From 5af6d5c4ebc8bbdb6aa0035d5941a39d632f5c5e Mon Sep 17 00:00:00 2001 From: Casual Date: Mon, 3 Jun 2024 00:50:17 +0300 Subject: [PATCH] new post --- content/hacking/HowTo_create_wordlist.md | 22 +++ content/hacking/HowTo_customize_wordlist.md | 24 +++ content/hacking/ListOf_wordlists.md | 35 ++++ .../WhatIs_OpenSource_and_FreeSoftware.md | 158 ++++++++++++++++++ 4 files changed, 239 insertions(+) create mode 100644 content/hacking/HowTo_create_wordlist.md create mode 100644 content/hacking/HowTo_customize_wordlist.md create mode 100644 content/hacking/ListOf_wordlists.md create mode 100644 content/tech/WhatIs_OpenSource_and_FreeSoftware.md diff --git a/content/hacking/HowTo_create_wordlist.md b/content/hacking/HowTo_create_wordlist.md new file mode 100644 index 0000000..ff2669c --- /dev/null +++ b/content/hacking/HowTo_create_wordlist.md @@ -0,0 +1,22 @@ ++++ +title = 'HowTo create wordlist' +date = 2024-06-04 ++++ + + + +## Using info on person + +simple with interactive mode (+ the most new): +https://github.com/r3nt0n/bopscrk + + +## When person probably uses passphrase + +https://github.com/initstring/passphrase-wordlist + + +## There are also: +https://github.com/Mebus/cupp - last update 2020 +https://github.com/LandGrey/pydictor - last update 2017 +https://github.com/sc0tfree/mentalist - last update 2017 - GUI with support for generating rules for `hashcat` and `John`? diff --git a/content/hacking/HowTo_customize_wordlist.md b/content/hacking/HowTo_customize_wordlist.md new file mode 100644 index 0000000..cb619b5 --- /dev/null +++ b/content/hacking/HowTo_customize_wordlist.md @@ -0,0 +1,24 @@ ++++ +title = 'HowTo customize wordlist' +date = 2024-06-07 ++++ + +## General wordlist manipulation + +https://github.com/glitchedgitz/cook +"A wordlist framework to fullfill your kinks with your wordlists." + +"An overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding and everything you need." + + + +Can do anything (except targeted wordlist creation) + + +### Dedupe + +https://github.com/nil0x42/duplicut +"Remove duplicates from MASSIVE wordlist, without sorting it (for dictionary-based password cracking)" + + + diff --git a/content/hacking/ListOf_wordlists.md b/content/hacking/ListOf_wordlists.md new file mode 100644 index 0000000..c946d2a --- /dev/null +++ b/content/hacking/ListOf_wordlists.md @@ -0,0 +1,35 @@ ++++ +title = 'ListOf wordlists' +date = 2024-06-02 ++++ + +## Web + + +Rockyou for web dirs - [six2dez/OneListForAll](https://github.com/six2dez/OneListForAll). It have + - micro - 26K lines - "manally crafted wordlist for low hanging fruits" + - short - 900K lines - a short version, it also contains a lot of things, but in a more affordable way + +Special pathes - LFI, juicy APIs, misconfigurations.. etc - [ayoubfathi/leaky-paths](https://github.com/ayoubfathi/leaky-paths) + +Platform specific (drupal,wordpress...) - [trickest/wordlists](https://github.com/trickest/wordlists/tree/main/technologies) + +Common sensitive points - [RobotsDisallowed](https://github.com/danielmiessler/RobotsDisallowed) + +A lot of stuff. - [Seclist](https://github.com/danielmiessler/SecLists) + +## Passes + +### The most used passwords + +Combo of all wordlists with count of how much times is used - [berzerk0/Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists) + +6y old wordlist for Russian-speaking people - [sharsi1/russkiwlst](https://github.com/sharsi1/russkiwlst) + +### Passphrases + +[initstring/passphrase-wordlist](https://github.com/initstring/passphrase-wordlist) + +### Tools + +[awesome-password-cracking](https://github.com/n0kovo/awesome-password-cracking) diff --git a/content/tech/WhatIs_OpenSource_and_FreeSoftware.md b/content/tech/WhatIs_OpenSource_and_FreeSoftware.md new file mode 100644 index 0000000..57050b1 --- /dev/null +++ b/content/tech/WhatIs_OpenSource_and_FreeSoftware.md @@ -0,0 +1,158 @@ ++++ +title = 'WhatIs OpenSource and Free Software' +date = 2024-06-02 ++++ + + + +## Defenitions + +__OpenSource Software__ (OSS) - Software which source code is open