Jump to content
×
×
  • Create New...

Search the Community

Showing results for tags 'red-team'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • HOME
    • Shell_Meet
    • Shell_Talk
    • Board Meet
    • Announcements and Updates
    • Shell_Update
    • Pending Approvals
    • Member Introductions
    • Shell_Crew Support
  • HACKING & EXPLOITATION
    • Ctf Updates & Walkthroughs
    • Latest CVE-Info
    • Android/IOS Pentesting
    • Reverse Engineering
    • IoT Exploitation
    • Malware Analysis
    • API Pentesting
    • Cloud Security
    • Off-topic Lounge
  • CAREER
    • Internships
    • Career Discussion
    • Mentorship
    • Career Guidance
  • BUG BOUNTY
    • P5 (Informational Bugs)
    • P4 (Low-Level Bugs)
    • P3-P2 (High-Level Bugs)
    • P2-P1 (Critical Bugs)
    • Vulnerability Chaining
    • Report Writing
    • Personal Hunting Methodology
  • PROGRAMMING
    • Front-End Development
    • Scripting
    • Backend-Development
    • Application Development
    • Linux Kernel and OS Developers
    • Hardware Programming
    • DevOps
    • Queries Assessment
  • PROFESSIONAL CYBERSEC
    • Penetration Testing (Risk Assessment)
    • Red Teaming (Risk Assessment)
    • Blue Teaming (Risk Assessment)
    • Exploit Development (Risk Assessment)
    • OSINT-External and Internal (Threat Intelligence)
    • IOC (Threat Intelligence)
    • Awareness (Reinforcement)
    • Digital Forensics (Security Operations)
    • SOC & SIEM
  • Bug-Hunters's Resources
  • Open Source Contribution's Topics
  • Pentesting's Resources
  • SDR & AutoMobile Pentesting's Topics
  • Networking's Topics
  • Networking's Network Resources

Blogs

  • Open Source Contribution's Blogs

Categories

  • Bug-Hunt
  • Penetration Testing
  • Blue-Teaming

Product Groups

There are no results to display.

Categories

  • Pentesting
  • Bug-POC Videos
  • CTF-Walkthrough
  • Scripting
  • Bug-Hunters's Videos
  • SDR & AutoMobile Pentesting's Videos
  • Networking's Videos

