hello! I've spotted an error on the wfuzz documentation (https://book.hacktricks.xyz/pentesting-web/web-tool-wfuzz) On the Filtering options section, --hh/sh NUM is for Hide/Show by number of chars in response and not --hc/sc NUM which is used for for code

fixed, thanks

Hi every one

i am new joiner in this server

One-liner for deploying DVWA and Juice Shop for AppSec testing

https://systemweakness.com/deploy-vulnerable-web-applications-for-application-security-appsec-training-in-under-30-minutes-1554585ccd74

I found a very small error

Exfiltration of data via CSV injection over DNS without warning prompt and without requiring user to click a link, seems to only be referenced in off-hand remark in this albinowax talk, nowhere else on the internet at all, https://www.youtube.com/watch?v=skbKjO8ahCI&t=1284s

I played with it, it works still

just want to point out this link is broken and if someone can give me the udpated link: https://github.com/carlospolop/hacktricks/blob/master/phishing-methodology/broken-reference/README.md (Labeled as "Learn how to verify/discover email address here")

I have updated the book setting the correct link back

Thanks and sent you a DM

you are amazing man

Hi guys, can I use legion tool in OSCP exam?

i dont think so

tbh I have no idea

Thanks

indeed, certainly this tool was the first tool that i use

xd

although it's an automatic tool and the main point of the OSCP it's the manual exploitation

Yep. I do think so, that why I ask for more sure

Xd

Feel free to ask men xd

i just realized there are 2 pentesting tools named legion

https://portswigger.net/research/the-seventh-way-to-call-a-javascript-function-without-parentheses

can u give me the link. maybe I used the wronh one, the one I used is GUI, and does not work well

https://github.com/carlospolop/legion

i assume whoever is talking about legion here means this

thanks friend

@fluid thunder Sorry to ping you, I didn’t find a better way to reach you…
I published yesterday a tool for post exploitation during pentest
it automates computers and users extraction from ldap and credentials extraction through smbclient on all computers for all users and then decryption of all blobs with the domain controller private key 😉
the tool is named Hekatomb and the GitHub repo is here : https://github.com/Processus-Thief/HEKATOMB
A friend suggested me to contact you to add the tool in DPAPI section of hacktricks (https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dpapi-extracting-passwords)
The tool uses the impacket syntax to works and is able to automatically extract domain controller private key by himself
You can pm me for more infos if you want 😉

Instead of other tool like DonPAPI, it is based on ldap computers and it resolves ip address and didn’t just take ip range in parameter
In that way you can reach all subnets even if you didn’t know them because it resolves it

This looks really good man! Would you mind sending a PR to hactricks to the DPAPI page talking about Domain backup keys and putting a link to this tool and explaining how to use it?

Yes sure ! I will did it 😉 thanks

I just send you the PR 😉

yo

does anyone know how to bypass payhip paymenyt

I'm trying to wrap my head around linux capabilities. Would this mean that I should just be able to chown files?

Does anyone know a good free service where I can use a VM with a GUI with Windows 11 or a Linux distro. I’m also looking for a way I could make a VM locally on an iPad 9th gen (A13 bionic version) not rooted with latest IOS. I have iSH AOK installed .

Basically looking for a free method to utilize a VM with an OS of my choice on an iPad.

I haven't seen that as current capability. Where you able to chown arbitrary files?

No I wasn't able to

do you have any easy way to replicate that scenario?

hey, is there any wordpress version in which there was auth bypass on login page?

Is there a "physical release" of the book?

I would love that but there is not unfortunately

Hi guys, new hacktricks, enjoy it!!
https://cloud.hacktricks.xyz/welcome/hacktricks-cloud

Thanks anyway for all the amazing effort you put into it. It's amazing and helps me everyday!

in https://book.hacktricks.xyz/reversing-and-exploiting/linux-exploiting-basic-esp/bypassing-canary-and-pie the last line elf.address = RIP - (RIP & 0xfff) can be substituted with elf.address = RIP & 0xfffffffffffff000 ?

i was just about to ask why you deleted https://book.hacktricks.xyz/pentesting/pentesting-kubernetes as I remember I used in the past! ;-)

Hi Calros and thanks for such a nice book. Do you have any update for advanced IPS/IDS evasion techniques?

I haven't needed to do that in a while! let me know if you find more interesting stuff about it!

Ok

مرحبا😀

WTB Service (bypass pc limit )

The http request smuggling page specifies rfc 2161, instead of rfc 2616 ^^

hi, I'm do some exercise on htb. Now I discovery a smb server on linux, and I already have username and password. what should i do can get shell?

how do i byapps payment

bypass

https://github.com/carlospolop/hacktricks/blob/master/pentesting-web/bypass-payment-process.md

i dont underestand

feel free to come to the twitch streams to ask questions:)

First cloud hacking twitch session scheduled next Wednesday (7th) at 6.30pm(CET)!

I will be explaining hacking techniques in twitch Wednesdays at 5.30pm(UTC), 6.30pm(CET), 12.30(EST), 11pm(IST).
If you want to learn about hacking cloud, kubernetes, web and resolve interesting CTFs feel free to follow!

Twitch: https://lnkd.in/d2bYdUNS
Youtube: https://lnkd.in/damJC2JX
Twitter: https://lnkd.in/dbZ9s8t4

hey, guy, i want arp spoof someone victim, and intercept all http traffic in my windows and specific network adapter,
Who can give me some suggestions and how to achieve it

Hi there! If you're interested in learning about reverse engineering and assembly, you should definitely check out my blog.
https://yrncollo.github.io/posts/Reverse_elf/
I cover a variety of topics related to these fields, including disassembly techniques, debugging, and more. Whether you're a beginner or an experienced engineer, you'll find something of value on my blog. So if you're looking to expand your knowledge and skills in reverse engineering and assembly, be sure to give my blog a visit! Finally if you have a question or any clarification you can leave a comment on the blog.

Thanks 😉

After a few days having fun with it I have added an intro to Flipper Zero in HackTricks: https://book.hacktricks.xyz/todo/radio-hacking/flipper-zero
I hope you find it useful!

im still unable to get hold of one. always out of stock! or the ones online like ebay etc.. charge cray money

New PDFs of HackTricks and HackTricks Cloud accessible from https://github.com/sponsors/carlospolop
Thank you to all the HackTricks sponsors!

How to download PDF version for offline viewing

Hey guys, participate to get some free tickets to rootedcon and hacktricks track in rootedcon!
https://twitter.com/carlospolopm/status/1617854356782747652

Hey guys! We are looking for companies to sponsor HackTricks track at RootedCon Madrid. Among other things sponsors will get tickets for the Con and the option to give a talk. Contact me if you know companies taht could be interested!

https://github.com/sponsors/carlospolop -> Where can I find the Hacktricks PDF?
In this page there is a Tier for 18$ that will give you access to the repo with the HackTricks PDF. I try to update the PDF once a month and the sponsorship will be charged every month.
However, if you only want to buy it one time, you can pay that tier, download it, and cancel the subscription.

when the user is deleted isn there a way to remove their posts too? lots of spam

I needed to delete them 1 by 1

ouch

@fluid thunder when you ban then you can chose to delete all their posts mate:

but has to be done at the time of banning.

"delete message history"

got some cc's in this week

want to make a -3000 $

but couldn't do that bcs of this fucking 2fa shit

if someone helps i'll gave him a 800$ cash or paypal etc

Hey wanna learn from the beginning hack tricks, is anyone who can help me

me too

Sounds like something the feds would say

🤣

New to discord and hacks. Want to know how to copy a webpage to fake real one.

you can use httrack

There's a few wifi hacks that do that, too

I think Wifi Pumpkin had that feature. Probably a few more

I did so much research on Blackeye until I realized it was not a thing anymore. Now I’m going down the httrack rabbit hole. I’m scared to put anything on my computer. Don’t know what I’m doing yet, but want to learn, and so trying. I’m scared to execute anything in fear of doing anything wrong.

be afraid... be very afraid lol

Hello, is it possible to contact an admin of hacktricks ? I have a question to ask

Hi, why don't you ask here ?

I probably have a rlly old copy of blackeye from years ago on one of my machines, I could probably share the it on as open directory and through a link scanner if you need

Isolated virtual machine on a vps or isolated vlan

@fluid thunder I am a native Chinese speaker and I would like to add a CN branch to the repo of hacktricks.
I have submitted a pull request, but I am not sure if I have performed the correct operation

I’ve seen some resent mentions of it still working, but now I’m wondering if beef or httrack would do the same job….I have a dumb question…can I do all of this in a virtual machine, somewhere out in a cloud? Thank you!

