From 5e6aa005216ba9dfb783dcfb17d561c2c7d7cca8 Mon Sep 17 00:00:00 2001
From: chiyochichi <57356373+chiyochichi@users.noreply.github.com>
Date: Sun, 25 Feb 2024 11:03:47 +0200
Subject: [PATCH 1/3] spelling awkward phrasing etc

removed double mention of jetbrains decompiler, changed dnspy url to redirected one and added alternative, and fixed some spelling issues (there's still more)
---
 .../reversing-tools-basic-methods/README.md   | 29 +++++++++----------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/reversing/reversing-tools-basic-methods/README.md b/reversing/reversing-tools-basic-methods/README.md
index 02e0518b629..ec4d08dcc2e 100644
--- a/reversing/reversing-tools-basic-methods/README.md
+++ b/reversing/reversing-tools-basic-methods/README.md
@@ -41,7 +41,7 @@ Software:
 * [https://www.pnfsoftware.com/jeb/demo](https://www.pnfsoftware.com/jeb/demo)
 * [https://github.com/wwwg/wasmdec](https://github.com/wwwg/wasmdec)
 
-## .Net decompiler
+## .NET decompiler
 
 ### [dotPeek](https://www.jetbrains.com/decompiler/)
 
@@ -49,7 +49,7 @@ dotPeek is a decompiler that **decompiles and examines multiple formats**, inclu
 
 The merit here is that if a lost source code requires restoration from a legacy assembly, this action can save time. Further, dotPeek provides handy navigation throughout the decompiled code, making it one of the perfect tools for **Xamarin algorithm analysis.**&#x20;
 
-### [.Net Reflector](https://www.red-gate.com/products/reflector/)
+### [.NET Reflector](https://www.red-gate.com/products/reflector/)
 
 With a comprehensive add-in model and an API that extends the tool to suit your exact needs, .NET reflector saves time and simplifies development. Let's take a look at the plethora of reverse engineering services this tool provides:
 
@@ -63,14 +63,13 @@ With a comprehensive add-in model and an API that extends the tool to suit your
 ### [ILSpy](https://github.com/icsharpcode/ILSpy) & [dnSpy](https://github.com/dnSpy/dnSpy/releases)
 
 [ILSpy plugin for Visual Studio Code](https://github.com/icsharpcode/ilspy-vscode): You can have it in any OS (you can install it directly from VSCode, no need to download the git. Click on **Extensions** and **search ILSpy**).\
-If you need to **decompile**, **modify** and **recompile** again you can use: [**https://github.com/0xd4d/dnSpy/releases**](https://github.com/0xd4d/dnSpy/releases) (**Right Click -> Modify Method** to change something inside a function).\
-You cloud also try [https://www.jetbrains.com/es-es/decompiler/](https://www.jetbrains.com/es-es/decompiler/)
+If you need to **decompile**, **modify** and **recompile** again you can use [**dnSpy**](https://github.com/dnSpy/dnSpy/releases) or an actively maintained fork of it, [**dnSpyEx**](https://github.com/dnSpyEx/dnSpy/releases). (**Right Click -> Modify Method** to change something inside a function).
 
 ### DNSpy Logging
 
-In order to make **DNSpy log some information in a file**, you could use this .Net lines:
+In order to make **DNSpy log some information in a file**, you could use this snippet:
 
-```bash
+```cs
 using System.IO;
 path = "C:\\inetpub\\temp\\MyTest2.txt";
 File.AppendAllText(path, "Password: " + password + "\n");
@@ -103,13 +102,13 @@ And click on **compile**:
 
 ![](<../../.gitbook/assets/image (314) (1) (1).png>)
 
-Then save the new file on _**File >> Save module...**_:
+Then save the new file via _**File >> Save module...**_:
 
 ![](<../../.gitbook/assets/image (279).png>)
 
 This is necessary because if you don't do this, at **runtime** several **optimisations** will be applied to the code and it could be possible that while debugging a **break-point is never hit** or some **variables don't exist**.
 
