Next entry of Technique, Tool and Lecture! Every hackers TLC
Category: Technique Tool and Lecture
Technique Tool and Lecture #10
Next entry of Tecnique Tool and lecture aka every hacker's TLC!
Technique, Tool and Lecture #9
Technique: Basic one liner to clean masscan output cat masscan-output | cut -d ' ' -f4,6 This will return something like this Tool: Drozer - https://labs.f-secure.com/tools/drozer/ Awesome extensive attack framework for Android Apps (Must have) Lecture: Not super technical but very interesting Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev https://www.youtube.com/watch?v=6Chp12sEnWk&t=784s Check out … Continue reading Technique, Tool and Lecture #9
Technique, Tool and Lecture #8
Technique: One line dash loop for running CLI tools on Kali for IP in $(cat ~/Desktop/target); do nikto -host $IP >> ~/Desktop/nitko-output; done; Tool: Nikto Lecture: Drinking from the caffeine firehose we know as shodan https://www.youtube.com/watch?v=5cWck_xcH64 Check out all the entries of this series! Technique Tool and Lecture #14 Technique Tool and Lecture … Continue reading Technique, Tool and Lecture #8
Technique, Tool and Lecture #7
Technique: Google Dork for getting results consisting only of IP addresses. You have to include 2 octets but then can use * for the right. For example if I'm looking for data on 103.10.1.1/16 I can do site:103.10.* or site:103.10.*.* Remember * aren't wildcards but they are as close as you'll get. Also remember that … Continue reading Technique, Tool and Lecture #7
Technique, Tool and Lecture #6
Hi Guys, Time some more hacker's TLC. Or Tips and tricks for penetration testers! Anyway, here we go! Technique: 2 Incapsula WAF XSS Bypasses I haven't had a chance to use these yet but I do encounter Incapsula once in a while so I'll keep then in my bag <iframe/onload='this["src"]="javas	cript:al"+"ert``"';> <img/src=q onerror='new Function`al\ert\`1\``'> Source Tool: … Continue reading Technique, Tool and Lecture #6
Technique, Tool and Lecture #5
Technique: Quick and Easy Bypass for Tomcat 8 on Windows https://x.x.x.x/WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/./WEB-INF/web.xml -> 403 Forbidden https://x.x.x.x/.//WEB-INF/web.xml -> 200 OK Haven't had a chance to use this yet, but I'm sure I will soon Source Tool: Karma So awesome! Lets you search by username, domain or password. For example I can search by … Continue reading Technique, Tool and Lecture #5
Technique, Tool and Lecture #4
Another round of techniques, tools and lectures 😀 Technique: This time it is not as much as of a technique but a trove of resources! I have found many resources for books/publications relevant to my career. I'll admit, I'm much more of a fan of physical copies. That said, if you're okay with PDFs then … Continue reading Technique, Tool and Lecture #4
Technique, Tool and Lecture #3
Time for another entry of Technique, Tool and Lecture! Technique: <!<script>alert(1)</script> The key point is the <! which one researcher found sometimes allow bypassing AWS WAF. Yes, that simple... Source Tool:Â Spiderfoot, a great tool for both semi-active and passive reconnaissance! Here are a list of modules that I run when I am at the … Continue reading Technique, Tool and Lecture #3
Technique, Tool and Lecture #2
Better late than never I suppose. Technique: Not so much a technique this week but a quick little wordlist to get more value from the tool listed below. This is a wordlist for /aspnet_client/system_web/ Link Tool:Â IIS-Shortname-Scanner A personal favorite of mine because I think there is still more value in this vulnerability that hasn't … Continue reading Technique, Tool and Lecture #2