You could, just make sure you check terms of service to avoid headaches

As well as port blocks.

Hi, hacktricks is now available in Chinese!

@fluid thunder Hello, I found a small error on the page

Is this sentence correct? If you are on an old version of Werkzeug, try changing the hashing algorithm to md5 instead of md5.

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/werkzeug on this page

Thanks, I'll change it!

@fluid thunder can you please update the pdf in the github private repo? I sponsored but the pdf is from 7 months ago, I presume it is not up to date 🙂

"id": "live-attacks",
"title": "WORLDWIDE ATTACKS - LIVE",
"icon": "world-net",
"url": "https://attackmap.sonicwall.com/live-attack-map/"
},
{
"id": "attacks-by-type",
"title": "CAPTURE LABS THREAT METRICS",
"icon": "monitoring",
"url": "/static/AttackByType/attacks_by_type_-_3c.html"
},
{
"id": "security-news",
"title": "SECURITY NEWS",
"icon": "security-services",
"url": "https://securitynews.sonicwall.com/sonicwall-news/"
}
]
}

@brazen lodge

Yes, I will create one soon and upload it!

Thank you!

Updated, sorry for the delay! Apart from updating both hacktricks I have been very busy configuring everything to have automatic translation to other languages to make hacktricks more accessible

Awesome, thanks for the amazing work

https://discord.gg/3fX7TFsccF
@everyone

https://discord.gg/3fX7TFsccF
@everyone

@fluid thunderI recently came across the new course that you've announced, titled "AWS Red Team Expert," and I am profoundly interested. With some time spent working in the cyber security environment, I am constantly searching for ways to enhance my skills specifically in red teaming.

Additionally, I am curious if there are any discounted prices for participants who engage at the early stage of course introduction. If such is the case, I would certainly appreciate more information on this aspect.

Hi! Yes, the course will be released with a nice discount for the first people that get it, we will be announcing in twitter, linkedin and I guess also here when it gets launched!
Also, to do the course you need to create an account and that functionality is already available

I've finished creating my account and I'm looking forward to releasing

hi @fluid thunder, recently I made what I think a very helpful merge request for HackTricks regarding MSSQL.
When you can, please take a look 🙂

hello

Anyone know of a good way to automatically strings multiple binaries looking for sensitive info?

strings *

Yeah. I'm looking to see if there's an automated way to do stringsing basically

hi @fluid thunder, just wanted to download the Hacktricks PDF after starting the sponsorship via GitHub. However, it says that the LFS bandwidth quota is over. Could you verify if you can get LFS data pack and preferably update the PDF file? 🙂

You should be able to download it now!
I will try to find the time to update it

thanks for your fast response 🙂 it works now

Is there any message for the arte course ?

The day has finally arrived! HackTricks ARTE (AWS Red Team Expert) cert is now available at https://training.hacktricks.xyz/ !
We've opened 100 spots with an early bird discount, don't miss yours!

@fluid thunder hey I was wondering when I buy the voucher, will the lab launch directly or will I have access to the courses first and then I can activate the lab whenever I want?

I'd like to take the voucher but I'm not available right now to start certification.

I think I got my answer.

The course and labs start whenever you use your voucher. You can buy a voucher and activate it in a couple of months for example (but you need to enable it before a year)

ok cool !

So cool ! I bought it.

So cool

Bam! Been waiting for this one to drop! Just got it.

No specific channel for the course though?

yes, there is a channel called public-training

ugh...need more coffee, thanks for pointing that out lol

@fluid thunder is this intended ?

deleted! haha

Hii Guys! If you can upload any files to Minio, any chances we can get web shell on that? any feedback would be appreciated.

Hi @fluid thunder I believe that here the correct command should be :
aws elasticbeanstalk rebuild-environment --environment-name "env-name"

Reference: https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-privilege-escalation/aws-elastic-beanstalk-privesc

PS: great work, love your content and the resources you put together!

fixed, thanks!

@fluid thunder

Thx

Np

@fluid thunder

Came here to ask that I see many providing AWS Pentesting training but not much or none for Azure. Why is it so, In Azure default settings are more secure and less chance of misconfiguration or is there any other reason?

No, actually because several companies connect their AD with Azure it use to be easier to compromise Azure than AWS or GCP.
We are actively preparing courses for GCP and Azure, they will be released hopefully this year!

Hi @everyone ! Just to let you know the early bird discount of HackTricks Training ARTE (AWS Red Team Expert) will be ending the 9th of Feb!
If you are interested in doing the certification and learn AWS hacking from 0 to hero, I would suggest you to buy the voucher before that day as you will be able to redeem it within a year!
More info about the course in https://training.hacktricks.xyz/

You just launched but it is written it is "recognized by thousands of security professionals" ??!!

Did they have beta access to it? Do you have some names?

HackTricks Training ARTE is based on hacktricks content used by thousands of security professionals on a daily basis

But it is written "our certifications, ..., are recognized..." Not that hacktricks is used by them.

For the moment your certification (just one so not certificationS) is unknown by thousands of security professionnals, and hacktricks cloud is very new and not a reference iirc

Just HackTricks Cloud is used by thousands of people every day (and personally I don't know a better reference for cloud hacking), and it was created by the same team as HackTricks, used by tens of thousands of people every day.
We do give other courses and certifications in person, feel free to join us in the next one at RootedCON Madrid (https://www.rootedcon.com/rooted2024-en/#trainings) and we will soon release more in training.hacktricks.xyz!
In any case I don't feel like this conversation will help people on this channel as you just criticised the brand. So feel free to continue this conversation in private to not fill this channel with this.

don't be a troll bruh

Will there be on-demand versions of those trainings that can be accessed for those who don't have the ability? @fluid thunder

and yeah, I can think of about 50 people personally who know the ARTE training, you're just not being cool about the way you're going about things. There are respectable ways to ask questions and bring up concerns and you are being completely disrespectful.

and those who don't, will use soon

because I'd say 90% of the offensive security space has used or uses HackTricks on a daily basis

i was disrespectful LMAO of i was, i said it otherwise and there is a big difference between thousands of users who use hacktricks, mostly CTF guys, than thousands of professionnal who pass the Arte certification

Again, professionals use it as well.

It's pretty not cool to just call it a "CTF" tool. A lot of work has been put into making the website and I use it for reference daily on my job. Been in the industry for 8 years.

I have most things memorized by now sure, but the website gets updated so often with new content that it's always great to check out and use, for live engagements, as well as CTFs

Thanks for your kind words @chrome mantle !
In any case I would ike to ask you guys to stop here this conversacion as the goal of this channel should be to sahre hacking tricks!

Nobody called it a CTF took lmao people like to make shortcut. I use it too in my job but we all know it took others' people articles and put it in one place, which is great (when it is sourced). But come on ARTE cert isnt recognized by thousands of professionnals... Hacktricks is known by thousands OK but their cert isnt period. And im not against them, i did the same when tcm made his marketing lies etc etc

I like how we pass from the cert is recognized by thousands of people for marketing to hacktricks is used by thousands of pro xD

Lol you are the one who continued it xD

And when proved to be wrong you listen it lmao

Is AWS Gamelift used by many orgs? I mean, it's a gamedev platform afaik, so it's likely already a small marketplace for usage, but I saw the hacktricks page on it, so it makes me wonder if anyone has actually seen it before in a real engagement.

I haven't

Probably just some research someone has done on the service or something.

Still cool though.

I feel like people are not very likely to use AWS of all things for game development lol.

Hello everyone is anyone an AD pentester?

Me @woeful ferry

your name should be @extrasids

This channel is dedicated to the in-depth exploration and discussion of the latest hacking news, as well as the exploration of cutting-edge hacking techniques. For other hacktricks-related topics, please review https://book.hacktricks.xyz/welcome/hacktricks-values-and-faq and contact an administrator for approval.

Hi Team

I am interested in purchasing the ART exam voucher, I would like to know if I can start the course next month because in the message they show they say that it is activated next year, I understand that it should be activated in the year 2025. So I need to buy the course having but to take it in 2024.

