Saturday, October 30, 2021

[TryHackMe] FireFox Add-ons

 HackBar (Hacking tools)

https://addons.mozilla.org/en-US/firefox/addon/hackbar-free/


Cookie Quick Manager (Manipulate Cookies)

https://addons.mozilla.org/en-US/firefox/addon/cookie-quick-manager/


FoxyProxy (Easily switch Proxy settings)

https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/


User Agent String Switcher (Change Browser's User Agent property)

https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/


Wappalyzer (Find out targets' platforms)

https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/

[TryHackMe] DNS Inspection and Reconnaissance Takeaway

 1) Manual Discovery

whois (whois tryhackme.com)

nslookup (nslookup -type=MX tryhackme.com 8.8.4.4)

dig (dig @8.8.4.4 tryhackme.com MX)


2) Automated Discovery

gobuster (gobuster dns -d DOMAIN -w /usr/share/seclists/Discovery/DNS/namelist.txt)


3) OSINT

DNS Dumpster (https://dnsdumpster.com/)

Shodan (https://www.shodan.io/)

[TryHackMe] Web Security Inspection and Reconnaissance Takeaway

 1) Manual Discovery

Robots.txt

Sitemap.xml

Favicon (https://wiki.owasp.org/index.php/OWASP_favicon_database)

HTTP Header (curl $URL -v)


2) OSINT

Google Hacking

Wappalyzer (https://www.wappalyzer.com/)

WayBackMachine (https://archive.org/web/)

GitHub

S3 Bucket


3) Automated Discovery

Seclists

ffuf (ffuf -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt -u http://URL/FUZZ)

dirb (dirb http://URL/ /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt)

gobuster (gobuster dir -u http://URL/ -w /usr/share/seclists/Discovery/Web-Content/common.txt)

Sunday, October 24, 2021

[wifi][wireless][802.11] Conversion between Monitor Mode and Managed Mode in Kali

 Check the status of wireless adapters:

# iw dev


Turn Managed Mode into Monitor Mode assume the wireless adapter is named wlan1:

# ip link set wlan1 down

# iw wlan1 set monitor control

# ip link set wlan1 up


Turn back to Managed Mode:

# ip link set wlan1 down

# iw wlan1 set type managed

# ip link set wlan1 up

Sunday, October 10, 2021

[Threat Intelligence] Checklist updated on 20211010

 1) Check News related to the company (Use labels)

2) Check Security Advisories sent by US-CERT etc. (Use libraries)

3) Check changes of regulations (such as FFIEC, DFS 500, GLBA, OCC, SWIFT, CHIPS FEDLINE, ISO27001/27002, NIST SP800, FIPS 140-2, PCI-DSS)

4) New vulnerabilities (Use libraries and CVE/Bugtraq)

5) New threats (Use libraries)

6) Data Leakage Investigation (Use Spider and keywords to Dark Web and dark markets)

7) Reputation Investigation (Use Spider and keywords to check forums)

8) Phishing website Investigation

9) Crawl Hacker forums for the company's confidential data

10) Google Hacking to check if there is any web-based backdoor sitting in the company's website

11) Third Party Passive Vulnerability Scan's results (Use Shodan, ZoomEye)

12) Third Party Web Security Scan (Use www.immuniweb.com/websec, ssl lab)

13) Blacklist/SPAM List checking (Use IP ranges and domains)

14) Check if the company's IP addresses are in Botnet lists

15) Check if the company's emails have been compromised (Use https://haveibeenpwned.com/ and https://hacked-emails.com/)

16) Check DNS records (Use domains and IP ranges)

17) Honeypot/Sandbox Analysis

18) Suspicious Traffic Analysis

19) APT groups research (Use ATT&CK, FireEye APT Group, CyberMonitor@GitHub): specify those APTs' targets (e.g. industries and geographies), and see if your organization hits their target scopes

20) IOC search, analysis, and apply (to SIEM, NIDPS, Firewall, Anti-Virus, Anti-SPAM, etc.)

21) Action Plan

Monday, October 4, 2021

[John the Ripper][Password Cracker] John the Ripper


Show all supporting decryption formats:

root@kali:~# john --list=formats


Crack Windows passwords:

root@kali:~# john --wordlist=/usr/share/wordlists/rockyou.txt --format=NT ./windows.txt 


Crack ZIP passwords:

root@kali:~# zip2john ./nmap.zip > ./nmap_zip_hash.txt ; john --wordlist=/usr/share/wordlists/rockyou.txt --format=PKZIP ./nmap_zip_hash.txt


Sunday, October 3, 2021

[eCPPT] Examples of DNS Zone Transfer

#dig @10.50.96.5 foocampus.com -t AXFR +nocookie


#host -t axfr foocampus.com 10.50.96.5

Friday, October 1, 2021

[Hash|MD5|SHA256] Hash Identifier and Cracker

Hash Identifier:

https://hashes.com/en/decrypt/hash


Hash Online Cracker:

https://crackstation.net/


Offline Cracker:

https://www.openwall.com/john/