Study Record/Cybersecurity

[HTB machine] Cap

Sungyeon Kim 2024. 11. 27. 01:41

- Concpets

1. Security snapshot - Quick or comprehensive analysis of a system's security posture at a given point in time. It's commonley used in web vulnerability tools (e.g., OWASP ZAP, Burp suite, Nessus) or integrated security dashboards.
2. Fuzzing - Send unexpected, random, or crafted input (e.g, different URLs or parameters) to find vulnerabilities
   1) fuff: A super-fast web fuzzing tool written in Go. For basic fuzzing.
   2) wfuff: Another powerful web fuzzing tool written in Python. For advanced features like fuzzing parameters, headers, or cookies
3. In Linux (e.g., kali or Parrot OS), many wordlists are pre-installed.
   - Common locations include: /usr/share/wordlists/
   - SecLists: pre-made wordlists (https://github.com/danielmiessler/SecLists)
      e.g., git clone https://github.com/danielmiessler/SecLists.git
4. IDOR (Insecure Direct Object Reference): A user can directly access data owned by another user.
5. PCAP file: Packet Caputre. Capture and store network traffic data
6. SearchSploit: Search for publicly available exploits and PoC (proof-of-concepts) code within the Exploit-DB database.
7. PoC (proof-of-concepts): Example that shows how a particular vulnerability works.
8. Exploit-DB: Repository of exploits for various software, operating systems, and platforms.
9. Google search: "vsFTPd changelog"
   - 'changelog' is a good word to often get the dates that versions were released.
10. ExifTool: Read, write, and edit metadata embedded in a wide variety of files
11. Gunicorn: Green Unicorn. Python WSGI HTTP server designed for deploying Python web applications.
12. WSGI server (Web Server Gateway Interface): A server that adheres to the WSGI standard, which is a specification for communication between web servers and Python web applications or frameworks.
13. ACL (Access Contorl List): A set of rules that specify which users are allowed to access on a resource.
14. .bashrc file: Shell script executed whenever a new interactive, non-login Bash shell session starts. Can be exploited for reverse shell.
15. LinPEAS (Linux Privilege Escalation Awesome Script): Identify potential privilege escalation vectors on Linux systems.
16. placeholder: Temporary or symbolic element used to represent a value, object, or content that will be replaced or updated later.
 

- Commands

1. rm {file}: Remove the file
2. nmap -oA: Save scan results in all three major output formats simultaneously: Normal (.nmap), XML (.xml), and Grepable (.gnmap).
3. less {file}: View the contents of a file or output from antoehr command one screen at a time. It's commonly used for reading large files because it allows you to navigate through the content efficiently without loading the entire file into memory.
4. wireshark {pcap}: network protocol analyzer
   - tcp steam: A single, continuous TCP connection between two endpoints (a clinet and a server)
   - tcp.stream eq 0: Display only packets that are part of the first detected TCP connection (Stream 0)
   - tcp.stream eq 1: Display packets for the second TCP stream
5. python3:
   - os.setuid(0): Grant the process root privileges
6. zeek: Analyze network traffic and produces logs, summaries, and insights about the observed connects.
   - C: Disable checksum. Useful when analyzing PCAP files, as packet checksums may be incorrect due to hardware offloading or other issues.
   - r: Read mode