HackTricks - Boitatech

HackTricks
About the author
Getting Started in Hacking
Pentesting Methodology
External Recon Methodology
- Github Leaked Secrets
Phishing Methodology
Exfiltration
Tunneling and Port Forwarding
Brute Force - CheatSheet
Search Exploits
Shells
- Shells (Linux, Windows, MSFVenom)
Linux/Unix
MacOS
- MacOS Security & Privilege Escalation
Windows
Mobile Apps Pentesting
Pentesting
Pentesting Web
Forensics
- Basic Forensic Methodology
A.I. Exploiting
- BRA.I.NSMASHER Presentation
Blockchain
- Blockchain & Crypto Currencies
Courses and Certifications Reviews
- INE Courses and eLearnSecurity Certifications Reviews
Cloud Security
- Cloud security review
- AWS Security
Physical attacks
- Physical Attacks
- Escaping from KIOSKs
  - Show file extensions
Reversing
Exploiting
Cryptography
BACKDOORS
Stego
- Stego Tricks
- Esoteric languages
MISC
- Basic Python
- Other Big References
TODO
Burp Suite
Other Web Tricks
Interesting HTTP
Emails Vulnerabilities
Android Forensics
TR-069
6881/udp - Pentesting BitTorrent
CTF Write-ups
- challenge-0521.intigriti.io
- Try Hack Me
  hc0n Christmas CTF - 2019
  Pickle Rick
1911 - Pentesting fox
Online Platforms with API
Stealing Sensitive Information Disclosure from a Web
Post Exploitation

Powered by GitBook

On this page

Was this helpful?

Pentesting

80,443 - Pentesting Web Methodology

Python

Previousdisable_functions bypass - PHP 4 >= 4.2.0, PHP 5 pcntl_exec NextSpecial HTTP headers

Last updated 3 years ago

Server using python

test a possible code execution, using the function str():

Tricks

Server using python
Tricks

"+str(True)+" #If the string True is printed, then it is vulnerable

Bypass Python sandboxes

SSTI (Server Side Template Injection)

Deserialization