Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Talk:Hacking index"

From NetSec
Jump to: navigation, search
(sql injection)
(146 intermediate revisions by 8 users not shown)
Line 1: Line 1:
== keywords, keywords, keywords ==
== intermediate shellcode stuff ==
most of this stuff goes to the Category:Indexing .
* [[introduction to printable 32-bit x86 polymorphic shellcode]] [[ascii shellcode#Introduction to Polymorphic Ascii Shellcode]]
* [[introduction to printable 32-bit x86 polymorphic shellcode]]
* [[alphanumeric x86_64 instructions]] [[alphanumeric shellcode#Available x86_64 instructions]]
* [[alphanumeric x86_64 instructions]]
* [[intercompatible alphanumeric x86 instructions]] [[alphanumeric shellcode#Alphanumeric inter-compatible x86 opcodes]]
* [[intercompatible alphanumeric x86 instructions]]
* [[alphanumeric x86 architecture detection]] [[alphanumeric shellcode#15 byte architecture detection shellcode]]
* [[alphanumeric x86 architecture detection]]
* [[alphanumeric x86_64 data manipulation]] [[alphanumeric shellcode#Alphanumeric x86_64 register value and data manipulation]]
* [[alphanumeric x86_64 data manipulation]]
* [[converting x86_64 shellcode to alphanumeric shellcode]] [[alphanumeric shellcode#64 bit shellcode: Conversion to alphanumeric code]]
* [[converting x86_64 shellcode to alphanumeric shellcode]]
== bash==
    1 Getting Started
    2 File System
        2.1 Directories
            2.1.1 /proc
            2.1.2 /etc
            2.1.3 /bin
            2.1.4 /sbin
            2.1.5 /var
            2.1.6 /home
            2.1.7 /tmp
        2.2 Files
            2.2.1 .bashrc
            2.2.2 .ssh/known_hosts
            2.2.3 /etc/motd
        2.3 Partitioning & Formatting
    3 Commands
        3.1 Text Manipulation
        3.2 File Manipulation
        3.3 Process Manipulation
        3.4 Debugging
        3.5 Network Manipulation
        3.6 Firewall Manipulation
        3.7 FileSystem Manipulation
        3.8 Pipes & Golfing in Bash
==Bitwise math==
* [[bit shift]] - [[bitwise math#Logical Shifts]]
* [[logical shift]] - [[bitwise math#Logical Shifts]]
* [[circular shift]] - [[bitwise math#Circular Shift or Bit Rotation]]
* [[two's complement]] - [[bitwise math#Two's Complement]]
* [[bit rotation]] - [[bitwise math#Circular Shift or Bit Rotation]]
* [[rotation with carry]] - [[bitwise math#Rotate With Carry]]
== coldfusion ==
Coldfusion hacking
    1 Injection
        1.1 Adobe ColdFusion
            1.1.1 Remote File Disclosure of Password Hashes
            1.1.2 Issues
            1.1.3 Logging In
            1.1.4 Writing Shell to File
            1.1.5 Issues
        1.2 Railo
    2 Privilege Escalation
    3 Patching
    4 Resources
Computer Forensics
Computer Forensics
Line 76: Line 26:
         2.1 Definititons of Cybercrime as per the Budapest Convention
         2.1 Definititons of Cybercrime as per the Budapest Convention
==Network Recon==
== dns ==
    1 DNS Basics
        1.1 DNS Recon
    2 Records
        2.1 MX Record
        2.2 CNAME Record
        2.3 DNAME Record
        2.4 A Record
    3 DNS Server Software
    4 DNS Utilities
    1 Overview
    2 History
    3 FQL
    4 Content Forgery
        4.1 Screenshots & Video
        4.2 CIDR
            4.2.1 Websense
            4.2.2 Facebook
        4.3 Proof of Concept
Jynx Rootkit/2.0
    1 Features
    2 Archive Contents
    3 Configuration Options in Config.h
        3.1 MAGIC_STRING
        3.2 MAGIC_GID and MAGIC_UID
        3.3 REALITY_PATH
        3.4 CONFIG_FILE
        3.6 LIBC_PATH
        3.7 ENV_VARIABLE
    4 Download & Installation
        4.1 Installation
        4.2 Usage
    5 Further Reading
    1 Requirements
    2 Description
        2.1 Features
        2.2 Usage
        2.3 httpdlogs.conf
        2.4 Other Execution/Interesting PHP Functions
    3 Source
MySql 5 Enumeration
    1 Info
        1.1 Example
        1.2 Description
        1.3 Disclaimer
    2 Source
Network Recon
     1 IP Addressing
     1 IP Addressing
     2 Subnet Masks
     2 Subnet Masks
Line 144: Line 34:
     6 Tools
     6 Tools
Null-free shellcode
    1 Introduction
    2 Assembly
    3 Conversion to shellcode
        3.1 String argument
        3.2 Null-byte removal
    4 Successful overflow test
Port Knocking
    1 1.0 - Introduction to Port Knocking
    2 2.0 - Knocking Sequences
    3 3.0 - Windows
    4 3.1 - Example:
    5 Single Packet Port Knock Example - Based on SYN/ACK Values
== sql orientation ==
SQL orientation
    1 SQL Orientation
        1.1 Basic Database Navigation
            1.1.1 MySQL Navigation
            1.1.2 PostgreSQL
        1.2 Basic Queries
            1.2.1 SELECT - Select data from a table
            1.2.2 UPDATE - Modify rows in a table
