# PenTest Playbook ## PenTest Handbook of SidThoviti - [Welcome!](https://playbook.sidthoviti.com/welcome.md): Welcome to my Playbook where I take notes. - [Web App Pentesting](https://playbook.sidthoviti.com/web-app-pentesting.md): All about Web Application penetration testing - [SQL Injection](https://playbook.sidthoviti.com/web-app-pentesting/sql-injection.md) - [NoSQL Injection](https://playbook.sidthoviti.com/web-app-pentesting/nosql-injection.md) - [XSS](https://playbook.sidthoviti.com/web-app-pentesting/xss.md) - [CSRF](https://playbook.sidthoviti.com/web-app-pentesting/csrf.md) - [SSRF](https://playbook.sidthoviti.com/web-app-pentesting/ssrf.md) - [XXE](https://playbook.sidthoviti.com/web-app-pentesting/xxe.md) - [IDOR](https://playbook.sidthoviti.com/web-app-pentesting/idor.md) - [SSTI](https://playbook.sidthoviti.com/web-app-pentesting/ssti.md) - [Broken Access Control/Privilege Escalation](https://playbook.sidthoviti.com/web-app-pentesting/broken-access-control-privilege-escalation.md) - [Open Redirect](https://playbook.sidthoviti.com/web-app-pentesting/open-redirect.md) - [File Inclusion](https://playbook.sidthoviti.com/web-app-pentesting/file-inclusion.md) - [File Upload](https://playbook.sidthoviti.com/web-app-pentesting/file-upload.md) - [Insecure Deserialization](https://playbook.sidthoviti.com/web-app-pentesting/insecure-deserialization.md) - [XMLDecoder](https://playbook.sidthoviti.com/web-app-pentesting/insecure-deserialization/xmldecoder.md): XMLDecoder Lab from PentesterLab or NullCon 2016 CTF - [LDAP Injection](https://playbook.sidthoviti.com/web-app-pentesting/ldap-injection.md) - [XPath Injection](https://playbook.sidthoviti.com/web-app-pentesting/xpath-injection.md) - [JWT](https://playbook.sidthoviti.com/web-app-pentesting/jwt.md) - [Parameter Pollution](https://playbook.sidthoviti.com/web-app-pentesting/parameter-pollution.md) - [Prototype Pollution](https://playbook.sidthoviti.com/web-app-pentesting/prototype-pollution.md) - [Race Conditions](https://playbook.sidthoviti.com/web-app-pentesting/race-conditions.md) - [CRLF Injection](https://playbook.sidthoviti.com/web-app-pentesting/crlf-injection.md) - [LaTeX Injection](https://playbook.sidthoviti.com/web-app-pentesting/latex-injection.md) - [CORS Misconfiguration](https://playbook.sidthoviti.com/web-app-pentesting/cors-misconfiguration.md) - [Handy Commands & Payloads](https://playbook.sidthoviti.com/web-app-pentesting/handy-commands-and-payloads.md): Commands and Payloads that I use the most to get the basics covered. - [Active Directory Pentest](https://playbook.sidthoviti.com/active-directory-pentest.md) - [Domain Enumeration](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration.md) - [User Enumeration](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/user-enumeration.md) - [Group Enumeration](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/group-enumeration.md) - [GPO & OU Enumeration](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/gpo-and-ou-enumeration.md) - [ACLs](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/acls.md) - [Trusts](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/trusts.md): Domain Trust Mapping - [User Hunting](https://playbook.sidthoviti.com/active-directory-pentest/domain-enumeration/user-hunting.md) - [Domain Privilege Escalation](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation.md) - [Kerberoast](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberoast.md): Compromise Domain User, request TGS for service account. TGS is encrypted with hashed version of account's password. Offline cracking of service account passwords. - [AS-REP Roast (Kerberoasting)](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberoast/as-rep-roast-kerberoasting.md) - [CRTP Lab 14](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberoast/crtp-lab-14.md) - [Targeted Kerberoasting](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/targeted-kerberoasting.md) - [AS-REP Roast](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/targeted-kerberoasting/as-rep-roast.md) - [Set SPN](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/targeted-kerberoasting/set-spn.md): Once an account has an SPN, it becomes vulnerable to Kerberoasting. - [Kerberos Delegation](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation.md): It allows the "reuse of end-user credentials to access resources hosted on a different server". - [Unconstrained Delegation](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/unconstrained-delegation.md): A machine with unconstrained delegation caches creds of users connecting to it. To capture it these creds,we use Printer Bug which tricks the user to connect to the machine w Unconstrained Delegation. - [CRTP Lab 15](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/unconstrained-delegation/crtp-lab-15.md) - [Constrained Delegation](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/constrained-delegation.md): Domain Admin can allow a computer to impersonate a user or computer against a service of a machine. - [CRTP Lab 