How I Found a Critical Password Reset Bug in the BB program(...

hacktricks-preprocessor.py

@@ -17,7 +17,7 @@
 logger.addHandler(handler2)
 
 
-def findtitle(search ,obj, key, path=(),):
+def findtitle(search, obj, key, path=()):
     # logger.debug(f"Looking for {search} in {path}")
     if isinstance(obj, dict) and key in obj and obj[key] == search: 
         return obj, path
@@ -54,26 +54,42 @@ def ref(matchobj):
             if href.endswith("/"):
                 href = href+"README.md" # Fix if ref points to a folder
             if "#" in  href:
-                chapter, _path = findtitle(href.split("#")[0], book, "source_path")
-                title = " ".join(href.split("#")[1].split("-")).title()
-                logger.debug(f'Ref has # using title: {title}')
+                result = findtitle(href.split("#")[0], book, "source_path")
+                if result is not None:
+                    chapter, _path = result
+                    title = " ".join(href.split("#")[1].split("-")).title()
+                    logger.debug(f'Ref has # using title: {title}')
+                else:
+                    raise Exception(f"Chapter not found for path: {href.split('#')[0]}")
             else:
-                chapter, _path = findtitle(href, book, "source_path")
-                logger.debug(f'Recursive title search result: {chapter["name"]}')
-                title = chapter['name']
+                result = findtitle(href, book, "source_path")
+                if result is not None:
+                    chapter, _path = result
+                    logger.debug(f'Recursive title search result: {chapter["name"]}')
+                    title = chapter['name']
+                else:
+                    raise Exception(f"Chapter not found for path: {href}")
         except Exception as e:
             dir = path.dirname(current_chapter['source_path'])
             rel_path = path.normpath(path.join(dir,href))
             try:
                 logger.debug(f'Not found chapter title from: {href} -- trying with relative path {rel_path}')
                 if "#" in  href:
-                    chapter, _path = findtitle(path.normpath(path.join(dir,href.split('#')[0])), book, "source_path")
-                    title = " ".join(href.split("#")[1].split("-")).title()
-                    logger.debug(f'Ref has # using title: {title}')
+                    result = findtitle(path.normpath(path.join(dir,href.split('#')[0])), book, "source_path")
+                    if result is not None:
+                        chapter, _path = result
+                        title = " ".join(href.split("#")[1].split("-")).title()
+                        logger.debug(f'Ref has # using title: {title}')
+                    else:
+                        raise Exception(f"Chapter not found for relative path: {path.normpath(path.join(dir,href.split('#')[0]))}")
                 else:
-                    chapter, _path = findtitle(path.normpath(path.join(dir,href.split('#')[0])), book, "source_path")
-                    title = chapter["name"]
-                    logger.debug(f'Recursive title search result: {chapter["name"]}')
+                    result = findtitle(path.normpath(path.join(dir,href)), book, "source_path")
+                    if result is not None:
+                        chapter, _path = result
+                        title = chapter["name"]
+                        logger.debug(f'Recursive title search result: {chapter["name"]}')
+                    else:
+                        raise Exception(f"Chapter not found for relative path: {path.normpath(path.join(dir,href))}")
             except Exception as e:
                 logger.debug(e)
                 logger.error(f'Error getting chapter title: {rel_path}')

src/SUMMARY.md

@@ -80,6 +80,8 @@
   - [Bruteforce hash (few chars)](generic-methodologies-and-resources/python/bruteforce-hash-few-chars.md)
   - [Basic Python](generic-methodologies-and-resources/python/basic-python.md)
 - [Threat Modeling](generic-methodologies-and-resources/threat-modeling.md)
+- [Blockchain & Crypto](blockchain/blockchain-and-crypto-currencies/README.md)
+- [Lua Sandbox Escape](generic-methodologies-and-resources/lua/bypass-lua-sandboxes/README.md)
 
