From a220272599bbe319024b489d33a2123d1f86e9fd Mon Sep 17 00:00:00 2001
From: bt3 <bt3gl@localhost.localdomain>
Date: Wed, 5 Nov 2014 13:33:55 -0500
Subject: [PATCH] some small fixes

---
 Cryptography/README.md | 10 ++++++++
 Web_Exploits/README.md | 56 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/Cryptography/README.md b/Cryptography/README.md
index 3405263..7c3cdc0 100644
--- a/Cryptography/README.md
+++ b/Cryptography/README.md
@@ -173,6 +173,8 @@ $ python -c 'print "2f722f6e6574736563".decode("hex")'
 ```
 
 - Hex to ascii:
+Hex character codes are simply the hexadecimal (base 16) numbers for the ASCII character set; that is, the number-to-letter representations which comprise virtually all computer text.
+
 
 ```
 $ xxd -r -p <<< 2f722f6e6574736563
@@ -184,6 +186,14 @@ $ xxd -r -p <<< 2f722f6e6574736563
 '0b11110010101001010'
 ```
 
+#### Octal
+(or: a great way of obscurating a URL)
+
+Example: http://017700000001 --> 127.0.0.1
+
+
+
+
 
 
 
diff --git a/Web_Exploits/README.md b/Web_Exploits/README.md
index 9da4a31..ab47821 100644
--- a/Web_Exploits/README.md
+++ b/Web_Exploits/README.md
@@ -2,26 +2,36 @@
 
 ## OS Command Injection
 
+---
+
 ## SQLi
 
 - Brute force password
 - Timed SQLi
 - Cookie force brute
 
+
+--- 
 ## PHP Shells
 
 - php primer
 - xor
 - exploits
 
+----
+
 ## Scanners
 
 - heartbleed
 
+
+-----
 ## User ID
 - cookie auth
 - user id
 
+----
+
 ## Other Resources
 
 #### When we have a Website/IP Address:
@@ -39,14 +49,58 @@
 - Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
 
 
+-----
+
+## URLs
+
+#### Octal
+
+- Example: http://017700000001 --> 127.0.0.1
+
+- For example 206.191.158.50:
+
+((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370.
+
+Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) 
 
 
-#### Tools
+#### Great @
+
+-Everything between "http://" and "@" is completely irrelevant
+
+```
+http://doesn'tmatter@www.google.org
+http://!$^&*()_+`-={}|[]:;@www.google.com
+```
+
+- @ symbol can be represented by its hex code %40 
+- dots are %2e
+
+
+
+----
+
+## HTTP
+
+The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
+- User-Agent: browser version information
+- Host: URL hostanme
+- Accept: supported MIME documents( such as text/plain or audio/MPEG)
+- Accept-Language: supported language codes
+- Referer: originating page for the request
+
+
+
+-----
+## Tools
 
 - [Burp Suite]
 - [FireBug] in Firefox
 
 
+
+
+
 -----------------
 [FireBug]: http://getfirebug.com/
 [Burp Suite]: http://portswigger.net/burp/