16](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/constrained-delegation/crtp-lab-16.md) - [Resource Based Constrained Delegation (RBCD)](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/resource-based-constrained-delegation-rbcd.md): Similar to Constrained Delegation but instead of giving permissions to an object to impersonate any user against a service. RBCD sets in the object who is able to impersonate any user against it. - [CRTP Lab 17](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/kerberos-delegation/resource-based-constrained-delegation-rbcd/crtp-lab-17.md) - [Across Trusts](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts.md) - [Child to Parent (Cross Domain)](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/child-to-parent-cross-domain.md) - [Using Trust Tickets](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/child-to-parent-cross-domain/using-trust-tickets.md) - [CRTP Lab 18](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/child-to-parent-cross-domain/using-trust-tickets/crtp-lab-18.md) - [Using KRBTGT Hash](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/child-to-parent-cross-domain/using-krbtgt-hash.md) - [CRTP Lab 19](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/child-to-parent-cross-domain/using-krbtgt-hash/crtp-lab-19.md) - [Cross Forest](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/cross-forest.md) - [Lab 20](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/cross-forest/lab-20.md) - [AD CS (Across Domain Trusts)](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/ad-cs-across-domain-trusts.md): Active Directory Certificate Services (AD CS) enables use of Public Key Infrastructure (PKI) in active directory forest. - [ESC1](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/ad-cs-across-domain-trusts/esc1.md): Enrollee can request cert for ANY user. - [CRTP Lab 21](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/ad-cs-across-domain-trusts/esc1/crtp-lab-21.md) - [Trust Abuse - MSSQL Servers](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/trust-abuse-mssql-servers.md) - [CRTP Lab 22](https://playbook.sidthoviti.com/active-directory-pentest/domain-privilege-escalation/across-trusts/trust-abuse-mssql-servers/crtp-lab-22.md) - [Lateral Movement](https://playbook.sidthoviti.com/active-directory-pentest/lateral-movement.md) - [PowerShell Remoting](https://playbook.sidthoviti.com/active-directory-pentest/lateral-movement/powershell-remoting.md) - [Extracting Creds, Hashes, Tickets](https://playbook.sidthoviti.com/active-directory-pentest/lateral-movement/extracting-creds-hashes-tickets.md) - [Over-PassTheHash](https://playbook.sidthoviti.com/active-directory-pentest/lateral-movement/over-passthehash.md) - [DCSync](https://playbook.sidthoviti.com/active-directory-pentest/lateral-movement/dcsync.md): DCSync is a technique used to extract credentials from the Domain Controllers. - [Evasion](https://playbook.sidthoviti.com/active-directory-pentest/evasion.md) - [Evasion Cheetsheet](https://playbook.sidthoviti.com/active-directory-pentest/evasion/evasion-cheetsheet.md) - [Persistence](https://playbook.sidthoviti.com/active-directory-pentest/persistence.md) - [Golden Ticket](https://playbook.sidthoviti.com/active-directory-pentest/persistence/golden-ticket.md): A Golden Ticket attack consist of the creating of a legitimate Ticket Granting Ticket (TGT) that impersonates any user through the use of the NTLM hash of the krbtgt account. (Unlimited Access to AD). - [CRTP Lab 8](https://playbook.sidthoviti.com/active-directory-pentest/persistence/golden-ticket/crtp-lab-8.md) - [Silver Ticket](https://playbook.sidthoviti.com/active-directory-pentest/persistence/silver-ticket.md): Unlike Golden Ticket where we forge TGT using krbtgt hash, Silver Ticket attack forges a TGS for a specific service without needing to pwn KDC or krbtgt. We only need the NTLM hash of service account. - [CRTP Lab 9](https://playbook.sidthoviti.com/active-directory-pentest/persistence/silver-ticket/crtp-lab-9.md) - [Diamond Ticket](https://playbook.sidthoviti.com/active-directory-pentest/persistence/diamond-ticket.md) - [CRTP Lab 10](https://playbook.sidthoviti.com/active-directory-pentest/persistence/diamond-ticket/crtp-lab-10.md) - [Skeleton Key](https://playbook.sidthoviti.com/active-directory-pentest/persistence/skeleton-key.md): Skeleton Key attack bypasses AD authentication by injecting a master password into the DC. We can access any user using this master password. - [DSRM](https://playbook.sidthoviti.com/active-directory-pentest/persistence/dsrm.md): If we have admin privileges on a DC, we can dump local admin hash and then activate this local admin user to remotely access it. - [CRTP Lab 11](https://playbook.sidthoviti.com/active-directory-pentest/persistence/dsrm/crtp-lab-11.md) - [Custom SSP](https://playbook.sidthoviti.com/active-directory-pentest/persistence/custom-ssp.md) - [Using ACLs](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls.md) - [AdminSDHolder](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls/adminsdholder.md) - [Rights