diff --git a/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md b/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
index 62e2386426d..ef5ad9ce665 100644
--- a/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
+++ b/forensics/basic-forensic-methodology/partitions-file-systems-carving/file-data-carving-recovery-tools.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -114,7 +114,7 @@ You can use the linux command line tool **pdftotext** to transform a pdf into te
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/exfiltration.md b/generic-methodologies-and-resources/exfiltration.md
index e1f2fd31a88..9051fe136f0 100644
--- a/generic-methodologies-and-resources/exfiltration.md
+++ b/generic-methodologies-and-resources/exfiltration.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -386,7 +386,7 @@ Then copy-paste the text into the windows-shell and a file called nc.exe will be
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md b/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
index 37f7de06500..7f80ae2d411 100644
--- a/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
+++ b/generic-methodologies-and-resources/external-recon-methodology/wide-source-code-search.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -38,7 +38,7 @@ When you look for leaks in a repo and run something like `git log -p` don't forg
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
index 53ee132b97d..442eed46f1b 100644
--- a/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
+++ b/generic-methodologies-and-resources/python/bypass-python-sandboxes/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -1127,7 +1127,7 @@ will be bypassed
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/shells/linux.md b/generic-methodologies-and-resources/shells/linux.md
index 7f38e3c8f6e..03caeb11433 100644
--- a/generic-methodologies-and-resources/shells/linux.md
+++ b/generic-methodologies-and-resources/shells/linux.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -400,7 +400,7 @@ Process p=new ProcessBuilder(cmd).redirectErrorStream(true).start();Socket s=new
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/shells/windows.md b/generic-methodologies-and-resources/shells/windows.md
index ae9be4d660b..aa22973460f 100644
--- a/generic-methodologies-and-resources/shells/windows.md
+++ b/generic-methodologies-and-resources/shells/windows.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -572,7 +572,7 @@ WinPWN](https://github.com/SecureThisShit/WinPwn) PS console with some offensive
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md
index 5837ef27366..f92548b309a 100644
--- a/generic-methodologies-and-resources/tunneling-and-port-forwarding.md
+++ b/generic-methodologies-and-resources/tunneling-and-port-forwarding.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -621,7 +621,7 @@ tunnels:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/linux-hardening/linux-environment-variables.md b/linux-hardening/linux-environment-variables.md
index ed3c56319a3..df5f54685ea 100644
--- a/linux-hardening/linux-environment-variables.md
+++ b/linux-hardening/linux-environment-variables.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -143,7 +143,7 @@ One background job, one stopped and last command didn't finish correctly:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/mobile-pentesting/android-app-pentesting/README.md b/mobile-pentesting/android-app-pentesting/README.md
index 2482b40a9ca..71df6148a1a 100644
--- a/mobile-pentesting/android-app-pentesting/README.md
+++ b/mobile-pentesting/android-app-pentesting/README.md
@@ -482,6 +482,7 @@ If you want to pentest Android applications you need to know how to use Frida.
