What is Session Hijacking? A session is the period of time when you as a user are actively accessing an application, website, or other online service. Each user session begins when you log into a website or app and ends when you log out of it. For example, when you type your username and password into a banking application, that begins your session on that online application. When you log into an online application, for example, amzon.com, their server typically generates a temporary session cookie in your browser. This cookie tells your browser that you are logged in and have been authenticated on the server by Amazon. Each temporary session cookie is marked by a unique session ID, or key. If a hacker is able to access your unique session ID, they can access your session. Let us take the example of Facebook. For example, when you log into Facebook, a session begins. This allows you to keep using Facebook (even if you close and reopen the web browser) until you click on ‘log out’...
Posts
TryHackMe : RootMe CTF Writeup (Detailed) Let’s dive in!! Task 1- Deploy the machine Create a directory for your ctf machine on Desktop and a directory for nmap Task 2- Reconnaissance Nmap Scan : nmap -sC -sV -oN nmap/rootme <MACHINE_IP> -sC : Default scripts -sV : Version detection -oN : Output to be stored in the directory ‘nmap’ you created earlier Nmap Scan Output There are 2 ports open : 22/ssh — OpenSSH 7.6p1 80/http — Apache httpd 2.4.29 OS detected — Linux #1.1. Scan the machine, how many ports are open? Ans: 2 #1.2. What version of Apache are running? Ans: 2.4.29 #1.3. What service is running on port 22? Ans: ssh Gobuster : Gobuster standard output gobuster dir -u http://<MACHINE_IP> -w <PATH_TO_WORDLIST> -u : URL -w : Wordlist Gobuster output using below flags Additionally you can use more flags in gobuster : -q : quiet , silent scan . Will hide banner . -o : Output to be stored in the directory -x : Search for extensions e.g...
What is GITHUB REPO? GitHub is a Git repository hosting service, but it adds many of its own features. While Git is a command line tool, GitHub provides a Web-based graphical interface. It also provides access control and several collaboration features, such as a wikis and basic task management tools for every project Github repos to follow 1. Awsome Hacking – A collection of awesome penetration testing and offensive cyber security resources. 2. Awesome-Pentest – A collection of awesome penetration testing and offensive cyber security resources. 3. Android Reports & Resource – It has a list of different android bugs and links to hacker1 report for all of those bugs. 4. h4cker – This repository include =6,000 refere nces, scripts, tools, code, and other resources that help offensive and de fensive security professionals to learn and develop new skills. This GitHub repository provides guidance on how build your own ...
Difference between Ubuntu and Kali Linux S.No. Ubuntu Kali Linux 1. Developed by canonical. Developed by Offensive Security. 2. Ubuntu was initially released on 20 October 2004. Kali was initially released on 13 March 2013. 3. Ubuntu is used for daily use or on server. Kali is used by security researchers or ethical hackers for security purposes 4. Latest version(2020.04) of ubuntu uses Gnome-terminal by default. Latest version(2020.2) of kali uses qterminal by default. 5. Latest Ubuntu consists of the Gnome environment by default, though it allows you to change the same. Latest Kali consists of the xfce environment by default, though it allows you to change the same. 6. Ubuntu doesn’t comes packed with hacking and penetration testing tools. Kali comes packed with hacking and penetration testing tools. 7. Comes with a user friendly Interface Comes with a less user friendly Interface as compared to ubuntu. 8. Ubuntu is a good option for beginners to Linux. Kali Linux is a good opt...
In today’s era, the use of smartphones is constantly increasing, WhatsApp is the most special app on smartphones and it has become a special part of people’s lives as well. It is being used for personal and office work. Constantly new updates have been coming on WhatsApp, but in this report, we have been giving you some special tips with the help of which you can make a personal diary or notes on WhatsApp. Let’s know. We do most of our work from our smartphone only. In such a situation, when we have to note some important things or make a list, we share it on phone notes or WhatsApp. Many times, from office to personal work, we also share on WhatsApp. We write our important thing or any message and send it to any of our family members or friends on WhatsApp. Doing this can sometimes result in frontal confusion, so today we are telling you the trick of such a big work of WhatsApp which you can use to save your important work or any document. You can also use your WhatsApp like a p...
[Task 1] Intro [Task 2] Methodology [Task 3] [Section 1: SSH] — Intro [Task 4] [Section 1: SSH] — Putty and ssh Download Putty here: https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Or using linux apt install putty 2. Login using Putty username: shiba1 Enter username, ip and click Open Click Accept Enter password “shiba1” 3. Login using command line in linux or windows ssh <username>@<ip> [Task 5] [Section 2: Running Commands] — Basic Command Execution echo hello [Task 6] [Section 2: Running Commands] — Manual Pages and Flags How would you output hello without a newline man echo echo -n hello [Task 7] [Section 3: Basic File Operations] — ls What flag outputs all entries ls -a 2. What flag outputs things in a “long list” format ls -l [Task 8] [Section 3: Basic File Operations] — cat What flag numbers all output lines? cat --help [T a sk 9] [Section 3: Basic File Operations] — touch touch b.txt ls [Task 10] [Section 3: Basic File Operations] — Running A Binary ...