PickleRick
Rick And Morty username: R1ckRul3s Found in Website Inspection. ssh - Not Required follow Burpsuite POST Method Gobuster Command gobuster dir -u http://$MACHINE_IP-w /root/Desktop/Tools/wordlists/dirbuster/directory-list-2.3-medium.txt $MACHINE_IP-x .php, .txt, .py .html, .js Result /login.php (Status: 200) /assets (Status: 301) /portal.php (Status: 302) /denied.php (Status: 302) /server-status (Status: 403) BurpSuite Login command POST /login.php HTTP/1.1 Host: $MACHINE_IP User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 54 Origin: http://$MACHINE_IP Connection: close Referer: http://$MACHINE_IP/login....
First React App and How it Works
When you create a new React app using create-react-app, the initial file structure looks like this: my-app/ README.md node_modules/ package.json .gitignore public/ favicon.ico index.html logo192.png logo512.png manifest.json robots.txt src/ App.css App.js App.test.js index.css index.js logo.svg reportWebVitals.js setupTests.js Here’s a brief explanation of each file and folder: README.md: This file contains instructions on how to set up and run the React app, as well as details about the project and its features....
TryHackMe Junior Pentest Certificate
Certificate Link
Windows Privilege Escalation Commands
Poweshell History type %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt Saved Windows Credentials cmdkey /list runas /savecred /user:admin cmd.exe IIS Config type C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config | findstr connectionString Retrieve Credentials from Software: PuTTY reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\ /f "Proxy" /s
Usefull Links
Reverse Shell Cheatsheet Linux Privilege Escalation Tools - GTFOBins
Vulnhub Kioptrix Walkthrough Part 2
Default username: John Default Password: TwoCows2 NIKTO `Web Vulneribility Scanner` nikto -h target ip* i.e nikto -host url Findings Outdated Applications - Google common exploits for given Version Apache mod_ssl openssl mod_ssl vulnerable to a remote buffer overflow Little bit of Directory Busting DIRBUSTER Directory Busting / Finding Folders ALternatives: gobuster, dirb, ferox boster dirbuster& insert target url on Target URL section Check ‘Go Faster’ Check List based brute force Click browse, navigate to /usr/share/wordlists/dirbuster/ Select a list File extension: php,txt,zip choose the extension you want to look for Note: more extension more time START Tip: Dir Scan takes a while....
Vulnhub Kioptrix Walkthrough Part 1
Default username: John Default Password: TwoCows2 Tips: Save your all Scans in text/image for future use Lets find our IP Start Virtual Machine ping 8.8.8.8 in your main OS terminal, this will give us ip of our target machine Now go to your main machine Kali run sudo arp-scan -l This will give us IP address - Mac Address and Vendor We are looking for our matching IP. or Azureware/VMware...
Installing VMware and Vulnhub Kioptrix
So our Journey of Hack starts here. We are going to install VMware to run our Vulnerable Machine Kioptrix. Download VMware or Virtual Box Download Kioptrix a ready made Vulnerable Machine provided by TCM-SEC from Vulnhub Now Import downloaded VM Image on your virtual engine. - Open - Default Username: john - Default password: TwoCows2
Reconnaissance Part 2
OSINT Open Source Intelligence Email OSINT Email Discovery hunter.io phonebook.cz voilanorbert.com Clearbit - Chromium Plugin tools.verifyemailaddress.io (Verify Email Address) Use Forgot Password to tie email accounts. In this way a recovery email can be tied to another email address. Password OSINT Credentials Stuffing Automate Prevoiusly found username & Passwords Dehashed Hunting Breached Credentials with DeHashed Find Subdomains *.domain.com Sublist3r python3 sublist3r.py -d domain.com Owasp Tomnomnom Build and Frameworks Know how website is built builtwith....
Reconnaissance Part 1
Passive Reconnaissance Physical Location Satellite Images Drone Recon Building Layouts, etc. Social Job Information Employees Name, Job, Title, Manager Name Picture Badge Picture Desk Photos Computer Photos Web/Host Target Validation Whois nslookup dnsrecon Finding Subdomains Google Fu dig nmap sublist3r bluto crt.sh Fingerprinting Finding what is used on the app. nmap wappalyzer WhatWeb BuiltWith Wetcat Data Breaches haveibeenpwned Breach-Parse weleakinfo