Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-22 12:43:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-09-25 08:37:19 +00:00 committed by gitbook-bot
parent ddf8df4cda
commit dfc76ba216
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 30 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
crypto/crypto-ctfs-tricks.md
View file

@ -2,7 +2,7 @@
## Online Hashes DBs ## Online Hashes DBs
* ***Google it*** * _**Google it**_
* [http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240](http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240) * [http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240](http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240)
* [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com/) * [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com/)
* [https://crackstation.net/](https://crackstation.net/) * [https://crackstation.net/](https://crackstation.net/)
@ -17,8 +17,9 @@
## Encoders ## Encoders
Most of encoded data can be decoded with these 2 ressources: Most of encoded data can be decoded with these 2 ressources:
- https://www.dcode.fr/tools-list
- https://gchq.github.io/CyberChef/ * [https://www.dcode.fr/tools-list](https://www.dcode.fr/tools-list)
* [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
### Substitution Autosolvers ### Substitution Autosolvers
@ -69,7 +70,7 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
* **Citrix CTX1** \[\] * **Citrix CTX1** \[\]
* `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK` * `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
[http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html [http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
### HackerizeXS \[_╫Λ↻├☰┏_\] ### HackerizeXS \[_╫Λ↻├☰┏_\]
@ -77,15 +78,15 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
╫☐↑Λ↻Λ┏Λ↻☐↑Λ ╫☐↑Λ↻Λ┏Λ↻☐↑Λ
``` ```
* [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html * [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
### Morse ### Morse
```text ```text
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .- .... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
``` ```
* [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: https://gchq.github.io/CyberChef/ * [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
### UUencoder ### UUencoder
@ -109,7 +110,7 @@ hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
end end
``` ```
* [www.webutils.pl/index.php?idx=xx](www.webutils.pl/index.php?idx=xx) * [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx)
### YEncoder ### YEncoder
@ -232,8 +233,7 @@ A secret is splitted in X parts and to recover it you need Y parts \(_Y <=X_\
803bc8cf294b3f83d88e86d9818792e80cd 803bc8cf294b3f83d88e86d9818792e80cd
``` ```
http://christian.gen.co/secrets/ [http://christian.gen.co/secrets/](http://christian.gen.co/secrets/)
### OpenSSL brute-force ### OpenSSL brute-force

37
pentesting/pentesting-ssh.md
View file

@ -22,22 +22,21 @@ nc -vn <IP> 22
ssh-audit is a tool for ssh server & client configuration auditing. ssh-audit is a tool for ssh server & client configuration auditing.
https://github.com/jtesta/ssh-audit is an updated fork from https://github.com/arthepsy/ssh-audit/ [https://github.com/jtesta/ssh-audit](https://github.com/jtesta/ssh-audit) is an updated fork from [https://github.com/arthepsy/ssh-audit/](https://github.com/arthepsy/ssh-audit/)
**Features:**
##### Features: * SSH1 and SSH2 protocol server support;
* analyze SSH client configuration;
- SSH1 and SSH2 protocol server support; * grab banner, recognize device or software and operating system, detect compression;
- analyze SSH client configuration; * gather key-exchange, host-key, encryption and message authentication code algorithms;
- grab banner, recognize device or software and operating system, detect compression; * output algorithm information \(available since, removed/disabled, unsafe/weak/legacy, etc\);
- gather key-exchange, host-key, encryption and message authentication code algorithms; * output algorithm recommendations \(append or remove based on recognized software version\);
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc); * output security information \(related issues, assigned CVE list, etc\);
- output algorithm recommendations (append or remove based on recognized software version); * analyze SSH version compatibility based on algorithm information;
- output security information (related issues, assigned CVE list, etc); * historical information from OpenSSH, Dropbear SSH and libssh;
- analyze SSH version compatibility based on algorithm information; * runs on Linux and Windows;
- historical information from OpenSSH, Dropbear SSH and libssh; * no dependencies
- runs on Linux and Windows;
- no dependencies
```bash ```bash
usage: ssh-audit.py [-1246pbcnjvlt] <host> usage: ssh-audit.py [-1246pbcnjvlt] <host>
@ -60,7 +59,7 @@ usage: ssh-audit.py [-1246pbcnjvlt] <host>
$ python3 ssh-audit <IP> $ python3 ssh-audit <IP>
``` ```
[See it in action (Asciinema)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp) [See it in action \(Asciinema\)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp)
### Public SSH key of server ### Public SSH key of server
@ -106,7 +105,7 @@ msf> use scanner/ssh/ssh_identify_pubkeys
#### Known badkeys can be found here: #### Known badkeys can be found here:
{% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" %} {% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" caption="" %}
You should look here in order to search for valid keys for the victim machine. You should look here in order to search for valid keys for the victim machine.
@ -145,6 +144,10 @@ known_hosts
id_rsa id_rsa
``` ```
## Hardening SSH
You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening_guides.html)
## SFTP ## SFTP
You can configure **SSH to behave as a SFTP** server. So, some users will connect to SFTP service \(in port 22\) instead of to the SSH service. You can configure **SSH to behave as a SFTP** server. So, some users will connect to SFTP service \(in port 22\) instead of to the SSH service.
@ -162,7 +165,7 @@ All the **ots-\*** users will be jailed inside a **chroot**.
If you have access to a SFTP server you can also tunnel your traffic through this for example using the common port forwarding: If you have access to a SFTP server you can also tunnel your traffic through this for example using the common port forwarding:
```text ```text
sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised> sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised>
``` ```
### Symlink ### Symlink