       Updating multiple columns
            1.2.3 INSERT - Add rows to a table
            1.2.4 DELETE - Delete rows from a table
== sql injection ==
SQL injection
    1 Cause(s) of vulnerabilities
    2 Potential target environments
        2.1 Navigating unfamiliar databases without the C API
            2.1.1 MySQL database mapping
            2.1.2 PostgreSQL mapping
            2.1.3 MS SQL mapping
            2.1.4 Legacy databases
        2.2 Databasing engines compared and contrasted in light of SQL injection
            2.2.1 Information_schema
            2.2.2 Functions & environment variables
            2.2.3 Other syntax
            2.2.4 Capabilities
    3 Modern day SQL injection obstacles and countermeasures
        3.1 Configuration & environment challenges
        3.2 IDS, IPS, and web application firewalls
        3.3 Common web application firewall HTTPD modules
        3.4 Improper sanitizing
            3.4.1 Partial sanitizing
            3.4.2 Deprecated sanitizing
    4 Basic remote tests for SQL injection vulnerabilities
        4.1 Injection points
        4.2 Input testing
            4.2.1 Your first where clause injection
            4.2.2 Reconstructing injected queries
    5 Bypassing modern SQL injection security measures
        5.1 Basic signature evasion
            5.1.1 Whitespace placement
            5.1.2 Integer and string size delimiters
            5.1.3 Switching up the data types
            5.1.4 Arithmetic tests
            5.1.5 Capitalization
            5.1.6 Extending conditional statements
        5.2 Defeating partial sanitizing
            5.2.2 Whitespace filtering
        5.3 Bypassing XSS filters during SQL injection
            5.3.1 Testing with BETWEEN
            5.3.2 Testing with Regular Expression Operators (REGEXP, ~, and RLIKE)
    6 Intermediate SQL injection
        6.1 Automation theory
        6.2 Basic Injection : Union Select
            6.2.1 Determining the number of columns
            6.2.2 Extracting data
        6.3 Intermediate testing: "SELECT" ... LIMIT clause injections
        6.4 Intermediate injection: information retrieval via verbose errors
    7 Advanced: manual boolean enumeration
        7.1 Using Ascii codes and the ascii() function for enumeration
            7.1.1 substring()
            7.1.2 Version fingerprinting with ascii-based enumeration
       In theory
       In Practice
        7.2 Using Regular Expressions for Boolean enumeration
            7.2.1 Getting started with regular expressions
            7.2.2 Version fingerprinting using compatible regular expressions
    8 Expert: Timing attacks for automated boolean enumeration
        8.1 MySQL boolean timing attacks
            8.1.1 benchmark() and related issues
            8.1.2 Evasive sleep() based boolean enumeration with regular expressions
       Testing for the ability to sleep():
       Controlling sleep() for enumeration:
       Using sleep() to map a table name with regular expressions
        8.2 PostgreSQL Boolean Timing Attacks
            8.2.1 Testing for access to pg_sleep()
            8.2.2 Using pg_sleep() with alternative comparisons for evasive boolean enumeration
    9 Expert: Automated Single-byte exfiltration
        9.1 Timing-based single-byte exfiltration
        9.2 The comparative precomputation attack
    10 Further penetration
        10.1 Obtaining direct database access
        10.2 Obtaining filesystem access
        10.3 Obtaining code execution
    11 Cheat Sheets
        11.1 Vulnerability testing
            11.1.1 Universal true and false statements
        11.2 MySQL syntax reference
            11.2.1 Mysql versions >= 5 user schema mapping (unprivileged)
            11.2.2 Privileged MySQL (any version) user
        11.3 PostgreSQL syntax reference
            11.3.1 PostgreSQL schema mapping
        11.4 Microsoft SQL syntax reference
            11.4.1 Microsoft SQL schema mapping (unprivileged)
            11.4.2 Privileged microsoft SQL injection
    12 Patching SQL Injection Vulnerabilities
    13 Further reading
== Out of Order Code Execution ==
    1 What is it?
    2 Shellcode
    3 Detecting Breakpoints
== Social Engineering ==  
== Social Engineering ==  
Line 286: Line 57:
     2 Real Life Example of Subnetting
     2 Real Life Example of Subnetting
Virtual machines
== Virtual machines ==
     1 Subsystems
     1 Subsystems
         1.1 Hardware Virtualization
         1.1 Hardware Virtualization
Line 294: Line 65:
     3 Creating Vulnerable VMs for Penetration Testing
     3 Creating Vulnerable VMs for Penetration Testing
== API ==
    1 Description
        1.1 Dependencies
        1.2 Usage
    2 Source
    3 Signature Bundles
