilities](pentesting-web/postmessage-vulnerabilities.md)
|
|
* [Race Condition](pentesting-web/race-condition.md)
|
|
* [Rate Limit Bypass](pentesting-web/rate-limit-bypass.md)
|
|
* [Registration & Takeover Vulnerabilities](pentesting-web/registration-vulnerabilities.md)
|
|
* [Regular expression Denial of Service - ReDoS](pentesting-web/regular-expression-denial-of-service-redos.md)
|
|
* [Reset/Forgotten Password Bypass](pentesting-web/reset-password.md)
|
|
* [SAML Attacks](pentesting-web/saml-attacks/README.md)
|
|
* [SAML Basics](pentesting-web/saml-attacks/saml-basics.md)
|
|
* [Server Side Inclusion/Edge Side Inclusion Injection](pentesting-web/server-side-inclusion-edge-side-inclusion-injection.md)
|
|
* [SQL Injection](pentesting-web/sql-injection/README.md)
|
|
* [MSSQL Injection](pentesting-web/sql-injection/mssql-injection.md)
|
|
* [Oracle injection](pentesting-web/sql-injection/oracle-injection.md)
|
|
* [PostgreSQL injection](pentesting-web/sql-injection/postgresql-injection/README.md)
|
|
* [dblink/lo\_import data exfiltration](pentesting-web/sql-injection/postgresql-injection/dblink-lo\_import-data-exfiltration.md)
|
|
* [PL/pgSQL Password Bruteforce](pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md)
|
|
* [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md)
|
|
* [Big Binary Files Upload (PostgreSQL)](pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md)
|
|
* [RCE with PostgreSQL Extensions](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md)
|
|
* [MySQL injection](pentesting-web/sql-injection/mysql-injection/README.md)
|
|
* [Mysql SSRF](pentesting-web/sql-injection/mysql-injection/mysql-ssrf.md)
|
|
* [SQLMap - Cheetsheat](pentesting-web/sql-injection/sqlmap/README.md)
|
|
* [Second Order Injection - SQLMap](pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md)
|
|
* [SSRF (Server Side Request Forgery)](pentesting-web/ssrf-server-side-request-forgery/README.md)
|
|
* [URL Format Bypass](pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md)
|
|
* [SSRF Vulnerable Platforms](pentesting-web/ssrf-server-side-request-forgery/ssrf-vulnerable-platforms.md)
|
|
* [Cloud SSRF](pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md)
|
|
* [SSTI (Server Side Template Injection)](pentesting-web/ssti-server-side-template-injection/README.md)
|
|
* [EL - Expression Language](pentesting-web/ssti-server-side-template-injection/el-expression-language.md)
|
|
* [Reverse Tab Nabbing](pentesting-web/reverse-tab-nabbing.md)
|
|
* [Unicode Normalization vulnerability](pentesting-web/unicode-normalization-vulnerability.md)
|
|
* [Web Tool - WFuzz](pentesting-web/web-tool-wfuzz.md)
|
|
* [XPATH injection](pentesting-web/xpath-injection.md)
|
|
* [XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)](pentesting-web/xslt-server-side-injection-extensible-stylesheet-languaje-transformations.md)
|
|
* [XXE - XEE - XML External Entity](pentesting-web/xxe-xee-xml-external-entity.md)
|
|
* [XSS (Cross Site Scripting)](pentesting-web/xss-cross-site-scripting/README.md)
|
|
* [PDF Injection](pentesting-web/xss-cross-site-scripting/pdf-injection.md)
|
|
* [DOM XSS](pentesting-web/xss-cross-site-scripting/dom-xss.md)
|
|
* [Server Side XSS (Dynamic PDF)](pentesting-web/xss-cross-site-scripting/server-side-xss-dynamic-pdf.md)
|
|
* [XSS Tools](pentesting-web/xss-cross-site-scripting/xss-tools.md)
|
|
