Jump to content
×
×
  • Create New...

Search the Community

Showing results for tags 'pwn'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • HOME
    • Shell_Meet
    • Shell_Talk
    • Board Meet
    • Announcements and Updates
    • Shell_Update
    • Pending Approvals
    • Member Introductions
    • Shell_Crew Support
  • HACKING & EXPLOITATION
    • Ctf Updates & Walkthroughs
    • Latest CVE-Info
    • Android/IOS Pentesting
    • Reverse Engineering
    • IoT Exploitation
    • Malware Analysis
    • API Pentesting
    • Cloud Security
    • Off-topic Lounge
  • CAREER
    • Internships
    • Career Discussion
    • Mentorship
    • Career Guidance
  • BUG BOUNTY
    • P5 (Informational Bugs)
    • P4 (Low-Level Bugs)
    • P3-P2 (High-Level Bugs)
    • P2-P1 (Critical Bugs)
    • Vulnerability Chaining
    • Report Writing
    • Personal Hunting Methodology
  • PROGRAMMING
    • Front-End Development
    • Scripting
    • Backend-Development
    • Application Development
    • Linux Kernel and OS Developers
    • Hardware Programming
    • DevOps
    • Queries Assessment
  • PROFESSIONAL CYBERSEC
    • Penetration Testing (Risk Assessment)
    • Red Teaming (Risk Assessment)
    • Blue Teaming (Risk Assessment)
    • Exploit Development (Risk Assessment)
    • OSINT-External and Internal (Threat Intelligence)
    • IOC (Threat Intelligence)
    • Awareness (Reinforcement)
    • Digital Forensics (Security Operations)
    • SOC & SIEM
  • Bug-Hunters's Resources
  • Open Source Contribution's Topics
  • Pentesting's Resources
  • SDR & AutoMobile Pentesting's Topics
  • Networking's Topics
  • Networking's Network Resources

Blogs

  • Open Source Contribution's Blogs

Categories

  • Bug-Hunt
  • Penetration Testing
  • Blue-Teaming

Product Groups

There are no results to display.

Categories

  • Pentesting
  • Bug-POC Videos
  • CTF-Walkthrough
  • Scripting
  • Bug-Hunters's Videos
  • SDR & AutoMobile Pentesting's Videos
  • Networking's Videos