* Some "GUI" for actions with Frida: [**https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security**](https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security)
* Ojection is great to automate the use of Frida: [**https://github.com/sensepost/objection**](https://github.com/sensepost/objection) **,** [**https://github.com/dpnishant/appmon**](https://github.com/dpnishant/appmon)
* You can find some Awesome Frida scripts here: [**https://codeshare.frida.re/**](https://codeshare.frida.re)
+* Try to bypass anti-debugging / anti-frida mechanisms loading Frida as in indicated in [https://erfur.github.io/blog/dev/code-injection-without-ptrace](https://erfur.github.io/blog/dev/code-injection-without-ptrace) (tool [linjector](https://github.com/erfur/linjector-rs))
### **Dump Memory - Fridump**
diff --git a/mobile-pentesting/android-app-pentesting/android-applications-basics.md b/mobile-pentesting/android-app-pentesting/android-applications-basics.md
index 2f61a205ae6..18e98dc7297 100644
--- a/mobile-pentesting/android-app-pentesting/android-applications-basics.md
+++ b/mobile-pentesting/android-app-pentesting/android-applications-basics.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -417,7 +417,7 @@ if (dpm.isAdminActive(adminComponent)) {
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
index 2bf5e7e913a..6e807fe8d03 100644
--- a/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
+++ b/mobile-pentesting/android-app-pentesting/android-task-hijacking.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -66,7 +66,7 @@ To prevent such attacks, developers can set `taskAffinity` to an empty string an
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
index 0d25587fdc1..5e4820e8b60 100644
--- a/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
+++ b/mobile-pentesting/android-app-pentesting/make-apk-accept-ca-certificate.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -71,7 +71,7 @@ Finally, you need just to **sign the new application**. [Read this section of th
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/mobile-pentesting/android-checklist.md b/mobile-pentesting/android-checklist.md
index 8c89c8517fe..791130ff530 100644
--- a/mobile-pentesting/android-checklist.md
+++ b/mobile-pentesting/android-checklist.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -77,7 +77,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/mobile-pentesting/ios-pentesting-checklist.md b/mobile-pentesting/ios-pentesting-checklist.md
index b6413bd9b7b..b221995825b 100644
--- a/mobile-pentesting/ios-pentesting-checklist.md
+++ b/mobile-pentesting/ios-pentesting-checklist.md
@@ -24,7 +24,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -120,7 +120,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/43-pentesting-whois.md b/network-services-pentesting/43-pentesting-whois.md
index ebf909d071a..82582673b2a 100644
--- a/network-services-pentesting/43-pentesting-whois.md
+++ b/network-services-pentesting/43-pentesting-whois.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -54,7 +54,7 @@ Also, the WHOIS service always needs to use a **database** to store and extract
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/49-pentesting-tacacs+.md b/network-services-pentesting/49-pentesting-tacacs+.md
index 14cf1939df2..b6f274c9d20 100644
--- a/network-services-pentesting/49-pentesting-tacacs+.md
+++ b/network-services-pentesting/49-pentesting-tacacs+.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -62,7 +62,7 @@ By gaining access to the control panel of network equipment using the obtained c
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/7-tcp-udp-pentesting-echo.md b/network-services-pentesting/7-tcp-udp-pentesting-echo.md
index 01a29b2ac15..d9925968e6d 100644
--- a/network-services-pentesting/7-tcp-udp-pentesting-echo.md
+++ b/network-services-pentesting/7-tcp-udp-pentesting-echo.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -58,7 +58,7 @@ Hello echo #This is the response
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/ipsec-ike-vpn-pentesting.md b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
index d3011479680..be22f326fc0 100644
--- a/network-services-pentesting/ipsec-ike-vpn-pentesting.md
+++ b/network-services-pentesting/ipsec-ike-vpn-pentesting.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -292,7 +292,7 @@ Ensure that actual, secure values are used to replace the placeholders when conf
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-ftp/README.md b/network-services-pentesting/pentesting-ftp/README.md
index 3988e4f61aa..7436db2e491 100644
--- a/network-services-pentesting/pentesting-ftp/README.md
+++ b/network-services-pentesting/pentesting-ftp/README.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -247,7 +247,7 @@ The default configuration of vsFTPd can be found in `/etc/vsftpd.conf`. In here,
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
index 6546669a4f7..3746b725c8e 100644
--- a/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
+++ b/network-services-pentesting/pentesting-ftp/ftp-bounce-attack.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -56,7 +56,7 @@ nmap -v -p 21,22,445,80,443 -b ftp:ftp@10.2.1.5 192.168.0.1/24 #Scan the interna
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-imap.md b/network-services-pentesting/pentesting-imap.md
index 046f98930a9..3dc0ab0bc8d 100644
--- a/network-services-pentesting/pentesting-imap.md
+++ b/network-services-pentesting/pentesting-imap.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -182,7 +182,7 @@ done
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
index 1e94c03f0d6..4c69adca8f8 100644
--- a/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
+++ b/network-services-pentesting/pentesting-mssql-microsoft-sql-server/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -541,7 +541,7 @@ You probably will be able to **escalate to Administrator** following one of thes
* [https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/](https://blog.waynesheffield.com/wayne/archive/2017/08/working-registry-sql-server/)
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-pop.md b/network-services-pentesting/pentesting-pop.md
index 64da393dfe2..c8af53f6018 100644
--- a/network-services-pentesting/pentesting-pop.md
+++ b/network-services-pentesting/pentesting-pop.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -113,7 +113,7 @@ From [https://academy.hackthebox.com/module/112/section/1073](https://academy.ha
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
index 3769332bd93..5397c0042fb 100644
--- a/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
+++ b/network-services-pentesting/pentesting-smb/rpcclient-enumeration.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -105,7 +105,7 @@ To **understand** better how the tools _**samrdump**_ **and** _**rpcdump**_ work
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-web/graphql.md b/network-services-pentesting/pentesting-web/graphql.md
index a5f14f0578b..f7711d76231 100644
--- a/network-services-pentesting/pentesting-web/graphql.md
+++ b/network-services-pentesting/pentesting-web/graphql.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
@@ -26,14 +26,14 @@ With the advent of new technologies, including GraphQL, new security vulnerabili
To identify exposed GraphQL instances, the inclusion of specific paths in directory brute force attacks is recommended. These paths are:
-- `/graphql`
-- `/graphiql`
-- `/graphql.php`
-- `/graphql/console`
-- `/api`
-- `/api/graphql`
-- `/graphql/api`
-- `/graphql/graphql`
+* `/graphql`
+* `/graphiql`
+* `/graphql.php`
+* `/graphql/console`
+* `/api`
+* `/api/graphql`
+* `/graphql/api`
+* `/graphql/graphql`
Identifying open GraphQL instances allows for the examination of supported queries. This is crucial for understanding the data accessible through the endpoint. GraphQL's introspection system facilitates this by detailing the queries a schema supports. For more information on this, refer to the GraphQL documentation on introspection: [**GraphQL: A query language for APIs.**](https://graphql.org/learn/introspection/)
@@ -375,6 +375,10 @@ mutation {
}
```
+### Directive Overloading
+
+As explained in [**one of the vulns described in this report**](https://www.landh.tech/blog/20240304-google-hack-50000/), a directive overloading implies to call of a directive even millions of times to make the server waste operations until it's possible to DoS it.
+
### Batching brute-force in 1 API request
This information was take from [https://lab.wallarm.com/graphql-batching-attack/](https://lab.wallarm.com/graphql-batching-attack/).\
@@ -543,7 +547,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
diff --git a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
index c741041e292..80124888803 100644
--- a/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
+++ b/network-services-pentesting/pentesting-web/php-tricks-esp/php-ssrf.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -76,7 +76,7 @@ $file = file_get_contents($url, false, $context);
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-web/tomcat.md b/network-services-pentesting/pentesting-web/tomcat.md
index 794ea0235ec..837250b0e12 100644
--- a/network-services-pentesting/pentesting-web/tomcat.md
+++ b/network-services-pentesting/pentesting-web/tomcat.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -268,7 +268,7 @@ msf> use post/windows/gather/enum_tomcat
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
index a17b660f760..74a5e56fdf4 100644
--- a/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
+++ b/network-services-pentesting/pentesting-web/tomcat/basic-tomcat-info.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -159,7 +159,7 @@ The file shows us what each of the roles `manager-gui`, `manager-script`, `manag
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/bypass-payment-process.md b/pentesting-web/bypass-payment-process.md
index cc114b36af9..056d08ac454 100644
--- a/pentesting-web/bypass-payment-process.md
+++ b/pentesting-web/bypass-payment-process.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -54,7 +54,7 @@ If you encounter a parameter that contains a URL, especially one following the p
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/content-security-policy-csp-bypass/README.md b/pentesting-web/content-security-policy-csp-bypass/README.md
index 4deb79cb541..5312a284421 100644
--- a/pentesting-web/content-security-policy-csp-bypass/README.md
+++ b/pentesting-web/content-security-policy-csp-bypass/README.md
@@ -215,6 +215,10 @@ Moreover, even if you could upload a **JS code inside** a file using an extensio
From here, if you find a XSS and a file upload, and you manage to find a **misinterpreted extension**, you could try to upload a file with that extension and the Content of the script. Or, if the server is checking the correct format of the uploaded file, create a polyglot ([some polyglot examples here](https://github.com/Polydet/polyglot-database)).