-Then, if your .Net application is being **run** by **IIS** you can **restart** it with:
+Then, if your .NET application is being **run** by **IIS** you can **restart** it with:
 
 ```
 iisreset /noforce
@@ -129,7 +128,7 @@ Now that we are debugging the process, it's time to stop it and load all the mod
 
 ![](<../../.gitbook/assets/image (283).png>)
 
-Click any module on **Modules** and selec**t Open All Modules**:
+Click any module on **Modules** and select **Open All Modules**:
 
 ![](<../../.gitbook/assets/image (284).png>)
 
@@ -247,16 +246,16 @@ The **Create Dump** option will dump the final shellcode if any change is done t
 
 ### Disassembling using CyberChef
 
-Upload you shellcode file as input and use the following receipt to decompile it: [https://gchq.github.io/CyberChef/#recipe=To\_Hex('Space',0)Disassemble\_x86('32','Full%20x86%20architecture',16,0,true,true)](https://gchq.github.io/CyberChef/#recipe=To\_Hex\('Space',0\)Disassemble\_x86\('32','Full%20x86%20architecture',16,0,true,true\))
+Upload your shellcode file as input and use the following recipe to decompile it: [https://gchq.github.io/CyberChef/#recipe=To\_Hex('Space',0)Disassemble\_x86('32','Full%20x86%20architecture',16,0,true,true)](https://gchq.github.io/CyberChef/#recipe=To\_Hex\('Space',0\)Disassemble\_x86\('32','Full%20x86%20architecture',16,0,true,true\))
 
 ## [Movfuscator](https://github.com/xoreaxeaxeax/movfuscator)
 
-This obfuscator **modify all the instructions for `mov`**(yeah, really cool). It also uses interruptions to change executions flows. For more information about how does it works:
+This obfuscator **modifies all the instructions for `mov`**(yeah, really cool). It also uses interruptions to change executions flows. For more information about how does it works:
 
 * [https://www.youtube.com/watch?v=2VF\_wPkiBJY](https://www.youtube.com/watch?v=2VF\_wPkiBJY)
 * [https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas\_2015\_the\_movfuscator.pdf](https://github.com/xoreaxeaxeax/movfuscator/blob/master/slides/domas\_2015\_the\_movfuscator.pdf)
 
-If you are lucky [demovfuscator ](https://github.com/kirschju/demovfuscator)will deofuscate the binary. It has several dependencies
+If you are lucky [demovfuscator](https://github.com/kirschju/demovfuscator) will deofuscate the binary. It has several dependencies
 
 ```
 apt-get install libcapstone-dev
@@ -289,7 +288,7 @@ Having the **name** of the **functions** being called, search for them on the **
 
 For Delphi compiled binaries you can use [https://github.com/crypto2011/IDR](https://github.com/crypto2011/IDR)
 
-I you have to reverse a Delphi binary I would suggest you to use the IDA plugin [https://github.com/Coldzer0/IDA-For-Delphi](https://github.com/Coldzer0/IDA-For-Delphi)
+If you have to reverse a Delphi binary I would suggest you to use the IDA plugin [https://github.com/Coldzer0/IDA-For-Delphi](https://github.com/Coldzer0/IDA-For-Delphi)
 
 Just press **ATL+f7** (import python plugin in IDA) and select the python plugin.
 
@@ -299,7 +298,7 @@ It is also very interesting because if you press a button in the graphic applica
 
 ## Golang
 
-I you have to reverse a Golang binary I would suggest you to use the IDA plugin [https://github.com/sibears/IDAGolangHelper](https://github.com/sibears/IDAGolangHelper)
+If you have to reverse a Golang binary I would suggest you to use the IDA plugin [https://github.com/sibears/IDAGolangHelper](https://github.com/sibears/IDAGolangHelper)
 
 Just press **ATL+f7** (import python plugin in IDA) and select the python plugin.
 
