- Concepts
1. Spider in Burp suite: maps and explores web applications by automatically crawling their content. It identifies pages, files, and parameters that might not be immediately visible.
2. /bin/dash: A lightweight POSIX-compliant shell
3. POSIX (Portable Operating System Interface): A family of standards specified by the IEEE to maintain compatibility between operating systems.
4. EUID (Effective User ID): determines what a process is allowed to do in terms of accessing files and resources. It differs from the RUID (Real User ID), which identifies the actual user who started the process.
5. app.js: contains the core logic or the main entry point of the appliation. app.js exists in bothe the backend and frontend of the same project, each serving its respective role.
6. Binary Ninja: A reverse-engineering platform designed for analyzing, disassembling, and decompiling binary files. It's a moder, user-friendly tool used by security researchers, malware analysts, and reverse engineers to understand compiled binaries and machine code.
7. NRPE (Nagios Remote Plugin Executor) command injection vulnerability: NRPE allows nagios servers to remotely execute scripts or commands on client machines to check services, CPU usage, memory, disk space, etc. NRPE command injection vuln occurs when NRPE doesn't properly sanitize or validate user input passed to commands.
8. Buffer overflow: A vulnerability that writes more data to a memory buffer (a fixed-size area of memory) than it can hold, causing data to overwrite adjacent memory locations.
9. GNU: stands for "GNU's Not Unix" and is an open-source OS that is compatible with Unix.
10. ESP (Extended Stack Pointer): A CPU register that points to the top of the stack
11. EBP (Base Pointer): A CPU register which is used for accessing function parameters and local variables stored on the stack.
12. EIP (Extended Instruction Pointer): A CPU register that holds the memory address of the next instruction to be executed.
- Commands
1. sed 's/old/new/g' file: replaces the matching pattern.
2. fcrackzip: cracks password-protected ZIP files.
3. md5sum {file}: verifies the MD5 hash (Message-Digest algorithm 5) of a file. It is primarily used for verifying file integrity.
4. chmod 6755:
- 6: Setuid(4) + Setgid(2). Setuid allows an executable file to run with the privilege of the file's owner. Setgid allows the file to run with the group privileges of the file's group.
5. strace: monitors and displays system calls in real-time.
6. r2 {binary}: Radare2. The framework for reverse engineering, debugging and binary analysis.
- aaa: analyzes all analysis
- afl: lists all identified functions
- vvv: opens the visual mode
- gg: jumps to the entry point
7. 7z e {zip file}: Extracts files to the current directory without preserving folder structure.
- unzip vs 7z: unzip is specialized for .zip files, while 7z is more versatile and supports a wide range of archive formats, both for compression and extraction.
8. gdb: GNU debugger. It allows us to inspect a program's execution, find and fix bugs, and understand its behavior by examining variables, memory, and control flow.
- gdb ./program: launches a program
- run {arg1} {arg2} : runs the program inside gdb
- checksec: inspects a binary file to determine which security features are enabled. It checks for:
1) NX (No eXecute): prevents execution of code in non-executable memory areas (e.g, stack, heap).
2) PIE (Position Independent Executable): enables address space layout randomization (ASLR) for the binary.
3) Canary (Stack Canary): protects against stack-based buffer overflow attacks.
4) RELRO (Relocation Read-only): hardens the binary against exploitation of relocation entries.
5) ASLR (Address Space Layout Randomization): randomizes memory addresses at runtime, making it harder for attackers to predict locations.
- b main: sets a breakpoint at the start of the main function in our program.
1) breakpoint: tells the debugger to pause execution at a specific point.
- jmp: is used for unconditional branching. It immediately transfers control to a specified memory address or label without returning to the caller.
- call: invokes a function or subroutine.