From f3d9d12a385fc7c72a6d6920e48bfca1e5500af8 Mon Sep 17 00:00:00 2001 From: Carlos Polop Date: Mon, 29 Jul 2024 11:13:14 +0200 Subject: [PATCH] b --- README.md | 4 ++-- network-services-pentesting/512-pentesting-rexec.md | 12 ++++++++++++ network-services-pentesting/pentesting-dns.md | 12 ++++++------ network-services-pentesting/pentesting-finger.md | 12 ++++++++++++ .../pentesting-ftp/ftp-bounce-download-2oftp-file.md | 12 ++++++++++++ .../pentesting-jdwp-java-debug-wire-protocol.md | 12 ++++++++++++ network-services-pentesting/pentesting-modbus.md | 12 ++++++++++++ network-services-pentesting/pentesting-rdp.md | 12 ++++++------ .../pentesting-remote-gdbserver.md | 8 ++++---- .../pentesting-smtp/README.md | 6 +++--- .../pentesting-smtp/smtp-commands.md | 4 ++-- network-services-pentesting/pentesting-telnet.md | 8 ++++---- .../pentesting-web/403-and-401-bypasses.md | 4 ++-- network-services-pentesting/pentesting-web/nginx.md | 4 ++-- .../pentesting-web/werkzeug.md | 4 ++-- other-web-tricks.md | 12 ++++++++++++ pentesting-web/sql-injection/sqlmap/README.md | 4 ++-- .../el-expression-language.md | 2 +- 18 files changed, 108 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 122e4f29193..34f337a9433 100644 --- a/README.md +++ b/README.md @@ -77,13 +77,13 @@ Join [**HackenProof Discord**](https://discord.com/invite/N3FrSbmwdy) server to *** -### [Pentest-Tools.com](https://pentest-tools.com/) - The essential penetration testing toolkit +### [Pentest-Tools.com](https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons) - The essential penetration testing toolkit
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} *** diff --git a/network-services-pentesting/512-pentesting-rexec.md b/network-services-pentesting/512-pentesting-rexec.md index cd4ce6c2b88..8f032d54fa7 100644 --- a/network-services-pentesting/512-pentesting-rexec.md +++ b/network-services-pentesting/512-pentesting-rexec.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + ## Basic Information It is a service that **allows you to execute a command inside a host** if you know valid **credentials** (username and password). @@ -28,6 +34,12 @@ PORT STATE SERVICE ### [**Brute-force**](../generic-methodologies-and-resources/brute-force.md#rexec) +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) diff --git a/network-services-pentesting/pentesting-dns.md b/network-services-pentesting/pentesting-dns.md index 450d9ebf5e6..51f6d48afac 100644 --- a/network-services-pentesting/pentesting-dns.md +++ b/network-services-pentesting/pentesting-dns.md @@ -15,11 +15,11 @@ Learn & practice GCP Hacking: {% endhint %} -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## **Basic Information** @@ -202,11 +202,11 @@ dig google.com A @ ![](<../.gitbook/assets/image (146).png>) -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ### Mail to nonexistent account @@ -323,11 +323,11 @@ Entry_6: Command: msfconsole -q -x 'use auxiliary/scanner/dns/dns_amp; set RHOSTS {IP}; set RPORT 53; run; exit' && msfconsole -q -x 'use auxiliary/gather/enum_dns; set RHOSTS {IP}; set RPORT 53; run; exit' ``` -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-finger.md b/network-services-pentesting/pentesting-finger.md index a79d66060e2..01be4d31c03 100644 --- a/network-services-pentesting/pentesting-finger.md +++ b/network-services-pentesting/pentesting-finger.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + ## **Basic Info** The **Finger** program/service is utilized for retrieving details about computer users. Typically, the information provided includes the **user's login name, full name**, and, in some cases, additional details. These extra details could encompass the office location and phone number (if available), the time the user logged in, the period of inactivity (idle time), the last instance mail was read by the user, and the contents of the user's plan and project files. @@ -79,6 +85,12 @@ finger user@host@victim finger @internal@external ``` +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) diff --git a/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md b/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md index 8a1533cb73e..48fa8dab987 100644 --- a/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md +++ b/network-services-pentesting/pentesting-ftp/ftp-bounce-download-2oftp-file.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + # Resume @@ -40,6 +46,12 @@ If you have access to a bounce FTP server, you can make it request files of othe For a more detailed information check the post: [http://www.ouah.org/ftpbounce.html](http://www.ouah.org/ftpbounce.html) +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) diff --git a/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md b/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md index acfa4ff3502..a6a06bc5491 100644 --- a/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md +++ b/network-services-pentesting/pentesting-jdwp-java-debug-wire-protocol.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + ## Exploiting JDWP exploitation hinges on the **protocol's lack of authentication and encryption**. It's generally found on **port 8000**, but other ports are possible. The initial connection is made by sending a "JDWP-Handshake" to the target port. If a JDWP service is active, it responds with the same string, confirming its presence. This handshake acts as a fingerprinting method to identify JDWP services on the network. @@ -74,6 +80,12 @@ I found that the use of `--break-on 'java.lang.String.indexOf'` make the exploit * [http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp/jdwp-protocol.html](http://docs.oracle.com/javase/1.5.0/docs/guide/jpda/jdwp/jdwp-protocol.html) * [http://nmap.org/nsedoc/scripts/jdwp-exec.html](http://nmap.org/nsedoc/scripts/jdwp-exec.html) +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) diff --git a/network-services-pentesting/pentesting-modbus.md b/network-services-pentesting/pentesting-modbus.md index 0e43bfd8dcd..681b16ebb96 100644 --- a/network-services-pentesting/pentesting-modbus.md +++ b/network-services-pentesting/pentesting-modbus.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + # Basic Information @@ -42,6 +48,12 @@ Learn & practice GCP Hacking: +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + Support HackTricks * Check the [**subscription plans**](https://github.com/sponsors/carlospolop)! diff --git a/network-services-pentesting/pentesting-rdp.md b/network-services-pentesting/pentesting-rdp.md index a7bbbab648f..ba3dfece822 100644 --- a/network-services-pentesting/pentesting-rdp.md +++ b/network-services-pentesting/pentesting-rdp.md @@ -15,11 +15,11 @@ Learn & practice GCP Hacking: {% endhint %} -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## Basic Information @@ -76,11 +76,11 @@ rdp\_check.py from impacket let you check if some credentials are valid for a RD rdp_check /:@ ``` -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## **Attacks** @@ -169,11 +169,11 @@ Entry_2: Command: nmap --script "rdp-enum-encryption or rdp-vuln-ms12-020 or rdp-ntlm-info" -p 3389 -T4 {IP} ``` -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-remote-gdbserver.md b/network-services-pentesting/pentesting-remote-gdbserver.md index 604a2d08dff..c303642839d 100644 --- a/network-services-pentesting/pentesting-remote-gdbserver.md +++ b/network-services-pentesting/pentesting-remote-gdbserver.md @@ -15,11 +15,11 @@ Learn & practice GCP Hacking: {% endhint %} -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## **Basic Information** @@ -200,11 +200,11 @@ RemoteCmd() ``` {% endcode %} -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-smtp/README.md b/network-services-pentesting/pentesting-smtp/README.md index ffab10e7015..6475f56755b 100644 --- a/network-services-pentesting/pentesting-smtp/README.md +++ b/network-services-pentesting/pentesting-smtp/README.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## DSN Reports @@ -630,7 +630,7 @@ Entry_8: **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-smtp/smtp-commands.md b/network-services-pentesting/pentesting-smtp/smtp-commands.md index 918820781a2..a014cd082de 100644 --- a/network-services-pentesting/pentesting-smtp/smtp-commands.md +++ b/network-services-pentesting/pentesting-smtp/smtp-commands.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-telnet.md b/network-services-pentesting/pentesting-telnet.md index b046f2c791c..c1fbe232586 100644 --- a/network-services-pentesting/pentesting-telnet.md +++ b/network-services-pentesting/pentesting-telnet.md @@ -15,11 +15,11 @@ Learn & practice GCP Hacking: {% endhint %} -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} ## **Basic Information** @@ -95,11 +95,11 @@ Entry_4: ``` -
+
**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-web/403-and-401-bypasses.md b/network-services-pentesting/pentesting-web/403-and-401-bypasses.md index c039047ad5d..8581f5ed51c 100644 --- a/network-services-pentesting/pentesting-web/403-and-401-bypasses.md +++ b/network-services-pentesting/pentesting-web/403-and-401-bypasses.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-web/nginx.md b/network-services-pentesting/pentesting-web/nginx.md index d53df91bd12..a17f6c6a549 100644 --- a/network-services-pentesting/pentesting-web/nginx.md +++ b/network-services-pentesting/pentesting-web/nginx.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: @@ -320,7 +320,7 @@ Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulne **Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. -{% embed url="https://pentest-tools.com/" %} +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/network-services-pentesting/pentesting-web/werkzeug.md b/network-services-pentesting/pentesting-web/werkzeug.md index 5ff73e32527..4c7a3240872 100644 --- a/network-services-pentesting/pentesting-web/werkzeug.md +++ b/network-services-pentesting/pentesting-web/werkzeug.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/other-web-tricks.md b/other-web-tricks.md index f38e4353ff5..655676f2c63 100644 --- a/other-web-tricks.md +++ b/other-web-tricks.md @@ -15,6 +15,12 @@ Learn & practice GCP Hacking: {% endhint %} +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + ### Host header Several times the back-end trust the **Host header** to perform some actions. For example, it could use its value as the **domain to send a password reset**. So when you receive an email with a link to reset your password, the domain being used is the one you put in the Host header.Then, you can request the password reset of other users and change the domain to one controlled by you to steal their password reset codes. [WriteUp](https://medium.com/nassec-cybersecurity-writeups/how-i-was-able-to-take-over-any-users-account-with-host-header-injection-546fff6d0f2). @@ -47,6 +53,12 @@ Developers might forget to disable various debugging options in the production e ![Image for post](https://miro.medium.com/max/1330/1\*wDFRADTOd9Tj63xucenvAA.png) +
+ +**Instantly available setup for vulnerability assessment & penetration testing**. Run a full pentest from anywhere with 20+ tools & features that go from recon to reporting. We don't replace pentesters - we develop custom tools, detection & exploitation modules to give them back some time to dig deeper, pop shells, and have fun. + +{% embed url="https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=spons" %} + {% hint style="success" %} Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) diff --git a/pentesting-web/sql-injection/sqlmap/README.md b/pentesting-web/sql-injection/sqlmap/README.md index 77e347d5aba..a25570a9f96 100644 --- a/pentesting-web/sql-injection/sqlmap/README.md +++ b/pentesting-web/sql-injection/sqlmap/README.md @@ -19,7 +19,7 @@ Learn & practice GCP Hacking: [**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ diff --git a/pentesting-web/ssti-server-side-template-injection/el-expression-language.md b/pentesting-web/ssti-server-side-template-injection/el-expression-language.md index dec9ae5e140..626f8728fd9 100644 --- a/pentesting-web/ssti-server-side-template-injection/el-expression-language.md +++ b/pentesting-web/ssti-server-side-template-injection/el-expression-language.md @@ -50,7 +50,7 @@ Depending on the **EL version** some **features** might be **On** or **Off** and ## Basic Example -(You can find another interesting tutorial about EL in [https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/](https://pentest-tools.com/blog/exploiting-ognl-injection-in-apache-struts/)) +(You can find another interesting tutorial about EL in [https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=sponsblog/exploiting-ognl-injection-in-apache-struts/](https://pentest-tools.com/?utm_term=jul2024&utm_medium=link&utm_source=hacktricks&utm_campaign=sponsblog/exploiting-ognl-injection-in-apache-struts/)) Download from the [**Maven**](https://mvnrepository.com) repository the jar files: