updated steganogaphy

src/_components/footer.vto

@@ -46,6 +46,14 @@
                 >
                     {{ site.ihunt.name }}
                 </a>
+                <a
+                    href="{{ site.lolgen.url }}"
+                    target="_blank"
+                    rel="noopener noreferrer"
+                    class="hover:brightness-200"
+                >
+                    {{ site.lolgen.name }}
+                </a>
             </div>
         </div>
         {{# /OTHER TOOLS #}}

src/_components/header.vto

@@ -34,7 +34,6 @@
         </div>
         {{# /Title & Search #}}
 
-
         {{# Socials #}}
         <div class="hidden md:flex w-full h-full items-center justify-end gap-x-4">
             <a href="/support/">
@@ -78,6 +77,13 @@
                     >
                         {{ site.ihunt.name }}
                     </a>
+                    <a
+                        href="{{ site.lolgen.url }}"
+                        target="_blank"
+                        rel="noopener noreferrer"
+                    >
+                        {{ site.lolgen.name }}
+                    </a>
                 </div>
             </div>
             <a

src/_components/navigation.vto

@@ -78,6 +78,14 @@
                 >
                     {{ site.ihunt.name }}
                 </a>
+                <a
+                    href="{{ site.lolgen.url }}"
+                    target="_blank"
+                    rel="noopener noreferrer"
+                    class="text-lg"
+                >
+                    {{ site.lolgen.name }}
+                </a>
             </div>
         </div>
     </div>

src/_data/site.yml

@@ -25,4 +25,7 @@ ihunt:
   name: ihunt
   url: https://github.com/hideckies/ihunt
   desc: Information gathering tool.
-
+lolgen:
+  name: LOLGEN
+  url: https://lolgen.hdks.org/
+  desc: Living Off The Land Payload Generator.

src/_includes/layouts/exploit.vto

@@ -67,14 +67,6 @@ bodyClass: body-exploit
             <div class="w-full p-4">
                 <h1 id="exploit-title" class="text-5xl font-black">{{ title }}</h1>
                 <p class="my-3 text-slate-500">Last modified: {{ date.toISOString().split('T')[0] }}</p>
-
-                {{# {{ if tags.length > 0 }}
-                <div class="my-3 flex flex-wrap items-end space-x-2 space-y-2">
-                    {{ for tag of tags }}
-                    <span class="bg-pink-dark rounded-md px-3 py-1 text-white">{{ tag }}</span>
-                    {{ /for }}
-                </div>
-                {{ /if }} #}}
             </div>
 
             <p class="px-2 py-4 text-slate-400 text-lg">{{ description }}</p>

src/exploit/container/docker/docker-escape.md

@@ -7,7 +7,7 @@ tags:
 refs:
     - https://book.hacktricks.xyz/linux-hardening/privilege-escalation/docker-breakout/docker-breakout-privilege-escalation
     - https://gist.github.com/PwnPeter/3f0a678bf44902eae07486c9cc589c25
-date: 2024-07-28
+date: 2024-09-25
 draft: false
 ---
 
@@ -57,6 +57,7 @@ ss -ltu
 cat /etc/hosts
 
 # Port scan another host
+nmap 172.17.0.0/24
 nmap 172.17.0.1
 for i in {1..65535}; do (echo > /dev/tcp/172.17.0.1/$i) >/dev/null 2>&1 && echo $i is open; done
 

src/exploit/network/port-forwarding/port-forwarding-with-chisel.md

@@ -5,7 +5,7 @@ tags:
     - Network
 refs:
     - https://github.com/jpillora/chisel
-date: 2023-05-20
+date: 2024-09-25
 draft: false
 ---
 
@@ -119,19 +119,27 @@ It is useful when we want to access to the host & multiple ports that cannot be
 
 ```bash
 # In local machine
-chisel server -p 9999 --reverse
+chisel server -p 9999 --reverse --socks5
 
 # In remote machine
-chisel client 10.0.0.1:9999 R:9000:socks
+chisel client 10.0.0.1:9999 R:socks
 ```
 