* [Iframes in XSS and CSP](pentesting-web/xss-cross-site-scripting/iframes-in-xss-and-csp.md)
|
|
* [Other JS Tricks](pentesting-web/xss-cross-site-scripting/other-js-tricks.md)
|
|
* [XSSI (Cross-Site Script Inclusion)](pentesting-web/xssi-cross-site-script-inclusion.md)
|
|
* [XS-Search](pentesting-web/xs-search.md)
|
|
|
|
## Forensics
|
|
|
|
* [Basic Forensic Methodology](forensics/basic-forensic-methodology/README.md)
|
|
* [Baseline Monitoring](forensics/basic-forensic-methodology/file-integrity-monitoring.md)
|
|
* [Anti-Forensic Techniques](forensics/basic-forensic-methodology/anti-forensic-techniques.md)
|
|
* [Docker Forensics](forensics/basic-forensic-methodology/docker-forensics.md)
|
|
* [Image Adquisition & Mount](forensics/basic-forensic-methodology/image-adquisition-and-mount.md)
|
|
* [Linux Forensics](forensics/basic-forensic-methodology/linux-forensics.md)
|
|
* [Malware Analysis](forensics/basic-forensic-methodology/malware-analysis.md)
|
|
* [Memory dump analysis](forensics/basic-forensic-methodology/memory-dump-analysis/README.md)
|
|
* [Volatility - CheatSheet](forensics/basic-forensic-methodology/memory-dump-analysis/volatility-examples.md)
|
|
* [Partitions/File Systems/Carving](forensics/basic-forensic-methodology/partitions-file-systems-carving/README.md)
|
|
* [EXT](forensics/basic-forensic-methodology/partitions-file-systems-carving/ext.md)
|
|
* [File/Data Carving & Recovery Tools](forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md)
|
|
* [NTFS](forensics/basic-forensic-methodology/partitions-file-systems-carving/ntfs.md)
|
|
* [Pcap Inspection](forensics/basic-forensic-methodology/pcap-inspection/README.md)
|
|
* [DNSCat pcap analysis](forensics/basic-forensic-methodology/pcap-inspection/dnscat-exfiltration.md)
|
|
* [USB Keystrokes](forensics/basic-forensic-methodology/pcap-inspection/usb-keystrokes.md)
|
|
* [Wifi Pcap Analysis](forensics/basic-forensic-methodology/pcap-inspection/wifi-pcap-analysis.md)
|
|
* [Wireshark tricks](forensics/basic-forensic-methodology/pcap-inspection/wireshark-tricks.md)
|
|
* [Specific Software/File-Type Tricks](forensics/basic-forensic-methodology/specific-software-file-type-tricks/README.md)
|
|
* [Decompile compiled python binaries (exe, elf) - Retreive from .pyc](forensics/basic-forensic-methodology/specific-software-file-type-tricks/.pyc.md)
|
|
* [Browser Artifacts](forensics/basic-forensic-methodology/specific-software-file-type-tricks/browser-artifacts.md)
|
|
* [Desofuscation vbs (cscript.exe)](forensics/basic-forensic-methodology/specific-software-file-type-tricks/desofuscation-vbs-cscript.exe.md)
|
|
* [Local Cloud Storage](forensics/basic-forensic-methodology/specific-software-file-type-tricks/local-cloud-storage.md)
|
|
* [Office file analysis](forensics/basic-forensic-methodology/specific-software-file-type-tricks/office-file-analysis.md)
|
|
* [PDF File analysis](forensics/basic-forensic-methodology/specific-software-file-type-tricks/pdf-file-analysis.md)
|
|
* [PNG tricks](forensics/basic-forensic-methodology/specific-software-file-type-tricks/png-tricks.md)
|
|
* [Video and Audio file analysis](forensics/basic-forensic-methodology/specific-software-file-type-tricks/video-and-audio-file-analysis.md)
|
|
* [ZIPs tricks](forensics/basic-forensic-methodology/specific-software-file-type-tricks/zips-tricks.md)
|
|
* [Windows Artifacts](forensics/basic-forensic-methodology/windows-forensics/README.md)