        3.1 Wordpress
        3.2 Joomla
        3.3 MediaWiki
     1 API technologies
     1 API technologies
         1.1 The Web
         1.1 The Web
Line 313: Line 74:
             1.2.2 COM objects (Windows)
             1.2.2 COM objects (Windows)
     1 General Services
     1 General Services
         1.1 Virtual Private Servers
         1.1 Virtual Private Servers
Line 351: Line 112:
         6.4 DNS Leaks
         6.4 DNS Leaks
{{info|<center>Wait for this page to be completed before adding indeces.</center>}}
     1 Introduction
     1 Introduction
     2 Binary
     2 Binary
Line 366: Line 128:
         6.7 Taking it further
         6.7 Taking it further
Bash book
==Buffer Overflows==
    1 The Bash Shell - Simple usage
* [[buffer overflow protection]]
        1.1 Before we dive
* [[cause of buffer overflow]]
        1.2 Getting started
* [[example buffer overflow]]
            1.2.1 Reading a file
* [[disable aslr]]
            1.2.2 Navigating and searching through the filesystem
* [[vulnerable overflow application]]
            1.2.3 Searching for files and directories
* [[bof.c]]
            1.2.4 Advanced find use
* [[disable compiler stack protection]]
       Combining find with xargs
* [[buffer overflow test]]
            1.2.5 Executing several commands in a row
* [[buffer overflow testing for x86]]
            1.2.6 Chaining programs
* [[buffer overflow testing for x86_64]]
            1.2.7 Writing to files
* [[disable execstack]]
        1.3 Back on board
* [[return address for buffer overflow]]
    2 Advanced use, loops, stream editing, shell programs
* [[32 bit shellcode analysis]]
        2.1 Before we dive
* [[64 bit shellcode analysis]]
        2.2 Advanced bash
* [[find eip for buffer overflow]]
            2.2.1 Sorting and removing duplicates
* [[find rip for buffer overflow]]
            2.2.2 Filtering output
* [[x86 buffer overflow exploit]]
            2.2.3 Displaying only part of lines
* [[64 bit buffer overflow exploit]]
            2.2.4 Statistics on the output
        2.3 Variables, loops and conditional statements
            2.3.1 Variables
            2.3.2 Conditional statements
            2.3.3 Data ranges
            2.3.4 The for loop
            2.3.5 The while loop
        2.4 Stream editing
        2.5 Writing programs in bash
            2.5.1 Passing arguments to programs
            2.5.2 Defining functions and calling them
            2.5.3 Homework
    3 Conclusion
Bleeding Life
    1 Bleeding Life
{{info|<center>Wait for this page to be completed before adding any indeces for it.</center>}}
        1.1 Disclaimer
        1.2 Features
            1.2.1 Exploits
            1.2.2 Statistics
        1.3 Server Requirements
        1.4 Installation & Configuration
        1.5 Download
Buffer Overflows
    1 Description
    2 Defenses
        2.1 ASLR
        2.2 DEP
        2.3 Containers
        2.4 Bypassing protections
    3 Maximum effectiveness
    4 Causes
    5 Example
        5.1 Disabling ASLR
        5.2 Test application
            5.2.1 bof.c
            5.2.2 Compiling
       Potential compile-time protections
       Solution for test application
        5.3 Testing
            5.3.1 On x86
            5.3.2 On x86-64
        5.4 Disabling DEP
        5.5 Debugging
            5.5.1 Shellcode analysis
       On x86
       On x86-64
            5.5.2 Finding the return address
       On x86
       On x86-64
        5.6 Exploitation
            5.6.1 On x86
            5.6.2 On x86-64
     1 Overview
     1 Overview
         1.1 Basic Formatting
         1.1 Basic Formatting
Line 453: Line 160:
         1.6 Example Program
         1.6 Example Program
== DDoS Attack ==
    1 Setting a cookie
{{info|The three way hand shake information should be placed into the [[TCP/IP]] page, which should merely be linked from the ddos attack page.}}
        1.1 Direct HTTP programming
        1.2 PHP (server side)
        1.3 Javascript (client side)
    2 Accessing a cookie
        2.1 Direct HTTP programming (server side)
        2.2 PHP
        2.3 Javascript
    3 Deleting a cookie
        3.1 Direct HTTP programming
        3.2 PHP
        3.3 JavaScript
    4 Flags
        4.1 Secure
        4.2 HttpOnly
        4.3 Path
        4.4 Domain
    5 Attacks
        5.1 Stealing cookies through XSS
    1 Cryptography
        1.1 History
        1.2 Salting
        1.3 Type of encryption
        1.4 Encryption Attack Methods
        1.5 Commandline Tools
            1.5.1 Linux Tools
            1.5.2 Windows Tools
        1.6 Algorithms
            1.6.1 Ciphers
            1.6.2 Hashes
            1.6.3 Modes
DDoS Attack
     1 Three way handshake and Connect State
     1 Three way handshake and Connect State
     2 TCP Attacks
     2 TCP Attacks
Line 503: Line 176:
         4.2 ICMP Redirect
         4.2 ICMP Redirect
File Inclusion
    1 Introduction
    2 Remote File Inclusion
    3 Local File Inclusion
    1 iptables
        1.1 1.0 - Introduction
        1.2 1.1 - Example
        1.3 1.2 - Side Note - IPtables Module
     2 Variables
     2 Variables
*variable types in lua
         2.1 Global Variables vs Local Variables
         2.1 Global Variables vs Local Variables
     3 Functions
     3 Functions
    4 Tables
*list of functions used by lua 
  4 Tables
*using tables in lua
         4.1 Declaring an empty Table
         4.1 Declaring an empty Table
         4.2 Declaring, and populating a Table
         4.2 Declaring, and populating a Table
         4.3 Indexing Tables
         4.3 Indexing Tables
    1 MySQL Setup
        1.1 Installing MySQL
        1.2 Setup on a personal computer
            1.2.1 Setting Permissions
        1.3 Basic Database Operation
            1.3.1 Display
            1.3.2 Creating and Deleting Databases
            1.3.3 Creating and Deleting Tables
            1.3.4 Editing Tables
    2 MySQL Commands
        2.1 Create a backup of a database
        2.2 Restore an entire database
        2.3 Restore a single table
        2.4 Dump mysql user privileges
        2.5 Restore a single database from a full dump
        2.6 Extract sql for a single database from a full dump
        2.7 Dumping a database in Plesk
    1 Nginx
        1.1 Basic HTTP Features
        1.2 Additional HTTP Features
        1.3 Mail Proxy Server Features
        1.4 Architecture and Scalability
    2 Nginx Configuration Directives
        2.1 error_log
            2.1.1 Disabling error logging
        2.2 access_log
        2.3 proxy_pass
        2.4 root
        2.5 Location Block
            2.5.1 Case-Insensitive
            2.5.2 Case-Sensitive
            2.5.3 Match "/"
            2.5.4 Match everything
            2.5.5 Regex Matching
    3 VirtualHost Equivalents
    4 Main Configuration
        4.1 Log Format
        4.2 Timeouts
        4.3 Socket settings
        4.4 Character Encoding
        4.5 Security
        4.6 Performance
        4.7 GZIP Compression
        4.8 Output Buffering
        4.9 DirectoryIndex Equivalent
        4.10 Upstream Example
    5 NGINX & CloudFlare
        5.1 HttpRealIpModule
    6 Troubleshooting
        6.1 .xml ISE 500
        6.2 Status Page
            6.2.1 Status Page Details
            6.2.2 Status Stub Variables
    7 Reverse Proxy & Load Balancer
        7.1 Upstream (proxy/load_balancer)
        7.2 LimitZone (DoS Prevention)
        7.3 Apache Rewrites to NGINX Rewrites
            7.3.1 Examples
        7.4 SpawnFCGI Script
     1 Correct Usage
     1 Correct Usage
     2 Scan Types
     2 Scan Types
Line 596: Line 198:
     7 Conclusion
     7 Conclusion
    1 Basics
        1.1 Development Environment
            1.1.1 Linux & Unix
            1.1.2 Windows
            1.1.3 CPAN
        1.2 Your first program
            1.2.1 Code
            1.2.2 Analysis
        1.3 Variables & Data Types
            1.3.1 Scalars
            1.3.2 Arrays
       Helper Functions
            1.3.3 Hashes
       Helper Functions
            1.3.4 References
       Hash References
       Callback References
            1.3.5 Casting
        1.4 Boolean Logic
            1.4.1 Operators
       Regular Expression
            1.4.2 Statements
       AND an OR
            1.4.3 Helper Natives
            1.4.4 Bitwise Manipulations
       Bit Shifting
       Bit Rotation
        1.5 Loops
            1.5.1 While
            1.5.2 Until
            1.5.3 For
            1.5.4 Foreach
        1.6 User Input
            1.6.1 Command Line Arguments
            1.6.2 STDIN (Standard Input)
        1.7 User-Defined Functions
    2 Application configurations, logging, & Network Services
        2.1 Throughput
            2.1.1 Download
            2.1.2 Usage
Postfix Notation
    1 Lesson
    2 1.0 - Introduction
    3 2.0 - So WTF is a stack?
    4 2.1 - PostFix Expression
    5 2.2 - Example
    6 2.3 - Back to PostFix
    7 3.0 - Binary Trees
    8 3.1 - Example
    9 4.0 - Conclusion
    10 5.0 - Recommended Resource:
     1 Subnetting Schemes
     1 Subnetting Schemes
     2 Real World Examples
     2 Real World Examples
Line 686: Line 204:
     4 Extras
     4 Extras
    1 Overview
        1.1 What is SMTP
        1.2 Port Information
        1.3 Applications that use SMTP
SQL Backdoor
    1 Concept
        1.1 Subprocedures
        1.2 Event Procedures
    2 Implementation
        2.1 MySQL
            2.1.1 Syntax
            2.1.2 Example A: phpBB3 backdoor (UPDATE hook)