Categories

  • Pentesting
  • Bug-Hunting
  • SDR & AutoMobile Pentesting's Tutorials

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 2 results

  1. Hello Researchers, Let's Just Quickly Talk About our Topic What is Recon ? Recon or Reconnaissance is the technique or a procedure used in information security to determine about our target, Generally during a pen test or during any boot-to-root style capture the flag, reconnaissance is the basic thing to do. Now in this post I'll be sharing some of my own techniques I use during a recon. PORT SCANNING Port scanning is the basic thing to do during reconnaissance but we are not going to talk about some basic tools and techniques for scanning ports, if you want really quick results and you don't have to waste time on your initial step even with very low specs do this (by the way I'm nmap user) cool kids using rust and mass these days but yeah NMAP is better overall according to me. Now, what I generally do, I just do a basic scan with simple argument [email protected]:~ nmap 192.168.xx.xx now it'll result us back basic result of open ports but here to work on, but here's a catch that nmap only look for initial 10,000 ports by default, after getting few ports to look back we can do one more step to get things done quickly [email protected]:~ nmap -p- -v 192.168.xx.xx "-p-" argument let us have full port scan over 65,535 ports and "-v" argument stands for verbose so it will display ports as it finds them. Most of people do a mistake that they use "min-rate" argument to get results fast but sometimes it could skip some ports and that leads to a massive lost as a pen tester. Now after you've this result displayed on your screen and if you need proper scan for your report or for your notes you can do one thing [email protected]:~ nmap -sC -sV -pxx,xx,xxxx,xxx, 192.168.xx.xx by using "-p" argument it will only scan for given ports. Directory Enumeration and Fuzzing Let's Suppose we've a http server running on our target machine or server and we've a website to test on, For Directory Busting I use Gobuster and with SecLists it become very dangerous because SecLists is the thing which have collection of massive wordlists specific for directory enumeration, I use my some common sense and webapplizer to expose technology used for the website like php, So let's have a example [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words-lowercase.txt -u http://normalweb.net -x php Now why do i use "raft-small-words" is just because it contain .git and big.txt doesn't have that, now if i found .git I could use Git Dumper and so much interesting depends on how you use your approach to test your target. this was just a basic approach but mostly people skip a really important step they enumerate that parent directory they working on for example if you got something like "sources" they'll just left it behind and I really did this mistake million times and I regret most of the time so in my opinion don't skip anything [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://normalweb.net/sources Now's let's talk about fuzzing little bit, Fuzzing is the really important step that most of people skip but whenever if you lands on some kind of dead end like 404 not found and 301 forbidden make sure to fuzz the path once before making a regret because it happened to me mostly during ctfs, when I skip fuzzing. I really like wfuzz for the fuzzing also I'll advice to use wfuzz it is really easy to use. [email protected]:~ wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.x.xx/FUZZ So don't do these mistake or bang your head on the wall. Looking For Basic Vulnerabilities Now this is very common mistake and this mistake can make us distracted, whenever you find a website always to try to connect things like check the web socket requests that used for chat (they mostly vulnerable to blind sql injection) and also look for some kind of input field to do some kind cross site scripting and try all kind of Injection like ssti and xxe. If i look for web i mostly check all the owasp top 10 and also sans top 25, also don't forget to check the url because we can have some type lfi or IDOR. Heyy this is not the end just enough for part 1, we'll be back and start our topic from where we've left today. Catch me on my socials :- YouTube , Instagram
  2. Prerequisite :- Basic knowledge about Linux and Understanding of some code 🙂 So let's start.... What are Executables ? So let's understand the concept of executables, these files are run as a process in an operating system for example ELF which stands for executable and linkable file format these files are kind of similar to windows EXE files. Let's Take a example of basic hello world program in C Language. #include <stdio.h> int main() { printf("Hello World\n"); return 0; } OUTPUT - Now if this peace of code will not run, we've to compile it to make it executable in order to run the program. GCC is a very good C compiler but it doesn't covert the C Code into executable directly. it consists few process like generation of assembly code, object files and link them etc before producing the final executable product. Executable and Linkable File Format (ELF) - ELF File is basically a binary file and we know that. it is made up of some binary chunks like headers, sections, seqments etc..., header contains the meta information that helps the process of execution. Sections are other part of binary data that server specific purposes for example .text section has the code that needs to be executed and .data section contains initialized variable values. When the ELF file got executed it became process and the process has its own memory, their all the sections get mapped onto and there are some data structure that's also get allocated to the memory for this program to run like stacks, In binary exploitation we'll attack stack but now just remember that each process have some memory space and it follows some kind of layout. each of these instructions are read from the .text section and executed by the cpu because it has the code to be executed as we've talked about this earlier in the post. Looking into ELF - I've written this basic C code that takes input to the user and output it. #include<stdio.h> void main() { char name[20]; printf("Enter Your Name : "); scanf("%s",&name); printf("Your name is : %s", name); getch(); } OUTPUT - Now as you can read the code it will take your name and print on the screen after the compilation. what if we run strings on the executable files, let me give you a short introduction about strings. this is just a program which reads the file and output human readable format. you can use the following command to check this by yourself - strings main.exe Strings of an exe file can be seen via following command In our case i found the word hello after running the command that we used to print out the message. if you want to see the hexadecimal dump you can do with xxd. there is also a tool called readelf that will parse the binary and give information. Readelf break down of an exe compled C Program Hope you'll like my post and for more connecting me on social media you can check the given links and i'll try to post more threats like this one Enjoy !!! Youtube :- www.youtube.com/techsolutionhindi Instagram :- www.instagram.com/tech.solutionhindi