GitBook: [master] 2 pages modified
This commit is contained in:
CPol
gitbook-bot
parent
ddf8df4cda
commit
dfc76ba216
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
## Online Hashes DBs
|
||||
|
||||
* ***Google it***
|
||||
* _**Google it**_
|
||||
* [http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240](http://hashtoolkit.com/reverse-hash?hash=4d186321c1a7f0f354b297e8914ab240)
|
||||
* [https://www.onlinehashcrack.com/](https://www.onlinehashcrack.com/)
|
||||
* [https://crackstation.net/](https://crackstation.net/)
|
||||
|
|
@ -17,8 +17,9 @@
|
|||
## Encoders
|
||||
|
||||
Most of encoded data can be decoded with these 2 ressources:
|
||||
- https://www.dcode.fr/tools-list
|
||||
- https://gchq.github.io/CyberChef/
|
||||
|
||||
* [https://www.dcode.fr/tools-list](https://www.dcode.fr/tools-list)
|
||||
* [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
|
||||
|
||||
### Substitution Autosolvers
|
||||
|
||||
|
|
@ -69,7 +70,7 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
|
|||
* **Citrix CTX1** \[\]
|
||||
* `MNGIKCAHMOGLKPAKMMGJKNAINPHKLOBLNNHILCBHNOHLLPBK`
|
||||
|
||||
[http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
|
||||
[http://k4.cba.pl/dw/crypo/tools/eng\_atom128c.html](http://k4.cba.pl/dw/crypo/tools/eng_atom128c.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
|
||||
|
||||
### HackerizeXS \[_╫Λ↻├☰┏_\]
|
||||
|
||||
|
|
@ -77,15 +78,15 @@ Check all bases with: [https://github.com/mufeedvh/basecrack](https://github.com
|
|||
╫☐↑Λ↻Λ┏Λ↻☐↑Λ
|
||||
```
|
||||
|
||||
* [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html
|
||||
* [http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html) - 404 Dead: [https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng\_hackerize.html](https://web.archive.org/web/20190228181208/http://k4.cba.pl/dw/crypo/tools/eng_hackerize.html)
|
||||
|
||||
### Morse
|
||||
|
||||
```text
|
||||
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
|
||||
.... --- .-.. -.-. .- .-. .- -.-. --- .-.. .-
|
||||
```
|
||||
|
||||
* [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: https://gchq.github.io/CyberChef/
|
||||
* [http://k4.cba.pl/dw/crypo/tools/eng\_morse-encode.html](http://k4.cba.pl/dw/crypo/tools/eng_morse-encode.html) - 404 Dead: [https://gchq.github.io/CyberChef/](https://gchq.github.io/CyberChef/)
|
||||
|
||||
### UUencoder
|
||||
|
||||
|
|
@ -109,7 +110,7 @@ hG2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236Hol-G2xAEIVDH236
|
|||
end
|
||||
```
|
||||
|
||||
* [www.webutils.pl/index.php?idx=xx](www.webutils.pl/index.php?idx=xx)
|
||||
* [www.webutils.pl/index.php?idx=xx](https://github.com/carlospolop/hacktricks/tree/bf578e4c5a955b4f6cdbe67eb4a543e16a3f848d/crypto/www.webutils.pl/index.php?idx=xx)
|
||||
|
||||
### YEncoder
|
||||
|
||||
|
|
@ -232,8 +233,7 @@ A secret is splitted in X parts and to recover it you need Y parts \(_Y <=X_\
|
|||
803bc8cf294b3f83d88e86d9818792e80cd
|
||||
```
|
||||
|
||||
http://christian.gen.co/secrets/
|
||||
|
||||
[http://christian.gen.co/secrets/](http://christian.gen.co/secrets/)
|
||||
|
||||
### OpenSSL brute-force
|
||||
|
||||
|
|
|
|||
|
|
@ -22,22 +22,21 @@ nc -vn <IP> 22
|
|||
|
||||
ssh-audit is a tool for ssh server & client configuration auditing.
|
||||
|
||||
https://github.com/jtesta/ssh-audit is an updated fork from https://github.com/arthepsy/ssh-audit/
|
||||
[https://github.com/jtesta/ssh-audit](https://github.com/jtesta/ssh-audit) is an updated fork from [https://github.com/arthepsy/ssh-audit/](https://github.com/arthepsy/ssh-audit/)
|
||||
|
||||
**Features:**
|
||||
|
||||
##### Features:
|
||||
|
||||
- SSH1 and SSH2 protocol server support;
|
||||
- analyze SSH client configuration;
|
||||
- grab banner, recognize device or software and operating system, detect compression;
|
||||
- gather key-exchange, host-key, encryption and message authentication code algorithms;
|
||||
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
|
||||
- output algorithm recommendations (append or remove based on recognized software version);
|
||||
- output security information (related issues, assigned CVE list, etc);
|
||||
- analyze SSH version compatibility based on algorithm information;
|
||||
- historical information from OpenSSH, Dropbear SSH and libssh;
|
||||
- runs on Linux and Windows;
|
||||
- no dependencies
|
||||
* SSH1 and SSH2 protocol server support;
|
||||
* analyze SSH client configuration;
|
||||
* grab banner, recognize device or software and operating system, detect compression;
|
||||
* gather key-exchange, host-key, encryption and message authentication code algorithms;
|
||||
* output algorithm information \(available since, removed/disabled, unsafe/weak/legacy, etc\);
|
||||
* output algorithm recommendations \(append or remove based on recognized software version\);
|
||||
* output security information \(related issues, assigned CVE list, etc\);
|
||||
* analyze SSH version compatibility based on algorithm information;
|
||||
* historical information from OpenSSH, Dropbear SSH and libssh;
|
||||
* runs on Linux and Windows;
|
||||
* no dependencies
|
||||
|
||||
```bash
|
||||
usage: ssh-audit.py [-1246pbcnjvlt] <host>
|
||||
|
|
@ -60,7 +59,7 @@ usage: ssh-audit.py [-1246pbcnjvlt] <host>
|
|||
$ python3 ssh-audit <IP>
|
||||
```
|
||||
|
||||
[See it in action (Asciinema)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp)
|
||||
[See it in action \(Asciinema\)](https://asciinema.org/a/96ejZKxpbuupTK9j7h8BdClzp)
|
||||
|
||||
### Public SSH key of server
|
||||
|
||||
|
|
@ -106,7 +105,7 @@ msf> use scanner/ssh/ssh_identify_pubkeys
|
|||
|
||||
#### Known badkeys can be found here:
|
||||
|
||||
{% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" %}
|
||||
{% embed url="https://github.com/rapid7/ssh-badkeys/tree/master/authorized" caption="" %}
|
||||
|
||||
You should look here in order to search for valid keys for the victim machine.
|
||||
|
||||
|
|
@ -145,6 +144,10 @@ known_hosts
|
|||
id_rsa
|
||||
```
|
||||
|
||||
## Hardening SSH
|
||||
|
||||
You can find interesting guides on how to harden SSH in [https://www.ssh-audit.com/hardening\_guides.html](https://www.ssh-audit.com/hardening_guides.html)
|
||||
|
||||
## SFTP
|
||||
|
||||
You can configure **SSH to behave as a SFTP** server. So, some users will connect to SFTP service \(in port 22\) instead of to the SSH service.
|
||||
|
|
@ -162,7 +165,7 @@ All the **ots-\*** users will be jailed inside a **chroot**.
|
|||
If you have access to a SFTP server you can also tunnel your traffic through this for example using the common port forwarding:
|
||||
|
||||
```text
|
||||
sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised>
|
||||
sudo ssh -L <local_port>:<remote_host>:<remote_port> -N -f <username>@<ip_compromised>
|
||||
```
|
||||
|
||||
### Symlink
|
||||
|
|
|
|||
Loading…
Reference in New Issue