 # 🧙‍♂️ Generic Hacking
 
@@ -234,6 +236,7 @@
 - [Authentication Credentials Uac And Efs](windows-hardening/authentication-credentials-uac-and-efs.md)
 - [Checklist - Local Windows Privilege Escalation](windows-hardening/checklist-windows-privilege-escalation.md)
 - [Windows Local Privilege Escalation](windows-hardening/windows-local-privilege-escalation/README.md)
+  - [Abusing Auto Updaters And Ipc](windows-hardening/windows-local-privilege-escalation/abusing-auto-updaters-and-ipc.md)
   - [Arbitrary Kernel Rw Token Theft](windows-hardening/windows-local-privilege-escalation/arbitrary-kernel-rw-token-theft.md)
   - [Dll Hijacking](windows-hardening/windows-local-privilege-escalation/dll-hijacking.md)
   - [Abusing Tokens](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens.md)
@@ -444,6 +447,7 @@
   - [NextJS](network-services-pentesting/pentesting-web/nextjs.md)
   - [Nginx](network-services-pentesting/pentesting-web/nginx.md)
   - [NodeJS Express](network-services-pentesting/pentesting-web/nodejs-express.md)
+  - [Sitecore](network-services-pentesting/pentesting-web/sitecore/README.md)
   - [PHP Tricks](network-services-pentesting/pentesting-web/php-tricks-esp/README.md)
     - [PHP - Useful Functions & disable_functions/open_basedir bypass](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/README.md)
       - [disable_functions bypass - php-fpm/FastCGI](network-services-pentesting/pentesting-web/php-tricks-esp/php-useful-functions-disable_functions-open_basedir-bypass/disable_functions-bypass-php-fpm-fastcgi.md)
@@ -490,6 +494,7 @@
 - [135, 593 - Pentesting MSRPC](network-services-pentesting/135-pentesting-msrpc.md)
 - [137,138,139 - Pentesting NetBios](network-services-pentesting/137-138-139-pentesting-netbios.md)
 - [139,445 - Pentesting SMB](network-services-pentesting/pentesting-smb/README.md)
+  - [Ksmbd Attack Surface And Fuzzing Syzkaller](network-services-pentesting/pentesting-smb/ksmbd-attack-surface-and-fuzzing-syzkaller.md)
   - [rpcclient enumeration](network-services-pentesting/pentesting-smb/rpcclient-enumeration.md)
 - [143,993 - Pentesting IMAP](network-services-pentesting/pentesting-imap.md)
 - [161,162,10161,10162/udp - Pentesting SNMP](network-services-pentesting/pentesting-snmp/README.md)
@@ -763,7 +768,7 @@
     - [Stack Shellcode - arm64](binary-exploitation/stack-overflow/stack-shellcode/stack-shellcode-arm64.md)
   - [Stack Pivoting - EBP2Ret - EBP chaining](binary-exploitation/stack-overflow/stack-pivoting-ebp2ret-ebp-chaining.md)
   - [Uninitialized Variables](binary-exploitation/stack-overflow/uninitialized-variables.md)
-- [ROP - Return Oriented Programing](binary-exploitation/rop-return-oriented-programing/README.md)
+- [ROP & JOP](binary-exploitation/rop-return-oriented-programing/README.md)
   - [BROP - Blind Return Oriented Programming](binary-exploitation/rop-return-oriented-programing/brop-blind-return-oriented-programming.md)
   - [Ret2csu](binary-exploitation/rop-return-oriented-programing/ret2csu.md)
   - [Ret2dlresolve](binary-exploitation/rop-return-oriented-programing/ret2dlresolve.md)
@@ -782,7 +787,7 @@
   - [Windows Seh Overflow](binary-exploitation/stack-overflow/windows-seh-overflow.md)
 - [Array Indexing](binary-exploitation/array-indexing.md)
 - [Chrome Exploiting](binary-exploitation/chrome-exploiting.md)
-- [Integer Overflow](binary-exploitation/integer-overflow.md)
+- [Integer Overflow](binary-exploitation/integer-overflow-and-underflow.md)
 - [Format Strings](binary-exploitation/format-strings/README.md)
   - [Format Strings - Arbitrary Read Example](binary-exploitation/format-strings/format-strings-arbitrary-read-example.md)
   - [Format Strings Template](binary-exploitation/format-strings/format-strings-template.md)
@@ -832,6 +837,7 @@
   - [WWW2Exec - GOT/PLT](binary-exploitation/arbitrary-write-2-exec/aw2exec-got-plt.md)
   - [WWW2Exec - \_\_malloc_hook & \_\_free_hook](binary-exploitation/arbitrary-write-2-exec/aw2exec-__malloc_hook.md)
 - [Common Exploiting Problems](binary-exploitation/common-exploiting-problems.md)
+- [Linux kernel exploitation - toctou](binary-exploitation/linux-kernel-exploitation/posix-cpu-timers-toctou-cve-2025-38352.md)
 - [Windows Exploiting (Basic Guide - OSCP lvl)](binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md)
 - [iOS Exploiting](binary-exploitation/ios-exploiting.md)
 
@@ -926,13 +932,3 @@
 - [Post Exploitation](todo/post-exploitation.md)
 - [Investment Terms](todo/investment-terms.md)
 - [Cookies Policy](todo/cookies-policy.md)
-
-
-
-  - [Readme](blockchain/blockchain-and-crypto-currencies/README.md)
-  - [Readme](macos-hardening/macos-security-and-privilege-escalation/mac-os-architecture/macos-ipc-inter-process-communication/README.md)
-  - [Readme](network-services-pentesting/1521-1522-1529-pentesting-oracle-listener/README.md)
-  - [Readme](pentesting-web/web-vulnerabilities-methodology/README.md)
-  - [Readme](reversing/cryptographic-algorithms/README.md)
-  - [Readme](reversing/reversing-tools/README.md)
-  - [Readme](windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens/README.md)

src/binary-exploitation/basic-stack-binary-exploitation-methodology/README.md

@@ -27,11 +27,11 @@ With so many techniques it's good to have a scheme when each technique will be u
 There are different was you could end controlling the flow of a program:
 
 - [**Stack Overflows**](../stack-overflow/index.html) overwriting the return pointer from the stack or the EBP -> ESP -> EIP.
-  - Might need to abuse an [**Integer Overflows**](../integer-overflow.md) to cause the overflow
+  - Might need to abuse an [**Integer Overflows**](../integer-overflow-and-underflow.md) to cause the overflow
 - Or via **Arbitrary Writes + Write What Where to Execution**
   - [**Format strings**](../format-strings/index.html)**:** Abuse `printf` to write arbitrary content in arbitrary addresses.
   - [**Array Indexing**](../array-indexing.md): Abuse a poorly designed indexing to be able to control some arrays and get an arbitrary write.
-    - Might need to abuse an [**Integer Overflows**](../integer-overflow.md) to cause the overflow
+    - Might need to abuse an [**Integer Overflows**](../integer-overflow-and-underflow.md) to cause the overflow
   - **bof to WWW via ROP**: Abuse a buffer overflow to construct a ROP and be able to get a WWW.
 
 You can find the **Write What Where to Execution** techniques in: