From a7dc2b80cc32852e2ef6100302afc8b4b46712b1 Mon Sep 17 00:00:00 2001 From: bt3gl Date: Wed, 19 Nov 2014 12:07:31 -0500 Subject: [PATCH] gitignore --- README.md~ | 75 ---------------------- Web_Exploits/SQLi/README.md~ | 119 ----------------------------------- 2 files changed, 194 deletions(-) delete mode 100644 README.md~ delete mode 100644 Web_Exploits/SQLi/README.md~ diff --git a/README.md~ b/README.md~ deleted file mode 100644 index 39129a2..0000000 --- a/README.md~ +++ /dev/null @@ -1,75 +0,0 @@ -# My-Gray-Hacker-Resources - -All in one big bag. For fun, profits, or CTFs. - - -## * CTFs and WARGAMES -## * CRYPTOGRAPHY -## * FORENSICS -## * LINUX HACKING -## * MEMORY EXPLOITS -## * NETWORK and 802.11 -## * REVERSE ENGINEERING -## * RUBBER DUCK -## * STEGANOGRAPHY -## * WEB EXPLOITS -## * OTHER HACKINGS - - - - -![](http://i.imgur.com/4WNqTJS.png) - - ----- - -### Useful Command Line - -#### Searching - - -``` -grep word f1 - -sort | uniq -c - -diff f1 f2 - -find -size f1 -``` - - - - -#### Compressed Files - - -``` -zcat f1 > f2 - -gzip -d file - -bzip2 -d f1 - -tar -xvf file -``` - - - -#### Connecting to a Server/Port - -``` -echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000 - -openssl s_client -connect localhost:30001 -quiet - -nmap -p 31000-32000 localhost - -telnet localhost 3000 -``` - ----- - -### License -The material in this repositoru are licensed under the [Creative Commons Attribution-Noncommercial 3.0 license](http://creativecommons.org/licenses/by-nc/3.0/). All code is dedicated to the public domain. If your country does not recognize my right to dedicate works to the public domain, you may also use code from my blog under the [MIT license](http://opensource.org/licenses/MIT). - diff --git a/Web_Exploits/SQLi/README.md~ b/Web_Exploits/SQLi/README.md~ deleted file mode 100644 index 251f7eb..0000000 --- a/Web_Exploits/SQLi/README.md~ +++ /dev/null @@ -1,119 +0,0 @@ -# Web Exploits - -[My list of common web vulnerabilits.](http://bt3gl.github.io/a-list-of-common-web-vulnerabilities.html) - -## OS Command Injection - ---- - -## SQLi - -- Brute force password -- Timed SQLi -- Cookie force brute - - ---- -## PHP Shells - -- php primer -- xor -- exploits - ----- - -## Scanners - -- heartbleed - - ------ -## User ID -- cookie auth -- user id - ----- - -## Other Resources - -#### When we have a Website/IP Address: - -- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com. - -- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains. - -- Use the command ```dig``` or ```ping``` in Linux to find the IP address of the website. - -- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 ```. - -- Check the *robot.txt* file for hidden folders. - -- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax). - - ------ - -## URLs - -#### Octal - -- Example: http://017700000001 --> 127.0.0.1 - -- For example 206.191.158.50: - -((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370. - -Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) - - -#### Great @ - --Everything between "http://" and "@" is completely irrelevant - -``` -http://doesn'tmatter@www.google.org -http://!$^&*()_+`-={}|[]:;@www.google.com -``` - -- @ symbol can be represented by its hex code %40 -- dots are %2e - - - ----- - -## HTTP - -The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers): -- User-Agent: browser version information -- Host: URL hostanme -- Accept: supported MIME documents( such as text/plain or audio/MPEG) -- Accept-Language: supported language codes -- Referer: originating page for the request - -The headers are terminated with a single empty line, which may be followerd by any payload the client wishes to pass to the server (the lenght should be specified with the Content-Length header). The payload is usually browser data, but there is no requirements. - - - ------ -## Tools - -- [Burp Suite] -- [FireBug] in Firefox - - - - - ------------------ -[FireBug]: http://getfirebug.com/ -[Burp Suite]: http://portswigger.net/burp/ -[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html -[karmadecay]: http://karmadecay.com/ -[tineye]: https://www.tineye.com/ -[images.google.com]: https://images.google.com/?gws_rd=ssl -[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp -[subbrute.py]: https://github.com/SparkleHearts/subbrute -[pnginfo]: http://www.stillhq.com/pngtools/ -[namechk]: http://namechk.com -