misc updates

frankheat · frankheat · commit fd294c46d66a · 2025-05-14T18:00:12.000+02:00
diff --git a/content/android/_index.md b/content/android/_index.md
@@ -1,5 +1,5 @@
 ---
-title: "Android"
+title: "ANDROID"
 menu: "main"
 weight: 1
 ---
diff --git a/content/android/adb.md b/content/android/adb.md
@@ -7,25 +7,47 @@ weight: 5
 
 ## Commands
 
-```sh
-# Install apk
+Install apk
+```bash
 adb install <path.apk>
+```
 
-# Lists all installed packages
+Uninstalls the application
+```sh
+adb shell am start <package_name>/<activity_name>
+```
+
+Clear the application data
+```sh
+adb shell pm clear <package_name>
+```
+
+Lists all installed packages
+```sh
 adb shell pm list packages
+```
 
-# List only third party packages
+List only third party packages
+```sh
 adb shell pm list packages -3
+```
 
-# Clear the application data
-adb shell pm clear <package_name>
-
-# List information such as activities and permissions of a package
+List information such as activities and permissions of a package
+```sh
 adb shell dumpsys package <package_name>
+```
 
-# Starts the activity of the specified package
+Starts the activity of the specified package
+```sh
 adb shell am start <package_name>/<activity_name>
+```
 
-# Uninstalls the application
-adb shell am start <package_name>/<activity_name>
+Copy a file from the device
+```sh
+adb pull <remote-file> <local-file>
+```
+
+Copy a file on the device
+```sh
+adb push <local-file> <destination-directory>
 ```
diff --git a/content/android/vulnerabilities/deep-link.md b/content/android/vulnerabilities/deep-link.md
@@ -77,7 +77,7 @@ Because of Link Hijacking. This happen when a malicious app registers an URI tha
 Suppose that:
 
 * The victim user have malicious app installed
-* Both apps (victim and malicious) manage `geo://` , `https://google.com`
+* Both apps (victim and malicious) manage `geo://`, `https://google.com`
 
 | **Android** | **Victim App installed** | **Link supported** | **URI**            | **Behavior**                                       |
 |-------------|--------------------------|--------------------|--------------------|----------------------------------------------------|
diff --git a/content/misc/_index.md b/content/misc/_index.md
@@ -1,5 +1,5 @@
 ---
-title: "Misc"
+title: "MISC"
 menu: "main"
 weight: 4
 ---
diff --git a/content/misc/password-cracking.md b/content/misc/password-cracking.md
@@ -41,18 +41,21 @@ hydra -L user.txt -P pass.txt <ip> <protocol>
 ## Rules (password bruteforce)
 
 * **FIRST CHOICE**:  best64 (now best66). Fast, works well.
-  * [https://github.com/hashcat/hashcat/blob/master/rules/best66.rule](https://github.com/hashcat/hashcat/blob/master/rules/best66.rule)
+  * [best66.rule](https://github.com/hashcat/hashcat/blob/master/rules/best66.rule)
 * **SECOND/THIRD CHOICE**: InsidePro-PasswordsPro (\~3000) && InsidePro-Hashmanager (\~7000)
-  * (2) [https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-PasswordsPro.rule](https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-PasswordsPro.rule)
-  * (3) [https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-HashManager.rule](https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-HashManager.rule)
+  * (2) [InsidePro-PasswordsPro.rule](https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-PasswordsPro.rule)
+  * (3) [InsidePro-HashManager.rule](https://github.com/hashcat/hashcat/blob/master/rules/InsidePro-HashManager.rule)
   * You can also combine them...
 * **FOURTH CHOICE**: OneRuleToRuleThemAll. (\~50k). The best.
-  * [https://github.com/NotSoSecure/password\_cracking\_rules/blob/master/OneRuleToRuleThemAll.rule](https://github.com/NotSoSecure/password_cracking_rules/blob/master/OneRuleToRuleThemAll.rule)
+  * [OneRuleToRuleThemAll.rule](https://github.com/NotSoSecure/password_cracking_rules/blob/master/OneRuleToRuleThemAll.rule)
 
 **Generate wordlist based on rules**
 
-[https://weakpass.com/generate](https://weakpass.com/generate)&#x20;
-
+1. Online tool: [https://weakpass.com/generate](https://weakpass.com/generate)
+2. Hashcat:
+```bash
+hashcat -r best66.rule --stdout file.txt
+```
 
 
 **More info about rules:**
diff --git a/content/network/_index.md b/content/network/_index.md
@@ -1,5 +1,5 @@
 ---
-title: "Network"
+title: "NETWORK"
 menu: "main"
 weight: 3
 ---
diff --git a/content/network/network-services-exploitation.md b/content/network/network-services-exploitation.md
@@ -225,6 +225,13 @@ mysql -h <hostname> -u root -p
 * Brute force login
   * Try with `root` default user
 
+## 1433 - MSSQL
+
+```sh
+# Connect with password (NTLM auth)
+impacket-mssqlclient Administrator:pass<hostname> -windows-auth
+```
+
 ## 3389 - RDP
 