-Then modify **`/etc/proxychains.conf`** in local machine.  
+After connected, see the chisel server log:
+
+```sh
+2024/09/01 00:00:00 server: session#3: tun: proxy#R:127.0.0.1:1080=>socks: Listening
+```
+
+Note the 127.0.0.1:1080 and we can paste it for SOCKS proxy settings such as proxhchains and Burp.  
+
+Modify **`/etc/proxychains.conf`** in local machine.  
 Comment out the line of **"socks4"**.
 
 ```bash
 # /etc/proxychains.conf
 ...
-socks5 127.0.0.1 9000
+socks5 127.0.0.1 1080
 ```
 
 To confirm if we can reach the desired host and port, run **nmap** with **proxychains**.

src/exploit/reconnaissance/index.md

@@ -8,25 +8,25 @@ tags:
     - Web
 refs:
     - https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover
-date: 2023-10-26
+date: 2024-09-25
 draft: false
 ---
 
 ## Automation
 
-- **[AutoRecon](https://github.com/Tib3rius/AutoRecon)**
-- **[FinalRecon](https://github.com/thewhiteh4t/FinalRecon)**
-- **[recon-ng](https://github.com/lanmaster53/recon-ng)**
-- **[reconftw](https://github.com/six2dez/reconftw)**
-- **[theHarvester](https://github.com/laramies/theHarvester)**
+- [AutoRecon](https://github.com/Tib3rius/AutoRecon)
+- [FinalRecon](https://github.com/thewhiteh4t/FinalRecon)
+- [recon-ng](https://github.com/lanmaster53/recon-ng)
+- [reconftw](https://github.com/six2dez/reconftw)
+- [theHarvester](https://github.com/laramies/theHarvester)
 
 <br />
 
 ## Acquisitions
 
 We need to find the other companies which are owned by the target company.
 
-- **[CrunchBase](https://www.crunchbase.com/)**
+- [CrunchBase](https://www.crunchbase.com/)
 
 <br />
 
@@ -36,8 +36,8 @@ An autonomous system number (ASN) is a collection of connected IP routing prefix
 **Border Gateway Protocol (BGP)** is used to notify the routing policy to the other AS or routers.  
 We can also find IP ranges belonging to the ASN.
 
-- **[BGP Toolkit](https://bgp.he.net/)**
-- **[ASN Lookup](https://asnlookup.com/)**
+- [BGP Toolkit](https://bgp.he.net/)
+- [ASN Lookup](https://asnlookup.com/)
 
 <br />
 
@@ -74,27 +74,27 @@ nmap -sP <target-ip>/8 -T2
 
 ## Port Scan
 
-See **[Port Scan](/exploit/reconnaissance/port-scan/)** for details.
+See [Port Scan](/exploit/reconnaissance/port-scan/) for details.
 
 <br />
 
 ## Subdomains
 
-See also **[Subdomain Discovery](/exploit/reconnaissance/subdomain-discovery/)**,  **[DNS Pentesting](/exploit/dns/dns-pentesting/)**.
+See also [Subdomain Discovery](/exploit/reconnaissance/subdomain/subdomain-discovery/),  [DNS Pentesting](/exploit/dns/).
 
 ### Google Search
 
 For example, input `site:facebook.com` in the search form. We should see a list of subdomains for the facebook.com.
 
 ### VirusTotal
 
-For example, input “facebook.com” in the search form of the URL section. We shoud see a list of subdomains for the facebook.com in the `RELATIONS` section.
+For example, input "facebook.com" in the search form of the URL section. We shoud see a list of subdomains for the facebook.com in the `RELATIONS` section.
 
 - **Subdomain Takeover**
 
     It allows an adversary to claim and take control of the victim's subdomain.
 
-    Resource: **[OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover)**
+    Resource: [OWASP](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/02-Configuration_and_Deployment_Management_Testing/10-Test_for_Subdomain_Takeover)
 
 <br />
 
@@ -127,7 +127,7 @@ traceroute example.com
 
 - **Nuclei**
 
-    **[Nuclei](https://github.com/projectdiscovery/nuclei)** is a vulnerability scanner based on simple YAML based DSL. 
+    [Nuclei](https://github.com/projectdiscovery/nuclei) is a vulnerability scanner based on simple YAML based DSL. 
 
     ```sh
     nuclei -h
@@ -150,7 +150,7 @@ searchsploit -m windows/remote/42031.py
 searchsploit -m 42031
 ```
 
-**[Exploit-DB](https://www.exploit-db.com/)** is a database of exploits.  
+[Exploit-DB](https://www.exploit-db.com/) is a database of exploits.  
 Find the exploit and download it. For example:
 
 ```sh