Skip to content

Pentesting

bookmarks and reading

GlasgOWned/PenTesting

bookmarks and reading¶

Docker¶

A good collection of resources to study https://gist.github.com/FrankSpierings/5c79523ba693aaa38bc963083f48456c

Some pwnable writeups that are pretty good for understanding how one might attack a container infrastructure https://www.notsosecure.com/vulnerable-docker-vm/ https://resources.infosecinstitute.com/donkeydocker1-ctf-walkthrough/ https://kitctf.de/writeups/32c3ctf/docker

Common things to look out for:

Mounted Docker Socket Some facet of the container intentionally/unintentionally weakened, read up on the top link for the various areas plus this https://ericchiang.github.io/post/containers-from-scratch/ which walks through some of the ways in which systems like docker and lxc operate

Miscellaneous¶

https://2017game.picoctf.com/game/level-1 https://mail.google.com/mail/u/0/#inbox https://null-byte.wonderhowto.com/how-to/hack-like-a-pro/ https://s3ctur.wordpress.com/2017/06/19/breaking-into-infosec-a-beginners-curriculum/ https://monkeysm8.gitbooks.io/pentesting-methodology/common_portsservices_and_how_to_use_them/port_21_-_ftp.html https://uwnthesis.wordpress.com/2016/06/25/penetration-testing-tools-cheat-sheet/ https://dashboard.heroku.com/apps http://www.blackhat.com/us-13/arsenal.html#Sood https://requestb.in/

https://chat.netsecfocus.com/nsf/

http://overthewire.org/wargames/natas/ http://pwnable.kr/play.php https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/

tmux shortcuts & cheatsheet¶

https://gist.github.com/MohamedAlaa/2961058

https://github.com/ethicalhack3r/SecLists https://github.com/ethicalhack3r/passive-spider https://github.com/ethicalhack3r/my-scripts https://github.com/ethicalhack3r/scripts https://github.com/ethicalhack3r/wordpress_plugin_security_testing_cheat_sheet

https://explainshell.com/

XSS¶

https://breakdev.org/sniping-insecure-cookies-with-xss/ https://pentest-tools.com/blog/xss-attacks-practical-scenarios/

MR Robot¶

https://www.whoismrrobot.com/ https://www.reddit.com/r/ARGsociety/wiki/index https://www.reddit.com/r/ARGsociety/wiki/welcome https://jobs.runpula.net/ https://www.whoismrrobot.com/fs/images/fsoc/FIXM_US_Extension_v3_0_Logical_Model_Diagrams.pdf

Atom text editor¶

https://flight-manual.atom.io/hacking-atom/

https://www.hackthebox.eu/home/teams/profile/806

https://github.com/mininet/mininet/wiki/BGP-Path-Hijacking-Attack-Demo https://www.isi.deterlab.net/file.php?file=/share/shared/BGPhijacking

return oriented programming¶

http://codearcana.com/posts/2013/05/28/introduction-to-return-oriented-programming-rop.html https://github.com/chrysh/ctf_writeups/tree/master/radare2/return_to_libc https://github.com/ctfhacker/ctf-writeups/blob/master/campctf-2015/bitterman-pwn-400/README.md

SSH / certificates¶

https://code.fb.com/production-engineering/scalable-and-secure-access-with-ssh/

https://www.owasp.org/index.php/OWASP_Testing_Projecti https://www.owasp.org/images/1/19/OTGv4.pdf https://sites.google.com/site/bughunteruniversity/ https://www.hackerone.com/blog/resources-for-new-hackers

OpenLDAP¶

https://www.bo.cnr.it/servinfo/OpenLdap.pdf http://www.openldap.org/doc/admin24/OpenLDAP-Admin-Guide.pdf

https://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf

https://www.bugcrowd.com/discovering-subdomains/ https://github.com/diego-treitos/linux-smart-enumeration/blob/master/lse.sh

https://gist.github.com/vratiu/9780109

Writeups:¶

Reverse Shells¶

http://blog.safebuff.com/2016/06/19/Reverse-shell-Cheat-Sheet/ https://github.com/lanjelot/kb/blob/master/reverse-shells https://www.asafety.fr/reverse-shell-one-liner-cheat-sheet/ http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Linux Container¶

https://gist.github.com/FrankSpierings/5c79523ba693aaa38bc963083f48456c

Binaries¶

https://github.com/andrew-d/static-binaries/tree/master/binaries/linux/x86_64

Upload restrictions bypass¶

https://www.exploit-db.com/docs/english/45074-file-upload-restrictions-bypass.pdf

Linux Restricted Shell Bypass¶

https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells https://www.exploit-db.com/docs/english/44592-linux-restricted-shell-bypass-guide.pdf http://securebean.blogspot.com/2014/05/escaping-restricted-shell_3.html http://pentestmonkey.net/blog/rbash-scp https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells

tmux¶

https://gist.github.com/MohamedAlaa/2961058

tcpdump¶

https://hackertarget.com/tcpdump-examples/

text conversion / transformation¶

https://cryptii.com/ https://gchq.github.io/CyberChef/

xss¶

http://xssor.io/

Buffer Overflow¶

to find system, exit, and bash addresses¶

https://0xdeadbeef.info/code/libc-search.c

Openvpn config reverse shell¶

https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da

Wildcard exploitation¶

http://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

Temporary email address¶

https://temp-mail.org/en/

ADD TO NOTES (TO SORT)¶

https://www.securusglobal.com/community/2016/08/19/abusing-php-wrappers/ https://hakin9.org/web-application-penetration-testing-local-file-inclusion-lfi-testing/ https://github.com/lucyoa/ctf-wiki/tree/master/web/file-inclusion https://github.com/swisskyrepo/PayloadsAllTheThings https://github.com/p4-team/ctf/tree/master/2016-04-15-plaid-ctf/web_pixelshop

https://kaijento.github.io/2017/03/19/bash-read-file-into-array/ https://www.lifewire.com/why-would-you-use-shivi-variable-2196747

https://www.computerhope.com/unix/bash/index.htm https://www.computerhope.com/unix/bash/mapfile.htm

http://cecs.wright.edu/~pmateti/Courses/233/Top/233-CheatSheet.html

https://sushant747.gitbooks.io/total-oscp-guide/list_of_common_ports.html

bash - Expressions used with if¶

http://tldp.org/LDP/Bash-Beginners-Guide/html/sect_07_01.html

python jail¶

https://lbarman.ch/blog/pyjail/ http://wapiflapi.github.io/2013/04/22/plaidctf-pyjail-story-of-pythons-escape/