Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-03 07:14:54 -04:00
Code Issues Projects Releases Packages Wiki Activity

reorganizing

Browse source
This commit is contained in:
Mari Wahl 2014-11-03 11:05:34 -05:00
parent 2afd831662
commit bdcecd360b
5 changed files with 352 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

82
Cryptography/README.md
View file

@ -11,6 +11,22 @@
- Brute force hex digest chars - Brute force hex digest chars
### Command Line
```
$ echo -n password | md5sum
5f4dcc3b5aa765d61d8327deb882cf99
```
- 32 chars
```
7e1321b3c8423b30c1cb077a2e3ac4f0a2a551a6458a8de22446cc76d639a9e98fc42c6cddf9966db3b09e843650343578b04d5e377d298e78455efc5ca404d5f4c9385f1902f7334b00b9b4ecd164de8bf8854bebe108183caeb845c7676ae48fc42c6ddf9966db3b09e84365034357327a6c4304ad5938eaf0efb6cc3e53dc7ff9ea9a069bd793691c422fb818
```
- Use Python's md5.md5().digest()
------ ------
@ -21,6 +37,21 @@
- SHA-256 brute force - SHA-256 brute force
### Command Line
- Brute force:
```
import hashlib, itertools
hash = '6307c5441ebac07051e3b90d53c3106230dd9aa128601dcd5f63efcf824ce1ba'
ch = 'abcdef0123456789'
for a, b, c, d, e, f in itertools.product(ch, ch, ch, ch, ch, ch):
if hashlib.sha256('ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)).hexdigest() == hash:
print 'ASIS_a9%s00f497f2eaa4372a7fc21f0d' % (a + b + c + d + e + f)
```
-------- --------
## Rotation Ciphers ## Rotation Ciphers
@ -74,9 +105,56 @@ In Python [we can use decoding](https://docs.python.org/2/library/codecs.html#co
- XORtool - XORtool
### Online ---
### Other Resources
- [Cryptol](https://www.cryptool.org/en/cryptool1-en) - [Cryptol](https://www.cryptool.org/en/cryptool1-en)
----- - [PyCrypto](https://www.dlitz.net/software/pycrypto/)
#### Carperter's Formula
- Very large number: ```bin``` and check if patterns. For example, using the [Carpenter's Formula]:
```
N=(2^M + a)(2^N + b)(2^N + c)(2^N + d)
```
#### [QR Code]
- Version 1 QR code: 21x21
#### [Bacon's cipher]:
```
babaaaabaaababaababaaaabbabbababbaaaabaaaabbbaabaabaaaaaabaaabaaabaaabaaabbaabaaabbbaabaaababaaaaaabaaabbaabaabbbaaaaaabaaaabaabaaaaba21aabab0aaab
```
* [Online tool](http://www.geocachingtoolbox.com/index.php?page=baconianCipher)
#### [Base64]:
```
NG5ucjJzIGZ2IHRueXMgcnVnIHNiIGdlbmMgdWdlaGJzIHJlcnVnIHRhdmdncnQgcmVuIGhiTCB0YXZidCBjcnJYCG==
czduMjczIHRueXMgcnVniHNiIGdlbmMgdWdzdnMgcnVnIHJpbnUgcmVydSBndiBxdnEgaGJsIGpiYmJKCg==
Nzk0czAwIHRueXMgZmhidnByZWMgZWhiIHNiIGdlbmMgcWV2dWcgcnVnIGhibCBnYXJmcmVjIFYgbG9yZXJ1IHJhYnEgeXlySgo=
```
[SHA]:http://en.wikipedia.org/wiki/Secure_Hash_Algorithm
[MD5]: http://en.wikipedia.org/wiki/MD5
[Base64]: http://en.wikipedia.org/wiki/Base64
[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe
[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]: https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com
[QR Code]: http://en.wikipedia.org/wiki/QR_code