@@ -341,7 +340,7 @@ R = 256
 L = 256
 ```
 
-So, in this kind of programs, the an interesting part will be **how the program treats the user input**. In the address **0x4000130** you will find the commonly found function: **KEYINPUT.**
+So, in this kind of program, the interesting part will be **how the program treats the user input**. In the address **0x4000130** you will find the commonly found function: **KEYINPUT**.
 
 ![](<../../.gitbook/assets/image (579).png>)
 

From 882371226ae5e96b61720ee6373c088ccfb31ff6 Mon Sep 17 00:00:00 2001
From: chiyochichi <57356373+chiyochichi@users.noreply.github.com>
Date: Sun, 25 Feb 2024 11:09:32 +0200
Subject: [PATCH 2/3] clean up ad

i would remove that section entirely ngl
---
 pentesting-web/captcha-bypass.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/pentesting-web/captcha-bypass.md b/pentesting-web/captcha-bypass.md
index 831f168fe0c..829a7fa6b63 100644
--- a/pentesting-web/captcha-bypass.md
+++ b/pentesting-web/captcha-bypass.md
@@ -25,7 +25,7 @@ To **bypass** the captcha during **server testing** and automate user input func
 2. **Value Extraction and Reuse**:
    * **Source Code Inspection**: Search for the captcha value within the page's source code.
    * **Cookie Analysis**: Examine the cookies to find if the captcha value is stored and reused.
-   * **Reuse Old Captcha Values**: Attempt to use previously successful captcha values again.
+   * **Reuse Old Captcha Values**: Attempt to use previously successful captcha values again. Keep in mind that they might expire at any time.
    * **Session Manipulation**: Try using the same captcha value across different sessions or the same session ID.
 
 3. **Automation and Recognition**:
@@ -42,15 +42,11 @@ To **bypass** the captcha during **server testing** and automate user input func
    * **Audio Captcha Analysis**: If an audio captcha option is available, use speech-to-text services to interpret and solve the captcha.
 
 
-## Online Services to bypass captchas
+## Online Services to solve captchas
 
 ### [Capsolver](https://www.capsolver.com/)
 
-Capsolver‘s automatic captcha solver offers the **most affordable and quick captcha-solving solution**. You may rapidly combine it with your program using its simple integration option to achieve the best results in a matter of seconds.
-
-With a success rate of 99.15%, Capsolver can **answer more than 10M captchas every minute**. This implies that your automation or scrape will have a 99.99% uptime. You may buy a captcha package if you have a large budget.
-
-At the lowest price on the market, you may receive a variety of solutions, including reCAPTCHA V2, reCAPTCHA V3, hCaptcha, hCaptcha Click, reCaptcha click, Funcaptcha Click, FunCaptcha, datadome captcha, aws captcha, picture-to-text, binance / coinmarketcap captcha, geetest v3 / v3, and more. With this service, **0.1s is the slowest speed ever measured**.
+Capsolver's automatic captcha solver offers an **affordable and quick captcha-solving solution**. You may rapidly combine it with your program using its simple integration option to achieve the best results in a matter of seconds. It can solve reCAPTCHA V2 and V3, hCaptcha, FunCaptcha, datadome, aws captcha, picture-to-text, binance / coinmarketcap captcha, geetest v3, and more. However, this is not a bypass per-se.
 
 <details>
 

From 1858528b0eb7defd139aae3827d80024d15de2a7 Mon Sep 17 00:00:00 2001
From: chiyochichi <57356373+chiyochichi@users.noreply.github.com>
Date: Sun, 25 Feb 2024 11:17:54 +0200
Subject: [PATCH 3/3] csti meow

awkward af
---
 pentesting-web/client-side-template-injection-csti.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pentesting-web/client-side-template-injection-csti.md b/pentesting-web/client-side-template-injection-csti.md
index 7d0ffb11ba6..dea81977438 100644
--- a/pentesting-web/client-side-template-injection-csti.md
+++ b/pentesting-web/client-side-template-injection-csti.md
@@ -17,9 +17,9 @@ Other ways to support HackTricks:
 
 # Summary
 
-It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you to **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim.
+It is like a [**Server Side Template Injection**](ssti-server-side-template-injection/) but in the **client**. The **SSTI** can allow you to **execute code** on the remote server, the **CSTI** could allow you to **execute arbitrary JavaScript** code in the victim's browser.
 
-The way to **test** for this vulnerability is very **similar** as in the case of **SSTI**, the interpreter is going to expect something to execute **between doubles keys** and will execute it. For example using something like: `{{ 7-7 }}` if the server is **vulnerable** you will see a `0` and if not you will see the original: `{{ 7-7 }}`
+**Testing** for this vulnerability is very **similar** as in the case of **SSTI**, the interpreter expects **a template** and will execute it. For example, with a payload like `{{ 7-7 }}`, if the app is **vulnerable** you will see a `0`, and if not, you will see the original: `{{ 7-7 }}`
 
 # AngularJS
 
@@ -44,7 +44,7 @@ You can find a very **basic online example** of the vulnerability in **AngularJS
 
 # VueJS
 
-You can find a **vulnerable vue.js** implementation in [https://vue-client-side-template-injection-example.azu.now.sh/](https://vue-client-side-template-injection-example.azu.now.sh)\
+You can find a **vulnerable Vue** implementation in [https://vue-client-side-template-injection-example.azu.now.sh/](https://vue-client-side-template-injection-example.azu.now.sh)\
 Working payload: [`https://vue-client-side-template-injection-example.azu.now.sh/?name=%7B%7Bthis.constructor.constructor(%27alert(%22foo%22)%27)()%7D%`](https://vue-client-side-template-injection-example.azu.now.sh/?name=%7B%7Bthis.constructor.constructor\(%27alert\(%22foo%22\)%27\)\(\)%7D%7D)
 
 And the **source code** of the vulnerable example here: [https://github.com/azu/vue-client-side-template-injection-example](https://github.com/azu/vue-client-side-template-injection-example)