GitBook: [master] 403 pages and 64 assets modified

1911-pentesting-fox.md

@@ -10,7 +10,7 @@ dht udp "DHT Nodes"
 
 ![](.gitbook/assets/image%20%28182%29.png)
 
-![](.gitbook/assets/image%20%28345%29.png)
+![](.gitbook/assets/image%20%28345%29%20%282%29.png)
 
 InfluxDB
 

README.md

@@ -20,7 +20,7 @@ Don't forget to **give ⭐ on the github** to motivate me to continue developing
 
 
 
-![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29.png)
+![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%286%29.png)
 
 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

brute-force.md

@@ -20,7 +20,7 @@ Find as much information about the target as you can and generate a custom dicti
 
 ### Crunch
 
-```text
+```bash
 crunch 4 6 0123456789ABCDEF -o crunch1.txt #From length 4 to 6 using that alphabet
 crunch 4 4 -f /usr/share/crunch/charset.lst mixalpha # Only length 4 using charset mixalpha (inside file charset.lst)
 
@@ -112,6 +112,7 @@ medusa -u root -P 500-worst-passwords.txt -h <IP> -M ftp
 
 ```bash
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst sizzle.htb.local http-get /certsrv/
+# Use https-get mode for httpS
 medusa -h <IP> -u <username> -P  <passwords.txt> -M  http -m DIR:/path/to/auth -T 10
 ```
 
@@ -119,6 +120,7 @@ medusa -h <IP> -u <username> -P  <passwords.txt> -M  http -m DIR:/path/to/auth -
 
 ```bash
 hydra -L /usr/share/brutex/wordlists/simple-users.txt -P /usr/share/brutex/wordlists/password.lst domain.htb  http-post-form "/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect" -V
+# Use https-post-form mode for httpS
 ```
 
 For http**s** you have to change from "http-post-form" to "**https-post-form"**

ctf-write-ups/try-hack-me/pickle-rick.md

@@ -8,7 +8,7 @@ This machine was categorised as easy and it was pretty easy.
 
 I started **enumerating the machine using my tool** [**Legion**](https://github.com/carlospolop/legion):
 
-![](../../.gitbook/assets/image%20%2861%29.png)
+![](../../.gitbook/assets/image%20%2879%29.png)
 
 In as you can see 2 ports are open: 80 \(**HTTP**\) and 22 \(**SSH**\)
 

exploiting/reversing.md

@@ -45,7 +45,7 @@ DebuggableAttribute.DebuggingModes.EnableEditAndContinue)]
 
 And click on **compile**:
 
-![](../.gitbook/assets/image%20%28144%29.png)
+![](../.gitbook/assets/image%20%28314%29.png)
 
 Then save the new file on _**File >> Save module...**_:
 

linux-unix/linux-privilege-escalation-checklist.md

@@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%284%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

mobile-apps-pentesting/android-app-pentesting/avd-android-virtual-device.md

@@ -198,7 +198,7 @@ However there are **a lot of different command line useful options** that you ca
 
 First of all you need to download the Der certificate from Burp. You can do this in _**Proxy**_ --> _**Options**_ --> _**Import / Export CA certificate**_
 
-![](../../.gitbook/assets/image%20%28367%29.png)
+![](../../.gitbook/assets/image%20%28367%29%20%281%29.png)
 
 **Export the certificate in Der format** and lets **transform** it to a form that **Android** is going to be able to **understand.** Note that **in order to configure the burp certificate on the Android machine in AVD** you need to **run** this machine **with** the **`-writable-system`** option.  
 For example you can run it like:

mobile-apps-pentesting/android-app-pentesting/drozer-tutorial/exploiting-content-providers.md

@@ -59,7 +59,7 @@ content://com.mwr.example.sieve.DBContentProvider/Passwords/
 
 You should also check the **ContentProvider code** to search for queries: 
 
-![](../../../.gitbook/assets/image%20%28152%29.png)
+![](../../../.gitbook/assets/image%20%28121%29%20%281%29.png)
 
 Also, if you can't find full queries you could **check which names are declared by the ContentProvider** on the `onCreate` method:
 
@@ -76,7 +76,7 @@ When checking the code of the Content Provider **look** also for **functions** n
 
 ![](../../../.gitbook/assets/image%20%28211%29.png)
 
-![](../../../.gitbook/assets/image%20%28254%29.png)
+![](../../../.gitbook/assets/image%20%28254%29%20%281%29.png)
 
 Because you will be able to call them
 

mobile-apps-pentesting/android-checklist.md

@@ -60,7 +60,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

pentesting-methodology.md

@@ -132,7 +132,7 @@ Check also the page about [**NTLM**](windows/ntlm/), it could be very useful to
 * [**CBC-MAC**](crypto/cipher-block-chaining-cbc-mac-priv.md)
 * [**Padding Oracle**](crypto/padding-oracle-priv.md)
 
-![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%281%29.png)
+![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%281%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
 

pentesting-web/deserialization/exploiting-__viewstate-parameter.md

@@ -14,7 +14,7 @@ The following properties or combination of properties apply to ViewState informa
 
 ## **Test Cases**
 
-![](../../.gitbook/assets/image%20%2873%29.png)
+![](../../.gitbook/assets/image%20%28309%29.png)
 
 ### Test Case: 1 – EnableViewStateMac=false and viewStateEncryptionMode=false
 

pentesting-web/deserialization/java-dns-deserialization-and-gadgetprobe.md

@@ -149,7 +149,7 @@ You can download [**GadgetProbe**](https://github.com/BishopFox/GadgetProbe) fro
 
 Inside the github, [**GadgetProbe has some wordlists**](https://github.com/BishopFox/GadgetProbe/tree/master/wordlists) ****with Java classes for being tested.
 
