0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

GitBook: [master] 4 pages and 3 assets modified

This commit is contained in:
CPol 2021-04-11 09:05:05 +00:00 committed by gitbook-bot
parent 32fa515524
commit caf6f8ef57
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
6 changed files with 21 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67 (6) (4) (12).png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.5 KiB

0
.gitbook/assets/image (446).png → .gitbook/assets/image (446) (1) (1).png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 142 KiB

After

Width:  |  Height:  |  Size: 142 KiB

4
README.md
View File

@ -12,11 +12,11 @@ Here you will find the **typical flow** that **you should follow when pentesting
**Click in the title to start!**
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter **[🐦]([https://emojipedia.org/bird/) [@carlospolopm](https://twitter.com/carlospolopm).**
If you want to **know** about my **latest modifications**/**additions** or you have **any suggestion for HackTricks or PEASS**, **join the** [**💬**](https://emojipedia.org/speech-balloon/)[ PEASS & HackTricks telegram group here](https://t.me/peass)**, or** follow me on Twitter [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/[https:/emojipedia.org/bird/README.md) ****[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
If you want to **share some tricks with the community** you can also submit **pull requests** to_\*_ [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks) _that will be reflected in this book.
Don't forget to\_\* give ⭐ on the github to motivate me to continue developing this book.
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%288%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)

2
pentesting/pentesting-web/iis-internet-information-services.md
View File

@ -320,7 +320,7 @@ C:\xampp\tomcat\conf\server.xml
If you see an error like the following one:
![](../../.gitbook/assets/image%20%28446%29%20%281%29.png)
![](../../.gitbook/assets/image%20%28446%29%20%281%29%20%281%29.png)
It means that the server **didn't receive the correct domain name** inside the Host header.
In order to access the web page you could take a look to the served **SSL Certificate** and maybe you can find the domain/subdomain name in there. If it isn't there you may need to **brute force VHosts** until you find the correct one.