            2.1.3 Example B: Wordpress backdoor (INSERT hook)
        2.2 Backdoor Installation
            2.2.1 Access/Configuration Requirements
            2.2.2 Writing to file and using "source"
            2.2.3 Writing directly into the command line
    3 Mitigation
    4 Taking it further
     1 How It Works
     1 How It Works
     2 Common Pitfalls
     2 Common Pitfalls
Line 720: Line 212:
     5 External Links
     5 External Links
Unsafe String Replacement
==Unsafe String Replacement==
    1 Overview
* [[why string replacement can be unsafe]]
    2 Examples
* [[unsafe string replacement in php]]
        2.1 PHP
* [[unsafe string replacement using regular expressions]]
        2.2 PCRE
* [[unsafe string replacement example]]
* [[prevent unsafe string replacement]]
     3 Defense
     3 Defense
         3.1 PHP
         3.1 PHP
Line 730: Line 223:
         3.3 Whitelisting using PCRE
         3.3 Whitelisting using PCRE
== Zombies ==
    1 Description
        1.1 Features
        1.2 Limitations
        1.3 Usage
        1.4 Installation
            1.4.1 Application Dependencies
            1.4.2 Perl Dependencies
        1.5 Configuration
            1.5.1 Main Configuration
            1.5.2 WebCrawler
            1.5.3 Nmap Module
            1.5.4 Local File Inclusion
            1.5.5 LDAP
            1.5.6 Remote File Inclusion
            1.5.7 Command Injection
            1.5.8 SQL injection
    2 Download
    1 Lesson
        1.1 0.0 - Intro to Whois
        1.2 1.0 - Picking a Server
        1.3 2.0 - Getting the information that you want
        1.4 3.0 - Domain Whois Example
    1 Introduction
    2 Testing for XSS
    3 XSS Exploitation
    4 External links
     1 Definition
     1 Definition
     2 Exploitation
     2 Exploitation
Line 769: Line 230:
     5 Evolution
     5 Evolution
== BGP ==
     1 Lesson 1
     1 Lesson 1
         1.1 Network Discovery with BGP
         1.1 Network Discovery with BGP
Line 778: Line 239:
             2.1.3 3.0 - RIP
             2.1.3 3.0 - RIP
== Bcrypt ==
     1 Lesson
     1 Lesson
     2 1.0 - Introduction
     2 1.0 - Introduction
Line 785: Line 246:
     5 4.0 - Further Reading
     5 4.0 - Further Reading
==Forensic chain of custody==
    1 Syntax
        1.1 Includes
        1.2 Main function
        1.3 Variables and Data Types
        1.4 Operators
            1.4.1 Assignment
       Compound Assignment
            1.4.2 Arithmetic
            1.4.3 Relational
            1.4.4 Logical
            1.4.5 Increment/Decrement
        1.5 If & Else
        1.6 Functions
        1.7 Loop Functions
        1.8 Classes
    2 Your first program: Hello World
        2.1 The code
        2.2 Compiling the Hello World
    3 Example Program: Functions
        3.1 The code
        3.2 Compiling Example Program
    4 Example Program: Classes
        4.1 The code
        4.2 Output
    5 Integrated Development Environment
Command Injection
    1 Overview
        1.1 Testing for Injection
        1.2 Example vulnerability
        1.3 Exploitation
        1.4 UNIX
        1.5 Perl
    1 Getting Started
    2 Encryption Ciphers and Algorithms
        2.1 Hashing Algorithms
        2.2 Ciphers
    3 Setting Up a Block Device
        3.1 Creating a Partition
        3.2 Creating a Flat File
    4 LVM and the Device Mapper
        4.1 Obtaining Support
        4.2 Creating Encrypted LVM Partitions
    5 Encrypting the Flat File
    6 Starting and Stopping the Service
    7 External Links
Forensic chain of custody
     1 Forensic Chain of Custody
     1 Forensic Chain of Custody
         1.1 Acquisition
         1.1 Acquisition
Line 841: Line 252:
         1.3 Active Memory Snapshots
         1.3 Active Memory Snapshots
     1 Virtual Machine Setup
     1 Virtual Machine Setup
     2 Hard Drive Setup
     2 Hard Drive Setup
Line 865: Line 276:
     18 Troubleshooting
     18 Troubleshooting
Hacking index
==Irssi Tutorial==
    1 Introduction
        1.1 System administration
        1.2 Networking
    2 Exploitation
        2.1 Applications
        2.2 Web applications
    3 Maintaining access
    4 Countermeasures
Irssi Tutorial
     1 Getting Irssi
     1 Getting Irssi
         1.1 Debian/Ubuntu
         1.1 Debian/Ubuntu
Line 887: Line 288:
     4 References
     4 References
Jynx Rootkit/1.0
==Jynx Rootkit/1.0==
     1 Jynx
     1 Jynx
         1.1 Introduction
         1.1 Introduction
Line 894: Line 295:
         1.4 Usage
         1.4 Usage
Linux Assembly
==Linux Assembly==
{{info|<center>Wait until this page is completed before creating any indeces for it.</center>}}
     1 32 bit syscall table
     1 32 bit syscall table
         1.1 Introduction
         1.1 Introduction
Line 903: Line 305:
         2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
         2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);
MySQL Troubleshooting
==Physical Security==
    1 MySQL Troubleshooting
        1.1 InnoDB Disabled
        1.2 Locked Tables
        1.3 Post-Upgrade - MySQL does not start
        1.4 MySQL Top Resources Script
        1.5 MySQL Datadir Migration
            1.5.1 If /var is full
        1.6 Post-migration
        1.7 Database Repair
            1.7.1 Repair Corrupted Database (REPAIR)
            1.7.2 Repair Corrupted Database (With FRM)
            1.7.3 Repair ALL Databases and Reindex Tables
        1.8 InnoDB Thread Issues
        1.9 Slow Query Log
    2 Optimization Scripts
        2.1 MySQL Tuning Primer
        2.2 MySQL Tuner
    3 Downgrading
        3.1 Downgrading MySQL
    4 Upgrading MySQL
    5 Configuration File Formulas
        5.1 Calculating Minimum Memory Needed
        5.2 Configuration Variables
    6 Premade Configs
        6.1 VPS
        6.2 Server with 1G-2G RAM
        6.3 Server with 3G-8G RAM
        6.4 Server with 8G+ RAM
Physical Security
     1 Overview
     1 Overview
     2 Execution
     2 Execution
Line 939: Line 311:
         2.2 Attack Vectors
         2.2 Attack Vectors
==RoR Patching==
    1 Reasons to write polymorphic code
    2 Techniques of polymorphic code writing
    3 Example in ruby
        3.1 pv.rb (polymorphic virus)
        3.2 md.rb (utility functions)
    4 Example in python
    1 Strengths and Weaknesses of Python
    2 Installation
    3 Basic Application
        3.1 Python Operators
        3.2 Variable Definition
        3.3 Printing and Receiving Input
        3.4 Commenting
    4 Modules
        4.1 Third-Party and Custom Modules
        4.2 Calling on a function within a module
    5 Variable Operation
        5.1 List Operations
            5.1.1 Advanced List Operations
        5.2 String Operations
            5.2.1 strip()
            5.2.2 split()
            5.2.3 find()
        5.3 Typecasting
    6 Statements and Loops
        6.1 If Statement
            6.1.1 If
            6.1.2 If-Else
            6.1.3 If-Elif
        6.2 While Loop
        6.3 For Loop
    7 Functions
    8 Classes
    9 File Handling
        9.1 Opening and closing a file
        9.2 Reading from a file
            9.2.1 read()
            9.2.2 readline()
            9.2.3 readlines()
    10 Socket Programming
        10.1 Creating a Socket
        10.2 Connecting a Socket
        10.3 Binding and Accepting
            10.3.1 Binding
            10.3.2 Listening
            10.3.3 Accepting
        10.4 Sending and Receiving
            10.4.1 Encoding
            10.4.2 Sending and Receiving
        10.5 SSL
    11 Ctypes
        11.1 Loading a Shared Object
        11.2 Calling a function from a loaded Shared Object
            11.2.1 readlines()
RoR Patching
     1 RoR Patching
     1 RoR Patching
         1.1 Vulnerabilities
         1.1 Vulnerabilities
Line 1,007: Line 317:
         1.3 Params Injection & Mass Assignment Abuse
         1.3 Params Injection & Mass Assignment Abuse
     1 Basic Packet Sniffing Utilities
     1 Basic Packet Sniffing Utilities
     2 Rules
     2 Rules
Line 1,014: Line 324:
         2.3 Example Rule
         2.3 Example Rule
Static ARP Configuration
== traceroute ==
    1 Reading your ARP Tables
{{info|before this part is done, traceroute and tcp traceroute '''must be combined''', its the same thing with a different three letter acronym before it!}}
    2 Prevention
        2.1 ProxyARP
            2.1.1 Uses
            2.1.2 Advantages
            2.1.3 Disadvantages
            2.1.4 Further reading
        2.2 Bonding
TCP Traceroute
TCP Traceroute
     1 Overview
     1 Overview
Line 1,038: Line 340:
     5 Options for Traceroute
     5 Options for Traceroute
Wireless Security
== Wireless Security ==
{{info|This page needs to be completed and updated before it is seo'd.}}
     1 Basics
     1 Basics
     2 Wired Equivalent Privacy (WEP)
     2 Wired Equivalent Privacy (WEP)
Line 1,046: Line 349:
--[[User:Hatter|Hatter]] 03:23, 21 May 2012 (MSK)
--[[User:Hatter|Hatter]] 03:23, 21 May 2012 (MSK)
== bitwise math ==
*[[introduction to binary]]
*[[binary addition]]
*[[bitwise operators]]
*[[binary to hexadecimal]]
*[[and rules]]
*[[and properties]]
*[[and logic table]]
*[[bitwise and example]]
*[[xor logic table]]
*[[xor rules]]
*[[bitwise xor example]]
*[[xor properties]]
*[[or rules]]
*[[or properties]]
*[[or example]]
*[[or logic table]]
*[[bit shifts and bit rotations]]
*[[logical shift]]
*[[bitwise math exercises]]
*[[bit rotations]]
*[[circular shifts]]
*[[hexadecimal signed numbers]]
*[[integer overflows]]
*[[two's complement]]
*[[rotation with carry]]