Hey Jonathan, once you purchase the voucher you have 365 days to activate it. Once activated the lab will automatically get provisioned and you get 45 days of access (you can purchase more if needed). Since the date of activation you have 365 days to schedule your exam. Hopefully that makes sense. Let me know if you have any questions

Question for ARTE lab secretsmanager:PutResourcePolicy:

aws  --profile secretmanager-lab1 secretsmanager put-resource-policy --secret-id flag_secretsmanager_lab_1-omPxUO --resource-policy file://exploit_policy.json
An error occurred (AccessDeniedException) when calling the PutResourcePolicy operation: User: arn:aws:iam::X:user/secretsmanager-lab-1-start-point is not authorized to perform: secretsmanager:PutResourcePolicy on resource: flag_secretsmanager_lab_1-omPxUO because no identity-based policy allows the secretsmanager:PutResourcePolicy action

Anyone can help please ? 🙂

Solved! Thanks @digital cliff for the backup, flag_secretsmanager_lab_1 instead of flag_secretsmanager_lab_1-omPxUO.

Put in my PR 🙂

Hi, I need some help with kms:PutKeyPolicy lab🙏

Please ask about this in the #arte-general channel

Questions for codebuild lab2.

When I build the image. It always return the error message: {
"statusCode": "SINGLE_BUILD_CONTAINER_DEAD",
"message": "Build container found dead before completing the build. Build container died because it was out of memory, or the Docker image is not supported"
}

@fluid thunder

Could you ask in the #arte-general channel please. If you don't have access to the channel make sure you add you discord username to your profile in our website

can someone help with disabling 2fa on compromised account, or with the reset password process (lost 2fa)

hello on what channel should i ask questions?

Friends, good evening! Who can help and sort out 2.2 STS - Security Token Service: Github Actions?

Questions about the certifications in #arte-general please
If you dont have access to the channel make sure to put your discord handle in your user settings in the training platform

I need some help, which is that cloudflare security

I do have a question about a cert but do not have access to that channel, my handle is in my profile. If it helps currently in ARTA

Which hindle did you set in your profile?

this one, I changed my server username to my handle

sp0.o.0ky

Hey guys! Anyone interested in joining a CTF team? Looking for web, pwn and crypto guys.

Hello. Can you explain me how to steal an account on Roblox

Because I was scammed

just because someone scammed you doesn't mean you can legally take action against them. If you got scammed out of your money reach out to your bank, if your account was compromised reach out to customer service

lol

Yoo

Hello -
1521 oracle listener hacktricks page has a dead link.

"in order to user MSF oracle modules you need to install some dependencies: Installation"

that link goes to a dead github page

I ran across this today.

Hi everyone

Has anyone been successful in disabling SSL Pinning and capturing traffic with burpsuite for an app that has the latest flutter framework?

I've tried frida/objection and reflutter but no luck with either

Also tried SSL killswitch V3 with no luck

yep

https://github.com/horangi-cyops/flutter-ssl-pinning-bypass

flutter can be a pain, if that doesn't work, I suggest just hooking all functions and writing your own fridascript

Thank you so much mate. I'll give this a try first thing tomorrow

no problem man

yeah if that fails, use the classdump and obj-c hooks to find out where the SSL pinning is occurring, and then write your own frida script.

writing frida hooks is pretty easy even if you don't know JS (which I don't)

just take someone else's template and change the function names and return values.

My problem is that objection seems to hook and be all good until you try to do something. If I disable ssl pinning it says all good but functionally it doesn't work and if I try to run any other objection functions it just throws errors. In some ways it makes me feel like I need to be running it in a conda or venv environment

But I wouldn't know which version

that I can't really help you with

I'm pretty lucky in the fact that I use Corellium, which is basically running up-to-date always, so I need not worry about dependency bs and versioning issues.

I have problem on EC2 Labs, i configure aws:

aws iam list-users
{
"Users": [
{
"Path": "/",
"UserName": "ec2-......
[SNIP]
......

everything is good, but when i do:

aws ec2 describe-instances

Could not connect to the endpoint URL: "https://ec2.us-east1.amazonaws.com/"

What I'm missing? :/

This would be better in the #arte-general channel

Hello, my name is Jonathan and I'm a research engineer working at Apart Research (apartresearch.com). We are doing research on cybersecurity evaluations, especially interested in whether language models can pass qualifications related to pentesting. We are doing this because it seems important to keep a close eye on cybersecurity capabilities, and if a LM could pass the hacktricks course, it would be very interesting. Is there anyone that I can ask about researcher access to the course?

How do i access to the ARTE channel? May required some assistance =/

Add your discord handle in https://training.hacktricks.xyz/profile and you will be granted a role to access the ARTE channel

I seems to be facing some issue adding it, the error message state that there's error adding user to discord role.

It seems to be resolved thanks 🙂

Hi everyone, when purchasing ARTE course, do they typically provide an invoice? I need one for company reimbursement. Thanks!

We do, you can also specify company details during purchase if needed

Please use the #arte-general channel for lab questions

https://github.com/cider-security-research/cicd-goat

Hi guys

hola!

I've done some of these

Thoughts?

I was thinking of giving them a try after I finish GRTE

They are good but pretty basic... Probabaly there are some limitations to keep things easy to set up. Hopefully in the future we make a cicd course as it is one of my passions

I would love to learn it as I see it as a possible attack vector during red team operations I perform quite regularly but my familiarity with the attacks is not strong enough to feel comfortable making changes to a development pipeline without risking damaging business operations.

I know the older stuff like the Jenkins and TeamCity attacks, but not the more like generic attacks against CI/CD platforms themselves.

Does anyone know if an iframe adds cookies to the request? I tried it, and it didn't seem like it did. However, I've seen people using clickjacking techniques, which presumably requires the user to be logged in within the iframe. Can someone explain this?

Hi all, I’d like to try the GRTE course, but I’m not finding enough info in the wild. For the ones who are currently doing it: without spoiler anything, could you please give some feedback? Dm me if you prefer, thanks in advance.

Btw thanks for all the effort to the Hacktricks team❤️

Hello my man! So I’ve taken the ARTE certification and passed it and am currently taking the GRTE certification. I have taken cloud content from other content providers and training creators before, and I can say without a doubt that this course surpasses everything I’ve taken in quality, both in the labs and the video content.

Carlos goes into such depth, starting with the fundamentals of GCP architecture so that before you start actually attacking stuff, you have a firm grasp as to the organizational structure of a GCP environment, contrary to many other platforms or trainings, which either expect you to already know such content, or just skip over it completely.

Then, the labs, designed to show you how to attack the environment are well written, realistic and applicable in the real world. One problem I have with other cloud content providers is that they just show you what I call “tricks”.

They’re cool, but impractical or just completely useless.

As I’m sure you know, HackTricks is a staple of the cyber community and is persistently one of my open tabs at work as a reference all the time due to its sheer detail, and the course follows the same suit.

It’s one of the best in the industry for sure

If you have any more specific questions, I can answer them too, but if you want to learn GCP hacking, it’s like literally the only option in my opinion 😂

Thanksa lot for the detailed feedback, I’ll buy the voucher and take the course later this year.

This would be a perfect TL;DR

SANS cloud course costs 8k and is terrible lmao, this costs less than the OSCP and will prep you for a real world GCP pentesting job

Yeah I type a lot haha

Feel free to DM if you have any specific questions!

Lol

I could show you one of the labs or something so you know what you’re getting into

Same here haha

I don’t know if it would be against the rules and cause you some troubles

Yeah, I think I could get permission. There are over 50 individual labs, so me showing you one probably wouldn’t be a huge deal haha

Anyways, I’m sure some other guys here would say pretty much same as me, I know @umbral kayak would agree with what I’m saying

well I'd be interested in it, please let me know if this will be possible, for now thank you so much for the time, appreciated it a lot

Yeah just message me and we can talk more!

For sure

You won’t be finding this quality of course anywhere else

Thanks!!

Neverless you can always start with ARTA

and if you like it course ARTE one completed

you get a discount voucher so it´s not a big difference

Thanks for the suggestion, but GCP covers most of the market within my customer base :/

Lots of federal?

Nice try HAHA

Btw, I’m not from the USA

I’m just saying my federal clients are primarily in GCP or AWS GovCloud, so I get it

Interesting info, I think most of GOVs here are using Azure

It’s a relatively equal split from what I hear.

I think it depends on which branch of govt and what country

Gov worker here - we use AWS. Thankfully.

@fluid thunder ^^^ really awesome guy here ❤️

Haha, thanks @chrome mantle

Hi, I am enrolled in ARTE course and want to add to its discord channel but my handle is not getting accepted in my profile...

Message @outer forge

When you click on your profile in discord you should see 2 names try both

Hyyy

Instagram I'd hack

Plz give me hack

Go away

How to start? That is the question. I already threw the GPS in the trash! Second step, what do I have to do with the battery and the controller? In order to be able to use it?

Guys I need help pls any one can help me, my friend have Al lots of bad reviews in his business page he got attacked from some one now for 6months and his looking to remove them

Not the right place to ask my man…

Sorry

Hi, I am enrolled in ARTE course and want to add to its discord channel.

tried addding handle and discord id in hacktricks training website but there is an error

Error adding user to discord role. Ensure you are using the correct handle

Your handle is "koolacac."
Please add that one

I helped him to solve it

He is already in

Thanks!

🔥

Same issue as koolacac, how do I gain access to the ARTE channel

Go to your hacktricks training profile

And configure your discord ID

thanks!

hello

hi

whatsup

Do you still see it??

No

He spammed everywhere

So check the rest of the channels

On my way

Thanks!!

🙌🙌🔥🤣

Pinned last 3

im still able to se some don´t know why

but if you deleted them I guess they will disappear

Really?? I removed every single one🤔

maybe DC is crazy rn

now I only see the general channel one

Done

Thanks again :)))

I think when banning a user you have an option for deleting all his messages.

maybe is usefull next time

😎

hi

who is 2FA cracker

please

Do these people have any idea what kinda servers they're on before asking stupid questions?

Thanks!!

i am relatively new to CTF and cyber security.
I just played KOTH in THM and people seem to root the machine pretty quickly. while i am struggling to get a foothold.

is it just pure skill and practice or are there any tools/scripts? 🤔

Hi Wizard, i'm not and expert but I can suggest an answer to your question.

It is normal that you have difficulties in the foothold phase. It is the phase where you don't have any knowledge of the machine, the black box phase, as I like to call it.

Imagine how difficult it is to get into a black box where you don't see any entrance, no lock that can be opened. You can try to hit it with a hammer, kick it, but you will not get any result.

This is the same, there are 200 million tools that you can use in the foothold phase, but if you apply them without knowledge it will be useless. As it is well known “Enumeration is the key”. You have to try to enumerate everything: technology that is being implemented, vulnerable versions of that technology, everything you can think of, until a moment will come when you will discover a possible backdoor to get inside the box.

It is normal that at the beginning you will be more lost, as always experience is wise and the more challenges you face the more you will be able to find vulnerabilities that can be exploited.

thank you @proper epoch for the clarification.
I was really puzzled how fast some players captured the king. 😄
now i know. thanks again. 🙂

Also don't get too frustrated by the times at which other players capture the flag. This can be stressful and sometimes cause you to give up.

This is like when you enter the gym the first day, sure you see people lifting 200 kilos but to get to that you will have to work day by day. So focus on you and go hard 🔥

haha...can't remember the last day I went to the gym, but keep paying the subscription. 😄 😄

@fluid thunder yooo, are you the main person who manages the book?

If so, I have some content you might be able to pull from for the React Native Application page (https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting/react-native-application)

I build a tool called heresy that lets you instrument RN apps, even ones compiled with hermes.

https://github.com/Pilfer/heresy

Included a tutorial here: https://pilfer.github.io/mobile-reverse-engineering/react-native/heresy-inspect-and-instrument-react-native-apps/

And also some additional resources while I was doing research here (plus some info on the current tooling landscape): https://pilfer.github.io/mobile-reverse-engineering/react-native/reverse-engineering-and-instrumenting-react-native-apps/

hello, has anyone managed to compile winpeas from the solution? The executable generated raises an error on execution about missing regexes.yml, I've downloaded the regexes file, but I think I'm missing an extra step to pack it with the executable

Before compilarion you need to execute the ps1 or python script from the lists folder

Carlos are you familiar with the current AD apple exploit? I'm searching for a cyber security professional that can assist me in regaining control of my devices both Mac os and iOS as they are all under control of a network domain admin. There are just at first glance thousands of apple users that have been hijacked through the open directory or directly services fork of the Mac OS. It's very serious and while I'm not a researcher I'm well versed in IT and without doubt is the worst malware/hijacking I've ever seen or could conceive truly. With limited Microsoft windows experience I've been told that all the attackers need is a apple users phone number and a reply from a text message and all devices contained in the apple id are under control of the AD admin. Please excuse me if parts of my terminology aren't adequate but in closing I should mention that all my devices are hijacked and after using NSA level bitraser erasure my hard drives still contain a hidden HFS+ partition and in the recovery environment one of the first sequences is contacting the AD node and before Mac OS is even reinstalled the attack has begun. As I mentioned going out in a bit of a limb I'm suspecting this could be happening to a an enormous amount of users and I have also been told apple is aware of this which is discouraging to say the least but in reaching out to you to get your take and see if your interested in having a look. I'd be happy to compensate you for your time. Your thoughts, Jeff

Hello. First I want to thank to @fluid thunder for allowing me to promo this here.

I'm glad to announce my collaboration on CWP (Certified WifiChallenge Professional) certification, where I've personally contributed to the content. If you're interested in learning how to conduct a professional WiFi assessment at an affordable price, this is for you:

Course in English 🎯
https://academy.wifichallenge.com/courses/certified-wifichallenge-professional-cwp?ref=c02137

Course in Spanish 🎯
https://academy.wifichallenge.com/courses/certified-wifichallenge-professional-cwp-esp?ref=c02137

Sorry for the late notification as the Black Friday offer ends today (25% off), but you still can take advantage of it using these links.

This certification is very competitively priced compared to other options and includes a lab where you can put the knowledge you acquire into practice. The content is highly up-to-date, and once you purchase the course, you’ll have lifetime access to it.

I, as the main author of airgeddon tool have taken and passed the exam. After experiencing its potential and quality first-hand, I decided to collaborate with the certification, contributing to its content by expanding and improving certain aspects.

I truly believe this could be a noteworthy alternative in the current landscape of Wi-Fi certifications, as others are either much more expensive, outdated, or both. This certification is practice-focused and includes everything you need to know (and then some) to perform professional Wi-Fi audits.

Throughout the 100% online certification course, students will be guided step by step on how to complete each lab exercise. That said, the exam should pose no difficulty for anyone who has successfully completed the course challenges.

Let’s hope it can carve out a place in the market. Cheers!

do you hacktricks has a pdf book ?

don´t think so

using the website is the beset way to check for anything, having payloads on books is kind of XD, is more focused on daily ussage

Hi everyone! I tried to sign up my own account and filled all information required. However, it just wouldn't allow me to submit it anyways. How should I solve this?

I'll dm you

How are you

Please tell me

is that me or hacktricks isn't showing up in google anymore ?

only the github but not the book itself

Yep, we have no idea why HackTricks has just disappeared from Google.
Now if you want that the results from Google to also contain links from HackTricks you need to specify "hacktricks" in your search.

While we try to figure out what happened we have created the site http://www.hacktricks.xyz/ to search with bing or google content in HackTricks and you can also use the search feature inside "book.hacktricks.xyz" and "cloud.hacktricks.xyz"

yea basically i am using google dork to find , thanks for the confirmation

Can still see it on DuckDuckGo but yeah not on google anymore.

It's still in every other browser but Google afaik... We are working on it, although the recovering won't be immediate

the English version is completely blocked

even with google dork

Happy New Year, @everyone! Wishing you all a 2025 filled with (ethically reported) vulnerabilities! 🎉

After Google’s recent algorithm update, HackTricks' English version was almost deindexed. SEO experts concluded this happened because HackTricks is available in many languages, but the platform we used didn’t allow us to control SEO settings that could allow to indicate what was the main site and what the translations. This likely led Google to misinterpret our translations as an attempt to boost rankings, rather than genuinely offering multilingual content.

To fix this, we’re moving HackTricks and HackTricks Cloud to a new domain (hacktricks.wiki) where we can fully manage SEO. Redirects from the old site will ensure a seamless experience.

Therefore, if you experience any issues these days, please be patient as we’re working to make the migration as smooth as possible.

Hi I was going through the checklists Linux privilege escalation and I found that a lot of links are broken and same for multiple other modules,
is it due to the migration or those links are just broken?

Also in the pdf or epub version as well these links don't go anywhere.
Will they start working once the migration is completed?

It should get fixed, hopefully today, we are still fixing bugs like this and adding the translations

@fluid thunderWill you interested in a multiprocessing version of this https://github.com/carlospolop/bf-aws-permission or that's against design choice?

hey! It already has multiprocessing, it uses the param sleep_time as sleep time between testing one command and the next one so you can reduce it if you want to increase the speed.
It's not the most fancy multiprocessing, but it's the easiest to implement in bash hahaha
What were you thinking to implement?

oh nice! Sorry i didn't notice lol

Hi @fluid thunder I have issues deploying labs in the ARTE course "Error provisioning lesson labs", could you please support ? thanks

Hi! You can set your discord handle in your profile and you will be invited to a specific ARTE group and you will also be able to open support tickets.

Regarding your problem, have you tried going to the courses and labs page and reseting the lab env. You will be assigned a new lab env which shouldn't have deployment problems

for the discord handle, I thought I've already did it, but I'll double check. I had a concern about resetoing the la env, if it will reset the completion status of all labs done so far, is it the case or only the env ?

Only the lab env, the progress doesn't change

I'll do that then , thanks

You should be able to see tje channel #arte-general

nope

I bought the ARTE course in Nov, but I couldn’t find my voucher in email, can please resend ?

Hey @atomic meadow you should be able to go to https://training.hacktricks.xyz/vouchers and see your voucher there. Then click the re-send button

Dang that's crazy man!

Lucky me I just go straight to the source 😉

Got the website in my mental bookmarks lmao

Thank you so much ☺️ will start the course in Feb after vacation.

Hey everyone! I just saw the LinkedIn post where hacktricks talked about getting de-indexed from Google because having the site available in multiple languages. And they switched to a new domain.

I'm curious if they are still using GitBooks for their content or using something else now. 🤔🤔

Also, now I see they have a few sponsor ads running on the side. Which was not possible if they use Gitrbooks I guess? 🤔

Hi! Now we use our on infra to be able to control everything.
Gitbook allows to put the ads in the same place with the same aesthetics. Previously we had some sponsor ads + gitbook ads, now we have moved the sponsor ads to where the gibook ads were and we don't have gitbook ads, so the number of ads have actually been reduced:)

Thank you for clarifying! 🙂

@everyone
Introducing NaxusAI – Your Source Code Security Companion!
www.naxusai.com is now live!

🔍 What is NaxusAI?

• Generate a call graph of your code repository to analyze vulnerabilities & backdoors using LLMs with maximum context and minimal code submission.
• Monitor commits and PRs in real-time, ensuring your code is secure before it hits production.

💡 Why NaxusAI?

• Optimize code audits with cutting-edge AI.
• Seamless integration with your existing workflow.
• Free to try with your API keys!

📚 Check the docs here: https://docs.naxusai.com/
Ready to level up your code security? Start now at www.naxusai.com! 🚀

If you have questions or want to report a bug or ask for a feature you can also do it in the new NaxusAI discord server: https://discord.gg/6ghgw7Cw

I was trying to purchase the PDF Hacktrick book and see that PayPal is no longer accepted. How can I purchase that PDF?

Hacktricks can now be executed locally with a docker container, you have intructions in the main page.
Therefore there is no PDF anymore

OK, thanks. I am going to step out for a minute to kick my own ass. I do see that in there and missed that. LOL

@fluid thunder Just curious if you are working on a HackTricks AI model?

I would love it, but I don't have the time.
We have hacktricks.ai which an openai assistant with access to hacktricks

ohh, I need to check that out. Thats why I wanted to get a PDF of Hacktricks. I am feeding my AI model to pull from it.

Is that even legal ?

Why wouldnt it be. I purchase the PDF and store it on my PC. Instead of reading it, I can ask questions that can be answered from it.

Oh for a local one mb didn’t see that 😂

What model u running can I dm you ?

Ya. All private and local

Sure

What are you using to feed hacktricks to the model??

There is a mock exam from secops group

its just one question

login as admin and get the flag

anybody can help?

The only thing is given is a JWT and an api endpoint, tried all jwt attacks

Right now nothing. I was looking for the PDF to feed it

I’ve been meaning to setup a local LLM for this kind of stuff but have some conflicting priorities for awhile. Are you using LLM Studio?

Ollama right now

Why does hacktricks have its macosx readteaming removed

?

what do you mean? I can see it

Redteaming section has got issues so yer

Check privilege escalation section

I can access https://book.hacktricks.wiki/en/macos-hardening/macos-security-and-privilege-escalation/macos-privilege-escalation.html an see the content.
Could you be more specific about what is failing in your side please?

maybe they mean trying to access certain links on the page itself, like the TCC Privesc, leads to a 404 for me

also...man I feel like a dummy, ever since the update to the new domain, my left sidebar on hacktricks disappeared, and it turns out uBlock Origin was blocking the sidebar from loading 😭 I was finding it so hard to navigate the hacktricks site just by using the search function constantly haha

thanks! We will look into it, it's qeird cause the link is ending in README.html and should be index.html

yeah, we have been reported some weird behaviours due to the use of some browser extensions... not sure what to do really in those cases haha

Hi. I have purchased ARTE exam voucher. Not redeemed it yet. But before redeeming, I have few queries to ask. I came to know that there is a separate channel for that. Will I be able to get the access of that channel so that I can put my queries forward over there?

I have added my discord handle link too in the profile section but haven't received an invite yet since one week.

Thanks in advance.

Hi! In order to get added to that channel you need to redeem the voucher.
Feel free to dm me if you have questions about the cert

I have activated voucher for ARTE, I haven’t received invite link yet

To access the discord channel for ARTE you need to set your discord handle in your profile https://training.hacktricks.xyz/

I have set. Which channel needs this setting ?

If you have set it correctly the channel "arte-general" should appear!

Have you seen this: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html ?
Interesting approach on abusing s3 buckets.

Very interesting!

Also an interesting write-up: https://www.plerion.com/blog/find-hidden-aws-resources-with-effective-wordlists

404?
https://book.hacktricks.wiki/en/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps/electron-contextisolation-rce-via-ipc.html

https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-web/electron-desktop-apps/electron-contextisolation-rce-via-ipc.html

thanks bro

AzRTE!!! When is the last day to get the Pre-Release discount?? 🙁 ❓

I already hacked a tiktok account but the password is difficult for me I need to put URL link but I don't know how to do that

It will at least last at least until the release

awesome!!! thank you sir!

Sorry one question , does the new azure certification cover pentest of hosted services as well ?

It covers how several Azure services used to host applications works and how can be attacked. But it doesn't cover for example hacking web

till realese

We will probably leave the discount for a couple of weeks

how much to pay hacktricks team for private sesiso

*session

what are you looking for? a pentest? Feel free to send me a DM

Does anybody have experience with OCI (Oracle Cloud)?
I'm looking for a way to leak somehow the OCI tenancy/user ID, given the storage namespace name (if that's possible ofc)

Can anyone in here help me with the training registration? I'm not getting any activation emails.

Have you check the spam folder? Can you DM the email you have used to create an account?

@fluid thunder sent a dm

Hey carlos your wiki page of web hacking is just basics and intermediate or it's whole enterprise level knowledge source? I had visited but get confused , that this things helps me to do better in bug bounty field?

Or this whole pages are just for starting out any carrier in cyber security field?

anyone here who is using arch as distro?

I do, pretty happy with it right now but definitely not super user friendly

i suppose you learn a lot with it?

Depends on how deep you dive into each topic. But yeah it is interesting. Once I got everything working I've kind of forgotten most of the little details

I feel from a hacker and security point of view, arch/blackarch should be very valuable since it will really force you to learn linux (and computers in general) deeply ?

I'm still a Linux noobie but considering with just getting arch dual boot anyway

Hi

Hi guys

Hey guys
Just started the labs in Azure red team in hacktricks
I’m trying to figure how to
enumerate few things in azure

Specifically in the application add secret lab

Hello! Ask on the azrte-general channel

Great ! How do I join the group?

Link your discord account in the hacktricks training website

On your profile you should see the option to do it

Ok thanks will check

one of the initial videos shows you how to do this!

Hello. In ARTA KMS Lab any ideas?
An error occurred (InvalidCiphertextException) when calling the Decrypt operation:
aws kms decrypt --ciphertext-blob ms_lab_1_user2_credentials_encrypted.txt --key-id 32778d35-462d-4bf6-b62d-f2c6eb043bbe --profile audit01 --region us-east-1 --output text --query Plaintext | base64 --decode
i removed whitespaces in the base64 encrypted key file already
i used file://enc.txt and fileb://enc.txt
nothing working
file should work as its textmode

ok solved both

Carlos bro make an online android app of hacktricks

@fluid thunder I would like to request a quotation for the ARTE certification course to submit to my management for approval

That would take a lot of time man

Please let @crude wadi know your email address to send it!

But it become easy to use in some case

I agree mate, but I don't have the time

Ok but i have a another request

Can you please make a seperate section of bug bounty in your wiki?

The repo is outh there! you have everything needed to make it if you wish and share it with everyone

.

Done

HackTricks is always open for suggestions of improvements and new hacking techniques in the Github repository via PRs.
Feel free to open a PR explaining in detail how that would be helpful and what to expect

Hello

The hint was not enough to solve the first lab. I need another hint. I did the following: az ad app credential reset --id <appId> --append
& az login --service-principal --username APP_ID --password CLIENT_SECRET --tenant TENANT_ID. Don't know how to retrieve the flag from the key vault.

I need the solutions for the Azure Red Team Expert labs.

You need to ask in https://discord.com/channels/934863857573306398/1353676555372728431. If you can't see the channel then link your Discord as was shown in Introduction. But answering your question -> check https://cloud.hacktricks.wiki/en/pentesting-cloud/azure-security/az-services/az-keyvault.html

use the private channel and open a ticket. If you dont see access to the private channel, add the discord handler to your profile in hacktricks trainning

DM me if you have any issues

Hi, everyone!!

am i the only one that gets this error
i've tried differet browsers

weird it's working for me:

Do you have any errors in the console?

no
https://book.hacktricks.wiki/en/index.html

the site works for few sec then it hangs

please, check the console and the network tabs of the developer tools and let me know the errors you see there

i've reloaded multiple times
the site jus works for few sec when it'sloading an then after loading it hangs

what about the nextwork tab? There must be something failing somewhere

Aviator signal bot

I want

Hi everybody, how are things going?
I've noticed some slow behavior on hacktricks website in the last week, someone else has experienced that?

Yes, it's due to the new way mdbook implement searches. Now hacktricks need to load a very big script to be able to search inside of it.
I need to move that functionality to a service worker but I haven't had the time yet

oh, I get it, thank you so much for such a info

I really appreciate

This should be fixed once the cache of the previos script expires

You're awesome, thank you for keeping me up to date

Congrats for all of your job

Thanks!

Hi @everyone !
You can now use the search button of book.hacktricks.wiki to search in both book.hacktricks.wiki and cloud.hacktricks.wiki. This should allow to find information in hacktricks easily, but can be confusing if you were just expecting to search info only in book.hacktricks.wiki.
What do you thikn about this? Should cloud.hacktricks.wiki also show results from book.hacktricks.wiki?

Okay

Could you show a flag in the results define where it is coming from

Thats indicated in each search result with the flags '[Book]" and "[Cloud]"

Hi ! I'm coursing the ARTE certification and I saw in the profile section there's a Discord handle to enter to access course content discord channels. It's giving me an error that says "Error adding user to discord role. Ensure you are using the correct handle". I found my handle in the way that official Discord page explained !

Should be solved now!

Hi

I wanted to thank Carlos, Ignacio, and Jaime for helping us explore the exploitable AWS and Azure in 2-Days 2-Clouds

Thank you for joining us in the course at Hack Space Con!!

Hello - new to the community. Registered on the website with my discord handle, slayer recommended I join here with questions about cloudpeas. Any channel I should look for those conversations?

(Not yet in a course but will likely sign up for one in late June)

Hi, welcome!!

This channel is fine for any CloudPeas questions!

For the courses we have specific channels once you start one you will get added to It automatically.

https://www.linkedin.com/posts/hector-ruiz-ruiz-05a6aa236_azuresecurity-cloudsecurity-redteam-activity-7332707074843267073-ZoN9?utm_source=share&utm_medium=member_desktop&rcm=ACoAADrV1cYBDWqdY2taKcRxU2cnHp4XG-rMfRcç

🫶

how can I reach support? I have some problem with environment

Open a ticket in #training-support or use the private Channel of the course

Do we have an idea on the Azure Apprentice release date?

asap, 1-3 weeks max I would say

thank you

I am looking for help with invoice which I paid for the course, made a mistake with location

Check your email

Hi @everyone ! I would like to introduce you #hacktricks-feed , a new channel were the hacktricks bot will find new technical posts about vulnerabilities and hacking techniques and post them with a PDF which would be the summary of the post. The goal is to only get technical hacking posts and get the explained techniques sumarized to learn those faster.
I hope you like it!

hello, i can't run hacktricks locally. i mean, i run docker command and all stuff but webserver not works after 5m

Hey everyone 👋
I’ve just started my public Web & API Security journey on Twitter — focusing on deep learning + real-world bug bounty hunting.
Here’s my full roadmap & routine:
Plan: https://x.com/kalki_x0/status/1937079941050380331
Daily Routine: https://x.com/kalki_x0/status/1937102330802880944
🙌 Would really appreciate feedback from experienced hackers:
Any suggestions or areas to improve?
Also, if anyone wants to join, I’ll share my Notion template and free learning resources. Just DM me!

Thanks 🙏

Anyone here from Apple who can give a referral for a strong candidate with matching profile?

Dear all I am beginner in this field and I have some query. please help me

hello

Hi, what do you want to ask?

Hello!

I just started the Azure Red Team Apprentice course and noticed that the "Methodologies" section is empty. Is this expected?

Fixed! Please, to get faster support join the private hacktricks training channels and you will be able to ask for these things in #azrte-general or open a ticket in #training-support

We made some recent changes, it is solved now!

Beauty ! Thanks !

Good morning all

Dear friend actually i am asking about bug bounty . I compleated basic concept about cyber security but i am confuse what to do next

portswigger academy

or tryhackme beginners path depending what basic cyber security means.

i know but my basic are clear but i am confuse what to next for job or bug bounty .

well. do some bb while you look for a job.

Might be useful for anyone that obtains a Github PAT. 😉
https://github.com/nopcorn/RascalRunner

I've added my discord id to Hacktrick profile. I am taking ARTE. Could someone grant me access to the channels?

The access shuold be given automatically, notice that your id is ".vlynx", can you try again?

I used the numeric id from "copy id" before. Maybe it was the problem. I've changed it to .vlynx. Let's see how fast it takes effect.

it should be instantaneous, can you see #arte-general ?

yes I can see it now. Thank you!

and thank you for the speedy response

We are going to do a red team exercise in our company's aws environment soon. Hopefully I can use some tricks from ARTE.

good luck!

Hey all, for thoses interested in GCP I built GCP Delegate tool to abuse Domain Wide Delegation, and posted a blog post about it back in 2023 if you are new to GCP and interested I tried my best to make it digestible and accessible 😉 https://medium.com/@lutzenfried/gcp-domain-wide-delegation-abuses-b82b8dd8cf15

And BTW; Hi to everyone here ✌️

I'm coursing the ARTE certification and I saw in the profile section there's a Discord handle to enter to access course content discord channels. It's giving me an error that says "Error adding user to discord role. Ensure you are using the correct handle".

Your handle is b0nd007__
Make sure to add it exactly as is

i set my username to evil.com and able to send a mail to another user and when the another user opens the mail evil.com is clickale amd open real evil.com site
is this a bug guysss?
like i am able to set any domain name as my username and i mail it is clickable

hello everyone, i am trying to get remote access via XXE in a lab, tried many methods, none of them worked.
works fine: <!ENTITY xxe SYSTEM "expect://id;ls">
doesn't work: <!ENTITY xxe SYSTEM "expect://id; ls">
${IFS}, %20, %09, \t, \
any help plz?

Hey,
Quick question: what’s the cost of a retake if one fails the AzRTE exam?

Hi! The retake is 199€

Hey @fluid thunder when is the next discount?

Black friday I guess

Hey happy Friday! Am I crazy or did the search feature get removed from https://book.hacktricks.wiki/en/index.html ?

fixed

i think here should be some pictures (as i've read in the text)
https://cloud.hacktricks.wiki/en/pentesting-cloud/aws-security/aws-services/aws-ec2-ebs-elb-ssm-vpc-and-vpn-enum/aws-vpc-and-networking-basic-information.html

or it's a link to the image on the top of the website?

looks like they are not available anymore

Howdy. Looks like Google is aggressively trying to block Hacktricks again.

https://book.hacktricks.wiki/

yep, they are, anybody knows anyone working at google that could help?

How can I add myself in ARTE channel? Can anyone pls let me know?

On your student dashboard, click "Profile" and add your discord handle

Hey @crude wadi unrelated to the GCP course so I thought I should ask it here: Are you a cloud security analyst ? I'm wondering how well the courses from HackTricks helped you with real world assessments

Hey!! Yes actually it helped very much, I did not know anything related to cloud before the courses. I started with the AWS and I've been able to do some assessments since then.

Not gonna like the first one is a little overwhelming, cause there are lots of things to take into account hahaha.

So from your experience, what services are companies outsourcing the most for Cloud? Whitebox? Remediation? Pentesting? Secure migration?

Is there any content related to AWS Managed Workflows for Apache Airflow (mwaa)?

Any tucked in the airflow section or anything, I can't find any...

Not yet but we are open to PRs if you want to share something.
There is however content about GCP Composer (which is airflow in GCP): https://cloud.hacktricks.wiki/en/pentesting-cloud/gcp-security/gcp-services/gcp-composer-enum.html

Got some stuff headed your way

In my experience I've done mostly whitebox assesments, I think that it is what is more requested.

I do exclusively cloud and AI/ML testing for a pretty big consulting firm… generally it usually ends up being best to do white box config reviews where the attack methods you know become poc’s for your findings or help you threat model.

Very rarely do we sell black boxes to people because they just get so much more out of the white boxes.

Thanks for the insight. I'm just starting as a cloud pentester so I would appreciate knowing more of your experience. DMed you if you don't mind

GRTE review

https://youtu.be/21Q76VNxhqI

Hey, regarding last BB challenge(AWS), I'll try not to spoil anything - but in the reverse shell with the start role, while trying to change dirs and such (into Internal), the shell starts breaking apart. I tried destroying and re-starting multiple times but I just gave up. Anyone had this issue? (also, backspace began writing the equiv value of ^? and stty erase doesn't work on it).

Never had this issue before, you can DM me if you need!

Users/roles can have different types of policies applied:

• inline
• attached
• PermissionsBoundary

In this case, the most restrictive policy, and the one referenced by AWS, will be PermissionsBoundary. For example, if the inline/attached policies contain conditional s3:GetObject or s3:ListObject, but PermissionsBoundary does not, the user will not be able to perform any operations on the s3 bucket.

However, inline and attached policies should not be neglected, as they may contain the following permissions:

• iam:PutUserPolicy for oneself
• iam:PutRolePolicy for a certain role
• iam CreatePolicy + iam:AttachUserPolicy
• iam:CreateAccessKey for yourself
• sts:AssumeRole for a role that either does not have PermissionsBoundary or has it but has more rights
• lambda:UpdateFunctionCode + lambda:InvokeFunction
• iam:UpdateAssumeRolePolicy

because having the above rights allows you to somehow upgrade or for lateral movement.

hacktricks cloud loading weird/broken for anyone else? mostly in the sidepanel. The search icon is missing too but still clickable.

looked fine yesterday I think. on chrome/firefox on both my mac/windows boxes

Regarding the weird pannel, it's because of the update of mdbook, they have decided to use that very ugly organization instead of the previous one. I don't know when I'll have the time to take a look to that.
Regarding the search button dissapearing I didn't notice that, I'll try to fix that asap

cheers! Thanks for all the work on a great resource!

How do I reload changes in my local copy of HackTricks? I tried removing a section in the HackTricks folder but the changes didn't reload

you need to rebuild the book

Hi, with whom can i talk about my training voucher?

Hi you can DM me!

@next python

Hi, is there anyone I can talk to about some technical issues during the Exam?

Open a ticket in the proper Channel or dm me

@twin quarry granted you the necessary discord role to open a ticket. You should see #training-support

is hacktricks.ai down for anyone else?

it's now fixed!

@everyone Happy 2026! 🎉
Hope 2025 treated you as well as it could, and that 2026 brings more wins, learning, certs and good energy.
Thanks for being part of the HackTricks community — let’s level up this year! 🚀

Thanks Carlos! Your content has been amazing and I'm looking forward to the future with the community. Shout out to @crude wadi. That guy is great

Thanks hahaha😆

any discount?

@fluid thunder is this a valid site ?

https://hacktricks-training.com/

It'll be the new site in a few weeks, for the moment keep using https://training.hacktricks.xyz/

Why won't it let me register?

we are taking a look into it!

Unfortunately this is in AWS hands to review or emails quota increase and it can take up to 24h for them to review it...

Great, I'll try again tomorrow!

@everyone the limit was increased and now you can create your account in https://tools.hacktricks.wiki/

(If you find any other issue let me know please)

Hey Carlos, I'm getting a 502 error for some queries on ai.hacktricks.wiki, and when clicking the ? for AWS security, I get this error:

An error occurred: Unexpected token 'I', "Internal S"... is not valid JSON

Thanks for letting me know! Fix is deploying, check in 5mins

Hi @everyone !
There have been several fixes applied in past couple of days to https://tools.hacktricks.wiki/ as we discovered new rate limits and new edge cases while going into production.
I think most of these issues have been solved already. If you are using the AI chat please, refresh the page to use the latest version.

And if anyone find any other bugs, let us know please!

https://github.com/Ilias1988/ReverseShell-Generator My new project! I'm experimenting with ideas! Your feedback is welcome!

Guys , i can't register my account in tools.hacktricks. captch stucks

It just worked for me can you try in a difefrent browser?

It's working now

Some of the cloud people might like this... here's the reverse of consoler... CLIer

https://github.com/AI-redteam/clier

Extension gets you service scoped creds just by visiting the service page on console. Multi format export including QR code for if you're in a VDI.

I created Hash Identifier with the help of AI. I would be delighted if you could evaluate it! https://github.com/Ilias1988/HashID-Pro

this is pretty nice!

Thanks, it’s been at least good at scaring clients lol

https://github.com/Ilias1988/Magic-Bytes-List The Magic Bytes Book ❤️

Some of you may find this tool useful. I've been developing it for some time, and with a lot of feedback from the community, it has grown into something interesting, at least 😁 Take a look:
https://github.com/TheArqsz/JSRecon-Buddy

https://github.com/Ilias1988/Universal-News-Scraper Check it out if you want, and why not click on a star!!! 🙂

How to hack the wifi passwords

Ask for the password

Hello team, how can I open a ticket? My time ran out and I couldn't take the exam. @fluid thunder told me that I can get information through this channel.

Hi! Go to #training-support and open a ticket there!! You can also DM me if you want

is books.hacktricks.xyz having some issues?

The url is book.hacktricks.wiki

Hello , i hope you are doing good , i want to learn hacking but i struggling to find powerful resources for beginners , please guys if someone can help me , send me in the private , thanks a lot .

Hi

@fluid thunder -> Is hacktricks planing to release any course about AI hacking maybe ?

we are considering it, but not this year probably

https://github.com/AI-redteam/CeleryStrike

might be interesting for anyone running mwaa 🥸

@fluid thunder hey where you the one who made ai.hacktricks ? or is that a third party tool?

can you make a website like hackthebox or tryhackme with the quizes and vms?

im going to school for a cyber security degree i havent started the main courses yet, but i love exploring on hacktricks and would love to take a course from hacktricks instead of theose two if i could for more practice

another idea would be a freemium chrome/firefox extension for testing websites

im gonna try to contribute to the rust docs

Yes

We have Hacktricks-training.com atm

good i was scared it was a 3rd party for second and my internet blocks it automatically for some reason

this is nice, its a bit on the expensive side, is there any local machine courses? i only see courses for aws and cloud services

Hello there! Newbie here, thank you

nice to meet you

added to the rust notes, here is the pull https://github.com/HackTricks-wiki/hacktricks/pull/1928

this is the message i get whenever i try to go on it

What happens if you set the url with https at the beginning?

@crystal solstice so I happen to have xfinity internet I think its gets automatically blocked, I dont know if thats the case for everybodys interent or maybe just for me

Could be a DNS issue? May be worth attempting executing the following

1. Execute nslookup ai.hacktricks.wiki
2. Collect the IP from the response and add it to your /etc/hosts or similar as shown below

xxx.xxx.xxx.xxx ai.hacktricks.wiki

3. Save the file and attempt to revist the site

i get an alert on my xfinity to allow it, i was just saying that might be concern if its stopping other people from accessing the website

So yea idk if this happens for other ppl im in America

With the updated hacktricks, can I use the online tools for bug bounty? What's new?