Abuse](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls/rights-abuse.md) - [CRTP Lab 12](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls/rights-abuse/crtp-lab-12.md) - [Security Descriptors](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls/security-descriptors.md) - [CRTP Lab 13](https://playbook.sidthoviti.com/active-directory-pentest/persistence/using-acls/security-descriptors/crtp-lab-13.md) - [Tools](https://playbook.sidthoviti.com/active-directory-pentest/tools.md) - [PowerShell](https://playbook.sidthoviti.com/active-directory-pentest/powershell.md) - [AI Security](https://playbook.sidthoviti.com/ai-security.md): All things related to breaking and securing AI. - [Red Teaming LLMs](https://playbook.sidthoviti.com/ai-security/red-teaming-llms.md) - [Exploiting Text Completion](https://playbook.sidthoviti.com/ai-security/red-teaming-llms/exploiting-text-completion.md) - [Prompt Injections](https://playbook.sidthoviti.com/ai-security/red-teaming-llms/prompt-injections.md) - [Direct Prompt Injection](https://playbook.sidthoviti.com/ai-security/red-teaming-llms/direct-prompt-injection.md): Directly inject new instruction, attempting to overwrite the initial prompt - [LLM Security Checklist](https://playbook.sidthoviti.com/ai-security/llm-security-checklist.md): A checklist for LLM security inspired by OWASP Top 10 for LLMs (2025) - [GenAI Vision Security Checklist](https://playbook.sidthoviti.com/ai-security/genai-vision-security-checklist.md) - [Questionnaire for AI/ML/GenAI Engineering Teams](https://playbook.sidthoviti.com/ai-security/questionnaire-for-ai-ml-genai-engineering-teams.md): Questionnaire for devs used by sec engineers during walkthroughs of GenAI applications. - [Old Drafts](https://playbook.sidthoviti.com/ai-security/old-drafts.md) - [LLM Security1](https://playbook.sidthoviti.com/ai-security/old-drafts/llm-security1.md): Aligning with Mitre Attack Framework - [LLM Security2](https://playbook.sidthoviti.com/ai-security/old-drafts/llm-security2.md): Checklist for LLM Security - [Network Pentesting](https://playbook.sidthoviti.com/network-pentesting.md): All about Network penetration testing - [Information Gathering](https://playbook.sidthoviti.com/network-pentesting/information-gathering.md) - [Scanning](https://playbook.sidthoviti.com/network-pentesting/scanning.md) - [Port/Service Enumeration](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration.md) - [21 FTP](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/21-ftp.md) - [22 SSH](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/22-ssh.md) - [25, 465, 587 SMTP](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/25-465-587-smtp.md) - [53 DNS](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/53-dns.md) - [80, 443 HTTP/s](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/80-443-http-s.md) - [88 Kerberos](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/88-kerberos.md) - [135, 593 MSRPC](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/135-593-msrpc.md) - [137, 138, 139 NetBios](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/137-138-139-netbios.md) - [139, 445 SMB](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/139-445-smb.md) - [161, 162, 10161, 10162/udp SNMP](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/161-162-10161-10162-udp-snmp.md) - [389, 636, 3268, 3269 LDAP](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/389-636-3268-3269-ldap.md) - [Untitled](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/untitled.md) - [Page 14](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-14.md) - [Page 15](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-15.md) - [Page 16](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-16.md) - [Page 17](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-17.md) - [Page 18](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-18.md) - [Page 19](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-19.md) - [Page 20](https://playbook.sidthoviti.com/network-pentesting/port-service-enumeration/page-20.md) - [Nessus](https://playbook.sidthoviti.com/network-pentesting/nessus.md): Vulnerability Assessment and Management - [Checklist](https://playbook.sidthoviti.com/network-pentesting/checklist.md) - [Mobile Pentesting](https://playbook.sidthoviti.com/mobile-pentesting.md): All about Mobile penetration testing. - [Android](https://playbook.sidthoviti.com/mobile-pentesting/android.md) - [Android PenTest Setup](https://playbook.sidthoviti.com/mobile-pentesting/android/android-pentest-setup.md) - [Tools](https://playbook.sidthoviti.com/mobile-pentesting/android/tools.md) - [iOS](https://playbook.sidthoviti.com/mobile-pentesting/ios.md) - [DevSecOps](https://playbook.sidthoviti.com/devsecops.md): Development, Security, Operations - [Building CI Pipeline](https://playbook.sidthoviti.com/devsecops/building-ci-pipeline.md): Using OWASP Juiceshop and GitLab to build CI Pipeline. - [Threat Modeling](https://playbook.sidthoviti.com/devsecops/threat-modeling.md) - [Secure Coding](https://playbook.sidthoviti.com/devsecops/secure-coding.md) - [Code