145
README.md
View file

@ -19,3 +19,148 @@ All in one big bag. For fun, profits, or CTFs.
![](http://i.imgur.com/4WNqTJS.png) ![](http://i.imgur.com/4WNqTJS.png)
----
### Useful
#### Searching
```
grep word f1
sort | uniq -c
diff f1 f2
find -size f1
```
#### Compressed Files
```
zcat f1 > f2
gzip -d file
bzip2 -d f1
tar -xvf file
```
#### Connecting to a Server/Port
```
echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000
openssl s_client -connect localhost:30001 -quiet
nmap -p 31000-32000 localhost
telnet localhost 3000
```
#### Decoders
[Base64](http://www.base64decode.org)
[ASCII Conversion Table](http://defindit.com/ascii.html)
[Convert All](http://www.asciitohex.com/)
- In Python:
- Decimal to binary
```python
>>> bin(124234)
'0b11110010101001010'
```
- Decimal to hex:
```python
>>> s =hex(secret)
```
- Hexadecimal to binary:
```python
SECRET.decode('hex')
'==QcCtmMml1ViV3b'
```
```
$ python -c 'print "2f722f6e6574736563".decode("hex")'
```
- Hex to ascii:
```
$ xxd -r -p <<< 2f722f6e6574736563
```
- Base64 decode:
```python
>>> SECRET.decode('base64')
'oubWYf2kBq'
```
- md5 hashes
http://hash-killer.com/
http://www.md5this.com/
----
### Recon
#### Searching the Internets
The recon problems usually give you someone/something's name and a task or a hint to find some specific information about it. So the first thing is of course google it.
Google anything using keywords such as ```filetype:cgi inurl:cgi-bin```
#### In addition we can look at:
- Facebook, Twitter, Linkedin, Google+, reddit, /r/netsec.
- IRC: with **/whois **.
- [namechk]
- Github: check in the commit history.
#### Finding pictures:
- [karmadecay]
- [tineye]
- [images.google.com]
-----------------
[FireBug]: http://getfirebug.com/
[Burp Suite]: http://portswigger.net/burp/
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]: https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[subbrute.py]: https://github.com/SparkleHearts/subbrute
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com

29
Reverse_Engineering/README.md
View file

@ -10,16 +10,41 @@
- base conversion - base conversion
- Command line tricks - Command line tricks
### Encondings/ Binaries
```
file f1
ltrace bin
strings f1
base64 -d
xxd -r
nm
objcopy
binutils
```
### Online References ### Online References
[Reverse Engineering, the Book]: http://beginners.re/ [Reverse Engineering, the Book]: http://beginners.re/
---- ----
## IDA ## IDA
- Cheat sheet - Cheat sheet
- [IDA PRO](https://www.hex-rays.com/products/ida/support/download_freeware.shtml)
------------- -------------
@ -30,6 +55,8 @@
#### gdb #### gdb
```sh ```sh
$ gcc -ggdb -o <filename> <filename>.c $ gcc -ggdb -o <filename> <filename>.c

61
Steganography/README.md
View file

@ -6,3 +6,64 @@
- Adding two images - Adding two images
- xor_bytes - xor_bytes
- color crypto - color crypto
___
## Command Line:
- Pull out the audio with ffmpeg:
```
$ ffmpeg -i windows.mp4 windows.wav
```
- Make a gif from video using [ffmpeg](https://www.ffmpeg.org/download.html)
```sh
$ ffmpeg -i windows.mp4 windows.gif
```
- Online tool for images:
* [utilitymill](http://utilitymill.com/utility/Steganography_Decode)
* [pngcheck](http://www.libpng.org/pub/png/apps/pngcheck.html)
* [Paranoid.jar](https://ccrma.stanford.edu/~eberdahl/Projects/Paranoia/)
____
### Metadata
[Image metadata](http://regex.info/exif.cgi)
- To find information inside a picture, we can use package [pnginfo] or [pngcheck].
- If we need [base64 decoding] (for example a PGP key with a picture).
- Weird pieces of bytes may need to be XORed.
- If we have a decrypted message and a key:
1. Import the private key to use it to decrypt the message with ```gpg --allow-secret-key-import --import private.key```
2. Decrypt with ```gpg --decrypt message.pgp```.
- [ExifTool](http://www.sno.phy.queensu.ca/~phil/exiftool/index.html)
[Bacon's cipher]:http://en.wikipedia.org/wiki/Bacon's_ciphe
[Carpenter's Formula]:http://security.cs.pub.ro/hexcellents/wiki/writeups/asis_rsang
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]: https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[subbrute.py]: https://github.com/SparkleHearts/subbrute
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com

38
Web_Exploits/README.md
View file

@ -21,3 +21,41 @@
## User ID ## User ID
- cookie auth - cookie auth
- user id - user id
## Other Resources
#### When we have a Website/IP Address:
- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
- Use the command ```dig``` or ```ping``` in Linux to find the IP address of the website.
- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
- Check the *robot.txt* file for hidden folders.
- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
#### Tools
- [Burp Suite]
- [FireBug] in Firefox
-----------------
[FireBug]: http://getfirebug.com/
[Burp Suite]: http://portswigger.net/burp/
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]: https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[subbrute.py]: https://github.com/SparkleHearts/subbrute
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com