|
|
* [Windows Processes](forensics/basic-forensic-methodology/windows-forensics/windows-processes.md)
|
|
* [Interesting Windows Registry Keys](forensics/basic-forensic-methodology/windows-forensics/interesting-windows-registry-keys.md)
|
|
|
|
## Cloud Security
|
|
|
|
* [GCP Security](cloud-security/gcp-security/README.md)
|
|
* [GCP - Other Services Enumeration](cloud-security/gcp-security/gcp-looting.md)
|
|
* [GCP - Abuse GCP Permissions](cloud-security/gcp-security/gcp-interesting-permissions/README.md)
|
|
* [GCP - Privesc to other Principals](cloud-security/gcp-security/gcp-interesting-permissions/gcp-privesc-to-other-principals.md)
|
|
* [GCP - Privesc to Resources](cloud-security/gcp-security/gcp-interesting-permissions/gcp-privesc-to-resources.md)
|
|
* [GCP - Buckets: Public Assets Brute-Force & Discovery, & Buckets Privilege Escalation](cloud-security/gcp-security/gcp-buckets-brute-force-and-privilege-escalation.md)
|
|
* [GCP - Compute Enumeration](cloud-security/gcp-security/gcp-compute-enumeration.md)
|
|
* [GCP - Network Enumeration](cloud-security/gcp-security/gcp-network-enumeration.md)
|
|
* [GCP - KMS & Secrets Management Enumeration](cloud-security/gcp-security/gcp-kms-and-secrets-management-enumeration.md)
|
|
* [GCP - Databases Enumeration](cloud-security/gcp-security/gcp-databases-enumeration.md)
|
|
* [GCP - Serverless Code Exec Services Enumeration](cloud-security/gcp-security/gcp-serverless-code-exec-services-enumeration.md)
|
|
* [GCP - Buckets Enumeration](cloud-security/gcp-security/gcp-buckets-enumeration.md)
|
|
* [GCP - Local Privilege Escalation / SSH Pivoting](cloud-security/gcp-security/gcp-local-privilege-escalation-ssh-pivoting.md)
|
|
* [GCP - Persistance](cloud-security/gcp-security/gcp-persistance.md)
|
|
* [Workspace Security](cloud-security/workspace-security.md)
|
|
* [Github Security](cloud-security/github-security/README.md)
|
|
* [Basic Github Information](cloud-security/github-security/basic-github-information.md)
|
|
* [Kubernetes Security](pentesting/pentesting-kubernetes/README.md)
|
|
* [Kubernetes Basics](pentesting/pentesting-kubernetes/kubernetes-basics.md)
|
|
* [Pentesting Kubernetes Services](pentesting/pentesting-kubernetes/pentesting-kubernetes-from-the-outside.md)
|
|
* [Exposing Services in Kubernetes](pentesting/pentesting-kubernetes/exposing-services-in-kubernetes.md)
|
|
* [Attacking Kubernetes from inside a Pod](pentesting/pentesting-kubernetes/attacking-kubernetes-from-inside-a-pod.md)
|
|
* [Kubernetes Enumeration](cloud-security/pentesting-kubernetes/kubernetes-enumeration.md)
|
|
* [Kubernetes Role-Based Access Control (RBAC)](pentesting/pentesting-kubernetes/kubernetes-role-based-access-control-rbac.md)
|
|
* [Abusing Roles/ClusterRoles in Kubernetes](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/README.md)
|
|
* [K8s Roles Abuse Lab](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/k8s-roles-abuse-lab.md)
|
|
* [Pod Escape Privileges](cloud-security/pentesting-kubernetes/abusing-roles-clusterroles-in-kubernetes/pod-escape-privileges.md)
|
|
* [Kubernetes Namespace Escalation](cloud-security/pentesting-kubernetes/namespace-escalation.md)
|
|
* [Kubernetes Access to other Clouds](cloud-security/pentesting-kubernetes/kubernetes-access-to-other-clouds.md)
|
|
* [Kubernetes Hardening](pentesting/pentesting-kubernetes/kubernetes-hardening/README.md)
|
|
