100 Days of Hacking — DAY 4
Objectives of day 4 :
- Learning bind shells and reverse shells with Netcat
- Learning about Socat
- Learning about Powershell
- Completing a tryhackme room
- Complete any other CTF web challenge
Reports of day 4 :
It’s morning and I’ve grasped the difference between reverse and bind it was a bit confusing but I saw this video and boom it became clear. Theories with socat were easy which is similar to NC but yeah with some additional features.
I tried the catpictures room in tryhackme demn it was tough, not easy at all. Guess I have to learn more about pwning before i attempt these and that’s why I’ve decided to also read CTF writeups and binge-watch CTF pwnings of John Hammond
I completed a basic theory room in tryhackme regarding nmap enumeration. I tried using it on a live target but it came as filtered ports so i decided to look for the cause. It’s due to the firewall that’s blocking our probes so we can make use of the stealth scan using -sS flag and we can moderate -T for timing our attacks.
nmap -vv -sU -sT -p T:1-65535,U:1-65535 -n -r -T4 -oNmapIPCopInternalAllPorts.txt 192.168.1.1
This single command scans all TCP and UDP ports in one go. The results are the same as for the earlier scan — only two open ports. The UDP scan requires more than three minutes, while the TCP scan requires about 100 seconds.
Bug bounty failures :
So I spent my time finding bugs on this target.com but I couldn’t find any my methodology is just a typical script kiddie’s I performed reconnaissance using reconftw then just tested for standard XSS bugs and Open redirect URI parameters. Well, it’s a slow process of development I see.
CTF challenge :
I played around websec.fr and ended up completing a challenge that is made by my friend which used the extract($_GET) function which can be exploited by passing array in getting parameters also he made me learn sha1 hash collision (spoiler alert: he’s a genius).
Do try it out if you wish http://cookie-and-milk.rf.gd/
And that’s it for Day 4 which is published on Day 5 :”) forgive my lazy ass.
sbin/shutdown(day4)