Review Examples](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples.md): Common Culprits - [Broken Access Control](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/broken-access-control.md) - [Broken Authentication](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/broken-authentication.md) - [Command Injection](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/command-injection.md) - [SQLi](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/sqli.md) - [XSS](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/xss.md) - [XXE](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/xxe.md) - [SSRF](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/ssrf.md) - [SSTI](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/ssti.md) - [CSRF](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/csrf.md) - [Insecure Deserialization](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/insecure-deserialization.md) - [XPath Injection](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/xpath-injection.md) - [LDAP Injection](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/ldap-injection.md) - [Insecure File Uploads](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/insecure-file-uploads.md) - [Path Traversal](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/path-traversal.md) - [LFI](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/lfi.md) - [RFI](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/rfi.md) - [Prototype Pollution](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/prototype-pollution.md) - [Connection String Injection](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/connection-string-injection.md) - [Sensitive Data Exposure](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/sensitive-data-exposure.md) - [Security Misconfigurations](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/security-misconfigurations.md) - [Buffer Overflow](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/buffer-overflow.md) - [Integer Overflow](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/integer-overflow.md) - [Symlink Attack](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/symlink-attack.md) - [Use After Free](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/use-after-free.md) - [Out of Bounds](https://playbook.sidthoviti.com/devsecops/secure-coding/code-review-examples/out-of-bounds.md) - [C/C++ Secure Coding](https://playbook.sidthoviti.com/devsecops/secure-coding/c-c++-secure-coding.md) - [Java/JS Secure Coding](https://playbook.sidthoviti.com/devsecops/secure-coding/java-js-secure-coding.md) - [Python Secure Coding](https://playbook.sidthoviti.com/devsecops/secure-coding/python-secure-coding.md) - [Malware Dev](https://playbook.sidthoviti.com/malware-dev.md) - [Basics - Get detected!](https://playbook.sidthoviti.com/malware-dev/basics-get-detected.md): Executing shellcode with Defender off. - [Not so easy to stage!](https://playbook.sidthoviti.com/malware-dev/not-so-easy-to-stage.md): Host shellcode and download on target and execute. - [Base64 Encode Shellcode](https://playbook.sidthoviti.com/malware-dev/base64-encode-shellcode.md) - [Caesar Cipher (ROT 13) Encrypt Shellcode](https://playbook.sidthoviti.com/malware-dev/caesar-cipher-rot-13-encrypt-shellcode.md) - [XOR Encrypt Shellcode](https://playbook.sidthoviti.com/malware-dev/xor-encrypt-shellcode.md) - [AES Encrypt Shellcode](https://playbook.sidthoviti.com/malware-dev/aes-encrypt-shellcode.md) - [Handy](https://playbook.sidthoviti.com/handy.md) - [Reverse Shells](https://playbook.sidthoviti.com/handy/reverse-shells.md) - [Pivoting](https://playbook.sidthoviti.com/handy/pivoting.md) - [File Transfers](https://playbook.sidthoviti.com/handy/file-transfers.md) - [Tmux](https://playbook.sidthoviti.com/handy/tmux.md) - [Wifi Pentesting](https://playbook.sidthoviti.com/wifi-pentesting.md) - [Monitoring](https://playbook.sidthoviti.com/wifi-pentesting/monitoring.md) - [Cracking](https://playbook.sidthoviti.com/wifi-pentesting/cracking.md) - [Buffer Overflows](https://playbook.sidthoviti.com/buffer-overflows.md) - [Cloud Security](https://playbook.sidthoviti.com/cloud-security.md) - [AWS](https://playbook.sidthoviti.com/cloud-security/aws.md): Amazon Web Services - [GCP](https://playbook.sidthoviti.com/cloud-security/gcp.md): This playbook outlines offensive security techniques in Google Cloud Platform (GCP). It is structured around the red teaming lifecycle: reconnaissance, exploitation, privilege escalation, lateral move - [Azure](https://playbook.sidthoviti.com/cloud-security/azure.md): This playbook provides red teaming methodology for Azure environments. It covers: Azure cloud fundamentals, enumeration and exploitation techniques, real-world CTF-style scenarios, commands and tools - [Container Security](https://playbook.sidthoviti.com/container-security.md) - [Todo](https://playbook.sidthoviti.com/todo.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://playbook.sidthoviti.com/welcome.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.