+### Form-action
+
+If not possible to inject JS, you could still try to exfiltrate for example credentials **injecting a form action** (and maybe expecting password managers to auto-fill passwords). You can find an [**example in this report**](https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp). Also, notice that `default-src` does not cover form actions.
+
### Third Party Endpoints + ('unsafe-eval')
{% hint style="warning" %}
@@ -318,6 +322,18 @@ More [**payloads from this writeup**](https://joaxcar.com/blog/2024/02/19/csp-by
b.nonce=a.nonce; doc.body.appendChild(b)'>
```
+#### Abusing www.google.com for open redirect
+
+The following URL redirects to example.com (from [here](https://www.landh.tech/blog/20240304-google-hack-50000/)):
+
+```
+https://www.google.com/amp/s/example.com/
+```
+
+Abusing \*.google.com/script.google.com
+
+It's possible to abuse Google Apps Script to receive information in a page inside script.google.com. Like it's [done in this report](https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/).
+
### Third Party Endpoints + JSONP
```http
diff --git a/pentesting-web/cors-bypass.md b/pentesting-web/cors-bypass.md
index b7da45379e8..8951d5c1e84 100644
--- a/pentesting-web/cors-bypass.md
+++ b/pentesting-web/cors-bypass.md
@@ -379,6 +379,7 @@ You can find more information about the previous bypass techniques and how to us
**Fuzz possible misconfigurations in CORS policies**
+* [https://portswigger.net/bappstore/420a28400bad4c9d85052f8d66d3bbd8](https://portswigger.net/bappstore/420a28400bad4c9d85052f8d66d3bbd8)
* [https://github.com/chenjj/CORScanner](https://github.com/chenjj/CORScanner)
* [https://github.com/lc/theftfuzzer](https://github.com/lc/theftfuzzer)
* [https://github.com/s0md3v/Corsy](https://github.com/s0md3v/Corsy)
diff --git a/pentesting-web/dangling-markup-html-scriptless-injection/README.md b/pentesting-web/dangling-markup-html-scriptless-injection/README.md
index 9481c084265..66c314e9bc5 100644
--- a/pentesting-web/dangling-markup-html-scriptless-injection/README.md
+++ b/pentesting-web/dangling-markup-html-scriptless-injection/README.md
@@ -9,7 +9,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
@@ -79,6 +79,8 @@ The button can change the URL where the information of the form is going to be s
An attacker can use this to steal the information.
+Find an [**example of this attack in this writeup**](https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp).
+
### Stealing clear text secrets 2
Using the latest mentioned technique to steal forms (injecting a new form header) you can then inject a new input field:
@@ -289,7 +291,7 @@ Other ways to support HackTricks:
* If you want to see your **company advertised in HackTricks** or **download HackTricks in PDF** Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
-* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
+* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
* **Share your hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
diff --git a/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md b/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md
index 2d39770d893..a910c334169 100644
--- a/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md
+++ b/pentesting-web/formula-csv-doc-latex-ghostscript-injection.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -219,7 +219,7 @@ From [@EdOverflow](https://twitter.com/intigriti/status/1101509684614320130)
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/h2c-smuggling.md b/pentesting-web/h2c-smuggling.md
index 4d2d70c0ffb..7421fc087b5 100644
--- a/pentesting-web/h2c-smuggling.md
+++ b/pentesting-web/h2c-smuggling.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -115,7 +115,7 @@ Check the labs to test both scenarios in [https://github.com/0ang3el/websocket-s
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/hacking-with-cookies/README.md b/pentesting-web/hacking-with-cookies/README.md
index a3e114ffadc..78146af9c57 100644
--- a/pentesting-web/hacking-with-cookies/README.md
+++ b/pentesting-web/hacking-with-cookies/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -283,7 +283,7 @@ There should be a pattern (with the size of a used block). So, knowing how are a
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
index 7ee4f2f9749..0ac4a131657 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/cloud-ssrf.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -590,7 +590,7 @@ Rancher's metadata can be accessed using:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
index 9b9cb3719b5..8cde1c3c7a3 100644
--- a/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
+++ b/pentesting-web/ssrf-server-side-request-forgery/url-format-bypass.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -227,7 +227,7 @@ image from [https://claroty.com/2022/01/10/blog-research-exploiting-url-parsing-
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/xs-search/css-injection/README.md b/pentesting-web/xs-search/css-injection/README.md
index faef680b023..cc95934b702 100644
--- a/pentesting-web/xs-search/css-injection/README.md
+++ b/pentesting-web/xs-search/css-injection/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -491,7 +491,7 @@ So, if the font does not match, the response time when visiting the bot is expec
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
index 3a4288099d2..d8555e35f25 100644
--- a/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
+++ b/pentesting-web/xss-cross-site-scripting/abusing-service-workers.md
@@ -16,7 +16,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -125,7 +125,7 @@ For an example of this check the reference link.
