> For the complete documentation index, see [llms.txt](https://p0db0t.gitbook.io/pentest/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://p0db0t.gitbook.io/pentest/other/hints.md).

# Hints!!

## Forensics

* `eicar` string

```bash
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
```

* Default [\*\*Sudoers \*\*](https://gist.githubusercontent.com/alitoufighi/679304d9585304075ba1ad93f80cce0e/raw/ceb52af51d8ffcb91d37cad26667b68c80a20b04/sudoers)\*\*\*\*

```bash
ls -la sudoers
# Default file size is 755
-rw-r--r-- 1 root root 755 Jul  3 13:55 sudoers
```

* When the server was build ?

```bash
ls -la /etc/ssh/

# Check following file's date
-rw-------   1 root root    505 Jun  5 19:11 ssh_host_ecdsa_key
-rw-r--r--   1 root root    174 Jun  5 19:11 ssh_host_ecdsa_key.pub
-rw-------   1 root root    399 Jun  5 19:11 ssh_host_ed25519_key
-rw-r--r--   1 root root     94 Jun  5 19:11 ssh_host_ed25519_key.pub
-rw-------   1 root root   2602 Jun  5 19:11 ssh_host_rsa_key
-rw-r--r--   1 root root    566 Jun  5 19:11 ssh_host_rsa_key.pub
```

## Default configuration paths

* Tomcat

```bash
# Default path
/opt/tomcat/conf/tomcat-users.xml

# if not; if you have access to shell
ps -ef | less -S #then press '/' to search and type tomcat hit enter.
# or you can visit env variables
env
```

* Windows SAM file

```bash
/Windows/System32/config/SAM
/Windows/System32/config/SYSTEM
```

## File Upload

* HTAccess file

```bash
# Now png file execute as php
echo "RewriteEngine off" > .htaccess
echo "AddType application/x-httpd-php .png" >> .htaccess
```

```bash
## Use double extensions: 
.jpg.php 
## Use reverse double extension:
.php.jpg
## Mix uppercase and lowercase:
.pHp, .pHP5, .PhAr
## Null byte:
.php%00.png, .php\x00.png
## Multiple dots:
file.php......
## Whitespace characters:
file.php%20
## Mime type, change Content-Type :
application/x-php
#or, 
Content-Type : application/octet-stream to Content-Type : image/gif
# Set the Content-Type twice:
```

## Others

* Extract plain text from .doc & .docx files

```bash
unzip -p ftp-details.docx word/document.xml | sed -e 's/<[^>]\{1,\}>//g; s/[^[:print:]]\{1,\}//g'    

docx2txt < input.docx > output.txt 
```