* [Monitoring with Falco](pentesting/pentesting-kubernetes/kubernetes-hardening/monitoring-with-falco.md)
|
|
* [Kubernetes SecurityContext(s)](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-securitycontext-s.md)
|
|
* [Kubernetes NetworkPolicies](pentesting/pentesting-kubernetes/kubernetes-hardening/kubernetes-networkpolicies.md)
|
|
* [Concourse](cloud-security/concourse.md)
|
|
* [Cloud Security Review](cloud-security/cloud-security-review.md)
|
|
* [AWS Security](cloud-security/aws-security.md)
|
|
|
|
## A.I. Exploiting
|
|
|
|
* [BRA.I.NSMASHER Presentation](a.i.-exploiting/bra.i.nsmasher-presentation/README.md)
|
|
* [Basic Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/basic-bruteforcer.md)
|
|
* [Basic Captcha Breaker](a.i.-exploiting/bra.i.nsmasher-presentation/basic-captcha-breaker.md)
|
|
* [BIM Bruteforcer](a.i.-exploiting/bra.i.nsmasher-presentation/bim-bruteforcer.md)
|
|
* [Hybrid Malware Classifier Part 1](a.i.-exploiting/bra.i.nsmasher-presentation/hybrid-malware-classifier-part-1.md)
|
|
* [ML Basics](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/README.md)
|
|
* [Feature Engineering](a.i.-exploiting/bra.i.nsmasher-presentation/ml-basics/feature-engineering.md)
|
|
|
|
## Blockchain
|
|
|
|
* [Blockchain & Crypto Currencies](blockchain/blockchain-and-crypto-currencies.md)
|
|
|
|
## Courses and Certifications Reviews
|
|
|
|
* [INE Courses and eLearnSecurity Certifications Reviews](courses-and-certifications-reviews/ine-courses-and-elearnsecurity-certifications-reviews.md)
|
|
|
|
## Physical attacks
|
|
|
|
* [Physical Attacks](physical-attacks/physical-attacks.md)
|
|
* [Escaping from KIOSKs](physical-attacks/escaping-from-gui-applications/README.md)
|
|
* [Show file extensions](physical-attacks/escaping-from-gui-applications/show-file-extensions.md)
|
|
* [Firmware Analysis](physical-attacks/firmware-analysis/README.md)
|
|
* [Bootloader testing](physical-attacks/firmware-analysis/bootloader-testing.md)
|
|
* [Firmware Integrity](physical-attacks/firmware-analysis/firmware-integrity.md)
|
|
|
|
## Reversing
|
|
|
|
* [Reversing Tools & Basic Methods](reversing/reversing-tools-basic-methods/README.md)
|
|
* [Angr](reversing/reversing-tools-basic-methods/angr/README.md)
|
|
* [Angr - Examples](reversing/reversing-tools-basic-methods/angr/angr-examples.md)
|
|
* [Z3 - Satisfiability Modulo Theories (SMT)](reversing/reversing-tools-basic-methods/satisfiability-modulo-theories-smt-z3.md)
|
|
* [Cheat Engine](reversing/reversing-tools-basic-methods/cheat-engine.md)
|
|
* [Blobrunner](reversing/reversing-tools-basic-methods/blobrunner.md)
|
|
* [Common API used in Malware](reversing/common-api-used-in-malware.md)
|
|
* [Cryptographic/Compression Algorithms](reversing/cryptographic-algorithms/README.md)
|
|
* [Unpacking binaries](reversing/cryptographic-algorithms/unpacking-binaries.md)
|
|
* [Word Macros](reversing/word-macros.md)
|
|
|
|
## Exploiting
|
|
|
|
* [Linux Exploiting (Basic) (SPA)](exploiting/linux-exploiting-basic-esp/README.md)
|
|
* [Format Strings Template](exploiting/linux-exploiting-basic-esp/format-strings-template.md)
|
|
* [ROP - call sys\_execve](exploiting/linux-exploiting-basic-esp/rop-syscall-execv.md)
|
|
* [ROP - Leaking LIBC address](exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/README.md)
|
|
* [ROP - Leaking LIBC template](exploiting/linux-exploiting-basic-esp/rop-leaking-libc-address/rop-leaking-libc-template.md)