-![](../../.gitbook/assets/intruder4%20%281%29.gif)
+![](../../.gitbook/assets/intruder4%20%281%29%20%281%29.gif)
 
 ### More Information
 

pentesting-web/deserialization/nodejs-proto-prototype-pollution.md

@@ -4,7 +4,7 @@
 
 First of all, we need to understand `Object`in JavaScript. An object is simply a collection of key and value pairs, often called properties of that object. For example:
 
-![](../../.gitbook/assets/image%20%28398%29.png)
+![](../../.gitbook/assets/image%20%28389%29%20%281%29.png)
 
 In Javascript, `Object`is a basic object, the template for all newly created objects. It is possible to create an empty object by passing `null`to `Object.create`. However, the newly created object will also have a type that corresponds to the passed parameter and inherits all the basic properties.
 

pentesting-web/unicode-normalization-vulnerability.md

@@ -72,7 +72,7 @@ Then, a malicious user could insert a different Unicode character equivalent to
 
 You could use one of the following characters to trick the webapp and exploit a XSS:
 
-![](../.gitbook/assets/image%20%2895%29.png)
+![](../.gitbook/assets/image%20%28312%29.png)
 
 Notice that for example the first Unicode character purposed can be sent as: `%e2%89%ae` or as `%u226e`
 

pentesting/623-udp-ipmi.md

@@ -126,7 +126,7 @@ Once administrative access to the BMC is obtained, there are a number of methods
 
 ![](https://blog.rapid7.com/content/images/post-images/27966/ipmi_boot.png)
 
-![](../.gitbook/assets/image%20%28198%29.png)
+![](../.gitbook/assets/image%20%28202%29.png)
 
 ## Exploiting the BMC from the Host
 

pentesting/pentesting-network/spoofing-llmnr-nbt-ns-mdns-dns-and-wpad-and-relay-attacks.md

@@ -45,7 +45,7 @@ responder -I <Iface> --wpad
 
 Responder is going to **impersonate all the service using the mentioned protocols**. Once some user try to access a service being resolved using those protocols, **he will try to authenticate against Responde**r and Responder will be able to **capture** the "credentials" \(most probably a **NTLMv2 Challenge/Response**\):
 
-![](../../.gitbook/assets/poison.jpg)
+![](../../.gitbook/assets/poison%20%281%29.jpg)
 
 ## **Inveigh**
 
@@ -77,7 +77,7 @@ If you want to use **MultiRelay**, go to _**/usr/share/responder/tools**_ and ex
 python MultiRelay.py -t <IP target> -u ALL #If "ALL" then all users are relayed
 ```
 
-![](../../.gitbook/assets/image%20%28153%29.png)
+![](../../.gitbook/assets/image%20%28209%29.png)
 
 ### Post-Exploitation \(MultiRelay\)
 

pentesting/pentesting-network/wifi-attacks/README.md

@@ -241,7 +241,7 @@ Some really bad implementations allowed the Null PIN to connect \(very weird als
 
 All the proposed WPS attacks can be easily performed using _**airgeddon.**_
 
-![](../../../.gitbook/assets/image%20%28260%29.png)
+![](../../../.gitbook/assets/image%20%28201%29%20%281%29.png)
 
 * 5 and 6 lets you try **your custom PIN** \(if you have any\)
 * 7 and 8 perform the **Pixie Dust attack**

pentesting/pentesting-web/drupal.md

@@ -24,7 +24,7 @@ Accessing _/user/<number>_ you can see the number of existing users, in th
 
 ![](../../.gitbook/assets/image%20%2826%29.png)
 
-![](../../.gitbook/assets/image%20%28158%29.png)
+![](../../.gitbook/assets/image%20%28227%29.png)
 
 ## Hidden pages enumeration
 

pentesting/pentesting-web/graphql.md

@@ -102,7 +102,7 @@ Below you can find the simplest demonstration of an application authentication r
 
  As we can see from the response screenshot, the first and the third requests returned _null_ and reflected the corresponding information in the _error_ section. The **second mutation had the correct authentication** data and the response has the correct authentication session token.
 
-![](../../.gitbook/assets/image%20%2867%29.png)
+![](../../.gitbook/assets/image%20%28119%29.png)
 
 ## Tools
 

pentesting/pentesting-web/wordpress.md

@@ -183,7 +183,7 @@ It is recommended to disable Wp-Cron and create a real cronjob inside the host t
 </methodCall>
 ```
 
-![](../../.gitbook/assets/image%20%2890%29.png)
+![](../../.gitbook/assets/image%20%28107%29.png)
 
 ![](../../.gitbook/assets/image%20%28224%29.png)
 

windows/active-directory-methodology/README.md

@@ -396,7 +396,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
 
 
 
-![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%282%29.png)
+![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%282%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 

windows/active-directory-methodology/privileged-accounts-and-token-privileges.md

@@ -37,7 +37,7 @@ If you don't want to wait an hour you can use a PS script to make the restore ha
 
 Note the spotless' user membership:
 
-![](../../.gitbook/assets/a1.png)
+![](../../.gitbook/assets/1%20%282%29.png)
 
 However, we can still add new users:
 

windows/checklist-windows-privilege-escalation.md

@@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%283%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%283%29.png)
 
 ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*