Latest revision as of 06:42, 27 June 2012

intermediate shellcode stuff

most of this stuff goes to the Category:Indexing .

Computer Forensics

   1 Cybercrime
       1.1 Investigation
       1.2 Preserving the evidence
       1.3 Where to find evidence
           1.3.1 Hardwarewise
           1.3.2 Softwarewise
   2 Forensic Imaging
       2.1 HardDisk Imaging


   1 Australian Cyberlaw
       1.1 Acts Applying to Cybercrime in Australia
       1.2 Cybercrime Act 2001 Offences
       1.3 Case Study: First Cybercrime Conviction in Australia
   2 European Cyberlaw
       2.1 Definititons of Cybercrime as per the Budapest Convention

Network Recon

   1 IP Addressing
   2 Subnet Masks
   3 Ports
   4 Routing
   5 Theory
   6 Tools

Social Engineering

   1 Methods
       1.1 Email
       1.2 Telephone
       1.3 Examples
       1.4 Lesson 1
           1.4.1 - Preface by Wikipedia
           1.4.2 - Outline of Social Engineering
           1.4.3 - Analysing and Creating Milestones
           1.4.4 - Mantras for Social Engineering
           1.4.5 - Example
           1.4.6 - Other Uses
       1.5 Lesson 2 - Politeness
           1.5.1 - Introduction
           1.5.2 - Things To Keep in Mind
           1.5.3 - Putting Social Engineering to Work
           1.5.4 - Protecting Yourself From Social Engineering


   1 General Subnetting
   2 Real Life Example of Subnetting

Virtual machines

   1 Subsystems
       1.1 Hardware Virtualization
       1.2 Host Machine
       1.3 Guest Machine
   2 Virtualization Tools
   3 Creating Vulnerable VMs for Penetration Testing


   1 API technologies
       1.1 The Web
           1.1.1 Web services
           1.1.2 Remote Procedure Calls
       1.2 General software
           1.2.1 Software Libraries
           1.2.2 COM objects (Windows)


   1 General Services
       1.1 Virtual Private Servers
       1.2 Virtual Private Networks
       1.3 SSH Tunneling
           1.3.1 Basic Example of SSH Tunneling
       1.4 Shell Accounts
       1.5 FTP / Telnet
   2 Web-Browsing
       2.1 General
           2.1.1 Best Practices
       2.2 Firefox
           2.2.1 Recommended Extensions
       2.3 TODO
   3 Email Privacy
       3.1 PGP / GNUPG Encryption
       3.2 Anonymous Remailers
       3.3 Throw-away Accounts
   4 IM & Chat
       4.1 Instant Messaging
           4.1.1 Pidgin
      Using OTR
           4.1.2 TorChat
           4.1.3 TorPM
           4.1.4 ICQ
       4.2 Chat
           4.2.1 IRC
      Using OTR
           4.2.2 SILC
      Key based authentication
           4.2.3 Utilising IRC Bouncers
   5 Files & Hard-Disk Encryption
   6 Possible Downfalls
       6.1 Network Performance
       6.2 Personal Information
       6.3 IP Leaks
       6.4 DNS Leaks


Wait for this page to be completed before adding indeces.
   1 Introduction
   2 Binary
   3 Number handling
   4 Data storage
   5 Memory Addressing
   6 Instructions
       6.1 Syntaxes
       6.2 Data manipulation basic primitives
       6.3 Basic arithmetic
       6.4 Bitwise mathematics operators
       6.5 Shifts and rotations
       6.6 Control flow operators
       6.7 Taking it further

Buffer Overflows


Wait for this page to be completed before adding any indeces for it.
   1 Overview
       1.1 Basic Formatting
           1.1.1 Includes
           1.1.2 The main() Function
       1.2 Variables
       1.3 Loops
       1.4 If/Else
       1.5 Compilation
       1.6 Example Program

DDoS Attack

c3el4.png The three way hand shake information should be placed into the TCP/IP page, which should merely be linked from the ddos attack page.
   1 Three way handshake and Connect State
   2 TCP Attacks
       2.1 Synflood
           2.1.1 Spoofed Synflood
           2.1.2 Dealing with Synfloods
       2.2 Advanced Attacks
           2.2.1 Optimistic ACK Floods
           2.2.2 Duplicate ACK Spoofing
   3 UDP Attacks
       3.1 Dealing with UDP floods
   4 ICMP Attacks
       4.1 ICMP Smurf
       4.2 ICMP Redirect


   2 Variables
  • variable types in lua
       2.1 Global Variables vs Local Variables
   3 Functions
  • list of functions used by lua
  4 Tables
  • using tables in lua
       4.1 Declaring an empty Table
       4.2 Declaring, and populating a Table
       4.3 Indexing Tables


   1 Correct Usage
   2 Scan Types
   3 Options
   4 Evasion Techniques
   5 Target Specification
   6 Script Scanning
   7 Conclusion


   1 Subnetting Schemes
   2 Real World Examples
   3 Back to Subnetting
   4 Extras


   1 How It Works
   2 Common Pitfalls
   3 Getting Tor and Extra Uses
       3.1 Proxychains and Tor-Resolve
   4 Hidden services
   5 External Links

Unsafe String Replacement

   3 Defense
       3.1 PHP
       3.2 PCRE
       3.3 Whitelisting using PCRE


   1 Definition
   2 Exploitation
   3 Types of Attacks
   4 Staying Safe
   5 Evolution


   1 Lesson 1
       1.1 Network Discovery with BGP
   2 Lesson 2
       2.1 ASN/BGP/RIP
           2.1.1 1.0 - Introduction
           2.1.2 2.0 - Example
           2.1.3 3.0 - RIP


   1 Lesson
   2 1.0 - Introduction
   3 2.0 - Running bcrypt
   4 3.0 - General Talk
   5 4.0 - Further Reading

Forensic chain of custody

   1 Forensic Chain of Custody
       1.1 Acquisition
       1.2 Witnesses and Documentation
       1.3 Active Memory Snapshots


   1 Virtual Machine Setup
   2 Hard Drive Setup
   3 Base installation and Configuration
   5 Installing Software
   6 Encrypted Home Dir
   7 Kernel
   8 Final Configurations
   9 Bootloader
   10 X Server
   11 BASH
       11.1 Part 1: Reading files
       11.2 Part 2: Navigation
       11.3 Other useful commands
       11.4 Directing output
   12 Screen
   13 Services
   14 Network Services
   15 Debugging Services
   16 Permissions and Security Basics
   17 Getting Help
   18 Troubleshooting

Irssi Tutorial

   1 Getting Irssi
       1.1 Debian/Ubuntu
       1.2 Gentoo
       1.3 Slackware
       1.4 Frugalware
       1.5 Solaris
       1.6 Arch Linux
   2 Connecting to the IRC
   3 Sample config file
   4 References

Jynx Rootkit/1.0

   1 Jynx
       1.1 Introduction
       1.2 Configuration & Features
       1.3 Exercise & Installation
       1.4 Usage

Linux Assembly

Wait until this page is completed before creating any indeces for it.
   1 32 bit syscall table
       1.1 Introduction
       1.2 Unlinked System Calls for 32bit systems
       1.3 Linked System Calls for 32bit systems
       1.4 Other Code Comparisons
   2 64 bit syscall table
       2.1 Example: Assembly for setuid(0); execve('/bin/sh',0,0); exit(0);

Physical Security

   1 Overview
   2 Execution
       2.1 Prevention
       2.2 Attack Vectors

RoR Patching

   1 RoR Patching
       1.1 Vulnerabilities
       1.2 XSS
       1.3 Params Injection & Mass Assignment Abuse


   1 Basic Packet Sniffing Utilities
   2 Rules
       2.1 Rule Headers
       2.2 Rule Option Section
       2.3 Example Rule


c3el4.png before this part is done, traceroute and tcp traceroute must be combined, its the same thing with a different three letter acronym before it!

TCP Traceroute

   1 Overview
       1.1 vs. UDP/ICMP
       1.2 What you can do
           1.2.1 Windows
           1.2.2 Linux


   1 Performing a Traceroute
   2 Example of Tracert
   3 Options for Tracert
   4 Example of Traceroute
   5 Options for Traceroute

Wireless Security

c3el4.png This page needs to be completed and updated before it is seo'd.
   1 Basics
   2 Wired Equivalent Privacy (WEP)
   3 Wi-Fi Protected Access (WPA / WPA2-PSK)
   4 Tools
   5 Reaver

--Hatter 03:23, 21 May 2012 (MSK)

bitwise math