aminkhoshzahmat · July 21, 2022 19:30
diff --git a/hack-tools.txt b/hack-tools.txt
 Google dorks
    1) find useful files > site: tesla.com filetype:pdf
    2) find emails  > "@tesla.com" -site:tesla.com
                    > "@etf.bg.ac.rs" -site:etf.bg.ac.rs
                    > intitle:admin OR inurl:admin site:etf.bg.ac.rs
    3) Search "googl dorks" > exploit.com


 Find IP
    Ping, Host, nslookup (active)
        ping tesla.com
        host tesla.com
        nslookup tesla.com
        whois tesla.com
    other services (passive)
        search > find ip address > https://www.site24x7.com/tools.html
        
        
 whatweb > what technologies/plugins used
    whatweb 192.168.1.4
    whatweb --help
    man whatweb
        --aggression (1,2,3) levels
    whatweb --aggression 3 -v 192.168.0.170
        go through IP ranges, or multiple domains
        there might be errors to no route found, supress them with --no-errors
    whatweb --aggression 3 -v 192.168.0.1/24
    whatweb --aggression 3 -v 192.168.0.1/24 --no-errors


 Dirb > detect directories and hidden ones
     > you may find: /images, /phpmyadmin, /files, ...
        goes through this wordlists > /usr/share/dirp/wordlists/common.txt
    dirb http://192.168.0.170
        you can pass your word lists /usr/share/wordlists/{*.txt}
    dirb http://192.168.0.170 /usr/share/wordlists/common.txt
    
    
 nmap > network mapper, discover open ports
        which serivces are running on those ports, also which version is running.
    nmap 192.168.0.170
        verbos
    nmap -sV 192.168.0.170
        scan vulnerabilities, run script
    nmap --script vuln 192.168.0.170
        scripts can be found on nmap.org
    nmap --script http-stored-xss 192.168.0.170
 nikto > is a tool to perform comprehensive test against web servers
        searches for:
            server misconfigurations
            outdated versions
            dangerous files and programs
    nikto -host 192.18.100.140
    nikto -host 192.18.100.140 -port 081
  
  
 HTML Injection (burp intercept)
    1) test => <h1>dude</h1>
    2) user agent > intercept > => <img src="x" onerror="">
    3) cookie injection > intercept > change cookie value PHPSESSID => <meta http-equiv="refresh" content="5; URL=https://www.google.com"/>
    4) what if there is no request to intercept > like set session storage
    5) referer with back button > intercept > referer => "></a><h1>amin</h1>
    Practice other HTML injection examples

 Command Injection
    1) Input gets command > ls; <whoami>
    2) Blind injection > we can't see the output of our command > we need to approach it to test it.
        2.1) use ping command to ping your machine and track packets with wireshark to see if you capture any packets.
            > ls; ping 10.8.172.204 -c 5  (don't ping for ever, stop after 5times)
	Google dorks
	1) find useful files > site: tesla.com filetype:pdf
	2) find emails > "@tesla.com" -site:tesla.com
	> "@etf.bg.ac.rs" -site:etf.bg.ac.rs
	> intitle:admin OR inurl:admin site:etf.bg.ac.rs
	3) Search "googl dorks" > exploit.com


	Find IP
	Ping, Host, nslookup (active)
	ping tesla.com
	host tesla.com
	nslookup tesla.com
	whois tesla.com
	other services (passive)
	search > find ip address > https://www.site24x7.com/tools.html


	whatweb > what technologies/plugins used
	whatweb 192.168.1.4
	whatweb --help
	man whatweb
	--aggression (1,2,3) levels
	whatweb --aggression 3 -v 192.168.0.170
	go through IP ranges, or multiple domains
	there might be errors to no route found, supress them with --no-errors
	whatweb --aggression 3 -v 192.168.0.1/24
	whatweb --aggression 3 -v 192.168.0.1/24 --no-errors


	Dirb > detect directories and hidden ones
	> you may find: /images, /phpmyadmin, /files, ...
	goes through this wordlists > /usr/share/dirp/wordlists/common.txt
	dirb http://192.168.0.170
	you can pass your word lists /usr/share/wordlists/{*.txt}
	dirb http://192.168.0.170 /usr/share/wordlists/common.txt


	nmap > network mapper, discover open ports
	which serivces are running on those ports, also which version is running.
	nmap 192.168.0.170
	verbos
	nmap -sV 192.168.0.170
	scan vulnerabilities, run script
	nmap --script vuln 192.168.0.170
	scripts can be found on nmap.org
	nmap --script http-stored-xss 192.168.0.170
	nikto > is a tool to perform comprehensive test against web servers
	searches for:
	server misconfigurations
	outdated versions
	dangerous files and programs
	nikto -host 192.18.100.140
	nikto -host 192.18.100.140 -port 081


	HTML Injection (burp intercept)
	1) test => <h1>dude</h1>
	2) user agent > intercept > => <img src="x" onerror="">
	3) cookie injection > intercept > change cookie value PHPSESSID => <meta http-equiv="refresh" content="5; URL=https://www.google.com"/>
	4) what if there is no request to intercept > like set session storage
	5) referer with back button > intercept > referer => "></a><h1>amin</h1>
	Practice other HTML injection examples

	Command Injection
	1) Input gets command > ls; <whoami>
	2) Blind injection > we can't see the output of our command > we need to approach it to test it.
	2.1) use ping command to ping your machine and track packets with wireshark to see if you capture any packets.
	> ls; ping 10.8.172.204 -c 5 (don't ping for ever, stop after 5times)