Lazy Hacker

Salting is the concept of adding random data in the plaintext data ( Example: Password ) and then creating the hash of that combination this is called salting. By doing this, even if you are using the same plain text, it is possible to get different hashes.  Why do we need salting when saving passwords in the database? Hash is not unique to themselves due to the nature of the hash function, when given the same input in the hash function, the same output is always produced. We need salting because the same hash function produces the same output for the same input.  Let's take an example: An attacker is able to exploit the SQL injection vulnerability in a website and dump all the credentials from the database. The usernames are mostly unique if the application is using a username and password for authentication, but it's possible that the password is the same for many users. This means that the hash stored in the database is also the same for the same password if they are not usi

This tool can be used in Red Team Assessment to gather the IP address details in bulk. This tool is used to find the organization's IP address belongs to which services like a cloud (AWS), service provider (Airtel), and self-server. Download:   https://github.com/crazywifi/ipdetails

Download:   https://github.com/crazywifi/Extract_IP_PORT_From_Nessus_Output

Privilege Escalation Linux Privilege Escalation · OSCP - Useful Resources Privilege Escalation - Windows · Total OSCP Guide Linux Privilege Escalation using Sudo Rights Abusing SUDO (Linux Privilege Escalation) - Touhid M.Shaikh Basic Linux Privilege Escalation rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks Windows Privilege Escalation · OSCP - Useful Resources Spawning a TTY Shell Linux Privilege Escalation Using PATH Variable Windows Weak Service Permissions | Penetration Testing Lab Windows elevation of privileges Windows Privilege Escalation - AwanSec OSCP Notes – Privilege Escalation (Windows) – Securism FuzzySecurity | Windows Privilege Escalation Fundamentals Start or stop Windows service from command line (CMD) Reverse Shell php-reverse-shell | pentestmonkey Reverse Shell Cheat Sheet | pentestmonkey jondonas/linux-exploit-suggester-2: Next-Generation Linux Kernel Exploit Suggester OSCP-PwK/check-exploits.py at master · so87/OSCP-PwK OSCP-

Change the Service name and add cookies to the script. Download:   https://github.com/crazywifi/Shodan_IPAddress_Scraping

Encoding: Encoding is used to transform data into another format so that it can be consumed by a different type of system or application. The encoding uses the algorithm for the encoding and decoding, it doesn't require a key and the encoding algorithm is publicly available. We convert the data into binary so that, it can be consumed by a different system. Example: ASCII, Unicode, URL encoding, Base64, etc. Encryption: Encryption is used to transform data to keep it secret. Encryption is used for confidentiality . In encryption, we use the private or public key depending on the encryption type (Symmetric Encryption or Asymmetric Encryption). So the goal of encryption is to ensure that the data can not be consumed by anyone other than the intended recipients. Examples: aes, blowfish, rsa Hashing: Hashing is used for ensuring the integrity of data. Hashing takes an arbitrary input and produces a fixed length output. Hashing is an irreversible process, you can't directly decryp

Analysis: During the analysis, it was observed that the application was generating an inadequate cookie path attribute for the authentication cookie which was used for maintaining the user's session. Please refer to the below-provided evidence and proof of concept. Impact: Cookie Path attributes specify the validity of the cookie to a specific URL. The cookies can be easily stolen from the insecure/incorrect URL path if the path attribute is not set properly. The path attribute is used with the domain attribute to provide more security. If the path attribute is set to "/myapp", the cookie will only be sent to the specified domain on the web server. An attacker may steal the cookies from a malicious URL if the cookie path is insecurely/inadequately specified. This may lead to various attacks such as session hijacking, session replay, etc. Recommendation: ·  Set the cookie path attribute specific to “/myapp/”. ·  Apply proper validation to the cookie path attribute.

Analysis: During the analysis, it was observed that the application was vulnerable to Host Header Injection as when the host header was changed to something outside the target domain (ie. Demo.testfire.net), it was accepted and was  used to generate links, import scripts, etc. Impact: Attack vectors are somewhat limited, but depend on how the host header is used by the back-end application code. If code references the hostname used in the URL such as password reset pages, an attacker could spoof the host header of the request in order to trick the application to forwarding the password reset email to the attacker’s domain instead, etc. Other attack vectors may also be possible through manipulation of hyperlinks or other misc. code that relies on the host/domain of the request. Recommendation: To fix this, the application should reject anything that doesn't match the target domain. Then Request.ServerVariables("Server_Name") should only ever contain valid values As an addi

Analysis: During the analysis, it was observed that the application allowed users to upload malicious files to the server. Please refer to the below-provided evidence and proof of concept. Impact: An attacker can upload a malicious file that can lead to Remote Code Execution and thereby can take over the entire web application. The consequences of unrestricted file upload can vary, including complete system takeover, an overloaded file system or database, forwarding attacks to back-end systems, client-side attacks, or simple defacement.   Recommendation: ·  It is recommended to restrict file types accepted for upload. ·  Validate the file extension and Content-Type of the file on the server side. ·  Only allow certain files to be uploaded. ·  Use a whitelist approach instead of a blacklist. ·  Change the permissions on the upload folder so the files within it are not executable. If possible, rename the files that are uploaded.

Analysis: During the analysis, it was observed that there was functionality to export the data in a CSV file and this functionality was affected by the CSV injection vulnerability, also known as Formulae Injection. We could execute a malicious command. Impact: Successful exploitation will allow an attacker to execute arbitrary code with the privilege of a currently logged-in user of the system, causing serious damage to the victim’s system like an entire partition can be wiped out or create backdoors as well for later access. Also, an attacker can steal sensitive information from CSV files. Recommendation: We recommend that it is always a good practice not to trust user inputs. Also, for the successful execution of the formula, the attacker will have to use the ‘-‘ , ‘=’ , '@', and the pipe (|) is used to execute the binary in the excel software. Hence, it is strongly recommended to whitelist the input and not allow ‘- ‘, ‘|’ , ‘+’, '@', and  ‘=’  to mitigate this vulne