| ## AWS | |
| # from http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html#instancedata-data-categories | |
| http://169.254.169.254/latest/user-data | |
| http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME] | |
| http://169.254.169.254/latest/meta-data/ami-id | |
| http://169.254.169.254/latest/meta-data/reservation-id | |
| http://169.254.169.254/latest/meta-data/hostname | |
| http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key |
The below table represents results of tests launched against F5 Big-IP ASM WAF appliance in it's XX version of YY and ZZ version of XY
Below names are to be passed to the --tamper= parameter of sqlmap.
The column Violation Rating represents most dominant rating of topmost 20 Requests observed by F5 in it's Security>>Event Logs:Application:Requests view.
The scale is 0-5.
| Go the road less travelled, find programs that are not on hackerone or bugcrowd: | |
| https://www.bugcrowd.com/bug-bounty-list/ | |
| google: "Responsible Disclosure" or "Vulnerability Disclosure" or "responsible disclosure website list" | |
| google: responsible disclosure "bounty" | |
| Responsible Disclosure seems to give best results. | |
| intext:”Responsible Disclosure Policy” | |
| "responsible disclosure" "private program" | |
| "responsible disclosure" "private" "program" | |
| Google Dork: |
| //Install Macports. | |
| //Install aircrack-ng: | |
| sudo port install aircrack-ng | |
| //Install the latest Xcode, with the Command Line Tools. | |
| //Create the following symlink: | |
| sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport | |
| //Figure out which channel you need to sniff: | |
| sudo airport -s | |
| sudo airport en1 sniff [CHANNEL] |
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
| # => unload/load wl module | |
| $ modprobe -r wl | |
| $ modprobe wl | |
| $ nmtui ... | |
| # => show use across the linux | |
| $ modprobe --show-depends wl | |
| insmod /lib/modules/3.10.0-693.11.1.el7.x86_64/kernel/net/rfkill/rfkill.ko.xz | |
| insmod /lib/modules/3.10.0-693.11.1.el7.x86_64/kernel/net/wireless/cfg80211.ko.xz |
Each of these commands will run an ad hoc http static server in your current (or specified) directory, available at http://localhost:8000. Use this power wisely.
$ python -m SimpleHTTPServer 8000
| Go to: chrome://net-internals/#modules | |
| Find Module by name, for e.g. "Alexa" | |
| Get it's ID: `cknebhggccemgcnbidipinkifmmegdel` | |
| Find chrome ext directory by profile: | |
| ``` | |
| $ sudo find / -iname "cknebhggccemgcnbidipinkifmmegdel" | |
| /home/devil/.config/google-chrome/Profile 1/Extensions/cknebhggccemgcnbidipinkifmmegdel | |
| ``` |
| # => Open this file | |
| $ sudo vi /etc/default/tlp | |
| # => Set this from 1 to 0: | |
| USB_AUTOSUSPEND=0 | |
| # => Reboot | |
| # SD card reader should work # |
| # => create a wordlist from original 41G stash via: | |
| $ grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt | |
| # => compressed with: | |
| $ 7z a breachcompilation.txt.7z breachcompilation.txt | |
| # => size (rel): | |
| ## 4.1G compressed | |
| ## 9.0G uncompressed |