Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 04:33:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-09-25 08:37:19 +00:00 committed by gitbook-bot
parent ddf8df4cda
commit dfc76ba216
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 30 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
crypto/crypto-ctfs-tricks.md
View file

@ -2,7 +2,7 @@
## Online Hashes DBs
* ***Google it***
* _**Google it**_
* [http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240](http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240)
* [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com/)
* [https://crackstation.net/](https://crackstation.net/)
@ -17,8 +17,9 @@
## Encoders
Most of encoded data can be decoded with these 2 ressources:
- https://www.dcode.fr/tools-list
- https://gchq.github.io/CyberChef/
* [https://www.dcode.fr/tools-list](https://www.dcode.fr/tools-list)
* [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
### Substitution Autosolvers
@ -69,7 +70,7 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
* **Citrix CTX1** \[\]
* `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
[http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
[http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
### HackerizeXS \[_╫Λ↻├☰┏_\]
@ -77,15 +78,15 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
╫☐↑Λ↻Λ┏Λ↻☐↑Λ
```
* [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
* [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
### Morse
```text
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
```
* [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: https://gchq.github.io/CyberChef/
* [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
### UUencoder
@ -109,7 +110,7 @@ hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
end
```
* [www.webutils.pl/index.php?idx=xx](www.webutils.pl/index.php?idx=xx)
* [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx)
### YEncoder
@ -232,8 +233,7 @@ A secret is splitted in X parts and to recover it you need Y parts \(_Y <=X_\
803bc8cf294b3f83d88e86d9818792e80cd
```
http://christian.gen.co/secrets/
[http://christian.gen.co/secrets/](http://christian.gen.co/secrets/)
### OpenSSL brute-force

37
pentesting/pentesting-ssh.md
View file

@ -22,22 +22,21 @@ nc -vn <IP> 22
ssh-audit is a tool for ssh server & client configuration auditing.
https://github.com/jtesta/ssh-audit is an updated fork from https://github.com/arthepsy/ssh-audit/
[https://github.com/jtesta/ssh-audit](https://github.com/jtesta/ssh-audit) is an updated fork from [https://github.com/arthepsy/ssh-audit/](https://github.com/arthepsy/ssh-audit/)
**Features:**
##### Features:
- SSH1 and SSH2 protocol server support;
- analyze SSH client configuration;
- grab banner, recognize device or software and operating system, detect compression;
- gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
- output algorithm recommendations (append or remove based on recognized software version);
- output security information (related issues, assigned CVE list, etc);
- analyze SSH version compatibility based on algorithm information;
- historical information from OpenSSH, Dropbear SSH and libssh;
- runs on Linux and Windows;
- no dependencies
* SSH1 and SSH2 protocol server support;
* analyze SSH client configuration;
* grab banner, recognize device or software and operating system, detect compression;
* gather key-exchange, host-key, encryption and message authentication code algorithms;
* output algorithm information \(available since, removed/disabled, unsafe/weak/legacy, etc\);
* output algorithm recommendations \(append or remove based on recognized software version\);
* output security information \(related issues, assigned CVE list, etc\);
* analyze SSH version compatibility based on algorithm information;
* historical information from OpenSSH, Dropbear SSH and libssh;
* runs on Linux and Windows;
* no dependencies
```bash
usage: ssh-audit.py [-1246pbcnjvlt] <host>
@ -60,7 +59,7 @@ usage: ssh-audit.py [-1246pbcnjvlt] <host>
$ python3 ssh-audit <IP>
```
[See it in action (Asciinema)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp)
[See it in action \(Asciinema\)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp)
### Public SSH key of server
@ -106,7 +105,7 @@ msf> use scanner/ssh/ssh_identify_pubkeys
#### Known badkeys can be found here:
{% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" %}
{% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" caption="" %}
You should look here in order to search for valid keys for the victim machine.
@ -145,6 +144,10 @@ known_hosts
id_rsa
```
## Hardening SSH
You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening_guides.html)
## SFTP
You can configure **SSH to behave as a SFTP** server. So, some users will connect to SFTP service \(in port 22\) instead of to the SSH service.
@ -162,7 +165,7 @@ All the **ots-\*** users will be jailed inside a **chroot**.
If you have access to a SFTP server you can also tunnel your traffic through this for example using the common port forwarding:
```text
sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised>
sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised>
```
### Symlink