namishelex01

#
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
# based on the RSnake original http://ha.ckers.org/xss.html
# Retrieved on 2013-11-20
# Much of this wildly obsolete
#

# XSS Locator 2
'';!--"<XSS>=&{()}

namishelex01

~~~~~Port Scanning~~~~~


| Discovery scans |
-sP   -   Ping           | -sW  -  Window Scan   | 
-sL   -   List/DNS Scan  | -sA  -  ACK Scan      | 
-sO   -   Protocol Scan  | -sR  -  RPC Scan      | 
-sV   -   Verify***      | -sI  -  Idle Scan     | 
-sU   -   UDP Scan***    | -sV  -  Version Scan  | 

namishelex01

Enumeration is the key.
(Linux) privilege escalation is all about:
Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritisation.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
Try - Get ready for (lots of) trial and error.

 Operating System
What's the distribution type? What version?

namishelex01

Introduction

> Distributed DB used by TCP/IP applications to map bt Hostnames & IP addrs and provide email routing information

> Why DNS? An app must convert hostname->IP addr before it can as TCP/UDP to, open connection/send datagram

> Access to DNS is through a "Resolver", its a part of application not OS

> UNIX hosts has two library functions 
	- gethostname(3)	: Hostname -> IP addr

namishelex01

Wmic syntax - [global switches] <command>

The following global switches are available:
--------------------------------------------------------------------------
/NAMESPACE	NAMESPACE - Path for the namespace the alias is to operate against. Namespaces are always relative i.e. if the namespace does not begin with a '\\' it will be assumed to be relative to the current namespace.

USAGE:

	/NAMESPACE:<namespace>
--------------------------------------------------------------------------

namishelex01

CISSP Notes

CIA Triad

• Confidentiality
  • Resources should be protected from unauthorized access
  • Prioritized by governments
  • Concepts
    • Sensitivity
      • How harmful is disclosure
• Discretion

namishelex01

Bluetooth technology
> bluetooth basic rate/enhanced data rate
 >> High speed
> Low energy 
> Attribute protocol/ generic attribute profile

------------
V2.1 - 2007 + EDR | secure device pairing by button press
V3.0 - 2009 + HS | MAC/PHY
V4.0 - 2010 + LE 

namishelex01

[This is the gist version of the wiki page of Shellcode.]
[For elaborated explaination, please visit:- en.wikipedia.org/wiki/Shellcode]
SHELLCODE is a small piece of code used as the payload in the exploitation of a spftware vulnerability
Its called shellcode because it typically starts a command shell from which attacker can control the compromised machines
TYPES:
  Local - Used by attacker who has limited access to a machine but can exploit a vulnerability
  Remote - Used to target a remote machine, if the shellcode establishes the connection, it called reverse-shell or connect-back shell.
           If attacker establishes the connection, shellcode is called bindshell because it binds certain port of victim's machine
  Download & execute - Type of remote shellcode that downloads and executes some form of malware on target system
  Staged - When amount of data that an attacker can inject into the target process is too limited to execute useful shellcode directly, it may be possible to execute it in stages

namishelex01

[Learning Exploit Development from fuzzysecurity.com]
Tools Needed:-
> Immunity debugger
> Mona.py
> Pvefindaddr.py
> Metasploit
> Virtual Box

Overflows to play with:-
1. Buffer overflow - A memory location receives more data than it was meant to

namishelex01

Main Project Page -> github.com/corelan/mona

Download the file and save it to this typical location -> 
C:\Program Files\Immunity Inc\Immunity Debugger\PyCommands

BASIC USAGE :
!mona in the input box and press enter
For more information = Open log window (ALT-L)

For Help options ->