|
|
* [Bypassing Canary & PIE](exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie.md)
|
|
* [Ret2Lib](exploiting/linux-exploiting-basic-esp/ret2lib.md)
|
|
* [Fusion](exploiting/linux-exploiting-basic-esp/fusion.md)
|
|
* [Exploiting Tools](exploiting/tools/README.md)
|
|
* [PwnTools](exploiting/tools/pwntools.md)
|
|
* [Windows Exploiting (Basic Guide - OSCP lvl)](exploiting/windows-exploiting-basic-guide-oscp-lvl.md)
|
|
|
|
## Cryptography
|
|
|
|
* [Certificates](cryptography/certificates.md)
|
|
* [Cipher Block Chaining CBC-MAC](cryptography/cipher-block-chaining-cbc-mac-priv.md)
|
|
* [Crypto CTFs Tricks](cryptography/crypto-ctfs-tricks.md)
|
|
* [Electronic Code Book (ECB)](cryptography/electronic-code-book-ecb.md)
|
|
* [Hash Length Extension Attack](cryptography/hash-length-extension-attack.md)
|
|
* [Padding Oracle](cryptography/padding-oracle-priv.md)
|
|
* [RC4 - Encrypt\&Decrypt](cryptography/rc4-encrypt-and-decrypt.md)
|
|
|
|
## BACKDOORS
|
|
|
|
* [Merlin](backdoors/merlin.md)
|
|
* [Empire](backdoors/empire.md)
|
|
* [Salseo](backdoors/salseo.md)
|
|
* [ICMPsh](backdoors/icmpsh.md)
|
|
|
|
## Stego
|
|
|
|
* [Stego Tricks](stego/stego-tricks.md)
|
|
* [Esoteric languages](stego/esoteric-languages.md)
|
|
|
|
## MISC
|
|
|
|
* [Basic Python](misc/basic-python/README.md)
|
|
* [venv](misc/basic-python/venv.md)
|
|
* [Bypass Python sandboxes](misc/basic-python/bypass-python-sandboxes/README.md)
|
|
* [Output Searching Python internals](misc/basic-python/bypass-python-sandboxes/output-searching-python-internals.md)
|
|
* [Magic Methods](misc/basic-python/magic-methods.md)
|
|
* [Web Requests](misc/basic-python/web-requests.md)
|
|
* [Bruteforce hash (few chars)](misc/basic-python/bruteforce-hash-few-chars.md)
|
|
* [Other Big References](misc/references.md)
|
|
|
|
## TODO
|
|
|
|
* [More Tools](todo/more-tools.md)
|
|
* [MISC](todo/misc.md)
|
|
* [Pentesting DNS](todo/pentesting-dns.md)
|
|
* [Hardware Hacking](todo/hardware-hacking/README.md)
|
|
* [I2C](todo/hardware-hacking/i2c.md)
|
|
* [UART](todo/hardware-hacking/uart.md)
|
|
* [Radio](todo/hardware-hacking/radio.md)
|
|
|
|
***
|
|
|
|
* [Radio Hacking](radio-hacking/README.md)
|
|
* [Pentesting RFID](radio-hacking/pentesting-rfid.md)
|
|
* [Low-Power Wide Area Network](radio-hacking/low-power-wide-area-network.md)
|
|
* [Pentesting BLE - Bluetooth Low Energy](radio-hacking/pentesting-ble-bluetooth-low-energy.md)
|
|
* [Burp Suite](burp-suite.md)
|
|
* [Other Web Tricks](other-web-tricks.md)
|
|
* [Interesting HTTP](interesting-http.md)
|
|
* [Emails Vulnerabilities](emails-vulns.md)
|
|
* [Android Forensics](android-forensics.md)
|
|
* [TR-069](tr-069.md)
|
|
* [6881/udp - Pentesting BitTorrent](6881-udp-pentesting-bittorrent.md)
|
|
* [CTF Write-ups](ctf-write-ups/README.md)
|
|
* [challenge-0521.intigriti.io](ctf-write-ups/challenge-0521.intigriti.io.md)
|
|
* [Try Hack Me](ctf-write-ups/try-hack-me/README.md)
|
|
* [hc0n Christmas CTF - 2019](ctf-write-ups/try-hack-me/hc0n-christmas-ctf-2019.md)
|
|
* [Pickle Rick](ctf-write-ups/try-hack-me/pickle-rick.md)
|
|
* [1911 - Pentesting fox](1911-pentesting-fox.md)
|
|
* [Online Platforms with API](online-platforms-with-api.md)
|
|
* [Stealing Sensitive Information Disclosure from a Web](stealing-sensitive-information-disclosure-from-a-web.md)
|
|
* [Post Exploitation](post-exploitation.md)
|