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/reversing/common-api-used-in-malware.md b/reversing/common-api-used-in-malware.md
index 8d15b52edcd..d552806187e 100644
--- a/reversing/common-api-used-in-malware.md
+++ b/reversing/common-api-used-in-malware.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -158,7 +158,7 @@ The malware will unmap the legitimate code from memory of the process and load a
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/reversing/reversing-tools-basic-methods/README.md b/reversing/reversing-tools-basic-methods/README.md
index c28da46ca9a..3fc30fe4297 100644
--- a/reversing/reversing-tools-basic-methods/README.md
+++ b/reversing/reversing-tools-basic-methods/README.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -427,7 +427,7 @@ So, in this challenge, knowing the values of the buttons, you needed to **press
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/stego/stego-tricks.md b/stego/stego-tricks.md
index 8dc6bb69bc5..f7fe3b2b84b 100644
--- a/stego/stego-tricks.md
+++ b/stego/stego-tricks.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -239,7 +239,7 @@ For translating Braille, the [Branah Braille Translator](https://www.branah.com/
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/todo/radio-hacking/flipper-zero/README.md b/todo/radio-hacking/flipper-zero/README.md
index 723f7d98500..40384ae9f79 100644
--- a/todo/radio-hacking/flipper-zero/README.md
+++ b/todo/radio-hacking/flipper-zero/README.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -35,7 +35,7 @@ With [**Flipper Zero**](https://flipperzero.one/) you can:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
index 3c38c4c307b..5fc668863d8 100644
--- a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
+++ b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -129,7 +129,7 @@ Get dBms of the saved frequencies
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/todo/radio-hacking/proxmark-3.md b/todo/radio-hacking/proxmark-3.md
index d1f04111458..4f1a34a1786 100644
--- a/todo/radio-hacking/proxmark-3.md
+++ b/todo/radio-hacking/proxmark-3.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -81,7 +81,7 @@ You can create a script to **fuzz tag readers**, so copying the data of a **vali
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/windows-hardening/checklist-windows-privilege-escalation.md b/windows-hardening/checklist-windows-privilege-escalation.md
index 5c82ebb328d..b04e6a60371 100644
--- a/windows-hardening/checklist-windows-privilege-escalation.md
+++ b/windows-hardening/checklist-windows-privilege-escalation.md
@@ -16,7 +16,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -133,7 +133,7 @@ Other ways to support HackTricks:
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
diff --git a/windows-hardening/lateral-movement/dcom-exec.md b/windows-hardening/lateral-movement/dcom-exec.md
index b5ec59feaa7..adc4c96b4f8 100644
--- a/windows-hardening/lateral-movement/dcom-exec.md
+++ b/windows-hardening/lateral-movement/dcom-exec.md
@@ -14,7 +14,7 @@
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
@@ -136,7 +136,7 @@ SharpLateral.exe reddcom HOSTNAME C:\Users\Administrator\Desktop\malware.exe
**Try Hard Security Group**
-
+
{% embed url="https://discord.gg/tryhardsecurity" %}
