hackthebox – Shocker

Enumeration I am using my own bash script to do a more efficient nmap scan. Here's the simple bash script: #!/bin/bash if [ $# -eq 0 ]; then echo "Usage: $0 <target_ip> <output_file>" else ports=$(nmap -T4 --min-rate=1000 -p- $1|grep -e ^[0-9]|cut -d "/" -f 1| tr '\n' ','|sed 's/,$//') nmap -sC -sV -p $ports -vvv … Continue reading hackthebox – Shocker

Simple terminal in python

Suppose you are pentesting a web app and you have found a file upload vulnerability and have successfully uploaded a php file that has this content: <?php echo shell_exec($_GET['cmd']); ?> Everytime you need to execute command to find out more about the system that hosts that web app you may need to do something like … Continue reading Simple terminal in python

linux – Grab the ipv4 address from interface

I have an active interface on eth0, by issuing ip a sh dev eth0 the information displays as below. 2: eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:0c:29:97:69:0c brd ff:ff:ff:ff:ff:ff inet 192.168.1.232/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0 valid_lft 4857sec preferred_lft 4857sec inet6 fe80::20c:29ff:fe97:690c/64 scope link noprefixroute valid_lft forever … Continue reading linux – Grab the ipv4 address from interface

service ports discover with nmap

Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-07 15:20 +08 Nmap scan report for 10.10.10.161 Host is up (0.0087s latency). Not shown: 65511 closed ports PORT STATE SERVICE 53/tcp open domain 88/tcp open kerberos-sec 135/tcp open msrpc 139/tcp open netbios-ssn 389/tcp open ldap 445/tcp open microsoft-ds 464/tcp open kpasswd5 593/tcp open http-rpc-epmap 636/tcp open ldapssl … Continue reading service ports discover with nmap

hackthebox – Bank

nmap nmap -sS -sV -p- -oN bank.txt 10.10.10.29 The result as follows: Nmap scan report for 10.10.10.29 Host is up (0.0049s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain ISC BIND 9.9.5-3ubuntu0.14 (Ubuntu Linux) 80/tcp open http Apache httpd … Continue reading hackthebox – Bank

python – Generating RSA key pairs with pycryptodome module

Thank you for the creator of pycryptodome module, this module has made RSA key pair easy. This recipe presents a function for generating private and public key pair. from Crypto.PublicKey import RSA # pycryptodome def rsa_key_gen(bits=2048, privatekey_path=RSA_PRIVATE_KEY, pubkey_path=RSA_PUBLIC_KEY): private_key = RSA.generate(bits) with open(privatekey_path, "wb") as privkey_file: privkey_file.write(private_key.export_key()) with open(pubkey_path, "wb") as pubkey_file: pubkey_file.write(private_key.publickey().export_key())

Golang – Writing a command line program with urfave/cli package

The code recipe is modified from this video made by tutorialedge.net, this recipe does these: Help interface. To find out ipv4 address from fqdn: cli --host http://www.google.com ip Resolve FQDN to IPv4 addresses. To find out cname from given host: cli --host google.com cname Get the cname from given host. To find out mx records … Continue reading Golang – Writing a command line program with urfave/cli package

Golang – Find absolute path of a file.

This recipe finds the absolute path of the specified filename, the problem with this code is that it returns the first match and hence only useful if the filename is unique. package main import ( "fmt" "log" "os" "path/filepath" ) var absPath string // global variable to store absolute path of filename. func findFileAbsPath(basepath, filename … Continue reading Golang – Find absolute path of a file.