What is Session Hijacking? A session is the period of time when you as a user are actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, for example, amzon.com, their server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server by Amazon. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Let us take the example of Facebook. For example, when you log into Facebook, a session begins. This allows you to keep using Facebook (even if you close and reopen the web browser) until you click on ‘log out’...
Posts
TryHackMe : RootMe CTF Writeup (Detailed) Let’s dive in!! Task 1- Deploy the machine Create a directory for your ctf machine on Desktop and a directory for nmap Task 2- Reconnaissance Nmap Scan : nmap -sC -sV -oN nmap/rootme <MACHINE_IP> -sC : Default scripts -sV : Version detection -oN : Output to be stored in the directory ‘nmap’ you created earlier Nmap Scan Output There are 2 ports open : 22/ssh — OpenSSH 7.6p1 80/http — Apache httpd 2.4.29 OS detected — Linux #1.1. Scan the machine, how many ports are open? Ans: 2 #1.2. What version of Apache are running? Ans: 2.4.29 #1.3. What service is running on port 22? Ans: ssh Gobuster : Gobuster standard output gobuster dir -u http://<MACHINE_IP> -w <PATH_TO_WORDLIST> -u : URL -w : Wordlist Gobuster output using below flags Additionally you can use more flags in gobuster : -q : quiet , silent scan . Will hide banner . -o : Output to be stored in the directory -x : Search for extensions e.g...
What is GITHUB REPO? GitHub is a Git repository hosting service, but it adds many of its own features. While Git is a command line tool, GitHub provides a Web-based graphical interface. It also provides access control and several collaboration features, such as a wikis and basic task management tools for every project Github repos to follow 1. Awsome Hacking – A collection of awesome penetration testing and offensive cyber security resources. 2. Awesome-Pentest – A collection of awesome penetration testing and offensive cyber security resources. 3. Android Reports & Resource – It has a list of different android bugs and links to hacker1 report for all of those bugs. 4. h4cker – This repository include =6,000 refere nces, scripts, tools, code, and other resources that help offensive and de fensive security professionals to learn and develop new skills. This GitHub repository provides guidance on how build your own ...