Is it possible to bypass a soft-2fa email check?

with the correct password

Hi! I just activated my AZRTE voucher. I have added my discord handle to the hacktricks account profile. Could I get access to the training channels please ?

The access should be granted automatically, please can you retry again deleting and readding your handle? Juts to be sure, your handle is: engkiat0

What's the difference in the bundles? I see there's an apprentice, and it's much much cheaper, it costs 807e for a 1 ARTA course voucher
1 GRTA course voucher
1 AZRTA course voucher

and the other one costs 2472e.

the apprenitce certs are small subsets of the expert certs.
In the section "Explore the path" in https://hacktricks-training.com/courses/azrta/ and https://hacktricks-training.com/courses/azrte/, if you open each section, you will see that the expert evrsion has a lot more labs and lessons

HackTricks Training is celebrating the recent release of the new AWS labs with a limited-time 25% discount on our AWS Red Team Expert and Apprentice courses (ARTE & ARTA)

🕒 Ends April 12th (23:59 CET)
🎟️ Code: AWSUPGRADE
👉 https://hacktricks-training.com/

If you’ve been thinking about improving your cloud security skills, this is the perfect moment to jump in.

Hello, I need help, I had ARTE on my profile, but looks like it's gone. How it's possible? 😩

Hi, can you dm me your hacktricks username?

Sure, I did it.

Hi @simple perch / @crude wadi Glad to join the community. Can you pls check my dm.

Hey everyone 👋

I’m a trained SOC analyst (fresher). I’ve applied for jobs but haven’t had a chance to showcase my skills yet.

So I’m starting bug bounty. I’ve practiced Broken Access Control (BAC) labs and now moving to real-world testing.

Any tips, guides, or platform suggestions would really help

@everyone check out the HackTricks tools in https://tools.hacktricks.wiki/, among other you now can:

• Request an automatic update of HackTrick pages
• Scan public repos for vulnerabilities
• Talk to HackTricks AI
  And much more!

Will there ever be a course on privilege escalation in Windows?

maybe! Let's see how it goes with the linux one first!

Not now, hacktricks. Im trying to privesc

🤣 🤣 🤣 🤣
Is that for real? If that is I'll change provider asap

I have disabled those ads, it'll take some mins to make them dissapear bc of the cache, thank you for letting me know!

Haha yeah it was real. Appreciate you!

Hi, I started the ARTE cert and I have technical problem activating my voucher. How can I contact the support team?

@crude wadi

Hi dm me

hey can I use SharpRDP-like tools for RDWEB connectioion with .rdp file?

Hey team, noticed some stuff worth fixing in the AWS MFA Device priv esc stuff, made a PR here: https://github.com/HackTricks-wiki/hacktricks-cloud/pull/294 take a look when you have a chance! thanks.

thanks!

new SSTI techniques added in https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection take a look to the GO one!

is the book 24/7 updated ?

yep, it's updated everytime I discover a new trick or anyone submits a PR to share some new trick

Kubernetes namespace escalation tricks: https://book.hacktricks.xyz/cloud-security/pentesting-kubernetes/namespace-escalation

Hi Guys! For the people that has bought hacktricks PDF, may I ask you why do you need it offline?

You can buy it?

yes, you can, but it's outdated (JAN 2021), I'm working on being able to update it

where am i able to buy it just out of interest?

https://www.buymeacoffee.com/carlospolop/shop I will be uploading an updated version in few weeks 🙂

Hello @fluid thunder , can you open a channel to report some issues (alternative to github's issues) to report some broken link and typos?

I suppose you are talking about Hacktricks. Feel free to send those issues in the hacktricks channel

Hi again, there is a broken link (http://reverse-tcp.xyz/pentest/database/2017/02/09/Redis-Hacking-Tips.html) in the pentesting 6379 - Pentesting Redis in the seccion Redis RCE.

Can't find a new blog for the original author of this blog post. I'd say for this case, we could provide the archive.org page since it's been saved there.

• https://web.archive.org/web/20191201022931/http://reverse-tcp.xyz/pentest/database/2017/02/09/Redis-Hacking-Tips.html

thanks guys, I have updated that link

Hi guys I think there is an issue in the 2nd to last line of the python code example on this page: https://book.hacktricks.xyz/pentesting/554-8554-pentesting-rtsp
The code doesn't actually call the recv function. I'm not sure what the correct code should be.

Also, the python code should probably adopt python3 semantics, i.e. print(data) not print data

thanks mate, I now the code calls s.recv() and print is in python3 format, let me know if you have any other troubles with that

Hi, running the new code example yields an error. I believe recv() requires an argument. This is the part where I don't know what the correct code should look like.

Can probably put 1024 in as the argument, but I'm unsure if this will make the program hang indefinitely.

do you know an IP address where I can test it?

rewritten SSRF tricks and techniquesguide: https://book.hacktricks.xyz/pentesting-web/ssrf-server-side-request-forgery

Great site!! Good work!!

Hi, I'm currently programming a python script for listing the most common ports (I still forget them), and I would like to integrate your hacktrick page links to the script, would it be OK with you? For example, when I query port 21 it would output something like :

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files between a client and server on a computer network.
Pentesting tips : https://book.hacktricks.xyz/pentesting/pentesting-ftp

@rugged folio I dont think there would be any problem, descriptions are basically common knowledge. if the script is only for you its completely fine. but if you want to share it on github etc as a tool and it's actively querying hacktricks to fetch info, it would be nice if you mention hacktricks as part of the tool ;)

but @fluid thunder will answer you asap

yeah mate, no problem!

New Hacking Firmware methodology in hacktricks: https://book.hacktricks.xyz/physical-attacks/firmware-analysis

hey

Did you know that you can find information about Pentesting Wifi in Hacktricks? https://book.hacktricks.xyz/pentesting/pentesting-wifi

I'm experiencing a strange issue where I visit this page https://book.hacktricks.xyz/exploiting/linux-exploiting-basic-esp, the content loads, then is replaced with a little red and blue loading spinner that never disappears. Happens in Chromium and Firefox (on Linux), I've temporarily disabled Ghostery too but it still won't load. I've watched a fresh page load via Firefox's task manager and I see it spike the energy impact value then just disappear (am guessing its crashed). Does anyone else see this?

Hello! It's working for me, are you using any VPN/Firewall?

I do see the loading dots, however it loads for me

no vpn or firewall, it happens on my virtual machine too. It's weird, must be an issue on my PC though.

thanks for checking and replying

Could you try from other device tho?

To see if it's an ISP or device issue

If I try it from my phone it works, that'll do me.

same to me

but i can't see anything

are you on linux as well, with Firefox?

yeaa

kali linux, with firefox

well, there are of us now then

i tried on my other web browsers too but, nothing as well

I'm from Brazil and you?

maybe the location can affect the result, idk

I'm from the UK, so I doubt we are connected with that

who knows though, DNS is a mysterious thing 😂

haha

I can get to it if I pick https://book.hacktricks.xyz/exploiting/tools first, let that load (show the spinner but this one only appears for a short amount of time then vanishes) then go to the linux exploiting basic esp page.

i tested over my windows and

it works perfectly

damn it, it's a linux issue isn't it.

I don't think @fluid thunder can do something about it as it looks as a GitBook issue, just pinging him in case

Yeah, that part is managed by gitbook. If you want put a tweet mentioning me and gitbook

Are there any special features on that page, as the rest of the site that I've looked at so far works, and other gitbooks sites work so I'm not sure this will be just a gitbook issue, it might be a combination of factors that lead to it.

Anyway, I appreciate your attentions

o/ all

is there some people engage in sec699 or CRTO?

Im doing the CRTP if that counts. LOL

I did it in january 😀 hf it was a fun cert

Hello guy someone can gave me a good advice and good training site to pass OSCP?

Updated info to escalate privileges with leaked handles in Windows: https://book.hacktricks.xyz/windows/windows-local-privilege-escalation/leaked-handle-exploitation

Hola Carlos,
I believe there's a typo in https://book.hacktricks.xyz/pentesting/pentesting-smb#hacktricks-automatic-commands

smbclient -h "\\{IP}\" -U {Domain_Name} -W {Username} -l {IP}
smbclient -h "\\{IP}\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash hash

Should be :

smbclient -H \\{IP}\ -U {Username} -W {Domain_Name}
smbclient -H \\{IP}\ -U {Username} -W {Domain_Name} --pw-nt-hash hash

Not sure about the -l, it's suppose to be for log-basename.
Thanks for your awesome work