41
stego/stego-tricks.md
View File

@ -1,6 +1,6 @@
# Stego Tricks
**Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)\*\*\*\*
**Some info was taken from** [**https://0xrick.github.io/lists/stego/**](https://0xrick.github.io/lists/stego/) **and from** [**https://github.com/DominicBreuker/stego-toolkit**](https://github.com/DominicBreuker/stego-toolkit)
## Extracting data from all files
@ -18,7 +18,7 @@ It can be installed with `apt`, and the [source](https://github.com/ReFirmLabs/b
Foremost is a program that recovers files based on their headers, footers, and internal data structures. I find it especially useful when dealing with png images. You can select the files that Foremost will extract by changing the config file in **/etc/foremost.conf.**
It can be installed with `apt`, and the [source](https://github.com/korczis/foremost) can be found on Github.
**Useful commands:**
`foremost -i file` : extracts data from the given file.
`foremost -i file` : extracts data from the given file.
### Exiftool <a id="exiftool"></a>
@ -33,7 +33,7 @@ A tool similar to exiftool.
It can be installed with `apt`, and the [source](https://github.com/Exiv2/exiv2) can be found on Github.
[Official website](http://www.exiv2.org/)
**Useful commands:**
`exiv2 file` : shows the metadata of the given file
`exiv2 file` : shows the metadata of the given file
### File
@ -47,7 +47,7 @@ Useful commands:
`strings -n 6 file | head -n 20`: Extract first 20 strings with min length of 6
`strings -n 6 file | tail -n 20`: Extract last 20 strings with min length of 6
`strings -e s -n 6 file`: Extract 7bit strings
`strings -e S -n 6 file`: Extract 8bit strings
`strings -e S -n 6 file`: Extract 8bit strings
`strings -e l -n 6 file`: Extract 16bit strings \(little-endian\)
`strings -e b -n 6 file`: Extract 16bit strings \(big-endian\)
`strings -e L -n 6 file`: Extract 32bit strings \(little-endian\)
@ -72,13 +72,13 @@ To **extract** the **data**, you can use: [https://www.irongeek.com/i.php?page=s
### identify
[GraphicMagick](https://imagemagick.org/script/download.php) tool to check what kind of image a file is. Also checks if the image is corrupted.
[GraphicMagick](https://imagemagick.org/script/download.php) tool to check what kind of image a file is. Also checks if the image is corrupted.
```text
./magick identify -verbose stego.jpg
```
If the image is damaged, you may be able to restore it by simply adding a metadata comment to it \(if it's very badly damaged this won't work\):
If the image is damaged, you may be able to restore it by simply adding a metadata comment to it \(if it's very badly damaged this won't work\):
```bash
./magick mogrify -set comment 'Extraneous bytes removed' stego.jpg
@ -87,7 +87,7 @@ If the image is damaged, you may be able to restore it by simply adding a metada
### Steghide \[JPEG, BMP, WAV, AU\] <a id="steghide"></a>
Steghide is a steganography program that hides data in various kinds of image and audio files. It supports the following file formats : `JPEG, BMP, WAV and AU`. Its also useful for extracting embedded and encrypted data from other files.
It can be installed with `apt`, and the [source](https://github.com/StefanoDeVuono/steghide) can be found on Github.
It can be installed with `apt`, and the [source](https://github.com/StefanoDeVuono/steghide) can be found on Github.
**Useful commands:**
`steghide info file` : displays info about whether a file has embedded data or not.
`steghide extract -sf file [--passphrase password]` : extracts embedded data from a file \[using a password\]
@ -101,13 +101,12 @@ You can also extract content from steghide using the web: [https://futureboy.us/
zsteg is a tool that can detect hidden data in png and bmp files.
To install it : `gem install zsteg`. The source can also be found on [Github](https://github.com/zed-0xff/zsteg)
**Useful commands:**
`zsteg -a file` : Runs every detection method on the given file
`zsteg -E file` : Extracts data with the given payload \(example : zsteg -E b4,bgr,msb,xy name.png\)
`zsteg -a file` : Runs every detection method on the given file
`zsteg -E file` : Extracts data with the given payload \(example : zsteg -E b4,bgr,msb,xy name.png\)
### stegoVeritas JPG, PNG, GIF, TIFF, BMP
### stegoVeritas JPG, PNG, GIF, TIFF, BMP
Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities.
Execute `stegoveritas.py stego.jpg` to run all checks.
Capable of a wide variety of simple and advanced tricks, this tool can check file metadata, create transformed images, brute force LSB, and more. Check out `stegoveritas.py -h` to read about its full capabilities. Execute `stegoveritas.py stego.jpg` to run all checks.
### Stegsolve
@ -149,27 +148,25 @@ Get details on a PNG file \(or even find out it's actually something else!\).
### ffmpeg
ffmpeg can be used to check the integrity of audio files, reporting various information about the file, as well as any errors it finds.
`ffmpeg -v info -i stego.mp3 -f null -`
`ffmpeg -v info -i stego.mp3 -f null -`
### Wavsteg \[WAV\] <a id="wavsteg"></a>
WavSteg is a Python3 tool that can hide data, using least significant bit, in wav files. It can also search for, and extract, data from wav files.
You can get it from [Github](https://github.com/ragibson/Steganography#WavSteg)
Useful commands:
`python3 WavSteg.py -r -b 1 -s soundfile -o outputfile` : Extracts to an output file \(taking only 1 lsb\)
`python3 WavSteg.py -r -b 2 -s soundfile -o outputfile` : Extracts to an output file \(taking only 2 lsb\)
`python3 WavSteg.py -r -b 1 -s soundfile -o outputfile` : Extracts to an output file \(taking only 1 lsb\)
`python3 WavSteg.py -r -b 2 -s soundfile -o outputfile` : Extracts to an output file \(taking only 2 lsb\)
### Deepsound
Hide, and check for, information encrypted with AES-265 in sound files.
Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
Hide, and check for, information encrypted with AES-265 in sound files. Download from [the oficial page](http://jpinsoft.net/deepsound/download.aspx).
To search for hidden info, simply run the program and open the sound file. If DeepSound finds any data hidden, you'll need to provide the password to unlock it.
### Sonic visualizer <a id="sonic-visualizer"></a>
Sonic visualizer is a tool for viewing and analyzing the contents of audio files. It can be very helpful when facing audio steganography challenges; you can reveal hidden shapes in audio files that many other tools won't detect.
If you're stuck, always check the spectrogram of the audio.
[Offical Website](https://www.sonicvisualiser.org/)
If you're stuck, always check the spectrogram of the audio. [Offical Website](https://www.sonicvisualiser.org/)
### DTMF Tones - Dial tones
@ -187,14 +184,10 @@ import math
math.sqrt(2500) #50
```
To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](%20https://www.dcode.fr/binary-image)
To convert binary "1"s and "0"s to a proper image: [ https://www.dcode.fr/binary-image](https://github.com/carlospolop/hacktricks/tree/32fa51552498a17d266ff03e62dfd1e2a61dcd10/binary-image/README.md)
To read a QR code: [https://online-barcode-reader.inliteresearch.com/](https://online-barcode-reader.inliteresearch.com/)
### Braile
[https://www.branah.com/braille-translator](https://www.branah.com/braille-translator%29)

2
windows/active-directory-methodology/README.md
View File

@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
* [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
* [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2811%29.png)
![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%2812%29.png)
[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)