📔
Cyber Security Notes
  • Introduction
  • CVEs
    • CVE-2022-33106
  • Paper Reviews
    • Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • Security Basics Notes
    • Identification, Authentication and Authorization
  • Enumeration and Initial Compromise
    • Methodology
    • Footprinting
    • Network Protocols
      • FTP
      • SMB
      • DNS
      • NFS
      • SMTP
      • IMAP/POP3
      • SNMP
      • MySQL
      • MSSQL
      • Oracle TNS
      • IPMI
    • Nifty One Liners
    • Brute-Force Web Pages
      • Hydra
    • Network Pentest
      • Quick SMB cheatsheet
      • SSH keypair basics
      • Compromise using SSH Key
      • Networking fundamentals Interview topics
      • nmap quick cheatsheet
    • Web Pentest
      • Web Pentest Interview top topics
      • Wordpress Exploitation
      • Joomla Exploitation
      • Login Bypass using Cookie Tampering/Poisoning
      • Subdomain Enumeration
      • CSRF mitigation
      • XSS mitigation
      • CSP bypass with JSONP
      • PHP Vulnerabilities
      • Python Serialization Vulnerabilities - Pickle
      • SQL Injections
      • SSTI
      • XSS
    • Buffer Overflow Prep
      • Understanding CPUs
      • Virtual Memory and Paging
      • Syscalls
      • Theorem Proving
      • Stripping readable function names
      • Insecure C functions
      • Stack Canaries
      • Linking - GOT,PLT
      • Return Oriented Programming
    • Active Directory - Basics
      • AD DS
      • Managing OUs
      • Group Policies
      • Authentications
      • Trees, Forests and Trusts
      • Kerberos
      • Attacking Kerberos
      • Priv Esc (Post Exploitation)
    • DNS/Domain Enum Masterguide
  • Post Exploitation
    • Shell Escape Techniques
    • Getting stable shell after compromise
    • Linux Privilege Escalation
      • Sudoers file
      • Sudoers entry - Yum
      • Wildcards - Basics
      • Wildcards - Chown
      • Wildcards - Tar
      • Linux Permissions & SUID/SGID/Sticky Bit
      • SUID - nmap
      • SUID - bash
      • SUID - man
      • NFS no_root_squash
      • SUID - pkexec
      • Bad permissions
    • Windows Privilege Escalation
      • SeImpersonatePrivilege Token Impersonation
      • Firefox Creds
      • Potatoes
      • Print Spooler Basics
      • Print Spooler CVE 2020-1030
      • SpoolFool
    • Data Exfiltration Post Exploitation
  • Port Forwarding Cheatsheet
  • Powershell Essentials
    • Powershell Basics
    • Powershell Enumeration
    • Powershell Port Scanner
    • Powershell One Liner Port Scanning
    • Powershell Port Scan in a given CIDR
  • Application Security
    • System Calls in Linux
    • Buffer Overflow Defenses
    • Format string vulnerabilities
    • Sample Github Actions
    • Basic Bugs in Demo Application
    • Using AFL++
  • Linux 64-bit Assembly
    • GDB Basics
      • My relevant GDB cheatsheet
      • Task 1 - Tamper strcmp logic
      • Breakpoints
      • Always starting with intel flavor
      • GDB TUI Mode
    • Basic Hello World Program
    • Registers in 64-bit
    • global directive
    • Reducing instructions and Removing NULL-> Optimizing memory in Assembly
    • Data Types
    • Endianness
    • Moving Data
    • push, pop, and the stack
    • Analysis - Writing data on memory location and referencing
    • Arithmetic Operations
    • Bitwise Logical Operations
    • Bit-Shifting Operations
    • Control Instructions
    • Loops
    • Procedures
    • Stack-Frames and Procedures
    • String Operations
    • Shellcoding basics
      • Introduction and Common Rules
      • Basic Shellcodes->Exit
      • Testing shellcode->Skeleton Code
      • Techniques-> JMP,CALL,POP
      • Techniques-> Stack
      • Techniques-> (64-bit only) RIP Relative Addressing
      • Shellcode 1 -> execve(/bin/sh) STACK PUSH
      • Shellcode 1 -> execve(/bin/sh) JMP CALL POP
      • Techniques-> XOR-Encoder
  • Cloud Security
    • Foundational Technology
    • Learning Through Project Omega
    • IAM Primer
      • Deep dive into IAM - Part 1
    • Amazon S3
    • Risk Management & Data Controls
    • Enumeration
      • S3 - Enum Basics - PwnedLabs
      • S3 - Identify the AWS Account ID from a Public S3 Bucket
      • EBS - Loot Public EBS Volumes
      • S3- Exploit Weak Bucket Policies for Privileged Access
  • API Security
    • WSDL
  • Reverse Engineering
    • Some string Operations
    • Numbers and Inputs
    • Address inputs
    • Recursive Function
    • Crackme: level1
    • Crackme: level2
    • CTF: Memory Dereferencing
    • CTF: Monty Python
  • CTF Challenge Learnings
    • vsCTF 2024
      • Sanity Check
      • not-quite-caesar
      • Intro to reversing
    • NCL Individual 2024
      • Web Challenges
        • PiratePals
        • Pierre's Store
    • Pico CTF 2024
      • Web Exploitation
        • Bookmarklet
        • WebDecode
        • Unminify
        • Trickster
      • General Skills
        • Commitment Issues
        • Time Machine
        • Blame Game
        • Collaborative Development
        • Binary Search
        • Dont-you-love-banners
    • Sunshine CTF
      • Knowledge Repository
    • Amazon WiCys CTF
      • I am Lazy
      • Password Locker on the Web
      • Happy Birthday Card Generator
      • Bloggergate
      • simple offer
      • Bad Actor
      • Secret Server
      • Simple PCAP
      • Hidden Message
    • C code using getenv()
    • Command Injection with filter
    • Pwning
      • Shoddy_CMP
      • PLT_PlayIT
  • Applied Cryptography
    • Linear Congruential Generator
  • Tools for everything
Powered by GitBook
On this page
  • Hacktricks
  • Cloud Hacktricks
  • Payloads
  • Enumeration
  • Privilege Escalation
  • Playgrounds
  • Terminal improvements (coz, eh, default— eh!)
  • Videos/Channels I refer to