Categories

  • Pentesting
  • Bug-Hunting
  • SDR & AutoMobile Pentesting's Tutorials

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 4 results

  1. Hello Researchers, Let's Just Quickly Talk About our Topic What is Recon ? Recon or Reconnaissance is the technique or a procedure used in information security to determine about our target, Generally during a pen test or during any boot-to-root style capture the flag, reconnaissance is the basic thing to do. Now in this post I'll be sharing some of my own techniques I use during a recon. PORT SCANNING Port scanning is the basic thing to do during reconnaissance but we are not going to talk about some basic tools and techniques for scanning ports, if you want really quick results and you don't have to waste time on your initial step even with very low specs do this (by the way I'm nmap user) cool kids using rust and mass these days but yeah NMAP is better overall according to me. Now, what I generally do, I just do a basic scan with simple argument [email protected]:~ nmap 192.168.xx.xx now it'll result us back basic result of open ports but here to work on, but here's a catch that nmap only look for initial 10,000 ports by default, after getting few ports to look back we can do one more step to get things done quickly [email protected]:~ nmap -p- -v 192.168.xx.xx "-p-" argument let us have full port scan over 65,535 ports and "-v" argument stands for verbose so it will display ports as it finds them. Most of people do a mistake that they use "min-rate" argument to get results fast but sometimes it could skip some ports and that leads to a massive lost as a pen tester. Now after you've this result displayed on your screen and if you need proper scan for your report or for your notes you can do one thing [email protected]:~ nmap -sC -sV -pxx,xx,xxxx,xxx, 192.168.xx.xx by using "-p" argument it will only scan for given ports. Directory Enumeration and Fuzzing Let's Suppose we've a http server running on our target machine or server and we've a website to test on, For Directory Busting I use Gobuster and with SecLists it become very dangerous because SecLists is the thing which have collection of massive wordlists specific for directory enumeration, I use my some common sense and webapplizer to expose technology used for the website like php, So let's have a example [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words-lowercase.txt -u http://normalweb.net -x php Now why do i use "raft-small-words" is just because it contain .git and big.txt doesn't have that, now if i found .git I could use Git Dumper and so much interesting depends on how you use your approach to test your target. this was just a basic approach but mostly people skip a really important step they enumerate that parent directory they working on for example if you got something like "sources" they'll just left it behind and I really did this mistake million times and I regret most of the time so in my opinion don't skip anything [email protected]:~ gobuster dir -w /opt/SecLists/Discovery/Web-Content/raft-small-words.txt -u http://normalweb.net/sources Now's let's talk about fuzzing little bit, Fuzzing is the really important step that most of people skip but whenever if you lands on some kind of dead end like 404 not found and 301 forbidden make sure to fuzz the path once before making a regret because it happened to me mostly during ctfs, when I skip fuzzing. I really like wfuzz for the fuzzing also I'll advice to use wfuzz it is really easy to use. [email protected]:~ wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt --hc 404 http://192.168.x.xx/FUZZ So don't do these mistake or bang your head on the wall. Looking For Basic Vulnerabilities Now this is very common mistake and this mistake can make us distracted, whenever you find a website always to try to connect things like check the web socket requests that used for chat (they mostly vulnerable to blind sql injection) and also look for some kind of input field to do some kind cross site scripting and try all kind of Injection like ssti and xxe. If i look for web i mostly check all the owasp top 10 and also sans top 25, also don't forget to check the url because we can have some type lfi or IDOR. Heyy this is not the end just enough for part 1, we'll be back and start our topic from where we've left today. Catch me on my socials :- YouTube , Instagram
  2. 🔰Penetration Testing🔰 Penetration Testing is a method that many companies follow in order to minimize their security breaches. This is a controlled way of hiring a professional who will try to hack your system and show you the loopholes that you should fix. Before doing a penetration test, it is mandatory to have an agreement that will explicitly mention the following parameters − >what will be the time of penetration test, >where will be the IP source of the attack, and >what will be the penetration fields of the system. Penetration testing is conducted by professional ethical hackers who mainly use commercial, open-source tools, automate tools and manual checks. There are no restrictions; the most important objective here is to uncover as many security flaws as possible. ⭕️Types of Penetration Testing 1️⃣Black Box − Here, the ethical hacker doesn’t have any information regarding the infrastructure or the network of the organization that he is trying to penetrate. In black-box penetration testing, the hacker tries to find the information by his own means. 2️⃣Grey Box − It is a type of penetration testing where the ethical hacker has a partial knowledge of the infrastructure, like its domain name server. 3️⃣White Box − In white-box penetration testing, the ethical hacker is provided with all the necessary information about the infrastructure and the network of the organization that he needs to penetrate. 4️⃣External Penetration Testing − This type of penetration testing mainly focuses on network infrastructure or servers and their software operating under the infrastructure. In this case, the ethical hacker tries the attack using public networks through the Internet. The hacker attempts to hack the company infrastructure by attacking their webpages, webservers, public DNS servers, etc. 5️⃣Internal Penetration Testing − In this type of penetration testing, the ethical hacker is inside the network of the company and conducts his tests from there. Penetration testing can also cause problems such as system malfunctioning, system crashing, or data loss. Therefore, a company should take calculated risks before going ahead with penetration testing. The risk is calculated as follows and it is a management risk. ‼️ Share and support us ‼️
  3. 👨🏻‍💻 List of some attacks specially for web applications 👨🏻‍💻 [+] Sql Injection Attack [+] Hibernate Query Language Injection [+] Direct OS Code Injection [+] XML Entity Injection [+] Broken Authentication and Session Management [+] Cross-Site Scripting (XSS) [+] Insecure Direct Object References [+] Security Misapplication [+] Sensitive Data Exposure [+] Missing Function Level Access Control [+] Cross-Site Request Forgery (CSRF) [+] Using Components with Known Vulnerabilities [+] Unvalidated Redirects and Forwards [+] Cross Site Scripting Attacks [+] Click Jacking Attacks [+] DNS Cache Poisoning [+] Symlinking – An Insider Attack [+] Cross Site Request Forgery Attacks [+] Remote Code Execution Attacks [+] Remote File inclusion [+] Local file inclusion [+] EverCookie [+] Denial oF Service Attack [+] Cookie Eviction [+] PHPwn [+] NAT Pinning [+] XSHM [+] MitM DNS Rebinding SSL/TLS Wildcards and XSS [+] Quick Proxy Detection [+] Improving HTTPS Side Channel Attacks [+] Side Channel Attacks in SSL [+] Turning XSS into Clickjacking [+] Bypassing CSRF protections with Click Jacking and [+] HTTP Parameter Pollution [+] URL Hijacking [+] Stroke Jacking [+] Fooling B64_Encode(Payload) on WAFs And Filters [+] MySQL Stacked Queries with SQL Injection. [+] Posting Raw XML cross-domain [+] Generic Cross-Browser Cross-Domain theft [+] Attacking HTTPS with Cache Injection [+] Tap Jacking [+] XSS - Track [+] Next Generation Click Jacking [+] XSSing Client-Side Dynamic HTML. [+] Stroke triggered XSS and Stroke Jacking [+] Lost iN Translation [+] Persistent Cross Interface Attacks [+] Chronofeit Phishing [+] SQLi Filter Evasion Cheat Sheet (MySQL) [+] Tabnabbing [+] UI Redressing [+] Cookie Poisoning [+] SSRF [+] Bruteforce of PHPSESSID [+] Blended Threats and JavaScript [+] Cross-Site Port Attacks [+] CAPTCHA Re-Riding Attack Web Application Attacks List : Arbitrary file access Binary planting Blind SQL Injection Blind XPath Injection Brute force attack Buffer overflow attack Cache Poisoning Cash Overflow Clickjacking Command injection attacks Comment Injection Attack Content Security Policy Content Spoofing Credential stuffing Cross Frame Scripting Cross Site History Manipulation (XSHM) Cross Site Tracing Cross-Site Request Forgery (CSRF) Cross Site Port Attack (XSPA) Cross-Site Scripting (XSS) Cross-User Defacement Custom Special Character Injection Denial of Service Direct Dynamic Code Evaluation (‘Eval Injection’) Execution After Redirect (EAR) Exploitation of CORS Forced browsing Form action hijacking Format string attack Full Path Disclosure Function Injection Host Header injection HTTP Response Splitting HTTP verb tampering HTML injection LDAP injection Log Injection Man-in-the-browser attack Man-in-the-middle attack Mobile code: invoking untrusted mobile code Mobile code: non-final public field Mobile code: object hijack One-Click Attack Parameter Delimiter Page takeover Path Traversal Reflected DOM Injection Regular expression Denial of Service – ReDoS Repudiation Attack Resource Injection Server-Side Includes (SSI) Injection Session fixation Session hijacking attack Session Prediction Setting Manipulation Special Element Injection SMTP injection SQL Injection SSI injection Traffic flood Web Parameter Tampering XPATH Injection XSRF or SSR So on the basis of attack type you can look for the public resources available out there and can try your luck out!!. But in our forum we will try to cover out and will update you guys on all latest attack scenarios as much as possible. So keep hustling, keep learning.
  4. Like always HackTheBox has announced another medium difficulty Machine on this Saturday, ------------------------------------ Pit will be retired very soon, from my experience pit was really great box in learning cuz I learn a lot from pit.