# Hints!!

## Forensics

* `eicar` string

```bash
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
```

* Default [\*\*Sudoers \*\*](https://gist.githubusercontent.com/alitoufighi/679304d9585304075ba1ad93f80cce0e/raw/ceb52af51d8ffcb91d37cad26667b68c80a20b04/sudoers)\*\*\*\*

```bash
ls -la sudoers
# Default file size is 755
-rw-r--r-- 1 root root 755 Jul  3 13:55 sudoers
```

* When the server was build ?

```bash
ls -la /etc/ssh/

# Check following file's date
-rw-------   1 root root    505 Jun  5 19:11 ssh_host_ecdsa_key
-rw-r--r--   1 root root    174 Jun  5 19:11 ssh_host_ecdsa_key.pub
-rw-------   1 root root    399 Jun  5 19:11 ssh_host_ed25519_key
-rw-r--r--   1 root root     94 Jun  5 19:11 ssh_host_ed25519_key.pub
-rw-------   1 root root   2602 Jun  5 19:11 ssh_host_rsa_key
-rw-r--r--   1 root root    566 Jun  5 19:11 ssh_host_rsa_key.pub
```

## Default configuration paths

* Tomcat

```bash
# Default path
/opt/tomcat/conf/tomcat-users.xml

# if not; if you have access to shell
ps -ef | less -S #then press '/' to search and type tomcat hit enter.
# or you can visit env variables
env
```

* Windows SAM file

```bash
/Windows/System32/config/SAM
/Windows/System32/config/SYSTEM
```

## File Upload

* HTAccess file

```bash
# Now png file execute as php
echo "RewriteEngine off" > .htaccess
echo "AddType application/x-httpd-php .png" >> .htaccess
```

```bash
## Use double extensions: 
.jpg.php 
## Use reverse double extension:
.php.jpg
## Mix uppercase and lowercase:
.pHp, .pHP5, .PhAr
## Null byte:
.php%00.png, .php\x00.png
## Multiple dots:
file.php......
## Whitespace characters:
file.php%20
## Mime type, change Content-Type :
application/x-php
#or, 
Content-Type : application/octet-stream to Content-Type : image/gif
# Set the Content-Type twice:
```

## Others

* Extract plain text from .doc & .docx files

```bash
unzip -p ftp-details.docx word/document.xml | sed -e 's/<[^>]\{1,\}>//g; s/[^[:print:]]\{1,\}//g'    

docx2txt < input.docx > output.txt 
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://p0db0t.gitbook.io/pentest/other/hints.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.