Was this helpful?

Tools for everything

PreviousLinear Congruential Generator

Last updated 5 days ago

Was this helpful?

Hacktricks

Cloud Hacktricks

Payloads

  1. Payload all the things (Web and API pentest) : https://swisskyrepo.github.io/PayloadsAllTheThings/

  2. Internet all the things (Cheetsheets for internal and AD pentest): https://swisskyrepo.github.io/InternalAllTheThings/

Enumeration

  1. subdomain finder - https://crt.sh/ Can be invoked using curl: 

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq .

    To sort out unique subdomains: 

    curl -s https://crt.sh/\?q\=inlanefreight.com\&output\=json | jq . | grep name | cut -d":" -f2 | grep -v "CN=" | cut -d'"' -f2 | awk '{gsub(/\\n/,"\n");}1;' | sort -u

Privilege Escalation

  1. Linux:

    1. LinEnum: https://github.com/rebootuser/LinEnum

    2. linpeas.sh: curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh

    3. linuxprivchecker (python script for linux enumeration): https://github.com/sleventyeleven/linuxprivchecker

    4. Linux priv esc checklist: https://book.hacktricks.wiki/en/linux-hardening/linux-privilege-escalation-checklist.html

    5. https://gtfobins.github.io/

  2. Windows:

    1. winpeas: https://github.com/peass-ng/PEASS-ng/tree/master/winPEAS

    2. Windows priv esc checklist: https://book.hacktricks.wiki/en/windows-hardening/checklist-windows-privilege-escalation.html

    3. Seatbelt (C# code): https://github.com/GhostPack/Seatbelt

    4. JAWS (powershell): https://github.com/411Hall/JAWS

    5. https://lolbas-project.github.io/#

Playgrounds

  1. OWASP Juice Shop - Modern web app based on node.js, angular etc with OWASP Top 10: https://owasp.org/www-project-juice-shop/

  2. DVWA - Damn Vulnerable Web Application - Older web app for legacy attacks: https://github.com/digininja/DVWA

  3. Metasploitable3 - Upgraded metasploitable2 version: https://github.com/rapid7/metasploitable3

  4. Portswigger web academy - https://portswigger.net/web-security

  5. Under and Over the wire - For Linux command line and windows powershell mastery https://underthewire.tech/wargames https://overthewire.org/wargames/

Terminal improvements (coz, eh, default— eh!)

  1. tmux - https://github.com/tmux/tmux

    1. Small tmux cheatsheet -

    2. CTRL + B (Hereby referred to as the prefix)

    3. prefix + shift + % (Open a new terminal vertically side by side)

    4. prefix + shift + " (Open a new terminal horizontally downwards)

    5. prefix + arrow buttons <up/down/left/right> (interact with a specific terminal window)

    6. prefix + c (new terminal tab)

    7. prefix + <number> (go to a particular terminal tab)

    8. prefix + shift + <number> (Create a new terminal <tab number> and send a terminal window to a particular terminal tab)

Videos/Channels I refer to

  1. Old retired HTb boxes - Ippsec

  1. John Hammond

  1. Rana Khalil - Portswigger videos explanation

LogoAWS Pentesting - HackTricks Cloud
LogoIppSecYouTube
LogoJohn HammondYouTube
LogoRana KhalilYouTube
LogoHackTricks - HackTricks