to read/edit/distribute, and to use for any purpose. + +__Free Software__ - Software which respects basic user freedoms (by GNU) + +### User Freedoms + +0. Freedom to use program to any purpose +1. Freedom to inspect and modify program for your purposes +2. Freedom to distribute copies +3. Freedom to distribute modifications + +Sounds familiar, right? +But, _Opensource != Free Software_. +We will talk about it later + +## Movements + +Open Source Initiative (OSI) - Movement that supports OSS. + +Free Software Foundation (FSF) - Movement that Free Software. + + +## Licenses + +License protects developer from liability. + +OSS uses __Permissive licenses__. Permissive license just allows user to use software for any purpose and states that source code is open to read/edit/distribute. +E.g.: + - MIT license + - BSD 4-Clause + - Apache 2.0 License + +Free Software uses __Copyleft licenses__. Copyleft license complies 4 basic user freedoms. And it's is more restrictive. +For instance - with permissive license company can privatize source code by making modifications and claiming it's their code, so they free to hide source code. But in case of copyleft license - company should make source code available and with same license (so any further modifications will be Free Software). +E.g.: + - GNU GPLv3 + - GNU AGPLv3 + - GNU LGPLv3 + +So, proprietary tools may be based on OSS with permissive license, but not with Copyleft license. + +## Difference + +So what's difference between OpenSource and Free Software? + +It's idealogy of proggramers. + +The priority of OpenSource developers is to make a reliable and efficient tool that, to some extent, can replace commercial analogs. + +And the priority of “Free” programmers is to provide the user with the mentioned freedoms in the process of creating a reliable and efficient tool. + +It's still not clear exactly what the difference is, but I'll explain now. + + +### Example + +For instance, Google's calculator for Android. It uses the permissive (Apache 2.0) license. However, the calculator on your phone is not free software. You can't install modified version of this calculator on your phone, OS won't let you to install software with wrong signature, what disrespects user freedom #1: +`1. Freedom to inspect and modify program for your purposes` + +Google knows about it and states it in [FAQ](https://source.android.com/docs/setup/contribute/licenses), explaining this decision as they want vendors to be able do what they want ~~(lock down users with unknown proprietary software)~~. + +## pros/cons for developer + +How OSS affects life of developer? + +#### Cons: + - __Misunderstandings__ - as with any collaborative development, it's about communicating with people, you have to be prepared for differences in perceptions and approaches + + + +#### Pros: + - __Motivation__ - By making program for your problem and giving it out - you help many other people to deal with their problems. +{{< spoiler Example >}} +Richard Stallman, developed a set of GNU utilities for everyone to use. His team put together what we see GNU/Linux to be today. +{{< /spoiler >}} + - **Reputation** - You become more recognizable in the community, you can be invited to events and offered jobs. +{{< spoiler Example >}} +H.D. Moore, the creator of Metasploit, got invited to a lot of events and became a Principal Investigator at Rapid7 thanks to his tool. +{{< /spoiler >}} + - __Portfolio__ - If you're applying for a job, it's a plus if you have OpenSource projects. + - __Growth__ - By doing an OpenSource project, it will get changes from other programmers that will help you grow as an expert and raise your code skills. +{{< spoiler Example >}} +Going back to Moore, he got a big jump on writing exploits while working on Metasploit. +{{< /spoiler >}} + - __Code quality__ - you will write code of high quality if you know that absolutely anyone can see it than if you write it on your own. +{{< spoiler Explanation >}} +In psychology it's called the Hawthorne Effect. +{{< /spoiler >}} + + +## pros/cons for user + +How OSS affects life of user? + +#### Cons: + + - __Support__ - there may not be any, and project development may be over in a month. + {{< spoiler Example >}} + I so one youtuber who posted his script threw in a few improvements, but he abandoned the project. + {{< /spoiler >}} + - __Security__ - there is no guarantee that the program is safe, downloading OpenSource utilities is no different from downloading cracked programs, unless you read the source code. + {{< spoiler Example >}} + A recent notorious example is the XZ bibliotheca, which almost put a backdoor on all upgraded systems. + {{< /spoiler >}} + - __Liability__ - If the program misbehaves and causes data loss, no one will be held responsible but the user themselves + - __Documentation__ - Availability, relevance and accuracy of documentation is also not guaranteed. + {{< spoiler Example >}} + I remember I found one very specific Python library that solved my problem, but there was almost none documentation so I learned how to use it by studying its source code. + {{< /spoiler >}} + +#### Pros: + + - __Price__ - take it and download it. All OpenSource programs are free to use. + - __Platforms__ - OSS often supports more platforms than proprietary software. + {{< spoiler Example >}} + Adobe intentionally does not develop a Linux version of Photoshop, although they have a version for MacOS. And conditional Krita, there are on all platforms, and even on Android. + {{< /spoiler >}} + - __Ownership__ - what you downloaded will work on any other similar system, this program belongs to you (within the license) and you can not take it away. + {{< spoiler Example >}} + A musician had a prog like FL Studio that he bought 10 years ago. After that, several new versions came out that were very different from this one. Sevris online activation was disabled and his computer crashed. And because of that he couldn't activate the old version of the program, and tech support refused to help him, despite the fact that the product license allowed him to continue using the old version. And he needed this very version for his work. In the end, what he bought was taken away from him. + {{< /spoiler >}} + - __Security__ - The user can make sure that the program is secure and meets the developers' claims or your needs +{{< spoiler Example >}} +remembering the example about XZ - the researcher found a backdoor, but in proprietary software, for example Windows, it would have remained undetected for some time.{{< /spoiler >}} + - __Customization__ - User can customize the program to fit his needs. +{{< spoiler Example >}} +Don't like the color of the window? Adjust it and use the program. Or you don't like some annoying pop-up or default settings. You can change it all. {{< /spoiler >}} + - __Community__ - any user can help a developer with a project. And it's not just about writing code, it's also about helping with discussing and suggesting new features, writing documentation, user support, creating bug reports, testing new version. Everyone can help in development, regardless of their skills. +{{< spoiler Example >}} +For example, the developers of Proxmox VE get more feedback from users than from companies. And some users themselves send them how to fix their program, and it's not just a quick fix, but a piece of code that fixes the problem thoroughly. {{< /spoiler >}} + + + + + +{{< source >}} +My Research for Conference +(some of the related links): +https://choosealicense.com/ +https://stackoverflow.com/questions/3902754/mit-vs-gpl-license +https://www.gnu.org/philosophy/open-source-misses-the-point.html +https://dev.to/opensauced/open-source-101-a-beginners-guide-to-getting-started-37fb +https://www.gnu.org/proprietary/proprietary.html +https://www.gnu.org/philosophy/open-source-misses-the-point.html +https://www.gnu.org/philosophy/free-sw.html +https://www.quora.com/What-are-examples-of-open-source-software-that-are-not-free-software +https://opensource.guide/starting-a-project/ +{{< /source >}} +