0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [#3632] No subject

This commit is contained in:
CPol 2022-10-27 14:46:56 +00:00 committed by gitbook-bot
parent c94023f007
commit 1d1522ffa9
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
9 changed files with 39 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.gitbook/assets/image (5) (1) (1) (1).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 MiB

BIN
.gitbook/assets/image (5) (1) (1).png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.2 MiB

After

Width:  |  Height:  |  Size: 53 KiB

BIN
.gitbook/assets/image (5) (1).png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 53 KiB

After

Width:  |  Height:  |  Size: 229 KiB

BIN
.gitbook/assets/image (5).png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 229 KiB

After

Width:  |  Height:  |  Size: 403 KiB

BIN
.gitbook/assets/image.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 403 KiB

After

Width:  |  Height:  |  Size: 238 KiB

2
README.md
View File

@ -69,7 +69,7 @@ Get Access Today:
### [HACKENPROOF](https://hackenproof.com/)
<figure><img src=".gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
<figure><img src=".gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
**HackenProof is home to all crypto bug bounties.**

2
backdoors/salseo.md
View File

@ -117,7 +117,7 @@ In your project folder have appeared the files: **DllExport.bat** and **DllExpor
Press **Uninstall** (yeah, its weird but trust me, it is necessary)
![](<../.gitbook/assets/image (5) (1).png>)
![](<../.gitbook/assets/image (5) (1) (1).png>)
### **Exit Visual Studio and execute DllExport\_configure**

2
generic-methodologies-and-resources/pentesting-network/eigrp-attacks.md
View File

@ -84,7 +84,7 @@ After that, the neighborhood between the legitimate EIGRP routers is established
EIGRP Neighborship with GW1 (10.10.100.100):
<figure><img src="../../.gitbook/assets/image (5).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (5) (1).png" alt=""><figcaption></figcaption></figure>
EIGRP Neighborship with GW2 (10.10.100.200):

58
pentesting-web/file-inclusion/README.md
View File

@ -4,18 +4,21 @@
<summary><strong>Support HackTricks and get benefits!</strong></summary>
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>
<figure><img src="../../.gitbook/assets/image.png" alt=""><figcaption></figcaption></figure>
Did you know that crypto projects pay more bounty rewards than their web2 counterparts? This [**crypto bounty alone**](https://hackenproof.com/jungle/jungle-smart-contract) is worth $1.000.000! Check out the [**top-paying bounties**](https://hackenproof.com/programs) among crypto projects.\
[**Sign up on HackenProof**](https://hackenproof.com/register) to get rewarded without delays and become the web3 hacker legend.
{% embed url="https://hackenproof.com/register" %}
## File Inclusion
**Remote File Inclusion (RFI):** The file is loaded from a remote server (Best: You can write the code and the server will execute it). In php this is **disabled** by default (**allow\_url\_include**).\
@ -180,9 +183,9 @@ Heres list of top 25 parameters that could be vulnerable to local file inclus
### php://filter
PHP filters allow perform basic **modification operations on the data** before being it's read or written. There are 5 categories of filters:&#x20;
PHP filters allow perform basic **modification operations on the data** before being it's read or written. There are 5 categories of filters:
* [String Filters](https://www.php.net/manual/en/filters.string.php):&#x20;
* [String Filters](https://www.php.net/manual/en/filters.string.php):
* `string.rot13`
* `string.toupper`
* `string.tolower`
@ -341,7 +344,7 @@ For more information read the following post:
Check more possible[ **protocols to include here**](https://www.php.net/manual/en/wrappers.php)**:**
* [php://memory and php://temp](https://www.php.net/manual/en/wrappers.php.php#wrappers.php.memory) — Write in memory or in a temporary file (not sure how this can be useful in a file inclusion attack)
* [php://memory and php://temp](https://www.php.net/manual/en/wrappers.php.php#wrappers.php.memory) — Write in memory or in a temporary file (not sure how this can be useful in a file inclusion attack)
* [file://](https://www.php.net/manual/en/wrappers.file.php) — Accessing local filesystem
* [http://](https://www.php.net/manual/en/wrappers.http.php) — Accessing HTTP(s) URLs
* [ftp://](https://www.php.net/manual/en/wrappers.ftp.php) — Accessing FTP(s) URLs
@ -374,6 +377,14 @@ It's also possible to get RCE in a vulnerable "assert" statement using the syste
Be sure to URL-encode payloads before you send them.
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FfinO3sjcfKcruYYBafKC%2Fimage.png?alt=media&#x26;token=7bba2ebb-a679-4357-a859-bff2d9c5136a" alt=""><figcaption></figcaption></figure>
Did you know that crypto projects pay more bounty rewards than their web2 counterparts? This [**crypto bounty alone**](https://hackenproof.com/jungle/jungle-smart-contract) is worth $1.000.000! Check out the [**top-paying bounties**](https://hackenproof.com/programs) among crypto projects. [**Sign up on HackenProof**](https://hackenproof.com/register) to get rewarded without delays and become the web3 hacker legend.
{% embed url="https://hackenproof.com/register" %}
## LFI2RCE
### Basic RFI
@ -531,20 +542,23 @@ If you found a **Local File Inclusion** and you **can exfiltrate the path** of t
[PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal)\
[PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion%20-%20Path%20Traversal/Intruders)
{% file src="../../.gitbook/assets/EN-Local-File-Inclusion-1.pdf" %}
{% file src="../../.gitbook/assets/en-local-file-inclusion-1.pdf" %}
<figure><img src="https://files.gitbook.com/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-L_2uGJGU7AVNRcqRvEi%2Fuploads%2FfinO3sjcfKcruYYBafKC%2Fimage.png?alt=media&#x26;token=7bba2ebb-a679-4357-a859-bff2d9c5136a" alt=""><figcaption></figcaption></figure>
Did you know that crypto projects pay more bounty rewards than their web2 counterparts? This [**crypto bounty alone**](https://hackenproof.com/jungle/jungle-smart-contract) is worth $1.000.000! Check out the [**top-paying bounties**](https://hackenproof.com/programs) among crypto projects. \
[**Sign up on HackenProof**](https://hackenproof.com/register) to get rewarded without delays and become the web3 hacker legend.
{% embed url="https://hackenproof.com/register" %}
<details>
<summary><strong>Support HackTricks and get benefits!</strong></summary>
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
</details>