 ```sh
diff --git a/content/web/_index.md b/content/web/_index.md
@@ -1,6 +1,5 @@
 ---
-title: "Web"
-
+title: "WEB"
 menu: "main"
 weight: 2
 ---
diff --git a/content/web/reconnaissance.md b/content/web/reconnaissance.md
@@ -1,15 +1,22 @@
 ---
-title: ""
+title: "Reconnaissance"
 weight: 3
 ---
 
-# Automation
+# Reconnaissance
 
 ## Enumerating web resources
 
 ```sh
 # Web fuzzer 
-ffuf -w wordlist.txt -u https://example.com/file-FUZZ -c
+ffuf -c -u https://example.com/file-FUZZ -w wordlist.txt
+
+# with extension
+ffuf -c -u https://example.com/FUZZ -w wordlist.txt -e .php,.html,.txt
+
+# with more placeholder
+ffuf -c -u http://example.com/FUZZ/FILE -w wordlist.txt:FUZZ -w wordlist2.txt:FILE 
+
 
 # Recursive content discovery
 # You can set depth (recursion), extract links from response body
diff --git a/content/web/vulnerabilities/os-command-injection.md b/content/web/vulnerabilities/os-command-injection.md
@@ -59,3 +59,15 @@ There are so many ways: [https://book.hacktricks.wiki/linux-hardening/bypass-bas
 `command`
 $(command)
 ```
+
+## Identify CMD or PowerShell
+
+To determine whether commands are executed by PowerShell or CMD, use this snippet:
+
+```cmd
+(dir 2>&1 *`|echo CMD);&<# rem #>echo PowerShell
+```
+
+## Reverse Shell Generator
+
+https://www.revshells.com/
diff --git a/content/web/vulnerabilities/path-traversal.md b/content/web/vulnerabilities/path-traversal.md
@@ -43,6 +43,16 @@ An attacker can request the following URL to retrieve the `/etc/passwd` file fro
   * Example: `....//....//....//etc/passwd%00.jpg` (strip, double-encode, null byte, whitelist extension)
   * `%252E%252E%252E%252E%252F%252F%252E%252E%252E%252E%252F%252F%252E%252E%252E%252E%252F%252Fetc%252Fpasswd%252500%252Ejpg`
 
+## Common files
+
+**Linux list**: https://github.com/MrW0l05zyn/pentesting/blob/master/web/payloads/lfi-rfi/lfi-linux-list.txt
+
+**Windows list**: https://github.com/MrW0l05zyn/pentesting/blob/master/web/payloads/lfi-rfi/lfi-windows-list.txt
+
+{{< hint style=tips >}}
+**Tip**: On Windows, you can also try using a different drive letter than *C:*.
+{{< /hint >}}
+
 ## Automatic exploitation
 
 Use intruder with this list: [https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/deep\_traversal.txt](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/deep_traversal.txt)&#x20;
diff --git a/content/web/vulnerabilities/web-cache-deception.md b/content/web/vulnerabilities/web-cache-deception.md
@@ -53,7 +53,7 @@ Consider the following example:
 # Now https://site.com/my-account/abc.js contains your sensitive data cached
 
 # Find a way to send the victim on http://site.com/my-account/xyz.js
-# Note: I omitted cache buster for for simplicity
+# Note: I omitted cache buster for simplicity
 ```
 
 {{< hint style=notes >}}
diff --git a/content/web/vulnerabilities/xss.md b/content/web/vulnerabilities/xss.md
@@ -392,3 +392,7 @@ CSP restrict the resources (such as scripts and images) that a page can load and
   * `<script src="https://evil.com/hacked.js"></script>` will not work
 * Restricting Unsafe JavaScript
 * Others [https://cheatsheetseries.owasp.org/cheatsheets/Content\_Security\_Policy\_Cheat\_Sheet.html](https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html)
+
+## Compress & minify JavaScript
+
+You can compress and minify your JS by using tools like [JSCompress](https://jscompress.com/).
