ddouhine

## Executable File Extensions
/////////////////////////////////////////////////////////////////////////////////////////////
List of Executable File Extensions
/////////////////////////////////////////////////////////////////////////////////////////////
Extension 	Format 	Operating System(s)
ACTION 	Automator Action 	Mac OS
APK 	Application 	Android
APP 	Executable 	Mac OS
BAT 	Batch File 	Windows
BIN 	Binary Executable 	Windows, Mac OS, Linux
CMD 	Command Script 	Windows

## Hashes
DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
Notes: [1] [2]

Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.

## pdftoolkit
Encrypt a PDF using 128-Bit Strength (the Default) and Withhold All Permissions (the Default)
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foopass

pdftk file.pdf output file_4char.pdf encrypt_40bit user_pw abcd
Same as Above, Except a Password is Required to Open the PDF
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foo user_pw baz

Same as Above, Except Printing is Allowed (after the PDF is Open)
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foo user_pw baz allow printing

## Wget-Curl
wget --header "Cookie: chocolate=AKAR6yG2ZFQo5N6I9ONSmygsW0f" --header "User-Agent: Mozilla/4.0" --header "Accept: text/html" -i url.txt -p

write output in a file:
curl http://1.1.1.1 -o output

change UserAgent:
curl -A "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" http://1.1.1.1

http-ntlm auth:
curl --ntlm -u 'DOMAIN\user:passwd' http://1.1.1.1

## Scapy
conf
show_interfaces()
conf.iface="eth1"
conf.color_theme=RastaTheme()
load_session("/var/session")
save_session("/var/session")

ls(IP)
a=IP(dst="192.168.0.1")
c=TCP(dport="25")

## sslstrip #pentest
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listen-port>
./ssltrip.py  -l <listen-port>
arpspoof -i eth0 -t <target_IP> <gateway_IP>

## Strings mangling-greping
replace:
sed -e 's/oldtext/newtext/g'

Removing the last three characters from every filename
cat files | sed 's/\(.*\).../\1/'

Removing first character from each filename/string
cat files |sed 's/.\(.*\)/\1/'

Removing last character from each filename/string

## Regex
^ (Caret)        =    match expression at the start of a line, as in ^A.
$ (Question)     =    match expression at the end of a line, as in A$.
\ (Back Slash)   =    turn off the special meaning of the next character, as in \^.
[ ] (Brackets)   =    match any one of the enclosed characters, as in [aeiou].
                      Use Hyphen "-" for a range, as in [0-9].
[^ ]             =    match any one character except those enclosed in [ ], as in [^0-9].
. (Period)       =    match a single character of any value, except end of line.
* (Asterisk)     =    match zero or more of the preceding character or expression.
\{x,y\}          =    match x to y occurrences of the preceding.
\{x\}            =    match exactly x occurrences of the preceding.

## Extended file attributes #nix
setuid	(4000)
---s------		allow owner rights temporarily (eg: mount)
chmod 4755 :
-rwxr-xr-x
-rwsr-xr-x

setgid	(2000)
------s---		allow owner group rights temporarily
chmod 2744 :
-rwxr--r--

## GWT support with webscanners #pentest
GWT support (according to the vendors):
Acunetix
NTOSpider
WebInspect
AppScan
ZAP

Tested:
Burp + Gwtscan.jar: works ~
GWT-Penetration-Testing-Toolset:
	/////////////////////////////////////////////////////////////////////////////////////////////
	List of Executable File Extensions
	/////////////////////////////////////////////////////////////////////////////////////////////
	Extension Format Operating System(s)
	ACTION Automator Action Mac OS
	APK Application Android
	APP Executable Mac OS
	BAT Batch File Windows
	BIN Binary Executable Windows, Mac OS, Linux
	CMD Command Script Windows
	DES(Unix)
	Example: IvS7aeT4NzQPM
	Used in Linux and other similar OS.
	Length: 13 characters.
	Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
	Notes: [1] [2]

	Domain Cached Credentials
	Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
	Used for caching passwords of Windows domain.
	Encrypt a PDF using 128-Bit Strength (the Default) and Withhold All Permissions (the Default)
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foopass

	pdftk file.pdf output file_4char.pdf encrypt_40bit user_pw abcd
	Same as Above, Except a Password is Required to Open the PDF
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foo user_pw baz

	Same as Above, Except Printing is Allowed (after the PDF is Open)
	pdftk mydoc.pdf output mydoc.128.pdf owner_pw foo user_pw baz allow printing
	wget --header "Cookie: chocolate=AKAR6yG2ZFQo5N6I9ONSmygsW0f" --header "User-Agent: Mozilla/4.0" --header "Accept: text/html" -i url.txt -p

	write output in a file:
	curl http://1.1.1.1 -o output

	change UserAgent:
	curl -A "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" http://1.1.1.1

	http-ntlm auth:
	curl --ntlm -u 'DOMAIN\user:passwd' http://1.1.1.1
	conf
	show_interfaces()
	conf.iface="eth1"
	conf.color_theme=RastaTheme()
	load_session("/var/session")
	save_session("/var/session")

	ls(IP)
	a=IP(dst="192.168.0.1")
	c=TCP(dport="25")
	echo "1" > /proc/sys/net/ipv4/ip_forward
	iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listen-port>
	./ssltrip.py -l <listen-port>
	arpspoof -i eth0 -t <target_IP> <gateway_IP>
	replace:
	sed -e 's/oldtext/newtext/g'

	Removing the last three characters from every filename
	cat files \| sed 's/\(.*\).../\1/'

	Removing first character from each filename/string
	cat files \|sed 's/.\(.*\)/\1/'

	Removing last character from each filename/string
	^ (Caret) = match expression at the start of a line, as in ^A.
	$ (Question) = match expression at the end of a line, as in A$.
	\ (Back Slash) = turn off the special meaning of the next character, as in \^.
	[ ] (Brackets) = match any one of the enclosed characters, as in [aeiou].
	Use Hyphen "-" for a range, as in [0-9].
	[^ ] = match any one character except those enclosed in [ ], as in [^0-9].
	. (Period) = match a single character of any value, except end of line.
	* (Asterisk) = match zero or more of the preceding character or expression.
	\{x,y\} = match x to y occurrences of the preceding.
	\{x\} = match exactly x occurrences of the preceding.
	setuid (4000)
	---s------ allow owner rights temporarily (eg: mount)
	chmod 4755 :
	-rwxr-xr-x
	-rwsr-xr-x

	setgid (2000)
	------s--- allow owner group rights temporarily
	chmod 2744 :
	-rwxr--r--
	GWT support (according to the vendors):
	Acunetix
	NTOSpider
	WebInspect
	AppScan
	ZAP

	Tested:
	Burp + Gwtscan.jar: works ~
	GWT-Penetration-Testing-Toolset: